Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull more perf updates from Ingo Molnar:
 "A second round of perf updates:

   - wide reaching kprobes sanitization and robustization, with the hope
     of fixing all 'probe this function crashes the kernel' bugs, by
     Masami Hiramatsu.

   - uprobes updates from Oleg Nesterov: tmpfs support, corner case
     fixes and robustization work.

   - perf tooling updates and fixes from Jiri Olsa, Namhyung Ki, Arnaldo
     et al:
        * Add support to accumulate hist periods (Namhyung Kim)
        * various fixes, refactorings and enhancements"

* 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (101 commits)
  perf: Differentiate exec() and non-exec() comm events
  perf: Fix perf_event_comm() vs. exec() assumption
  uprobes/x86: Rename arch_uprobe->def to ->defparam, minor comment updates
  perf/documentation: Add description for conditional branch filter
  perf/x86: Add conditional branch filtering support
  perf/tool: Add conditional branch filter 'cond' to perf record
  perf: Add new conditional branch filter 'PERF_SAMPLE_BRANCH_COND'
  uprobes: Teach copy_insn() to support tmpfs
  uprobes: Shift ->readpage check from __copy_insn() to uprobe_register()
  perf/x86: Use common PMU interrupt disabled code
  perf/ARM: Use common PMU interrupt disabled code
  perf: Disable sampled events if no PMU interrupt
  perf: Fix use after free in perf_remove_from_context()
  perf tools: Fix 'make help' message error
  perf record: Fix poll return value propagation
  perf tools: Move elide bool into perf_hpp_fmt struct
  perf tools: Remove elide setup for SORT_MODE__MEMORY mode
  perf tools: Fix "==" into "=" in ui_browser__warning assignment
  perf tools: Allow overriding sysfs and proc finding with env var
  perf tools: Consider header files outside perf directory in tags target
  ...

2 files changed, 60 insertions, 35 deletions

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 24d35cc38e42..5fa58e4cffac 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -2974,6 +2974,22 @@ out:
         local_irq_restore(flags);
 }
 
+void perf_event_exec(void)
+{
+        struct perf_event_context *ctx;
+        int ctxn;
+
+        rcu_read_lock();
+        for_each_task_context_nr(ctxn) {
+                ctx = current->perf_event_ctxp[ctxn];
+                if (!ctx)
+                        continue;
+
+                perf_event_enable_on_exec(ctx);
+        }
+        rcu_read_unlock();
+}
+
 /*
  * Cross CPU call to read the hardware event
  */
@@ -5075,21 +5091,9 @@ static void perf_event_comm_event(struct perf_comm_event *comm_event)
                        NULL);
 }
 
-void perf_event_comm(struct task_struct *task)
+void perf_event_comm(struct task_struct *task, bool exec)
 {
         struct perf_comm_event comm_event;
-        struct perf_event_context *ctx;
-        int ctxn;
-
-        rcu_read_lock();
-        for_each_task_context_nr(ctxn) {
-                ctx = task->perf_event_ctxp[ctxn];
-                if (!ctx)
-                        continue;
-
-                perf_event_enable_on_exec(ctx);
-        }
-        rcu_read_unlock();
 
         if (!atomic_read(&nr_comm_events))
                 return;
@@ -5101,7 +5105,7 @@ void perf_event_comm(struct task_struct *task)
                 .event_id  = {
                         .header = {
                                 .type = PERF_RECORD_COMM,
-                                .misc = 0,
+                                .misc = exec ? PERF_RECORD_MISC_COMM_EXEC : 0,
                                 /* .size */
                         },
                         /* .pid */
@@ -7122,6 +7126,13 @@ SYSCALL_DEFINE5(perf_event_open,
                 }
         }
 
+        if (is_sampling_event(event)) {
+                if (event->pmu->capabilities & PERF_PMU_CAP_NO_INTERRUPT) {
+                        err = -ENOTSUPP;
+                        goto err_alloc;
+                }
+        }
+
         account_event(event);
 
         /*
@@ -7433,7 +7444,7 @@ __perf_event_exit_task(struct perf_event *child_event,
 
 static void perf_event_exit_task_context(struct task_struct *child, int ctxn)
 {
-        struct perf_event *child_event;
+        struct perf_event *child_event, *next;
         struct perf_event_context *child_ctx;
         unsigned long flags;
 
@@ -7487,7 +7498,7 @@ static void perf_event_exit_task_context(struct task_struct *child, int ctxn)
          */
         mutex_lock(&child_ctx->mutex);
 
-        list_for_each_entry_rcu(child_event, &child_ctx->event_list, event_entry)
+        list_for_each_entry_safe(child_event, next, &child_ctx->event_list, event_entry)
                 __perf_event_exit_task(child_event, child_ctx, child);
 
         mutex_unlock(&child_ctx->mutex);
diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
index adcd76a96839..c445e392e93f 100644
--- a/kernel/events/uprobes.c
+++ b/kernel/events/uprobes.c
@@ -36,6 +36,7 @@
 #include "../../mm/internal.h"  /* munlock_vma_page */
 #include <linux/percpu-rwsem.h>
 #include <linux/task_work.h>
+#include <linux/shmem_fs.h>
 
