September 2021 - Linux-stable-mirror

FAILED: patch "[PATCH] io_uring: reexpand under-reexpanded iters" failed to apply to 5.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 89c2b3b74918200e46699338d7bcc19b1ea12110 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Mon, 23 Aug 2021 11:18:45 +0100 Subject: [PATCH] io_uring: reexpand under-reexpanded iters [ 74.211232] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x809/0x900 [ 74.212778] Read of size 8 at addr ffff888025dc78b8 by task syz-executor.0/828 [ 74.214756] CPU: 0 PID: 828 Comm: syz-executor.0 Not tainted 5.14.0-rc3-next-20210730 #1 [ 74.216525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 74.219033] Call Trace: [ 74.219683] dump_stack_lvl+0x8b/0xb3 [ 74.220706] print_address_description.constprop.0+0x1f/0x140 [ 74.224226] kasan_report.cold+0x7f/0x11b [ 74.226085] iov_iter_revert+0x809/0x900 [ 74.227960] io_write+0x57d/0xe40 [ 74.232647] io_issue_sqe+0x4da/0x6a80 [ 74.242578] __io_queue_sqe+0x1ac/0xe60 [ 74.245358] io_submit_sqes+0x3f6e/0x76a0 [ 74.248207] __do_sys_io_uring_enter+0x90c/0x1a20 [ 74.257167] do_syscall_64+0x3b/0x90 [ 74.257984] entry_SYSCALL_64_after_hwframe+0x44/0xae old_size = iov_iter_count(); ... iov_iter_revert(old_size - iov_iter_count()); If iov_iter_revert() is done base on the initial size as above, and the iter is truncated and not reexpanded in the middle, it miscalculates borders causing problems. This trace is due to no one reexpanding after generic_write_checks(). Now iters store how many bytes has been truncated, so reexpand them to the initial state right before reverting. Cc: stable(a)vger.kernel.org Reported-by: Palash Oswal <oswalpalash(a)gmail.com> Reported-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Reported-and-tested-by: syzbot+9671693590ef5aad8953(a)syzkaller.appspotmail.com Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> diff --git a/fs/io_uring.c b/fs/io_uring.c index d94fb5835a20..71639d39caf9 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3281,6 +3281,7 @@ static int io_read(struct io_kiocb *req, unsigned int issue_flags) if (req->flags & REQ_F_NOWAIT) goto done; /* some cases will consume bytes even on error returns */ + iov_iter_reexpand(iter, iter->count + iter->truncated); iov_iter_revert(iter, io_size - iov_iter_count(iter)); ret = 0; } else if (ret == -EIOCBQUEUED) { @@ -3420,6 +3421,7 @@ static int io_write(struct io_kiocb *req, unsigned int issue_flags) } else { copy_iov: /* some cases will consume bytes even on error returns */ + iov_iter_reexpand(iter, iter->count + iter->truncated); iov_iter_revert(iter, io_size - iov_iter_count(iter)); ret = io_setup_async_rw(req, iovec, inline_vecs, iter, false); return ret ?: -EAGAIN;

3 years, 7 months

1
0
0 0

stable-rc/queue/4.19 baseline: 151 runs, 6 regressions (v4.19.206-106-gd5a3197936bf)

by kernelci.org bot

stable-rc/queue/4.19 baseline: 151 runs, 6 regressions (v4.19.206-106-gd5a3197936bf) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ---------------------+------+---------------+----------+---------------------+------------ qemu_arm-versatilepb | arm | lab-baylibre | gcc-8 | versatile_defconfig | 1 qemu_arm-versatilepb | arm | lab-cip | gcc-8 | versatile_defconfig | 1 qemu_arm-versatilepb | arm | lab-collabora | gcc-8 | versatile_defconfig | 1 rk3288-veyron-jaq | arm | lab-collabora | gcc-8 | multi_v7_defconfig | 3 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F4.19/kernel/v4.19.20… Test: baseline Tree: stable-rc Branch: queue/4.19 Describe: v4.19.206-106-gd5a3197936bf URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: d5a3197936bf72d8bc5fb7c9383cbdbdcdda2531 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ---------------------+------+---------------+----------+---------------------+------------ qemu_arm-versatilepb | arm | lab-baylibre | gcc-8 | versatile_defconfig | 1 Details: https://kernelci.org/test/plan/id/613ef049ffffc368f8d5966d Results: 0 PASS, 1 FAIL, 0 SKIP Full config: versatile_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.19/v4.19.206-106-gd5a319793… HTML log: https://storage.kernelci.org//stable-rc/queue-4.19/v4.19.206-106-gd5a319793… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ef049ffffc368f8d5966e failing since 303 days (last pass: v4.19.157-26-gd59f3161b3a0, first fail: v4.19.157-27-g5543cc2c41d55) platform | arch | lab | compiler | defconfig | regressions ---------------------+------+---------------+----------+---------------------+------------ qemu_arm-versatilepb | arm | lab-cip | gcc-8 | versatile_defconfig | 1 Details: https://kernelci.org/test/plan/id/613ef04ee6ee123c73d59674 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: versatile_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.19/v4.19.206-106-gd5a319793… HTML log: https://storage.kernelci.org//stable-rc/queue-4.19/v4.19.206-106-gd5a319793… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ef04ee6ee123c73d59675 failing since 303 days (last pass: v4.19.157-26-gd59f3161b3a0, first fail: v4.19.157-27-g5543cc2c41d55) platform | arch | lab | compiler | defconfig | regressions ---------------------+------+---------------+----------+---------------------+------------ qemu_arm-versatilepb | arm | lab-collabora | gcc-8 | versatile_defconfig | 1 Details: https://kernelci.org/test/plan/id/613f1c6d6aeba13e1d99a2da Results: 0 PASS, 1 FAIL, 0 SKIP Full config: versatile_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.19/v4.19.206-106-gd5a319793… HTML log: https://storage.kernelci.org//stable-rc/queue-4.19/v4.19.206-106-gd5a319793… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613f1c6d6aeba13e1d99a2db failing since 303 days (last pass: v4.19.157-26-gd59f3161b3a0, first fail: v4.19.157-27-g5543cc2c41d55) platform | arch | lab | compiler | defconfig | regressions ---------------------+------+---------------+----------+---------------------+------------ rk3288-veyron-jaq | arm | lab-collabora | gcc-8 | multi_v7_defconfig | 3 Details: https://kernelci.org/test/plan/id/613f1ec19387c2e04d99a2da Results: 64 PASS, 6 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.19/v4.19.206-106-gd5a319793… HTML log: https://storage.kernelci.org//stable-rc/queue-4.19/v4.19.206-106-gd5a319793… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.bootrr.rockchip-iodomain-grf-probed: https://kernelci.org/test/case/id/613f1ec19387c2e04d99a2ee failing since 90 days (last pass: v4.19.194-28-g6098ecdead2c, first fail: v4.19.194-67-g1b5dea188d94) 2021-09-13T10:10:33.541023 /lava-4507805/1/../bin/lava-test-case<8>[ 17.569297] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=rockchip-iodomain-grf-probed RESULT=fail> 2021-09-13T10:10:33.541527 2021-09-13T10:10:33.541878 /lava-4507805/1/../bin/lava-test-case * baseline.bootrr.dwmmc_rockchip-sdio0-probed: https://kernelci.org/test/case/id/613f1ec19387c2e04d99a307 failing since 90 days (last pass: v4.19.194-28-g6098ecdead2c, first fail: v4.19.194-67-g1b5dea188d94) 2021-09-13T10:10:31.083496 /lava-4507805/1/../bin/lava-test-case 2021-09-13T10:10:31.083967 <8>[ 15.128224] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=dwmmc_rockchip-sdio0-probed RESULT=fail> * baseline.bootrr.dwmmc_rockchip-sdmmc-probed: https://kernelci.org/test/case/id/613f1ec19387c2e04d99a308 failing since 90 days (last pass: v4.19.194-28-g6098ecdead2c, first fail: v4.19.194-67-g1b5dea188d94) 2021-09-13T10:10:30.062535 /lava-4507805/1/../bin/lava-test-case 2021-09-13T10:10:30.067507 <8>[ 14.108903] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=dwmmc_rockchip-sdmmc-probed RESULT=fail>

3 years, 7 months

1
0
0 0

stable-rc/queue/5.4 baseline: 170 runs, 3 regressions (v5.4.145-125-gbb54ffd2964e)

by kernelci.org bot

stable-rc/queue/5.4 baseline: 170 runs, 3 regressions (v5.4.145-125-gbb54ffd2964e) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ------------------+------+---------------+----------+--------------------+------------ rk3288-veyron-jaq | arm | lab-collabora | gcc-8 | multi_v7_defconfig | 3 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F5.4/kernel/v5.4.145-… Test: baseline Tree: stable-rc Branch: queue/5.4 Describe: v5.4.145-125-gbb54ffd2964e URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: bb54ffd2964e62ffc9e36e48c54d6d60f4e10e38 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ------------------+------+---------------+----------+--------------------+------------ rk3288-veyron-jaq | arm | lab-collabora | gcc-8 | multi_v7_defconfig | 3 Details: https://kernelci.org/test/plan/id/613f1b5fac0bf5462499a2e9 Results: 67 PASS, 3 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.145-125-gbb54ffd2964… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.145-125-gbb54ffd2964… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.bootrr.rockchip-iodomain-grf-probed: https://kernelci.org/test/case/id/613f1b60ac0bf5462499a2fd failing since 90 days (last pass: v5.4.125-37-g7cda316475cf, first fail: v5.4.125-84-g411d62eda127) 2021-09-13T09:35:13.342301 /lava-4507565/1/../bin/lava-test-case<8>[ 15.427649] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=rockchip-iodomain-grf-probed RESULT=fail> 2021-09-13T09:35:13.342870 2021-09-13T09:35:13.343276 /lava-4507565/1/../bin/lava-test-case * baseline.bootrr.dwmmc_rockchip-sdio0-probed: https://kernelci.org/test/case/id/613f1b60ac0bf5462499a315 failing since 90 days (last pass: v5.4.125-37-g7cda316475cf, first fail: v5.4.125-84-g411d62eda127) 2021-09-13T09:35:11.900491 /lava-4507565/1/../bin/lava-test-case 2021-09-13T09:35:11.918614 <8>[ 14.002706] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=dwmmc_rockchip-sdio0-probed RESULT=fail> * baseline.bootrr.dwmmc_rockchip-sdmmc-probed: https://kernelci.org/test/case/id/613f1b60ac0bf5462499a316 failing since 90 days (last pass: v5.4.125-37-g7cda316475cf, first fail: v5.4.125-84-g411d62eda127) 2021-09-13T09:35:09.866467 <8>[ 11.963526] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=dwmmc_rockchip-driver-present RESULT=pass> 2021-09-13T09:35:10.880597 /lava-4507565/1/../bin/lava-test-case 2021-09-13T09:35:10.886369 <8>[ 12.983216] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=dwmmc_rockchip-sdmmc-probed RESULT=fail>

