[pull] master from torvalds:master #98
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BPF basic filtering test fails on s390x (when vmlinux debuginfo is utilized instead of /proc/kallsyms) Info: - bpf_probe_load installs the bpf code at do_epoll_wait. - For s390x, do_epoll_wait resolves to 3 functions including inlines. found inline addr: 0x43769e Probe point found: __s390_sys_epoll_wait+6 found inline addr: 0x437290 Probe point found: do_epoll_wait+0 found inline addr: 0x4375d6 Probe point found: __se_sys_epoll_wait+6 - add_bpf_event creates evsel for every probe in a BPF object. This results in 3 evsels. Solution: - Expected result = 50% of the samples to be collected from epoll_wait * number of entries present in the evlist. Committer testing: # perf test 42 42: BPF filter : 42.1: Basic BPF filtering : Ok 42.2: BPF pinning : Ok 42.3: BPF prologue generation : Ok 42.4: BPF relocation checker : Ok # Signed-off-by: Sumanth Korikkar <sumanthk@linux.ibm.com> Reviewed-by: Thomas Richter <tmricht@linux.ibm.com> Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: bpf@vger.kernel.org Cc: Heiko Carstens <hca@linux.ibm.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Sven Schnelle <svens@linux.ibm.com> LPU-Reference: 20200817072754.58344-1-sumanthk@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Do not update thread stats or show idle summary unless CPU is in the list of interest. Fixes: c30d630 ("perf sched timehist: Add support for filtering on CPU") Signed-off-by: David Ahern <dsahern@kernel.org> Acked-by: Namhyung Kim <namhyung@kernel.org> Cc: Jiri Olsa <jolsa@kernel.org> Link: http://lore.kernel.org/lkml/20200817170943.1486-1-dsahern@kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
When I execute 'perf top' without HAVE_LIBBPF_SUPPORT, there exists the following segmentation fault, skip the side-band event setup to fix it, this is similar with commit 1101c87 ("perf record: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set"). [yangtiezhu@linux perf]$ ./perf top <SNIP> perf: Segmentation fault Obtained 6 stack frames. ./perf(sighandler_dump_stack+0x5c) [0x12011b604] [0xffffffc010] ./perf(perf_mmap__read_init+0x3e) [0x1201feeae] ./perf() [0x1200d715c] /lib64/libpthread.so.0(+0xab9c) [0xffee10ab9c] /lib64/libc.so.6(+0x128f4c) [0xffedc08f4c] Segmentation fault [yangtiezhu@linux perf]$ I use git bisect to find commit b38d85e ("perf bpf: Decouple creating the evlist from adding the SB event") is the first bad commit, so also add the Fixes tag. Committer testing: First build perf explicitely disabling libbpf: $ make NO_LIBBPF=1 O=/tmp/build/perf -C tools/perf install-bin && perf test python Now make sure it isn't linked: $ perf -vv | grep -w bpf bpf: [ OFF ] # HAVE_LIBBPF_SUPPORT $ $ nm ~/bin/perf | grep libbpf $ And now try to run 'perf top': # perf top perf: Segmentation fault -------- backtrace -------- perf[0x5bcd6d] /lib64/libc.so.6(+0x3ca6f)[0x7fd0f5a66a6f] perf(perf_mmap__read_init+0x1e)[0x5e1afe] perf[0x4cc468] /lib64/libpthread.so.0(+0x9431)[0x7fd0f645a431] /lib64/libc.so.6(clone+0x42)[0x7fd0f5b2b912] # Applying this patch fixes the issue. Fixes: b38d85e ("perf bpf: Decouple creating the evlist from adding the SB event") Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Xuefeng Li <lixuefeng@loongson.cn> Link: http://lore.kernel.org/lkml/1597753837-16222-1-git-send-email-yangtiezhu@loongson.cn Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
…le symbols The "mwait_idle_with_hints" one was already there, some compiler artifact now adds this ".constprop.0" suffix, cover that one too. At some point we need to put these in a special bucket and show it somewhere on the screen. Noticed building the kernel on a fedora:32 system using: gcc version 10.2.1 20200723 (Red Hat 10.2.1-1) (GCC) Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
In arm_spe_read_record(), when we are processing an events packet, 'decoder->packet.index' is the length of payload, which has been transformed in payloadlen(). So correct the check of 'idx'. Signed-off-by: Wei Li <liwei391@huawei.com> Reviewed-by: Leo Yan <leo.yan@linaro.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Hanjun Guo <guohanjun@huawei.com> Cc: James Clark <james.clark@arm.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Poirier <mathieu.poirier@linaro.org> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Link: http://lore.kernel.org/lkml/20200724072628.35904-1-liwei391@huawei.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Add entries for perf tools elements related to the support of ARM CoreSight and ARM SPE. Also lump in arm and arm64 architecture files to provide coverage. Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org> Acked-by: John Garry <john.garry@huawei.com> Acked-by: Will Deacon <will@kernel.org> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Leo Yan <leo.yan@linaro.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: linux-arm-kernel@lists.infradead.org Link: http://lore.kernel.org/lkml/20200820175510.3935932-1-mathieu.poirier@linaro.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
[BUG] After commit 9afc664 ("btrfs: block-group: refactor how we read one block group item"), cache->length is being assigned after calling btrfs_create_block_group_cache. This causes a problem since set_free_space_tree_thresholds calculates the free-space threshold to decide if the free-space tree should convert from extents to bitmaps. The current code calls set_free_space_tree_thresholds with cache->length being 0, which then makes cache->bitmap_high_thresh zero. This implies the system will always use bitmap instead of extents, which is not desired if the block group is not fragmented. This behavior can be seen by a test that expects to repair systems with FREE_SPACE_EXTENT and FREE_SPACE_BITMAP, but the current code only created FREE_SPACE_BITMAP. [FIX] Call set_free_space_tree_thresholds after setting cache->length. There is now a WARN_ON in set_free_space_tree_thresholds to help preventing the same mistake to happen again in the future. Link: kdave/btrfs-progs#251 Fixes: 9afc664 ("btrfs: block-group: refactor how we read one block group item") CC: stable@vger.kernel.org # 5.8+ Reviewed-by: Qu Wenruo <wqu@suse.com> Reviewed-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
With the conversion of the tree locks to rwsem I got the following lockdep splat: ====================================================== WARNING: possible circular locking dependency detected 5.8.0-rc7-00167-g0d7ba0c5b375-dirty #925 Not tainted ------------------------------------------------------ btrfs-uuid/7955 is trying to acquire lock: ffff88bfbafec0f8 (btrfs-root-00){++++}-{3:3}, at: __btrfs_tree_read_lock+0x39/0x180 but task is already holding lock: ffff88bfbafef2a8 (btrfs-uuid-00){++++}-{3:3}, at: __btrfs_tree_read_lock+0x39/0x180 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (btrfs-uuid-00){++++}-{3:3}: down_read_nested+0x3e/0x140 __btrfs_tree_read_lock+0x39/0x180 __btrfs_read_lock_root_node+0x3a/0x50 btrfs_search_slot+0x4bd/0x990 btrfs_uuid_tree_add+0x89/0x2d0 btrfs_uuid_scan_kthread+0x330/0x390 kthread+0x133/0x150 ret_from_fork+0x1f/0x30 -> #0 (btrfs-root-00){++++}-{3:3}: __lock_acquire+0x1272/0x2310 lock_acquire+0x9e/0x360 down_read_nested+0x3e/0x140 __btrfs_tree_read_lock+0x39/0x180 __btrfs_read_lock_root_node+0x3a/0x50 btrfs_search_slot+0x4bd/0x990 btrfs_find_root+0x45/0x1b0 btrfs_read_tree_root+0x61/0x100 btrfs_get_root_ref.part.50+0x143/0x630 btrfs_uuid_tree_iterate+0x207/0x314 btrfs_uuid_rescan_kthread+0x12/0x50 kthread+0x133/0x150 ret_from_fork+0x1f/0x30 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(btrfs-uuid-00); lock(btrfs-root-00); lock(btrfs-uuid-00); lock(btrfs-root-00); *** DEADLOCK *** 1 lock held by btrfs-uuid/7955: #0: ffff88bfbafef2a8 (btrfs-uuid-00){++++}-{3:3}, at: __btrfs_tree_read_lock+0x39/0x180 stack backtrace: CPU: 73 PID: 7955 Comm: btrfs-uuid Kdump: loaded Not tainted 5.8.0-rc7-00167-g0d7ba0c5b375-dirty #925 Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018 Call Trace: dump_stack+0x78/0xa0 check_noncircular+0x165/0x180 __lock_acquire+0x1272/0x2310 lock_acquire+0x9e/0x360 ? __btrfs_tree_read_lock+0x39/0x180 ? btrfs_root_node+0x1c/0x1d0 down_read_nested+0x3e/0x140 ? __btrfs_tree_read_lock+0x39/0x180 __btrfs_tree_read_lock+0x39/0x180 __btrfs_read_lock_root_node+0x3a/0x50 btrfs_search_slot+0x4bd/0x990 btrfs_find_root+0x45/0x1b0 btrfs_read_tree_root+0x61/0x100 btrfs_get_root_ref.part.50+0x143/0x630 btrfs_uuid_tree_iterate+0x207/0x314 ? btree_readpage+0x20/0x20 btrfs_uuid_rescan_kthread+0x12/0x50 kthread+0x133/0x150 ? kthread_create_on_node+0x60/0x60 ret_from_fork+0x1f/0x30 This problem exists because we have two different rescan threads, btrfs_uuid_scan_kthread which creates the uuid tree, and btrfs_uuid_tree_iterate that goes through and updates or deletes any out of date roots. The problem is they both do things in different order. btrfs_uuid_scan_kthread() reads the tree_root, and then inserts entries into the uuid_root. btrfs_uuid_tree_iterate() scans the uuid_root, but then does a btrfs_get_fs_root() which can read from the tree_root. It's actually easy enough to not be holding the path in btrfs_uuid_scan_kthread() when we add a uuid entry, as we already drop it further down and re-start the search when we loop. So simply move the path release before we add our entry to the uuid tree. This also fixes a problem where we're holding a path open after we do btrfs_end_transaction(), which has it's own problems. CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
