Merge 5.10.62 into android12-5.10-lts
Changes in 5.10.62 net: qrtr: fix another OOB Read in qrtr_endpoint_post bpf: Fix ringbuf helper function compatibility bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper ASoC: rt5682: Adjust headset volume button threshold ASoC: component: Remove misplaced prefix handling in pin control functions ARC: Fix CONFIG_STACKDEPOT netfilter: conntrack: collect all entries in one cycle once: Fix panic when module unload blk-iocost: fix lockdep warning on blkcg->lock ovl: fix uninitialized pointer read in ovl_lookup_real_one() net: mscc: Fix non-GPL export of regmap APIs can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters ceph: correctly handle releasing an embedded cap flush riscv: Ensure the value of FP registers in the core dump file is up to date Revert "btrfs: compression: don't try to compress if we don't have enough pages" drm/amdgpu: Cancel delayed work when GFXOFF is disabled Revert "USB: serial: ch341: fix character loss at high transfer rates" USB: serial: option: add new VID/PID to support Fibocom FG150 usb: renesas-xhci: Prefer firmware loading on unknown ROM state usb: dwc3: gadget: Fix dwc3_calc_trbs_left() usb: dwc3: gadget: Stop EP0 transfers during pullup disable scsi: core: Fix hang of freezing queue between blocking and running device RDMA/bnxt_re: Add missing spin lock initialization IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() ice: do not abort devlink info if board identifier can't be found net: usb: pegasus: fixes of set_register(s) return value evaluation; igc: fix page fault when thunderbolt is unplugged igc: Use num_tx_queues when iterating over tx_ring queue e1000e: Fix the max snoop/no-snoop latency for 10M e1000e: Do not take care about recovery NVM checksum RDMA/efa: Free IRQ vectors on error flow ip_gre: add validation for csum_start xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' net: marvell: fix MVNETA_TX_IN_PRGRS bit number ucounts: Increase ucounts reference counter before the security hook net/sched: ets: fix crash when flipping from 'strict' to 'quantum' ipv6: use siphash in rt6_exception_hash() ipv4: use siphash instead of Jenkins in fnhe_hashfun() cxgb4: dont touch blocked freelist bitmap after free rtnetlink: Return correct error on changing device netns net: hns3: clear hardware resource when loading driver net: hns3: add waiting time before cmdq memory is released net: hns3: fix duplicate node in VLAN list net: hns3: fix get wrong pfc_en when query PFC configuration Revert "mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711" net: stmmac: add mutex lock to protect est parameters net: stmmac: fix kernel panic due to NULL pointer dereference of plat->est drm/i915: Fix syncmap memory leak usb: gadget: u_audio: fix race condition on endpoint stop dt-bindings: sifive-l2-cache: Fix 'select' matching perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32 clk: renesas: rcar-usb2-clock-sel: Fix kernel NULL pointer dereference iwlwifi: pnvm: accept multiple HW-type TLVs opp: remove WARN when no valid OPPs remain cpufreq: blocklist Qualcomm sm8150 in cpufreq-dt-platdev virtio: Improve vq->broken access to avoid any compiler optimization virtio_pci: Support surprise removal of virtio pci device virtio_vdpa: reject invalid vq indices vringh: Use wiov->used to check for read/write desc order tools/virtio: fix build qed: qed ll2 race condition fixes qed: Fix null-pointer dereference in qed_rdma_create_qp() Revert "drm/amd/pm: fix workload mismatch on vega10" drm/amd/pm: change the workload type for some cards blk-mq: don't grab rq's refcount in blk_mq_check_expired() drm: Copy drm_wait_vblank to user before returning drm/nouveau/disp: power down unused DP links during init drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences net/rds: dma_map_sg is entitled to merge entries btrfs: fix race