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: fail links of cancelled timeouts" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2ae2eb9dde18979b40629dd413b9adbd6c894cdf Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Thu, 9 Sep 2021 13:56:27 +0100 Subject: [PATCH] io_uring: fail links of cancelled timeouts When we cancel a timeout we should mark it with REQ_F_FAIL, so linked requests are cancelled as well, but not queued for further execution. Cc: stable(a)vger.kernel.org Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/fff625b44eeced3a5cae79f60e6acf3fbdf8f990.16311921… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index b21a423a4de8..ffd91844b2e5 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -1482,6 +1482,8 @@ static void io_kill_timeout(struct io_kiocb *req, int status) struct io_timeout_data *io = req->async_data; if (hrtimer_try_to_cancel(&io->timer) != -1) { + if (status) + req_set_fail(req); atomic_set(&req->ctx->cq_timeouts, atomic_read(&req->ctx->cq_timeouts) + 1); list_del_init(&req->timeout.list);

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: reexpand under-reexpanded iters" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 89c2b3b74918200e46699338d7bcc19b1ea12110 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Mon, 23 Aug 2021 11:18:45 +0100 Subject: [PATCH] io_uring: reexpand under-reexpanded iters [ 74.211232] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x809/0x900 [ 74.212778] Read of size 8 at addr ffff888025dc78b8 by task syz-executor.0/828 [ 74.214756] CPU: 0 PID: 828 Comm: syz-executor.0 Not tainted 5.14.0-rc3-next-20210730 #1 [ 74.216525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 74.219033] Call Trace: [ 74.219683] dump_stack_lvl+0x8b/0xb3 [ 74.220706] print_address_description.constprop.0+0x1f/0x140 [ 74.224226] kasan_report.cold+0x7f/0x11b [ 74.226085] iov_iter_revert+0x809/0x900 [ 74.227960] io_write+0x57d/0xe40 [ 74.232647] io_issue_sqe+0x4da/0x6a80 [ 74.242578] __io_queue_sqe+0x1ac/0xe60 [ 74.245358] io_submit_sqes+0x3f6e/0x76a0 [ 74.248207] __do_sys_io_uring_enter+0x90c/0x1a20 [ 74.257167] do_syscall_64+0x3b/0x90 [ 74.257984] entry_SYSCALL_64_after_hwframe+0x44/0xae old_size = iov_iter_count(); ... iov_iter_revert(old_size - iov_iter_count()); If iov_iter_revert() is done base on the initial size as above, and the iter is truncated and not reexpanded in the middle, it miscalculates borders causing problems. This trace is due to no one reexpanding after generic_write_checks(). Now iters store how many bytes has been truncated, so reexpand them to the initial state right before reverting. Cc: stable(a)vger.kernel.org Reported-by: Palash Oswal <oswalpalash(a)gmail.com> Reported-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Reported-and-tested-by: syzbot+9671693590ef5aad8953(a)syzkaller.appspotmail.com Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> diff --git a/fs/io_uring.c b/fs/io_uring.c index d94fb5835a20..71639d39caf9 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3281,6 +3281,7 @@ static int io_read(struct io_kiocb *req, unsigned int issue_flags) if (req->flags & REQ_F_NOWAIT) goto done; /* some cases will consume bytes even on error returns */ + iov_iter_reexpand(iter, iter->count + iter->truncated); iov_iter_revert(iter, io_size - iov_iter_count(iter)); ret = 0; } else if (ret == -EIOCBQUEUED) { @@ -3420,6 +3421,7 @@ static int io_write(struct io_kiocb *req, unsigned int issue_flags) } else { copy_iov: /* some cases will consume bytes even on error returns */ + iov_iter_reexpand(iter, iter->count + iter->truncated); iov_iter_revert(iter, io_size - iov_iter_count(iter)); ret = io_setup_async_rw(req, iovec, inline_vecs, iter, false); return ret ?: -EAGAIN;

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: fix io_try_cancel_userdata race for iowq" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From dadebc350da2bef62593b1df007a6e0b90baf42a Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Mon, 23 Aug 2021 13:30:44 +0100 Subject: [PATCH] io_uring: fix io_try_cancel_userdata race for iowq WARNING: CPU: 1 PID: 5870 at fs/io_uring.c:5975 io_try_cancel_userdata+0x30f/0x540 fs/io_uring.c:5975 CPU: 0 PID: 5870 Comm: iou-wrk-5860 Not tainted 5.14.0-rc6-next-20210820-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:io_try_cancel_userdata+0x30f/0x540 fs/io_uring.c:5975 Call Trace: io_async_cancel fs/io_uring.c:6014 [inline] io_issue_sqe+0x22d5/0x65a0 fs/io_uring.c:6407 io_wq_submit_work+0x1dc/0x300 fs/io_uring.c:6511 io_worker_handle_work+0xa45/0x1840 fs/io-wq.c:533 io_wqe_worker+0x2cc/0xbb0 fs/io-wq.c:582 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 io_try_cancel_userdata() can be called from io_async_cancel() executing in the io-wq context, so the warning fires, which is there to alert anyone accessing task->io_uring->io_wq in a racy way. However, io_wq_put_and_exit() always first waits for all threads to complete, so the only detail left is to zero tctx->io_wq after the context is removed. note: one little assumption is that when IO_WQ_WORK_CANCEL, the executor won't touch ->io_wq, because io_wq_destroy() might cancel left pending requests in such a way. Cc: stable(a)vger.kernel.org Reported-by: syzbot+b0c9d1588ae92866515f(a)syzkaller.appspotmail.com Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/dfdd37a80cfa9ffd3e59538929c99cdd55d8699e.16297217… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index 827e60ae4909..6859438c4e09 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -5863,7 +5863,7 @@ static int io_try_cancel_userdata(struct io_kiocb *req, u64 sqe_addr) struct io_ring_ctx *ctx = req->ctx; int ret; - WARN_ON_ONCE(req->task != current); + WARN_ON_ONCE(!io_wq_current_is_worker() && req->task != current); ret = io_async_cancel_one(req->task->io_uring, sqe_addr, ctx); if (ret != -ENOENT) @@ -6369,6 +6369,7 @@ static void io_wq_submit_work(struct io_wq_work *work) if (timeout) io_queue_linked_timeout(timeout); + /* either cancelled or io-wq is dying, so don't touch tctx->iowq */ if (work->flags & IO_WQ_WORK_CANCEL) ret = -ECANCELED; @@ -9184,8 +9185,8 @@ static void io_uring_clean_tctx(struct io_uring_task *tctx) * Must be after io_uring_del_task_file() (removes nodes under * uring_lock) to avoid race with io_uring_try_cancel_iowq(). */ - tctx->io_wq = NULL; io_wq_put_and_exit(wq); + tctx->io_wq = NULL; } }

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: fix io_try_cancel_userdata race for iowq" failed to apply to 5.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From dadebc350da2bef62593b1df007a6e0b90baf42a Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Mon, 23 Aug 2021 13:30:44 +0100 Subject: [PATCH] io_uring: fix io_try_cancel_userdata race for iowq WARNING: CPU: 1 PID: 5870 at fs/io_uring.c:5975 io_try_cancel_userdata+0x30f/0x540 fs/io_uring.c:5975 CPU: 0 PID: 5870 Comm: iou-wrk-5860 Not tainted 5.14.0-rc6-next-20210820-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:io_try_cancel_userdata+0x30f/0x540 fs/io_uring.c:5975 Call Trace: io_async_cancel fs/io_uring.c:6014 [inline] io_issue_sqe+0x22d5/0x65a0 fs/io_uring.c:6407 io_wq_submit_work+0x1dc/0x300 fs/io_uring.c:6511 io_worker_handle_work+0xa45/0x1840 fs/io-wq.c:533 io_wqe_worker+0x2cc/0xbb0 fs/io-wq.c:582 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 io_try_cancel_userdata() can be called from io_async_cancel() executing in the io-wq context, so the warning fires, which is there to alert anyone accessing task->io_uring->io_wq in a racy way. However, io_wq_put_and_exit() always first waits for all threads to complete, so the only detail left is to zero tctx->io_wq after the context is removed. note: one little assumption is that when IO_WQ_WORK_CANCEL, the executor won't touch ->io_wq, because io_wq_destroy() might cancel left pending requests in such a way. Cc: stable(a)vger.kernel.org Reported-by: syzbot+b0c9d1588ae92866515f(a)syzkaller.appspotmail.com Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/dfdd37a80cfa9ffd3e59538929c99cdd55d8699e.16297217… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index 827e60ae4909..6859438c4e09 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -5863,7 +5863,7 @@ static int io_try_cancel_userdata(struct io_kiocb *req, u64 sqe_addr) struct io_ring_ctx *ctx = req->ctx; int ret; - WARN_ON_ONCE(req->task != current); + WARN_ON_ONCE(!io_wq_current_is_worker() && req->task != current); ret = io_async_cancel_one(req->task->io_uring, sqe_addr, ctx); if (ret != -ENOENT) @@ -6369,6 +6369,7 @@ static void io_wq_submit_work(struct io_wq_work *work) if (timeout) io_queue_linked_timeout(timeout); + /* either cancelled or io-wq is dying, so don't touch tctx->iowq */ if (work->flags & IO_WQ_WORK_CANCEL) ret = -ECANCELED; @@ -9184,8 +9185,8 @@ static void io_uring_clean_tctx(struct io_uring_task *tctx) * Must be after io_uring_del_task_file() (removes nodes under * uring_lock) to avoid race with io_uring_try_cancel_iowq(). */ - tctx->io_wq = NULL; io_wq_put_and_exit(wq); + tctx->io_wq = NULL; } }