With the conversion of the tree locks to rwsem I got the following lockdep splat: ====================================================== WARNING: possible circular locking dependency detected 5.8.0-rc7-00165-g04ec4da5f45f-dirty #922 Not tainted ------------------------------------------------------ compsize/11122 is trying to acquire lock: ffff889fabca8768 (&mm->mmap_lock#2){++++}-{3:3}, at: __might_fault+0x3e/0x90 but task is already holding lock: ffff889fe720fe40 (btrfs-fs-00){++++}-{3:3}, at: __btrfs_tree_read_lock+0x39/0x180 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (btrfs-fs-00){++++}-{3:3}: down_write_nested+0x3b/0x70 __btrfs_tree_lock+0x24/0x120 btrfs_search_slot+0x756/0x990 btrfs_lookup_inode+0x3a/0xb4 __btrfs_update_delayed_inode+0x93/0x270 btrfs_async_run_delayed_root+0x168/0x230 btrfs_work_helper+0xd4/0x570 process_one_work+0x2ad/0x5f0 worker_thread+0x3a/0x3d0 kthread+0x133/0x150 ret_from_fork+0x1f/0x30 -> #1 (&delayed_node->mutex){+.+.}-{3:3}: __mutex_lock+0x9f/0x930 btrfs_delayed_update_inode+0x50/0x440 btrfs_update_inode+0x8a/0xf0 btrfs_dirty_inode+0x5b/0xd0 touch_atime+0xa1/0xd0 btrfs_file_mmap+0x3f/0x60 mmap_region+0x3a4/0x640 do_mmap+0x376/0x580 vm_mmap_pgoff+0xd5/0x120 ksys_mmap_pgoff+0x193/0x230 do_syscall_64+0x50/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #0 (&mm->mmap_lock#2){++++}-{3:3}: __lock_acquire+0x1272/0x2310 lock_acquire+0x9e/0x360 __might_fault+0x68/0x90 _copy_to_user+0x1e/0x80 copy_to_sk.isra.32+0x121/0x300 search_ioctl+0x106/0x200 btrfs_ioctl_tree_search_v2+0x7b/0xf0 btrfs_ioctl+0x106f/0x30a0 ksys_ioctl+0x83/0xc0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x50/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 other info that might help us debug this: Chain exists of: &mm->mmap_lock#2 --> &delayed_node->mutex --> btrfs-fs-00 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(btrfs-fs-00); lock(&delayed_node->mutex); lock(btrfs-fs-00); lock(&mm->mmap_lock#2); *** DEADLOCK *** 1 lock held by compsize/11122: #0: ffff889fe720fe40 (btrfs-fs-00){++++}-{3:3}, at: __btrfs_tree_read_lock+0x39/0x180 stack backtrace: CPU: 17 PID: 11122 Comm: compsize Kdump: loaded Not tainted 5.8.0-rc7-00165-g04ec4da5f45f-dirty #922 Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018 Call Trace: dump_stack+0x78/0xa0 check_noncircular+0x165/0x180 __lock_acquire+0x1272/0x2310 lock_acquire+0x9e/0x360 ? __might_fault+0x3e/0x90 ? find_held_lock+0x72/0x90 __might_fault+0x68/0x90 ? __might_fault+0x3e/0x90 _copy_to_user+0x1e/0x80 copy_to_sk.isra.32+0x121/0x300 ? btrfs_search_forward+0x2a6/0x360 search_ioctl+0x106/0x200 btrfs_ioctl_tree_search_v2+0x7b/0xf0 btrfs_ioctl+0x106f/0x30a0 ? __do_sys_newfstat+0x5a/0x70 ? ksys_ioctl+0x83/0xc0 ksys_ioctl+0x83/0xc0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x50/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The problem is we're doing a copy_to_user() while holding tree locks, which can deadlock if we have to do a page fault for the copy_to_user(). This exists even without my locking changes, so it needs to be fixed. Rework the search ioctl to do the pre-fault and then copy_to_user_nofault for the copying. CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
I got the following lockdep splat while testing: ====================================================== WARNING: possible circular locking dependency detected 5.8.0-rc7-00172-g021118712e59 #932 Not tainted ------------------------------------------------------ btrfs/229626 is trying to acquire lock: ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450 but task is already holding lock: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #7 (&fs_info->scrub_lock){+.+.}-{3:3}: __mutex_lock+0x9f/0x930 btrfs_scrub_dev+0x11c/0x630 btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4 btrfs_ioctl+0x2799/0x30a0 ksys_ioctl+0x83/0xc0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x50/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}: __mutex_lock+0x9f/0x930 btrfs_run_dev_stats+0x49/0x480 commit_cowonly_roots+0xb5/0x2a0 btrfs_commit_transaction+0x516/0xa60 sync_filesystem+0x6b/0x90 generic_shutdown_super+0x22/0x100 kill_anon_super+0xe/0x30 btrfs_kill_super+0x12/0x20 deactivate_locked_super+0x29/0x60 cleanup_mnt+0xb8/0x140 task_work_run+0x6d/0xb0 __prepare_exit_to_usermode+0x1cc/0x1e0 do_syscall_64+0x5c/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}: __mutex_lock+0x9f/0x930 btrfs_commit_transaction+0x4bb/0xa60 sync_filesystem+0x6b/0x90 generic_shutdown_super+0x22/0x100 kill_anon_super+0xe/0x30 btrfs_kill_super+0x12/0x20 deactivate_locked_super+0x29/0x60 cleanup_mnt+0xb8/0x140 task_work_run+0x6d/0xb0 __prepare_exit_to_usermode+0x1cc/0x1e0 do_syscall_64+0x5c/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}: __mutex_lock+0x9f/0x930 btrfs_record_root_in_trans+0x43/0x70 start_transaction+0xd1/0x5d0 btrfs_dirty_inode+0x42/0xd0 touch_atime+0xa1/0xd0 btrfs_file_mmap+0x3f/0x60 mmap_region+0x3a4/0x640 do_mmap+0x376/0x580 vm_mmap_pgoff+0xd5/0x120 ksys_mmap_pgoff+0x193/0x230 do_syscall_64+0x50/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #3 (&mm->mmap_lock#2){++++}-{3:3}: __might_fault+0x68/0x90 _copy_to_user+0x1e/0x80 perf_read+0x141/0x2c0 vfs_read+0xad/0x1b0 ksys_read+0x5f/0xe0 do_syscall_64+0x50/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #2 (&cpuctx_mutex){+.+.}-{3:3}: __mutex_lock+0x9f/0x930 perf_event_init_cpu+0x88/0x150 perf_event_init+0x1db/0x20b start_kernel+0x3ae/0x53c secondary_startup_64+0xa4/0xb0 -> #1 (pmus_lock){+.+.}-{3:3}: __mutex_lock+0x9f/0x930 perf_event_init_cpu+0x4f/0x150 cpuhp_invoke_callback+0xb1/0x900 _cpu_up.constprop.26+0x9f/0x130 cpu_up+0x7b/0xc0 bringup_nonboot_cpus+0x4f/0x60 smp_init+0x26/0x71 kernel_init_freeable+0x110/0x258 kernel_init+0xa/0x103 ret_from_fork+0x1f/0x30 -> #0 (cpu_hotplug_lock){++++}-{0:0}: __lock_acquire+0x1272/0x2310 lock_acquire+0x9e/0x360 cpus_read_lock+0x39/0xb0 alloc_workqueue+0x378/0x450 __btrfs_alloc_workqueue+0x15d/0x200 btrfs_alloc_workqueue+0x51/0x160 scrub_workers_get+0x5a/0x170 btrfs_scrub_dev+0x18c/0x630 btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4 btrfs_ioctl+0x2799/0x30a0 ksys_ioctl+0x83/0xc0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x50/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 other info that might help us debug this: Chain exists of: cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&fs_info->scrub_lock); lock(&fs_devs->device_list_mutex); lock(&fs_info->scrub_lock); lock(cpu_hotplug_lock); *** DEADLOCK *** 2 locks held by btrfs/229626: #0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630 #1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630 stack backtrace: CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932 Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018 Call Trace: dump_stack+0x78/0xa0 check_noncircular+0x165/0x180 __lock_acquire+0x1272/0x2310 lock_acquire+0x9e/0x360 ? alloc_workqueue+0x378/0x450 cpus_read_lock+0x39/0xb0 ? alloc_workqueue+0x378/0x450 alloc_workqueue+0x378/0x450 ? rcu_read_lock_sched_held+0x52/0x80 __btrfs_alloc_workqueue+0x15d/0x200 btrfs_alloc_workqueue+0x51/0x160 scrub_workers_get+0x5a/0x170 btrfs_scrub_dev+0x18c/0x630 ? start_transaction+0xd1/0x5d0 btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4 btrfs_ioctl+0x2799/0x30a0 ? do_sigaction+0x102/0x250 ? lockdep_hardirqs_on_prepare+0xca/0x160 ? _raw_spin_unlock_irq+0x24/0x30 ? trace_hardirqs_on+0x1c/0xe0 ? _raw_spin_unlock_irq+0x24/0x30 ? do_sigaction+0x102/0x250 ? ksys_ioctl+0x83/0xc0 ksys_ioctl+0x83/0xc0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x50/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 This happens because we're allocating the scrub workqueues under the scrub and device list mutex, which brings in a whole host of other dependencies. Because the work queue allocation is done with GFP_KERNEL, it can trigger reclaim, which can lead to a transaction commit, which in turns needs the device_list_mutex, it can lead to a deadlock. A different problem for which this fix is a solution. Fix this by moving the actual allocation outside of the scrub lock, and then only take the lock once we're ready to actually assign them to the fs_info. We'll now have to cleanup the workqueues in a few more places, so I've added a helper to do the refcount dance to safely free the workqueues. CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
When flipping over to the rw_semaphore I noticed I'd get a lockdep splat in replace_path(), which is weird because we're swapping the reloc root with the actual target root. Turns out this is because we're using the root->root_key.objectid as the root id for the newly allocated tree block when setting the lockdep class, however we need to be using the actual owner of this new block, which is saved in owner. The affected path is through btrfs_copy_root as all other callers of btrfs_alloc_tree_block (which calls init_new_buffer) have root_objectid == root->root_key.objectid . CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: Nikolay Borisov <nborisov@suse.com> Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
These are special extent buffers that get rewound in order to lookup the state of the tree at a specific point in time. As such they do not go through the normal initialization paths that set their lockdep class, so handle them appropriately when they are created and before they are locked. CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
The error message for inode transid is the same as for inode generation, which makes us unable to detect the real problem. Reported-by: Tyler Richmond <t.d.richmond@gmail.com> Fixes: 496245c ("btrfs: tree-checker: Verify inode item") CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Marcos Paulo de Souza <mpdesouza@suse.com> Signed-off-by: Qu Wenruo <wqu@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
A couple of trivial fixes for using %zd for size_t in the code supporting the ZSTD compression library. Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Acked-by: Jiri Olsa <jolsa@redhat.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Alexey Budankov <alexey.budankov@linux.intel.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Link: http://lore.kernel.org/lkml/20200820212501.24421-1-chris@chris-wilson.co.uk Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
The help info of option "--no-bpf-event" is wrongly described as "record
bpf events", correct it.
