Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.1.9 2015-05-08T17:59:24Z 2015-05-08T17:59:24Z Steven Rostedt rostedt@goodmis.org 2015-05-08T17:36:23Z urn:sha1:37815bf866ab6722a47550f8d25ad3f1a16a680c The module notifier call chain for MODULE_STATE_COMING was moved up before the parsing of args, into the complete_formation() call. But if the module failed to load after that, the notifier call chain for MODULE_STATE_GOING was never called and that prevented the users of those call chains from cleaning up anything that was allocated. Link: http://lkml.kernel.org/r/554C52B9.9060700@gmail.com Reported-by: Pontus Fuchs <pontus.fuchs@gmail.com> Fixes: 4982223e51e8 "module: set nx before marking module MODULE_STATE_COMING" Cc: stable@vger.kernel.org # 3.16+ Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2015-04-22T16:49:24Z Linus Torvalds torvalds@linux-foundation.org 2015-04-22T16:49:24Z urn:sha1:15ce2658ddbd3db20dfba3622f3d224f01837fdc Pull module updates from Rusty Russell: "Quentin opened a can of worms by adding extable entry checking to modpost, but most architectures seem fixed now. Thanks to all involved. Last minute rebase because I noticed a "[PATCH]" had snuck into a commit message somehow" * tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: modpost: don't emit section mismatch warnings for compiler optimizations modpost: expand pattern matching to support substring matches modpost: do not try to match the SHT_NUL section. modpost: fix extable entry size calculation. modpost: fix inverted logic in is_extable_fault_address(). modpost: handle -ffunction-sections modpost: Whitelist .text.fixup and .exception.text params: handle quotes properly for values not of form foo="bar". modpost: document the use of struct section_check. modpost: handle relocations mismatch in __ex_table. scripts: add check_extable.sh script. modpost: mismatch_handler: retrieve tosym information only when needed. modpost: factorize symbol pretty print in get_pretty_name(). modpost: add handler function pointer to sectioncheck. modpost: add .sched.text and .kprobes.text to the TEXT_SECTIONS list. modpost: add strict white-listing when referencing sections. module: do not print allocation-fail warning on bogus user buffer size kernel/module.c: fix typos in message about unused symbols 2015-04-14T17:49:03Z Linus Torvalds torvalds@linux-foundation.org 2015-04-14T17:49:03Z urn:sha1:eeee78cf77df0450ca285a7cd6d73842181e825c Pull tracing updates from Steven Rostedt: "Some clean ups and small fixes, but the biggest change is the addition of the TRACE_DEFINE_ENUM() macro that can be used by tracepoints. Tracepoints have helper functions for the TP_printk() called __print_symbolic() and __print_flags() that lets a numeric number be displayed as a a human comprehensible text. What is placed in the TP_printk() is also shown in the tracepoint format file such that user space tools like perf and trace-cmd can parse the binary data and express the values too. Unfortunately, the way the TRACE_EVENT() macro works, anything placed in the TP_printk() will be shown pretty much exactly as is. The problem arises when enums are used. That's because unlike macros, enums will not be changed into their values by the C pre-processor. Thus, the enum string is exported to the format file, and this makes it useless for user space tools. The TRACE_DEFINE_ENUM() solves this by converting the enum strings in the TP_printk() format into their number, and that is what is shown to user space. For example, the tracepoint tlb_flush currently has this in its format file: __print_symbolic(REC->reason, { TLB_FLUSH_ON_TASK_SWITCH, "flush on task switch" }, { TLB_REMOTE_SHOOTDOWN, "remote shootdown" }, { TLB_LOCAL_SHOOTDOWN, "local shootdown" }, { TLB_LOCAL_MM_SHOOTDOWN, "local mm shootdown" }) After adding: TRACE_DEFINE_ENUM(TLB_FLUSH_ON_TASK_SWITCH); TRACE_DEFINE_ENUM(TLB_REMOTE_SHOOTDOWN); TRACE_DEFINE_ENUM(TLB_LOCAL_SHOOTDOWN); TRACE_DEFINE_ENUM(TLB_LOCAL_MM_SHOOTDOWN); Its format file will contain this: __print_symbolic(REC->reason, { 0, "flush on task switch" }, { 1, "remote shootdown" }, { 2, "local shootdown" }, { 3, "local mm shootdown" })" * tag 'trace-v4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: (27 commits) tracing: Add enum_map file to show enums that have been mapped writeback: Export enums used by tracepoint to user space v4l: Export enums used by tracepoints to user space SUNRPC: Export enums in tracepoints to user space mm: tracing: Export enums in tracepoints to user space irq/tracing: Export enums in tracepoints to user space f2fs: Export the enums in the tracepoints to userspace net/9p/tracing: Export enums in tracepoints to userspace x86/tlb/trace: Export enums in used by tlb_flush tracepoint tracing/samples: Update the trace-event-sample.h with TRACE_DEFINE_ENUM() tracing: Allow for modules to convert their enums to values tracing: Add TRACE_DEFINE_ENUM() macro to map enums to their values tracing: Update trace-event-sample with TRACE_SYSTEM_VAR documentation tracing: Give system name a pointer brcmsmac: Move each system tracepoints to their own header iwlwifi: Move each system tracepoints to their own header mac80211: Move message tracepoints to their own header tracing: Add TRACE_SYSTEM_VAR to xhci-hcd tracing: Add TRACE_SYSTEM_VAR to kvm-s390 tracing: Add TRACE_SYSTEM_VAR to intel-sst ... 