April 2022 - Linux-stable-mirror

[PATCH] gpio: Revert regression in sysfs-gpio (gpiolib.c)

by Marcelo Roberto Jimenez

Some GPIO lines have stopped working after the patch commit 2ab73c6d8323f ("gpio: Support GPIO controllers without pin-ranges") And this has supposedly been fixed in the following patches commit 89ad556b7f96a ("gpio: Avoid using pin ranges with !PINCTRL") commit 6dbbf84603961 ("gpiolib: Don't free if pin ranges are not defined") But an erratic behavior where some GPIO lines work while others do not work has been introduced. This patch reverts those changes so that the sysfs-gpio interface works properly again. Signed-off-by: Marcelo Roberto Jimenez <marcelo.jimenez(a)gmail.com> --- Hi, My system is ARM926EJ-S rev 5 (v5l) (AT91SAM9G25), the board is an ACME Systems Arietta. The system used sysfs-gpio to manage a few gpio lines, and I have noticed that some have stopped working. The test script is very simple: #! /bin/bash cd /sys/class/gpio/ echo 24 > export cd pioA24 echo out > direction echo 0 > value cat value echo 1 > value cat value echo 0 > value cat value echo 1 > value cat value cd .. echo 24 > unexport In a "good" kernel, this script outputs 0, 1, 0, 1. In a bad kernel, the output result is 1, 1, 1, 1. Also it must be possible to run this script twice without errors, that was the issue with the gpiochip_generic_free() call that had been addressed in another patch. In my system PINCTRL is automatically selected by SOC_AT91SAM9 [=y] && ARCH_AT91 [=y] && ARCH_MULTI_V5 [=y] So it is not an option to disable it to make it work. Best regards, Marcelo. drivers/gpio/gpiolib.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index af5bb8fedfea..ac69ec8fb37a 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -1804,11 +1804,6 @@ static inline void gpiochip_irqchip_free_valid_mask(struct gpio_chip *gc) */ int gpiochip_generic_request(struct gpio_chip *gc, unsigned offset) { -#ifdef CONFIG_PINCTRL - if (list_empty(&gc->gpiodev->pin_ranges)) - return 0; -#endif - return pinctrl_gpio_request(gc->gpiodev->base + offset); } EXPORT_SYMBOL_GPL(gpiochip_generic_request); @@ -1820,11 +1815,6 @@ EXPORT_SYMBOL_GPL(gpiochip_generic_request); */ void gpiochip_generic_free(struct gpio_chip *gc, unsigned offset) { -#ifdef CONFIG_PINCTRL - if (list_empty(&gc->gpiodev->pin_ranges)) - return; -#endif - pinctrl_gpio_free(gc->gpiodev->base + offset); } EXPORT_SYMBOL_GPL(gpiochip_generic_free); -- 2.30.2

1 year, 6 months

9
27
0 0

Linux 5.17.5

by Greg Kroah-Hartman

I'm announcing the release of the 5.17.5 kernel. All users of the 5.17 kernel series must upgrade. The updated 5.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/filesystems/ext4/attributes.rst | 2 Makefile | 2 arch/arc/kernel/entry.S | 1 arch/arm/mach-vexpress/spc.c | 2 arch/arm/xen/enlighten.c | 9 - arch/arm64/boot/dts/freescale/imx8mm-var-som.dtsi | 8 - arch/arm64/boot/dts/freescale/imx8mn-var-som.dtsi | 8 - arch/arm64/boot/dts/qcom/sc7180.dtsi | 2 arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 arch/arm64/include/asm/pgtable.h | 4 arch/powerpc/kernel/time.c | 29 +--- arch/powerpc/kvm/book3s_64_vio.c | 45 +++--- arch/powerpc/kvm/book3s_64_vio_hv.c | 44 +++--- arch/powerpc/perf/power10-pmu.c | 2 arch/powerpc/perf/power9-pmu.c | 8 - arch/riscv/kvm/vcpu.c | 21 +- arch/x86/include/asm/compat.h | 6 arch/x86/include/asm/kvm_host.h | 4 arch/x86/kvm/hyperv.c | 40 +---- arch/x86/kvm/hyperv.h | 2 arch/x86/kvm/pmu.h | 9 + arch/x86/kvm/svm/pmu.c | 1 arch/x86/kvm/svm/sev.c | 61 +++----- arch/x86/kvm/vmx/nested.c | 5 arch/x86/kvm/vmx/pmu_intel.c | 8 - arch/x86/kvm/vmx/vmx.c | 5 arch/x86/kvm/vmx/vmx.h | 1 arch/x86/kvm/x86.c | 29 ++-- arch/xtensa/kernel/coprocessor.S | 4 arch/xtensa/kernel/jump_label.c | 2 block/ioctl.c | 2 drivers/ata/pata_marvell.c | 2 drivers/dma/at_xdmac.c | 12 - drivers/dma/dw-edma/dw-edma-v0-core.c | 7 drivers/dma/idxd/device.c | 6 drivers/dma/idxd/submit.c | 5 drivers/dma/idxd/sysfs.c | 6 drivers/dma/imx-sdma.c | 32 ++-- drivers/dma/mediatek/mtk-uart-apdma.c | 9 - drivers/edac/synopsys_edac.c | 16 +- drivers/firmware/cirrus/cs_dsp.c | 3 drivers/gpio/gpiolib.c | 4 drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c | 4 drivers/gpu/drm/i915/display/intel_psr.c | 38 ++--- drivers/gpu/drm/msm/adreno/adreno_device.c | 17 -- drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c | 3 drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c | 2 drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c | 13 + drivers/gpu/drm/radeon/radeon_sync.c | 2 drivers/gpu/drm/vc4/vc4_dsi.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 43 ++---- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 8 - drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 7 drivers/input/keyboard/omap4-keypad.c | 2 drivers/net/ethernet/Kconfig | 26 +-- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 8 - drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c | 8 - drivers/net/ethernet/aquantia/atlantic/aq_vec.c | 24 +-- drivers/net/ethernet/cadence/macb_main.c | 8 + drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 8 - drivers/net/ethernet/intel/e1000e/ich8lan.c | 4 drivers/net/ethernet/intel/ice/ice_eswitch.c | 3 drivers/net/ethernet/intel/ice/ice_eswitch.h | 2 drivers/net/ethernet/intel/ice/ice_nvm.c | 1 drivers/net/ethernet/intel/igc/igc_i225.c | 11 + drivers/net/ethernet/intel/igc/igc_phy.c | 4 drivers/net/ethernet/intel/igc/igc_ptp.c | 15 +- drivers/net/ethernet/mscc/ocelot.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 4 drivers/net/vxlan.c | 4 drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2/pci.c | 2 drivers/nvme/host/core.c | 24 ++- drivers/nvme/host/nvme.h | 5 drivers/nvme/host/pci.c | 9 + drivers/perf/arm_pmu.c | 10 - drivers/platform/x86/samsung-laptop.c | 2 drivers/reset/reset-rzg2l-usbphy-ctrl.c | 4 drivers/reset/tegra/reset-bpmp.c | 9 + drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/bnx2i/bnx2i_iscsi.c | 2 drivers/scsi/cxgbi/libcxgbi.c | 6 drivers/scsi/libiscsi.c | 27 ++- drivers/scsi/libiscsi_tcp.c | 2 drivers/scsi/qedi/qedi_iscsi.c | 69 ++++----- drivers/scsi/scsi_transport_iscsi.c | 71 ++++------ drivers/scsi/sr_ioctl.c | 15 +- drivers/scsi/ufs/ufshcd.c | 5 drivers/spi/atmel-quadspi.c | 3 drivers/spi/spi-cadence-quadspi.c | 19 ++ drivers/spi/spi-mtk-nor.c | 12 + fs/cifs/cifsfs.c | 2 fs/cifs/connect.c | 11 + fs/cifs/dfs_cache.c | 19 +- fs/ext4/ext4.h | 7 fs/ext4/extents.c | 32 +++- fs/ext4/inode.c | 18 ++ fs/ext4/ioctl.c | 16 ++ fs/ext4/namei.c | 4 fs/ext4/page-io.c | 4 fs/ext4/super.c | 21 ++ fs/gfs2/rgrp.c | 9 - fs/hugetlbfs/inode.c | 9 - fs/io_uring.c | 