bpf: fix raw_tp test run in preempt kernel#135
Closed
kernel-patches-bot wants to merge 1 commit intobpf-nextfrom
Closed
bpf: fix raw_tp test run in preempt kernel#135kernel-patches-bot wants to merge 1 commit intobpf-nextfrom
kernel-patches-bot wants to merge 1 commit intobpf-nextfrom
Conversation
Author
|
Master branch: 963ec27 Pull request is NOT updated. Failed to apply https://patchwork.kernel.org/project/bpf/list/?series=357455 conflict: |
Author
|
At least one diff in series https://patchwork.kernel.org/project/bpf/list/?series=357455 irrelevant now. Closing PR. |
kernel-patches-bot
pushed a commit
that referenced
this pull request
Mar 24, 2022
Remove the spinlock around the tree traversal as we are calling possibly sleeping functions. We do not need a spinlock here as there will be no modifications to this tree at this point. This prevents warnings like this to occur in dmesg: [ 653.774996] BUG: sleeping function called from invalid context at kernel/loc\ king/mutex.c:280 [ 653.775088] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1827, nam\ e: umount [ 653.775152] preempt_count: 1, expected: 0 [ 653.775191] CPU: 0 PID: 1827 Comm: umount Tainted: G W OE 5.17.0\ -rc7-00006-g4eb628dd74df #135 [ 653.775195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-\ 1.fc33 04/01/2014 [ 653.775197] Call Trace: [ 653.775199] <TASK> [ 653.775202] dump_stack_lvl+0x34/0x44 [ 653.775209] __might_resched.cold+0x13f/0x172 [ 653.775213] mutex_lock+0x75/0xf0 [ 653.775217] ? __mutex_lock_slowpath+0x10/0x10 [ 653.775220] ? _raw_write_lock_irq+0xd0/0xd0 [ 653.775224] ? dput+0x6b/0x360 [ 653.775228] cifs_kill_sb+0xff/0x1d0 [cifs] [ 653.775285] deactivate_locked_super+0x85/0x130 [ 653.775289] cleanup_mnt+0x32c/0x4d0 [ 653.775292] ? path_umount+0x228/0x380 [ 653.775296] task_work_run+0xd8/0x180 [ 653.775301] exit_to_user_mode_loop+0x152/0x160 [ 653.775306] exit_to_user_mode_prepare+0x89/0xd0 [ 653.775315] syscall_exit_to_user_mode+0x12/0x30 [ 653.775322] do_syscall_64+0x48/0x90 [ 653.775326] entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: 187af6e98b44e5d8f25e1d41a92db138eb54416f ("cifs: fix handlecache and multiuser") Reported-by: kernel test robot <oliver.sang@intel.com> Cc: stable@vger.kernel.org Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by: Steve French <stfrench@microsoft.com>
kernel-patches-bot
pushed a commit
that referenced
this pull request
Dec 11, 2022
Currently tpm transactions are executed unconditionally in tpm_pm_suspend() function, which may lead to races with other tpm accessors in the system. Specifically, the hw_random tpm driver makes use of tpm_get_random(), and this function is called in a loop from a kthread, which means it's not frozen alongside userspace, and so can race with the work done during system suspend: tpm tpm0: tpm_transmit: tpm_recv: error -52 tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 Call Trace: tpm_tis_status.cold+0x19/0x20 tpm_transmit+0x13b/0x390 tpm_transmit_cmd+0x20/0x80 tpm1_pm_suspend+0xa6/0x110 tpm_pm_suspend+0x53/0x80 __pnp_bus_suspend+0x35/0xe0 __device_suspend+0x10f/0x350 Fix this by calling tpm_try_get_ops(), which itself is a wrapper around tpm_chip_start(), but takes the appropriate mutex. Signed-off-by: Jan Dabros <jsd@semihalf.com> Reported-by: Vlastimil Babka <vbabka@suse.cz> Tested-by: Jason A. Donenfeld <Jason@zx2c4.com> Tested-by: Vlastimil Babka <vbabka@suse.cz> Link: https://lore.kernel.org/all/c5ba47ef-393f-1fba-30bd-1230d1b4b592@suse.cz/ Cc: stable@vger.kernel.org Fixes: e891db1 ("tpm: turn on TPM on suspend for TPM 1.x") [Jason: reworked commit message, added metadata] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kernel-patches-bot
pushed a commit
that referenced
this pull request
Dec 20, 2022
It checks the perf event sample access with bpf_cast_to_kern_ctx(). It should access sample data only event->attr.sample_type allows. Other fields might not be initialized. $ ./vmtest.sh ./test_progs -t perf_event_read_sample ... #135/1 perf_event_read_sample/perf_event_read_sample_ok:OK #135/2 perf_event_read_sample/perf_event_read_sample_invalid:OK #135 perf_event_read_sample:OK Signed-off-by: Namhyung Kim <namhyung@kernel.org>
