From patchwork Mon Jul 20 15:36:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 237563 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2145039ilg; Mon, 20 Jul 2020 09:46:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwv6wD+8yun/ZFPWxbijJJt2A0l8lq+TqAHzkLBr+Uu/RbXo/W8bxbDwscIcUaQoam8WZb4 X-Received: by 2002:a50:b941:: with SMTP id m59mr21697396ede.321.1595263617595; Mon, 20 Jul 2020 09:46:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595263617; cv=none; d=google.com; s=arc-20160816; b=pdkwkVO4Inl423/Sgr/f/Ft4SAxBUh22p72cHk2m+SaAbPJYKsD3JzRvtRv2NuJPJq HVrlC9ArPxgP3vHYha8b7fXk9ueZa6TmWHW6rRljSbpEoISq74pUaqLCFf7n5DjNeHXX 1RyahUyEt4VvvnD0yJ3fVV5i5d3/dHrqNe4J7UGh6gydhoowftf5njFosv8blYfeyWrp wPqdYYEeGvNAM/Dexi7cffRLZJ2qc+BnF3CUBJxI+/0QP0DfzhZzWS4/e6YNrgwWLLCT 6FU+NBt+gtfiN+Lo2eZsnDBMGfIfeWlfTk1DhQLrUuSrjsNZ3hukT0KqAUWKEGrLxmdY it6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=oq5fdWTTXSj3dSdAKNG8/tagbbIqI8o6tebUPdYU5PI=; b=AN26QS17MXDvhQmY+xZEuFRBvKNC9oALY8Z2pU7yZ02Tl+8PZfKuGJIISJDJVdULw3 Msf0/DNiGJVtckkzJ/TvWzoMxdRyE8uRLtgb/eaxsGfvduiOT0WXgoNekBGFvMqF990i 2Qqq/SYrb7dOe0HdUeg6xMKy/G2uqe5HBFVaoh7QYCD6HAg5eeyYv0nnGRErRe28ZUJl Xp7QtsJBZjlrIkHvu/Om6TEOnRHJEctY40Cms4gYpnJ7UeetfkY/lHBkwUuwj+RkQzHd tZ+MEWMGCwYUoMldzwff1TzLKHM3ohpN8b+tahNwvTPkrlJPQ2pjJ/7RDDj52oTfmp92 26og== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="EDP47/em"; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d25si10644744eja.521.2020.07.20.09.46.57; Mon, 20 Jul 2020 09:46:57 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="EDP47/em"; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728010AbgGTPkF (ORCPT + 15 others); Mon, 20 Jul 2020 11:40:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:59368 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728872AbgGTPkE (ORCPT ); Mon, 20 Jul 2020 11:40:04 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 03AEC22B4E; Mon, 20 Jul 2020 15:40:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259603; bh=YRMjNTQGhNU5JwMX8Bo6/kNLH/gfrVoU7afWPPlGggc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EDP47/emLhl9EtGz7n8wc56sehL4/5OnQMVoHztwX0CxT4E/X1qoq/B4O6lcLQo/i eIxO5iOCrkLOolVoH2j+XTUOVoC4ufPMk2Npkn+NAyYvLpjDdazZd9Ft8VjePCnlgR Ic1pRmJwbknBiFaeyZdMSWcr/frKAJbg2RiGJAhc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Srinivas Kandagatla , Charles Keepax , Vinod Koul , Takashi Iwai , Sasha Levin Subject: [PATCH 4.9 12/86] ALSA: compress: fix partial_drain completion state Date: Mon, 20 Jul 2020 17:36:08 +0200 Message-Id: <20200720152753.743085089@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152753.138974850@linuxfoundation.org> References: <20200720152753.138974850@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Vinod Koul [ Upstream commit f79a732a8325dfbd570d87f1435019d7e5501c6d ] On partial_drain completion we should be in SNDRV_PCM_STATE_RUNNING state, so set that for partially draining streams in snd_compr_drain_notify() and use a flag for partially draining streams While at it, add locks for stream state change in snd_compr_drain_notify() as well. Fixes: f44f2a5417b2 ("ALSA: compress: fix drain calls blocking other compress functions (v6)") Reviewed-by: Srinivas Kandagatla Tested-by: Srinivas Kandagatla Reviewed-by: Charles Keepax Tested-by: Charles Keepax Signed-off-by: Vinod Koul Link: https://lore.kernel.org/r/20200629134737.105993-4-vkoul@kernel.org Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin --- include/sound/compress_driver.h | 10 +++++++++- sound/core/compress_offload.c | 4 ++++ 2 files changed, 13 insertions(+), 1 deletion(-) -- 2.25.1 diff --git a/include/sound/compress_driver.h b/include/sound/compress_driver.h index 49482080311a1..b3b06478cf2ba 100644 --- a/include/sound/compress_driver.h +++ b/include/sound/compress_driver.h @@ -72,6 +72,7 @@ struct snd_compr_runtime { * @direction: stream direction, playback/recording * @metadata_set: metadata set flag, true when set * @next_track: has userspace signal next track transition, true when set + * @partial_drain: undergoing partial_drain for stream, true when set * @private_data: pointer to DSP private data */ struct snd_compr_stream { @@ -83,6 +84,7 @@ struct snd_compr_stream { enum snd_compr_direction direction; bool metadata_set; bool next_track; + bool partial_drain; void *private_data; }; @@ -185,7 +187,13 @@ static inline void snd_compr_drain_notify(struct snd_compr_stream *stream) if (snd_BUG_ON(!stream)) return; - stream->runtime->state = SNDRV_PCM_STATE_SETUP; + /* for partial_drain case we are back to running state on success */ + if (stream->partial_drain) { + stream->runtime->state = SNDRV_PCM_STATE_RUNNING; + stream->partial_drain = false; /* clear this flag as well */ + } else { + stream->runtime->state = SNDRV_PCM_STATE_SETUP; + } wake_up(&stream->runtime->sleep); } diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index 7ae8e24dc1e61..81624f6e3f330 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -723,6 +723,9 @@ static int snd_compr_stop(struct snd_compr_stream *stream) retval = stream->ops->trigger(stream, SNDRV_PCM_TRIGGER_STOP); if (!retval) { + /* clear flags and stop any drain wait */ + stream->partial_drain = false; + stream->metadata_set = false; snd_compr_drain_notify(stream); stream->runtime->total_bytes_available = 0; stream->runtime->total_bytes_transferred = 0; @@ -880,6 +883,7 @@ static int snd_compr_partial_drain(struct snd_compr_stream *stream) if (stream->next_track == false) return -EPERM; + stream->partial_drain = true; retval = stream->ops->trigger(stream, SND_COMPR_TRIGGER_PARTIAL_DRAIN); if (retval) { pr_debug("Partial drain returned failure\n"); From patchwork Mon Jul 20 15:36:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 237562 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2143833ilg; Mon, 20 Jul 2020 09:45:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxfN9Y4KGl1nh9fnllCuZRRUuHV9xFZLi0VbawHu4bctV3OR0XlCRM5246Pi4I5fkKMbASI X-Received: by 2002:aa7:d8ca:: with SMTP id k10mr22379790eds.108.1595263523569; Mon, 20 Jul 2020 09:45:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595263523; cv=none; d=google.com; s=arc-20160816; b=bZiz6oDJoGo6fv25YfcScKj8uI43JYCsiy4byCs98xOB+3dKXjPoG74kVHt4UEOBhK 5my871nzA9epeBeUrD1eZes6GcXOyg65vvWGsQN/TsRVGg23WkFa/+lK6gT+/WwtlF1a bYrOJtNnmeJ+1145t9GbKNSzZP6huX6SiLFYD7O7ftMJX/aaJw9AitclwfUdMnM07LSZ DuVfgvEiijzDBFEeJhopV6dGj0Hgj3Qi340FJvKWZW4gCTjVjT/+WKwFz+TcIKAJSgK3 xctXeL/QQidBBaAgDC0xlkO3CR+0egY6cgi9cjP7Na1VC+7Ax4jcnAofm4TGR80VZ+cB LcVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=R4Cpjv6inlPt59b2trc4OBPz3hcdQEI/km6vQmZ4dE8=; b=TBOBa8IzST+UgvzroT2KbJbGR/ghqtXPURYYVsVAcgSUpaaDB63jy5OoSTK8BK4RBG QflG1IxZSC28Szjsc/ZmLdC4QpcYFqv7tYZ3AuOv+wV9b/GH3PT3pDL0Pgy0fppywTWB 58kfyBhSXAjnWnq/c5MzPEwiQTQSdGYexhd5dEpJWVPlwfYtMch2aSDR4xSGtdVCGrlI J88yauy34y+Xkv0tvJ3JKIO9TBWB1UQYVUPB2JCPeseIbgjfMTZ7JSi1uVT7CQkuWg1h BD5datQik3CvTr9rlJL0Hiw/ZvGU2EZYpMXFD+2qPcqZTLTi/p6oSh60lUhr0IdwArTD wkUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=engvtWoY; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y97si10995363ede.234.2020.07.20.09.45.23; Mon, 