October 2021 - Linux-stable-mirror

[PATCH 5.4 0/3] usb: hso: backport CVE-2021-37159 fix

by Ovidiu Panait

All 3 upstream commits apply cleanly: * 5fcfb6d0bfcd ("hso: fix bailout in error case of probe") is a support patch needed for context * a6ecfb39ba9d ("usb: hso: fix error handling code of hso_create_net_device") is the actual fix * dcb713d53e2e ("usb: hso: remove the bailout parameter") is a follow up cleanup commit Dongliang Mu (2): usb: hso: fix error handling code of hso_create_net_device usb: hso: remove the bailout parameter Oliver Neukum (1): hso: fix bailout in error case of probe drivers/net/usb/hso.c | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) -- 2.25.1

2 years, 8 months

4
9
0 0

[PATCH 5.10 1/1] usb: hso: remove the bailout parameter

by Ovidiu Panait

From: Dongliang Mu <mudongliangabcd(a)gmail.com> commit dcb713d53e2eadf42b878c12a471e74dc6ed3145 upstream. There are two invocation sites of hso_free_net_device. After refactoring hso_create_net_device, this parameter is useless. Remove the bailout in the hso_free_net_device and change the invocation sites of this function. Signed-off-by: Dongliang Mu <mudongliangabcd(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Ovidiu Panait <ovidiu.panait(a)windriver.com> --- Backport this cleanup patch to 5.10 and 5.14 in order to keep the codebase consistent with the following 4.14/4.19/5.4 patchseries: [4.14] https://lore.kernel.org/stable/20210928151544.270412-1-ovidiu.panait@windri… [4.19] https://lore.kernel.org/stable/20210928143001.202223-1-ovidiu.panait@windri… [5.4] https://lore.kernel.org/stable/YVNs%2FmLb9YXNz7G+@eldamar.lan/T/#m5a020c331… drivers/net/usb/hso.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c index f269337c82c5..6940fbe4f096 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -2354,7 +2354,7 @@ static int remove_net_device(struct hso_device *hso_dev) } /* Frees our network device */ -static void hso_free_net_device(struct hso_device *hso_dev, bool bailout) +static void hso_free_net_device(struct hso_device *hso_dev) { int i; struct hso_net *hso_net = dev2net(hso_dev); @@ -2377,7 +2377,7 @@ static void hso_free_net_device(struct hso_device *hso_dev, bool bailout) kfree(hso_net->mux_bulk_tx_buf); hso_net->mux_bulk_tx_buf = NULL; - if (hso_net->net && !bailout) + if (hso_net->net) free_netdev(hso_net->net); kfree(hso_dev); @@ -3139,7 +3139,7 @@ static void hso_free_interface(struct usb_interface *interface) rfkill_unregister(rfk); rfkill_destroy(rfk); } - hso_free_net_device(network_table[i], false); + hso_free_net_device(network_table[i]); } } } -- 2.25.1

2 years, 8 months

2
2
0 0

[PATCH v4.4 v4.9 v4.14] arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55

by Nanyong Sun

From: Suzuki K Poulose <suzuki.poulose(a)arm.com> commit c0b15c25d25171db4b70cc0b7dbc1130ee94017d upstream. The erratum 1024718 affects Cortex-A55 r0p0 to r2p0. However we apply the work around for r0p0 - r1p0. Unfortunately this won't be fixed for the future revisions for the CPU. Thus extend the work around for all versions of A55, to cover for r2p0 and any future revisions. Cc: stable(a)vger.kernel.org #v4.4 v4.9 v4.14 Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: James Morse <james.morse(a)arm.com> Cc: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Link: https://lore.kernel.org/r/20210203230057.3961239-1-suzuki.poulose@arm.com [will: Update Kconfig help text] Signed-off-by: Will Deacon <will(a)kernel.org> [Nanyon: adjust for stable version below v4.16, which set TCR_HD earlier in assembly code] Signed-off-by: Nanyong Sun <sunnanyong(a)huawei.com> --- arch/arm64/Kconfig | 2 +- arch/arm64/mm/proc.S | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index e296ae3e20f4..e76f74874a42 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -450,7 +450,7 @@ config ARM64_ERRATUM_1024718 help This option adds work around for Arm Cortex-A55 Erratum 1024718. - Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect + Affected Cortex-A55 cores (all revisions) could cause incorrect update of the hardware dirty bit when the DBM/AP bits are updated without a break-before-make. The work around is to disable the usage of hardware DBM locally on the affected cores. CPUs not affected by diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index ecbc060807d2..a9ff7fb41832 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -455,8 +455,8 @@ ENTRY(__cpu_setup) cmp x9, #2 b.lt 1f #ifdef CONFIG_ARM64_ERRATUM_1024718 - /* Disable hardware DBM on Cortex-A55 r0p0, r0p1 & r1p0 */ - cpu_midr_match MIDR_CORTEX_A55, MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(1, 0), x1, x2, x3, x4 + /* Disable hardware DBM on Cortex-A55 all versions */ + cpu_midr_match MIDR_CORTEX_A55, MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(0xf, 0xf), x1, x2, x3, x4 cbnz x1, 1f #endif orr x10, x10, #TCR_HD // hardware Dirty flag update -- 2.17.1

