linux.kernel - 26 new messages in 20 topics - digest

linux.kernel
http://groups.google.com/group/linux.kernel?hl=en

linux.kernel@googlegroups.com

Today's topics:

* netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get (v3) - 1
messages, 1 author
http://groups.google.com/group/linux.kernel/t/1f5bd631cfffab0f?hl=en
* x86: don't use module_init in non-modular intel_mid_vrtc.c - 1 messages, 1
author
http://groups.google.com/group/linux.kernel/t/6eefe092b99a14b5?hl=en
* security review needed - Re: [PATCH] ohci: Turn remote DMA support into a
module parameter - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/4da63cb61d11662d?hl=en
* [trivial] scripts: Fix comment and message typo in checkpatch.pl - 1
messages, 1 author
http://groups.google.com/group/linux.kernel/t/78970ecb13aca016?hl=en
* docs: Update FireWire debugging documentation - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/08d58ded86ce9372?hl=en
* mmc: arasan: Add driver for Arasan SDHCI - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/0c94d27019dd7cb2?hl=en
* perf record: Rename 'perf_record' to plain ' record' - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/41d136dea372fc5b?hl=en
* tools lib traceevent: Add global QUIET_CC_FPIC build output - 3 messages, 1
author
http://groups.google.com/group/linux.kernel/t/3e1aa0b8b884cd89?hl=en
* perf record: Simplify perf_record__write - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/01420ebda54de9b7?hl=en
* perf config: Ignore generated files in feature-checks - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/c367c25dea995d4a?hl=en
* perf report: Rename 'perf_report' to 'report' - 2 messages, 1 author
http://groups.google.com/group/linux.kernel/t/52132f55d4d856d9?hl=en
* perf annotate: Add inc_samples method to addr_map_symbol - 1 messages, 1
author
http://groups.google.com/group/linux.kernel/t/7a9ff83ca9ad6852?hl=en
* perf report: Introduce helpers for processing callchains - 1 messages, 1
author
http://groups.google.com/group/linux.kernel/t/58198107a7f7396b?hl=en
* perf tools: Get rid of a duplicate va_end() in error reporting routine - 2
messages, 1 author
http://groups.google.com/group/linux.kernel/t/52c5660c8366c40a?hl=en
* perf tools: Add support for PERF_RECORD_MISC_GUEST_USER in thread__find_addr_
map(). - 2 messages, 1 author
http://groups.google.com/group/linux.kernel/t/83bce5d6004719b8?hl=en
* perf scripting perl: Shorten function signatures - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/e35b618b25e531f7?hl=en
* perf scripting python: Shorten function signatures - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/529b6279c7167111?hl=en
* tools lib traceevent: Introduce pevent_filter_strerror() - 1 messages, 1
author
http://groups.google.com/group/linux.kernel/t/6b3ca1f3e6f01b3a?hl=en
* perf kvm: Fix kvm report without guestmount. - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/5b34514f7a8f9e7f?hl=en
* perf sort: Compare addresses if no symbol info - 2 messages, 1 author
http://groups.google.com/group/linux.kernel/t/1ba1f58305391916?hl=en

==============================================================================
TOPIC: netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get (v3)
http://groups.google.com/group/linux.kernel/t/1f5bd631cfffab0f?hl=en
==============================================================================

== 1 of 1 ==
Date: Sun, Jan 12 2014 10:00 am
From: Andrey Vagin


Lets look at destroy_conntrack:

hlist_nulls_del_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode);
...
nf_conntrack_free(ct)
kmem_cache_free(net->ct.nf_conntrack_cachep, ct);

net->ct.nf_conntrack_cachep is created with SLAB_DESTROY_BY_RCU.

The hash is protected by rcu, so readers look up conntracks without
locks.
A conntrack is removed from the hash, but in this moment a few readers
still can use the conntrack. Then this conntrack is released and another
thread creates conntrack with the same address and the equal tuple.
After this a reader starts to validate the conntrack:
* It's not dying, because a new conntrack was created
* nf_ct_tuple_equal() returns true.