Committer testing:
$ perf record -h bpf
Usage: perf record [<options>] [<command>]
or: perf record [<options>] -- <command> [<options>]
--clang-opt <clang options>
options passed to clang when compiling BPF scriptlets
--clang-path <clang path>
clang binary to use for compiling BPF scriptlets
--no-bpf-event do not record bpf events
$
Fixes: 71184c6 ("perf record: Replace option --bpf-event with --no-bpf-event")
Signed-off-by: Wei Li <liwei391@huawei.com>
Acked-by: Song Liu <songliubraving@fb.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Hanjun Guo <guohanjun@huawei.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Li Bin <huawei.libin@huawei.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: http://lore.kernel.org/lkml/20200819031947.12115-1-liwei391@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Currently if we run 'perf record -e cycles:u', exclude_guest=0.
But it doesn't make sense in most cases that we request for
user-space counting but we also get the guest report.
Of course, we also need to consider 'perf kvm' usage case that
authorized perf users on the host may only want to count guest user
space events. For example,
# perf kvm --guest record -e cycles:u
When we have 'exclude_guest=1' for 'perf kvm' usage, we may get nothing
from guest events.
To keep perf semantics consistent and clear, this patch sets
exclude_guest=1 for user-space counting but except for 'perf kvm' usage.
Before:
perf record -e cycles:u ./div
perf evlist -v
cycles:u: ..., exclude_kernel: 1, exclude_hv: 1, ...
After:
perf record -e cycles:u ./div
perf evlist -v
cycles:u: ..., exclude_kernel: 1, exclude_hv: 1, exclude_guest: 1, ...
Before:
perf kvm --guest record -e cycles:u -vvv
perf_event_attr:
size 120
{ sample_period, sample_freq } 4000
sample_type IP|TID|TIME|ID|CPU|PERIOD
read_format ID
disabled 1
inherit 1
exclude_kernel 1
exclude_hv 1
freq 1
sample_id_all 1
After:
perf kvm --guest record -e cycles:u -vvv
perf_event_attr:
size 120
{ sample_period, sample_freq } 4000
sample_type IP|TID|TIME|ID|CPU|PERIOD
read_format ID
disabled 1
inherit 1
exclude_kernel 1
exclude_hv 1
freq 1
sample_id_all 1
For Before/After, exclude_guest are both 0 for perf kvm usage.
perf test 6
6: Parse event definition strings : Ok
Signed-off-by: Jin Yao <yao.jin@linux.intel.com>
Tested-by: Like Xu <like.xu@linux.intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jin Yao <yao.jin@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20200814012120.16647-1-yao.jin@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
…s metrics" test
Linux 5.9 introduced perf test case "Parse and process metrics" and
on s390 this test case always dumps core:
[root@t35lp67 perf]# ./perf test -vvvv -F 67
67: Parse and process metrics :
--- start ---
metric expr inst_retired.any / cpu_clk_unhalted.thread for IPC
parsing metric: inst_retired.any / cpu_clk_unhalted.thread
Segmentation fault (core dumped)
[root@t35lp67 perf]#
I debugged this core dump and gdb shows this call chain:
(gdb) where
#0 0x000003ffabc3192a in __strnlen_c_1 () from /lib64/libc.so.6
#1 0x000003ffabc293de in strcasestr () from /lib64/libc.so.6
#2 0x0000000001102ba2 in match_metric(list=0x1e6ea20 "inst_retired.any",
n=<optimized out>)
at util/metricgroup.c:368
#3 find_metric (map=<optimized out>, map=<optimized out>,
metric=0x1e6ea20 "inst_retired.any")
at util/metricgroup.c:765
#4 __resolve_metric (ids=0x0, map=<optimized out>, metric_list=0x0,
metric_no_group=<optimized out>, m=<optimized out>)
at util/metricgroup.c:844
#5 resolve_metric (ids=0x0, map=0x0, metric_list=0x0,
metric_no_group=<optimized out>)
at util/metricgroup.c:881
#6 metricgroup__add_metric (metric=<optimized out>,
metric_no_group=metric_no_group@entry=false, events=<optimized out>,
events@entry=0x3ffd84fb878, metric_list=0x0,
metric_list@entry=0x3ffd84fb868, map=0x0)
at util/metricgroup.c:943
#7 0x00000000011034ae in metricgroup__add_metric_list (map=0x13f9828 <map>,
metric_list=0x3ffd84fb868, events=0x3ffd84fb878,
metric_no_group=<optimized out>, list=<optimized out>)
at util/metricgroup.c:988
#8 parse_groups (perf_evlist=perf_evlist@entry=0x1e70260,
str=str@entry=0x12f34b2 "IPC", metric_no_group=<optimized out>,
metric_no_merge=<optimized out>,
fake_pmu=fake_pmu@entry=0x1462f18 <perf_pmu.fake>,
metric_events=0x3ffd84fba58, map=0x1)
at util/metricgroup.c:1040
#9 0x0000000001103eb2 in metricgroup__parse_groups_test(
evlist=evlist@entry=0x1e70260, map=map@entry=0x13f9828 <map>,
str=str@entry=0x12f34b2 "IPC",
metric_no_group=metric_no_group@entry=false,
metric_no_merge=metric_no_merge@entry=false,
metric_events=0x3ffd84fba58)
at util/metricgroup.c:1082
#10 0x00000000010c84d8 in __compute_metric (ratio2=0x0, name2=0x0,
ratio1=<synthetic pointer>, name1=0x12f34b2 "IPC",
vals=0x3ffd84fbad8, name=0x12f34b2 "IPC")
at tests/parse-metric.c:159
#11 compute_metric (ratio=<synthetic pointer>, vals=0x3ffd84fbad8,
name=0x12f34b2 "IPC")
at tests/parse-metric.c:189
#12 test_ipc () at tests/parse-metric.c:208
.....
..... omitted many more lines
This test case was added with
commit 218ca91 ("perf tests: Add parse metric test for frontend metric").
When I compile with make DEBUG=y it works fine and I do not get a core dump.
It turned out that the above listed function call chain worked on a struct
pmu_event array which requires a trailing element with zeroes which was
missing. The marco map_for_each_event() loops over that array tests for members
metric_expr/metric_name/metric_group being non-NULL. Adding this element fixes
the issue.
Output after:
[root@t35lp46 perf]# ./perf test 67
67: Parse and process metrics : Ok
[root@t35lp46 perf]#
Committer notes:
As Ian remarks, this is not s390 specific:
<quote Ian>
This also shows up with address sanitizer on all architectures
(perhaps change the patch title) and perhaps add a "Fixes: <commit>"
tag.