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: fix io_try_cancel_userdata race for iowq" failed to apply to 5.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From dadebc350da2bef62593b1df007a6e0b90baf42a Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Mon, 23 Aug 2021 13:30:44 +0100 Subject: [PATCH] io_uring: fix io_try_cancel_userdata race for iowq WARNING: CPU: 1 PID: 5870 at fs/io_uring.c:5975 io_try_cancel_userdata+0x30f/0x540 fs/io_uring.c:5975 CPU: 0 PID: 5870 Comm: iou-wrk-5860 Not tainted 5.14.0-rc6-next-20210820-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:io_try_cancel_userdata+0x30f/0x540 fs/io_uring.c:5975 Call Trace: io_async_cancel fs/io_uring.c:6014 [inline] io_issue_sqe+0x22d5/0x65a0 fs/io_uring.c:6407 io_wq_submit_work+0x1dc/0x300 fs/io_uring.c:6511 io_worker_handle_work+0xa45/0x1840 fs/io-wq.c:533 io_wqe_worker+0x2cc/0xbb0 fs/io-wq.c:582 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 io_try_cancel_userdata() can be called from io_async_cancel() executing in the io-wq context, so the warning fires, which is there to alert anyone accessing task->io_uring->io_wq in a racy way. However, io_wq_put_and_exit() always first waits for all threads to complete, so the only detail left is to zero tctx->io_wq after the context is removed. note: one little assumption is that when IO_WQ_WORK_CANCEL, the executor won't touch ->io_wq, because io_wq_destroy() might cancel left pending requests in such a way. Cc: stable(a)vger.kernel.org Reported-by: syzbot+b0c9d1588ae92866515f(a)syzkaller.appspotmail.com Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/dfdd37a80cfa9ffd3e59538929c99cdd55d8699e.16297217… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index 827e60ae4909..6859438c4e09 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -5863,7 +5863,7 @@ static int io_try_cancel_userdata(struct io_kiocb *req, u64 sqe_addr) struct io_ring_ctx *ctx = req->ctx; int ret; - WARN_ON_ONCE(req->task != current); + WARN_ON_ONCE(!io_wq_current_is_worker() && req->task != current); ret = io_async_cancel_one(req->task->io_uring, sqe_addr, ctx); if (ret != -ENOENT) @@ -6369,6 +6369,7 @@ static void io_wq_submit_work(struct io_wq_work *work) if (timeout) io_queue_linked_timeout(timeout); + /* either cancelled or io-wq is dying, so don't touch tctx->iowq */ if (work->flags & IO_WQ_WORK_CANCEL) ret = -ECANCELED; @@ -9184,8 +9185,8 @@ static void io_uring_clean_tctx(struct io_uring_task *tctx) * Must be after io_uring_del_task_file() (removes nodes under * uring_lock) to avoid race with io_uring_try_cancel_iowq(). */ - tctx->io_wq = NULL; io_wq_put_and_exit(wq); + tctx->io_wq = NULL; } }

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: add ->splice_fd_in checks" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 26578cda3db983b17cabe4e577af26306beb9987 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Fri, 20 Aug 2021 10:36:37 +0100 Subject: [PATCH] io_uring: add ->splice_fd_in checks ->splice_fd_in is used only by splice/tee, but no other request checks it for validity. Add the check for most of request types excluding reads/writes/sends/recvs, we don't want overhead for them and can leave them be as is until the field is actually used. Cc: stable(a)vger.kernel.org Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/f44bc2acd6777d932de3d71a5692235b5b2b7397.16294516… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index 8d263209b508..3898f7ab14f6 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3511,7 +3511,7 @@ static int io_renameat_prep(struct io_kiocb *req, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3562,7 +3562,8 @@ static int io_unlinkat_prep(struct io_kiocb *req, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index) + if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index || + sqe->splice_fd_in) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3608,8 +3609,8 @@ static int io_shutdown_prep(struct io_kiocb *req, #if defined(CONFIG_NET) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags || - sqe->buf_index) + if (unlikely(sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags || + sqe->buf_index || sqe->splice_fd_in)) return -EINVAL; req->shutdown.how = READ_ONCE(sqe->len); @@ -3757,7 +3758,8 @@ static int io_fsync_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index || + sqe->splice_fd_in)) return -EINVAL; req->sync.flags = READ_ONCE(sqe->fsync_flags); @@ -3790,7 +3792,8 @@ static int io_fsync(struct io_kiocb *req, unsigned int issue_flags) static int io_fallocate_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { - if (sqe->ioprio || sqe->buf_index || sqe->rw_flags) + if (sqe->ioprio || sqe->buf_index || sqe->rw_flags || + sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -3823,7 +3826,7 @@ static int __io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (unlikely(sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3942,7 +3945,8 @@ static int io_remove_buffers_prep(struct io_kiocb *req, struct io_provide_buf *p = &req->pbuf; u64 tmp; - if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off) + if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off || + sqe->splice_fd_in) return -EINVAL; tmp = READ_ONCE(sqe->fd); @@ -4013,7 +4017,7 @@ static int io_provide_buffers_prep(struct io_kiocb *req, struct io_provide_buf *p = &req->pbuf; u64 tmp; - if (sqe->ioprio || sqe->rw_flags) + if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in) return -EINVAL; tmp = READ_ONCE(sqe->fd); @@ -4100,7 +4104,7 @@ static int io_epoll_ctl_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { #if defined(CONFIG_EPOLL) - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4146,7 +4150,7 @@ static int io_epoll_ctl(struct io_kiocb *req, unsigned int issue_flags) static int io_madvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { #if defined(CONFIG_ADVISE_SYSCALLS) && defined(CONFIG_MMU) - if (sqe->ioprio || sqe->buf_index || sqe->off) + if (sqe->ioprio || sqe->buf_index || sqe->off || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4181,7 +4185,7 @@ static int io_madvise(struct io_kiocb *req, unsigned int issue_flags) static int io_fadvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { - if (sqe->ioprio || sqe->buf_index || sqe->addr) + if (sqe->ioprio || sqe->buf_index || sqe->addr || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4219,7 +4223,7 @@ static int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (req->flags & REQ_F_FIXED_FILE) return -EBADF; @@ -4255,7 +4259,7 @@ static int io_close_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; if (sqe->ioprio || sqe->off || sqe->addr || sqe->len || - sqe->rw_flags || sqe->buf_index) + sqe->rw_flags || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (req->flags & REQ_F_FIXED_FILE) return -EBADF; @@ -4316,7 +4320,8 @@ static int io_sfr_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index || + sqe->splice_fd_in)) return -EINVAL; req->sync.off = READ_ONCE(sqe->off); @@ -4743,7 +4748,7 @@ static int io_accept_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->len || sqe->buf_index) + if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; accept->addr = u64_to_user_ptr(READ_ONCE(sqe->addr)); @@ -4791,7 +4796,8 @@ static int io_connect_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags) + if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags || + sqe->splice_fd_in) return -EINVAL; conn->addr = u64_to_user_ptr(READ_ONCE(sqe->addr)); @@ -5387,7 +5393,7 @@ static int io_poll_update_prep(struct io_kiocb *req, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; flags = READ_ONCE(sqe->len); if (flags & ~(IORING_POLL_UPDATE_EVENTS | IORING_POLL_UPDATE_USER_DATA | @@ -5626,7 +5632,7 @@ static int io_timeout_remove_prep(struct io_kiocb *req, return -EINVAL; if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->buf_index || sqe->len) + if (sqe->ioprio || sqe->buf_index || sqe->len || sqe->splice_fd_in) return -EINVAL; tr->addr = READ_ONCE(sqe->addr); @@ -5687,7 +5693,8 @@ static int io_timeout_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index || sqe->len != 1) + if (sqe->ioprio || sqe->buf_index || sqe->len != 1 || + sqe->splice_fd_in) return -EINVAL; if (off && is_timeout_link) return -EINVAL; @@ -5843,7 +5850,8 @@ static int io_async_cancel_prep(struct io_kiocb *req, return -EINVAL; if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags) + if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags || + sqe->splice_fd_in) return -EINVAL; req->cancel.addr = READ_ONCE(sqe->addr); @@ -5884,7 +5892,7 @@ static int io_rsrc_update_prep(struct io_kiocb *req, { if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->rw_flags) + if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in) return -EINVAL; req->rsrc_update.offset = READ_ONCE(sqe->off);