2 years, 8 months

2
1
0 0

[PATCH stable 4.9 v3 0/4] ARM: ftrace MODULE_PLTS warning

by Florian Fainelli

This patch series is present in v5.14 and fixes warnings seen at insmod with FTRACE and MODULE_PLTS enabled on ARM/Linux. Changes in v3: - resolved build error with allmodconfig enabling CONFIG_OLD_MCOUNT Changes in v2: - included build fix without DYNAMIC_FTRACE - preserved Author's original name in 4.9 submission Alex Sverdlin (4): ARM: 9077/1: PLT: Move struct plt_entries definition to header ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() ARM: 9079/1: ftrace: Add MODULE_PLTS support ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE arch/arm/include/asm/ftrace.h | 3 +++ arch/arm/include/asm/insn.h | 8 +++--- arch/arm/include/asm/module.h | 10 +++++++ arch/arm/kernel/ftrace.c | 45 +++++++++++++++++++++++++++----- arch/arm/kernel/insn.c | 19 +++++++------- arch/arm/kernel/module-plts.c | 49 +++++++++++++++++++++++++++-------- 6 files changed, 103 insertions(+), 31 deletions(-) -- 2.25.1

2 years, 8 months

2
5
0 0

[PATCH 5.14 000/162] 5.14.9-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.14.9 release. There are 162 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Sep 2021 17:02:05 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.14.9-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.14.9-rc1 Jack Pham <jackp(a)codeaurora.org> usb: gadget: f_uac2: Populate SS descriptors' wBytesPerInterval Jack Pham <jackp(a)codeaurora.org> usb: gadget: f_uac2: Add missing companion descriptor for feedback EP Dan Carpenter <dan.carpenter(a)oracle.com> nvmet: fix a width vs precision bug in nvmet_subsys_attr_serial_show() Linus Torvalds <torvalds(a)linux-foundation.org> qnx4: work around gcc false positive warning bug Juergen Gross <jgross(a)suse.com> xen/balloon: fix balloon kthread freezing Laurentiu Tudor <laurentiu.tudor(a)nxp.com> software node: balance refcount for managed software nodes Johan Hovold <johan(a)kernel.org> USB: serial: cp210x: fix dropped characters with CP2102 Peter Collingbourne <pcc(a)google.com> arm64: add MTE supported check to thread switching and syscall entry/exit Marc Zyngier <maz(a)kernel.org> irqchip/armada-370-xp: Fix ack/eoi breakage Antoine Tenart <atenart(a)kernel.org> thermal/drivers/int340x: Do not set a wrong tcc offset on resume Juergen Gross <jgross(a)suse.com> x86/setup: Call early_reserve_memory() earlier Borislav Petkov <bp(a)suse.de> EDAC/dmc520: Assign the proper type to dimm->edac_mode Sai Krishna Potthuri <lakshmi.sai.krishna.potthuri(a)xilinx.com> EDAC/synopsys: Fix wrong value type assignment for edac_mode Linus Torvalds <torvalds(a)linux-foundation.org> Revert drm/vc4 hdmi runtime PM changes Ian Rogers <irogers(a)google.com> libperf evsel: Make use of FD robust. Linus Torvalds <torvalds(a)linux-foundation.org> spi: Fix tegra20 build with CONFIG_PM=n Guenter Roeck <linux(a)roeck-us.net> net: 6pack: Fix tx timeout and slot time Guenter Roeck <linux(a)roeck-us.net> alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile Dan Li <ashimida(a)linux.alibaba.com> arm64: Mark __stack_chk_guard as __ro_after_init Simon Ser <contact(a)emersion.fr> amd/display: enable panel orientation quirks Meenakshikumar Somasundaram <meenakshikumar.somasundaram(a)amd.com> drm/amd/display: Link training retry fix for abort case Qingqing Zhuo <qingqing.zhuo(a)amd.com> drm/amd/display: Fix unstable HPCP compliance on Chrome Barcelo Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdkfd: make needs_pcie_atomics FW-version dependent Helge Deller <deller(a)gmx.de> parisc: Use absolute_pointer() to define PAGE0 Linus Torvalds <torvalds(a)linux-foundation.org> qnx4: avoid stringop-overread errors Linus Torvalds <torvalds(a)linux-foundation.org> sparc: avoid stringop-overread errors Guenter Roeck <linux(a)roeck-us.net> net: i825xx: Use absolute_pointer for memcpy from fixed memory location Guenter Roeck <linux(a)roeck-us.net> compiler.h: Introduce absolute_pointer macro Li Jinlin <lijinlin3(a)huawei.com> blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd Lihong Kou <koulihong(a)huawei.com> block: flush the integrity workqueue in blk_integrity_unregister Christoph Hellwig <hch(a)lst.de> block: check if a profile is actually registered in blk_integrity_unregister Huang Rui <ray.huang(a)amd.com> drm/ttm: fix type mismatch error on sparc64 Simon Ser <contact(a)emersion.fr> amd/display: downgrade validation failure log level Andreas Larsson <andreas(a)gaisler.com> sparc32: page align size in arch_dma_alloc Ruozhu Li <liruozhu(a)huawei.com> nvme-rdma: destroy cm id before destroy qp to avoid use after free Anton Eidelman <anton.eidelman(a)gmail.com> nvme-multipath: fix ANA state updates when a namespace is not present Juergen Gross <jgross(a)suse.com> xen/balloon: use a kernel thread instead a workqueue Bixuan Cui <cuibixuan(a)huawei.com> bpf: Add oversize check before call kvcalloc() Doug Smythies <doug.smythies(a)gmail.com> cpufreq: intel_pstate: Override parameters if HWP forced by BIOS Hamza Mahfooz <someguy(a)effective-light.com> dma-debug: prevent an error message from causing runtime problems zhang kai <zhangkaiheb(a)126.com> ipv6: delay fib6_sernum increase in fib6_add Guenter Roeck <linux(a)roeck-us.net> m68k: Double cast io functions to unsigned long Ming Lei <ming.lei(a)redhat.com> blk-mq: avoid to iterate over stale request Jesper Nilsson <jesper.nilsson(a)axis.com> net: stmmac: allow CSR clock of 300MHz Tong Zhang <ztong0001(a)gmail.com> net: macb: fix use after free on rmmod Nathan Rossi <nathan.rossi(a)digi.com> net: phylink: Update SFP selected