kernel-patches-bot
pushed a commit
that referenced
this pull request
Dec 21, 2022
It checks the perf event sample access with bpf_cast_to_kern_ctx(). It should access sample data only event->attr.sample_type allows. Other fields might not be initialized. $ ./vmtest.sh ./test_progs -t perf_event_read_sample ... #135/1 perf_event_read_sample/perf_event_read_sample_ok:OK #135/2 perf_event_read_sample/perf_event_read_sample_invalid:OK #135 perf_event_read_sample:OK Signed-off-by: Namhyung Kim <namhyung@kernel.org>
kernel-patches-bot
pushed a commit
that referenced
this pull request
Dec 21, 2022
It checks the perf event sample access with bpf_cast_to_kern_ctx(). It should access sample data only event->attr.sample_type allows. Other fields might not be initialized. $ ./vmtest.sh ./test_progs -t perf_event_read_sample ... #135/1 perf_event_read_sample/perf_event_read_sample_ok:OK #135/2 perf_event_read_sample/perf_event_read_sample_invalid:OK #135 perf_event_read_sample:OK Signed-off-by: Namhyung Kim <namhyung@kernel.org>
kernel-patches-bot
pushed a commit
that referenced
this pull request
Dec 21, 2022
It checks the perf event sample access with bpf_cast_to_kern_ctx(). It should access sample data only event->attr.sample_type allows. Other fields might not be initialized. $ ./vmtest.sh ./test_progs -t perf_event_read_sample ... #135/1 perf_event_read_sample/perf_event_read_sample_ok:OK #135/2 perf_event_read_sample/perf_event_read_sample_invalid:OK #135 perf_event_read_sample:OK Signed-off-by: Namhyung Kim <namhyung@kernel.org>
kernel-patches-bot
pushed a commit
that referenced
this pull request
Dec 21, 2022
It checks the perf event sample access with bpf_cast_to_kern_ctx(). It should access sample data only event->attr.sample_type allows. Other fields might not be initialized. $ ./vmtest.sh ./test_progs -t perf_event_read_sample ... #135/1 perf_event_read_sample/perf_event_read_sample_ok:OK #135/2 perf_event_read_sample/perf_event_read_sample_invalid:OK #135 perf_event_read_sample:OK Signed-off-by: Namhyung Kim <namhyung@kernel.org>
kernel-patches-bot
pushed a commit
that referenced
this pull request
Dec 21, 2022
It checks the perf event sample access with bpf_cast_to_kern_ctx(). It should access sample data only event->attr.sample_type allows. Other fields might not be initialized. $ ./vmtest.sh ./test_progs -t perf_event_read_sample ... #135/1 perf_event_read_sample/perf_event_read_sample_ok:OK #135/2 perf_event_read_sample/perf_event_read_sample_invalid:OK #135 perf_event_read_sample:OK Signed-off-by: Namhyung Kim <namhyung@kernel.org>
kernel-patches-daemon-bpf bot
pushed a commit
that referenced
this pull request
Aug 17, 2023
LE Create CIS command shall not be sent before all CIS Established events from its previous invocation have been processed. Currently it is sent via hci_sync but that only waits for the first event, but there can be multiple. Make it wait for all events, and simplify the CIS creation as follows: Add new flag HCI_CONN_CREATE_CIS, which is set if Create CIS has been sent for the connection but it is not yet completed. Make BT_CONNECT state to mean the connection wants Create CIS. On events after which new Create CIS may need to be sent, send it if possible and some connections need it. These events are: hci_connect_cis, iso_connect_cfm, hci_cs_le_create_cis, hci_le_cis_estabilished_evt. The Create CIS status/completion events shall queue new Create CIS only if at least one of the connections transitions away from BT_CONNECT, so that we don't loop if controller is sending bogus events. This fixes sending multiple CIS Create for the same CIS in the "ISO AC 6(i) - Success" BlueZ test case: < HCI Command: LE Create Co.. (0x08|0x0064) plen 9 #129 [hci0] Number of CIS: 2 CIS Handle: 257 ACL Handle: 42 CIS Handle: 258 ACL Handle: 42 > HCI Event: Command Status (0x0f) plen 4 #130 [hci0] LE Create