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: add ->splice_fd_in checks" failed to apply to 5.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 26578cda3db983b17cabe4e577af26306beb9987 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Fri, 20 Aug 2021 10:36:37 +0100 Subject: [PATCH] io_uring: add ->splice_fd_in checks ->splice_fd_in is used only by splice/tee, but no other request checks it for validity. Add the check for most of request types excluding reads/writes/sends/recvs, we don't want overhead for them and can leave them be as is until the field is actually used. Cc: stable(a)vger.kernel.org Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/f44bc2acd6777d932de3d71a5692235b5b2b7397.16294516… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index 8d263209b508..3898f7ab14f6 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3511,7 +3511,7 @@ static int io_renameat_prep(struct io_kiocb *req, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3562,7 +3562,8 @@ static int io_unlinkat_prep(struct io_kiocb *req, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index) + if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index || + sqe->splice_fd_in) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3608,8 +3609,8 @@ static int io_shutdown_prep(struct io_kiocb *req, #if defined(CONFIG_NET) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags || - sqe->buf_index) + if (unlikely(sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags || + sqe->buf_index || sqe->splice_fd_in)) return -EINVAL; req->shutdown.how = READ_ONCE(sqe->len); @@ -3757,7 +3758,8 @@ static int io_fsync_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index || + sqe->splice_fd_in)) return -EINVAL; req->sync.flags = READ_ONCE(sqe->fsync_flags); @@ -3790,7 +3792,8 @@ static int io_fsync(struct io_kiocb *req, unsigned int issue_flags) static int io_fallocate_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { - if (sqe->ioprio || sqe->buf_index || sqe->rw_flags) + if (sqe->ioprio || sqe->buf_index || sqe->rw_flags || + sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -3823,7 +3826,7 @@ static int __io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (unlikely(sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3942,7 +3945,8 @@ static int io_remove_buffers_prep(struct io_kiocb *req, struct io_provide_buf *p = &req->pbuf; u64 tmp; - if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off) + if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off || + sqe->splice_fd_in) return -EINVAL; tmp = READ_ONCE(sqe->fd); @@ -4013,7 +4017,7 @@ static int io_provide_buffers_prep(struct io_kiocb *req, struct io_provide_buf *p = &req->pbuf; u64 tmp; - if (sqe->ioprio || sqe->rw_flags) + if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in) return -EINVAL; tmp = READ_ONCE(sqe->fd); @@ -4100,7 +4104,7 @@ static int io_epoll_ctl_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { #if defined(CONFIG_EPOLL) - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4146,7 +4150,7 @@ static int io_epoll_ctl(struct io_kiocb *req, unsigned int issue_flags) static int io_madvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { #if defined(CONFIG_ADVISE_SYSCALLS) && defined(CONFIG_MMU) - if (sqe->ioprio || sqe->buf_index || sqe->off) + if (sqe->ioprio || sqe->buf_index || sqe->off || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4181,7 +4185,7 @@ static int io_madvise(struct io_kiocb *req, unsigned int issue_flags) static int io_fadvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { - if (sqe->ioprio || sqe->buf_index || sqe->addr) + if (sqe->ioprio || sqe->buf_index || sqe->addr || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4219,7 +4223,7 @@ static int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (req->flags & REQ_F_FIXED_FILE) return -EBADF; @@ -4255,7 +4259,7 @@ static int io_close_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; if (sqe->ioprio || sqe->off || sqe->addr || sqe->len || - sqe->rw_flags || sqe->buf_index) + sqe->rw_flags || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (req->flags & REQ_F_FIXED_FILE) return -EBADF; @@ -4316,7 +4320,8 @@ static int io_sfr_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index || + sqe->splice_fd_in)) return -EINVAL; req->sync.off = READ_ONCE(sqe->off); @@ -4743,7 +4748,7 @@ static int io_accept_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->len || sqe->buf_index) + if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; accept->addr = u64_to_user_ptr(READ_ONCE(sqe->addr)); @@ -4791,7 +4796,8 @@ static int io_connect_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags) + if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags || + sqe->splice_fd_in) return -EINVAL; conn->addr = u64_to_user_ptr(READ_ONCE(sqe->addr)); @@ -5387,7 +5393,7 @@ static int io_poll_update_prep(struct io_kiocb *req, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; flags = READ_ONCE(sqe->len); if (flags & ~(IORING_POLL_UPDATE_EVENTS | IORING_POLL_UPDATE_USER_DATA | @@ -5626,7 +5632,7 @@ static int io_timeout_remove_prep(struct io_kiocb *req, return -EINVAL; if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->buf_index || sqe->len) + if (sqe->ioprio || sqe->buf_index || sqe->len || sqe->splice_fd_in) return -EINVAL; tr->addr = READ_ONCE(sqe->addr); @@ -5687,7 +5693,8 @@ static int io_timeout_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index || sqe->len != 1) + if (sqe->ioprio || sqe->buf_index || sqe->len != 1 || + sqe->splice_fd_in) return -EINVAL; if (off && is_timeout_link) return -EINVAL; @@ -5843,7 +5850,8 @@ static int io_async_cancel_prep(struct io_kiocb *req, return -EINVAL; if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags) + if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags || + sqe->splice_fd_in) return -EINVAL; req->cancel.addr = READ_ONCE(sqe->addr); @@ -5884,7 +5892,7 @@ static int io_rsrc_update_prep(struct io_kiocb *req, { if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->rw_flags) + if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in) return -EINVAL; req->rsrc_update.offset = READ_ONCE(sqe->off);

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: add ->splice_fd_in checks" failed to apply to 5.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 26578cda3db983b17cabe4e577af26306beb9987 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Fri, 20 Aug 2021 10:36:37 +0100 Subject: [PATCH] io_uring: add ->splice_fd_in checks ->splice_fd_in is used only by splice/tee, but no other request checks it for validity. Add the check for most of request types excluding reads/writes/sends/recvs, we don't want overhead for them and can leave them be as is until the field is actually used. Cc: stable(a)vger.kernel.org Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/f44bc2acd6777d932de3d71a5692235b5b2b7397.16294516… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index 8d263209b508..3898f7ab14f6 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3511,7 +3511,7 @@ static int io_renameat_prep(struct io_kiocb *req, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3562,7 +3562,8 @@ static int io_unlinkat_prep(struct io_kiocb *req, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index) + if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index || + sqe->splice_fd_in) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3608,8 +3609,8 @@ static int io_shutdown_prep(struct io_kiocb *req, #if defined(CONFIG_NET) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags || - sqe->buf_index) + if (unlikely(sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags || + sqe->buf_index || sqe->splice_fd_in)) return -EINVAL; req->shutdown.how = READ_ONCE(sqe->len); @@ -3757,7 +3758,8 @@ static int io_fsync_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index || + sqe->splice_fd_in)) return -EINVAL; req->sync.flags = READ_ONCE(sqe->fsync_flags); @@ -3790,7 +3792,8 @@ static int io_fsync(struct io_kiocb *req, unsigned int issue_flags) static int io_fallocate_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { - if (sqe->ioprio || sqe->buf_index || sqe->rw_flags) + if (sqe->ioprio || sqe->buf_index || sqe->rw_flags || + sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -3823,7 +3826,7 @@ static int __io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (unlikely(sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3942,7 +3945,8 @@ static int io_remove_buffers_prep(struct io_kiocb *req, struct io_provide_buf *p = &req->pbuf; u64 tmp; - if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off) + if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off || + sqe->splice_fd_in) return -EINVAL; tmp = READ_ONCE(sqe->fd); @@ -4013,7 +4017,7 @@ static int io_provide_buffers_prep(struct io_kiocb *req, struct io_provide_buf *p = &req->pbuf; u64 tmp; - if (sqe->ioprio || sqe->rw_flags) + if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in) return -EINVAL; tmp = READ_ONCE(sqe->fd); @@ -4100,7 +4104,7 @@ static int io_epoll_ctl_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { #if defined(CONFIG_EPOLL) - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4146,7 +4150,7 @@ static int io_epoll_ctl(struct io_kiocb *req, unsigned int issue_flags) static int io_madvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { #if defined(CONFIG_ADVISE_SYSCALLS) && defined(CONFIG_MMU) - if (sqe->ioprio || sqe->buf_index || sqe->off) + if (sqe->ioprio || sqe->buf_index || sqe->off || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4181,7 +4185,7 @@ static int io_madvise(struct io_kiocb *req, unsigned int issue_flags) static int io_fadvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { - if (sqe->ioprio || sqe->buf_index || sqe->addr) + if (sqe->ioprio || sqe->buf_index || sqe->addr || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4219,7 +4223,7 @@ static int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (req->flags & REQ_F_FIXED_FILE) return -EBADF; @@ -4255,7 +4259,7 @@ static int io_close_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; if (sqe->ioprio || sqe->off || sqe->addr || sqe->len || - sqe->rw_flags || sqe->buf_index) + sqe->rw_flags || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (req->flags & REQ_F_FIXED_FILE) return -EBADF; @@ -4316,7 +4320,8 @@ static int io_sfr_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index || + sqe->splice_fd_in)) return -EINVAL; req->sync.off = READ_ONCE(sqe->off); @@ -4743,7 +4748,7 @@ static int io_accept_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->len || sqe->buf_index) + if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; accept->addr = u64_to_user_ptr(READ_ONCE(sqe->addr)); @@ -4791,7 +4796,8 @@ static int io_connect_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags) + if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags || + sqe->splice_fd_in) return -EINVAL; conn->addr = u64_to_user_ptr(READ_ONCE(sqe->addr)); @@ -5387,7 +5393,7 @@ static int io_poll_update_prep(struct io_kiocb *req, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; flags = READ_ONCE(sqe->len); if (flags & ~(IORING_POLL_UPDATE_EVENTS | IORING_POLL_UPDATE_USER_DATA | @@ -5626,7 +5632,7 @@ static int io_timeout_remove_prep(struct io_kiocb *req, return -EINVAL; if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->buf_index || sqe->len) + if (sqe->ioprio || sqe->buf_index || sqe->len || sqe->splice_fd_in) return -EINVAL; tr->addr = READ_ONCE(sqe->addr); @@ -5687,7 +5693,8 @@ static int io_timeout_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe, if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index || sqe->len != 1) + if (sqe->ioprio || sqe->buf_index || sqe->len != 1 || + sqe->splice_fd_in) return -EINVAL; if (off && is_timeout_link) return -EINVAL; @@ -5843,7 +5850,8 @@ static int io_async_cancel_prep(struct io_kiocb *req, return -EINVAL; if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags) + if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags || + sqe->splice_fd_in) return -EINVAL; req->cancel.addr = READ_ONCE(sqe->addr); @@ -5884,7 +5892,7 @@ static int io_rsrc_update_prep(struct io_kiocb *req, { if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->rw_flags) + if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in) return -EINVAL; req->rsrc_update.offset = READ_ONCE(sqe->off);

