openwrt/staging/blogic.git
7 years agoperf config: Check error cases of {show_spec, set}_config()
Taeung Song [Sat, 17 Jun 2017 03:46:37 +0000 (12:46 +0900)]
perf config: Check error cases of {show_spec, set}_config()

show_spec_config() and set_config() can be called multiple times
in the loop in cmd_config().

However, The error cases of them wasn't checked, so fix it.

Reported-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Taeung Song <treeze.taeung@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: http://lkml.kernel.org/r/1497671197-20450-1-git-send-email-treeze.taeung@gmail.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf ftrace: Add -D option for depth filter
Namhyung Kim [Sun, 18 Jun 2017 14:23:02 +0000 (23:23 +0900)]
perf ftrace: Add -D option for depth filter

The -D/--graph-depth option is to set max graph depth.  The following
example traces max 2-depth of page fault handler.

  $ sudo perf ftrace -G __do_page_fault -D 2 -- hello
   ...
   0)               |  __do_page_fault() {
   0)   0.063 us    |    down_read_trylock();
   0)   0.251 us    |    find_vma();
   0)   5.374 us    |    handle_mm_fault();
   0)   0.054 us    |    up_read();
   0)   7.463 us    |  }
   ...

Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: kernel-team@lge.com
Link: http://lkml.kernel.org/r/20170618142302.25390-4-namhyung@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf ftrace: Add option for function filtering
Namhyung Kim [Sun, 18 Jun 2017 14:23:01 +0000 (23:23 +0900)]
perf ftrace: Add option for function filtering

The -T/--trace-funcs and -N/--notrace-funcs options are to specify
functions to enable/disable tracing dynamically.

The -G/--graph-funcs and -g/--nograph-funcs options are to set filters
for function graph tracer.

For example, to trace fault handling functions only:

  $ sudo perf ftrace -T *fault hello
   0)               |  __do_page_fault() {
   0)               |    handle_mm_fault() {
   0)   2.117 us    |      __handle_mm_fault();
   0)   3.627 us    |    }
   0)   7.811 us    |  }
   0)               |  __do_page_fault() {
   0)               |    handle_mm_fault() {
   0)   2.014 us    |      __handle_mm_fault();
   0)   2.424 us    |    }
   0)   2.951 us    |  }
   ...

To trace all functions executed in __do_page_fault:

  $ sudo perf ftrace -G __do_page_fault hello
   2)               |  __do_page_fault() {
   3)   0.060 us    |    down_read_trylock();
   3)               |    find_vma() {
   3)   0.075 us    |      vmacache_find();
   3)   0.053 us    |      vmacache_update();
   3)   1.246 us    |    }
   3)               |    handle_mm_fault() {
   3)   0.063 us    |      __rcu_read_lock();
   3)   0.056 us    |      mem_cgroup_from_task();
   3)   0.057 us    |      __rcu_read_unlock();
   3)               |      __handle_mm_fault() {
   3)               |        filemap_map_pages() {
   3)   0.058 us    |          __rcu_read_lock();
   3)               |          alloc_set_pte() {
   ...

But don't want to show details in handle_mm_fault:

  $ sudo perf ftrace -G __do_page_fault -g handle_mm_fault hello
   3)               |  __do_page_fault() {
   3)   0.049 us    |    down_read_trylock();
   3)               |    find_vma() {
   3)   0.048 us    |      vmacache_find();
   3)   0.041 us    |      vmacache_update();
   3)   0.680 us    |    }
   3)   0.036 us    |    up_read();
   3)   4.547 us    |  } /* __do_page_fault */
   ...

Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: kernel-team@lge.com
Link: http://lkml.kernel.org/r/20170618142302.25390-3-namhyung@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf ftrace: Move setup_pager before opening trace_pipe
Namhyung Kim [Sun, 18 Jun 2017 14:23:00 +0000 (23:23 +0900)]
perf ftrace: Move setup_pager before opening trace_pipe

The 'perf ftrace' command fails to reset tracer after finishing
recording like below:

  $ sudo perf ftrace -v hello
  write 'nop' to tracing/current_tracer failed: Device or resource busy
  ...

This is because the trace_pipe file is open in pager process.  Move the
pager setup to before opening the file.

Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: kernel-team@lge.com
Fixes: 583359646fde ("perf ftrace: Use pager for displaying result")
Link: http://lkml.kernel.org/r/20170618142302.25390-2-namhyung@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf ftrace: Show error message when fails to set ftrace files
Namhyung Kim [Sun, 18 Jun 2017 14:22:59 +0000 (23:22 +0900)]
perf ftrace: Show error message when fails to set ftrace files

It'd be better for debugging to show an error message when it fails to
setup ftrace for some reason.

Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: kernel-team@lge.com
Link: http://lkml.kernel.org/r/20170618142302.25390-1-namhyung@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf script: Support -F brstackoff,dso
Mark Santaniello [Mon, 19 Jun 2017 16:38:25 +0000 (09:38 -0700)]
perf script: Support -F brstackoff,dso

The idea here is to make AutoFDO easier in cloud environment with ASLR.
It's easiest to show how this is useful by example. I built a small test
akin to "while(1) { do_nothing(); }" where the do_nothing function is
loaded from a dso:

  $ cat burncpu.cpp
  #include <dlfcn.h>

  int main() {
    void* handle = dlopen("./dso.so", RTLD_LAZY);
    if (!handle) return -1;

    typedef void (*fp)();
    fp do_nothing = (fp) dlsym(handle, "do_nothing");

    while(1) {
      do_nothing();
    }
  }

  $ cat dso.cpp
  extern "C" void do_nothing() {}

  $ cat build.sh
  #!/bin/bash
  g++ -shared dso.cpp -o dso.so
  g++ burncpu.cpp -o burncpu -ldl

I sampled the execution of this program with perf record -b.

Using the existing "brstack,dso", we get absolute addresses that are
affected by ASLR, and could be different on different hosts. The address
does not uniquely identify a branch/target in the binary:

  $ perf script -F brstack,dso | sed 's/\/0 /\/0\n/g' | grep burncpu | grep dso.so | head -n 1
  0x7f967139b6aa(/tmp/burncpu/dso.so)/0x4006b1(/tmp/burncpu/exe)/P/-/-/0

Using the existing "brstacksym,dso" is a little better, because the
symbol plus offset and dso name *does* uniquely identify a branch/target
in the binary.  Ultimately, however, AutoFDO wants a simple offset into
the binary, so we'd have to undo all the work perf did to symbolize in
the first place:

  $ perf script -F brstacksym,dso | sed 's/\/0 /\/0\n/g' | grep burncpu | grep dso.so | head -n 1
  do_nothing+0x5(/tmp/burncpu/dso.so)/main+0x44(/tmp/burncpu/exe)/P/-/-/0

With the new "brstackoff,dso" we get what we need: a simple offset into a
specific dso/binary that uniquely identifies a branch/target:
  $ perf script -F brstackoff,dso | sed 's/\/0 /\/0\n/g' | grep burncpu | grep dso.so | head -n 1
  0x6aa(/tmp/burncpu/dso.so)/0x4006b1(/tmp/burncpu/exe)/P/-/-/0

Signed-off-by: Mark Santaniello <marksan@fb.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20170619163825.2012979-2-marksan@fb.com
[ Updated documentation about 'brstackoff' using text from above ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf script: Support -F brstack,dso and brstacksym,dso
Mark Santaniello [Mon, 19 Jun 2017 16:38:24 +0000 (09:38 -0700)]
perf script: Support -F brstack,dso and brstacksym,dso

Perf script can report the dso for "addr" and "ip" fields.

This adds the same support for the "brstack" and "brstacksym" fields.
This can be helpful for AutoFDO: we can ignore LBR entries unless the
source and target address are both in the target module we are about to
build.

I built a small test akin to "while(1) { do_nothing(); }" where the
do_nothing function is loaded from a dso:

  $ cat burncpu.cpp
  #include <dlfcn.h>

  int main() {
    void* handle = dlopen("./dso.so", RTLD_LAZY);
    if (!handle) return -1;

    typedef void (*fp)();
    fp do_nothing = (fp) dlsym(handle, "do_nothing");

    while(1) {
      do_nothing();
    }
  }

  $ cat dso.cpp
  extern "C" void do_nothing() {}

  $ cat build.sh
  #!/bin/bash
  g++ -shared dso.cpp -o dso.so
  g++ burncpu.cpp -o burncpu -ldl

I sampled the execution with perf record -b.  Using the new perf script
functionality I can easily find cases where there was a transition from one
dso to another:

  $ perf record -a -b -- sleep 5
  [ perf record: Woken up 55 times to write data ]
  [ perf record: Captured and wrote 18.815 MB perf.data (43593 samples) ]

  $ perf script -F brstack,dso | sed 's/\/0 /\/0\n/g' | grep burncpu | grep dso.so | head -n 1
  0x7f967139b6aa(/tmp/burncpu/dso.so)/0x4006b1(/tmp/burncpu/exe)/P/-/-/0

  $ perf script -F brstacksym,dso | sed 's/\/0 /\/0\n/g' | grep burncpu | grep dso.so | head -n 1
  do_nothing+0x5(/tmp/burncpu/dso.so)/main+0x44(/tmp/burncpu/exe)/P/-/-/0

Signed-off-by: Mark Santaniello <marksan@fb.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20170619163825.2012979-1-marksan@fb.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf test llvm: Avoid error when PROFILE_ALL_BRANCHES is set
Wang Nan [Tue, 20 Jun 2017 18:32:03 +0000 (02:32 +0800)]
perf test llvm: Avoid error when PROFILE_ALL_BRANCHES is set

The 'if' keyword is a define that expands to complex code when
CONFIG_PROFILE_ALL_BRANCHES is selected, which causes a 'perf test LLVM'
failure like:

  $ ./perf test LLVM
  35: LLVM search and compile                    :
  35.1: Basic BPF llvm compile                    : Ok
  35.2: kbuild searching                          : Ok
  35.3: Compile source for BPF prologue generation: FAILED!
  35.4: Compile source for BPF relocation         : Skip

The only affected test case is bpf-script-test-prologue.c
because it uses kernel headers and has 'if' inside.

This patch undefines 'if' to make it passes perf test.

More detailed analysis from a message in this thread, also by Wang:

The problem is caused by following relocation information:

  $ readelf -a ./llvmsubtest3
  ...
     [ 5] _ftrace_branch    PROGBITS         0000000000000000  00000260
          00000000000000a0  0000000000000000  WA       0     0     4
  ...
  Relocation section '.relfunc=null_lseek file->f_mode offset orig' at
  offset 0x490 contains 4 entries:
     Offset          Info           Type           Sym. Value    Sym. Name
  000000000038  000b00000001 unrecognized: 1       0000000000000000 _ftrace_branch
  0000000000b0  000b00000001 unrecognized: 1       0000000000000000 _ftrace_branch
  000000000128  000b00000001 unrecognized: 1       0000000000000000 _ftrace_branch
  0000000001c0  000b00000001 unrecognized: 1       0000000000000000 _ftrace_branch

  Relocation section '.rel_ftrace_branch' at offset 0x4d0 contains 8 entries:
     Offset          Info           Type           Sym. Value    Sym. Name
  000000000000  000200000001 unrecognized: 1       0000000000000000 .L__func__.bpf_func__n
  000000000008  000100000001 unrecognized: 1       0000000000000015 .L.str
  000000000028  000200000001 unrecognized: 1       0000000000000000 .L__func__.bpf_func__n
  000000000030  000100000001 unrecognized: 1       0000000000000015 .L.str
  000000000050  000200000001 unrecognized: 1       0000000000000000 .L__func__.bpf_func__n
  000000000058  000100000001 unrecognized: 1       0000000000000015 .L.str
  000000000078  000200000001 unrecognized: 1       0000000000000000 .L__func__.bpf_func__n
  000000000080  000100000001 unrecognized: 1       0000000000000015 .L.str
  ...

So I think the failure is because you enabled CONFIG_PROFILE_ALL_BRANCHES.

I can reproduce your buggy result by selecting
CONFIG_PROFILE_ALL_BRANCHES in my kbuild:

  $ ./perf test LLVM
  35: LLVM search and compile                    :
  35.1: Basic BPF llvm compile                    : Ok
  35.2: kbuild searching                          : Ok
  35.3: Compile source for BPF prologue generation: FAILED!
  35.4: Compile source for BPF relocation         : Skip

Simply undef CONFIG_PROFILE_ALL_BRANCHES in clang opts not working
because it is introduced by "#include <uapi/linux/fs.h>", which override
cmdline options. So I think the best way is to undefine 'if' inside BPF
script.

Reported-and-Tested-by: Thomas-Mich Richter <tmricht@linux.vnet.ibm.com>
Signed-off-by: Wang Nan <wangnan0@huawei.com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Cc: Zefan Li <lizefan@huawei.com>
Link: http://lkml.kernel.org/r/20170620183203.2517-1-wangnan0@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf annotate: Return arch from symbol__disassemble() and save it in browser
Jin Yao [Mon, 19 Jun 2017 02:55:56 +0000 (10:55 +0800)]
perf annotate: Return arch from symbol__disassemble() and save it in browser

In annotate browser, we will add support to check fused instructions.
While this is x86-specific feature so we need the annotate browser to
know what the arch it runs on.

symbol__disassemble() has figured out the arch. This patch just lets the
arch return from symbol__disassemble and save the arch in annotate
browser.