interface on advertising changes Zhihao Cheng <chengzhihao1(a)huawei.com> blktrace: Fix uaf in blk_trace access after removing by sysfs Jens Axboe <axboe(a)kernel.dk> io_uring: don't punt files update to io-wq unconditionally Jens Axboe <axboe(a)kernel.dk> io_uring: put provided buffer meta data under memcg accounting Hao Xu <haoxu(a)linux.alibaba.com> io_uring: fix missing set of EPOLLONESHOT for CQ ring overflow Hao Xu <haoxu(a)linux.alibaba.com> io_uring: fix race between poll completion and cancel_hash insertion Kees Cook <keescook(a)chromium.org> x86/asm: Fix SETZ size enqcmds() build failure Christoph Hellwig <hch(a)lst.de> md: fix a lock order reversal in md_alloc Kaige Fu <kaige.fu(a)linux.alibaba.com> irqchip/gic-v3-its: Fix potential VPE leak on error Randy Dunlap <rdunlap(a)infradead.org> irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build Dan Carpenter <dan.carpenter(a)oracle.com> scsi: lpfc: Use correct scnprintf() limit Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: qla2xxx: Restore initiator in dual mode Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Unbreak the reset handler Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: Retry aborted SCSI commands instead of completing these successfully Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: Revert "Utilize Transfer Request List Completion Notification Register" Bart Van Assche <bvanassche(a)acm.org> scsi: sd_zbc: Support disks with more than 2**32 logical blocks Dan Carpenter <dan.carpenter(a)oracle.com> cifs: fix a sign extension bug Dan Carpenter <dan.carpenter(a)oracle.com> thermal/core: Potential buffer overflow in thermal_build_list_of_policies() Christoph Hellwig <hch(a)lst.de> nvme: keep ctrl->namespaces ordered Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: fix incorrect h2cdata pdu offset accounting Jiashuo Liang <liangjs(a)pku.edu.cn> x86/fault: Fix wrong signal when vsyscall fails with pkey Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() Tom Rix <trix(a)redhat.com> fpga: machxo2-spi: Return an error on failure Randy Dunlap <rdunlap(a)infradead.org> tty: synclink_gt: rename a conflicting function name Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix the pgr/alua_support_store functions Baokun Li <libaokun1(a)huawei.com> scsi: iscsi: Adjust iface sysfs attr detection Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: fix dma mapping leaking warning Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: map SVM range with correct access permission Sudarsana Reddy Kalluru <skalluru(a)marvell.com> atlantic: Fix issue in the pm resume flow. Aya Levin <ayal(a)nvidia.com> net/mlx4_en: Don't allow aRFS for encapsulated packets Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: fix forwarding from BLOCKING ports remaining enabled Felix Fietkau <nbd(a)nbd.name> net: ethernet: mtk_eth_soc: avoid creating duplicate offload entries Mark Brown <broonie(a)kernel.org> nfc: st-nci: Add SPI ID matching DT compatible Ido Schimmel <idosch(a)nvidia.com> nexthop: Fix memory leaks in nexthop notification chain listeners Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure tx skbs always have the MPTCP ext Shai Malin <smalin(a)marvell.com> qed: rdma - don't wait for resources under hw error recovery flow Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> gpio: uniphier: Fix void functions to remove return value Hans de Goede <hdegoede(a)redhat.com> gpiolib: acpi: Make set-debounce-timeout failures non fatal Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: fix deadlock during failing recovery Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: fix NULL deref in qeth_clear_working_pool_list() Mark Brown <broonie(a)kernel.org> spi: Revert modalias changes Cristian Marussi <cristian.marussi(a)arm.com> kselftest/arm64: signal: Skip tests if required features are missing Mark Brown <broonie(a)kernel.org> kselftest/arm64: signal: Add SVE to the set of features we can check for Randy Dunlap <rdunlap(a)infradead.org> platform/x86: dell: fix DELL_WMI_PRIVACY dependencies & build error Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: realtek: register the MDIO bus under devres Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: don't allocate the slave_mii_bus using devres Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: fix dsa_tree_setup error path Karsten Graul <kgraul(a)linux.ibm.com> net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work Karsten Graul <kgraul(a)linux.ibm.com> net/smc: add missing error check in smc_clc_prfx_set() Yufeng Mo <moyufeng(a)huawei.com> net: hns3: fix a return value error in hclge_get_reset_status() liaoguojia <liaoguojia(a)huawei.com> net: hns3: check vlan id before using it Yufeng Mo <moyufeng(a)huawei.com> net: hns3: check queue id range before using Jiaran Zhang <zhangjiaran(a)huawei.com> net: hns3: fix misuse vf id and vport id in some logs Jian Shen <shenjian15(a)huawei.com> net: hns3: fix inconsistent vf id print Jian Shen <shenjian15(a)huawei.com> net: hns3: fix change RSS 'hfunc' ineffective issue Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix TX timeout when TX ring size is set to the smallest Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> napi: fix race inside napi_enable Christian Lamparter <chunkeey(a)gmail.com> net: bgmac-bcma: handle deferred probe error due to mac-address Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tear down devlink port regions when tearing down the devlink port on error Randy Dunlap <rdunlap(a)infradead.org> igc: fix build errors for PTP Claudiu Manoil <claudiu.manoil(a)nxp.com> enetc: Fix