20 Jul 2020 09:45:23 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=engvtWoY; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729854AbgGTQpU (ORCPT + 15 others); Mon, 20 Jul 2020 12:45:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:33018 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729859AbgGTPlT (ORCPT ); Mon, 20 Jul 2020 11:41:19 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0655C2065E; Mon, 20 Jul 2020 15:41:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259678; bh=4F5ltSzsWVSxcuxanMxE12FRG4qg+lECWp25g442HZc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=engvtWoYSrhm+XvmupKTh2Gu9ZWGrFIAinCMUOcPolxtdl6jT6Dp73LqwxJsxmUaV Sxjye+ZTgc8XB3xiAu+g0ufa97lbwfINQXwCih4SZ54VgxHMnaWHP+bzub7zFYPHWt 7X0AmDVbLp6mqbM8Kgf04ba7HzNOLhBQy/xkLUNs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lars-Peter Clausen , Linus Walleij , Jonathan Cameron , Stable@vger.kernel.org Subject: [PATCH 4.9 41/86] iio:magnetometer:ak8974: Fix alignment and data leak issues Date: Mon, 20 Jul 2020 17:36:37 +0200 Message-Id: <20200720152755.232415653@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152753.138974850@linuxfoundation.org> References: <20200720152753.138974850@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jonathan Cameron commit 838e00b13bfd4cac8b24df25bfc58e2eb99bcc70 upstream. One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses an array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data. This data is allocated with kzalloc so no data can leak appart from previous readings. Fixes: 7c94a8b2ee8cf ("iio: magn: add a driver for AK8974") Reported-by: Lars-Peter Clausen Reviewed-by: Linus Walleij Signed-off-by: Jonathan Cameron Cc: Signed-off-by: Greg Kroah-Hartman --- drivers/iio/magnetometer/ak8974.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/drivers/iio/magnetometer/ak8974.c +++ b/drivers/iio/magnetometer/ak8974.c @@ -153,6 +153,11 @@ struct ak8974 { bool drdy_irq; struct completion drdy_complete; bool drdy_active_low; + /* Ensure timestamp is naturally aligned */ + struct { + __le16 channels[3]; + s64 ts __aligned(8); + } scan; }; static const char ak8974_reg_avdd[] = "avdd"; @@ -494,7 +499,6 @@ static void ak8974_fill_buffer(struct ii { struct ak8974 *ak8974 = iio_priv(indio_dev); int ret; - s16 hw_values[8]; /* Three axes + 64bit padding */ pm_runtime_get_sync(&ak8974->i2c->dev); mutex_lock(&ak8974->lock); @@ -504,13 +508,13 @@ static void ak8974_fill_buffer(struct ii dev_err(&ak8974->i2c->dev, "error triggering measure\n"); goto out_unlock; } - ret = ak8974_getresult(ak8974, hw_values); + ret = ak8974_getresult(ak8974, ak8974->scan.channels); if (ret) { dev_err(&ak8974->i2c->dev, "error getting measures\n"); goto out_unlock; } - iio_push_to_buffers_with_timestamp(indio_dev, hw_values, + iio_push_to_buffers_with_timestamp(indio_dev, &ak8974->scan, iio_get_time_ns(indio_dev)); out_unlock: From patchwork Mon Jul 20 15:36:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 237561 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2143409ilg; Mon, 20 Jul 2020 09:44:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx5x4UjOD7cimNeTjVDvVu4x1YOL7RKuJBOtWqjbuktgdJRel3u1i7arSGpjOtX6PM7uune X-Received: by 2002:a17:906:a44:: with SMTP id x4mr22534405ejf.193.1595263491758; Mon, 20 Jul 2020 09:44:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595263491; cv=none; d=google.com; s=arc-20160816; b=XfQhs4P6yuS0SLdpNvKCYe1T1zWYP5e/kia34udH79OiFO1DCJY1y5rXeWDTE8BV1Y