Signed-off-by: Yao Jin <yao.jin@linux.intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1497840958-4759-2-git-send-email-yao.jin@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf intel-pt/bts: Remove unused SAMPLE_SIZE defines and bts priv array
Kim Phillips [Fri, 16 Jun 2017 16:23:39 +0000 (11:23 -0500)]
perf intel-pt/bts: Remove unused SAMPLE_SIZE defines and bts priv array

These defines were probably dragged in from sampling support in earlier
patches.  They can be put back when needed.

Signed-off-by: Kim Phillips <kim.phillips@arm.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20170616112339.3fb6986e4ff33e353008244b@arm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf coresight: Remove superfluous check before use
Kim Phillips [Thu, 15 Jun 2017 17:55:21 +0000 (12:55 -0500)]
perf coresight: Remove superfluous check before use

The cs_etm_evsel variable is guaranteed to be set at this point in
cs_etm_recording_options().

Signed-off-by: Kim Phillips <kim.phillips@arm.com>
Acked-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/20170615125521.80cc128dc856bc1f2e61b730@arm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agotools: Adopt __aligned from kernel sources
Arnaldo Carvalho de Melo [Fri, 16 Jun 2017 14:39:15 +0000 (11:39 -0300)]
tools: Adopt __aligned from kernel sources

To have a more compact way to ask the compiler to use a specific
alignment, making tools/ look more like kernel source code.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-8jiem6ubg9rlpbs7c2p900no@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agotools: Adopt __packed from kernel sources
Arnaldo Carvalho de Melo [Fri, 16 Jun 2017 14:39:15 +0000 (11:39 -0300)]
tools: Adopt __packed from kernel sources

To have a more compact way to ask the compiler to not insert alignment
paddings in a struct, making tools/ look more like kernel source code.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-byp46nr7hsxvvyc9oupfb40q@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agotools: Adopt noinline from kernel sources
Arnaldo Carvalho de Melo [Fri, 16 Jun 2017 14:39:15 +0000 (11:39 -0300)]
tools: Adopt noinline from kernel sources

To have a more compact way to ask the compiler not to inline a function
and to make tools/ source code look like kernel code.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-bis4pqxegt6gbm5dlqs937tn@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf tools: Use __maybe_unused consistently
Arnaldo Carvalho de Melo [Fri, 16 Jun 2017 15:18:27 +0000 (12:18 -0300)]
perf tools: Use __maybe_unused consistently

Instead of defining __unused or redefining __maybe_unused.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-4eleto5pih31jw1q4dypm9pf@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agotools: Adopt __scanf from kernel sources
Arnaldo Carvalho de Melo [Fri, 16 Jun 2017 14:57:54 +0000 (11:57 -0300)]
tools: Adopt __scanf from kernel sources

To have a more compact way to ask the compiler to perform scanf like
argument validation.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-yzqrhfjrn26lqqtwf55egg0h@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agotools: Adopt __printf from kernel sources
Arnaldo Carvalho de Melo [Fri, 16 Jun 2017 14:57:54 +0000 (11:57 -0300)]
tools: Adopt __printf from kernel sources

To have a more compact way to ask the compiler to perform printf like
vargargs validation.

v2: Fixed up build on arm, squashing a patch by Kim Phillips, thanks!

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kim Phillips <kim.phillips@arm.com>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-dopkqmmuqs04cxzql0024nnu@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agotools: Adopt __noreturn from kernel sources
Arnaldo Carvalho de Melo [Fri, 16 Jun 2017 14:39:15 +0000 (11:39 -0300)]
tools: Adopt __noreturn from kernel sources

To have a more compact way to specify that a function doesn't return,
instead of the open coded:

__attribute__((noreturn))

And use it instead of the tools/perf/ specific variation, NORETURN.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-l0y144qzixcy5t4c6i7pdiqj@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf script: Allow adding and removing fields
Andi Kleen [Fri, 2 Jun 2017 15:48:10 +0000 (08:48 -0700)]
perf script: Allow adding and removing fields

With 'perf script' it is common that we just want to add or remove a field.

Currently this requires figuring out the long list of default fields and
specifying them first, and then adding/removing the new field.

This patch adds a new + - syntax to merely add or remove fields,
that allows more succint and clearer command lines

For example to remove the comm field from PMU samples:

Previously

  $ perf script -F tid,cpu,time,event,sym,ip,dso,period | head -1
  swapper  0 [000] 504345.383126:          1 cycles:  ffffffff90060c66 native_write_msr ([kernel.kallsyms])

with the new syntax

  perf script -F -comm | head -1
  0 [000] 504345.383126:          1 cycles:  ffffffff90060c66 native_write_msr ([kernel.kallsyms])

The new syntax cannot be mixed with normal overriding.

v2: Fix example in description. Use tid vs pid. No functional changes.
v3: Don't skip initialization when user specified explicit type.
v4: Rebase. Remove empty line.

Committer testing:

  # perf record -a usleep 1
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 1.748 MB perf.data (14 samples) ]

Without a explicit field list specified via -F, defaults to:

  # perf script | head -2
      perf 6338 [000] 18467.058607: 1 cycles: ffffffff89060c36 native_write_msr (/lib/modules/4.11.0-rc8+/build/vmlinux)
   swapper    0 [001] 18467.058617: 1 cycles: ffffffff89060c36 native_write_msr (/lib/modules/4.11.0-rc8+/build/vmlinux)
  #

Which is equivalent to:

  # perf script -F comm,tid,cpu,time,period,event,ip,sym,dso | head -2
      perf 6338 [000] 18467.058607: 1 cycles: ffffffff89060c36 native_write_msr (/lib/modules/4.11.0-rc8+/build/vmlinux)
   swapper    0 [001] 18467.058617: 1 cycles: ffffffff89060c36 native_write_msr (/lib/modules/4.11.0-rc8+/build/vmlinux)
  #

So if we want to remove the comm, as in your original example, we would have to
figure out the default field list and remove ' comm' from it:

  # perf script -F tid,cpu,time,period,event,ip,sym,dso | head -2
   6338 [000] 18467.058607: 1 cycles: ffffffff89060c36 native_write_msr (/lib/modules/4.11.0-rc8+/build/vmlinux)
      0 [001] 18467.058617: 1 cycles: ffffffff89060c36 native_write_msr (/lib/modules/4.11.0-rc8+/build/vmlinux)
  #

With your patch this becomes simpler, one can remove fields by prefixing them
with '-':

  # perf script -F -comm | head -2
  6338 [000] 18467.058607: 1 cycles: ffffffff89060c36 native_write_msr (/lib/modules/4.11.0-rc8+/build/vmlinux)
     0 [001] 18467.058617: 1 cycles: ffffffff89060c36 native_write_msr (/lib/modules/4.11.0-rc8+/build/vmlinux)
  #

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Tested-by: Milian Wolff <milian.wolff@kdab.com>
Link: http://lkml.kernel.org/r/20170602154810.15875-1-andi@firstfloor.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf config: Invert an if statement to reduce nesting in cmd_config()
Taeung Song [Mon, 8 May 2017 11:07:30 +0000 (20:07 +0900)]
perf config: Invert an if statement to reduce nesting in cmd_config()

Signed-off-by: Taeung Song <treeze.taeung@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: http://lkml.kernel.org/r/1494241650-32210-1-git-send-email-treeze.taeung@gmail.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf annotate browser: Display titles in left frame
Jin Yao [Thu, 4 May 2017 14:58:15 +0000 (22:58 +0800)]
perf annotate browser: Display titles in left frame

The annotate browser is divided into 2 frames. Left frame contains 3
columns (some platforms only have one column).

For example:

                   │26  int compute_flag()
                   │27  {
 22.80  1.20       │      sub    $0x8,%rsp
                   │25          int i;
                   │
                   │27          i = rand() % 2;
 22.78  1.20     1 │    → callq  rand@plt

While it's hard for user to understand what the data is.

This patch adds the titles "Percent", "IPC" and "Cycle" on columns.

Percent  IPC Cycle │
                   │25  __attribute__((noinline))
                   │26  int compute_flag()
                   │27  {
 22.80  1.20       │      sub    $0x8,%rsp
                   │25          int i;
                   │
                   │27          i = rand() % 2;
 22.78  1.20     1 │    → callq  rand@plt

The titles are displayed at row 0 of annotate browser if row 0 doesn't
have values of percent, ipc and cycle.

Signed-off-by: Yao Jin <yao.jin@linux.intel.com>
Acked-by: Milian Wolff <milian.wolff@kdab.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Yao Jin <yao.jin@linux.intel.com>
Link: http://lkml.kernel.org/r/1493909895-9668-3-git-send-email-yao.jin@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf report: Remove unnecessary check in annotate_browser_write()
Jin Yao [Thu, 4 May 2017 14:58:14 +0000 (22:58 +0800)]
perf report: Remove unnecessary check in annotate_browser_write()

In annotate_browser_write(),

        if (dl->offset != -1 && percent_max != 0.0) {
                if (percent_max != 0.0) {
...
                }
                ...
        }

The second check of (percent_max != 0.0) is not necessary, remove it.

Signed-off-by: Yao Jin <yao.jin@linux.intel.com>
Acked-by: Milian Wolff <milian.wolff@kdab.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Yao Jin <yao.jin@linux.intel.com>
Link: http://lkml.kernel.org/r/1493909895-9668-2-git-send-email-yao.jin@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoMerge remote-tracking branch 'tip/perf/urgent' into perf/core
Arnaldo Carvalho de Melo [Mon, 19 Jun 2017 18:14:35 +0000 (15:14 -0300)]
Merge remote-tracking branch 'tip/perf/urgent' into perf/core

Merge branch 'perf/urgent' into perf/core, to pick up fixes

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoMerge tag 'perf-urgent-for-mingo-4.12-20170616' of git://git.kernel.org/pub/scm/linux...
Ingo Molnar [Fri, 16 Jun 2017 19:33:48 +0000 (21:33 +0200)]
Merge tag 'perf-urgent-for-mingo-4.12-20170616' of git://git./linux/kernel/git/acme/linux into perf/urgent

Pull perf/urgent fixes from Arnaldo Carvalho de Melo:

- Fix probing of precise_ip level for default cycles event, that
  got broken recently on x86_64 when its arch code started
  considering invalid requesting precise samples when not sampling
  (i.e. when attr.sample_period == 0).

  This also fixes another problem in s/390 where the precision
  probing with sample_period == 0 returned precise_ip > 0, that
  then, when setting up the real cycles event (not probing) would
  return EOPNOTSUPP for precise_ip > 0 (as determined previously
  by probing) and sample_period > 0.

  These problems resulted in attr_precise not being set to the
  highest precision available on x86.64 when no event was specified,
  i.e. the canonical:

perf record ./workload

  would end up using attr.precise_ip = 0. As a workaround this would
  need to be done:

perf record -e cycles:P ./workload

  And on s/390 it would plain not work, requiring using:

        perf record -e cycles ./workload

  as a workaround.  (Arnaldo Carvalho de Melo)

- Fix perf build with ARCH=x86_64, when ARCH should be transformed
  into ARCH=x86, just like with the main kernel Makefile and
  tools/objtool's, i.e. use SRCARCH. (Jiada Wang)

- Avoid accessing uninitialized data structures when unwinding with
  elfutils's libdw, making it more closely mimic libunwind's unwinder.
  (Milian Wolff)

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
7 years agoperf unwind: Report module before querying isactivation in dwfl unwind
Milian Wolff [Fri, 2 Jun 2017 14:37:53 +0000 (16:37 +0200)]
perf unwind: Report module before querying isactivation in dwfl unwind

The PC returned by dwfl_frame_pc() may map into a not-yet-reported
module. We have to report it before we continue unwinding. But when we
query for the isactivation flag in dwfl_frame_pc, libdw will actually do
one more unwinding step internally which can then break and lead to
missed frames or broken stacks.