11 - fs/jbd2/commit.c | 4 fs/namei.c | 22 +-- fs/posix_acl.c | 10 + fs/stat.c | 19 +- fs/xattr.c | 6 include/linux/etherdevice.h | 5 include/linux/memcontrol.h | 5 include/linux/posix_acl_xattr.h | 4 include/linux/sched.h | 1 include/linux/sched/mm.h | 8 + include/net/esp.h | 2 include/net/netns/ipv6.h | 4 include/scsi/libiscsi.h | 9 - include/scsi/scsi_transport_iscsi.h | 2 kernel/events/core.c | 2 kernel/events/internal.h | 5 kernel/events/ring_buffer.c | 5 kernel/irq_work.c | 2 kernel/sched/fair.c | 10 - lib/xarray.c | 2 mm/memcontrol.c | 12 + mm/memory-failure.c | 13 + mm/mmap.c | 8 - mm/mmu_notifier.c | 14 + mm/oom_kill.c | 54 +++++-- mm/userfaultfd.c | 15 +- mm/workingset.c | 2 net/can/isotp.c | 10 + net/dsa/tag_hellcreek.c | 8 + net/ipv4/esp4.c | 5 net/ipv6/esp6.c | 5 net/ipv6/ip6_gre.c | 14 + net/ipv6/route.c | 11 - net/l3mdev/l3mdev.c | 2 net/netlink/af_netlink.c | 7 net/openvswitch/flow_netlink.c | 2 net/packet/af_packet.c | 13 + net/rxrpc/net_ns.c | 2 net/sched/cls_u32.c | 24 +-- net/smc/af_smc.c | 4 sound/hda/intel-dsp-config.c | 18 ++ sound/pci/hda/patch_hdmi.c | 6 sound/pci/hda/patch_realtek.c | 1 sound/soc/atmel/sam9g20_wm8731.c | 61 -------- sound/soc/codecs/msm8916-wcd-digital.c | 9 + sound/soc/codecs/rk817_codec.c | 2 sound/soc/codecs/rt5682.c | 11 - sound/soc/codecs/rt5682s.c | 11 - sound/soc/codecs/wcd934x.c | 26 --- sound/soc/soc-dapm.c | 6 sound/soc/soc-topology.c | 4 sound/soc/sof/topology.c | 43 ++++++ sound/usb/midi.c | 1 sound/usb/mixer_maps.c | 4 sound/usb/usbaudio.h | 2 tools/lib/perf/evlist.c | 3 tools/perf/builtin-report.c | 14 + tools/perf/builtin-script.c | 2 tools/testing/selftests/drivers/net/mlxsw/spectrum-2/vxlan_flooding_ipv6.sh | 17 ++ tools/testing/selftests/drivers/net/mlxsw/vxlan_flooding.sh | 17 ++ tools/testing/selftests/kvm/aarch64/arch_timer.c | 15 +- 166 files changed, 1109 insertions(+), 724 deletions(-) Adrian Hunter (1): perf tools: Fix segfault accessing sample_id xyarray Alex Elder (1): arm64: dts: qcom: add IPA qcom,qmp property Alexey Kardashevskiy (1): KVM: PPC: Fix TCE handling for VFIO Alistair Popple (1): mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() Allen-KH Cheng (1): spi: spi-mtk-nor: initialize spi controller after resume Athira Rajeev (2): powerpc/perf: Fix power9 event alternatives powerpc/perf: Fix power10 event alternatives Atish Patra (2): RISC-V: KVM: Remove 's' & 'u' as valid ISA extension RISC-V: KVM: Restrict the extensions that can be disabled Bob Peterson (1): gfs2: assign rgrp glock before compute_bitstructs Borislav Petkov (3): ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant mt76: Fix undefined behavior due to shift overflowing the constant brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant Christian Brauner (1): fs: fix acl translation Christian König (1): drm/radeon: fix logic inversion in radeon_sync_resv Christoph Hellwig (3): nvme: add a quirk to disable namespace identifiers nvme-pci: disable namespace identifiers for the MAXIO MAP1002/1202 nvme-pci: disable namespace identifiers for Qemu controllers Christophe Leroy (1): mm, hugetlb: allow for "high" userspace addresses Darrick J. Wong (1): ext4: fix fallocate to use file_modified to update permissions consistently Dave Jiang (6): dmaengine: idxd: fix device cleanup on disable