Connected Isochronous Stream (0x08|0x0064) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 29 #131 [hci0] LE Connected Isochronous Stream Established (0x19) Status: Success (0x00) Connection Handle: 257 ... < HCI Command: LE Setup Is.. (0x08|0x006e) plen 13 #132 [hci0] ... > HCI Event: Command Complete (0x0e) plen 6 #133 [hci0] LE Setup Isochronous Data Path (0x08|0x006e) ncmd 1 ... < HCI Command: LE Create Co.. (0x08|0x0064) plen 5 #134 [hci0] Number of CIS: 1 CIS Handle: 258 ACL Handle: 42 > HCI Event: Command Status (0x0f) plen 4 #135 [hci0] LE Create Connected Isochronous Stream (0x08|0x0064) ncmd 1 Status: ACL Connection Already Exists (0x0b) > HCI Event: LE Meta Event (0x3e) plen 29 #136 [hci0] LE Connected Isochronous Stream Established (0x19) Status: Success (0x00) Connection Handle: 258 ... Fixes: c09b80b ("Bluetooth: hci_conn: Fix not waiting for HCI_EVT_LE_CIS_ESTABLISHED") Signed-off-by: Pauli Virtanen <pav@iki.fi> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
kernel-patches-daemon-bpf bot
pushed a commit
that referenced
this pull request
Dec 19, 2023
syzkaller report: kernel BUG at net/core/skbuff.c:3452! invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.7.0-rc4-00009-gbee0e7762ad2-dirty #135 RIP: 0010:skb_copy_and_csum_bits (net/core/skbuff.c:3452) Call Trace: icmp_glue_bits (net/ipv4/icmp.c:357) __ip_append_data.isra.0 (net/ipv4/ip_output.c:1165) ip_append_data (net/ipv4/ip_output.c:1362 net/ipv4/ip_output.c:1341) icmp_push_reply (net/ipv4/icmp.c:370) __icmp_send (./include/net/route.h:252 net/ipv4/icmp.c:772) ip_fragment.constprop.0 (./include/linux/skbuff.h:1234 net/ipv4/ip_output.c:592 net/ipv4/ip_output.c:577) __ip_finish_output (net/ipv4/ip_output.c:311 net/ipv4/ip_output.c:295) ip_output (net/ipv4/ip_output.c:427) __ip_queue_xmit (net/ipv4/ip_output.c:535) __tcp_transmit_skb (net/ipv4/tcp_output.c:1462) __tcp_retransmit_skb (net/ipv4/tcp_output.c:3387) tcp_retransmit_skb (net/ipv4/tcp_output.c:3404) tcp_retransmit_timer (net/ipv4/tcp_timer.c:604) tcp_write_timer (./include/linux/spinlock.h:391 net/ipv4/tcp_timer.c:716) The panic issue was trigered by tcp simultaneous initiation. The initiation process is as follows: TCP A TCP B 1. CLOSED CLOSED 2. SYN-SENT --> <SEQ=100><CTL=SYN> ... 3. SYN-RECEIVED <-- <SEQ=300><CTL=SYN> <-- SYN-SENT 4. ... <SEQ=100><CTL=SYN> --> SYN-RECEIVED 5. SYN-RECEIVED --> <SEQ=100><ACK=301><CTL=SYN,ACK> ... // TCP B: not send challenge ack for ack limit or packet loss // TCP A: close tcp_close tcp_send_fin if (!tskb && tcp_under_memory_pressure(sk)) tskb = skb_rb_last(&sk->tcp_rtx_queue); //pick SYN_ACK packet TCP_SKB_CB(tskb)->tcp_flags |= TCPHDR_FIN; // set FIN flag 6. FIN_WAIT_1 --> <SEQ=100><ACK=301><END_SEQ=102><CTL=SYN,FIN,ACK> ... // TCP B: send challenge ack to SYN_FIN_ACK 7. ... <SEQ=301><ACK=101><CTL=ACK> <-- SYN-RECEIVED //challenge ack // TCP A: <SND.UNA=101> 8. FIN_WAIT_1 --> <SEQ=101><ACK=301><END_SEQ=102><CTL=SYN,FIN,ACK> ... // retransmit panic __tcp_retransmit_skb //skb->len=0 tcp_trim_head len = tp->snd_una - TCP_SKB_CB(skb)->seq // len=101-100 __pskb_trim_head skb->data_len -= len // skb->len=-1, wrap around ... ... ip_fragment icmp_glue_bits //BUG_ON If we use tcp_trim_head() to remove acked SYN from packet that contains data or other flags, skb->len will be incorrectly decremented. We can remove SYN flag that has been acked from rtx_queue earlier than tcp_trim_head(), which can fix the problem mentioned above. Fixes: 1da177e ("Linux-2.6.12-rc2") Co-developed-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Dong Chenchen <dongchenchen2@huawei.com> Link: https://lore.kernel.org/r/20231210020200.1539875-1-dongchenchen2@huawei.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
dubeyabhishek
pushed a commit
to dubeyabhishek/bpf-next
that referenced
this pull request
Feb 1, 2026