With libunwind we get e.g.:

~~~~~
  heaptrack_gui  2228 135073.400474:     613969 cycles:
          108c8e [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          1093bc [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          109e7b QLocale::QLocale (/usr/lib/libQt5Core.so.5.8.0)
          1470ff [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          147f67 QSystemLocale::query (/usr/lib/libQt5Core.so.5.8.0)
          109fbf QLocalePrivate::updateSystemPrivate (/usr/lib/libQt5Core.so.5.8.0)
          10aa27 QLocale::QLocale (/usr/lib/libQt5Core.so.5.8.0)
          1e02c3 [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          2113bb [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          211505 [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          1b5df0 QFileInfo::exists (/usr/lib/libQt5Core.so.5.8.0)
           92eb2 [unknown] (/usr/lib/libQt5Core.so.5.8.0)
           93423 [unknown] (/usr/lib/libQt5Core.so.5.8.0)
           93d2a QLibraryInfo::location (/usr/lib/libQt5Core.so.5.8.0)
          2170af [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          297c53 QCoreApplicationPrivate::init (/usr/lib/libQt5Core.so.5.8.0)
           f7cde QGuiApplicationPrivate::init (/usr/lib/libQt5Gui.so.5.8.0)
          1589e8 QApplicationPrivate::init (/usr/lib/libQt5Widgets.so.5.8.0)
           78622 main (/home/milian/projects/compiled/other/bin/heaptrack_gui)
           20439 __libc_start_main (/usr/lib/libc-2.25.so)
           78299 _start (/home/milian/projects/compiled/other/bin/heaptrack_gui)

  heaptrack_gui  2228 135073.401156:     569521 cycles:
          131633 QString::endsWith (/usr/lib/libQt5Core.so.5.8.0)
          1a0701 QDir::cleanPath (/usr/lib/libQt5Core.so.5.8.0)
          21b82d [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          1b3727 QFileInfo::canonicalFilePath (/usr/lib/libQt5Core.so.5.8.0)
          2780c7 QFactoryLoader::update (/usr/lib/libQt5Core.so.5.8.0)
          279525 QFactoryLoader::QFactoryLoader (/usr/lib/libQt5Core.so.5.8.0)
           e5bd0 QPlatformIntegrationFactory::create (/usr/lib/libQt5Gui.so.5.8.0)
           f5a1c QGuiApplicationPrivate::createPlatformIntegration (/usr/lib/libQt5Gui.so.5.8.0)
           f650c QGuiApplicationPrivate::createEventDispatcher (/usr/lib/libQt5Gui.so.5.8.0)
          298524 QCoreApplicationPrivate::init (/usr/lib/libQt5Core.so.5.8.0)
           f7cde QGuiApplicationPrivate::init (/usr/lib/libQt5Gui.so.5.8.0)
          1589e8 QApplicationPrivate::init (/usr/lib/libQt5Widgets.so.5.8.0)
           78622 main (/home/milian/projects/compiled/other/bin/heaptrack_gui)
           20439 __libc_start_main (/usr/lib/libc-2.25.so)
           78299 _start (/home/milian/projects/compiled/other/bin/heaptrack_gui)
~~~~~

Note the two frames 1589e8 and 78622 in the first sample. These are
missing when unwinding with libdw. The second sample's breakage is
more obvious:

~~~~~
  heaptrack_gui  2228 135073.400474:     613969 cycles:
          108c8e [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          1093bc [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          109e7b QLocale::QLocale (/usr/lib/libQt5Core.so.5.8.0)
          1470ff [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          147f67 QSystemLocale::query (/usr/lib/libQt5Core.so.5.8.0)
          109fbf QLocalePrivate::updateSystemPrivate (/usr/lib/libQt5Core.so.5.8.0)
          10aa27 QLocale::QLocale (/usr/lib/libQt5Core.so.5.8.0)
          1e02c3 [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          2113bb [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          211505 [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          1b5df0 QFileInfo::exists (/usr/lib/libQt5Core.so.5.8.0)
           92eb2 [unknown] (/usr/lib/libQt5Core.so.5.8.0)
           93423 [unknown] (/usr/lib/libQt5Core.so.5.8.0)
           93d2a QLibraryInfo::location (/usr/lib/libQt5Core.so.5.8.0)
          2170af [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          297c53 QCoreApplicationPrivate::init (/usr/lib/libQt5Core.so.5.8.0)
           f7cde QGuiApplicationPrivate::init (/usr/lib/libQt5Gui.so.5.8.0)
           20439 __libc_start_main (/usr/lib/libc-2.25.so)
           78299 _start (/home/milian/projects/compiled/other/bin/heaptrack_gui)

heaptrack_gui  2228 135073.401156:     569521 cycles:
          131633 QString::endsWith (/usr/lib/libQt5Core.so.5.8.0)
          1a0701 QDir::cleanPath (/usr/lib/libQt5Core.so.5.8.0)
          21b82d [unknown] (/usr/lib/libQt5Core.so.5.8.0)
          1b3727 QFileInfo::canonicalFilePath (/usr/lib/libQt5Core.so.5.8.0)
          2780c7 QFactoryLoader::update (/usr/lib/libQt5Core.so.5.8.0)
          279525 QFactoryLoader::QFactoryLoader (/usr/lib/libQt5Core.so.5.8.0)
           e5bd0 QPlatformIntegrationFactory::create (/usr/lib/libQt5Gui.so.5.8.0)
          723dbf [unknown] ([unknown])
~~~~~

This patch fixes this issue and the libdw unwinder mimicks the libunwind
behavior more closely.

Signed-off-by: Milian Wolff <milian.wolff@kdab.com>
Acked-by: Jan Kratochvil <jan.kratochvil@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: http://lkml.kernel.org/r/20170602143753.16907-2-milian.wolff@kdab.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf tools: Fix build with ARCH=x86_64
Jiada Wang [Mon, 10 Apr 2017 03:02:37 +0000 (20:02 -0700)]
perf tools: Fix build with ARCH=x86_64

With commit: 0a943cb10ce78 (tools build: Add HOSTARCH Makefile variable)
when building for ARCH=x86_64, ARCH=x86_64 is passed to perf instead of
ARCH=x86, so the perf build process searchs header files from
tools/arch/x86_64/include, which doesn't exist.

The following build failure is seen:

  In file included from util/event.c:2:0:
    tools/include/uapi/linux/mman.h:4:27: fatal error: uapi/asm/mman.h: No such file or directory
    compilation terminated.

Fix this issue by using SRCARCH instead of ARCH in perf, just like the
main kernel Makefile and tools/objtool's.

Signed-off-by: Jiada Wang <jiada_wang@mentor.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Eugeniu Rosca <erosca@de.adit-jv.com>
Cc: Jan Stancek <jstancek@redhat.com>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
Cc: Rui Teng <rui.teng@linux.vnet.ibm.com>
Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Cc: Wang Nan <wangnan0@huawei.com>
Fixes: 0a943cb10ce7 ("tools build: Add HOSTARCH Makefile variable")
Link: http://lkml.kernel.org/r/1491793357-14977-2-git-send-email-jiada_wang@mentor.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoperf evsel: Fix probing of precise_ip level for default cycles event
Arnaldo Carvalho de Melo [Fri, 9 Jun 2017 19:54:28 +0000 (16:54 -0300)]
perf evsel: Fix probing of precise_ip level for default cycles event

Since commit 18e7a45af91a ("perf/x86: Reject non sampling events with
precise_ip") returns -EINVAL for sys_perf_event_open() with an attribute
with (attr.precise_ip > 0 && attr.sample_period == 0), just like is done
in the routine used to probe the max precise level when no events were
passed to 'perf record' or 'perf top', i.e.:

perf_evsel__new_cycles()
perf_event_attr__set_max_precise_ip()

The x86 code, in x86_pmu_hw_config(), which is called all the way from
sys_perf_event_open() did, starting with the aforementioned commit:

                /* There's no sense in having PEBS for non sampling events: */
                if (!is_sampling_event(event))
                        return -EINVAL;

Which makes it fail for cycles:ppp, cycles:pp and cycles:p, always using
just the non precise cycles variant.

To make sure that this is the case, I tested it, before this patch,
with:

  # perf probe -L x86_pmu_hw_config
  <x86_pmu_hw_config@/home/acme/git/linux/arch/x86/events/core.c:0>
        0  int x86_pmu_hw_config(struct perf_event *event)
        1  {
        2         if (event->attr.precise_ip) {
<SNIP>
       17                 if (event->attr.precise_ip > precise)
       18                         return -EOPNOTSUPP;

                          /* There's no sense in having PEBS for non sampling events: */
       21                 if (!is_sampling_event(event))
       22                         return -EINVAL;
                  }
<SNIP>
  # perf probe x86_pmu_hw_config:22
  Added new events:
    probe:x86_pmu_hw_config (on x86_pmu_hw_config:22)
    probe:x86_pmu_hw_config_1 (on x86_pmu_hw_config:22)

  You can now use it in all perf tools, such as:

        perf record -e probe:x86_pmu_hw_config_1 -aR sleep 1

  # perf trace -e perf_event_open,probe:x86_pmu_hwconfig*/max-stack=16/ perf record usleep 1
     0.000 ( 0.015 ms): perf/4150 perf_event_open(attr_uptr: 0x7ffebc8ba110, cpu: -1, group_fd: -1      ) ...
     0.015 (         ): probe:x86_pmu_hw_config:(ffffffff9c0065e1))
                                       x86_pmu_hw_config ([kernel.kallsyms])
                                       hsw_hw_config ([kernel.kallsyms])
                                       x86_pmu_event_init ([kernel.kallsyms])
                                       perf_try_init_event ([kernel.kallsyms])
                                       perf_event_alloc ([kernel.kallsyms])
                                       SYSC_perf_event_open ([kernel.kallsyms])
                                       sys_perf_event_open ([kernel.kallsyms])
                                       do_syscall_64 ([kernel.kallsyms])
                                       return_from_SYSCALL_64 ([kernel.kallsyms])
                                       syscall (/usr/lib64/libc-2.24.so)
                                       perf_event_attr__set_max_precise_ip (/home/acme/bin/perf)
                                       perf_evsel__new_cycles (/home/acme/bin/perf)
                                       perf_evlist__add_default (/home/acme/bin/perf)
                                       cmd_record (/home/acme/bin/perf)
                                       run_builtin (/home/acme/bin/perf)
                                       handle_internal_command (/home/acme/bin/perf)
     0.000 ( 0.021 ms): perf/4150  ... [continued]: perf_event_open()) = -1 EINVAL Invalid argument
     0.023 ( 0.002 ms): perf/4150 perf_event_open(attr_uptr: 0x7ffebc8ba110, cpu: -1, group_fd: -1      ) ...
     0.025 (         ): probe:x86_pmu_hw_config:(ffffffff9c0065e1))
                                       x86_pmu_hw_config ([kernel.kallsyms])
                                       hsw_hw_config ([kernel.kallsyms])
                                       x86_pmu_event_init ([kernel.kallsyms])
                                       perf_try_init_event ([kernel.kallsyms])
                                       perf_event_alloc ([kernel.kallsyms])
                                       SYSC_perf_event_open ([kernel.kallsyms])
                                       sys_perf_event_open ([kernel.kallsyms])
                                       do_syscall_64 ([kernel.kallsyms])
                                       return_from_SYSCALL_64 ([kernel.kallsyms])
                                       syscall (/usr/lib64/libc-2.24.so)
                                       perf_event_attr__set_max_precise_ip (/home/acme/bin/perf)
                                       perf_evsel__new_cycles (/home/acme/bin/perf)
                                       perf_evlist__add_default (/home/acme/bin/perf)
                                       cmd_record (/home/acme/bin/perf)
                                       run_builtin (/home/acme/bin/perf)
                                       handle_internal_command (/home/acme/bin/perf)
     0.023 ( 0.004 ms): perf/4150  ... [continued]: perf_event_open()) = -1 EINVAL Invalid argument
     0.028 ( 0.002 ms): perf/4150 perf_event_open(attr_uptr: 0x7ffebc8ba110, cpu: -1, group_fd: -1      ) ...
     0.030 (         ): probe:x86_pmu_hw_config:(ffffffff9c0065e1))
                                       x86_pmu_hw_config ([kernel.kallsyms])
                                       hsw_hw_config ([kernel.kallsyms])
                                       x86_pmu_event_init ([kernel.kallsyms])
                                       perf_try_init_event ([kernel.kallsyms])
                                       perf_event_alloc ([kernel.kallsyms])
                                       SYSC_perf_event_open ([kernel.kallsyms])
                                       sys_perf_event_open ([kernel.kallsyms])
                                       do_syscall_64 ([kernel.kallsyms])
                                       return_from_SYSCALL_64 ([kernel.kallsyms])
                                       syscall (/usr/lib64/libc-2.24.so)
                                       perf_event_attr__set_max_precise_ip (/home/acme/bin/perf)
                                       perf_evsel__new_cycles (/home/acme/bin/perf)
                                       perf_evlist__add_default (/home/acme/bin/perf)
                                       cmd_record (/home/acme/bin/perf)
                                       run_builtin (/home/acme/bin/perf)
                                       handle_internal_command (/home/acme/bin/perf)
     0.028 ( 0.004 ms): perf/4150  ... [continued]: perf_event_open()) = -1 EINVAL Invalid argument
    41.018 ( 0.012 ms): perf/4150 perf_event_open(attr_uptr: 0x7ffebc8b5dd0, pid: -1, group_fd: -1, flags: FD_CLOEXEC) = 4
    41.065 ( 0.011 ms): perf/4150 perf_event_open(attr_uptr: 0x3c7db78, pid: -1, group_fd: -1, flags: FD_CLOEXEC) = 4
    41.080 ( 0.006 ms): perf/4150 perf_event_open(attr_uptr: 0x3c7db78, pid: -1, group_fd: -1, flags: FD_CLOEXEC) = 4
    41.103 ( 0.010 ms): perf/4150 perf_event_open(attr_uptr: 0x3c4e748, pid: 4151 (perf), group_fd: -1, flags: FD_CLOEXEC) = 4
    41.115 ( 0.006 ms): perf/4150 perf_event_open(attr_uptr: 0x3c4e748, pid: 4151 (perf), cpu: 1, group_fd: -1, flags: FD_CLOEXEC) = 5
    41.122 ( 0.004 ms): perf/4150 perf_event_open(attr_uptr: 0x3c4e748, pid: 4151 (perf), cpu: 2, group_fd: -1, flags: FD_CLOEXEC) = 6
    41.128 ( 0.008 ms): perf/4150 perf_event_open(attr_uptr: 0x3c4e748, pid: 4151 (perf), cpu: 3, group_fd: -1, flags: FD_CLOEXEC) = 8
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.017 MB perf.data (2 samples) ]
  #

I.e. that return -EINVAL in x86_pmu_hw_config() is hit three times.