dmaengine: idxd: match type for retries var in idxd_enqcmds() dmaengine: idxd: fix retry value to be constant for duration of function call dmaengine: idxd: add RO check for wq max_batch_size write dmaengine: idxd: add RO check for wq max_transfer_size write dmaengine: idxd: skip clearing device context when device is read-only Dave Stevenson (2): drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare David Ahern (1): l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu David Howells (2): rxrpc: Restore removed timer deletion cifs: Check the IOCB_DIRECT flag, not O_DIRECT Eric Dumazet (4): net/sched: cls_u32: fix netns refcount changes in u32_change() net/sched: cls_u32: fix possible leak in u32_init_knode() ipv6: make ip6_rt_gc_expire an atomic_t netlink: reset network and mac headers in netlink_dump() Greg Kroah-Hartman (1): Linux 5.17.5 Guo Ren (1): xtensa: patch_text: Fixup last cpu should be master Hangbin Liu (1): net/packet: fix packet_sock xmit return value checking Heiner Kallweit (1): reset: renesas: Check return value of reset_control_deassert() Herve Codina (1): dmaengine: dw-edma: Fix unaligned 64bit access Hongbin Wang (1): vxlan: fix error return code in vxlan_fdb_append Ido Schimmel (2): selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets selftests: mlxsw: vxlan_flooding_ipv6: Prevent flooding of unwanted packets Jens Axboe (1): io_uring: free iovec if file assignment fails Jianglei Nie (1): ice: Fix memory leak in ice_get_orom_civd_data() Jiapeng Chong (1): platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative José Roberto de Souza (1): drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails Kai Vehmanen (1): ALSA: hda/hdmi: fix warning about PCM count when used with SOF Kai-Heng Feng (1): net: atlantic: Avoid out-of-bounds indexing Kees Cook (2): etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead ARM: vexpress/spc: Avoid negative array index when !SMP Kevin Groeneveld (1): dmaengine: imx-sdma: fix init of uart scripts Kevin Hao (1): net: stmmac: Use readl_poll_timeout_atomic() in atomic state Khazhismel Kumykov (1): block/compat_ioctl: fix range check in BLKGETSIZE Kurt Kanzenbach (1): net: dsa: hellcreek: Calculate checksums in tagger Leo Yan (2): perf script: Always allow field 'data_src' for auxtrace perf report: Set PERF_SAMPLE_DATA_SRC bit for Arm SPE event Like Xu (1): KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog Lv Ruyi (1): dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info() Maciej Fijalkowski (1): ice: allow creating VFs for !CONFIG_NET_SWITCHDEV Manuel Ullmann (1): net: atlantic: invert deep par in pm functions, preventing null derefs Mario Limonciello (1): gpio: Request interrupts after IRQ is initialized Mark Brown (1): ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek Matthew Wilcox (Oracle) (1): XArray: Disallow sibling entries of nodes Matthias Schiffer (1): spi: cadence-quadspi: fix incorrect supports_op() return value Maurizio Avogadro (1): ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX. Max Filippov (1): xtensa: fix a7 clobbering in coprocessor context load/store Miaoqian Lin (6): ASoC: rk817: Use devm_clk_get() in rk817_platform_probe ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component dmaengine: imx-sdma: Fix error checking