dd4f1e35fa
* refs/heads/tmp-2fea039 Linux 4.4.106 usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" Revert "x86/efi: Hoist page table switching code into efi_call_virt()" Revert "x86/efi: Build our own page table structures" net/packet: fix a race in packet_bind() and packet_notifier() packet: fix crash in fanout_demux_rollover() sit: update frag_off info rds: Fix NULL pointer dereference in __rds_rdma_map tipc: fix memory leak in tipc_accept_from_sock() more bio_map_user_iov() leak fixes s390: always save and restore all registers on context switch ipmi: Stop timers before cleaning up the module audit: ensure that 'audit=1' actually enables audit for PID 1 ipvlan: fix ipv6 outbound device afs: Connect up the CB.ProbeUuid IB/mlx5: Assign send CQ and recv CQ of UMR QP IB/mlx4: Increase maximal message size under UD QP xfrm: Copy policy family in clone_policy jump_label: Invoke jump_label_test() via early_initcall() atm: horizon: Fix irq release error sctp: use the right sk after waking up from wait_buf sleep sctp: do not free asoc when it is already dead in sctp_sendmsg sparc64/mm: set fields in deferred pages block: wake up all tasks blocked in get_request() sunrpc: Fix rpc_task_begin trace point NFS: Fix a typo in nfs_rename() dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 lib/genalloc.c: make the avail variable an atomic_long_t route: update fnhe_expires for redirect when the fnhe exists route: also update fnhe_genid when updating a route cache mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() kbuild: pkg: use --transform option to prefix paths in tar EDAC, i5000, i5400: Fix definition of NRECMEMB register EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested drm/amd/amdgpu: fix console deadlock if late init failed axonram: Fix gendisk handling netfilter: don't track fragmented packets zram: set physical queue limits to avoid array out of bounds accesses i2c: riic: fix restart condition crypto: s5p-sss - Fix completing crypto request in IRQ handler ipv6: reorder icmpv6_init() and ip6_mr_init() bnx2x: do not rollback VF MAC/VLAN filters we did not configure bnx2x: fix possible overrun of VFPF multicast addresses array bnx2x: prevent crash when accessing PTP with interface down spi_ks8995: fix "BUG: key accdaa28 not in .data!" arm64: KVM: Survive unknown traps from guests arm: KVM: Survive unknown traps from guests KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset irqchip/crossbar: Fix incorrect type of register size scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq libata: drop WARN from protocol error in ata_sff_qc_issue() kvm: nVMX: VMCLEAR should not cause the vCPU to shut down USB: gadgetfs: Fix a potential memory leak in 'dev_config()' usb: gadget: configs: plug memory leak HID: chicony: Add support for another ASUS Zen AiO keyboard gpio: altera: Use handle_level_irq when configured as a level_high ARM: OMAP2+: Release device node after it is no longer needed. ARM: OMAP2+: Fix device node reference counts module: set __jump_table alignment to 8 selftest/powerpc: Fix false failures for skipped tests x86/hpet: Prevent might sleep splat on resume ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure vti6: Don't report path MTU below IPV6_MIN_MTU. Revert "s390/kbuild: enable modversions for symbols exported from asm" Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" Revert "drm/armada: Fix compile fail" mm: drop unused pmdp_huge_get_and_clear_notify() thp: fix MADV_DONTNEED vs. numa balancing race thp: reduce indentation level in change_huge_pmd() scsi: storvsc: Workaround for virtual DVD SCSI version ARM: avoid faulting on qemu ARM: BUG if jumping to usermode address in kernel mode arm64: fpsimd: Prevent registers leaking from dead tasks KVM: VMX: remove I/O port 0x80 bypass on Intel hosts arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one media: dvb: i2c transfers over usb cannot be done from stack drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU drm: extra printk() wrapper macros kdb: Fix handling of kallsyms_symbol_next() return value s390: fix compat system call table iommu/vt-d: Fix scatterlist offset handling ALSA: usb-audio: Add check return value for usb_string() ALSA: usb-audio: Fix out-of-bound error ALSA: seq: Remove spurious WARN_ON() at timer check ALSA: pcm: prevent UAF in snd_pcm_info x86/PCI: Make broadcom_postcore_init() check acpi_disabled X.509: reject invalid BIT STRING for subjectPublicKey ASN.1: check for error from ASN1_OP_END__ACT actions ASN.1: fix out-of-bounds read when parsing indefinite length item efi: Move some sysfs files to be read-only by root scsi: libsas: align sata_device's rps_resp on a cacheline isa: Prevent NULL dereference in isa_bus driver callbacks hv: kvp: Avoid reading past allocated blocks from KVP file virtio: release virtio index when fail to device_register can: usb_8dev: cancel urb on -EPIPE and -EPROTO can: esd_usb2: cancel urb on -EPIPE and -EPROTO can: ems_usb: cancel urb on -EPIPE and -EPROTO can: kvaser_usb: cancel urb on -EPIPE and -EPROTO can: kvaser_usb: ratelimit errors if incomplete messages are received can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() can: kvaser_usb: free buf in error paths can: ti_hecc: Fix napi poll return value for repoll BACKPORT: irq: Make the irqentry text section unconditional UPSTREAM: arch, ftrace: for KASAN put hard/soft IRQ entries into separate sections UPSTREAM: x86, kasan, ftrace: Put APIC interrupt handlers into .irqentry.text UPSTREAM: kasan: make get_wild_bug_type() static UPSTREAM: kasan: separate report parts by empty lines UPSTREAM: kasan: improve double-free report format UPSTREAM: kasan: print page description after stacks UPSTREAM: kasan: improve slab object description UPSTREAM: kasan: change report header UPSTREAM: kasan: simplify address description logic UPSTREAM: kasan: change allocation and freeing stack traces headers UPSTREAM: kasan: unify report headers UPSTREAM: kasan: introduce helper functions for determining bug type BACKPORT: kasan: report only the first error by default UPSTREAM: kasan: fix races in quarantine_remove_cache() UPSTREAM: kasan: resched in quarantine_remove_cache() BACKPORT: kasan, sched/headers: Uninline kasan_enable/disable_current() BACKPORT: kasan: drain quarantine of memcg slab objects UPSTREAM: kasan: eliminate long stalls during quarantine reduction UPSTREAM: kasan: support panic_on_warn UPSTREAM: x86/suspend: fix false positive KASAN warning on suspend/resume UPSTREAM: kasan: support use-after-scope detection UPSTREAM: kasan/tests: add tests for user memory access functions UPSTREAM: mm, kasan: add a ksize() test UPSTREAM: kasan: test fix: warn if the UAF could not be detected in kmalloc_uaf2 UPSTREAM: kasan: modify kmalloc_large_oob_right(), add kmalloc_pagealloc_oob_right() UPSTREAM: lib/stackdepot: export save/fetch stack for drivers UPSTREAM: lib/stackdepot.c: bump stackdepot capacity from 16MB to 128MB BACKPORT: kprobes: Unpoison stack in jprobe_return() for KASAN UPSTREAM: kasan: remove the unnecessary WARN_ONCE from quarantine.c UPSTREAM: kasan: avoid overflowing quarantine size on low memory systems UPSTREAM: kasan: improve double-free reports BACKPORT: mm: coalesce split strings BACKPORT: mm/kasan: get rid of ->state in struct kasan_alloc_meta UPSTREAM: mm/kasan: get rid of ->alloc_size in struct kasan_alloc_meta UPSTREAM: mm: kasan: remove unused 'reserved' field from struct kasan_alloc_meta UPSTREAM: mm/kasan, slub: don't disable interrupts when object leaves quarantine UPSTREAM: mm/kasan: don't reduce quarantine in atomic contexts UPSTREAM: mm/kasan: fix corruptions and false positive reports UPSTREAM: lib/stackdepot.c: use __GFP_NOWARN for stack allocations BACKPORT: mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB UPSTREAM: kasan/quarantine: fix bugs on qlist_move_cache() UPSTREAM: mm: mempool: kasan: don't poot mempool objects in quarantine UPSTREAM: kasan: change memory hot-add error messages to info messages BACKPORT: mm/kasan: add API to check memory regions UPSTREAM: mm/kasan: print name of mem[set,cpy,move]() caller in report UPSTREAM: mm: kasan: initial memory quarantine implementation UPSTREAM: lib/stackdepot: avoid to return 0 handle UPSTREAM: lib/stackdepot.c: allow the stack trace hash to be zero UPSTREAM: mm, kasan: fix compilation for CONFIG_SLAB BACKPORT: mm, kasan: stackdepot implementation. Enable stackdepot for SLAB BACKPORT: mm, kasan: add GFP flags to KASAN API UPSTREAM: mm, kasan: SLAB support UPSTREAM: mm/slab: align cache size first before determination of OFF_SLAB candidate UPSTREAM: mm/slab: use more appropriate condition check for debug_pagealloc UPSTREAM: mm/slab: factor out debugging initialization in cache_init_objs() UPSTREAM: mm/slab: remove object status buffer for DEBUG_SLAB_LEAK UPSTREAM: mm/slab: alternative implementation for DEBUG_SLAB_LEAK UPSTREAM: mm/slab: clean up DEBUG_PAGEALLOC processing code UPSTREAM: mm/slab: activate debug_pagealloc in SLAB when it is actually enabled sched: EAS/WALT: Don't take into account of running task's util BACKPORT: schedutil: Reset cached freq if it is not in sync with next_freq UPSTREAM: kasan: add functions to clear stack poison Conflicts: arch/arm/include/asm/kvm_arm.h arch/arm64/kernel/vmlinux.lds.S include/linux/kasan.h kernel/softirq.c lib/Kconfig lib/Kconfig.kasan lib/Makefile lib/stackdepot.c mm/kasan/kasan.c sound/usb/mixer.c Change-Id: If70ced6da5f19be3dd92d10a8d8cd4d5841e5870 Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
287 lines
8.5 KiB
C
287 lines
8.5 KiB
C
/*
|
|
* Generic stack depot for storing stack traces.