So fix it by just setting attr.sample_period

Now, after this patch:

  # perf trace --max-stack=2 -e perf_event_open,probe:x86_pmu_hw_config* perf record usleep 1
  [ perf record: Woken up 1 times to write data ]
     0.000 ( 0.017 ms): perf/8469 perf_event_open(attr_uptr: 0x7ffe36c27d10, pid: -1, cpu: 3, group_fd: -1, flags: FD_CLOEXEC) = 4
                                       syscall (/usr/lib64/libc-2.24.so)
                                       perf_event_open_cloexec_flag (/home/acme/bin/perf)
     0.050 ( 0.031 ms): perf/8469 perf_event_open(attr_uptr: 0x24ebb78, pid: -1, group_fd: -1, flags: FD_CLOEXEC) = 4
                                       syscall (/usr/lib64/libc-2.24.so)
                                       perf_evlist__config (/home/acme/bin/perf)
     0.092 ( 0.040 ms): perf/8469 perf_event_open(attr_uptr: 0x24ebb78, pid: -1, group_fd: -1, flags: FD_CLOEXEC) = 4
                                       syscall (/usr/lib64/libc-2.24.so)
                                       perf_evlist__config (/home/acme/bin/perf)
     0.143 ( 0.007 ms): perf/8469 perf_event_open(attr_uptr: 0x24bc748, cpu: -1, group_fd: -1           ) = 4
                                       syscall (/usr/lib64/libc-2.24.so)
                                       perf_event_attr__set_max_precise_ip (/home/acme/bin/perf)
     0.161 ( 0.007 ms): perf/8469 perf_event_open(attr_uptr: 0x24bc748, pid: 8470 (perf), group_fd: -1, flags: FD_CLOEXEC) = 4
                                       syscall (/usr/lib64/libc-2.24.so)
                                       perf_evsel__open (/home/acme/bin/perf)
     0.171 ( 0.005 ms): perf/8469 perf_event_open(attr_uptr: 0x24bc748, pid: 8470 (perf), cpu: 1, group_fd: -1, flags: FD_CLOEXEC) = 5
                                       syscall (/usr/lib64/libc-2.24.so)
                                       perf_evsel__open (/home/acme/bin/perf)
     0.180 ( 0.007 ms): perf/8469 perf_event_open(attr_uptr: 0x24bc748, pid: 8470 (perf), cpu: 2, group_fd: -1, flags: FD_CLOEXEC) = 6
                                       syscall (/usr/lib64/libc-2.24.so)
                                       perf_evsel__open (/home/acme/bin/perf)
     0.190 ( 0.005 ms): perf/8469 perf_event_open(attr_uptr: 0x24bc748, pid: 8470 (perf), cpu: 3, group_fd: -1, flags: FD_CLOEXEC) = 8
                                       syscall (/usr/lib64/libc-2.24.so)
                                       perf_evsel__open (/home/acme/bin/perf)
  [ perf record: Captured and wrote 0.017 MB perf.data (7 samples) ]
  #

The probe one called from perf_event_attr__set_max_precise_ip() works
the first time, with attr.precise_ip = 3, wit hthe next ones being the
per cpu ones for the cycles:ppp event.

And here is the text from a report and alternative proposed patch by
Thomas-Mich Richter:

 ---

On s390 the counter and sampling facility do not support a precise IP
skid level and sometimes returns EOPNOTSUPP when structure member
precise_ip in struct perf_event_attr is not set to zero.

On s390 commnd 'perf record -- true' fails with error EOPNOTSUPP.  This
happens only when no events are specified on command line.

The functions called are
...
  --> perf_evlist__add_default
      --> perf_evsel__new_cycles
          --> perf_event_attr__set_max_precise_ip

The last function determines the value of structure member precise_ip by
invoking the perf_event_open() system call and checking the return code.
The first successful open is the value for precise_ip.

However the value is determined without setting member sample_period and
indicates no sampling.

On s390 the counter facility and sampling facility are different.  The
above procedure determines a precise_ip value of 3 using the counter
facility. Later it uses the sampling facility with a value of 3 and
fails with EOPNOTSUPP.

 ---

v2: Older compilers (e.g. gcc 4.4.7) don't support referencing members
    of unnamed union members in the container struct initialization, so
    move from:

struct perf_event_attr attr = {
...
.sample_period = 1,
};

to right after it as:

struct perf_event_attr attr = {
...
};

attr.sample_period = 1;

v3: We need to reset .sample_period to 0 to let the users of
perf_evsel__new_cycles() to properly setup attr.sample_period or
attr.sample_freq. Reported by Ingo Molnar.

Reported-and-Acked-by: Thomas-Mich Richter <tmricht@linux.vnet.ibm.com>
Acked-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Acked-by: Jiri Olsa <jolsa@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Wang Nan <wangnan0@huawei.com>
Fixes: 18e7a45af91a ("perf/x86: Reject non sampling events with precise_ip")
Link: http://lkml.kernel.org/n/tip-yv6nnkl7tzqocrm0hl3x7vf1@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
7 years agoMerge tag 'xtensa-20170612' of git://github.com/jcmvbkbc/linux-xtensa
Linus Torvalds [Tue, 13 Jun 2017 06:09:10 +0000 (15:09 +0900)]
Merge tag 'xtensa-20170612' of git://github.com/jcmvbkbc/linux-xtensa

Pull Xtensa fixes from Max Filippov:

 - don't use linux IRQ #0 in legacy irq domains: fixes timer interrupt
   assignment when it's hardware IRQ # is 0 and the kernel is built w/o
   device tree support

 - reduce reservation size for double exception vector literals from 48
   to 20 bytes: fixes build on cores with small user exception vector

 - cleanups: use kmalloc_array instead of kmalloc in simdisk_init and
   seq_puts instead of seq_printf in c_show.

* tag 'xtensa-20170612' of git://github.com/jcmvbkbc/linux-xtensa:
  xtensa: don't use linux IRQ #0
  xtensa: reduce double exception literal reservation
  xtensa: ISS: Use kmalloc_array() in simdisk_init()
  xtensa: Use seq_puts() in c_show()

7 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Linus Torvalds [Tue, 13 Jun 2017 06:07:11 +0000 (15:07 +0900)]
Merge branch 'for-linus' of git://git./linux/kernel/git/s390/linux

Pull s390 fixes from Martin Schwidefsky:

 - A fix for KVM to avoid kernel oopses in case of host protection
   faults due to runtime instrumentation

 - A fix for the AP bus to avoid dead devices after unbind / bind

 - A fix for a compile warning merged from the vfio_ccw tree

 - Updated default configurations

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390: update defconfig
  s390/zcrypt: Fix blocking queue device after unbind/bind.
  s390/vfio_ccw: make some symbols static
  s390/kvm: do not rely on the ILC on kvm host protection fauls

7 years agoLinux 4.12-rc5
Linus Torvalds [Sun, 11 Jun 2017 23:48:20 +0000 (16:48 -0700)]
Linux 4.12-rc5

7 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
Linus Torvalds [Sun, 11 Jun 2017 23:17:29 +0000 (16:17 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/linux-security

Pull key subsystem fixes from James Morris:
 "Here are a bunch of fixes for Linux keyrings, including:

   - Fix up the refcount handling now that key structs use the
     refcount_t type and the refcount_t ops don't allow a 0->1
     transition.

   - Fix a potential NULL deref after error in x509_cert_parse().

   - Don't put data for the crypto algorithms to use on the stack.

   - Fix the handling of a null payload being passed to add_key().

   - Fix incorrect cleanup an uninitialised key_preparsed_payload in
     key_update().

   - Explicit sanitisation of potentially secure data before freeing.

   - Fixes for the Diffie-Helman code"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (23 commits)
  KEYS: fix refcount_inc() on zero
  KEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP API
  crypto : asymmetric_keys : verify_pefile:zero memory content before freeing
  KEYS: DH: add __user annotations to keyctl_kdf_params
  KEYS: DH: ensure the KDF counter is properly aligned
  KEYS: DH: don't feed uninitialized "otherinfo" into KDF
  KEYS: DH: forbid using digest_null as the KDF hash
  KEYS: sanitize key structs before freeing
  KEYS: trusted: sanitize all key material
  KEYS: encrypted: sanitize all key material
  KEYS: user_defined: sanitize key payloads
  KEYS: sanitize add_key() and keyctl() key payloads
  KEYS: fix freeing uninitialized memory in key_update()
  KEYS: fix dereferencing NULL payload with nonzero length
  KEYS: encrypted: use constant-time HMAC comparison
  KEYS: encrypted: fix race causing incorrect HMAC calculations
  KEYS: encrypted: fix buffer overread in valid_master_desc()
  KEYS: encrypted: avoid encrypting/decrypting stack buffers
  KEYS: put keyring if install_session_keyring_to_cred() fails
  KEYS: Delete an error message for a failed memory allocation in get_derived_key()
  ...

7 years agocompiler, clang: properly override 'inline' for clang
Linus Torvalds [Sun, 11 Jun 2017 22:51:56 +0000 (15:51 -0700)]
compiler, clang: properly override 'inline' for clang

Commit abb2ea7dfd82 ("compiler, clang: suppress warning for unused
static inline functions") just caused more warnings due to re-defining
the 'inline' macro.

So undef it before re-defining it, and also add the 'notrace' attribute
like the gcc version that this is overriding does.

Maybe this makes clang happier.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
7 years agoMerge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 11 Jun 2017 19:02:01 +0000 (12:02 -0700)]
Merge tag 'random_for_linus_stable' of git://git./linux/kernel/git/tytso/random

Pull randomness fixes from Ted Ts'o:
 "Improve performance by using a lockless update mechanism suggested by
  Linus, and make sure we refresh per-CPU entropy returned get_random_*
  as soon as the CRNG is initialized"

* tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
  random: invalidate batched entropy after crng init
  random: use lockless method of accessing and updating f->reg_idx

7 years agoMerge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sun, 11 Jun 2017 18:57:47 +0000 (11:57 -0700)]
Merge tag 'ext4_for_linus_stable' of git://git./linux/kernel/git/tytso/ext4

Pull ext4 fixes from Ted Ts'o:
 "Fix various bug fixes in ext4 caused by races and memory allocation
  failures"

* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: fix fdatasync(2) after extent manipulation operations
  ext4: fix data corruption for mmap writes
  ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO
  ext4: fix quota charging for shared xattr blocks
  ext4: remove redundant check for encrypted file on dio write path
  ext4: remove unused d_name argument from ext4_search_dir() et al.
  ext4: fix off-by-one error when writing back pages before dio read
  ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
  ext4: keep existing extra fields when inode expands
  ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
  ext4: fix off-by-in in loop termination in ext4_find_unwritten_pgoff()
  ext4: fix SEEK_HOLE
  jbd2: preserve original nofs flag during journal restart
  ext4: clear lockdep subtype for quota files on quota off

7 years agoMerge tag 'gpio-v4.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw...
Linus Torvalds [Sun, 11 Jun 2017 18:34:27 +0000 (11:34 -0700)]
Merge tag 'gpio-v4.12-2' of git://git./linux/kernel/git/linusw/linux-gpio

Pull GPIO fixes from Linus Walleij:
 "A few overdue GPIO patches for the v4.12 kernel.

   - Fix debounce logic on the Aspeed platform.

   - Fix the "virtual gpio" things on the Intel Crystal Cove.

   - Fix the blink counter selection on the MVEBU platform"

* tag 'gpio-v4.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: mvebu: fix gpio bank registration when pwm is used
  gpio: mvebu: fix blink counter register selection
  MAINTAINERS: remove self from GPIO maintainers
  gpio: crystalcove: Do not write regular gpio registers for virtual GPIOs
  gpio: aspeed: Don't attempt to debounce if disabled

7 years agoMerge tag 'char-misc-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregk...
Linus Torvalds [Sun, 11 Jun 2017 18:29:15 +0000 (11:29 -0700)]
Merge tag 'char-misc-4.12-rc5' of git://git./linux/kernel/git/gregkh/char-misc

Pull char/misc driver fixes from Greg KH:
 "Here are some small driver fixes for 4.12-rc5. Nothing major here,
  just some small bugfixes found by people testing, and a MAINTAINERS
  file update for the genwqe driver.

  All have been in linux-next with no reported issues"

[ The cxl driver fix came in through the powerpc tree earlier ]

* tag 'char-misc-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  cxl: Avoid double free_irq() for psl,slice interrupts
  mei: make sysfs modalias format similar as uevent modalias
  drivers: char: mem: Fix wraparound check to allow mappings up to the end
  MAINTAINERS: Change maintainer of genwqe driver
  goldfish_pipe: use GFP_ATOMIC under spin lock
  firmware: vpd: do not leak kobjects
  firmware: vpd: avoid potential use-after-free when destroying section
  firmware: vpd: do not leave freed section attributes to the list

7 years agoMerge tag 'staging-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Sun, 11 Jun 2017 18:25:51 +0000 (11:25 -0700)]
Merge tag 'staging-4.12-rc5' of git://git./linux/kernel/git/gregkh/staging

Pull staging/IIO fixes from Greg KH:
 "These are mostly all IIO driver fixes, resolving a number of tiny
  issues. There's also a ccree and lustre fix in here as well, both fix
  problems found in those codebases.