=================================================================
==4718==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55c93b4d59e8 at pc 0x55c93a1541e2 bp 0x7ffd24327c60 sp
0x7ffd24327c58
READ of size 8 at 0x55c93b4d59e8 thread T0
#0 0x55c93a1541e1 in find_metric tools/perf/util/metricgroup.c:764:2
#1 0x55c93a153e6c in __resolve_metric tools/perf/util/metricgroup.c:844:9
#2 0x55c93a152f18 in resolve_metric tools/perf/util/metricgroup.c:881:9
#3 0x55c93a1528db in metricgroup__add_metric
tools/perf/util/metricgroup.c:943:9
#4 0x55c93a151996 in metricgroup__add_metric_list
tools/perf/util/metricgroup.c:988:9
#5 0x55c93a1511b9 in parse_groups tools/perf/util/metricgroup.c:1040:8
#6 0x55c93a1513e1 in metricgroup__parse_groups_test
tools/perf/util/metricgroup.c:1082:9
#7 0x55c93a0108ae in __compute_metric tools/perf/tests/parse-metric.c:159:8
#8 0x55c93a010744 in compute_metric tools/perf/tests/parse-metric.c:189:9
#9 0x55c93a00f5ee in test_ipc tools/perf/tests/parse-metric.c:208:2
#10 0x55c93a00f1e8 in test__parse_metric
tools/perf/tests/parse-metric.c:345:2
#11 0x55c939fd7202 in run_test tools/perf/tests/builtin-test.c:410:9
#12 0x55c939fd6736 in test_and_print tools/perf/tests/builtin-test.c:440:9
#13 0x55c939fd58c3 in __cmd_test tools/perf/tests/builtin-test.c:661:4
#14 0x55c939fd4e02 in cmd_test tools/perf/tests/builtin-test.c:807:9
#15 0x55c939e4763d in run_builtin tools/perf/perf.c:313:11
#16 0x55c939e46475 in handle_internal_command tools/perf/perf.c:365:8
#17 0x55c939e4737e in run_argv tools/perf/perf.c:409:2
#18 0x55c939e45f7e in main tools/perf/perf.c:539:3
0x55c93b4d59e8 is located 0 bytes to the right of global variable
'pme_test' defined in 'tools/perf/tests/parse-metric.c:17:25'
(0x55c93b4d54a0) of size 1352
SUMMARY: AddressSanitizer: global-buffer-overflow
tools/perf/util/metricgroup.c:764:2 in find_metric
Shadow bytes around the buggy address:
0x0ab9a7692ae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab9a7692af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab9a7692b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab9a7692b10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab9a7692b20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ab9a7692b30: 00 00 00 00 00 00 00 00 00 00 00 00 00[f9]f9 f9
0x0ab9a7692b40: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ab9a7692b50: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ab9a7692b60: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0ab9a7692b70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab9a7692b80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
</quote>
I'm also adding the missing "Fixes" tag and setting just .name to NULL,
as doing it that way is more compact (the compiler will zero out
everything else) and the table iterators look for .name being NULL as
the sentinel marking the end of the table.
Fixes: 0a507af ("perf tests: Add parse metric test for ipc metric")
Signed-off-by: Thomas Richter <tmricht@linux.ibm.com>
Reviewed-by: Sumanth Korikkar <sumanthk@linux.ibm.com>
Acked-by: Ian Rogers <irogers@google.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Sven Schnelle <svens@linux.ibm.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Link: http://lore.kernel.org/lkml/20200825071211.16959-1-tmricht@linux.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
…ist method
Fix a compile error on F32 and gcc version 10.1 on s390 in file
utils/stat-display.c. The error does not show up with make DEBUG=y. In
fact the issue shows up when using both compiler options -O6 and
-D_FORTIFY_SOURCE=2 (which are omitted with DEBUG=Y).
This is the offending call chain:
print_counter_aggr()
printout(config, -1, 0, ...) with 2nd parm id set to -1
aggr_printout(config, x, id --> -1, ...) which leads to this code:
case AGGR_NONE:
if (evsel->percore && !config->percore_show_thread) {
....
} else {
fprintf(config->output, "CPU%*d%s",
config->csv_output ? 0 : -7,
evsel__cpus(evsel)->map[id],
^^ id is -1 !!!!
config->csv_sep);
}
This is a compiler inlining issue which is detected on s390 but not on
other plattforms.
Output before:
# make util/stat-display.o
.....
util/stat-display.c: In function ‘perf_evlist__print_counters’:
util/stat-display.c:121:4: error: array subscript -1 is below array
bounds of ‘int[]’ [-Werror=array-bounds]
121 | fprintf(config->output, "CPU%*d%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
122 | config->csv_output ? 0 : -7,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
123 | evsel__cpus(evsel)->map[id],
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
124 | config->csv_sep);
| ~~~~~~~~~~~~~~~~
In file included from util/evsel.h:13,
from util/evlist.h:13,
from util/stat-display.c:9:
/root/linux/tools/lib/perf/include/internal/cpumap.h:10:7:
note: while referencing ‘map’
10 | int map[];
| ^~~
cc1: all warnings being treated as errors
mv: cannot stat 'util/.stat-display.o.tmp': No such file or directory
make[3]: *** [/root/linux/tools/build/Makefile.build:97: util/stat-display.o]
Error 1
make[2]: *** [Makefile.perf:716: util/stat-display.o] Error 2
make[1]: *** [Makefile.perf:231: sub-make] Error 2
make: *** [Makefile:110: util/stat-display.o] Error 2
[root@t35lp46 perf]#
Output after:
# make util/stat-display.o
.....
CC util/stat-display.o
[root@t35lp46 perf]#
Committer notes:
Removed the removal of {} enclosing the multiline else block, as pointed
out by Jiri Olsa.
Suggested-by: Jiri Olsa <jolsa@redhat.com>
Signed-off-by: Thomas Richter <tmricht@linux.ibm.com>
Acked-by: Jiri Olsa <jolsa@redhat.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Sumanth Korikkar <sumanthk@linux.ibm.com>
Cc: Sven Schnelle <svens@linux.ibm.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Link: http://lore.kernel.org/lkml/20200825063304.77733-1-tmricht@linux.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
With a fake_pmu the pmu_info isn't populated by perf_pmu__check_alias. In this case, don't try to copy the uninitialized values to the evsel. Signed-off-by: Ian Rogers <irogers@google.com> Acked-by: Jiri Olsa <jolsa@redhat.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Jin Yao <yao.jin@linux.intel.com> Cc: Kajol Jain <kjain@linux.ibm.com> Cc: Kan Liang <kan.liang@linux.intel.com> Cc: Leo Yan <leo.yan@linaro.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Stephane Eranian <eranian@google.com> Link: http://lore.kernel.org/lkml/20200826042910.1902374-2-irogers@google.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
For a while we need to have a dummy event for doing things like
receiving PERF_RECORD_COMM, PERF_RECORD_EXEC, etc for threads being
created and dying while we synthesize the pre-existing ones at tool
start.
This 'dummy' event is needed for keeping track of thread lifetime events
early in the session but are uninteresting otherwise, i.e. no need to
have it in a initial events menu for the non-grouped case, i.e. for:
# perf top -e cycles,instructions
or even for plain:
# perf top
When 'cycles' and that 'dummy' event are in place.
The code to remove that 'dummy' event ended up creating an endless loop
for the grouped case, i.e.:
# perf top -e '{cycles,instructions}'
Fix it.
Fixes: bee9ca1 ("perf report TUI: Remove needless 'dummy' event from menu")
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Commit 42bbabe ("perf tools: Add hw_idx in struct branch_stack") changed the format of branch stacks in perf samples. When samples use this new format, a flag must be set in the corresponding event. Synthesized branch stacks generated from CoreSight ETM trace were using the new format, but not setting the event attribute, leading to consumers seeing corrupt data. This patch fixes the issue by setting the event attribute to indicate use of the new format. Fixes: 42bbabe ("perf tools: Add hw_idx in struct branch_stack") Signed-off-by: Al Grant <al.grant@arm.com> Reviewed-by: Andrea Brunato <andrea.brunato@arm.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Kan Liang <kan.liang@linux.intel.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Poirier <mathieu.poirier@linaro.org> Cc: Mike Leach <mike.leach@linaro.org> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Suzuki Poulouse <suzuki.poulose@arm.com> Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Leo Yan <leo.yan@linaro.org> Link: http://lore.kernel.org/lkml/20200819084751.17686-1-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Commit 42bbabe ("perf tools: Add hw_idx in struct branch_stack") changed the format of branch stacks in perf samples. When samples use this new format, a flag must be set in the corresponding event. Synthesized branch stacks generated from Intel PT were using the new format, but not setting the event attribute, leading to consumers seeing corrupt data. This patch fixes the issue by setting the event attribute to indicate use of the new format. Fixes: 42bbabe ("perf tools: Add hw_idx in struct branch_stack") Signed-off-by: Al Grant <al.grant@arm.com> Acked-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Kan Liang <kan.liang@linux.intel.com> Cc: Leo Yan <leo.yan@linaro.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mike Leach <mike.leach@linaro.org> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Suzuki Poulouse <suzuki.poulose@arm.com> Cc: linux-arm-kernel@lists.infradead.org Link: http://lore.kernel.org/lkml/20200819084751.17686-2-leo.yan@linaro.org Signed-off-by: Leo Yan <leo.yan@linaro.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
perf_event.h has macros that define the field offsets in the data_src bitmask in perf records. The SNOOPX and REMOTE offsets were both 37. These are distinct fields, and the bitfield layout in perf_mem_data_src confirms that SNOOPX should be at offset 38. Committer notes: This was extracted from a larger patch that also contained kernel changes. Fixes: 52839e6 ("perf tools: Add support for printing new mem_info encodings") Signed-off-by: Al Grant <al.grant@arm.com> Reviewed-by: Andi Kleen <ak@linux.intel.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Ian Rogers <irogers@google.com> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Link: http://lore.kernel.org/lkml/9974f2d0-bf7f-518e-d9f7-4520e5ff1bb0@foss.arm.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Disable ordered_events for report raw dump, because for raw dump we want to see events as they are stored in the perf.data file, not sorted by time. Signed-off-by: Jiri Olsa <jolsa@kernel.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Ian Rogers <irogers@google.com> Cc: Michael Petlan <mpetlan@redhat.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Link: http://lore.kernel.org/lkml/20200827134830.126721-1-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
…nel/git/kdave/linux Pull btrfs fixes from David Sterba: "Two small fixes and a bunch of lockdep fixes for warnings that show up with an upcoming tree locking update but are valid with current locks as well" * tag 'for-5.9-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: tree-checker: fix the error message for transid error btrfs: set the lockdep class for log tree extent buffers btrfs: set the correct lockdep class for new nodes btrfs: allocate scrub workqueues outside of locks btrfs: fix potential deadlock in the search ioctl btrfs: drop path before adding new uuid tree entry btrfs: block-group: fix free-space bitmap threshold
…org/pub/scm/linux/kernel/git/acme/linux
Pull perf tools fixes from Arnaldo Carvalho de Melo:
- Fix infinite loop in the TUI for grouped events in 'perf top/record',
eg when using "perf top -e '{cycles,instructions,cache-misses}'".