uninitialized struct dim_sample field usage Claudiu Manoil <claudiu.manoil(a)nxp.com> enetc: Fix illegal access when reading affinity_hint Jason Wang <jasowang(a)redhat.com> virtio-net: fix pages leaking when building skb in big mode Chuck Lever <chuck.lever(a)oracle.com> NLM: Fix svcxdr_encode_owner() Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> regulator: max14577: Revert "regulator: max14577: Add proper module aliases strings" Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR() David Howells <dhowells(a)redhat.com> afs: Fix updating of i_blocks on file/dir extension David Howells <dhowells(a)redhat.com> afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server David Howells <dhowells(a)redhat.com> afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation David Howells <dhowells(a)redhat.com> afs: Fix page leak Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> regulator: qcom-rpmh-regulator: fix pm8009-1 ldo7 resource name Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix memory leak in compat_insnlist() Robin Murphy <robin.murphy(a)arm.com> arm64: Mitigate MTE issues with str{n}cmp() dann frazier <dann.frazier(a)canonical.com> arm64: Restore forced disabling of KPTI on ThunderX Mario Limonciello <mario.limonciello(a)amd.com> platform/x86: amd-pmc: Increase the response register timeout Johan Hovold <johan(a)kernel.org> net: hso: fix muxed tty registration Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Update intermediate power state for SI Naohiro Aota <naohiro.aota(a)wdc.com> scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE Pali Rohár <pali(a)kernel.org> serial: mvebu-uart: fix driver's tx_empty callback Nishanth Menon <nm(a)ti.com> serial: 8250: 8250_omap: Fix RX_LVL register offset Kishon Vijay Abraham I <kishon(a)ti.com> xhci: Set HCD flag to defer primary roothub registration Qu Wenruo <wqu(a)suse.com> btrfs: prevent __btrfs_dump_space_info() to underflow its free space Ido Schimmel <idosch(a)nvidia.com> nexthop: Fix division by zero while replacing a resilient group Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: fix up erofs_lookup tracepoint Sean Christopherson <seanjc(a)google.com> KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest Dan Carpenter <dan.carpenter(a)oracle.com> mcb: fix error handling in mcb_alloc_bus() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> misc: genwqe: Fixes DMA mask setting Johan Hovold <johan(a)kernel.org> misc: bcm-vk: fix tty registration race Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add device id for Foxconn T99W265 Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> USB: serial: option: remove duplicate USB device ID Carlo Lobrano <c.lobrano(a)gmail.com> USB: serial: option: add Telit LN920 compositions Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> USB: serial: mos7840: remove duplicated 0xac24 device ID Kishon Vijay Abraham I <kishon(a)ti.com> usb: core: hcd: Add support for deferring roothub registration Pawel Laszczak <pawell(a)cadence.com> usb: cdns3: fix race condition before setting doorbell Li Jun <jun.li(a)nxp.com> usb: dwc3: core: balance phy init and exit Julian Sikorski <belegdol(a)gmail.com> Re-enable UAS for LaCie Rugged USB3-FW with fk quirk Rui Miguel Silva <rui.silva(a)linaro.org> usb: isp1760: do not sleep in field register poll Johan Hovold <johan(a)kernel.org> staging: greybus: uart: fix tty use after free Li Li <dualli(a)google.com> binder: fix freeze race Todd Kjos <tkjos(a)google.com> binder: make sure fd closes complete Rafał Miłecki <rafal(a)milecki.pl> Revert "USB: bcma: Add a check for devm_gpiod_get" Johan Hovold <johan(a)kernel.org> USB: cdc-acm: fix minor-number release Uwe Brandt <uwe.brandt(a)gmail.com> USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter Ondrej Zary <linux(a)zary.sk> usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c Jan Beulich <jbeulich(a)suse.com> xen/x86: fix PV trap handling on secondary processors Steve French <stfrench(a)microsoft.com> cifs: fix incorrect check for null pointer in header_assemble Rohith Surabattula <rohiths(a)microsoft.com> cifs: Fix soft lockup during fsstress Rohith Surabattula <rohiths(a)microsoft.com> cifs: Not to defer close on file when lock is set Dan Carpenter <dan.carpenter(a)oracle.com> usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave Pavel Hofman <pavel.hofman(a)ivitera.com> usb: gadget: u_audio: EP-OUT bInterval in fback frequency Dan Carpenter <dan.carpenter(a)oracle.com> usb: gadget: r8a66597: fix a loop in set_feature() Chen Jun <chenjun102(a)huawei.com> mm: fix uninitialized use in overcommit_policy_handler Weizhao Ouyang <o451686892(a)gmail.com> mm/debug: sync up MR_CONTIG_RANGE and MR_LONGTERM_PIN Wengang Wang <wen.gang.wang(a)oracle.com> ocfs2: drop acl cache for directories too Naoya Horiguchi <naoya.horiguchi(a)nec.com> mm, hwpoison: add is_free_buddy_page() in HWPoisonHandlable() ------------- Diffstat: Makefile | 4 +- arch/alpha/include/asm/io.h | 6 +- arch/arm64/include/asm/assembler.h | 5 + arch/arm64/include/asm/mte.h | 6 + arch/arm64/include/asm/string.h | 2 + arch/arm64/kernel/cpufeature.c | 8 +- arch/arm64/kernel/mte.c | 10 +- arch/arm64/kernel/process.c | 2 +- arch/arm64/lib/strcmp.S | 2 +- arch/arm64/lib/strncmp.S | 2 +- arch/m68k/include/asm/raw_io.h | 20 +-- arch/parisc/include/asm/page.h | 2 +- arch/s390/include/asm/ccwgroup.h | 2 +- arch/sparc/kernel/ioport.c | 4 +- arch/sparc/kernel/mdesc.c | 3 +- arch/x86/include/asm/pkeys.h | 2 - arch/x86/include/asm/special_insns.h | 2 +- arch/x86/kernel/setup.c | 26 +-- arch/x86/mm/fault.c | 26 ++- arch/x86/xen/enlighten_pv.c | 15 +- block/blk-cgroup.c | 8 + block/blk-integrity.c | 9 +- block/blk-mq-tag.c | 2 +- drivers/android/binder.c | 58 +++++-- drivers/android/binder_internal.h | 2 + drivers/base/swnode.c | 3 + drivers/comedi/comedi_fops.c | 1 + drivers/cpufreq/intel_pstate.c | 22 ++- drivers/edac/dmc520_edac.c | 2 +- drivers/edac/synopsys_edac.c | 2 +- drivers/fpga/machxo2-spi.c | 6 +- drivers/gpio/gpio-uniphier.c | 4 +- drivers/gpio/gpiolib-acpi.