  All have been in linux-next with no reported issues"

* tag 'staging-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging: ccree: fix buffer copy
  staging/lustre/lov: remove set_fs() call from lov_getstripe()
  staging: ccree: add CRYPTO dependency
  iio: adc: sun4i-gpadc-iio: fix parent device being used in devm function
  iio: light: ltr501 Fix interchanged als/ps register field
  iio: adc: bcm_iproc_adc: swap primary and secondary isr handler's
  iio: trigger: fix NULL pointer dereference in iio_trigger_write_current()
  iio: adc: max9611: Fix attribute measure unit
  iio: adc: ti_am335x_adc: allocating too much in probe
  iio: adc: sun4i-gpadc-iio: Fix module autoload when OF devices are registered
  iio: adc: sun4i-gpadc-iio: Fix module autoload when PLATFORM devices are registered
  iio: proximity: as3935: fix iio_trigger_poll issue
  iio: proximity: as3935: fix AS3935_INT mask
  iio: adc: Max9611: checking for ERR_PTR instead of NULL in probe
  iio: proximity: as3935: recalibrate RCO after resume

7 years agoMerge tag 'usb-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Linus Torvalds [Sun, 11 Jun 2017 18:23:10 +0000 (11:23 -0700)]
Merge tag 'usb-4.12-rc5' of git://git./linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are some small USB fixes for 4.12-rc5

  They are for some reported issues in the chipidea and gadget drivers.
  Nothing major. All have been in linux-next for a while with no
  reported issues"

* tag 'usb-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: gadget: udc: renesas_usb3: Fix PN_INT_ENA disabling timing
  usb: gadget: udc: renesas_usb3: lock for PN_ registers access
  usb: gadget: udc: renesas_usb3: fix deadlock by spinlock
  usb: gadget: udc: renesas_usb3: fix pm_runtime functions calling
  usb: gadget: f_mass_storage: Serialize wake and sleep execution
  usb: dwc2: add support for the DWC2 controller on Meson8 SoCs
  phy: qualcomm: phy-qcom-qmp: fix application of sizeof to pointer
  usb: musb: dsps: keep VBUS on for host-only mode
  usb: chipidea: core: check before accessing ci_role in ci_role_show
  usb: chipidea: debug: check before accessing ci_role
  phy: qcom-qmp: fix return value check in qcom_qmp_phy_create()
  usb: chipidea: udc: fix NULL pointer dereference if udc_start failed
  usb: chipidea: imx: Do not access CLKONOFF on i.MX51

7 years agoMerge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Linus Torvalds [Sun, 11 Jun 2017 18:21:08 +0000 (11:21 -0700)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "This is a set of user visible fixes (excepting one format string
  change).

  Four of the qla2xxx fixes only affect the firmware dump path, but it's
  still important to the enterprise. The rest are various NULL pointer
  crash conditions or outright driver hangs"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: cxgb4i: libcxgbi: in error case RST tcp conn
  scsi: scsi_debug: Avoid PI being disabled when TPGS is enabled
  scsi: qla2xxx: Fix extraneous ref on sp's after adapter break
  scsi: lpfc: prevent potential null pointer dereference
  scsi: lpfc: Avoid NULL pointer dereference in lpfc_els_abort()
  scsi: lpfc: nvmet_fc: fix format string
  scsi: qla2xxx: Fix crash due to NULL pointer dereference of ctx
  scsi: qla2xxx: Fix mailbox pointer error in fwdump capture
  scsi: qla2xxx: Set bit 15 for DIAG_ECHO_TEST MBC
  scsi: qla2xxx: Modify T262 FW dump template to specify same start/end to debug customer issues
  scsi: qla2xxx: Fix crash due to mismatch mumber of Q-pair creation for Multi queue
  scsi: qla2xxx: Fix NULL pointer access due to redundant fc_host_port_name call
  scsi: qla2xxx: Fix recursive loop during target mode configuration for ISP25XX leaving system unresponsive
  scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
  scsi: qla2xxx: don't disable a not previously enabled PCI device

7 years agoMerge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdim...
Linus Torvalds [Sun, 11 Jun 2017 18:15:09 +0000 (11:15 -0700)]
Merge branch 'libnvdimm-fixes' of git://git./linux/kernel/git/nvdimm/nvdimm

Pull libnvdimm fix from Dan Williams:
 "We expanded the device-dax fs type in 4.12 to be a generic provider of
  a struct dax_device with an embedded inode. However, Sasha found some
  basic negative testing was not run to verify that this fs cleanly
  handles being mounted directly.

  Note that the fresh rebase was done to remove an unnecessary Cc:
  <stable> tag, but this commit otherwise had a build success
  notification from the 0day robot."

* 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  device-dax: fix 'dax' device filesystem inode destruction crash

7 years agoMerge tag 'hexagon-for-linus-v4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 11 Jun 2017 18:09:15 +0000 (11:09 -0700)]
Merge tag 'hexagon-for-linus-v4.12-rc5' of git://git./linux/kernel/git/groeck/linux-staging

Pull hexagon fix from Guenter Roeck:
 "This fixes a build error seen when building hexagon images.

  Richard sent me an Ack, but didn't reply when asked if he wants me to
  send the patch to you directly, so I figured I'd just do it"

* tag 'hexagon-for-linus-v4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  hexagon: Use raw_copy_to_user

7 years agoMerge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Linus Torvalds [Sun, 11 Jun 2017 18:07:25 +0000 (11:07 -0700)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "Bug fixes (ARM, s390, x86)"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: async_pf: avoid async pf injection when in guest mode
  KVM: cpuid: Fix read/write out-of-bounds vulnerability in cpuid emulation
  arm: KVM: Allow unaligned accesses at HYP
  arm64: KVM: Allow unaligned accesses at EL2
  arm64: KVM: Preserve RES1 bits in SCTLR_EL2
  KVM: arm/arm64: Handle possible NULL stage2 pud when ageing pages
  KVM: nVMX: Fix exception injection
  kvm: async_pf: fix rcu_irq_enter() with irqs enabled
  KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
  KVM: s390: fix ais handling vs cpu model
  KVM: arm/arm64: Fix isues with GICv2 on GICv3 migration

7 years agoKVM: async_pf: avoid async pf injection when in guest mode
Wanpeng Li [Fri, 9 Jun 2017 03:13:40 +0000 (20:13 -0700)]
KVM: async_pf: avoid async pf injection when in guest mode

 INFO: task gnome-terminal-:1734 blocked for more than 120 seconds.
       Not tainted 4.12.0-rc4+ #8
 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
 gnome-terminal- D    0  1734   1015 0x00000000
 Call Trace:
  __schedule+0x3cd/0xb30
  schedule+0x40/0x90
  kvm_async_pf_task_wait+0x1cc/0x270
  ? __vfs_read+0x37/0x150
  ? prepare_to_swait+0x22/0x70
  do_async_page_fault+0x77/0xb0
  ? do_async_page_fault+0x77/0xb0
  async_page_fault+0x28/0x30

This is triggered by running both win7 and win2016 on L1 KVM simultaneously,
and then gives stress to memory on L1, I can observed this hang on L1 when
at least ~70% swap area is occupied on L0.

This is due to async pf was injected to L2 which should be injected to L1,
L2 guest starts receiving pagefault w/ bogus %cr2(apf token from the host
actually), and L1 guest starts accumulating tasks stuck in D state in
kvm_async_pf_task_wait() since missing PAGE_READY async_pfs.

This patch fixes the hang by doing async pf when executing L1 guest.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agohexagon: Use raw_copy_to_user
Guenter Roeck [Wed, 3 May 2017 03:44:16 +0000 (20:44 -0700)]
hexagon: Use raw_copy_to_user

Commit ac4691fac8ad ("hexagon: switch to RAW_COPY_USER") replaced
__copy_to_user_hexagon() with raw_copy_to_user(), but did not catch
all callers, resulting in the following build error.

arch/hexagon/mm/uaccess.c: In function '__clear_user_hexagon':
arch/hexagon/mm/uaccess.c:40:3: error:
implicit declaration of function '__copy_to_user_hexagon'

Fixes: ac4691fac8ad ("hexagon: switch to RAW_COPY_USER")
Cc: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Richard Kuo <rkuo@codeaurora.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
7 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Linus Torvalds [Sat, 10 Jun 2017 18:09:23 +0000 (11:09 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs

Pull UFS fixes from Al Viro:
 "This is just the obvious backport fodder; I'm pretty sure that there
  will be more - definitely so wrt performance and quite possibly
  correctness as well"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  ufs: we need to sync inode before freeing it
  excessive checks in ufs_write_failed() and ufs_evict_inode()
  ufs_getfrag_block(): we only grab ->truncate_mutex on block creation path
  ufs_extend_tail(): fix the braino in calling conventions of ufs_new_fragments()
  ufs: set correct ->s_maxsize
  ufs: restore maintaining ->i_blocks
  fix ufs_isblockset()
  ufs: restore proper tail allocation

7 years agoMerge branch 'for-linus-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/mason...
Linus Torvalds [Sat, 10 Jun 2017 18:06:05 +0000 (11:06 -0700)]
Merge branch 'for-linus-4.12' of git://git./linux/kernel/git/mason/linux-btrfs

Pull btrfs fixes from Chris Mason:
 "Some fixes that Dave Sterba collected.

  We've been hitting an early enospc problem on production machines that
  Omar tracked down to an old int->u64 mistake. I waited a bit on this
  pull to make sure it was really the problem from production, but it's
  on ~2100 hosts now and I think we're good.

  Omar also noticed a commit in the queue would make new early ENOSPC
  problems. I pulled that out for now, which is why the top three
  commits are younger than the rest.

  Otherwise these are all fixes, some explaining very old bugs that
  we've been poking at for a while"

* 'for-linus-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
  Btrfs: fix delalloc accounting leak caused by u32 overflow
  Btrfs: clear EXTENT_DEFRAG bits in finish_ordered_io
  btrfs: tree-log.c: Wrong printk information about namelen
  btrfs: fix race with relocation recovery and fs_root setup
  btrfs: fix memory leak in update_space_info failure path
  btrfs: use correct types for page indices in btrfs_page_exists_in_range
  btrfs: fix incorrect error return ret being passed to mapping_set_error
  btrfs: Make flush bios explicitely sync
  btrfs: fiemap: Cache and merge fiemap extent before submit it to user

7 years agoMerge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sat, 10 Jun 2017 17:51:25 +0000 (10:51 -0700)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull x86 fixes from Ingo Molnar:
 "Misc fixes: a Geode fix plus a microcode loader fix"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/microcode/intel: Clear patch pointer before jettisoning the initrd
  x86/cpu/cyrix: Add alternative Device ID of Geode GX1 SoC

7 years agoMerge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sat, 10 Jun 2017 17:49:42 +0000 (10:49 -0700)]
Merge branch 'smp-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull CPU hotplug fix from Ingo Molnar:
 "An error handling corner case fix"

* 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  cpu/hotplug: Drop the device lock on error

7 years agoMerge branch 'rcu-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sat, 10 Jun 2017 17:22:35 +0000 (10:22 -0700)]
Merge branch 'rcu-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull RCU fixes from Ingo Molnar:
 "Fix an SRCU bug affecting KVM IRQ injection"

* 'rcu-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  srcu: Allow use of Classic SRCU from both process and interrupt context
  srcu: Allow use of Tiny/Tree SRCU from both process and interrupt context

7 years agoMerge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sat, 10 Jun 2017 17:15:47 +0000 (10:15 -0700)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull perf fixes from Ingo Molnar:
 "This is mostly tooling fixes, plus an instruction pointer filtering
  fix.

  It's more fixes than usual - Arnaldo got back from a longer vacation
  and there was a backlog"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (27 commits)
  perf symbols: Kill dso__build_id_is_kmod()
  perf symbols: Keep DSO->symtab_type after decompress
  perf tests: Decompress kernel module before objdump
  perf tools: Consolidate error path in __open_dso()
  perf tools: Decompress kernel module when reading DSO data
  perf annotate: Use dso__decompress_kmodule_path()
  perf tools: Introduce dso__decompress_kmodule_{fd,path}
  perf tools: Fix a memory leak in __open_dso()
  perf annotate: Fix symbolic link of build-id cache
  perf/core: Drop kernel samples even though :u is specified
  perf script python: Remove dups in documentation examples
  perf script python: Updated trace_unhandled() signature
  perf script python: Fix wrong code snippets in documentation
  perf script: Fix documentation errors
  perf script: Fix outdated comment for perf-trace-python
  perf probe: Fix examples section of documentation
  perf report: Ensure the perf DSO mapping matches what libdw sees
  perf report: Include partial stacks unwound with libdw
  perf annotate: Add missing powerpc triplet
  perf test: Disable breakpoint signal tests for powerpc
  ...

7 years agoMerge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sat, 10 Jun 2017 17:12:14 +0000 (10:12 -0700)]
Merge branch 'efi-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull EFI fix from Ingo Molnar:
 "A boot crash fix for certain systems where the kernel would trust a
  piece of firmware data it should not have"

* 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  efi: Fix boot panic because of invalid BGRT image address

7 years agoufs: we need to sync inode before freeing it
Al Viro [Sat, 10 Jun 2017 16:01:50 +0000 (12:01 -0400)]
ufs: we need to sync inode before freeing it

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
7 years agoMerge tag 'iommu-fixes-v4.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sat, 10 Jun 2017 05:30:55 +0000 (22:30 -0700)]
Merge tag 'iommu-fixes-v4.12-rc4' of git://git./linux/kernel/git/joro/iommu

Pull IOMMU fixes from Joerg Roedel:

 - another compile-fix for my header cleanup

 - a couple of fixes for the recently merged IOMMU probe deferal code

 - fixes for ACPI/IORT code necessary with IOMMU probe deferal

* tag 'iommu-fixes-v4.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  arm: dma-mapping: Reset the device's dma_ops
  ACPI/IORT: Move the check to get iommu_ops from translated fwspec
  ARM: dma-mapping: Don't tear down third-party mappings
  ACPI/IORT: Ignore all errors except EPROBE_DEFER
  iommu/of: Ignore all errors except EPROBE_DEFER
  iommu/of: Fix check for returning EPROBE_DEFER
  iommu/dma: Fix function declaration

7 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Linus Torvalds [Sat, 10 Jun 2017 05:28:33 +0000 (22:28 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input

Pull input fixes from Dmitry Torokhov:

 - mark "guest" RMI device as pass-through port to avoid "phantom" ALPS
   toouchpad on newer Lenovo Carbons

 - add two more laptops to the Elantech's lists of devices using CRC
   mode

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: synaptics-rmi4 - register F03 port as pass-through serio
  Input: elantech - add Fujitsu Lifebook E546/E557 to force crc_enabled

7 years agoMerge tag 'md/4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md
Linus Torvalds [Sat, 10 Jun 2017 05:24:23 +0000 (22:24 -0700)]
Merge tag 'md/4.12-rc5' of git://git./linux/kernel/git/shli/md

Pull MD bugfix from Shaohua Li:
 "One bug fix from Neil Brown for MD. The bug was introduced in this
  cycle"

* tag 'md/4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md:
  md: initialise ->writes_pending in personality modules.