But this conntrack is not initialized yet, so it can not be used by two
threads concurrently. In this case BUG_ON may be triggered from
nf_nat_setup_info().

Florian Westphal suggested to check the confirm bit too. I think it's
right.

task 1 task 2 task 3
nf_conntrack_find_get
____nf_conntrack_find
destroy_conntrack
hlist_nulls_del_rcu
nf_conntrack_free
kmem_cache_free
__nf_conntrack_alloc
kmem_cache_alloc
memset(&ct->tuplehash[IP_CT_DIR_MAX],
if (nf_ct_is_dying(ct))
if (!nf_ct_tuple_equal()

I'm not sure, that I have ever seen this race condition in a real life.
Currently we are investigating a bug, which is reproduced on a few nodes.
In our case one conntrack is initialized from a few tasks concurrently,
we don't have any other explanation for this.

<2>[46267.083061] kernel BUG at net/ipv4/netfilter/nf_nat_core.c:322!
...
<4>[46267.083951] RIP: 0010:[<ffffffffa01e00a4>] [<ffffffffa01e00a4>] nf_nat_setup_info+0x564/0x590 [nf_nat]
...
<4>[46267.085549] Call Trace:
<4>[46267.085622] [<ffffffffa023421b>] alloc_null_binding+0x5b/0xa0 [iptable_nat]
<4>[46267.085697] [<ffffffffa02342bc>] nf_nat_rule_find+0x5c/0x80 [iptable_nat]
<4>[46267.085770] [<ffffffffa0234521>] nf_nat_fn+0x111/0x260 [iptable_nat]
<4>[46267.085843] [<ffffffffa0234798>] nf_nat_out+0x48/0xd0 [iptable_nat]
<4>[46267.085919] [<ffffffff814841b9>] nf_iterate+0x69/0xb0
<4>[46267.085991] [<ffffffff81494e70>] ? ip_finish_output+0x0/0x2f0
<4>[46267.086063] [<ffffffff81484374>] nf_hook_slow+0x74/0x110
<4>[46267.086133] [<ffffffff81494e70>] ? ip_finish_output+0x0/0x2f0
<4>[46267.086207] [<ffffffff814b5890>] ? dst_output+0x0/0x20
<4>[46267.086277] [<ffffffff81495204>] ip_output+0xa4/0xc0
<4>[46267.086346] [<ffffffff814b65a4>] raw_sendmsg+0x8b4/0x910
<4>[46267.086419] [<ffffffff814c10fa>] inet_sendmsg+0x4a/0xb0
<4>[46267.086491] [<ffffffff814459aa>] ? sock_update_classid+0x3a/0x50
<4>[46267.086562] [<ffffffff81444d67>] sock_sendmsg+0x117/0x140
<4>[46267.086638] [<ffffffff8151997b>] ? _spin_unlock_bh+0x1b/0x20
<4>[46267.086712] [<ffffffff8109d370>] ? autoremove_wake_function+0x0/0x40
<4>[46267.086785] [<ffffffff81495e80>] ? do_ip_setsockopt+0x90/0xd80
<4>[46267.086858] [<ffffffff8100be0e>] ? call_function_interrupt+0xe/0x20
<4>[46267.086936] [<ffffffff8118cb10>] ? ub_slab_ptr+0x20/0x90
<4>[46267.087006] [<ffffffff8118cb10>] ? ub_slab_ptr+0x20/0x90
<4>[46267.087081] [<ffffffff8118f2e8>] ? kmem_cache_alloc+0xd8/0x1e0
<4>[46267.087151] [<ffffffff81445599>] sys_sendto+0x139/0x190
<4>[46267.087229] [<ffffffff81448c0d>] ? sock_setsockopt+0x16d/0x6f0
<4>[46267.087303] [<ffffffff810efa47>] ? audit_syscall_entry+0x1d7/0x200
<4>[46267.087378] [<ffffffff810ef795>] ? __audit_syscall_exit+0x265/0x290
<4>[46267.087454] [<ffffffff81474885>] ? compat_sys_setsockopt+0x75/0x210
<4>[46267.087531] [<ffffffff81474b5f>] compat_sys_socketcall+0x13f/0x210
<4>[46267.087607] [<ffffffff8104dea3>] ia32_sysret+0x0/0x5
<4>[46267.087676] Code: 91 20 e2 01 75 29 48 89 de 4c 89 f7 e8 56 fa ff ff 85 c0 0f 84 68 fc ff ff 0f b6 4d c6 41 8b 45 00 e9 4d fb ff ff e8 7c 19 e9 e0 <0f> 0b eb fe f6 05 17 91 20 e2 80 74 ce 80 3d 5f 2e 00 00 00 74
<1>[46267.088023] RIP [<ffffffffa01e00a4>] nf_nat_setup_info+0x564/0x590