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 44 +++-- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 1 + drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 152 ++++++++++------ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 53 +++++- drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c | 10 +- drivers/gpu/drm/amd/pm/powerplay/si_dpm.c | 2 + drivers/gpu/drm/ttm/ttm_pool.c | 3 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 44 ++--- drivers/irqchip/Kconfig | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 +- drivers/irqchip/irq-gic-v3-its.c | 2 +- drivers/mcb/mcb-core.c | 12 +- drivers/md/md.c | 5 - drivers/misc/bcm-vk/bcm_vk_tty.c | 6 +- drivers/misc/genwqe/card_base.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 16 +- drivers/net/dsa/mv88e6xxx/devlink.c | 73 +------- drivers/net/dsa/mv88e6xxx/devlink.h | 6 +- drivers/net/dsa/realtek-smi-core.c | 2 +- .../net/ethernet/aquantia/atlantic/aq_pci_func.c | 4 +- drivers/net/ethernet/broadcom/bgmac-bcma.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 5 + drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 +- drivers/net/ethernet/cadence/macb_pci.c | 2 +- drivers/net/ethernet/freescale/enetc/enetc.c | 7 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_err.c | 8 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 80 ++++++--- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 10 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 2 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 52 ++++-- drivers/net/ethernet/i825xx/82596.c | 2 +- drivers/net/ethernet/intel/Kconfig | 1 + drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 3 + drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 3 + drivers/net/ethernet/mscc/ocelot.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_iwarp.c | 8 + drivers/net/ethernet/qlogic/qed/qed_roce.c | 8 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/hamradio/6pack.c | 4 +- drivers/net/phy/phylink.c | 30 +++- drivers/net/usb/hso.c | 12 +- drivers/net/virtio_net.c | 4 + drivers/net/vxlan.c | 2 +- drivers/nfc/st-nci/spi.c | 1 + drivers/nvme/host/core.c | 33 ++-- drivers/nvme/host/multipath.c | 7 +- drivers/nvme/host/rdma.c | 16 +- drivers/nvme/host/tcp.c | 13 +- drivers/nvme/target/configfs.c | 2 +- drivers/platform/x86/amd-pmc.c | 2 +- drivers/platform/x86/dell/Kconfig | 3 +- drivers/platform/x86/intel_punit_ipc.c | 3 +- drivers/regulator/max14577-regulator.c | 2 - drivers/regulator/qcom-rpmh-regulator.c | 2 +- drivers/s390/cio/ccwgroup.c | 10 +- drivers/s390/net/qeth_core_main.c | 6 +- drivers/scsi/lpfc/lpfc_attr.c | 3 +- drivers/scsi/qla2xxx/qla_init.c | 3 +- drivers/scsi/scsi_transport_iscsi.c | 8 +- drivers/scsi/sd_zbc.c | 8 +- drivers/scsi/ufs/ufshcd.c | 81 ++++----- drivers/scsi/ufs/ufshcd.h | 5 - drivers/scsi/ufs/ufshci.h | 1 - drivers/spi/spi-tegra20-slink.c | 4 +- drivers/spi/spi.c | 8 - drivers/staging/greybus/uart.c | 62 +++---- drivers/target/target_core_configfs.c | 32 ++-- .../int340x_thermal/processor_thermal_device.c | 5 +- drivers/thermal/thermal_core.c | 7 +- drivers/tty/serial/8250/8250_omap.c | 2 +- drivers/tty/serial/mvebu-uart.c | 2 +- drivers/tty/synclink_gt.c | 44 ++--- drivers/usb/cdns3/cdns3-gadget.c | 14 ++ drivers/usb/class/cdc-acm.c | 7 +- drivers/usb/class/cdc-acm.h | 2 + drivers/usb/core/hcd.c | 29 +++- drivers/usb/dwc2/gadget.c | 193 ++++++++++++--------- drivers/usb/dwc3/core.c | 30 ++-- drivers/usb/gadget/function/f_uac2.c | 19 +- drivers/usb/gadget/function/u_audio.c | 13 +- drivers/usb/gadget/udc/r8a66597-udc.c | 2 +- drivers/usb/host/bcma-hcd.c | 5 +- drivers/usb/host/xhci.c | 1 + drivers/usb/isp1760/isp1760-hcd.c | 6 +- drivers/usb/musb/tusb6010.c | 1 + drivers/usb/serial/cp210x.c | 36 ++++ drivers/usb/serial/mos7840.c | 2 - drivers/usb/serial/option.c | 11 +- drivers/usb/storage/unusual_devs.h | 9 +- drivers/usb/storage/unusual_uas.h | 2 +- drivers/xen/balloon.c | 62 +++++-- fs/afs/dir.c | 46 +---- fs/afs/dir_edit.c | 4 +- fs/afs/fs_probe.c | 8 +- fs/afs/fsclient.c | 31 ++-- fs/afs/inode.c | 10 -- fs/afs/internal.h | 11 ++ fs/afs/protocol_afs.h | 15 ++ fs/afs/protocol_yfs.h | 6 + fs/afs/write.c | 12 +- fs/btrfs/space-info.c | 5 +- fs/cifs/cifsglob.h | 1 + fs/cifs/connect.c | 5 +- fs/cifs/file.c | 4 +- fs/cifs/misc.c | 4 +- fs/io_uring.c | 13 +- fs/lockd/svcxdr.h | 13 +- fs/ocfs2/dlmglue.c | 3 +- fs/qnx4/dir.c | 69 ++++++-- include/linux/compiler.h | 2 + include/linux/pkeys.h | 2 + include/linux/usb/hcd.h | 2 + include/net/dsa.h | 8 + include/trace/events/erofs.h | 6 +- include/uapi/linux/android/binder.h | 7 + kernel/bpf/verifier.c | 2 + kernel/dma/debug.c | 3 +- kernel/entry/kvm.c | 4 +- kernel/rseq.c | 14 +- kernel/trace/blktrace.c | 8 + mm/debug.c | 3 +- mm/memory-failure.c | 2 +- mm/util.c | 4 +- net/core/dev.c | 16 +- net/dsa/dsa2.c | 64 ++++++- net/ipv4/nexthop.c | 21 ++- net/ipv6/ip6_fib.c | 3 +- net/mptcp/protocol.c | 4 +- net/smc/smc_clc.c | 3 +- net/smc/smc_core.c | 2 + tools/lib/perf/evsel.c | 64 ++++--- .../testing/selftests/arm64/signal/test_signals.h | 2 + .../selftests/arm64/signal/test_signals_utils.c | 10 +- 167 files changed, 1452 insertions(+), 867 deletions(-)