MaPOBByL4YSYEq+UXrd0hx7ZM/FewrQRok5NUVTjfmtVkmJkr966Xb+BSDetObf3hWKT rKeKWop8QGGuT069Fii1idsQaLI2t0KuR2vto+O170A7V4zXrbMiZZfDUB72DSkows2P 5jBrBmsQlDyNFSBp+IoteBlqkfC4QPJuYbLW+2W+ZG7HN65kSTYNVFPc3DwrNCt4DdjL b08ZyODFJvceGc+hU073dd9pA48dOp5eeHegyyM7nr44Yr2kxmUVC6vPJBHAZo2HEKR1 z96A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=FyEfiEanleHIkCwrmFojBZ2sZnDFFvemdHTFLx31pNg=; b=E/EFOMRExL8Y/hMAxzuKTCtWVrin8DcBR8BufIyI1cF57ZFRRcPOuwK4BFkhAoPXdt CZe5keCs5DqLqe5f1eZqBZiAM9gHOr8Rp6xiv/dDFOxSHaA8XIup5Cn17zHgkiQWTfEc ejPvjhiXH7voGm8YQLtpIfoU+Z4YZ8lSCd5Tq2aGPwtqSYyIEHz+QPF59MNsPFW9pg05 XklCNlY3tAzv9CywFkcm38IidqK77t79bLkqYKfVtkknqe+aMvmSp1zWoxp9ceQ3HvlA d+ZpI2HIxxt5MJKlJQka1ML79Wm7WCIT9CBMynFgj0qb8sBN7z6LOQjMBf2XgQILU9CC e9Yw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=eosXuhfk; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o10si11013381edr.168.2020.07.20.09.44.51; Mon, 20 Jul 2020 09:44:51 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=eosXuhfk; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729898AbgGTPlb (ORCPT + 15 others); Mon, 20 Jul 2020 11:41:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:33406 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729895AbgGTPla (ORCPT ); Mon, 20 Jul 2020 11:41:30 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 066B322CF7; Mon, 20 Jul 2020 15:41:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259689; bh=eVx2whG+iEhdi/wNAA8mHJvtFWijfFiSbn2YqjBTA2Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eosXuhfkhd9KI6B5CVtkAlxHOPYh3Bmuenz9MK785357xggTqwJksY9XRrmtn5nC8 OEb2fj+9S60BtMoQtjy7Q2KBgT7HCR315DoGIP5JvEygb5qTyMETgmWwtaKFqZuks0 +PMTVaLNxe5Jx4jLcl7gNixyM/HFDYzjinGxWCmo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lars-Peter Clausen , Jonathan Cameron , Tomasz Duszynski , Stable@vger.kernel.org Subject: [PATCH 4.9 45/86] iio:pressure:ms5611 Fix buffer element alignment Date: Mon, 20 Jul 2020 17:36:41 +0200 Message-Id: <20200720152755.428091647@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152753.138974850@linuxfoundation.org> References: <20200720152753.138974850@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jonathan Cameron commit 8db4afe163bbdd93dca6fcefbb831ef12ecc6b4d upstream. One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses an array of smaller elements on the stack. Here there is no data leak possibility so use an explicit structure on the stack to ensure alignment and nice readable fashion. The forced alignment of ts isn't strictly necessary in this driver as the padding will be correct anyway (there isn't any). However it is probably less fragile to have it there and it acts as documentation of the requirement. Fixes: 713bbb4efb9dc ("iio: pressure: ms5611: Add triggered buffer support") Reported-by: Lars-Peter Clausen Signed-off-by: Jonathan Cameron Acked-by: Tomasz Duszynski Cc: Signed-off-by: Greg Kroah-Hartman --- drivers/iio/pressure/ms5611_core.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) --- a/drivers/iio/pressure/ms5611_core.c +++ b/drivers/iio/pressure/ms5611_core.c @@ -215,16 +215,21 @@ static irqreturn_t ms5611_trigger_handle struct iio_poll_func *pf = p; struct iio_dev *indio_dev = pf->indio_dev; struct ms5611_state *st = iio_priv(indio_dev); - s32 buf[4]; /* s32 (pressure) + s32 (temp) + 2 * s32 (timestamp) */ + /* Ensure buffer elements are naturally aligned */ + struct { + s32 channels[2]; + s64 ts __aligned(8); + } scan; int ret; mutex_lock(&st->lock); - ret = ms5611_read_temp_and_pressure(indio_dev, &buf[1], &buf[0]); + ret = ms5611_read_temp_and_pressure(indio_dev, &scan.channels[1], + &scan.channels[0]); mutex_unlock(&st->lock); if (ret < 0) goto err; - iio_push_to_buffers_with_timestamp(indio_dev, buf, + iio_push_to_buffers_with_timestamp(indio_dev, &scan, iio_get_time_ns(indio_dev)); err: From patchwork Mon Jul 20 15:36:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 237285 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2090978ilg; Mon, 20 Jul 2020 08:41:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwWriam4JV0G2Dy3ovLbrCcdM9Ht9XcrseI4LG7iwX+ZhdGZoEFgDngQt8sr6K6WKnoqu7t X-Received: by 2002:a17:906:7005:: with SMTP id n5mr20123446ejj.130.1595259697840; Mon, 20 Jul 2020 08:41:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595259697; cv=none; d=google.com; s=arc-20160816; b=Pm5zmKFt+JTB0sBjrOwigZ6iZPba2fIOpJ4Gq3DrBeKP0d3FldlIYXpm7oVkqY9Ybe NdpuC9TWcaVfqQLclEvpIbRIXzwrKznSI4IXnddmjvLQMO+oIrbhIwjOPOqqs+U7yMhv kU8KRlL+ttiq0+b2ZngBRZiOLJhMELdsGgpF7V0HSpPuEu3XKCx1Ye+isERpriqDiWYk dzp/fSstTqNQSoM1idEpY9GnDov2dcaFJPNtv3imBvXMG0WjWBCWx+r8gs484BipEEBI IR9sqxHNGGB1YP6+8EWxMuo7HkQnDpBajGuhqOglhV98ubt+0AHzvCi9peIKFgHci0xJ +9WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=20vWbjOJ05tbSMiEIiKIUuL4OiAgRpiEN/NcDmMoUOM=; b=gmrSw+GeWKQb+gJ9BFSo9bz2sSMgn0auW1GDP49i6yaz1urvaV12o46VvnUkrH9ksT YmFLoB6fBnQ7SY2bQ4dPPjkjBqu5JmHNhhxMIC18VveHbvC9BEem/v6WR/cj+oQHsyn0 AuxETFDXIwcB5sRaXcBAUCTXUgayvRVscviYHAwchWspHGazpAJWY+EHHEXAQYze2dUS BK98RnRqpAmCPXebYhb/6gntWSaU+wjAYJoWRr7mRcgz4Xbe/PjF8ItCcTDpTmr9Z4uK LLgkIzEybrGQFkzQkvQcWmUOcT08mE8+7mTcM1k74x/Da9D/p5aUcvX8ssSakLohTKHt vj9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Pg7tdM2H; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q26si10505197ejc.433.2020.07.20.08.41.37; Mon, 20 Jul 2020 08:41:37 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Pg7tdM2H; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729920AbgGTPlg (ORCPT + 15 others); Mon, 20 Jul 2020 11:41:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:33560 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729910AbgGTPlc (ORCPT ); Mon, 20 Jul 2020 11:41:32 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9E4362064B; Mon, 20 Jul 2020 15:41:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259692; bh=6TvSZAHBNwIOER1p9mZeazrQSDICKsX8iOf9RBznyvI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Pg7tdM2HIwnQuaBhFJnmOovFaSHeZaralRH/jbpShcDyEJr1N4x/OgRr6iI+WczIo OUJx7pKhxDgL5YAIk0JJXm9ONKFYecf/qCoveACL09YBwy1G9phcRxPl7lkTbjRZ4t FP6iwzVOlHw2gWXp4tn86GmZNYUxn+xf2udl4cG0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lars-Peter Clausen , Jonathan Cameron , "Andrew F. Davis" , Stable@vger.kernel.org Subject: [PATCH 4.9 46/86] iio:health:afe4403 Fix timestamp alignment and prevent data leak. Date: Mon, 20 Jul 2020 17:36:42 +0200 Message-Id: <20200720152755.478243355@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152753.138974850@linuxfoundation.org> References: <20200720152753.138974850@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jonathan Cameron commit 3f9c6d38797e9903937b007a341dad0c251765d6 upstream. One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses a 32 byte array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data with alignment explicitly requested. This data is allocated with kzalloc so no data can leak appart from previous readings. Fixes: eec96d1e2d31 ("iio: health: Add driver for the TI AFE4403 heart monitor") Reported-by: Lars-Peter Clausen Signed-off-by: Jonathan Cameron Acked-by: Andrew F. Davis Cc: Signed-off-by: Jonathan Cameron Signed-off-by: Greg Kroah-Hartman --- drivers/iio/health/afe4403.