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: place fixed tables under memcg limits" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0bea96f59ba40e63c0ae93ad6a02417b95f22f4d Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Fri, 20 Aug 2021 10:36:36 +0100 Subject: [PATCH] io_uring: place fixed tables under memcg limits Fixed tables may be large enough, place all of them together with allocated tags under memcg limits. Cc: stable(a)vger.kernel.org Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/b3ac9f5da9821bb59837b5fe25e8ef4be982218c.16294516… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index 9a021fe6c461..c6f1afa5ec04 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -7138,14 +7138,14 @@ static void **io_alloc_page_table(size_t size) size_t init_size = size; void **table; - table = kcalloc(nr_tables, sizeof(*table), GFP_KERNEL); + table = kcalloc(nr_tables, sizeof(*table), GFP_KERNEL_ACCOUNT); if (!table) return NULL; for (i = 0; i < nr_tables; i++) { unsigned int this_size = min_t(size_t, size, PAGE_SIZE); - table[i] = kzalloc(this_size, GFP_KERNEL); + table[i] = kzalloc(this_size, GFP_KERNEL_ACCOUNT); if (!table[i]) { io_free_page_table(table, init_size); return NULL; @@ -7336,7 +7336,8 @@ static int io_rsrc_data_alloc(struct io_ring_ctx *ctx, rsrc_put_fn *do_put, static bool io_alloc_file_tables(struct io_file_table *table, unsigned nr_files) { - table->files = kvcalloc(nr_files, sizeof(table->files[0]), GFP_KERNEL); + table->files = kvcalloc(nr_files, sizeof(table->files[0]), + GFP_KERNEL_ACCOUNT); return !!table->files; }

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: place fixed tables under memcg limits" failed to apply to 5.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0bea96f59ba40e63c0ae93ad6a02417b95f22f4d Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Fri, 20 Aug 2021 10:36:36 +0100 Subject: [PATCH] io_uring: place fixed tables under memcg limits Fixed tables may be large enough, place all of them together with allocated tags under memcg limits. Cc: stable(a)vger.kernel.org Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/b3ac9f5da9821bb59837b5fe25e8ef4be982218c.16294516… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index 9a021fe6c461..c6f1afa5ec04 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -7138,14 +7138,14 @@ static void **io_alloc_page_table(size_t size) size_t init_size = size; void **table; - table = kcalloc(nr_tables, sizeof(*table), GFP_KERNEL); + table = kcalloc(nr_tables, sizeof(*table), GFP_KERNEL_ACCOUNT); if (!table) return NULL; for (i = 0; i < nr_tables; i++) { unsigned int this_size = min_t(size_t, size, PAGE_SIZE); - table[i] = kzalloc(this_size, GFP_KERNEL); + table[i] = kzalloc(this_size, GFP_KERNEL_ACCOUNT); if (!table[i]) { io_free_page_table(table, init_size); return NULL; @@ -7336,7 +7336,8 @@ static int io_rsrc_data_alloc(struct io_ring_ctx *ctx, rsrc_put_fn *do_put, static bool io_alloc_file_tables(struct io_file_table *table, unsigned nr_files) { - table->files = kvcalloc(nr_files, sizeof(table->files[0]), GFP_KERNEL); + table->files = kvcalloc(nr_files, sizeof(table->files[0]), + GFP_KERNEL_ACCOUNT); return !!table->files; }

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: place fixed tables under memcg limits" failed to apply to 5.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0bea96f59ba40e63c0ae93ad6a02417b95f22f4d Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Fri, 20 Aug 2021 10:36:36 +0100 Subject: [PATCH] io_uring: place fixed tables under memcg limits Fixed tables may be large enough, place all of them together with allocated tags under memcg limits. Cc: stable(a)vger.kernel.org Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/b3ac9f5da9821bb59837b5fe25e8ef4be982218c.16294516… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index 9a021fe6c461..c6f1afa5ec04 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -7138,14 +7138,14 @@ static void **io_alloc_page_table(size_t size) size_t init_size = size; void **table; - table = kcalloc(nr_tables, sizeof(*table), GFP_KERNEL); + table = kcalloc(nr_tables, sizeof(*table), GFP_KERNEL_ACCOUNT); if (!table) return NULL; for (i = 0; i < nr_tables; i++) { unsigned int this_size = min_t(size_t, size, PAGE_SIZE); - table[i] = kzalloc(this_size, GFP_KERNEL); + table[i] = kzalloc(this_size, GFP_KERNEL_ACCOUNT); if (!table[i]) { io_free_page_table(table, init_size); return NULL; @@ -7336,7 +7336,8 @@ static int io_rsrc_data_alloc(struct io_ring_ctx *ctx, rsrc_put_fn *do_put, static bool io_alloc_file_tables(struct io_file_table *table, unsigned nr_files) { - table->files = kvcalloc(nr_files, sizeof(table->files[0]), GFP_KERNEL); + table->files = kvcalloc(nr_files, sizeof(table->files[0]), + GFP_KERNEL_ACCOUNT); return !!table->files; }

3 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: limit fixed table size by RLIMIT_NOFILE" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3a1b8a4e843f96b636431450d8d79061605cf74b Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Fri, 20 Aug 2021 10:36:35 +0100 Subject: [PATCH] io_uring: limit fixed table size by RLIMIT_NOFILE Limit the number of files in io_uring fixed tables by RLIMIT_NOFILE, that's the first and the simpliest restriction that we should impose. Cc: stable(a)vger.kernel.org Suggested-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/b2756c340aed7d6c0b302c26dab50c6c5907f4ce.16294516… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index 706ac8c03b95..9a021fe6c461 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -7733,6 +7733,8 @@ static int io_sqe_files_register(struct io_ring_ctx *ctx, void __user *arg, return -EINVAL; if (nr_args > IORING_MAX_FIXED_FILES) return -EMFILE; + if (nr_args > rlimit(RLIMIT_NOFILE)) + return -EMFILE; ret = io_rsrc_node_switch_start(ctx); if (ret) return ret;

3 years, 7 months

1
0
0 0

stable-rc/queue/5.13 baseline: 178 runs, 3 regressions (v5.13.16-263-g6cdb0b2e1c97)

by kernelci.org bot

stable-rc/queue/5.13 baseline: 178 runs, 3 regressions (v5.13.16-263-g6cdb0b2e1c97) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------+-------+--------------+----------+---------------------+------------ beagle-xm | arm | lab-baylibre | gcc-8 | multi_v7_defconfig | 1 beagle-xm | arm | lab-baylibre | gcc-8 | omap2plus_defconfig | 1 imx8mp-evk | arm64 | lab-nxp | gcc-8 | defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F5.13/kernel/v5.13.16… Test: baseline Tree: stable-rc Branch: queue/5.13 Describe: v5.13.16-263-g6cdb0b2e1c97 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 6cdb0b2e1c97e37e5a39fc2c1f7a633a0d2fada7 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------+-------+--------------+----------+---------------------+------------ beagle-xm | arm | lab-baylibre | gcc-8 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/613ee574d767670c68d59680 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.13/v5.13.16-263-g6cdb0b2e1c… HTML log: https://storage.kernelci.org//stable-rc/queue-5.13/v5.13.16-263-g6cdb0b2e1c… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ee574d767670c68d59681 new failure (last pass: v5.13.15-22-gd9f9fc203cf9) platform | arch | lab | compiler | defconfig | regressions -----------+-------+--------------+----------+---------------------+------------ beagle-xm | arm | lab-baylibre | gcc-8 | omap2plus_defconfig | 1 Details: https://kernelci.org/test/plan/id/613ee4faeb499a5b4ad5966b Results: 0 PASS, 1 FAIL, 0 SKIP Full config: omap2plus_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.13/v5.13.16-263-g6cdb0b2e1c… HTML log: https://storage.kernelci.org//stable-rc/queue-5.13/v5.13.16-263-g6cdb0b2e1c… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ee4faeb499a5b4ad5966c failing since 3 days (last pass: v5.13.15-4-g89710d87b229, first fail: v5.13.15-6-gd33967f7a055) platform | arch | lab | compiler | defconfig | regressions -----------+-------+--------------+----------+---------------------+------------ imx8mp-evk | arm64 | lab-nxp | gcc-8 | defconfig | 1 Details: https://kernelci.org/test/plan/id/613ee83b9a776126f4d596bb Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-8 (aarch64-linux-gnu-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.13/v5.13.16-263-g6cdb0b2e1c… HTML log: https://storage.kernelci.org//stable-rc/queue-5.13/v5.13.16-263-g6cdb0b2e1c… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ee83b9a776126f4d596bc new failure (last pass: v5.13.15-22-gd9f9fc203cf9)