2 years, 8 months

9
171
0 0

FAILED: patch "[PATCH] libnvdimm/pmem: Fix crash triggered when I/O in-flight during" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 32b2397c1e56f33b0b1881def965bb89bd12f448 Mon Sep 17 00:00:00 2001 From: sumiyawang <sumiyawang(a)tencent.com> Date: Sun, 22 Aug 2021 19:49:09 +0800 Subject: [PATCH] libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind There is a use after free crash when the pmem driver tears down its mapping while I/O is still inbound. This is triggered by driver unbind, "ndctl destroy-namespace", while I/O is in flight. Fix the sequence of blk_cleanup_queue() vs memunmap(). The crash signature is of the form: BUG: unable to handle page fault for address: ffffc90080200000 CPU: 36 PID: 9606 Comm: systemd-udevd Call Trace: ? pmem_do_bvec+0xf9/0x3a0 ? xas_alloc+0x55/0xd0 pmem_rw_page+0x4b/0x80 bdev_read_page+0x86/0xb0 do_mpage_readpage+0x5d4/0x7a0 ? lru_cache_add+0xe/0x10 mpage_readpages+0xf9/0x1c0 ? bd_link_disk_holder+0x1a0/0x1a0 blkdev_readpages+0x1d/0x20 read_pages+0x67/0x1a0 ndctl Call Trace in vmcore: PID: 23473 TASK: ffff88c4fbbe8000 CPU: 1 COMMAND: "ndctl" __schedule schedule blk_mq_freeze_queue_wait blk_freeze_queue blk_cleanup_queue pmem_release_queue devm_action_release release_nodes devres_release_all device_release_driver_internal device_driver_detach unbind_store Cc: <stable(a)vger.kernel.org> Signed-off-by: sumiyawang <sumiyawang(a)tencent.com> Reviewed-by: yongduan <yongduan(a)tencent.com> Link: https://lore.kernel.org/r/1629632949-14749-1-git-send-email-sumiyawang@tenc… Fixes: 50f44ee7248a ("mm/devm_memremap_pages: fix final page put race") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c index 1e0615b8565e..72de88ff0d30 100644 --- a/drivers/nvdimm/pmem.c +++ b/drivers/nvdimm/pmem.c @@ -450,11 +450,11 @@ static int pmem_attach_disk(struct device *dev, pmem->pfn_flags |= PFN_MAP; bb_range = pmem->pgmap.range; } else { + addr = devm_memremap(dev, pmem->phys_addr, + pmem->size, ARCH_MEMREMAP_PMEM); if (devm_add_action_or_reset(dev, pmem_release_queue, &pmem->pgmap)) return -ENOMEM; - addr = devm_memremap(dev, pmem->phys_addr, - pmem->size, ARCH_MEMREMAP_PMEM); bb_range.start = res->start; bb_range.end = res->end; }