- Fix segfault by skipping side-band event setup if HAVE_LIBBPF_SUPPORT
is not set.
- Fix synthesized branch stacks generated from CoreSight ETM trace and
Intel PT hardware traces.
- Fix error when synthesizing events from ARM SPE hardware trace.
- The SNOOPX and REMOTE offsets in the data_src bitmask in perf records
were were both 37, SNOOPX is 38, fix it.
- Fix use of CPU list with summary option in 'perf sched timehist'.
- Avoid an uninitialized read when using fake PMUs.
- Set perf_event_attr.exclude_guest=1 for user-space counting.
- Don't order events when doing a 'perf report -D' raw dump of
perf.data records.
- Set NULL sentinel in pmu_events table in "Parse and process metrics"
'perf test'
- Fix basic bpf filtering 'perf test' on s390x.
- Fix out of bounds array access in the 'perf stat' print_counters()
evlist method.
- Add mwait_idle_with_hints.constprop.0 to the list of idle symbols.
- Use %zd for size_t printf formats on 32-bit.
- Correct the help info of "perf record --no-bpf-event" option.
- Add entries for CoreSight and Arm SPE tooling to MAINTAINERS.
* tag 'perf-tools-fixes-for-v5.9-2020-09-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
perf report: Disable ordered_events for raw dump
perf tools: Correct SNOOPX field offset
perf intel-pt: Fix corrupt data after perf inject from
perf cs-etm: Fix corrupt data after perf inject from
perf top/report: Fix infinite loop in the TUI for grouped events
perf parse-events: Avoid an uninitialized read when using fake PMUs
perf stat: Fix out of bounds array access in the print_counters() evlist method
perf test: Set NULL sentinel in pmu_events table in "Parse and process metrics" test
perf parse-events: Set exclude_guest=1 for user-space counting
perf record: Correct the help info of option "--no-bpf-event"
perf tools: Use %zd for size_t printf formats on 32-bit
MAINTAINERS: Add entries for CoreSight and Arm SPE tooling
perf: arm-spe: Fix check error when synthesizing events
perf symbols: Add mwait_idle_with_hints.constprop.0 to the list of idle symbols
perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set
perf sched timehist: Fix use of CPU list with summary option
perf test: Fix basic bpf filtering test
pull bot
pushed a commit
that referenced
this pull request
Oct 18, 2020
Lockdep complains at boot: ============================= [ BUG: Invalid wait context ] 5.7.0-05093-g46d91ecd597b #98 Not tainted ----------------------------- swapper/1 is trying to lock: 0000000060931b98 (&desc[i].request_mutex){+.+.}-{3:3}, at: __setup_irq+0x11d/0x623 other info that might help us debug this: context-{4:4} 1 lock held by swapper/1: #0: 000000006074fed8 (sigio_spinlock){+.+.}-{2:2}, at: sigio_lock+0x1a/0x1c stack backtrace: CPU: 0 PID: 1 Comm: swapper Not tainted 5.7.0-05093-g46d91ecd597b #98 Stack: 7fa4fab 6028dfd1 0000002a 6008bea5 7fa50700 7fa50040 7fa4fac0 6028e016 7fa4fb5 6007f6da 60959c18 00000000 Call Trace: [<60023a0e>] show_stack+0x13b/0x155 [<6028e016>] dump_stack+0x2a/0x2c [<6007f6da>] __lock_acquire+0x515/0x15f2 [<6007eb50>] lock_acquire+0x245/0x273 [<6050d9f1>] __mutex_lock+0xbd/0x325 [<6050dc76>] mutex_lock_nested+0x1d/0x1f [<6008e27e>] __setup_irq+0x11d/0x623 [<6008e8ed>] request_threaded_irq+0x169/0x1a6 [<60021eb0>] um_request_irq+0x1ee/0x24b [<600234ee>] write_sigio_irq+0x3b/0x76 [<600383ca>] sigio_broken+0x146/0x2e4 [<60020bd8>] do_one_initcall+0xde/0x281 Because we hold sigio_spinlock and then get into requesting an interrupt with a mutex. Change the spinlock to a mutex to avoid that. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Richard Weinberger <richard@nod.at>
pull bot
pushed a commit
that referenced
this pull request
Dec 18, 2020
syzkaller found the following JFFS2 splat:
Unable to handle kernel paging request at virtual address dfffa00000000001
Mem abort info:
ESR = 0x96000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
[dfffa00000000001] address between user and kernel address ranges
Internal error: Oops: 96000004 [#1] SMP
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 12745 Comm: syz-executor.5 Tainted: G S 5.9.0-rc8+ #98
Hardware name: linux,dummy-virt (DT)
pstate: 20400005 (nzCv daif +PAN -UAO BTYPE=--)
pc : jffs2_parse_param+0x138/0x308 fs/jffs2/super.c:206
lr : jffs2_parse_param+0x108/0x308 fs/jffs2/super.c:205
sp : ffff000022a57910
x29: ffff000022a57910 x28: 0000000000000000
x27: ffff000057634008 x26: 000000000000d800
x25: 000000000000d800 x24: ffff0000271a9000
x23: ffffa0001adb5dc0 x22: ffff000023fdcf00
x21: 1fffe0000454af2c x20: ffff000024cc9400
x19: 0000000000000000 x18: 0000000000000000
x17: 0000000000000000 x16: ffffa000102dbdd0
x15: 0000000000000000 x14: ffffa000109e44bc
x13: ffffa00010a3a26c x12: ffff80000476e0b3
x11: 1fffe0000476e0b2 x10: ffff80000476e0b2
x9 : ffffa00010a3ad60 x8 : ffff000023b70593
x7 : 0000000000000003 x6 : 00000000f1f1f1f1
x5 : ffff000023fdcf00 x4 : 0000000000000002
x3 : ffffa00010000000 x2 : 0000000000000001
x1 : dfffa00000000000 x0 : 0000000000000008
Call trace:
jffs2_parse_param+0x138/0x308 fs/jffs2/super.c:206
vfs_parse_fs_param+0x234/0x4e8 fs/fs_context.c:117
vfs_parse_fs_string+0xe8/0x148 fs/fs_context.c:161
generic_parse_monolithic+0x17c/0x208 fs/fs_context.c:201
parse_monolithic_mount_data+0x7c/0xa8 fs/fs_context.c:649
do_new_mount fs/namespace.c:2871 [inline]
path_mount+0x548/0x1da8 fs/namespace.c:3192
do_mount+0x124/0x138 fs/namespace.c:3205
__do_sys_mount fs/namespace.c:3413 [inline]
__se_sys_mount fs/namespace.c:3390 [inline]
__arm64_sys_mount+0x164/0x238 fs/namespace.c:3390
__invoke_syscall arch/arm64/kernel/syscall.c:36 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:48 [inline]
el0_svc_common.constprop.0+0x15c/0x598 arch/arm64/kernel/syscall.c:149
do_el0_svc+0x60/0x150 arch/arm64/kernel/syscall.c:195
el0_svc+0x34/0xb0 arch/arm64/kernel/entry-common.c:226
el0_sync_handler+0xc8/0x5b4 arch/arm64/kernel/entry-common.c:236
el0_sync+0x15c/0x180 arch/arm64/kernel/entry.S:663
Code: d2d40001 f2fbffe 91002260 d343fc02 (38e1684)
---[ end trace 4edf690313deda44 ]---
This is because since ec10a24, the option parsing happens before
fill_super and so the MTD device isn't associated with the filesystem.
Defer the size check until there is a valid association.