3 years, 7 months

1
0
0 0

stable-rc/queue/4.4 baseline: 103 runs, 6 regressions (v4.4.283-68-ga03032d89254)

by kernelci.org bot

stable-rc/queue/4.4 baseline: 103 runs, 6 regressions (v4.4.283-68-ga03032d89254) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions --------------------+------+---------------+----------+--------------------+------------ qemu_arm-virt-gicv2 | arm | lab-baylibre | gcc-8 | multi_v7_defconfig | 1 qemu_arm-virt-gicv2 | arm | lab-cip | gcc-8 | multi_v7_defconfig | 1 qemu_arm-virt-gicv2 | arm | lab-collabora | gcc-8 | multi_v7_defconfig | 1 qemu_arm-virt-gicv3 | arm | lab-baylibre | gcc-8 | multi_v7_defconfig | 1 qemu_arm-virt-gicv3 | arm | lab-cip | gcc-8 | multi_v7_defconfig | 1 qemu_arm-virt-gicv3 | arm | lab-collabora | gcc-8 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F4.4/kernel/v4.4.283-… Test: baseline Tree: stable-rc Branch: queue/4.4 Describe: v4.4.283-68-ga03032d89254 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: a03032d89254a2383a78962055c77ed803f5692e Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions --------------------+------+---------------+----------+--------------------+------------ qemu_arm-virt-gicv2 | arm | lab-baylibre | gcc-8 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/613ee73767839ca760d59684 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… HTML log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ee73767839ca760d59685 failing since 303 days (last pass: v4.4.243-18-gfc7e8c68369a, first fail: v4.4.243-19-g71b6c961c7fe) platform | arch | lab | compiler | defconfig | regressions --------------------+------+---------------+----------+--------------------+------------ qemu_arm-virt-gicv2 | arm | lab-cip | gcc-8 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/613ee726478215ebdfd596a8 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… HTML log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ee726478215ebdfd596a9 failing since 303 days (last pass: v4.4.243-18-gfc7e8c68369a, first fail: v4.4.243-19-g71b6c961c7fe) platform | arch | lab | compiler | defconfig | regressions --------------------+------+---------------+----------+--------------------+------------ qemu_arm-virt-gicv2 | arm | lab-collabora | gcc-8 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/613f15caea9ab2dbb499a2e4 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… HTML log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613f15caea9ab2dbb499a2e5 failing since 303 days (last pass: v4.4.243-18-gfc7e8c68369a, first fail: v4.4.243-19-g71b6c961c7fe) platform | arch | lab | compiler | defconfig | regressions --------------------+------+---------------+----------+--------------------+------------ qemu_arm-virt-gicv3 | arm | lab-baylibre | gcc-8 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/613ee70f650fb3e24cd5968f Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… HTML log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ee70f650fb3e24cd59690 failing since 303 days (last pass: v4.4.243-18-gfc7e8c68369a, first fail: v4.4.243-19-g71b6c961c7fe) platform | arch | lab | compiler | defconfig | regressions --------------------+------+---------------+----------+--------------------+------------ qemu_arm-virt-gicv3 | arm | lab-cip | gcc-8 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/613ee71c478215ebdfd59694 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… HTML log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ee71c478215ebdfd59695 failing since 303 days (last pass: v4.4.243-18-gfc7e8c68369a, first fail: v4.4.243-19-g71b6c961c7fe) platform | arch | lab | compiler | defconfig | regressions --------------------+------+---------------+----------+--------------------+------------ qemu_arm-virt-gicv3 | arm | lab-collabora | gcc-8 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/613f15900e9f8ba0d899a2da Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… HTML log: https://storage.kernelci.org//stable-rc/queue-4.4/v4.4.283-68-ga03032d89254… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613f15900e9f8ba0d899a2db failing since 303 days (last pass: v4.4.243-18-gfc7e8c68369a, first fail: v4.4.243-19-g71b6c961c7fe)

3 years, 7 months

1
0
0 0

[PATCH 0/4] backport fscrypt symlink fixes to 4.19

by Eric Biggers

This series backports some patches that failed to apply to 4.19-stable due to the prototype of inode_operations::getattr having changed in v5.12, as well as several other conflicts. Please apply to 4.19-stable. Eric Biggers (4): fscrypt: add fscrypt_symlink_getattr() for computing st_size ext4: report correct st_size for encrypted symlinks f2fs: report correct st_size for encrypted symlinks ubifs: report correct st_size for encrypted symlinks fs/crypto/hooks.c | 44 +++++++++++++++++++++++++++++++++ fs/ext4/symlink.c | 11 ++++++++- fs/f2fs/namei.c | 11 ++++++++- fs/ubifs/file.c | 12 ++++++++- include/linux/fscrypt_notsupp.h | 6 +++++ include/linux/fscrypt_supp.h | 1 + 6 files changed, 82 insertions(+), 3 deletions(-) -- 2.33.0.153.gba50c8fa24-goog

3 years, 7 months

2
5
0 0

[PATCH] f2fs: guarantee to write dirty data when enabling checkpoint back

by Jaegeuk Kim

From: Jaegeuk Kim <jaegeuk(a)kernel.org> commit dddd3d65293a52c2c3850c19b1e5115712e534d8 upstream. We must flush all the dirty data when enabling checkpoint back. Let's guarantee that first by adding a retry logic on sync_inodes_sb(). In addition to that, this patch adds to flush data in fsync when checkpoint is disabled, which can mitigate the sync_inodes_sb() failures in advance. Reviewed-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> --- fs/f2fs/file.c | 5 ++--- fs/f2fs/super.c | 11 ++++++++++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 5c74b2997197..6ee8b1e0e174 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -259,8 +259,7 @@ static int f2fs_do_sync_file(struct file *file, loff_t start, loff_t end, }; unsigned int seq_id = 0; - if (unlikely(f2fs_readonly(inode->i_sb) || - is_sbi_flag_set(sbi, SBI_CP_DISABLED))) + if (unlikely(f2fs_readonly(inode->i_sb))) return 0; trace_f2fs_sync_file_enter(inode); @@ -274,7 +273,7 @@ static int f2fs_do_sync_file(struct file *file, loff_t start, loff_t end, ret = file_write_and_wait_range(file, start, end); clear_inode_flag(inode, FI_NEED_IPU); - if (ret) { + if (ret || is_sbi_flag_set(sbi, SBI_CP_DISABLED)) { trace_f2fs_sync_file_exit(inode, cp_reason, datasync, ret); return ret; } diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c52988067887..476b2c497d28 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1764,8 +1764,17 @@ static int f2fs_disable_checkpoint(struct f2fs_sb_info *sbi) static void f2fs_enable_checkpoint(struct f2fs_sb_info *sbi) { + int retry = DEFAULT_RETRY_IO_COUNT; + /* we should flush all the data to keep data consistency */ - sync_inodes_sb(sbi->sb); + do { + sync_inodes_sb(sbi->sb); + cond_resched(); + congestion_wait(BLK_RW_ASYNC, DEFAULT_IO_TIMEOUT); + } while (get_pages(sbi, F2FS_DIRTY_DATA) && retry--); + + if (unlikely(retry < 0)) + f2fs_warn(sbi, "checkpoint=enable has some unwritten data."); down_write(&sbi->gc_lock); f2fs_dirty_to_prefree(sbi); -- 2.33.0.153.gba50c8fa24-goog

3 years, 7 months

3
6
0 0

[PATCH] iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha

by Justin Forbes

commit 2f32c147a3816d789722c0bd242a9431332ec3ed upstream. This patch adds a missing pci-id to support the wireless device in the Galaxy Book Flex2 Alpha which is shipping and in the wild. It has been tested to work on 5.13+. While it has been shipping in Fedora kernels, Samsung and a couple of users requested it be added to stable. Justin

3 years, 7 months

2
1
0 0

[PATCH 5.4 0/4] bpf: backport fixes for CVE-2021-34556/CVE-2021-35477

by Ovidiu Panait

With this patchseries all bpf verifier selftests pass (tested in qemu for x86_64): root@intel-x86-64:~# ./test_verifier ... #1057/p XDP pkt read, pkt_meta' <= pkt_data, bad access 1 OK #1058/p XDP pkt read, pkt_meta' <= pkt_data, bad access 2 OK #1059/p XDP pkt read, pkt_data <= pkt_meta', good access OK #1060/p XDP pkt read, pkt_data <= pkt_meta', bad access 1 OK #1061/p XDP pkt read, pkt_data <= pkt_meta', bad access 2 OK Summary: 1571 PASSED, 0 SKIPPED, 0 FAILED Daniel Borkmann (3): bpf: Introduce BPF nospec instruction for mitigating Spectre v4 bpf: Fix leakage due to insufficient speculative store bypass mitigation bpf: Fix pointer arithmetic mask tightening under state pruning Lorenz Bauer (1): bpf: verifier: Allocate idmap scratch in verifier env arch/arm/net/bpf_jit_32.c | 3 + arch/arm64/net/bpf_jit_comp.c | 13 +++ arch/mips/net/ebpf_jit.c | 3 + arch/powerpc/net/bpf_jit_comp64.c | 6 ++ arch/riscv/net/bpf_jit_comp.c | 4 + arch/s390/net/bpf_jit_comp.c | 5 + arch/sparc/net/bpf_jit_comp_64.c | 3 + arch/x86/net/bpf_jit_comp.c | 7 ++ arch/x86/net/bpf_jit_comp32.c | 6 ++ include/linux/bpf_verifier.h | 11 ++- include/linux/filter.h | 15 +++ kernel/bpf/core.c | 18 +++- kernel/bpf/disasm.c | 16 ++-- kernel/bpf/verifier.c | 152 ++++++++++++------------------ 14 files changed, 161 insertions(+), 101 deletions(-) -- 2.25.1