2 years, 8 months

3
2
0 0

[PATCH 5.4] PCI: Fix pci_host_bridge struct device release/free handling

by Tyler Hicks

From: Rob Herring <robh(a)kernel.org> commit 9885440b16b8fc1dd7275800fd28f56a92f60896 upstream. The PCI code has several paths where the struct pci_host_bridge is freed directly. This is wrong because it contains a struct device which is refcounted and should be freed using put_device(). This can result in use-after-free errors. I think this problem has existed since 2012 with commit 7b5436635800 ("PCI: add generic device into pci_host_bridge struct"). It generally hasn't mattered as most host bridge drivers are still built-in and can't unbind. The problem is a struct device should never be freed directly once device_initialize() is called and a ref is held, but that doesn't happen until pci_register_host_bridge(). There's then a window between allocating the host bridge and pci_register_host_bridge() where kfree should be used. This is fragile and requires callers to do the right thing. To fix this, we need to split device_register() into device_initialize() and device_add() calls, so that the host bridge struct is always freed by using a put_device(). devm_pci_alloc_host_bridge() is using devm_kzalloc() to allocate struct pci_host_bridge which will be freed directly. Instead, we can use a custom devres action to call put_device(). Link: https://lore.kernel.org/r/20200513223859.11295-2-robh@kernel.org Reported-by: Anders Roxell <anders.roxell(a)linaro.org> Tested-by: Anders Roxell <anders.roxell(a)linaro.org> Signed-off-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Acked-by: Arnd Bergmann <arnd(a)arndb.de> [tyhicks: Minor contextual change in pci_init_host_bridge() due to the lack of a native_dpc member in the pci_host_bridge struct. It was added in v5.7 with commit ac1c8e35a326 ("PCI/DPC: Add Error Disconnect Recover (EDR) support")] Signed-off-by: Tyler Hicks <tyhicks(a)linux.microsoft.com> --- This commit has been identified as a fix for random memory corruption that we're experiencing in production. The memory corruption is easily reproducible on 5.4.150 and we get a nice KASAN splat that led us to discovering the upstream fix that wasn't marked for stable inclusion. I don't see any obvious reasons why this wouldn't be a valid linux-5.4.y candidate and hope we can get it applied there. I've verified that the KASAN splat goes away and I don't see any other evidence of the memory corruption issue once this commit is applied to 5.4.150. drivers/pci/probe.c | 36 +++++++++++++++++++----------------- drivers/pci/remove.c | 2 +- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index f28213b62527..a41d04c57642 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -564,7 +564,7 @@ static struct pci_bus *pci_alloc_bus(struct pci_bus *parent) return b; } -static void devm_pci_release_host_bridge_dev(struct device *dev) +static void pci_release_host_bridge_dev(struct device *dev) { struct pci_host_bridge *bridge = to_pci_host_bridge(dev); @@ -573,12 +573,7 @@ static void devm_pci_release_host_bridge_dev(struct device *dev) pci_free_resource_list(&bridge->windows); pci_free_resource_list(&bridge->dma_ranges); -} - -static void pci_release_host_bridge_dev(struct device *dev) -{ - devm_pci_release_host_bridge_dev(dev); - kfree(to_pci_host_bridge(dev)); + kfree(bridge); } static void pci_init_host_bridge(struct pci_host_bridge *bridge) @@ -597,6 +592,8 @@ static void pci_init_host_bridge(struct pci_host_bridge *bridge) bridge->native_shpc_hotplug = 1; bridge->native_pme = 1; bridge->native_ltr = 1; + + device_initialize(&bridge->dev); } struct pci_host_bridge *pci_alloc_host_bridge(size_t priv) @@ -614,17 +611,25 @@ struct pci_host_bridge *pci_alloc_host_bridge(size_t priv) } EXPORT_SYMBOL(pci_alloc_host_bridge); +static void devm_pci_alloc_host_bridge_release(void *data) +{ + pci_free_host_bridge(data); +} + struct pci_host_bridge *devm_pci_alloc_host_bridge(struct device *dev, size_t priv) { + int ret; struct pci_host_bridge *bridge; - bridge = devm_kzalloc(dev, sizeof(*bridge) + priv, GFP_KERNEL); + bridge = pci_alloc_host_bridge(priv); if (!bridge) return NULL; - pci_init_host_bridge(bridge); - bridge->dev.release = devm_pci_release_host_bridge_dev; + ret = devm_add_action_or_reset(dev, devm_pci_alloc_host_bridge_release, + bridge); + if (ret) + return NULL; return bridge; } @@ -632,10 +637,7 @@ EXPORT_SYMBOL(devm_pci_alloc_host_bridge); void pci_free_host_bridge(struct pci_host_bridge *bridge) { - pci_free_resource_list(&bridge->windows); - pci_free_resource_list(&bridge->dma_ranges); - - kfree(bridge); + put_device(&bridge->dev); } EXPORT_SYMBOL(pci_free_host_bridge); @@ -866,7 +868,7 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge) if (err) goto free; - err = device_register(&bridge->dev); + err = device_add(&bridge->dev); if (err) { put_device(&bridge->dev); goto free; @@ -933,7 +935,7 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge) unregister: put_device(&bridge->dev); - device_unregister(&bridge->dev); + device_del(&bridge->dev); free: kfree(bus); @@ -2945,7 +2947,7 @@ struct pci_bus *pci_create_root_bus(struct device *parent, int bus, return bridge->bus; err_out: - kfree(bridge); + put_device(&bridge->dev); return NULL; } EXPORT_SYMBOL_GPL(pci_create_root_bus); diff --git a/drivers/pci/remove.c b/drivers/pci/remove.c index e9c6b120cf45..95dec03d9f2a 100644 --- a/drivers/pci/remove.c +++ b/drivers/pci/remove.c @@ -160,6 +160,6 @@ void pci_remove_root_bus(struct pci_bus *bus) host_bridge->bus = NULL; /* remove the host bridge */ - device_unregister(&host_bridge->dev); + device_del(&host_bridge->dev); } EXPORT_SYMBOL_GPL(pci_remove_root_bus); -- 2.25.1