Fixes: ec10a24 ("vfs: Convert jffs2 to use the new mount API")
Cc: <stable@vger.kernel.org>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Jamie Iles <jamie@nuviainc.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
pull bot
pushed a commit
that referenced
this pull request
May 22, 2021
[ 612.157429] ================================================================== [ 612.158275] BUG: KASAN: use-after-free in process_one_work+0x90/0x9b0 [ 612.158801] Read of size 8 at addr ffff88810a31ca60 by task kworker/2:9/2382 [ 612.159611] CPU: 2 PID: 2382 Comm: kworker/2:9 Tainted: G OE 5.13.0-rc2+ #98 [ 612.159623] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 [ 612.159640] Workqueue: 0x0 (deferredclose) [ 612.159669] Call Trace: [ 612.159685] dump_stack+0xbb/0x107 [ 612.159711] print_address_description.constprop.0+0x18/0x140 [ 612.159733] ? process_one_work+0x90/0x9b0 [ 612.159743] ? process_one_work+0x90/0x9b0 [ 612.159754] kasan_report.cold+0x7c/0xd8 [ 612.159778] ? lock_is_held_type+0x80/0x130 [ 612.159789] ? process_one_work+0x90/0x9b0 [ 612.159812] kasan_check_range+0x145/0x1a0 [ 612.159834] process_one_work+0x90/0x9b0 [ 612.159877] ? pwq_dec_nr_in_flight+0x110/0x110 [ 612.159914] ? spin_bug+0x90/0x90 [ 612.159967] worker_thread+0x3b6/0x6c0 [ 612.160023] ? process_one_work+0x9b0/0x9b0 [ 612.160038] kthread+0x1dc/0x200 [ 612.160051] ? kthread_create_worker_on_cpu+0xd0/0xd0 [ 612.160092] ret_from_fork+0x1f/0x30 [ 612.160399] Allocated by task 2358: [ 612.160757] kasan_save_stack+0x1b/0x40 [ 612.160768] __kasan_kmalloc+0x9b/0xd0 [ 612.160778] cifs_new_fileinfo+0xb0/0x960 [cifs] [ 612.161170] cifs_open+0xadf/0xf20 [cifs] [ 612.161421] do_dentry_open+0x2aa/0x6b0 [ 612.161432] path_openat+0xbd9/0xfa0 [ 612.161441] do_filp_open+0x11d/0x230 [ 612.161450] do_sys_openat2+0x115/0x240 [ 612.161460] __x64_sys_openat+0xce/0x140 When mod_delayed_work is called to modify the delay of pending work, it might return false and queue a new work when pending work is already scheduled or when try to grab pending work failed. So, Increase the reference count when new work is scheduled to avoid use-after-free. Signed-off-by: Rohith Surabattula <rohiths@microsoft.com> Signed-off-by: Steve French <stfrench@microsoft.com>
pull bot
pushed a commit
that referenced
this pull request
Jul 3, 2021
The "auxtrace_info" and "auxtrace" functions are not set in "tool" member of
"annotate". As a result, perf annotate does not support parsing itrace data.
Before:
# perf record -e arm_spe_0/branch_filter=1/ -a sleep 1
[ perf record: Woken up 9 times to write data ]
[ perf record: Captured and wrote 20.874 MB perf.data ]
# perf annotate --stdio
Error:
The perf.data data has no samples!
Solution:
1. Add itrace options in help,
2. Set hook functions of "id_index", "auxtrace_info" and "auxtrace" in perf_tool.
After:
# perf record --all-user -e arm_spe_0/branch_filter=1/ ls
Couldn't synthesize bpf events.
perf.data
[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.010 MB perf.data ]
# perf annotate --stdio
Percent | Source code & Disassembly of libc-2.28.so for branch-miss (1 samples, percent: local period)
------------------------------------------------------------------------------------------------------------
:
:
:
: Disassembly of section .text:
:
: 0000000000066180 <__getdelim@@GLIBC_2.17>:
0.00 : 66180: stp x29, x30, [sp, #-96]!
0.00 : 66184: cmp x0, #0x0
0.00 : 66188: ccmp x1, #0x0, #0x4, ne // ne = any
0.00 : 6618c: mov x29, sp
0.00 : 66190: stp x24, x25, [sp, #56]
0.00 : 66194: stp x26, x27, [sp, #72]
0.00 : 66198: str x28, [sp, #88]
0.00 : 6619c: b.eq 66450 <__getdelim@@GLIBC_2.17+0x2d0> // b.none
0.00 : 661a0: stp x22, x23, [x29, #40]
0.00 : 661a4: mov x22, x1
0.00 : 661a8: ldr w1, [x3]
0.00 : 661ac: mov w23, w2
0.00 : 661b0: stp x20, x21, [x29, #24]
0.00 : 661b4: mov x20, x3
0.00 : 661b8: mov x21, x0
0.00 : 661bc: tbnz w1, #15, 66360 <__getdelim@@GLIBC_2.17+0x1e0>
0.00 : 661c0: ldr x0, [x3, #136]
0.00 : 661c4: ldr x2, [x0, #8]
0.00 : 661c8: str x19, [x29, #16]
0.00 : 661cc: mrs x19, tpidr_el0
0.00 : 661d0: sub x19, x19, #0x700
0.00 : 661d4: cmp x2, x19
0.00 : 661d8: b.eq 663f0 <__getdelim@@GLIBC_2.17+0x270> // b.none
0.00 : 661dc: mov w1, #0x1 // #1
0.00 : 661e0: ldaxr w2, [x0]
0.00 : 661e4: cmp w2, #0x0
0.00 : 661e8: b.ne 661f4 <__getdelim@@GLIBC_2.17+0x74> // b.any
0.00 : 661ec: stxr w3, w1, [x0]
0.00 : 661f0: cbnz w3, 661e0 <__getdelim@@GLIBC_2.17+0x60>
0.00 : 661f4: b.ne 66448 <__getdelim@@GLIBC_2.17+0x2c8> // b.any
0.00 : 661f8: ldr x0, [x20, #136]
0.00 : 661fc: ldr w1, [x20]
0.00 : 66200: ldr w2, [x0, #4]
0.00 : 66204: str x19, [x0, #8]
0.00 : 66208: add w2, w2, #0x1
0.00 : 6620c: str w2, [x0, #4]
0.00 : 66210: tbnz w1, #5, 66388 <__getdelim@@GLIBC_2.17+0x208>
0.00 : 66214: ldr x19, [x29, #16]
0.00 : 66218: ldr x0, [x21]
0.00 : 6621c: cbz x0, 66228 <__getdelim@@GLIBC_2.17+0xa8>
0.00 : 66220: ldr x0, [x22]
0.00 : 66224: cbnz x0, 6623c <__getdelim@@GLIBC_2.17+0xbc>
0.00 : 66228: mov x0, #0x78 // #120
0.00 : 6622c: str x0, [x22]
0.00 : 66230: bl 20710 <malloc@plt>
0.00 : 66234: str x0, [x21]
0.00 : 66238: cbz x0, 66428 <__getdelim@@GLIBC_2.17+0x2a8>
0.00 : 6623c: ldr x27, [x20, #8]
0.00 : 66240: str x19, [x29, #16]
0.00 : 66244: ldr x19, [x20, #16]
0.00 : 66248: sub x19, x19, x27
0.00 : 6624c: cmp x19, #0x0
0.00 : 66250: b.le 66398 <__getdelim@@GLIBC_2.17+0x218>
0.00 : 66254: mov x25, #0x0 // #0
0.00 : 66258: b 662d8 <__getdelim@@GLIBC_2.17+0x158>
0.00 : 6625c: nop
0.00 : 66260: add x24, x19, x25
0.00 : 66264: ldr x3, [x22]
0.00 : 66268: add x26, x24, #0x1
0.00 : 6626c: ldr x0, [x21]
0.00 : 66270: cmp x3, x26
0.00 : 66274: b.cs 6629c <__getdelim@@GLIBC_2.17+0x11c> // b.hs, b.nlast
0.00 : 66278: lsl x3, x3, #1
0.00 : 6627c: cmp x3, x26
0.00 : 66280: csel x26, x3, x26, cs // cs = hs, nlast
0.00 : 66284: mov x1, x26
0.00 : 66288: bl 206f0 <realloc@plt>
0.00 : 6628c: cbz x0, 66438 <__getdelim@@GLIBC_2.17+0x2b8>
0.00 : 66290: str x0, [x21]
0.00 : 66294: ldr x27, [x20, #8]
0.00 : 66298: str x26, [x22]
0.00 : 6629c: mov x2, x19
0.00 : 662a0: mov x1, x27
0.00 : 662a4: add x0, x0, x25
0.00 : 662a8: bl 87390 <explicit_bzero@@GLIBC_2.25+0x50>
0.00 : 662ac: ldr x0, [x20, #8]
0.00 : 662b0: add x19, x0, x19
0.00 : 662b4: str x19, [x20, #8]
0.00 : 662b8: cbnz x28, 66410 <__getdelim@@GLIBC_2.17+0x290>
0.00 : 662bc: mov x0, x20
0.00 : 662c0: bl 73b80 <__underflow@@GLIBC_2.17>
0.00 : 662c4: cmn w0, #0x1
0.00 : 662c8: b.eq 66410 <__getdelim@@GLIBC_2.17+0x290> // b.none
0.00 : 662cc: ldp x27, x19, [x20, #8]
0.00 : 662d0: mov x25, x24
0.00 : 662d4: sub x19, x19, x27
0.00 : 662d8: mov x2, x19
0.00 : 662dc: mov w1, w23
0.00 : 662e0: mov x0, x27
0.00 : 662e4: bl 807b0 <memchr@@GLIBC_2.17>
0.00 : 662e8: cmp x0, #0x0
0.00 : 662ec: mov x28, x0
0.00 : 662f0: sub x0, x0, x27
0.00 : 662f4: csinc x19, x19, x0, eq // eq = none
0.00 : 662f8: mov x0, #0x7fffffffffffffff // #9223372036854775807
0.00 : 662fc: sub x0, x0, x25
0.00 : 66300: cmp x19, x0
0.00 : 66304: b.lt 66260 <__getdelim@@GLIBC_2.17+0xe0> // b.tstop
0.00 : 66308: adrp x0, 17f000 <sys_sigabbrev@@GLIBC_2.17+0x320>
0.00 : 6630c: ldr x0, [x0, #3624]
0.00 : 66310: mrs x2, tpidr_el0
0.00 : 66314: ldr x19, [x29, #16]
0.00 : 66318: mov w3, #0x4b // #75
0.00 : 6631c: ldr w1, [x20]
0.00 : 66320: mov x24, #0xffffffffffffffff // #-1
0.00 : 66324: str w3, [x2, x0]
0.00 : 66328: tbnz w1, #15, 66340 <__getdelim@@GLIBC_2.17+0x1c0>
0.00 : 6632c: ldr x0, [x20, #136]
0.00 : 66330: ldr w1, [x0, #4]