 #include <linux/uprobes.h>
 
@@ -127,7 +128,7 @@ struct xol_area {
  */
 static bool valid_vma(struct vm_area_struct *vma, bool is_register)
 {
-        vm_flags_t flags = VM_HUGETLB | VM_MAYEXEC | VM_SHARED;
+        vm_flags_t flags = VM_HUGETLB | VM_MAYEXEC | VM_MAYSHARE;
 
         if (is_register)
                 flags |= VM_WRITE;
@@ -279,18 +280,13 @@ static int verify_opcode(struct page *page, unsigned long vaddr, uprobe_opcode_t
  * supported by that architecture then we need to modify is_trap_at_addr and
  * uprobe_write_opcode accordingly. This would never be a problem for archs
  * that have fixed length instructions.
- */
-
-/*
+ *
  * uprobe_write_opcode - write the opcode at a given virtual address.
  * @mm: the probed process address space.
  * @vaddr: the virtual address to store the opcode.
  * @opcode: opcode to be written at @vaddr.
  *
- * Called with mm->mmap_sem held (for read and with a reference to
- * mm).
- *
- * For mm @mm, write the opcode at @vaddr.
+ * Called with mm->mmap_sem held for write.
  * Return 0 (success) or a negative errno.
  */
 int uprobe_write_opcode(struct mm_struct *mm, unsigned long vaddr,
@@ -310,21 +306,25 @@ retry:
         if (ret <= 0)
                 goto put_old;
 
+        ret = anon_vma_prepare(vma);
+        if (ret)
+                goto put_old;
+
         ret = -ENOMEM;
         new_page = alloc_page_vma(GFP_HIGHUSER_MOVABLE, vma, vaddr);
         if (!new_page)
                 goto put_old;
 
-        __SetPageUptodate(new_page);
+        if (mem_cgroup_charge_anon(new_page, mm, GFP_KERNEL))
+                goto put_new;
 
+        __SetPageUptodate(new_page);
         copy_highpage(new_page, old_page);
         copy_to_page(new_page, vaddr, &opcode, UPROBE_SWBP_INSN_SIZE);
 
-        ret = anon_vma_prepare(vma);
-        if (ret)
-                goto put_new;
-
         ret = __replace_page(vma, vaddr, old_page, new_page);
+        if (ret)
+                mem_cgroup_uncharge_page(new_page);
 
 put_new:
         page_cache_release(new_page);
@@ -537,14 +537,15 @@ static int __copy_insn(struct address_space *mapping, struct file *filp,
                         void *insn, int nbytes, loff_t offset)
 {
         struct page *page;
-
-        if (!mapping->a_ops->readpage)
-                return -EIO;
         /*
-         * Ensure that the page that has the original instruction is
-         * populated and in page-cache.
+         * Ensure that the page that has the original instruction is populated
+         * and in page-cache. If ->readpage == NULL it must be shmem_mapping(),
+         * see uprobe_register().
          */
-        page = read_mapping_page(mapping, offset >> PAGE_CACHE_SHIFT, filp);
+        if (mapping->a_ops->readpage)
+                page = read_mapping_page(mapping, offset >> PAGE_CACHE_SHIFT, filp);
+        else
+                page = shmem_read_mapping_page(mapping, offset >> PAGE_CACHE_SHIFT);
         if (IS_ERR(page))
                 return PTR_ERR(page);
 
@@ -880,6 +881,9 @@ int uprobe_register(struct inode *inode, loff_t offset, struct uprobe_consumer *
         if (!uc->handler && !uc->ret_handler)
                 return -EINVAL;
 
+        /* copy_insn() uses read_mapping_page() or shmem_read_mapping_page() */
+        if (!inode->i_mapping->a_ops->readpage && !shmem_mapping(inode->i_mapping))
+                return -EIO;
         /* Racy, just to catch the obvious mistakes */
         if (offset > i_size_read(inode))
                 return -EINVAL;
@@ -1361,6 +1365,16 @@ unsigned long __weak uprobe_get_swbp_addr(struct pt_regs *regs)
         return instruction_pointer(regs) - UPROBE_SWBP_INSN_SIZE;
 }
 
+unsigned long uprobe_get_trap_addr(struct pt_regs *regs)
+{
+        struct uprobe_task *utask = current->utask;
+
+        if (unlikely(utask && utask->active_uprobe))
+                return utask->vaddr;
+
+        return instruction_pointer(regs);
+}
+
 /*
  * Called with no locks held.
  * Called in context of a exiting or a exec-ing thread.