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/drivers/iio/health/afe4403.c +++ b/drivers/iio/health/afe4403.c @@ -71,6 +71,7 @@ static const struct reg_field afe4403_re * @regulator: Pointer to the regulator for the IC * @trig: IIO trigger for this device * @irq: ADC_RDY line interrupt number + * @buffer: Used to construct data layout to push into IIO buffer. */ struct afe4403_data { struct device *dev; @@ -80,6 +81,8 @@ struct afe4403_data { struct regulator *regulator; struct iio_trigger *trig; int irq; + /* Ensure suitable alignment for timestamp */ + s32 buffer[8] __aligned(8); }; enum afe4403_chan_id { @@ -318,7 +321,6 @@ static irqreturn_t afe4403_trigger_handl struct iio_dev *indio_dev = pf->indio_dev; struct afe4403_data *afe = iio_priv(indio_dev); int ret, bit, i = 0; - s32 buffer[8]; u8 tx[4] = {AFE440X_CONTROL0, 0x0, 0x0, AFE440X_CONTROL0_READ}; u8 rx[3]; @@ -335,9 +337,9 @@ static irqreturn_t afe4403_trigger_handl if (ret) goto err; - buffer[i++] = (rx[0] << 16) | - (rx[1] << 8) | - (rx[2]); + afe->buffer[i++] = (rx[0] << 16) | + (rx[1] << 8) | + (rx[2]); } /* Disable reading from the device */ @@ -346,7 +348,8 @@ static irqreturn_t afe4403_trigger_handl if (ret) goto err; - iio_push_to_buffers_with_timestamp(indio_dev, buffer, pf->timestamp); + iio_push_to_buffers_with_timestamp(indio_dev, afe->buffer, + pf->timestamp); err: iio_trigger_notify_done(indio_dev->trig); From patchwork Mon Jul 20 15:36:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 237560 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2142670ilg; Mon, 20 Jul 2020 09:43:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzkdUIkrt5l+7GNRdgQBINIdpZremZ5Wu2iv4BiMWkWORKmUG/FBe+JSYdoPa9RqRPH6rn6 X-Received: by 2002:a05:6402:1544:: with SMTP id p4mr22625404edx.334.1595263435142; Mon, 20 Jul 2020 09:43:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595263435; cv=none; d=google.com; s=arc-20160816; b=AaGYgB/aUCcPiorx5goe2hc6gfya5z1Tpe7l4mMD/lmAXI5ZopM9t6NqyoCq6Ig72X ecFnXlyB4kbhoZyA1Jn6H65xnrvzW30lC2OY8g/X53zbJEpw/V1WAwXWarnio5nnXZCk tD4N+IVoAJkGokFY00He6TG80aRpfxZZ8GC9lNtBLGIPHzKDSWzdG5ct9yzC6FUtGTOI Y5g/fKz50+35W81L8XGBXZ6gzPndvKeUiX64fZQWbhjDVtonM79AaRvNaEALZd1/fldn uRTathhVZL3hxhdpZNEU5qHj/nqtD20Pqo65hF+IC9XPZZYUbOtAyODoKN/YVxXZWaNT aCjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=hGo9GqHig13cOHFQE/I/wW8r51252vcwioXKpk9Qa4g=; b=wcrphShnokkC4eHBvz+1CSogW3JxXkrhaQGV69pMJsjadlCsNRSsxy8Yd97tOwE8L9 om6JIclyNxXDwrNJKnE7ZydDhDHItl6MJHDzjGtcU3g7+yABYilMzajyAWKHurIoTLXz ja45iJTA/LAhajKhzU6H6mGdfbTZE+m4akrazciMnrHLEUHmXSzZfqG/cnVEa3Vv+ABu aZGWgVUnwy5AOoLsopvrHlC/TOVgS9sybZ/i9yL8JncNutXUt1ZVW23DDigc9tk+J8rt kw6Qx86yB1BIB60eTTLSEVsBr0Ok6SaFJ6ZjFSnp6hAirpw2jmqfVVrwOddG8WxKSmmt eq7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pleLd+oj; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cf15si10810462edb.350.2020.07.20.09.43.54; Mon, 20 Jul 2020 09:43:55 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pleLd+oj; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729984AbgGTQnu (ORCPT + 15 others); Mon, 20 Jul 2020 12:43:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:34280 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729324AbgGTPlw (ORCPT ); Mon, 20 Jul 2020 11:41:52 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 16E6E22CB3; Mon, 20 Jul 2020 15:41:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259711; bh=Vk7IagyqnoRmnENC1u/iaiaXIz648HETL5Ky4FZuhwo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pleLd+oj1Z1OLKcHxcOHqSQYtCigmcEwgDAYmzxEGIkfVT3sCw/KNM2Mb8Q3lTb86 