Allow get_func_args, and get_func_ip fsession selftests to run on powerpc64. # ./test_progs -t fsession kernel-patches#135/1 fsession_test/fsession_test:OK kernel-patches#135/2 fsession_test/fsession_reattach:OK kernel-patches#135/3 fsession_test/fsession_cookie:OK kernel-patches#135 fsession_test:OK Summary: 1/3 PASSED, 0 SKIPPED, 0 FAILED # ./test_progs -t get_func kernel-patches#138 get_func_args_test:OK kernel-patches#139 get_func_ip_test:OK Summary: 2/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Abhishek Dubey <adubey@linux.ibm.com>
dubeyabhishek
pushed a commit
to dubeyabhishek/bpf-next
that referenced
this pull request
Feb 1, 2026
Allow get_func_args, and get_func_ip fsession selftests to run on powerpc64. # ./test_progs -t fsession kernel-patches#135/1 fsession_test/fsession_test:OK kernel-patches#135/2 fsession_test/fsession_reattach:OK kernel-patches#135/3 fsession_test/fsession_cookie:OK kernel-patches#135 fsession_test:OK Summary: 1/3 PASSED, 0 SKIPPED, 0 FAILED # ./test_progs -t get_func kernel-patches#138 get_func_args_test:OK kernel-patches#139 get_func_ip_test:OK Summary: 2/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Abhishek Dubey <adubey@linux.ibm.com>
dubeyabhishek
pushed a commit
to dubeyabhishek/bpf-next
that referenced
this pull request
Feb 2, 2026
Allow get_func_args, and get_func_ip fsession selftests to run on powerpc64. # ./test_progs -t fsession kernel-patches#135/1 fsession_test/fsession_test:OK kernel-patches#135/2 fsession_test/fsession_reattach:OK kernel-patches#135/3 fsession_test/fsession_cookie:OK kernel-patches#135 fsession_test:OK Summary: 1/3 PASSED, 0 SKIPPED, 0 FAILED # ./test_progs -t get_func kernel-patches#138 get_func_args_test:OK kernel-patches#139 get_func_ip_test:OK Summary: 2/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Abhishek Dubey <adubey@linux.ibm.com>
kernel-patches-daemon-bpf bot
pushed a commit
that referenced
this pull request
Feb 19, 2026
If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. The host role's start() operation registers a xhci-hcd device, but its probe is deferred while we are in the resume path. The host role's resume() operation assumes the xhci-hcd device is already probed, which is not the case, leading to the dereference. Since the start() operation of the new role is already called, the resume operation can be skipped. So skip the resume operation for the new role if a role switch occurs during resume. Once the resume sequence is complete, the xhci-hcd device can be probed in case of host mode. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000208 Mem abort info: ... Data abort info: ... [0000000000000208] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP Modules linked in: CPU: 0 UID: 0 PID: 146 Comm: sh Not tainted 6.19.0-rc7-00013-g6e64f4aabfae-dirty #135 PREEMPT Hardware name: Texas Instruments J7200 EVM (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_hcd_is_primary_hcd+0x0/0x1c lr : cdns_host_resume+0x24/0x5c ... Call trace: usb_hcd_is_primary_hcd+0x0/0x1c (P) cdns_resume+0x6c/0xbc cdns3_controller_resume.isra.0+0xe8/0x17c cdns3_plat_resume+0x18/0x24 platform_pm_resume+0x2c/0x68 dpm_run_callback+0x90/0x248 device_resume+0x100/0x24c dpm_resume+0x190/0x2ec dpm_resume_end+0x18/0x34 suspend_devices_and_enter+0x2b0/0xa44 pm_suspend+0x16c/0x5fc state_store+0x80/0xec kobj_attr_store+0x18/0x2c sysfs_kf_write+0x7c/0x94 kernfs_fop_write_iter+0x130/0x1dc vfs_write+0x240/0x370 ksys_write+0x70/0x108 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x48/0x10c el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0x108 el0t_64_sync_handler+0xa0/0xe4 el0t_64_sync+0x198/0x19c Code: 52800003 f9407ca5 d63f00a0 17ffffe4 (f9410401) ---[ end trace 0000000000000000 ]--- Cc: stable <stable@kernel.org> Fixes: 2cf2581 ("usb: cdns3: add power lost support for system resume") Signed-off-by: Thomas Richard (TI) <thomas.richard@bootlin.com> Acked-by: Peter Chen <peter.chen@kernel.org> Link: https://patch.msgid.link/20260130-usb-cdns3-fix-role-switching-during-resume-v1-1-44c456852b52@bootlin.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: fix raw_tp test run in preempt kernel
version: 2
url: https://patchwork.kernel.org/project/bpf/list/?series=357455