7 years agoMerge branch 'for-linus' of git://git.kernel.dk/linux-block
Linus Torvalds [Sat, 10 Jun 2017 05:18:41 +0000 (22:18 -0700)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:
 "A set of fixes in the area of block IO, that should go into the next
  -rc release. This contains:

   - An OOPS fix from Dmitry, fixing a regression with the bio integrity
     code in this series.

   - Fix truncation of elevator io context cache name, from Eric
     Biggers.

   - NVMe pull from Christoph includes FC fixes from James, APST
     fixes/tweaks from Kai-Heng, removal fix from Rakesh, and an RDMA
     fix from Sagi.

   - Two tweaks for the block throttling code. One from Joseph Qi,
     fixing an oops from the timer code, and one from Shaohua, improving
     the behavior on rotatonal storage.

   - Two blk-mq fixes from Ming, fixing corner cases with the direct
     issue code.

   - Locking fix for bfq cgroups from Paolo"

* 'for-linus' of git://git.kernel.dk/linux-block:
  block, bfq: access and cache blkg data only when safe
  Fix loop device flush before configure v3
  blk-throttle: set default latency baseline for harddisk
  blk-throttle: fix NULL pointer dereference in throtl_schedule_pending_timer
  nvme: relax APST default max latency to 100ms
  nvme: only consider exit latency when choosing useful non-op power states
  nvme-fc: fix missing put reference on controller create failure
  nvme-fc: on lldd/transport io error, terminate association
  nvme-rdma: fast fail incoming requests while we reconnect
  nvme-pci: fix multiple ctrl removal scheduling
  nvme: fix hang in remove path
  elevator: fix truncation of icq_cache_name
  blk-mq: fix direct issue
  blk-mq: pass correct hctx to blk_mq_try_issue_directly
  bio-integrity: Do not allocate integrity context for bio w/o data

7 years agoMerge tag 'sound-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai...
Linus Torvalds [Sat, 10 Jun 2017 05:15:08 +0000 (22:15 -0700)]
Merge tag 'sound-4.12-rc5' of git://git./linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "This update contains a slightly hight amount of changes due to the
  pending ASoC fixes:

   - ALSA timer core got a couple of fixes for races between read and
     ioctl, leading to potential read of uninitialized kmalloced memory

   - ASoC core fixed the de-registration pattern for use-after-free bug

   - The rewrite of probe code in ASoC Intel Skylake for i915 component

   - ASoC R-snd got a series of fixes for SSI

   - ASoC simple-card, atmel, da7213, and rt286 trivial fixes

   - HD-audio ALC269 quirk and rearrangement of quirk table"

* tag 'sound-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
  ALSA: timer: Fix race between read and ioctl
  ALSA: hda/realtek - Reorder ALC269 ASUS quirk entries
  ALSA: hda/realtek: Fix mic and headset jack sense on Asus X705UD
  ASoC: rsnd: fixup parent_clk_name of AUDIO_CLKOUTx
  ASoC: Intel: Skylake: Fix to parse consecutive string tkns in manifest
  ASoC: Intel: Skylake: Fix IPC rx_list corruption
  ASoC: rsnd: SSI PIO adjust to 24bit mode
  MAINTAINERS: Update email address for patches to Wolfson parts
  ASoC: Fix use-after-free at card unregistration
  ASoC: simple-card: fix mic jack initialization
  ASoC: rsnd: don't call free_irq() on Parent SSI
  ASoC: atmel-classd: sync regcache when resuming
  ASoC: rsnd: don't use PDTA bit for 24bit on SSI
  ASoC: da7213: Fix incorrect usage of bitwise '&' operator for SRM check
  rt286: add Thinkpad Helix 2 to force_combo_jack_table
  ASoC: Intel: Skylake: Move i915 registration to worker thread

7 years agoMerge tag 'drm-fixes-for-v4.12-rc5' of git://people.freedesktop.org/~airlied/linux
Linus Torvalds [Sat, 10 Jun 2017 05:12:06 +0000 (22:12 -0700)]
Merge tag 'drm-fixes-for-v4.12-rc5' of git://people.freedesktop.org/~airlied/linux

Pull drm fixes from Dave Airlie:
 "Intel, nouveau, rockchip, vmwgfx, imx, meson, mediatek and core fixes.

  Bit more spread out fixes this time, fixes for 7 drivers + a couple of
  core fixes.

  i915 and vmwgfx are the main ones. The vmwgfx ones fix a bunch of
  regressions in their atomic rework, and a few fixes destined for
  stable. i915 has some 4.12 regressions and older things that need to
  be fixed in stable as well.

  nouveau also has some runtime pm fixes and a timer list handling fix,
  otherwise a couple of core and small driver regression fixes"

* tag 'drm-fixes-for-v4.12-rc5' of git://people.freedesktop.org/~airlied/linux: (37 commits)
  drm/i915: fix warning for unused variable
  drm/meson: Fix driver bind when only CVBS is available
  drm/i915: Fix 90/270 rotated coordinates for FBC
  drm/i915: Restore has_fbc=1 for ILK-M
  drm/i915: Workaround VLV/CHV DSI scanline counter hardware fail
  drm/i915: Fix logical inversion for gen4 quirking
  drm/i915: Guard against i915_ggtt_disable_guc() being invoked unconditionally
  drm/i915: Always recompute watermarks when distrust_bios_wm is set, v2.
  drm/i915: Prevent the system suspend complete optimization
  drm/i915/psr: disable psr2 for resolution greater than 32X20
  drm/i915: Hold a wakeref for probing the ring registers
  drm/i915: Short-circuit i915_gem_wait_for_idle() if already idle
  drm/i915: Disable decoupled MMIO
  drm/i915/guc: Remove stale comment for q_fail
  drm/vmwgfx: Bump driver minor and date
  drm/vmwgfx: Remove unused legacy cursor functions
  drm/vmwgfx: fix spelling mistake "exeeds" -> "exceeds"
  drm/vmwgfx: Fix large topology crash
  drm/vmwgfx: Make sure to update STDU when FB is updated
  drm/vmwgfx: Make sure backup_handle is always valid
  ...

7 years agoexcessive checks in ufs_write_failed() and ufs_evict_inode()
Al Viro [Fri, 9 Jun 2017 20:20:34 +0000 (16:20 -0400)]
excessive checks in ufs_write_failed() and ufs_evict_inode()

As it is, short copy in write() to append-only file will fail
to truncate the excessive allocated blocks.  As the matter of
fact, all checks in ufs_truncate_blocks() are either redundant
or wrong for that caller.  As for the only other caller
(ufs_evict_inode()), we only need the file type checks there.

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
7 years agoufs_getfrag_block(): we only grab ->truncate_mutex on block creation path
Al Viro [Fri, 9 Jun 2017 03:28:53 +0000 (23:28 -0400)]
ufs_getfrag_block(): we only grab ->truncate_mutex on block creation path

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
7 years agoufs_extend_tail(): fix the braino in calling conventions of ufs_new_fragments()
Al Viro [Fri, 9 Jun 2017 03:27:12 +0000 (23:27 -0400)]
ufs_extend_tail(): fix the braino in calling conventions of ufs_new_fragments()

... and it really needs splitting into "new" and "extend" cases, but that's for
later

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
7 years agoufs: set correct ->s_maxsize
Al Viro [Fri, 9 Jun 2017 01:15:45 +0000 (21:15 -0400)]
ufs: set correct ->s_maxsize

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
7 years agoufs: restore maintaining ->i_blocks
Al Viro [Fri, 9 Jun 2017 01:15:03 +0000 (21:15 -0400)]
ufs: restore maintaining ->i_blocks

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
7 years agofix ufs_isblockset()
Al Viro [Thu, 8 Jun 2017 22:15:18 +0000 (18:15 -0400)]
fix ufs_isblockset()

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
7 years agoufs: restore proper tail allocation
Al Viro [Thu, 8 Jun 2017 06:42:03 +0000 (02:42 -0400)]
ufs: restore proper tail allocation

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
7 years agoBtrfs: fix delalloc accounting leak caused by u32 overflow
Omar Sandoval [Fri, 2 Jun 2017 08:20:01 +0000 (01:20 -0700)]
Btrfs: fix delalloc accounting leak caused by u32 overflow

btrfs_calc_trans_metadata_size() does an unsigned 32-bit multiplication,
which can overflow if num_items >= 4 GB / (nodesize * BTRFS_MAX_LEVEL * 2).
For a nodesize of 16kB, this overflow happens at 16k items. Usually,
num_items is a small constant passed to btrfs_start_transaction(), but
we also use btrfs_calc_trans_metadata_size() for metadata reservations
for extent items in btrfs_delalloc_{reserve,release}_metadata().

In drop_outstanding_extents(), num_items is calculated as
inode->reserved_extents - inode->outstanding_extents. The difference
between these two counters is usually small, but if many delalloc
extents are reserved and then the outstanding extents are merged in
btrfs_merge_extent_hook(), the difference can become large enough to
overflow in btrfs_calc_trans_metadata_size().

The overflow manifests itself as a leak of a multiple of 4 GB in
delalloc_block_rsv and the metadata bytes_may_use counter. This in turn
can cause early ENOSPC errors. Additionally, these WARN_ONs in
extent-tree.c will be hit when unmounting:

    WARN_ON(fs_info->delalloc_block_rsv.size > 0);
    WARN_ON(fs_info->delalloc_block_rsv.reserved > 0);
    WARN_ON(space_info->bytes_pinned > 0 ||
            space_info->bytes_reserved > 0 ||
            space_info->bytes_may_use > 0);

Fix it by casting nodesize to a u64 so that
btrfs_calc_trans_metadata_size() does a full 64-bit multiplication.
While we're here, do the same in btrfs_calc_trunc_metadata_size(); this
can't overflow with any existing uses, but it's better to be safe here
than have another hard-to-debug problem later on.

Cc: stable@vger.kernel.org
Signed-off-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
7 years agoBtrfs: clear EXTENT_DEFRAG bits in finish_ordered_io
Liu Bo [Fri, 26 May 2017 23:44:23 +0000 (17:44 -0600)]
Btrfs: clear EXTENT_DEFRAG bits in finish_ordered_io

Before this, we use 'filled' mode here, ie. if all range has been
filled with EXTENT_DEFRAG bits, get to clear it, but if the defrag
range joins the adjacent delalloc range, then we'll have EXTENT_DEFRAG
bits in extent_state until releasing this inode's pages, and that
prevents extent_data from being freed.

This clears the bit if any was found within the ordered extent.

Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
7 years agobtrfs: tree-log.c: Wrong printk information about namelen
Su Yue [Wed, 24 May 2017 01:31:32 +0000 (09:31 +0800)]
btrfs: tree-log.c: Wrong printk information about namelen

In verify_dir_item, it wants to printk name_len of dir_item but
printk data_len acutally.

Fix it by calling btrfs_dir_name_len instead of btrfs_dir_data_len.

Signed-off-by: Su Yue <suy.fnst@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
7 years agoMerge tag 'for-linus-4.12b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 9 Jun 2017 16:59:51 +0000 (09:59 -0700)]
Merge tag 'for-linus-4.12b-rc5-tag' of git://git./linux/kernel/git/xen/tip

Pull xen fix from Juergen Gross:
 "A fix for Xen on ARM when dealing with 64kB page size of a guest"

* tag 'for-linus-4.12b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen/privcmd: Support correctly 64KB page granularity when mapping memory

7 years agoInput: synaptics-rmi4 - register F03 port as pass-through serio
Dmitry Torokhov [Tue, 6 Jun 2017 20:05:03 +0000 (13:05 -0700)]
Input: synaptics-rmi4 - register F03 port as pass-through serio

The 5th generation Thinkpad X1 Carbons use Synaptics touchpads accessible
over SMBus/RMI, combined with ALPS or Elantech trackpoint devices instead
of classic IBM/Lenovo trackpoints. Unfortunately there is no way for ALPS
driver to detect whether it is dealing with touchpad + trackpoint
combination or just a trackpoint, so we end up with a "phantom" dualpoint
ALPS device in addition to real touchpad and trackpoint.

Given that we do not have any special advanced handling for ALPS or
Elantech trackpoints (unlike IBM trackpoints that have separate driver and
a host of options) we are better off keeping the trackpoints in PS/2
emulation mode. We achieve that by setting serio type to SERIO_PS_PSTHRU,
which will limit number of protocols psmouse driver will try. In addition
to getting rid of the "phantom" touchpads, this will also speed up probing
of F03 pass-through port.