uYWMCn9B0SxKAQWu+hJwwOguRfLsQB2lFkGXdzYl3WtsN9YvZu7qVzRRZq4Bv+Z4CK gGzFGWvNUnsixtkmY0P4LOjdUJ+YlDS4SCD2Zn5A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lars-Peter Clausen , Jonathan Cameron , "Andrew F. Davis" , Sasha Levin Subject: [PATCH 4.9 52/86] iio:health:afe4404 Fix timestamp alignment and prevent data leak. Date: Mon, 20 Jul 2020 17:36:48 +0200 Message-Id: <20200720152755.782160784@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152753.138974850@linuxfoundation.org> References: <20200720152753.138974850@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jonathan Cameron [ Upstream commit f88ecccac4be348bbcc6d056bdbc622a8955c04d ] One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses a 40 byte array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data with alignment explicitly requested. This data is allocated with kzalloc so no data can leak appart from previous readings. Fixes: 87aec56e27ef ("iio: health: Add driver for the TI AFE4404 heart monitor") Reported-by: Lars-Peter Clausen Signed-off-by: Jonathan Cameron Acked-by: Andrew F. Davis Signed-off-by: Jonathan Cameron Signed-off-by: Sasha Levin --- drivers/iio/health/afe4404.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) -- 2.25.1 diff --git a/drivers/iio/health/afe4404.c b/drivers/iio/health/afe4404.c index 964f5231a831c..5e256b11ac877 100644 --- a/drivers/iio/health/afe4404.c +++ b/drivers/iio/health/afe4404.c @@ -91,6 +91,7 @@ static const struct reg_field afe4404_reg_fields[] = { * @regulator: Pointer to the regulator for the IC * @trig: IIO trigger for this device * @irq: ADC_RDY line interrupt number + * @buffer: Used to construct a scan to push to the iio buffer. */ struct afe4404_data { struct device *dev; @@ -99,6 +100,7 @@ struct afe4404_data { struct regulator *regulator; struct iio_trigger *trig; int irq; + s32 buffer[10] __aligned(8); }; enum afe4404_chan_id { @@ -337,17 +339,17 @@ static irqreturn_t afe4404_trigger_handler(int irq, void *private) struct iio_dev *indio_dev = pf->indio_dev; struct afe4404_data *afe = iio_priv(indio_dev); int ret, bit, i = 0; - s32 buffer[10]; for_each_set_bit(bit, indio_dev->active_scan_mask, indio_dev->masklength) { ret = regmap_read(afe->regmap, afe4404_channel_values[bit], - &buffer[i++]); + &afe->buffer[i++]); if (ret) goto err; } - iio_push_to_buffers_with_timestamp(indio_dev, buffer, pf->timestamp); + iio_push_to_buffers_with_timestamp(indio_dev, afe->buffer, + pf->timestamp); err: iio_trigger_notify_done(indio_dev->trig); From patchwork Mon Jul 20 15:37:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 237286 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2092310ilg; Mon, 20 Jul 2020 08:43:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwoTG43LhZarBqwEH32XsyIWqfMG6JLmU7SKVsvxuynhhraThN/tJFCDd569aMdwAZMSRfS X-Received: by 2002:a05:6402:b4c:: with SMTP id bx12mr21216580edb.157.1595259803221; Mon, 20 Jul 2020 08:43:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595259803; cv=none; d=google.com; s=arc-20160816; b=kJcLJ+JidsYEKa0dEsz0AlJfGfm7iV7+S4Mesph03FTA76Wm9tCJ/picrxGZc8m6oG eKb5rw0CZsTCgHddBMwZ3Y/uPMdPey0A9KTcvIiQs8O6DOk0zDxALJhoDm4J4V1R8zsT fada6mJZa9Vw5pAwHK44TLucxEjCgP0hd8tvbl6yH74DTq3Z0tFjSePtqowo5ZQxrpn9 Y0oSlgDN5+f6zz6sAKKj4GIbkrh5IHV6wNxE0zk8ZM8q4fM1kBZgjoWjfePmSPAS7lIJ n+JQ9YEXi/GhFTWTf1PNrax6vXaPAzVLAGKTuwvyi2rwOqIcDpLgUi1ihwxQ79C7Vll0 