v2: move nf_ct_is_confirmed into the unlikely() annotation
v3: Eric suggested to fix refcnt, so that it becomes zero before adding
in a hash, but we can't find a way how to do that. Another way is to
interpret the confirm bit as part of a search key and check it in
____nf_conntrack_find() too.

Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
---
net/netfilter/nf_conntrack_core.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 43549eb..af6ad2e 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -318,6 +318,21 @@ static void death_by_timeout(unsigned long ul_conntrack)
nf_ct_delete((struct nf_conn *)ul_conntrack, 0, 0);
}

+static inline bool
+nf_ct_key_equal(struct nf_conntrack_tuple_hash *h,
+ const struct nf_conntrack_tuple *tuple,
+ u16 zone)
+{
+ struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(h);
+
+ /* A conntrack can be recreated with the equal tuple,
+ * so we need to check that the conntrack is confirmed
+ */
+ return nf_ct_tuple_equal(tuple, &h->tuple) &&
+ nf_ct_zone(ct) == zone &&
+ nf_ct_is_confirmed(ct);
+}
+
/*
* Warning :
* - Caller must take a reference on returned object
@@ -339,8 +354,7 @@ ____nf_conntrack_find(struct net *net, u16 zone,
local_bh_disable();
begin:
hlist_nulls_for_each_entry_rcu(h, n, &net->ct.hash[bucket], hnnode) {
- if (nf_ct_tuple_equal(tuple, &h->tuple) &&
- nf_ct_zone(nf_ct_tuplehash_to_ctrack(h)) == zone) {
+ if (nf_ct_key_equal(h, tuple, zone)) {
NF_CT_STAT_INC(net, found);
local_bh_enable();
return h;
@@ -387,8 +401,7 @@ begin:
!atomic_inc_not_zero(&ct->ct_general.use)))
h = NULL;
else {
- if (unlikely(!nf_ct_tuple_equal(tuple, &h->tuple) ||
- nf_ct_zone(ct) != zone)) {
+ if (unlikely(!nf_ct_key_equal(h, tuple, zone))) {
nf_ct_put(ct);
goto begin;
}
--
1.8.4.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/





==============================================================================
TOPIC: x86: don't use module_init in non-modular intel_mid_vrtc.c
http://groups.google.com/group/linux.kernel/t/6eefe092b99a14b5?hl=en
==============================================================================

== 1 of 1 ==
Date: Sun, Jan 12 2014 10:00 am
From: Paul Gortmaker


The X86_INTEL_MID option is bool, and hence this code is either
present or absent. It will never be modular, so using
module_init as an alias for __initcall is rather misleading.

Fix this up now, so that we can relocate module_init from
init.h into module.h in the future. If we don't do this, we'd
have to add module.h to obviously non-modular code, and that
would be a worse thing.