0.00 : 66334: sub w1, w1, #0x1
0.00 : 66338: str w1, [x0, #4]
0.00 : 6633c: cbz w1, 663b8 <__getdelim@@GLIBC_2.17+0x238>
0.00 : 66340: mov x0, x24
0.00 : 66344: ldr x28, [sp, #88]
0.00 : 66348: ldp x20, x21, [x29, #24]
0.00 : 6634c: ldp x22, x23, [x29, #40]
0.00 : 66350: ldp x24, x25, [sp, #56]
0.00 : 66354: ldp x26, x27, [sp, #72]
0.00 : 66358: ldp x29, x30, [sp], #96
0.00 : 6635c: ret
100.00 : 66360: tbz w1, #5, 66218 <__getdelim@@GLIBC_2.17+0x98>
0.00 : 66364: ldp x20, x21, [x29, #24]
0.00 : 66368: mov x24, #0xffffffffffffffff // #-1
0.00 : 6636c: ldp x22, x23, [x29, #40]
0.00 : 66370: mov x0, x24
0.00 : 66374: ldp x24, x25, [sp, #56]
0.00 : 66378: ldp x26, x27, [sp, #72]
0.00 : 6637c: ldr x28, [sp, #88]
0.00 : 66380: ldp x29, x30, [sp], #96
0.00 : 66384: ret
0.00 : 66388: mov x24, #0xffffffffffffffff // #-1
0.00 : 6638c: ldr x19, [x29, #16]
0.00 : 66390: b 66328 <__getdelim@@GLIBC_2.17+0x1a8>
0.00 : 66394: nop
0.00 : 66398: mov x0, x20
0.00 : 6639c: bl 73b80 <__underflow@@GLIBC_2.17>
0.00 : 663a0: cmn w0, #0x1
0.00 : 663a4: b.eq 66438 <__getdelim@@GLIBC_2.17+0x2b8> // b.none
0.00 : 663a8: ldp x27, x19, [x20, #8]
0.00 : 663ac: sub x19, x19, x27
0.00 : 663b0: b 66254 <__getdelim@@GLIBC_2.17+0xd4>
0.00 : 663b4: nop
0.00 : 663b8: str xzr, [x0, #8]
0.00 : 663bc: ldxr w2, [x0]
0.00 : 663c0: stlxr w3, w1, [x0]
0.00 : 663c4: cbnz w3, 663bc <__getdelim@@GLIBC_2.17+0x23c>
0.00 : 663c8: cmp w2, #0x1
0.00 : 663cc: b.le 66340 <__getdelim@@GLIBC_2.17+0x1c0>
0.00 : 663d0: mov x1, #0x81 // #129
0.00 : 663d4: mov x2, #0x1 // #1
0.00 : 663d8: mov x3, #0x0 // #0
0.00 : 663dc: mov x8, #0x62 // #98
0.00 : 663e0: svc #0x0
0.00 : 663e4: ldp x20, x21, [x29, #24]
0.00 : 663e8: ldp x22, x23, [x29, #40]
0.00 : 663ec: b 66370 <__getdelim@@GLIBC_2.17+0x1f0>
0.00 : 663f0: ldr w2, [x0, #4]
0.00 : 663f4: add w2, w2, #0x1
0.00 : 663f8: str w2, [x0, #4]
0.00 : 663fc: tbz w1, #5, 66214 <__getdelim@@GLIBC_2.17+0x94>
0.00 : 66400: mov x24, #0xffffffffffffffff // #-1
0.00 : 66404: ldr x19, [x29, #16]
0.00 : 66408: b 66330 <__getdelim@@GLIBC_2.17+0x1b0>
0.00 : 6640c: nop
0.00 : 66410: ldr x0, [x21]
0.00 : 66414: strb wzr, [x0, x24]
0.00 : 66418: ldr w1, [x20]
0.00 : 6641c: ldr x19, [x29, #16]
0.00 : 66420: b 66328 <__getdelim@@GLIBC_2.17+0x1a8>
0.00 : 66424: nop
0.00 : 66428: mov x24, #0xffffffffffffffff // #-1
0.00 : 6642c: ldr w1, [x20]
0.00 : 66430: b 66328 <__getdelim@@GLIBC_2.17+0x1a8>
0.00 : 66434: nop
0.00 : 66438: mov x24, #0xffffffffffffffff // #-1
0.00 : 6643c: ldr w1, [x20]
0.00 : 66440: ldr x19, [x29, #16]
0.00 : 66444: b 66328 <__getdelim@@GLIBC_2.17+0x1a8>
0.00 : 66448: bl e3ba0 <pthread_setcanceltype@@GLIBC_2.17+0x30>
0.00 : 6644c: b 661f8 <__getdelim@@GLIBC_2.17+0x78>
0.00 : 66450: adrp x0, 17f000 <sys_sigabbrev@@GLIBC_2.17+0x320>
0.00 : 66454: ldr x0, [x0, #3624]
0.00 : 66458: mrs x1, tpidr_el0
0.00 : 6645c: mov w2, #0x16 // #22
0.00 : 66460: mov x24, #0xffffffffffffffff // #-1
0.00 : 66464: str w2, [x1, x0]
0.00 : 66468: b 66370 <__getdelim@@GLIBC_2.17+0x1f0>
0.00 : 6646c: ldr w1, [x20]
0.00 : 66470: mov x4, x0
0.00 : 66474: tbnz w1, #15, 6648c <__getdelim@@GLIBC_2.17+0x30c>
0.00 : 66478: ldr x0, [x20, #136]
0.00 : 6647c: ldr w1, [x0, #4]
0.00 : 66480: sub w1, w1, #0x1
0.00 : 66484: str w1, [x0, #4]
0.00 : 66488: cbz w1, 66494 <__getdelim@@GLIBC_2.17+0x314>
0.00 : 6648c: mov x0, x4
0.00 : 66490: bl 20e40 <gnu_get_libc_version@@GLIBC_2.17+0x130>
0.00 : 66494: str xzr, [x0, #8]
0.00 : 66498: ldxr w2, [x0]
0.00 : 6649c: stlxr w3, w1, [x0]
0.00 : 664a0: cbnz w3, 66498 <__getdelim@@GLIBC_2.17+0x318>
0.00 : 664a4: cmp w2, #0x1
0.00 : 664a8: b.le 6648c <__getdelim@@GLIBC_2.17+0x30c>
0.00 : 664ac: mov x1, #0x81 // #129
0.00 : 664b0: mov x2, #0x1 // #1
0.00 : 664b4: mov x3, #0x0 // #0
0.00 : 664b8: mov x8, #0x62 // #98
0.00 : 664bc: svc #0x0
0.00 : 664c0: b 6648c <__getdelim@@GLIBC_2.17+0x30c>
Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
Tested-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20210615091704.259202-1-yangjihong1@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
pull bot
pushed a commit
that referenced
this pull request
Oct 10, 2021
Commit 3c73b81 ("x86/entry, selftests: Further improve user entry sanity checks") added a warning if AC is set when in the kernel. Commit 662a022 ("x86/entry: Fix AC assertion") changed the warning to only fire if the CPU supports SMAP. However, the warning can still trigger on a machine that supports SMAP but where it's disabled in the kernel config and when running the syscall_nt selftest, for example: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 49 at irqentry_enter_from_user_mode CPU: 0 PID: 49 Comm: init Tainted: G T 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 RIP: 0010:irqentry_enter_from_user_mode ... Call Trace: ? irqentry_enter ? exc_general_protection ? asm_exc_general_protection ? asm_exc_general_protectio IS_ENABLED(CONFIG_X86_SMAP) could be added to the warning condition, but even this would not be enough in case SMAP is disabled at boot time with the "nosmap" parameter. To be consistent with "nosmap" behaviour, clear X86_FEATURE_SMAP when !CONFIG_X86_SMAP. Found using entry-fuzz + satrandconfig. [ bp: Massage commit message. ] Fixes: 3c73b81 ("x86/entry, selftests: Further improve user entry sanity checks") Fixes: 662a022 ("x86/entry: Fix AC assertion") Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Borislav Petkov <bp@suse.de> Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20211003223423.8666-1-vegard.nossum@oracle.com
pull bot
pushed a commit
that referenced
this pull request
Apr 28, 2024
There are several places where either chan->lock or chan->vchan.lock was not held. Add appropriate locking. This fixes lockdep warnings like [ 31.077578] ------------[ cut here ]------------ [ 31.077831] WARNING: CPU: 2 PID: 40 at drivers/dma/xilinx/xilinx_dpdma.c:834 xilinx_dpdma_chan_queue_transfer+0x274/0x5e0 [ 31.077953] Modules linked in: [ 31.078019] CPU: 2 PID: 40 Comm: kworker/u12:1 Not tainted 6.6.20+ #98 [ 31.078102] Hardware name: xlnx,zynqmp (DT) [ 31.078169] Workqueue: events_unbound deferred_probe_work_func [ 31.078272] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 31.078377] pc : xilinx_dpdma_chan_queue_transfer+0x274/0x5e0 [ 31.078473] lr : xilinx_dpdma_chan_queue_transfer+0x270/0x5e0 [ 31.078550] sp : ffffffc083bb2e10 [ 31.078590] x29: ffffffc083bb2e10 x28: 0000000000000000 x27: ffffff880165a168 [ 31.078754] x26: ffffff880164e920 x25: ffffff880164eab8 x24: ffffff880164d480 [ 31.078920] x23: ffffff880165a148 x22: ffffff880164e988 x21: 0000000000000000 [ 31.079132] x20: ffffffc082aa3000 x19: ffffff880164e880 x18: 0000000000000000 [ 31.079295] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 31.079453] x14: 0000000000000000 x13: ffffff8802263dc0 x12: 0000000000000001 [ 31.079613] x11: 0001ffc083bb2e34 x10: 0001ff880164e98f x9 : 0001ffc082aa3def [ 31.079824] x8 : 0001ffc082aa3dec x7 : 0000000000000000 x6 : 0000000000000516 [ 31.079982] x5 : ffffffc7f8d43000 x4 : ffffff88003c9c40 x3 : ffffffffffffffff [ 31.080147] x2 : ffffffc7f8d43000 x1 : 00000000000000c0 x0 : 0000000000000000 [ 31.080307] Call trace: [ 31.080340] xilinx_dpdma_chan_queue_transfer+0x274/0x5e0 [ 31.080518] xilinx_dpdma_issue_pending+0x11c/0x120 [ 31.080595] zynqmp_disp_layer_update+0x180/0x3ac [ 31.080712] zynqmp_dpsub_plane_atomic_update+0x11c/0x21c [ 31.080825] drm_atomic_helper_commit_planes+0x20c/0x684 [ 