RALw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=JIoTngvwuWKAVeVWRDc5t75/JjdaELoZjXCxerWvznQ=; b=ud2cppqSvLqUIEptAWfoX2g5H3eQnVjYeVFdN2TUfexZj4bMOdLTZrMSbnDLceL2au aEYebnsOzvn1bPGkRBu1vX/zadsiBNPMLMQc7YLb3nK9mGJzkvI1+p0LUE6IxPxCijBR d4Qgo/OD2uvBQ/rVpo8tpxxhLtm9f7+dkIBeSg+LAUFGTEoRT5+RaS9Vs9UwMF1PfTu/ 54OhLPsn8UJuff2XNlA2v7GCwFPIKM6KfA1OJRiRX2MB61P793SsRu9bBnWJCnNfMPG0 YMiLeI52Pn9/rBr6eGNVWqd6ocrahetypu44/6yv7O1BIl+ie6tukKY2d/JvSsSws4jp Cwkw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IGAtHxik; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g12si10724854edn.412.2020.07.20.08.43.23; Mon, 20 Jul 2020 08:43:23 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IGAtHxik; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730222AbgGTPnW (ORCPT + 15 others); Mon, 20 Jul 2020 11:43:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:36684 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730239AbgGTPnV (ORCPT ); Mon, 20 Jul 2020 11:43:21 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2000522CAF; Mon, 20 Jul 2020 15:43:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259800; bh=42JyVhg1+olFp1dfJGVALbpgABZHdFoxPFAbxbHEucg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IGAtHxikdsIQ2u1Ouguf636isG2NLGhkei+iPp47RPiU1vY3QqiwE3G1RS5OH9d4w PywRTKEjOyozXiof53vxqdakRkyDqyk0CC2FOttqfWTzcuWJFTA9LnUtYGiRf1FVQW HoxwkPKK5fOZevIB8btgaAg35iurKKERjKKBbQno= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Vincent Guittot , "Peter Zijlstra (Intel)" , Valentin Schneider , Dietmar Eggemann Subject: [PATCH 4.9 84/86] sched/fair: handle case of task_h_load() returning 0 Date: Mon, 20 Jul 2020 17:37:20 +0200 Message-Id: <20200720152757.501990741@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152753.138974850@linuxfoundation.org> References: <20200720152753.138974850@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Vincent Guittot commit 01cfcde9c26d8555f0e6e9aea9d6049f87683998 upstream. task_h_load() can return 0 in some situations like running stress-ng mmapfork, which forks thousands of threads, in a sched group on a 224 cores system. The load balance doesn't handle this correctly because env->imbalance never decreases and it will stop pulling tasks only after reaching loop_max, which can be equal to the number of running tasks of the cfs. Make sure that imbalance will be decreased by at least 1. misfit task is the other feature that doesn't handle correctly such situation although it's probably more difficult to face the problem because of the smaller number of CPUs and running tasks on heterogenous system. We can't simply ensure that task_h_load() returns at least one because it would imply to handle underflow in other places. Signed-off-by: Vincent Guittot Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Valentin Schneider Reviewed-by: Dietmar Eggemann Tested-by: Dietmar Eggemann Cc: # v4.4+ Link: https://lkml.kernel.org/r/20200710152426.16981-1-vincent.guittot@linaro.org Signed-off-by: Greg Kroah-Hartman --- kernel/sched/fair.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -6561,7 +6561,15 @@ static int detach_tasks(struct lb_env *e if (!can_migrate_task(p, env)) goto next; - load = task_h_load(p); + /* + * Depending of the number of CPUs and tasks and the + * cgroup hierarchy, task_h_load() can return a null + * value. Make sure that env->imbalance decreases + * otherwise detach_tasks() will stop only after + * detaching up to loop_max tasks. + */ + load = max_t(unsigned long, task_h_load(p), 1); + if (sched_feat(LB_MIN) && load < 16 && !env->sd->nr_balance_failed) goto next;