Note that direct use of __initcall is discouraged, vs. one
of the priority categorized subgroups. As __initcall gets
mapped onto device_initcall, our use of device_initcall
directly in this change means that the runtime impact is
zero -- it will remain at level 6 in initcall ordering.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

diff --git a/arch/x86/platform/intel-mid/intel_mid_vrtc.c b/arch/x86/platform/intel-mid/intel_mid_vrtc.c
index 4762cff7facd..d79e79a232fa 100644
--- a/arch/x86/platform/intel-mid/intel_mid_vrtc.c
+++ b/arch/x86/platform/intel-mid/intel_mid_vrtc.c
@@ -173,5 +173,4 @@ static int __init intel_mid_device_create(void)

return platform_device_register(&vrtc_device);
}
-
-module_init(intel_mid_device_create);
+device_initcall(intel_mid_device_create);
--
1.8.5.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/





==============================================================================
TOPIC: security review needed - Re: [PATCH] ohci: Turn remote DMA support into
a module parameter
http://groups.google.com/group/linux.kernel/t/4da63cb61d11662d?hl=en
==============================================================================

== 1 of 1 ==
Date: Sun, Jan 12 2014 10:00 am
From: Stefan Richter


On Dec 23 Stefan Richter wrote:
> On Dec 22 Lubomir Rintel wrote:
> > This makes it possible to debug kernel over FireWire without the need to
> > recompile it.
> >
> > Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
> > Cc: Dave Hansen <dave.hansen@linux.intel.com>
> > Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
>
> Looks good to me. A load-time option is preferable over a compile-time
> option not only from the POV of the debugging use case, but also from the
> maintenance POV.
>
> It weakens security in two scenarios though, AFAICS:
>
> A)
> - There are firewire-ohci and firewire-sbp2 installed on the machine,
> - the attacker cannot upload code
> - but can load kernel modules
> - and has physical access to a 1394 port
> - and is not able to run a minimal SBP-2 target on the remote 1394 end.
>
> B)
> - There is firewire-ohci but not firewire-sbp2 installed on the machine,
> - the attacker cannot upload code
> - but can load kernel modules
> - and has physical access to a 1394 port.
>
> (In both scenarios, the attacker additionally has to be able to /un/load
> kernel modules if firewire-ohci was loaded already before the attack.)
>
> That's both quite specific. Hence the security impact of this patch is
> negligible in my opinion. Any other opinions or insights into it?

Since there were no objections, I committed it to linux1394.git master
and for-next now.
--
Stefan Richter
-=====-====- ---= -==--
http://arcgraph.de/sr/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/





==============================================================================
TOPIC: [trivial] scripts: Fix comment and message typo in checkpatch.pl
http://groups.google.com/group/linux.kernel/t/78970ecb13aca016?hl=en
==============================================================================

== 1 of 1 ==
Date: Sun, Jan 12 2014 10:10 am
From: Joe Perches


On Mon, 2014-01-13 at 02:23 +0900, Masanari Iida wrote:
> This patch corrected a spelling typo in comment
> and messages in checkpatch.pl.
[]
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
[]
> @@ -4218,7 +4218,7 @@ sub process {
> }
> }
>
> -# check for case / default statements not preceeded by break/fallthrough/switch
> +# check for case / default statements not preceded by break/fallthrough/switch
> if ($line =~ /^.\s*(?:case\s+(?:$Ident|$Constant)\s*|default):/) {
> my $has_break = 0;
> my $has_statement = 0;
> @@ -4239,7 +4239,7 @@ sub process {
> }
> if (!$has_break && $has_statement) {
> WARN("MISSING_BREAK",
> - "Possible switch case/default not preceeded by break or fallthrough comment\n" . $herecurr);
> + "Possible switch case/default not preceded by break or fallthrough comment\n" . $herecurr);
> }
> }

Thanks.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/





==============================================================================
TOPIC: docs: Update FireWire debugging documentation
http://groups.google.com/group/linux.kernel/t/08d58ded86ce9372?hl=en
==============================================================================

== 1 of 1 ==
Date: Sun, Jan 12 2014 10:10 am
From: Stefan Richter


On Dec 23 Stefan Richter wrote:
> CC'ing linux1394-devel, quoting in full.