|
|
*
|
|
* Some debugging tools need to save stack traces of certain events which can
|
|
* be later presented to the user. For example, KASAN needs to safe alloc and
|
|
* free stacks for each object, but storing two stack traces per object
|
|
* requires too much memory (e.g. SLUB_DEBUG needs 256 bytes per object for
|
|
* that).
|
|
*
|
|
* Instead, stack depot maintains a hashtable of unique stacktraces. Since alloc
|
|
* and free stacks repeat a lot, we save about 100x space.
|
|
* Stacks are never removed from depot, so we store them contiguously one after
|
|
* another in a contiguos memory allocation.
|
|
*
|
|
* Author: Alexander Potapenko <glider@google.com>
|
|
* Copyright (C) 2016 Google, Inc.
|
|
*
|
|
* Based on code by Dmitry Chernenkov.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* version 2 as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
*/
|
|
|
|
#include <linux/gfp.h>
|
|
#include <linux/jhash.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/percpu.h>
|
|
#include <linux/printk.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/stacktrace.h>
|
|
#include <linux/stackdepot.h>
|
|
#include <linux/string.h>
|
|
#include <linux/types.h>
|
|
|
|
#define DEPOT_STACK_BITS (sizeof(depot_stack_handle_t) * 8)
|
|
|
|
#define STACK_ALLOC_NULL_PROTECTION_BITS 1
|
|
#define STACK_ALLOC_ORDER 2 /* 'Slab' size order for stack depot, 4 pages */
|
|
#define STACK_ALLOC_SIZE (1LL << (PAGE_SHIFT + STACK_ALLOC_ORDER))
|
|
#define STACK_ALLOC_ALIGN 4
|
|
#define STACK_ALLOC_OFFSET_BITS (STACK_ALLOC_ORDER + PAGE_SHIFT - \
|
|
STACK_ALLOC_ALIGN)
|
|
#define STACK_ALLOC_INDEX_BITS (DEPOT_STACK_BITS - \
|
|
STACK_ALLOC_NULL_PROTECTION_BITS - STACK_ALLOC_OFFSET_BITS)
|
|
#define STACK_ALLOC_SLABS_CAP 8192
|
|
#define STACK_ALLOC_MAX_SLABS \
|
|
(((1LL << (STACK_ALLOC_INDEX_BITS)) < STACK_ALLOC_SLABS_CAP) ? \
|
|
(1LL << (STACK_ALLOC_INDEX_BITS)) : STACK_ALLOC_SLABS_CAP)
|
|
|
|
/* The compact structure to store the reference to stacks. */
|
|
union handle_parts {
|
|
depot_stack_handle_t handle;
|
|
struct {
|
|
u32 slabindex : STACK_ALLOC_INDEX_BITS;
|
|
u32 offset : STACK_ALLOC_OFFSET_BITS;
|
|
u32 valid : STACK_ALLOC_NULL_PROTECTION_BITS;
|
|
};
|
|
};
|
|
|
|
struct stack_record {
|
|
struct stack_record *next; /* Link in the hashtable */
|
|
u32 hash; /* Hash in the hastable */
|
|
u32 size; /* Number of frames in the stack */
|
|
union handle_parts handle;
|
|
unsigned long entries[1]; /* Variable-sized array of entries. */
|
|
};
|
|
|
|
static void *stack_slabs[STACK_ALLOC_MAX_SLABS];
|
|
|
|
static int depot_index;
|
|
static int next_slab_inited;
|
|
static size_t depot_offset;
|
|
static DEFINE_SPINLOCK(depot_lock);
|
|
|
|
static bool init_stack_slab(void **prealloc)
|
|
{
|
|
if (!*prealloc)
|
|
return false;
|
|
/*
|
|
* This smp_load_acquire() pairs with smp_store_release() to
|
|
* |next_slab_inited| below and in depot_alloc_stack().