between marking inode needs to be logged and log syncing pipe: avoid unnecessary EPOLLET wakeups under normal loads pipe: do FASYNC notifications for every pipe IO, not just state changes mtd: spinand: Fix incorrect parameters for on-die ECC tipc: call tipc_wait_for_connect only when dlen is not 0 vt_kdsetmode: extend console locking Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS riscv: Fixup wrong ftrace remove cflag riscv: Fixup patch_text panic in ftrace perf env: Fix memory leak of bpf_prog_info_linear member perf symbol-elf: Fix memory leak by freeing sdt_note.args perf record: Fix memory leak in vDSO found using ASAN perf tools: Fix arm64 build error with gcc-11 perf annotate: Fix jump parsing for C++ code. powerpc/perf: Invoke per-CPU variable access with disabled interrupts srcu: Provide internal interface to start a Tree SRCU grace period srcu: Provide polling interfaces for Tree SRCU grace periods srcu: Provide internal interface to start a Tiny SRCU grace period srcu: Make Tiny SRCU use multi-bit grace-period counter srcu: Provide polling interfaces for Tiny SRCU grace periods tracepoint: Use rcu get state and cond sync for static call updates usb: typec: ucsi: acpi: Always decode connector change information usb: typec: ucsi: Work around PPM losing change information usb: typec: ucsi: Clear pending after acking connector change net: dsa: mt7530: fix VLAN traffic leaks again lkdtm: Enable DOUBLE_FAULT on all architectures arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88 btrfs: fix NULL pointer dereference when deleting device by invalid id kthread: Fix PF_KTHREAD vs to_kthread() race Revert "floppy: reintroduce O_NDELAY fix" Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat" net: don't unconditionally copy_from_user a struct ifreq for socket ioctls audit: move put_tree() to avoid trim_trees refcount underflow and UAF bpf: Fix potentially incorrect results with bpf_get_local_storage() Linux 5.10.62 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5a9bf4b2c254ae21a10f838494cae1c3fa016be3
This commit is contained in:
Greg Kroah-Hartman
@@ -28,6 +28,44 @@ extern tracepoint_ptr_t __stop___tracepoints_ptrs[];
|
||||
DEFINE_SRCU(tracepoint_srcu);
|
||||
EXPORT_SYMBOL_GPL(tracepoint_srcu);
|
||||
|
||||
enum tp_transition_sync {
|
||||
TP_TRANSITION_SYNC_1_0_1,
|
||||
TP_TRANSITION_SYNC_N_2_1,
|
||||
|
||||
_NR_TP_TRANSITION_SYNC,
|
||||
};
|
||||
|
||||
struct tp_transition_snapshot {
|
||||
unsigned long rcu;
|
||||
unsigned long srcu;
|
||||
bool ongoing;
|
||||
};
|
||||
|
||||
/* Protected by tracepoints_mutex */
|
||||
static struct tp_transition_snapshot tp_transition_snapshot[_NR_TP_TRANSITION_SYNC];
|
||||
|
||||
static void tp_rcu_get_state(enum tp_transition_sync sync)
|
||||
{
|
||||
struct tp_transition_snapshot *snapshot = &tp_transition_snapshot[sync];
|
||||
|
||||
/* Keep the latest get_state snapshot. */
|
||||
snapshot->rcu = get_state_synchronize_rcu();
|
||||
snapshot->srcu = start_poll_synchronize_srcu(&tracepoint_srcu);
|
||||
snapshot->ongoing = true;
|
||||
}
|
||||
|
||||
static void tp_rcu_cond_sync(enum tp_transition_sync sync)
|
||||
{
|
||||
struct tp_transition_snapshot *snapshot = &tp_transition_snapshot[sync];
|
||||
|
||||
if (!snapshot->ongoing)
|
||||
return;
|
||||
cond_synchronize_rcu(snapshot->rcu);
|
||||
if (!poll_state_synchronize_srcu(&tracepoint_srcu, snapshot->srcu))
|
||||
synchronize_srcu(&tracepoint_srcu);
|
||||
snapshot->ongoing = false;
|
||||
}
|
||||
|
||||
/* Set to 1 to enable tracepoint debug output */
|
||||
static const int tracepoint_debug;
|
||||
|
||||
@@ -332,6 +370,11 @@ static int tracepoint_add_func(struct tracepoint *tp,
|
||||
*/
|
||||
switch (nr_func_state(tp_funcs)) {
|
||||
case TP_FUNC_1: /* 0->1 */
|
||||
/*
|
||||
* Make sure new static func never uses old data after a
|
||||
* 1->0->1 transition sequence.