(forgot to Cc akpm, who pointed me to the patch in the first place.)

> On Dec 22 Lubomir Rintel wrote:
> > The old firewire stack is long dead now and a new version firescope has been
> > released with support for current kernels.
> >
> > Cc: Rob Landley <rob@landley.net>
> > Cc: Justin P. Mattock <justinmattock@gmail.com>
> > Cc: Bernhard Kaindl <bk@suse.de>
> > Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
>
> Reviewed-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
>
> > ---
> > Documentation/debugging-via-ohci1394.txt | 24 +++++++++---------------
> > Documentation/power/basic-pm-debugging.txt | 2 +-
> > 2 files changed, 10 insertions(+), 16 deletions(-)
>
> Rob, will you be taking this or should it go into linux1394.git?
>
> Lubomir sent another patch for linux1394.git which among else also touches
> Documentation/debugging-via-ohci1394.txt, but git's default merge strategy
> handles this overlap automatically and correctly. I.e. this can go
> separate ways to upstream.
> (http://marc.info/?l=linux1394-devel&m=138770970409985,
> "[PATCH] ohci: Turn remote DMA support into a module parameter")

Meanwhile, Andrew put the patch into -mm. Given that linux1394.git is a
little bit more on-topic for this, and now that I committed the mentioned
related firewire-ohci patch, I copied the Documentation patch from -mm into
linux1394.git (and Andrew will drop it automatically AFAIK).
--
Stefan Richter
-=====-====- ---= -==--
http://arcgraph.de/sr/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/





==============================================================================
TOPIC: mmc: arasan: Add driver for Arasan SDHCI
http://groups.google.com/group/linux.kernel/t/0c94d27019dd7cb2?hl=en
==============================================================================

== 1 of 1 ==
Date: Sun, Jan 12 2014 10:10 am
From: Chris Ball


Hi Soren,

On Mon, Dec 02 2013, Soren Brinkmann wrote:
> Add a driver for Arasan's SDHCI controller core.
>
> Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
> Acked-by: Rob Herring <rob.herring@calxeda.com> [binding]

Thanks, pushed patch 1/2 to mmc-next for 3.14.

- Chris.
--
Chris Ball <chris@printf.net> <http://printf.net/>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/





==============================================================================
TOPIC: perf record: Rename 'perf_record' to plain ' record'
http://groups.google.com/group/linux.kernel/t/41d136dea372fc5b?hl=en
==============================================================================

== 1 of 1 ==
Date: Sun, Jan 12 2014 10:40 am
From: tip-bot for Arnaldo Carvalho de Melo


Commit-ID: 8c6f45a7c263840c27dfe846d40577b49e43b85b
Gitweb: http://git.kernel.org/tip/8c6f45a7c263840c27dfe846d40577b49e43b85b
Author: Arnaldo Carvalho de Melo <acme@redhat.com>
AuthorDate: Thu, 19 Dec 2013 14:38:03 -0300
Committer: Arnaldo Carvalho de Melo <acme@redhat.com>
CommitDate: Thu, 19 Dec 2013 14:38:03 -0300

perf record: Rename 'perf_record' to plain 'record'

Its a local struct and the functions use the __ separator from the class
name to the method name, so its unlikely that this will clash with other
namespaces.

Save some typing then.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lkml.kernel.org/n/tip-r011tdv7ianars9jr9ur2n4q@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/builtin-record.c | 58 ++++++++++++++++++++++-----------------------
1 file changed, 28 insertions(+), 30 deletions(-)

diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c
index e8d606c..f2624d4 100644
--- a/tools/perf/builtin-record.c
+++ b/tools/perf/builtin-record.c
@@ -62,7 +62,7 @@ static void __handle_on_exit_funcs(void)
}