2 years, 8 months

2
1
0 0

FAILED: patch "[PATCH] EDAC/synopsys: Fix wrong value type assignment for edac_mode" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5297cfa6bdf93e3889f78f9b482e2a595a376083 Mon Sep 17 00:00:00 2001 From: Sai Krishna Potthuri <lakshmi.sai.krishna.potthuri(a)xilinx.com> Date: Wed, 18 Aug 2021 12:53:14 +0530 Subject: [PATCH] EDAC/synopsys: Fix wrong value type assignment for edac_mode dimm->edac_mode contains values of type enum edac_type - not the corresponding capability flags. Fix that. Issue caught by Coverity check "enumerated type mixed with another type." [ bp: Rewrite commit message, add tags. ] Fixes: ae9b56e3996d ("EDAC, synps: Add EDAC support for zynq ddr ecc controller") Signed-off-by: Sai Krishna Potthuri <lakshmi.sai.krishna.potthuri(a)xilinx.com> Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> Signed-off-by: Borislav Petkov <bp(a)suse.de> Cc: <stable(a)vger.kernel.org> Link: https://lkml.kernel.org/r/20210818072315.15149-1-shubhrajyoti.datta@xilinx.… diff --git a/drivers/edac/synopsys_edac.c b/drivers/edac/synopsys_edac.c index 7e7146b22c16..7d08627e738b 100644 --- a/drivers/edac/synopsys_edac.c +++ b/drivers/edac/synopsys_edac.c @@ -782,7 +782,7 @@ static void init_csrows(struct mem_ctl_info *mci) for (j = 0; j < csi->nr_channels; j++) { dimm = csi->channels[j]->dimm; - dimm->edac_mode = EDAC_FLAG_SECDED; + dimm->edac_mode = EDAC_SECDED; dimm->mtype = p_data->get_mtype(priv->baseaddr); dimm->nr_pages = (size >> PAGE_SHIFT) / csi->nr_channels; dimm->grain = SYNPS_EDAC_ERR_GRAIN;

2 years, 8 months

3
3
0 0

backport commit ("c739b17a715c net: stmmac: don't attach interface until resume finishes") to linux-5.4-stable

by Macpaul Lin

Hi reviewers, I suggest to backport commit "c739b17a715c net: stmmac: don't attach interface until resume finishes" to linux-5.4 stable tree. This patch fix resume issue by deferring netif_device_attach(). However, the patch cannot be cherry-pick directly on to stable-5.4. A slightly change to the origin patch is required. I'd like to provide the modification to stable-5.4 if it is needed. commit: c739b17a715c6a850477189fb7c5f9a6af74f4bb subject: net: stmmac: don't attach interface until resume finishes kernel version to apply to: Linux-5.4 Thanks. Macpaul Lin

2 years, 8 months

3
5
0 0

FAILED: patch "[PATCH] ext4: fix reserved space counter leakage" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6fed83957f21eff11c8496e9f24253b03d2bc1dc Mon Sep 17 00:00:00 2001 From: Jeffle Xu <jefflexu(a)linux.alibaba.com> Date: Mon, 23 Aug 2021 14:13:58 +0800 Subject: [PATCH] ext4: fix reserved space counter leakage When ext4_insert_delayed block receives and recovers from an error from ext4_es_insert_delayed_block(), e.g., ENOMEM, it does not release the space it has reserved for that block insertion as it should. One effect of this bug is that s_dirtyclusters_counter is not decremented and remains incorrectly elevated until the file system has been unmounted. This can result in premature ENOSPC returns and apparent loss of free space. Another effect of this bug is that /sys/fs/ext4/<dev>/delayed_allocation_blocks can remain non-zero even after syncfs has been executed on the filesystem. Besides, add check for s_dirtyclusters_counter when inode is going to be evicted and freed. s_dirtyclusters_counter can still keep non-zero until inode is written back in .evict_inode(), and thus the check is delayed to .destroy_inode(). Fixes: 51865fda28e5 ("ext4: let ext4 maintain extent status tree") Cc: stable(a)kernel.org Suggested-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> Signed-off-by: Jeffle Xu <jefflexu(a)linux.alibaba.com> Reviewed-by: Eric Whitney <enwlinux(a)gmail.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Link: https://lore.kernel.org/r/20210823061358.84473-1-jefflexu@linux.alibaba.com diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 2a076d236ba1..9df1ab070fa5 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1628,6 +1628,7 @@ static int ext4_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk) struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); int ret; bool allocated = false; + bool reserved = false; /* * If the cluster containing lblk is shared with a delayed, @@ -1644,6 +1645,7 @@ static int ext4_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk) ret = ext4_da_reserve_space(inode); if (ret != 0) /* ENOSPC */ goto errout; + reserved = true; } else { /* bigalloc */ if (!ext4_es_scan_clu(inode, &ext4_es_is_delonly, lblk)) { if (!ext4_es_scan_clu(inode, @@ -1656,6 +1658,7 @@ static int ext4_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk) ret = ext4_da_reserve_space(inode); if (ret != 0) /* ENOSPC */ goto errout; + reserved = true; } else { allocated = true; } @@ -1666,6 +1669,8 @@ static int ext4_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk) } ret = ext4_es_insert_delayed_block(inode, lblk, allocated); + if (ret && reserved) + ext4_da_release_space(inode, 1); errout: return ret; diff --git a/fs/ext4/super.c b/fs/ext4/super.c index feca816b6bf3..a52f1572daa5 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1352,6 +1352,12 @@ static void ext4_destroy_inode(struct inode *inode) true); dump_stack(); } + + if (EXT4_I(inode)->i_reserved_data_blocks) + ext4_msg(inode->i_sb, KERN_ERR, + "Inode %lu (%p): i_reserved_data_blocks (%u) not cleared!", + inode->i_ino, EXT4_I(inode), + EXT4_I(inode)->i_reserved_data_blocks); } static void init_once(void *foo)

2 years, 8 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2021