31.080951] drm_atomic_helper_commit_tail+0x5c/0xb0 [ 31.081139] commit_tail+0x234/0x294 [ 31.081246] drm_atomic_helper_commit+0x1f8/0x210 [ 31.081363] drm_atomic_commit+0x100/0x140 [ 31.081477] drm_client_modeset_commit_atomic+0x318/0x384 [ 31.081634] drm_client_modeset_commit_locked+0x8c/0x24c [ 31.081725] drm_client_modeset_commit+0x34/0x5c [ 31.081812] __drm_fb_helper_restore_fbdev_mode_unlocked+0x104/0x168 [ 31.081899] drm_fb_helper_set_par+0x50/0x70 [ 31.081971] fbcon_init+0x538/0xc48 [ 31.082047] visual_init+0x16c/0x23c [ 31.082207] do_bind_con_driver.isra.0+0x2d0/0x634 [ 31.082320] do_take_over_console+0x24c/0x33c [ 31.082429] do_fbcon_takeover+0xbc/0x1b0 [ 31.082503] fbcon_fb_registered+0x2d0/0x34c [ 31.082663] register_framebuffer+0x27c/0x38c [ 31.082767] __drm_fb_helper_initial_config_and_unlock+0x5c0/0x91c [ 31.082939] drm_fb_helper_initial_config+0x50/0x74 [ 31.083012] drm_fbdev_dma_client_hotplug+0xb8/0x108 [ 31.083115] drm_client_register+0xa0/0xf4 [ 31.083195] drm_fbdev_dma_setup+0xb0/0x1cc [ 31.083293] zynqmp_dpsub_drm_init+0x45c/0x4e0 [ 31.083431] zynqmp_dpsub_probe+0x444/0x5e0 [ 31.083616] platform_probe+0x8c/0x13c [ 31.083713] really_probe+0x258/0x59c [ 31.083793] __driver_probe_device+0xc4/0x224 [ 31.083878] driver_probe_device+0x70/0x1c0 [ 31.083961] __device_attach_driver+0x108/0x1e0 [ 31.084052] bus_for_each_drv+0x9c/0x100 [ 31.084125] __device_attach+0x100/0x298 [ 31.084207] device_initial_probe+0x14/0x20 [ 31.084292] bus_probe_device+0xd8/0xdc [ 31.084368] deferred_probe_work_func+0x11c/0x180 [ 31.084451] process_one_work+0x3ac/0x988 [ 31.084643] worker_thread+0x398/0x694 [ 31.084752] kthread+0x1bc/0x1c0 [ 31.084848] ret_from_fork+0x10/0x20 [ 31.084932] irq event stamp: 64549 [ 31.084970] hardirqs last enabled at (64548): [<ffffffc081adf35c>] _raw_spin_unlock_irqrestore+0x80/0x90 [ 31.085157] hardirqs last disabled at (64549): [<ffffffc081adf010>] _raw_spin_lock_irqsave+0xc0/0xdc [ 31.085277] softirqs last enabled at (64503): [<ffffffc08001071c>] __do_softirq+0x47c/0x500 [ 31.085390] softirqs last disabled at (64498): [<ffffffc080017134>] ____do_softirq+0x10/0x1c [ 31.085501] ---[ end trace 0000000000000000 ]--- Fixes: 7cbb0c6 ("dmaengine: xilinx: dpdma: Add the Xilinx DisplayPort DMA engine driver") Signed-off-by: Sean Anderson <sean.anderson@linux.dev> Reviewed-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com> Link: https://lore.kernel.org/r/20240308210034.3634938-2-sean.anderson@linux.dev Signed-off-by: Vinod Koul <vkoul@kernel.org>
pull bot
pushed a commit
that referenced
this pull request
Nov 21, 2024
Zijian Zhang says: ==================== Several fixes to test_sockmap and added push/pop logic for msg_verify_data Before the fixes, some of the tests in test_sockmap are problematic, resulting in pseudo-correct result. 1. txmsg_pass is not set in some tests, as a result, no eBPF program is attached to the sockmap. 2. In SENDPAGE, a wrong iov_length in test_send_large may result in some test skippings and failures. 3. The calculation of total_bytes in msg_loop_rx is wrong, which may cause msg_loop_rx end early and skip some data tests. Besides, for msg_verify_data, I added push/pop checking logic to function msg_verify_data and added more tests for different cases. After that, I found that there are some bugs in bpf_msg_push_data, bpf_msg_pop_data and sk_msg_reset_curr, and fix them. I guess the reason why they have not been exposed is that because of the above problems, they will not be triggered. With the fixes, we can pass the sockmap test with data integrity test now. However, the fixes to test_sockmap expose more problems in sockhash test with SENDPAGE and ktls with SENDPAGE. v1 -> v2: - Rebased to the latest bpf-next net branch. The problem I observed, 1. In sockhash test, a NULL pointer kernel BUG will be reported for nearly every cork test. More inspections are needed for splice_to_socket. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: Oops: 0000 [#3] PREEMPT SMP PTI CPU: 3 UID: 0 PID: 2122 Comm: test_sockmap 6.12.0-rc2.bm.1-amd64+ #98 Tainted: [D]=DIE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:splice_to_socket+0x34a/0x480 Call Trace: <TASK> ? __die_body+0x1e/0x60 ? page_fault_oops+0x159/0x4d0 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? splice_to_socket+0x34a/0x480 ? __memcg_slab_post_alloc_hook+0x205/0x3c0 ? alloc_pipe_info+0xd6/0x1f0 ? __kmalloc_noprof+0x37f/0x3b0 direct_splice_actor+0x40/0x100 splice_direct_to_actor+0xfd/0x290 ? __pfx_direct_splice_actor+0x10/0x10 do_splice_direct_actor+0x82/0xb0 ? __pfx_direct_file_splice_eof+0x10/0x10 do_splice_direct+0x13/0x20 ? __pfx_direct_splice_actor+0x10/0x10 do_sendfile+0x33c/0x3f0 __x64_sys_sendfile64+0xa7/0xc0 do_syscall_64+0x62/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> Modules linked in: CR2: 0000000000000008 ---[ end trace 0000000000000000 ]--- 2. txmsg_pass are not set before, and some tests are skipped. Now after the fixes, we have some failure cases now. More fixes are needed either for the selftest or the ktls kernel code. 1/ 6 sockhash:ktls:txmsg test passthrough:OK 2/ 6 sockhash:ktls:txmsg test redirect:OK 3/ 1 sockhash:ktls:txmsg test redirect wait send mem:OK 4/ 6 sockhash:ktls:txmsg test drop:OK 5/ 6 sockhash:ktls:txmsg test ingress redirect:OK 6/ 7 sockhash:ktls:txmsg test skb:OK 7/12 sockhash:ktls:txmsg test apply:OK 8/12 sockhash:ktls:txmsg test cork:OK 9/ 3 sockhash:ktls:txmsg test hanging corks:OK detected data corruption @Iov[0]:0 17 != 00, 03 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. detected data corruption @Iov[0]:0 17 != 00, 03 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. 10/11 sockhash:ktls:txmsg test push_data:FAIL detected data corruption @Iov[0]:0 17 != 00, 00 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. detected data corruption @Iov[0]:0 17 != 00, 00 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. detected data corruption @Iov[0]:0 17 != 00, 03 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. detected data corruption @Iov[0]:0 17 != 00, 03 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. detected data corruption @Iov[0]:0 17 != 00, 03 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. detected data corruption @Iov[0]:0 17 != 00, 03 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. detected data corruption @Iov[0]:0 17 != 00, 03 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. detected data corruption @Iov[0]:0 17 != 00, 03 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. 11/17 sockhash:ktls:txmsg test pull-data:FAIL recv failed(): Invalid argument rx thread exited with err 1. recv failed(): Invalid argument rx thread exited with err 1. recv failed(): Bad message rx thread exited with err 1. detected data corruption @Iov[0]:0 17 != 00, 03 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. detected data corruption @Iov[0]:0 17 != 00, 03 ?= 01 data verify msg failed: Unknown error -2001 rx thread exited with err 1. 12/ 9 sockhash:ktls:txmsg test pop-data:FAIL recv failed(): Bad message rx thread exited with err 1. recv failed(): Bad message rx thread exited with err 1. 13/ 6 sockhash:ktls:txmsg test push/pop data:FAIL 14/ 1 sockhash:ktls:txmsg test ingress parser:OK 15/ 0 sockhash:ktls:txmsg test ingress parser2:OK Pass: 11 Fail: 17 ==================== Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]. Want to support this open source service? Please star it : )