|
|
*/
|
|
if (smp_load_acquire(&next_slab_inited))
|
|
return true;
|
|
if (stack_slabs[depot_index] == NULL) {
|
|
stack_slabs[depot_index] = *prealloc;
|
|
} else {
|
|
stack_slabs[depot_index + 1] = *prealloc;
|
|
/*
|
|
* This smp_store_release pairs with smp_load_acquire() from
|
|
* |next_slab_inited| above and in depot_save_stack().
|
|
*/
|
|
smp_store_release(&next_slab_inited, 1);
|
|
}
|
|
*prealloc = NULL;
|
|
return true;
|
|
}
|
|
|
|
/* Allocation of a new stack in raw storage */
|
|
static struct stack_record *depot_alloc_stack(unsigned long *entries, int size,
|
|
u32 hash, void **prealloc, gfp_t alloc_flags)
|
|
{
|
|
int required_size = offsetof(struct stack_record, entries) +
|
|
sizeof(unsigned long) * size;
|
|
struct stack_record *stack;
|
|
|
|
required_size = ALIGN(required_size, 1 << STACK_ALLOC_ALIGN);
|
|
|
|
if (unlikely(depot_offset + required_size > STACK_ALLOC_SIZE)) {
|
|
if (unlikely(depot_index + 1 >= STACK_ALLOC_MAX_SLABS)) {
|
|
WARN_ONCE(1, "Stack depot reached limit capacity");
|
|
return NULL;
|
|
}
|
|
depot_index++;
|
|
depot_offset = 0;
|
|
/*
|
|
* smp_store_release() here pairs with smp_load_acquire() from
|
|
* |next_slab_inited| in depot_save_stack() and
|
|
* init_stack_slab().
|
|
*/
|
|
if (depot_index + 1 < STACK_ALLOC_MAX_SLABS)
|
|
smp_store_release(&next_slab_inited, 0);
|
|
}
|
|
init_stack_slab(prealloc);
|
|
if (stack_slabs[depot_index] == NULL)
|
|
return NULL;
|
|
|
|
stack = stack_slabs[depot_index] + depot_offset;
|
|
|
|
stack->hash = hash;
|
|
stack->size = size;
|
|
stack->handle.slabindex = depot_index;
|
|
stack->handle.offset = depot_offset >> STACK_ALLOC_ALIGN;
|
|
stack->handle.valid = 1;
|
|
memcpy(stack->entries, entries, size * sizeof(unsigned long));
|
|
depot_offset += required_size;
|
|
|
|
return stack;
|
|
}
|
|
|
|
#define STACK_HASH_ORDER 18
|
|
#define STACK_HASH_SIZE (1L << STACK_HASH_ORDER)
|
|
#define STACK_HASH_MASK (STACK_HASH_SIZE - 1)
|
|
#define STACK_HASH_SEED 0x9747b28c
|
|
|
|
static struct stack_record *stack_table[STACK_HASH_SIZE] = {
|
|
[0 ... STACK_HASH_SIZE - 1] = NULL
|
|
};
|
|
|
|
/* Calculate hash for a stack */
|
|
static inline u32 hash_stack(unsigned long *entries, unsigned int size)
|
|
{
|
|
return jhash2((u32 *)entries,
|
|
size * sizeof(unsigned long) / sizeof(u32),
|
|
STACK_HASH_SEED);
|
|
}
|
|
|
|
/* Find a stack that is equal to the one stored in entries in the hash */
|
|
static inline struct stack_record *find_stack(struct stack_record *bucket,
|
|
unsigned long *entries, int size,
|
|
u32 hash)
|
|
{
|
|
struct stack_record *found;
|
|
|
|
for (found = bucket; found; found = found->next) {
|
|
if (found->hash == hash &&
|
|
found->size == size &&
|
|
!memcmp(entries, found->entries,
|
|
size * sizeof(unsigned long))) {
|
|
return found;
|
|
}
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
void depot_fetch_stack(depot_stack_handle_t handle, struct stack_trace *trace)
|
|
{
|
|
union handle_parts parts = { .handle = handle };
|
|
void *slab = stack_slabs[parts.slabindex];
|
|
size_t offset = parts.offset << STACK_ALLOC_ALIGN;
|
|
struct stack_record *stack = slab + offset;
|
|
|
|
trace->nr_entries = trace->max_entries = stack->size;
|
|
trace->entries = stack->entries;
|
|
trace->skip = 0;
|
|
}
|
|
EXPORT_SYMBOL_GPL(depot_fetch_stack);
|
|
|
|
/**
|
|
* depot_save_stack - save stack in a stack depot.