3 years, 7 months

2
5
0 0

stable-rc/queue/4.9 baseline: 105 runs, 3 regressions (v4.9.282-84-g18813fd5c498)

by kernelci.org bot

stable-rc/queue/4.9 baseline: 105 runs, 3 regressions (v4.9.282-84-g18813fd5c498) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ---------------------+------+---------------+----------+---------------------+------------ qemu_arm-versatilepb | arm | lab-baylibre | gcc-8 | versatile_defconfig | 1 qemu_arm-versatilepb | arm | lab-cip | gcc-8 | versatile_defconfig | 1 qemu_arm-versatilepb | arm | lab-collabora | gcc-8 | versatile_defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F4.9/kernel/v4.9.282-… Test: baseline Tree: stable-rc Branch: queue/4.9 Describe: v4.9.282-84-g18813fd5c498 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 18813fd5c4982b3698c9a584886bf1ce72fec596 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ---------------------+------+---------------+----------+---------------------+------------ qemu_arm-versatilepb | arm | lab-baylibre | gcc-8 | versatile_defconfig | 1 Details: https://kernelci.org/test/plan/id/613edd2111f8e3e651d59667 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: versatile_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.9/v4.9.282-84-g18813fd5c498… HTML log: https://storage.kernelci.org//stable-rc/queue-4.9/v4.9.282-84-g18813fd5c498… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613edd2111f8e3e651d59668 failing since 303 days (last pass: v4.9.243-16-gd8d67e375b0a, first fail: v4.9.243-25-ga01fe8e99a22) platform | arch | lab | compiler | defconfig | regressions ---------------------+------+---------------+----------+---------------------+------------ qemu_arm-versatilepb | arm | lab-cip | gcc-8 | versatile_defconfig | 1 Details: https://kernelci.org/test/plan/id/613edc72518fcbb72cd5967f Results: 0 PASS, 1 FAIL, 0 SKIP Full config: versatile_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.9/v4.9.282-84-g18813fd5c498… HTML log: https://storage.kernelci.org//stable-rc/queue-4.9/v4.9.282-84-g18813fd5c498… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613edc72518fcbb72cd59680 failing since 303 days (last pass: v4.9.243-16-gd8d67e375b0a, first fail: v4.9.243-25-ga01fe8e99a22) platform | arch | lab | compiler | defconfig | regressions ---------------------+------+---------------+----------+---------------------+------------ qemu_arm-versatilepb | arm | lab-collabora | gcc-8 | versatile_defconfig | 1 Details: https://kernelci.org/test/plan/id/613f0f9b158e7f64b9d5966b Results: 0 PASS, 1 FAIL, 0 SKIP Full config: versatile_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-4.9/v4.9.282-84-g18813fd5c498… HTML log: https://storage.kernelci.org//stable-rc/queue-4.9/v4.9.282-84-g18813fd5c498… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613f0f9b158e7f64b9d5966c failing since 303 days (last pass: v4.9.243-16-gd8d67e375b0a, first fail: v4.9.243-25-ga01fe8e99a22)

3 years, 7 months

1
0
0 0

[PATCH 5.4] netns: protect netns ID lookups with RCU

by Håkon Bugge

From: Guillaume Nault <gnault(a)redhat.com> __peernet2id() can be protected by RCU as it only calls idr_for_each(), which is RCU-safe, and never modifies the nsid table. rtnl_net_dumpid() can also do lockless lookups. It does two nested idr_for_each() calls on nsid tables (one direct call and one indirect call because of rtnl_net_dumpid_one() calling __peernet2id()). The netnsid tables are never updated. Therefore it is safe to not take the nsid_lock and run within an RCU-critical section instead. Signed-off-by: Guillaume Nault <gnault(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> A nice side-effect of replacing spin_{lock,unlock}_bh() with rcu_spin_{lock,unlock}() in peernet2id() is that it avoids the situation where SoftIRQs get enabled whilst IRQs are turned off. >From bugzilla.redhat.com/show_bug.cgi?id=1384179 (an ancient 4.9.0-0.rc0 kernel): dump_stack+0x86/0xc3 __warn+0xcb/0xf0 warn_slowpath_null+0x1d/0x20 __local_bh_enable_ip+0x9d/0xc0 _raw_spin_unlock_bh+0x35/0x40 peernet2id+0x54/0x80 netlink_broadcast_filtered+0x220/0x3c0 netlink_broadcast+0x1d/0x20 audit_log+0x6a/0x90 security_set_bools+0xee/0x200 [] Note, security_set_bools() calls write_lock_irq(). peernet2id() calls spin_unlock_bh(). >From an internal (UEK) stack trace based on the v4.14.35 kernel (LTS 4.14.231): queued_spin_lock_slowpath+0xb/0xf _raw_spin_lock_irqsave+0x46/0x48 send_mad+0x3d2/0x590 [ib_core] ib_sa_path_rec_get+0x223/0x4d0 [ib_core] path_rec_start+0xa3/0x140 [ib_ipoib] ipoib_start_xmit+0x2b0/0x6a0 [ib_ipoib] dev_hard_start_xmit+0xb2/0x237 sch_direct_xmit+0x114/0x1bf __dev_queue_xmit+0x592/0x818 dev_queue_xmit+0x10/0x12 arp_xmit+0x38/0xa6 arp_send_dst.part.16+0x61/0x84 arp_process+0x825/0x889 arp_rcv+0x140/0x1c9 __netif_receive_skb_core+0x401/0xb39 __netif_receive_skb+0x18/0x59 netif_receive_skb_internal+0x45/0x119 napi_gro_receive+0xd8/0xf6 ipoib_ib_handle_rx_wc+0x1ca/0x520 [ib_ipoib] ipoib_poll+0xcd/0x150 [ib_ipoib] net_rx_action+0x289/0x3f4 __do_softirq+0xe1/0x2b5 do_softirq_own_stack+0x2a/0x35 </IRQ> do_softirq+0x4d/0x6a __local_bh_enable_ip+0x57/0x59 _raw_spin_unlock_bh+0x23/0x25 peernet2id+0x51/0x73 netlink_broadcast_filtered+0x223/0x41b netlink_broadcast+0x1d/0x1f rdma_nl_multicast+0x22/0x30 [ib_core] send_mad+0x3e5/0x590 [ib_core] ib_sa_path_rec_get+0x223/0x4d0 [ib_core] rdma_resolve_route+0x287/0x810 [rdma_cm] rds_rdma_cm_event_handler_cmn+0x311/0x7d0 [rds_rdma] rds_rdma_cm_event_handler_worker+0x22/0x30 [rds_rdma] process_one_work+0x169/0x3a6 worker_thread+0x4d/0x3e5 kthread+0x105/0x138 ret_from_fork+0x24/0x49 Here, pay attention to ib_nl_make_request() which calls spin_lock_irqsave() on a global lock just before calling rdma_nl_multicast(). Thereafter, peernet2id() enables SoftIRQs, and ipoib starts and calls the same path and ends up trying to acquire the same global lock again. (cherry picked from commit 2dce224f469f060b9998a5a869151ef83c08ce77) Fixes: fba143c66abb ("netns: avoid disabling irq for netns id") Signed-off-by: Håkon Bugge <haakon.bugge(a)oracle.com> Conflicts: net/core/net_namespace.c * Due to context differences because v5.4 lacks commit 4905294162bd ("netns: Remove __peernet2id_alloc()"). Only comments affected. --- net/core/net_namespace.c | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index c303873..9bf1551 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -211,9 +211,9 @@ static int net_eq_idr(int id, void *net, void *peer) return 0; } -/* Should be called with nsid_lock held. If a new id is assigned, the bool alloc - * is set to true, thus the caller knows that the new id must be notified via - * rtnl. +/* Must be called from RCU-critical section or with nsid_lock held. If + * a new id is assigned, the bool alloc is set to true, thus the + * caller knows that the new id must be notified via rtnl. */ static int __peernet2id_alloc(struct net *net, struct net *peer, bool *alloc) { @@ -237,7 +237,7 @@ static int __peernet2id_alloc(struct net *net, struct net *peer, bool *alloc) return NETNSA_NSID_NOT_ASSIGNED; } -/* should be called with nsid_lock held */ +/* Must be called from RCU-critical section or with nsid_lock held */ static int __peernet2id(struct net *net, struct net *peer) { bool no = false; @@ -281,9 +281,10 @@ int peernet2id(struct net *net, struct net *peer) { int id; - spin_lock_bh(&net->nsid_lock); + rcu_read_lock(); id = __peernet2id(net, peer); - spin_unlock_bh(&net->nsid_lock); + rcu_read_unlock(); + return id; } EXPORT_SYMBOL(peernet2id); @@ -962,6 +963,7 @@ struct rtnl_net_dump_cb { int s_idx; }; +/* Runs in RCU-critical section. */ static int rtnl_net_dumpid_one(int id, void *peer, void *data) { struct rtnl_net_dump_cb *net_cb = (struct rtnl_net_dump_cb *)data; @@ -1046,19 +1048,9 @@ static int rtnl_net_dumpid(struct sk_buff *skb, struct netlink_callback *cb) goto end; } - spin_lock_bh(&net_cb.tgt_net->nsid_lock); - if (net_cb.fillargs.add_ref && - !net_eq(net_cb.ref_net, net_cb.tgt_net) && - !spin_trylock_bh(&net_cb.ref_net->nsid_lock)) { - spin_unlock_bh(&net_cb.tgt_net->nsid_lock); - err = -EAGAIN; - goto end; - } + rcu_read_lock(); idr_for_each(&net_cb.tgt_net->netns_ids, rtnl_net_dumpid_one, &net_cb); - if (net_cb.fillargs.add_ref && - !net_eq(net_cb.ref_net, net_cb.tgt_net)) - spin_unlock_bh(&net_cb.ref_net->nsid_lock); - spin_unlock_bh(&net_cb.tgt_net->nsid_lock); + rcu_read_unlock(); cb->args[0] = net_cb.idx; end: -- 1.8.3.1