Reported-by: Damjan Georgievski <gdamjan@gmail.com>
Suggested-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
7 years agoMerge tag 'powerpc-4.12-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc...
Linus Torvalds [Fri, 9 Jun 2017 16:44:46 +0000 (09:44 -0700)]
Merge tag 'powerpc-4.12-5' of git://git./linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 "Mostly fairly minor, of note are:

   - Fix percpu allocations to be NUMA aware

   - Limit 4k page size config to 64TB virtual address space

   - Avoid needlessly restoring FP and vector registers

  Thanks to Aneesh Kumar K.V, Breno Leitao, Christophe Leroy, Frederic
  Barrat, Madhavan Srinivasan, Michael Bringmann, Nicholas Piggin,
  Vaibhav Jain"

* tag 'powerpc-4.12-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/book3s64: Move PPC_DT_CPU_FTRs and enable it by default
  powerpc/mm/4k: Limit 4k page size config to 64TB virtual address space
  cxl: Fix error path on bad ioctl
  powerpc/perf: Fix Power9 test_adder fields
  powerpc/numa: Fix percpu allocations to be NUMA aware
  cxl: Avoid double free_irq() for psl,slice interrupts
  powerpc/kernel: Initialize load_tm on task creation
  powerpc/kernel: Fix FP and vector register restoration
  powerpc/64: Reclaim CPU_FTR_SUBCORE
  powerpc/hotplug-mem: Fix missing endian conversion of aa_index
  powerpc/sysdev/simple_gpio: Fix oops in gpio save_regs function
  powerpc/spufs: Fix coredump of SPU contexts
  powerpc/64s: Add dt_cpu_ftrs boot time setup option

7 years agoMerge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Linus Torvalds [Fri, 9 Jun 2017 16:40:08 +0000 (09:40 -0700)]
Merge tag 'armsoc-fixes' of git://git./linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "Been sitting on these for a couple of weeks waiting on some larger
  batches to come in but it's been pretty quiet.

  Just your garden variety fixes here:

   - A few maintainers updates (ep93xx, Exynos, TI, Marvell)
   - Some PM fixes for Atmel/at91 and Marvell
   - A few DT fixes for Marvell, Versatile, TI Keystone, bcm283x
   - A reset driver patch to set module license for symbol access"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  MAINTAINERS: EP93XX: Update maintainership
  MAINTAINERS: remove kernel@stlinux.com obsolete mailing list
  ARM: dts: versatile: use #include "..." to include local DT
  MAINTAINERS: add device-tree files to TI DaVinci entry
  ARM: at91: select CONFIG_ARM_CPU_SUSPEND
  ARM: dts: keystone-k2l: fix broken Ethernet due to disabled OSR
  arm64: defconfig: enable some core options for 64bit Rockchip socs
  arm64: marvell: dts: fix interrupts in 7k/8k crypto nodes
  reset: hi6220: Set module license so that it can be loaded
  MAINTAINERS: add irqchip related drivers to Marvell EBU maintainers
  MAINTAINERS: sort F entries for Marvell EBU maintainers
  ARM: davinci: PM: Do not free useful resources in normal path in 'davinci_pm_init'
  ARM: davinci: PM: Free resources in error handling path in 'davinci_pm_init'
  ARM: dts: bcm283x: Reserve first page for firmware
  memory: atmel-ebi: mark PM ops as __maybe_unused
  MAINTAINERS: Remove Javier Martinez Canillas as reviewer for Exynos

7 years agodevice-dax: fix 'dax' device filesystem inode destruction crash
Dan Williams [Fri, 9 Jun 2017 15:50:49 +0000 (08:50 -0700)]
device-dax: fix 'dax' device filesystem inode destruction crash

The inode destruction path for the 'dax' device filesystem incorrectly
assumes that the inode was initialized through 'alloc_dax()'. However,
if someone attempts to directly mount the dax filesystem with 'mount -t
dax dax mnt' that will bypass 'alloc_dax()' and the following failure
signatures may occur as a result:

 kill_dax() must be called before final iput()
 WARNING: CPU: 2 PID: 1188 at drivers/dax/super.c:243 dax_destroy_inode+0x48/0x50
 RIP: 0010:dax_destroy_inode+0x48/0x50
 Call Trace:
  destroy_inode+0x3b/0x60
  evict+0x139/0x1c0
  iput+0x1f9/0x2d0
  dentry_unlink_inode+0xc3/0x160
  __dentry_kill+0xcf/0x180
  ? dput+0x37/0x3b0
  dput+0x3a3/0x3b0
  do_one_tree+0x36/0x40
  shrink_dcache_for_umount+0x2d/0x90
  generic_shutdown_super+0x1f/0x120
  kill_anon_super+0x12/0x20
  deactivate_locked_super+0x43/0x70
  deactivate_super+0x4e/0x60

 general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC
 RIP: 0010:kfree+0x6d/0x290
 Call Trace:
  <IRQ>
  dax_i_callback+0x22/0x60
  ? dax_destroy_inode+0x50/0x50
  rcu_process_callbacks+0x298/0x740

 ida_remove called for id=0 which is not allocated.
 WARNING: CPU: 0 PID: 0 at lib/idr.c:383 ida_remove+0x110/0x120
 [..]
 Call Trace:
  <IRQ>
  ida_simple_remove+0x2b/0x50
  ? dax_destroy_inode+0x50/0x50
  dax_i_callback+0x3c/0x60
  rcu_process_callbacks+0x298/0x740

Add missing initialization of the 'struct dax_device' and inode so that
the destruction path does not kfree() or ida_simple_remove()
uninitialized data.

Fixes: 7b6be8444e0f ("dax: refactor dax-fs into a generic provider of 'struct dax_device' instances")
Reported-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
7 years agoefi: Fix boot panic because of invalid BGRT image address
Dave Young [Fri, 9 Jun 2017 08:45:58 +0000 (08:45 +0000)]
efi: Fix boot panic because of invalid BGRT image address

Maniaxx reported a kernel boot crash in the EFI code, which I emulated
by using same invalid phys addr in code:

  BUG: unable to handle kernel paging request at ffffffffff280001
  IP: efi_bgrt_init+0xfb/0x153
  ...
  Call Trace:
   ? bgrt_init+0xbc/0xbc
   acpi_parse_bgrt+0xe/0x12
   acpi_table_parse+0x89/0xb8
   acpi_boot_init+0x445/0x4e2
   ? acpi_parse_x2apic+0x79/0x79
   ? dmi_ignore_irq0_timer_override+0x33/0x33
   setup_arch+0xb63/0xc82
   ? early_idt_handler_array+0x120/0x120
   start_kernel+0xb7/0x443
   ? early_idt_handler_array+0x120/0x120
   x86_64_start_reservations+0x29/0x2b
   x86_64_start_kernel+0x154/0x177
   secondary_startup_64+0x9f/0x9f

There is also a similar bug filed in bugzilla.kernel.org:

  https://bugzilla.kernel.org/show_bug.cgi?id=195633

The crash is caused by this commit:

  7b0a911478c7 efi/x86: Move the EFI BGRT init code to early init code

The root cause is the firmware on those machines provides invalid BGRT
image addresses.

In a kernel before above commit BGRT initializes late and uses ioremap()
to map the image address. Ioremap validates the address, if it is not a
valid physical address ioremap() just fails and returns. However in current
kernel EFI BGRT initializes early and uses early_memremap() which does not
validate the image address, and kernel panic happens.

According to ACPI spec the BGRT image address should fall into
EFI_BOOT_SERVICES_DATA, see the section 5.2.22.4 of below document:

  http://www.uefi.org/sites/default/files/resources/ACPI_6_1.pdf

Fix this issue by validating the image address in efi_bgrt_init(). If the
image address does not fall into any EFI_BOOT_SERVICES_DATA areas we just
bail out with a warning message.

Reported-by: Maniaxx <tripleshiftone@gmail.com>
Signed-off-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Fixes: 7b0a911478c7 ("efi/x86: Move the EFI BGRT init code to early init code")
Link: http://lkml.kernel.org/r/20170609084558.26766-2-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
7 years agocxl: Avoid double free_irq() for psl,slice interrupts
Vaibhav Jain [Fri, 2 Jun 2017 16:56:48 +0000 (22:26 +0530)]
cxl: Avoid double free_irq() for psl,slice interrupts

During an eeh call to cxl_remove can result in double free_irq of
psl,slice interrupts. This can happen if perst_reloads_same_image == 1
and call to cxl_configure_adapter() fails during slot_reset
callback. In such a case we see a kernel oops with following back-trace:

Oops: Kernel access of bad area, sig: 11 [#1]
Call Trace:
  free_irq+0x88/0xd0 (unreliable)
  cxl_unmap_irq+0x20/0x40 [cxl]
  cxl_native_release_psl_irq+0x78/0xd8 [cxl]
  pci_deconfigure_afu+0xac/0x110 [cxl]
  cxl_remove+0x104/0x210 [cxl]
  pci_device_remove+0x6c/0x110
  device_release_driver_internal+0x204/0x2e0
  pci_stop_bus_device+0xa0/0xd0
  pci_stop_and_remove_bus_device+0x28/0x40
  pci_hp_remove_devices+0xb0/0x150
  pci_hp_remove_devices+0x68/0x150
  eeh_handle_normal_event+0x140/0x580
  eeh_handle_event+0x174/0x360
  eeh_event_handler+0x1e8/0x1f0

This patch fixes the issue of double free_irq by checking that
variables that hold the virqs (err_hwirq, serr_hwirq, psl_virq) are
not '0' before un-mapping and resetting these variables to '0' when
they are un-mapped.

Cc: stable@vger.kernel.org
Signed-off-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
7 years agogpio: mvebu: fix gpio bank registration when pwm is used
Richard Genoud [Thu, 1 Jun 2017 12:18:26 +0000 (14:18 +0200)]
gpio: mvebu: fix gpio bank registration when pwm is used

If more than one gpio bank has the "pwm" property, only one will be
registered successfully, all the others will fail with:
mvebu-gpio: probe of f1018140.gpio failed with error -17

That's because in alloc_pwms(), the chip->base (aka "int pwm"), was not
set (thus, ==0) ; and 0 is a meaningful start value in alloc_pwm().
What was intended is mvpwm->chip->base = -1.
Like that, the numbering will be done auto-magically

Moreover, as the region might be already occupied by another pwm, we
shouldn't force:
mvpwm->chip->base = 0
nor
mvpwm->chip->base = id * MVEBU_MAX_GPIO_PER_BANK;

Tested on clearfog-pro (Marvell 88F6828)

Fixes: 757642f9a584 ("gpio: mvebu: Add limited PWM support")
Signed-off-by: Richard Genoud <richard.genoud@gmail.com>
Reviewed-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
7 years agogpio: mvebu: fix blink counter register selection
Richard Genoud [Thu, 1 Jun 2017 12:18:25 +0000 (14:18 +0200)]
gpio: mvebu: fix blink counter register selection

The blink counter A was always selected because 0 was forced in the
blink select counter register.
The variable 'set' was obviously there to be used as the register value,
selecting the B counter when id==1 and A counter when id==0.

Tested on clearfog-pro (Marvell 88F6828)

Fixes: 757642f9a584 ("gpio: mvebu: Add limited PWM support")
Reviewed-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Reviewed-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
7 years agoMerge branch 'rcu/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck...
Ingo Molnar [Fri, 9 Jun 2017 06:17:10 +0000 (08:17 +0200)]
Merge branch 'rcu/urgent' of git://git./linux/kernel/git/paulmck/linux-rcu into rcu/urgent

Pull RCU fix from Paul E. McKenney:

" This series enables srcu_read_lock() and srcu_read_unlock() to be used from
  interrupt handlers, which fixes a bug in KVM's use of SRCU in delivery
  of interrupts to guest OSes. "

Signed-off-by: Ingo Molnar <mingo@kernel.org>
7 years agoKEYS: fix refcount_inc() on zero
Mark Rutland [Thu, 8 Jun 2017 13:47:41 +0000 (14:47 +0100)]
KEYS: fix refcount_inc() on zero

If a key's refcount is dropped to zero between key_lookup() peeking at
the refcount and subsequently attempting to increment it, refcount_inc()
will see a zero refcount.  Here, refcount_inc() will WARN_ONCE(), and
will *not* increment the refcount, which will remain zero.

Once key_lookup() drops key_serial_lock, it is possible for the key to
be freed behind our back.

This patch uses refcount_inc_not_zero() to perform the peek and increment
atomically.

Fixes: fff292914d3a2f1e ("security, keys: convert key.usage from atomic_t to refcount_t")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: David Windsor <dwindsor@gmail.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Cc: Hans Liljestrand <ishkamiel@gmail.com>
Cc: James Morris <james.l.morris@oracle.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP API
Mat Martineau [Thu, 8 Jun 2017 13:50:11 +0000 (14:50 +0100)]
KEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP API

The initial Diffie-Hellman computation made direct use of the MPI
library because the crypto module did not support DH at the time. Now
that KPP is implemented, KEYCTL_DH_COMPUTE should use it to get rid of
duplicate code and leverage possible hardware acceleration.

This fixes an issue whereby the input to the KDF computation would
include additional uninitialized memory when the result of the
Diffie-Hellman computation was shorter than the input prime number.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agocrypto : asymmetric_keys : verify_pefile:zero memory content before freeing
Loganaden Velvindron [Thu, 8 Jun 2017 13:50:04 +0000 (14:50 +0100)]
crypto : asymmetric_keys : verify_pefile:zero memory content before freeing

Signed-off-by: Loganaden Velvindron <logan@hackers.mu>
Signed-off-by: Yasir Auleear <yasirmx@hackers.mu>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: DH: add __user annotations to keyctl_kdf_params
Eric Biggers [Thu, 8 Jun 2017 13:49:57 +0000 (14:49 +0100)]
KEYS: DH: add __user annotations to keyctl_kdf_params

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: DH: ensure the KDF counter is properly aligned
Eric Biggers [Thu, 8 Jun 2017 13:49:49 +0000 (14:49 +0100)]
KEYS: DH: ensure the KDF counter is properly aligned

Accessing a 'u8[4]' through a '__be32 *' violates alignment rules.  Just
make the counter a __be32 instead.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: DH: don't feed uninitialized "otherinfo" into KDF
Eric Biggers [Thu, 8 Jun 2017 13:49:42 +0000 (14:49 +0100)]
KEYS: DH: don't feed uninitialized "otherinfo" into KDF

If userspace called KEYCTL_DH_COMPUTE with kdf_params containing NULL
otherinfo but nonzero otherinfolen, the kernel would allocate a buffer
for the otherinfo, then feed it into the KDF without initializing it.
Fix this by always doing the copy from userspace (which will fail with
EFAULT in this scenario).