|
||||
*/
|
||||
tp_rcu_cond_sync(TP_TRANSITION_SYNC_1_0_1);
|
||||
/* Set static call to first function */
|
||||
tracepoint_update_call(tp, tp_funcs);
|
||||
/* Both iterator and static call handle NULL tp->funcs */
|
||||
@@ -346,10 +389,15 @@ static int tracepoint_add_func(struct tracepoint *tp,
|
||||
* Requires ordering between RCU assign/dereference and
|
||||
* static call update/call.
|
||||
*/
|
||||
rcu_assign_pointer(tp->funcs, tp_funcs);
|
||||
break;
|
||||
fallthrough;
|
||||
case TP_FUNC_N: /* N->N+1 (N>1) */
|
||||
rcu_assign_pointer(tp->funcs, tp_funcs);
|
||||
/*
|
||||
* Make sure static func never uses incorrect data after a
|
||||
* N->...->2->1 (N>1) transition sequence.
|
||||
*/
|
||||
if (tp_funcs[0].data != old[0].data)
|
||||
tp_rcu_get_state(TP_TRANSITION_SYNC_N_2_1);
|
||||
break;
|
||||
default:
|
||||
WARN_ON_ONCE(1);
|
||||
@@ -393,24 +441,23 @@ static int tracepoint_remove_func(struct tracepoint *tp,
|
||||
/* Both iterator and static call handle NULL tp->funcs */
|
||||
rcu_assign_pointer(tp->funcs, NULL);
|
||||
/*
|
||||
* Make sure new func never uses old data after a 1->0->1
|
||||
* transition sequence.
|
||||
* Considering that transition 0->1 is the common case
|
||||
* and don't have rcu-sync, issue rcu-sync after
|
||||
* transition 1->0 to break that sequence by waiting for
|
||||
* readers to be quiescent.
|
||||
* Make sure new static func never uses old data after a
|
||||
* 1->0->1 transition sequence.
|
||||
*/
|
||||
tracepoint_synchronize_unregister();
|
||||
tp_rcu_get_state(TP_TRANSITION_SYNC_1_0_1);
|
||||
break;
|
||||
case TP_FUNC_1: /* 2->1 */
|
||||
rcu_assign_pointer(tp->funcs, tp_funcs);
|
||||
/*
|
||||
* On 2->1 transition, RCU sync is needed before setting
|
||||
* static call to first callback, because the observer
|
||||
* may have loaded any prior tp->funcs after the last one
|
||||
* associated with an rcu-sync.
|
||||
* Make sure static func never uses incorrect data after a
|
||||
* N->...->2->1 (N>2) transition sequence. If the first
|
||||
* element's data has changed, then force the synchronization
|
||||
* to prevent current readers that have loaded the old data
|
||||
* from calling the new function.
|
||||
*/
|
||||
tracepoint_synchronize_unregister();
|
||||
if (tp_funcs[0].data != old[0].data)
|
||||
tp_rcu_get_state(TP_TRANSITION_SYNC_N_2_1);
|
||||
tp_rcu_cond_sync(TP_TRANSITION_SYNC_N_2_1);
|
||||
/* Set static call to first function */
|
||||
tracepoint_update_call(tp, tp_funcs);
|
||||
break;
|
||||
@@ -418,6 +465,12 @@ static int tracepoint_remove_func(struct tracepoint *tp,
|
||||
fallthrough;
|
||||
case TP_FUNC_N:
|
||||
rcu_assign_pointer(tp->funcs, tp_funcs);
|
||||
/*
|
||||
* Make sure static func never uses incorrect data after a
|
||||
* N->...->2->1 (N>2) transition sequence.
|
||||
*/
|
||||
if (tp_funcs[0].data != old[0].data)
|
||||
tp_rcu_get_state(TP_TRANSITION_SYNC_N_2_1);
|
||||
break;
|
||||
default:
|
||||
WARN_ON_ONCE(1);
|
||||
|
||||
Reference in New Issue
Block a user