3 years, 7 months

2
1
0 0

stable-rc/queue/5.14 baseline: 161 runs, 2 regressions (v5.14.3-294-g9d35f37c1067)

by kernelci.org bot

stable-rc/queue/5.14 baseline: 161 runs, 2 regressions (v5.14.3-294-g9d35f37c1067) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ----------+------+--------------+----------+---------------------+------------ beagle-xm | arm | lab-baylibre | gcc-8 | multi_v7_defconfig | 1 beagle-xm | arm | lab-baylibre | gcc-8 | omap2plus_defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F5.14/kernel/v5.14.3-… Test: baseline Tree: stable-rc Branch: queue/5.14 Describe: v5.14.3-294-g9d35f37c1067 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 9d35f37c10676c19b63338f3027df31d12a1618d Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ----------+------+--------------+----------+---------------------+------------ beagle-xm | arm | lab-baylibre | gcc-8 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/613edd78e3783d832dd5968a Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.14/v5.14.3-294-g9d35f37c106… HTML log: https://storage.kernelci.org//stable-rc/queue-5.14/v5.14.3-294-g9d35f37c106… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613edd78e3783d832dd5968b new failure (last pass: v5.14.2-23-g3e6e24d4af82) platform | arch | lab | compiler | defconfig | regressions ----------+------+--------------+----------+---------------------+------------ beagle-xm | arm | lab-baylibre | gcc-8 | omap2plus_defconfig | 1 Details: https://kernelci.org/test/plan/id/613ede05dab6c97135d59679 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: omap2plus_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.14/v5.14.3-294-g9d35f37c106… HTML log: https://storage.kernelci.org//stable-rc/queue-5.14/v5.14.3-294-g9d35f37c106… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ede05dab6c97135d5967a failing since 2 days (last pass: v5.14.2-23-g1a3d3f4a63ad, first fail: v5.14.2-23-ge6845034189d)

3 years, 7 months

1
0
0 0

stable-rc/queue/5.10 baseline: 172 runs, 7 regressions (v5.10.64-214-g93e17c2075d7)

by kernelci.org bot

stable-rc/queue/5.10 baseline: 172 runs, 7 regressions (v5.10.64-214-g93e17c2075d7) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+--------------------+------------ hip07-d05 | arm64 | lab-collabora | gcc-8 | defconfig | 1 imx6q-var-dt6customboard | arm | lab-baylibre | gcc-8 | multi_v7_defconfig | 2 rk3288-veyron-jaq | arm | lab-collabora | gcc-8 | multi_v7_defconfig | 3 sun50i-a64-bananapi-m64 | arm64 | lab-clabbe | gcc-8 | defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F5.10/kernel/v5.10.64… Test: baseline Tree: stable-rc Branch: queue/5.10 Describe: v5.10.64-214-g93e17c2075d7 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 93e17c2075d7b9a99957b0f3cff7ec91e27171de Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+--------------------+------------ hip07-d05 | arm64 | lab-collabora | gcc-8 | defconfig | 1 Details: https://kernelci.org/test/plan/id/613ed324c540fed58cd5968f Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-8 (aarch64-linux-gnu-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.64-214-g93e17c2075… HTML log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.64-214-g93e17c2075… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ed324c540fed58cd59690 failing since 73 days (last pass: v5.10.46-100-gce5b41f85637, first fail: v5.10.46-100-g3b96099161c8b) platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+--------------------+------------ imx6q-var-dt6customboard | arm | lab-baylibre | gcc-8 | multi_v7_defconfig | 2 Details: https://kernelci.org/test/plan/id/613ed0db2dcf189a53d59679 Results: 4 PASS, 2 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.64-214-g93e17c2075… HTML log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.64-214-g93e17c2075… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.dmesg.alert: https://kernelci.org/test/case/id/613ed0db2dcf189a53d59680 new failure (last pass: v5.10.63-26-gfb6b5e198aab) 4 lines 2021-09-13T04:17:03.363322 kern :alert : 8<--- cut here --- 2021-09-13T04:17:03.364010 kern :alert : Unable to handle kernel NULL pointer dereference at virtual address 00000313 2021-09-13T04:17:03.364649 kern :alert : pgd = (ptrval)<8>[ 39.449462] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=alert RESULT=fail UNITS=lines MEASUREMENT=4> 2021-09-13T04:17:03.364895 2021-09-13T04:17:03.365119 kern :alert : [00000313] *pgd=00000000 * baseline.dmesg.emerg: https://kernelci.org/test/case/id/613ed0db2dcf189a53d59681 new failure (last pass: v5.10.63-26-gfb6b5e198aab) 47 lines 2021-09-13T04:17:03.416324 kern :emerg : Internal error: Oops: 17 [#1] SMP ARM 2021-09-13T04:17:03.416792 kern :emerg : Process kworker/2:5 (pid: 97, stack limit = 0x(ptrval)) 2021-09-13T04:17:03.417302 kern :emerg : Stack: (0xc36b9d50 to 0xc36ba000) 2021-09-13T04:17:03.417542 kern :emerg : 9d40: c3c011b0 c3c011b4 c3c01000 c3c01014 2021-09-13T04:17:03.417767 kern :emerg : 9d60: c144ac58 c09c7254 c36b8000 ef86b380 80200019 c3c01000 000002f3 023efbf1 2021-09-13T04:17:03.418257 kern :emerg : 9d80: c19c7874 c2001d80 c250aa00 ef842140 c09d49ac c144ac58 c19c7858 023efbf1 2021-09-13T04:17:03.459460 kern :emerg : 9da0: c19c7874 c399c5c0 c3b76a00 c3c01000 c3c01014 c144ac58 c19c7858 0000000c 2021-09-13T04:17:03.460089 kern :emerg : 9dc0: c19c7874 c09d497c c1448980 00000000 c3c0100c c3c01000 fffffdfb c2298c10 2021-09-13T04:17:03.460364 kern :emerg : 9de0: c2759500 c09aa89c c3c01000 bf095000 fffffdfb bf091138 c3a50b00 c3bf8308 2021-09-13T04:17:03.460597 kern :emerg : 9e00: 00000120 c27356c0 c2759500 c0a04500 c3a50b00 c3a50b00 00000040 c3a50b00 ... (35 line(s) more) platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+--------------------+------------ rk3288-veyron-jaq | arm | lab-collabora | gcc-8 | multi_v7_defconfig | 3 Details: https://kernelci.org/test/plan/id/613ef4221b123f9e08d5969e Results: 67 PASS, 3 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.64-214-g93e17c2075… HTML log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.64-214-g93e17c2075… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.bootrr.rockchip-iodomain-grf-probed: https://kernelci.org/test/case/id/613ef4221b123f9e08d596b2 failing since 90 days (last pass: v5.10.43-44-g253317604975, first fail: v5.10.43-130-g87b5f83f722c) 2021-09-13T06:47:55.411113 /lava-4506337/1/../bin/lava-test-case 2021-09-13T06:47:55.428126 <8>[ 14.528519] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=rockchip-iodomain-grf-probed RESULT=fail> * baseline.bootrr.dwmmc_rockchip-sdio0-probed: https://kernelci.org/test/case/id/613ef4221b123f9e08d596ca failing since 90 days (last pass: v5.10.43-44-g253317604975, first fail: v5.10.43-130-g87b5f83f722c) 2021-09-13T06:47:53.984958 /lava-4506337/1/../bin/lava-test-case 2021-09-13T06:47:54.002162 <8>[ 13.102112] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=dwmmc_rockchip-sdio0-probed RESULT=fail> * baseline.bootrr.dwmmc_rockchip-sdmmc-probed: https://kernelci.org/test/case/id/613ef4221b123f9e08d596cb failing since 90 days (last pass: v5.10.43-44-g253317604975, first fail: v5.10.43-130-g87b5f83f722c) 2021-09-13T06:47:52.970929 /lava-4506337/1/../bin/lava-test-case<8>[ 12.082972] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=dwmmc_rockchip-sdmmc-probed RESULT=fail> 2021-09-13T06:47:52.971341 platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+--------------------+------------ sun50i-a64-bananapi-m64 | arm64 | lab-clabbe | gcc-8 | defconfig | 1 Details: https://kernelci.org/test/plan/id/613ed254285645d3c3d59676 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-8 (aarch64-linux-gnu-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.64-214-g93e17c2075… HTML log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.64-214-g93e17c2075… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.login: https://kernelci.org/test/case/id/613ed254285645d3c3d59677 new failure (last pass: v5.10.63-26-gfb6b5e198aab)

3 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2021