|
|
* @trace - the stacktrace to save.
|
|
* @alloc_flags - flags for allocating additional memory if required.
|
|
*
|
|
* Returns the handle of the stack struct stored in depot.
|
|
*/
|
|
depot_stack_handle_t depot_save_stack(struct stack_trace *trace,
|
|
gfp_t alloc_flags)
|
|
{
|
|
u32 hash;
|
|
depot_stack_handle_t retval = 0;
|
|
struct stack_record *found = NULL, **bucket;
|
|
unsigned long flags;
|
|
struct page *page = NULL;
|
|
void *prealloc = NULL;
|
|
|
|
if (unlikely(trace->nr_entries == 0))
|
|
goto fast_exit;
|
|
|
|
hash = hash_stack(trace->entries, trace->nr_entries);
|
|
bucket = &stack_table[hash & STACK_HASH_MASK];
|
|
|
|
/*
|
|
* Fast path: look the stack trace up without locking.
|
|
* The smp_load_acquire() here pairs with smp_store_release() to
|
|
* |bucket| below.
|
|
*/
|
|
found = find_stack(smp_load_acquire(bucket), trace->entries,
|
|
trace->nr_entries, hash);
|
|
if (found)
|
|
goto exit;
|
|
|
|
/*
|
|
* Check if the current or the next stack slab need to be initialized.
|
|
* If so, allocate the memory - we won't be able to do that under the
|
|
* lock.
|
|
*
|
|
* The smp_load_acquire() here pairs with smp_store_release() to
|
|
* |next_slab_inited| in depot_alloc_stack() and init_stack_slab().
|
|
*/
|
|
if (unlikely(!smp_load_acquire(&next_slab_inited))) {
|
|
/*
|
|
* Zero out zone modifiers, as we don't have specific zone
|
|
* requirements. Keep the flags related to allocation in atomic
|
|
* contexts and I/O.
|
|
*/
|
|
alloc_flags &= ~GFP_ZONEMASK;
|
|
alloc_flags &= (GFP_ATOMIC | GFP_KERNEL);
|
|
alloc_flags |= __GFP_NOWARN;
|
|
page = alloc_pages(alloc_flags, STACK_ALLOC_ORDER);
|
|
if (page)
|
|
prealloc = page_address(page);
|
|
}
|
|
|
|
spin_lock_irqsave(&depot_lock, flags);
|
|
|
|
found = find_stack(*bucket, trace->entries, trace->nr_entries, hash);
|
|
if (!found) {
|
|
struct stack_record *new =
|
|
depot_alloc_stack(trace->entries, trace->nr_entries,
|
|
hash, &prealloc, alloc_flags);
|
|
if (new) {
|
|
new->next = *bucket;
|
|
/*
|
|
* This smp_store_release() pairs with
|
|
* smp_load_acquire() from |bucket| above.
|
|
*/
|
|
smp_store_release(bucket, new);
|
|
found = new;
|
|
}
|
|
} else if (prealloc) {
|
|
/*
|
|
* We didn't need to store this stack trace, but let's keep
|
|
* the preallocated memory for the future.
|
|
*/
|
|
WARN_ON(!init_stack_slab(&prealloc));
|
|
}
|
|
|
|
spin_unlock_irqrestore(&depot_lock, flags);
|
|
exit:
|
|
if (prealloc) {
|
|
/* Nobody used this memory, ok to free it. */
|
|
free_pages((unsigned long)prealloc, STACK_ALLOC_ORDER);
|
|
}
|
|
if (found)
|
|
retval = found->handle.handle;
|
|
fast_exit:
|
|
return retval;
|
|
}
|
|
EXPORT_SYMBOL_GPL(depot_save_stack);
|