2015-04-08T21:35:48Z Linus Torvalds torvalds@linux-foundation.org 2015-04-07T17:33:49Z urn:sha1:3afe9f849600645723246baa95e7559caeca6ce9 Unlike most (all?) other copies from user space, kernel module loading is almost unlimited in size. So we do a potentially huge "copy_from_user()" when we copy the module data from user space to the kernel buffer, which can be a latency concern when preemption is disabled (or voluntary). Also, because 'copy_from_user()' clears the tail of the kernel buffer on failures, even a *failed* copy can end up wasting a lot of time. Normally neither of these are concerns in real life, but they do trigger when doing stress-testing with trinity. Running in a VM seems to add its own overheadm causing trinity module load testing to even trigger the watchdog. The simple fix is to just chunk up the module loading, so that it never tries to copy insanely big areas in one go. That bounds the latency, and also the amount of (unnecessarily, in this case) cleared memory for the failure case. Reported-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2015-04-08T13:39:57Z Steven Rostedt (Red Hat) rostedt@goodmis.org 2015-03-25T19:44:21Z urn:sha1:3673b8e4ce7237160fa31ee8d7e94a4d5a9976a1 Update the infrastructure such that modules that declare TRACE_DEFINE_ENUM() will have those enums converted into their values in the tracepoint print fmt strings. Link: http://lkml.kernel.org/r/87vbhjp74q.fsf@rustcorp.com.au Acked-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Tested-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> 2015-03-24T02:02:37Z Kirill A. Shutemov kirill.shutemov@linux.intel.com 2015-03-24T02:01:40Z urn:sha1:cc9e605dc6cb2e32fedae4ac2f61ad3b5f8d623d init_module(2) passes user-specified buffer length directly to vmalloc(). It makes warn_alloc_failed() to print out a lot of info into dmesg if user specified insane size, like -1. Let's silence the warning. It doesn't add much value to -ENOMEM return code. Without the patch the syscall is prohibitive noisy for testing with trinity. Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Dave Jones <davej@codemonkey.org.uk> Cc: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2015-03-24T02:02:36Z Yannick Guerrini yguerrini@tomshardware.fr 2015-03-24T02:01:40Z urn:sha1:7b63c3ab9b10b8a9cdc6b3a9e0e3d6a8a5d28970 Fix typos in pr_warn message about unused symbols Signed-off-by: Yannick Guerrini <yguerrini@tomshardware.fr> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2015-03-23T09:49:07Z Peter Zijlstra peterz@infradead.org 2015-02-26T15:23:11Z urn:sha1:35a9393c95b31870a74f51a3e7455f33f5657b6f Module unload calls lockdep_free_key_range(), which removes entries from the data structures. Most of the lockdep code OTOH assumes the data structures are append only; in specific see the comments in add_lock_to_list() and look_up_lock_class(). Clearly this has only worked by accident; make it work proper. The actual scenario to make it go boom would involve the memory freed by the module unlock being re-allocated and re-used for a lock inside of a rcu-sched grace period. This is a very unlikely scenario, still better plug the hole. Use RCU list iteration in all places and ammend the comments. Change lockdep_free_key_range() to issue a sync_sched() between removal from the lists and returning -- which results in the memory being freed. Further ensure the callers are placed correctly and comment the requirements. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrey Tsyvarev <tsyvarev@ispras.ru> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@kernel.org> 2015-03-13T01:46:08Z Andrey Ryabinin a.ryabinin@samsung.com 2015-03-12T23:26:11Z urn:sha1:a5af5aa8b67dfdba36c853b70564fd2dfe73d478 Current approach in handling shadow memory for modules is broken. Shadow memory could be freed only after memory shadow corresponds it is no longer used. vfree() called from interrupt context could use memory its freeing to store 'struct llist_node' in it: void vfree(const void *addr) { ... if (unlikely(in_interrupt())) { struct vfree_deferred *p = this_cpu_ptr(&vfree_deferred); if (llist_add((struct llist_node *)addr, &p->list)) schedule_work(&p->wq); Later this list node used in free_work() which actually frees memory. Currently module_memfree() called in interrupt context will free shadow before freeing module's memory which could provoke kernel crash. So shadow memory should be freed after module's memory. However, such deallocation order could race with kasan_module_alloc() in module_alloc(). Free shadow right before releasing vm area. At this point vfree()'d memory is not used anymore and yet not available for other allocations. New VM_KASAN flag used to indicate that vm area has dynamically allocated shadow memory so kasan frees shadow only if it was previously allocated. Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com> Acked-by: Rusty Russell <rusty@rustcorp.com.au> Cc: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2015-03-06T12:04:22Z Laura Abbott lauraa@codeaurora.org 2015-02-25T22:14:57Z urn:sha1:168e47f2a6581fdbc5bb1845aeca1e50e2bc5c4b When CONFIG_DEBUG_SET_MODULE_RONX is enabled, the sizes of module sections are aligned up so appropriate permissions can be applied. Adjusting for the symbol table may cause them to become unaligned. Make sure to re-align the sizes afterward. Signed-off-by: Laura Abbott <lauraa@codeaurora.org> Acked-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>