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: DH: forbid using digest_null as the KDF hash
Eric Biggers [Thu, 8 Jun 2017 13:49:34 +0000 (14:49 +0100)]
KEYS: DH: forbid using digest_null as the KDF hash

Requesting "digest_null" in the keyctl_kdf_params caused an infinite
loop in kdf_ctr() because the "null" hash has a digest size of 0.  Fix
it by rejecting hash algorithms with a digest size of 0.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: sanitize key structs before freeing
Eric Biggers [Thu, 8 Jun 2017 13:49:26 +0000 (14:49 +0100)]
KEYS: sanitize key structs before freeing

While a 'struct key' itself normally does not contain sensitive
information, Documentation/security/keys.txt actually encourages this:

     "Having a payload is not required; and the payload can, in fact,
     just be a value stored in the struct key itself."

In case someone has taken this advice, or will take this advice in the
future, zero the key structure before freeing it.  We might as well, and
as a bonus this could make it a bit more difficult for an adversary to
determine which keys have recently been in use.

This is safe because the key_jar cache does not use a constructor.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: trusted: sanitize all key material
Eric Biggers [Thu, 8 Jun 2017 13:49:18 +0000 (14:49 +0100)]
KEYS: trusted: sanitize all key material

As the previous patch did for encrypted-keys, zero sensitive any
potentially sensitive data related to the "trusted" key type before it
is freed.  Notably, we were not zeroing the tpm_buf structures in which
the actual key is stored for TPM seal and unseal, nor were we zeroing
the trusted_key_payload in certain error paths.

Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Safford <safford@us.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: encrypted: sanitize all key material
Eric Biggers [Thu, 8 Jun 2017 13:49:11 +0000 (14:49 +0100)]
KEYS: encrypted: sanitize all key material

For keys of type "encrypted", consistently zero sensitive key material
before freeing it.  This was already being done for the decrypted
payloads of encrypted keys, but not for the master key and the keys
derived from the master key.

Out of an abundance of caution and because it is trivial to do so, also
zero buffers containing the key payload in encrypted form, although
depending on how the encrypted-keys feature is used such information
does not necessarily need to be kept secret.

Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Safford <safford@us.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: user_defined: sanitize key payloads
Eric Biggers [Thu, 8 Jun 2017 13:49:04 +0000 (14:49 +0100)]
KEYS: user_defined: sanitize key payloads

Zero the payloads of user and logon keys before freeing them.  This
prevents sensitive key material from being kept around in the slab
caches after a key is released.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: sanitize add_key() and keyctl() key payloads
Eric Biggers [Thu, 8 Jun 2017 13:48:57 +0000 (14:48 +0100)]
KEYS: sanitize add_key() and keyctl() key payloads

Before returning from add_key() or one of the keyctl() commands that
takes in a key payload, zero the temporary buffer that was allocated to
hold the key payload copied from userspace.  This may contain sensitive
key material that should not be kept around in the slab caches.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: fix freeing uninitialized memory in key_update()
Eric Biggers [Thu, 8 Jun 2017 13:48:47 +0000 (14:48 +0100)]
KEYS: fix freeing uninitialized memory in key_update()

key_update() freed the key_preparsed_payload even if it was not
initialized first.  This would cause a crash if userspace called
keyctl_update() on a key with type like "asymmetric" that has a
->preparse() method but not an ->update() method.  Possibly it could
even be triggered for other key types by racing with keyctl_setperm() to
make the KEY_NEED_WRITE check fail (the permission was already checked,
so normally it wouldn't fail there).

Reproducer with key type "asymmetric", given a valid cert.der:

keyctl new_session
keyid=$(keyctl padd asymmetric desc @s < cert.der)
keyctl setperm $keyid 0x3f000000
keyctl update $keyid data

[  150.686666] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
[  150.687601] IP: asymmetric_key_free_kids+0x12/0x30
[  150.688139] PGD 38a3d067
[  150.688141] PUD 3b3de067
[  150.688447] PMD 0
[  150.688745]
[  150.689160] Oops: 0000 [#1] SMP
[  150.689455] Modules linked in:
[  150.689769] CPU: 1 PID: 2478 Comm: keyctl Not tainted 4.11.0-rc4-xfstests-00187-ga9f6b6b8cd2f #742
[  150.690916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-20170228_101828-anatol 04/01/2014
[  150.692199] task: ffff88003b30c480 task.stack: ffffc90000350000
[  150.692952] RIP: 0010:asymmetric_key_free_kids+0x12/0x30
[  150.693556] RSP: 0018:ffffc90000353e58 EFLAGS: 00010202
[  150.694142] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000004
[  150.694845] RDX: ffffffff81ee3920 RSI: ffff88003d4b0700 RDI: 0000000000000001
[  150.697569] RBP: ffffc90000353e60 R08: ffff88003d5d2140 R09: 0000000000000000
[  150.702483] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[  150.707393] R13: 0000000000000004 R14: ffff880038a4d2d8 R15: 000000000040411f
[  150.709720] FS:  00007fcbcee35700(0000) GS:ffff88003fd00000(0000) knlGS:0000000000000000
[  150.711504] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  150.712733] CR2: 0000000000000001 CR3: 0000000039eab000 CR4: 00000000003406e0
[  150.714487] Call Trace:
[  150.714975]  asymmetric_key_free_preparse+0x2f/0x40
[  150.715907]  key_update+0xf7/0x140
[  150.716560]  ? key_default_cmp+0x20/0x20
[  150.717319]  keyctl_update_key+0xb0/0xe0
[  150.718066]  SyS_keyctl+0x109/0x130
[  150.718663]  entry_SYSCALL_64_fastpath+0x1f/0xc2
[  150.719440] RIP: 0033:0x7fcbce75ff19
[  150.719926] RSP: 002b:00007ffd5d167088 EFLAGS: 00000206 ORIG_RAX: 00000000000000fa
[  150.720918] RAX: ffffffffffffffda RBX: 0000000000404d80 RCX: 00007fcbce75ff19
[  150.721874] RDX: 00007ffd5d16785e RSI: 000000002866cd36 RDI: 0000000000000002
[  150.722827] RBP: 0000000000000006 R08: 000000002866cd36 R09: 00007ffd5d16785e
[  150.723781] R10: 0000000000000004 R11: 0000000000000206 R12: 0000000000404d80
[  150.724650] R13: 00007ffd5d16784d R14: 00007ffd5d167238 R15: 000000000040411f
[  150.725447] Code: 83 c4 08 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 85 ff 74 23 55 48 89 e5 53 48 89 fb <48> 8b 3f e8 06 21 c5 ff 48 8b 7b 08 e8 fd 20 c5 ff 48 89 df e8
[  150.727489] RIP: asymmetric_key_free_kids+0x12/0x30 RSP: ffffc90000353e58
[  150.728117] CR2: 0000000000000001
[  150.728430] ---[ end trace f7f8fe1da2d5ae8d ]---

Fixes: 4d8c0250b841 ("KEYS: Call ->free_preparse() even after ->preparse() returns an error")
Cc: stable@vger.kernel.org # 3.17+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: fix dereferencing NULL payload with nonzero length
Eric Biggers [Thu, 8 Jun 2017 13:48:40 +0000 (14:48 +0100)]
KEYS: fix dereferencing NULL payload with nonzero length

sys_add_key() and the KEYCTL_UPDATE operation of sys_keyctl() allowed a
NULL payload with nonzero length to be passed to the key type's
->preparse(), ->instantiate(), and/or ->update() methods.  Various key
types including asymmetric, cifs.idmap, cifs.spnego, and pkcs7_test did
not handle this case, allowing an unprivileged user to trivially cause a
NULL pointer dereference (kernel oops) if one of these key types was
present.  Fix it by doing the copy_from_user() when 'plen' is nonzero
rather than when '_payload' is non-NULL, causing the syscall to fail
with EFAULT as expected when an invalid buffer is specified.

Cc: stable@vger.kernel.org # 2.6.10+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: encrypted: use constant-time HMAC comparison
Eric Biggers [Thu, 8 Jun 2017 13:48:32 +0000 (14:48 +0100)]
KEYS: encrypted: use constant-time HMAC comparison

MACs should, in general, be compared using crypto_memneq() to prevent
timing attacks.

Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: encrypted: fix race causing incorrect HMAC calculations
Eric Biggers [Thu, 8 Jun 2017 13:48:25 +0000 (14:48 +0100)]
KEYS: encrypted: fix race causing incorrect HMAC calculations

The encrypted-keys module was using a single global HMAC transform,
which could be rekeyed by multiple threads concurrently operating on
different keys, causing incorrect HMAC values to be calculated.  Fix
this by allocating a new HMAC transform whenever we need to calculate a
HMAC.  Also simplify things a bit by allocating the shash_desc's using
SHASH_DESC_ON_STACK() for both the HMAC and unkeyed hashes.

The following script reproduces the bug:

    keyctl new_session
    keyctl add user master "abcdefghijklmnop" @s
    for i in $(seq 2); do
        (
            set -e
            for j in $(seq 1000); do
                keyid=$(keyctl add encrypted desc$i "new user:master 25" @s)
                datablob="$(keyctl pipe $keyid)"
                keyctl unlink $keyid > /dev/null
                keyid=$(keyctl add encrypted desc$i "load $datablob" @s)
                keyctl unlink $keyid > /dev/null
            done
        ) &
    done

Output with bug:

    [  439.691094] encrypted_key: bad hmac (-22)
    add_key: Invalid argument
    add_key: Invalid argument

Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: encrypted: fix buffer overread in valid_master_desc()
Eric Biggers [Thu, 8 Jun 2017 13:48:18 +0000 (14:48 +0100)]
KEYS: encrypted: fix buffer overread in valid_master_desc()

With the 'encrypted' key type it was possible for userspace to provide a
data blob ending with a master key description shorter than expected,
e.g. 'keyctl add encrypted desc "new x" @s'.  When validating such a
master key description, validate_master_desc() could read beyond the end
of the buffer.  Fix this by using strncmp() instead of memcmp().  [Also
clean up the code to deduplicate some logic.]

Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: encrypted: avoid encrypting/decrypting stack buffers
Eric Biggers [Thu, 8 Jun 2017 13:48:10 +0000 (14:48 +0100)]
KEYS: encrypted: avoid encrypting/decrypting stack buffers

Since v4.9, the crypto API cannot (normally) be used to encrypt/decrypt
stack buffers because the stack may be virtually mapped.  Fix this for
the padding buffers in encrypted-keys by using ZERO_PAGE for the
encryption padding and by allocating a temporary heap buffer for the
decryption padding.

Tested with CONFIG_DEBUG_SG=y:
keyctl new_session
keyctl add user master "abcdefghijklmnop" @s
keyid=$(keyctl add encrypted desc "new user:master 25" @s)
datablob="$(keyctl pipe $keyid)"
keyctl unlink $keyid
keyid=$(keyctl add encrypted desc "load $datablob" @s)
datablob2="$(keyctl pipe $keyid)"
[ "$datablob" = "$datablob2" ] && echo "Success!"

Cc: Andy Lutomirski <luto@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org # 4.9+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: put keyring if install_session_keyring_to_cred() fails
Eric Biggers [Thu, 8 Jun 2017 13:48:03 +0000 (14:48 +0100)]
KEYS: put keyring if install_session_keyring_to_cred() fails

In join_session_keyring(), if install_session_keyring_to_cred() were to
fail, we would leak the keyring reference, just like in the bug fixed by
commit 23567fd052a9 ("KEYS: Fix keyring ref leak in
join_session_keyring()").  Fortunately this cannot happen currently, but
we really should be more careful.  Do this by adding and using a new
error label at which the keyring reference is dropped.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoKEYS: Delete an error message for a failed memory allocation in get_derived_key()
Markus Elfring [Thu, 8 Jun 2017 13:47:56 +0000 (14:47 +0100)]
KEYS: Delete an error message for a failed memory allocation in get_derived_key()

Omit an extra message for a memory allocation failure in this function.

This issue was detected by using the Coccinelle software.

Link: http://events.linuxfoundation.org/sites/events/files/slides/LCJ16-Refactor_Strings-WSang_0.pdf
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agoX.509: Fix error code in x509_cert_parse()
Dan Carpenter [Thu, 8 Jun 2017 13:47:49 +0000 (14:47 +0100)]
X.509: Fix error code in x509_cert_parse()

We forgot to set the error code on this path so it could result in
returning NULL which leads to a NULL dereference.

Fixes: db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
7 years agosecurity: use READ_ONCE instead of deprecated ACCESS_ONCE
Davidlohr Bueso [Thu, 8 Jun 2017 13:47:34 +0000 (14:47 +0100)]
security: use READ_ONCE instead of deprecated ACCESS_ONCE

With the new standardized functions, we can replace all ACCESS_ONCE()
calls across relevant security/keyrings/.

ACCESS_ONCE() does not work reliably on non-scalar types. For example
gcc 4.6 and 4.7 might remove the volatile tag for such accesses during
the SRA (scalar replacement of aggregates) step:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145

Update the new calls regardless of if it is a scalar type, this is
cleaner than having three alternatives.

Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>