in sdma_event_remap Input: omap4-keypad - fix pm_runtime_get_sync() error checking drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage arm/xen: Fix some refcount leaks Michael Ellerman (1): powerpc/time: Always set decrementer in timer_interrupt() Mike Christie (4): scsi: iscsi: Release endpoint ID when its freed scsi: iscsi: Merge suspend fields scsi: iscsi: Fix NOP handling during conn recovery scsi: qedi: Fix failed disconnect handling Mikulas Patocka (1): stat: fix inconsistency between struct stat and struct compat_stat Mingwei Zhang (1): KVM: SVM: Flush when freeing encrypted pages even on SME_COHERENT CPUs Muchun Song (1): arm64: mm: fix p?d_leaf() Nadav Amit (1): userfaultfd: mark uffd_wp regardless of VM_WRITE flag NeilBrown (1): VFS: filename_create(): fix incorrect intent. Nicholas Kazlauskas (1): drm/amd/display: Only set PSR version when valid Nico Pache (1): oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup Oliver Hartkopp (1): can: isotp: stop timeout monitoring when no first frame was sent Oliver Upton (1): selftests: KVM: Free the GIC FD when cleaning up in arch_timer Paolo Valerio (1): openvswitch: fix OOB access in reserve_sfa_size() Paulo Alcantara (2): cifs: fix NULL ptr dereference in refresh_mounts() cifs: use correct lock type in cifs_reconnect() Pavel Begunkov (1): io_uring: fix leaks on IOPOLL and CQE_SKIP Peilin Ye (2): ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit() ip6_gre: Fix skb_under_panic in __gre6_xmit() Peter Ujfalusi (1): ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() Peter Wang (1): scsi: ufs: core: scsi_get_lba() error fix Pierre-Louis Bossart (2): ALSA: hda: intel-dsp-config: update AlderLake PCI IDs ASoC: SOF: topology: cleanup dailinks on widget unload Richard Fitzgerald (1): firmware: cs_dsp: Fix overrun of unterminated control name string Rob Clark (2): drm/msm/gpu: Rename runtime suspend/resume functions drm/msm/gpu: Remove mutex from wait_event condition Rob Herring (2): arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes arm_pmu: Validate single/group leader events Sabrina Dubroca (1): esp: limit skb_page_frag_refill use to a single page Sameer Pujar (1): reset: tegra-bpmp: Restore Handle errors in BPMP response Sasha Neftin (3): igc: Fix infinite loop in release_swfw_sync igc: Fix BUG: scheduling while atomic e1000e: Fix possible overflow in LTR decoding Sean Christopherson (4): KVM: x86: Don't re-acquire SRCU lock in complete_emulated_io() KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race KVM: nVMX: Defer APICv updates while L2 is active until L1 is active KVM: SVM: Simplify and harden helper to flush SEV guest page(s) Sergey Matyukevich (1): ARC: entry: fix syscall_trace_exit argument Shakeel Butt (1): memcg: sync flush only if periodic flush is delayed Shubhrajyoti Datta (1): EDAC/synopsys: Read the error count from the correct register Srinivas Kandagatla (1): ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use Stephen Hemminger (1): net: restore alpha order to Ethernet devices in config Tadeusz Struk (1): ext4: limit length to bitmap_maxbytes - blocksize in punch_hole Takashi Iwai (1): ALSA: usb-audio: Clear MIDI port active flag after draining Theodore Ts'o (3): ext4: fix overhead calculation to account for the reserved gdt blocks ext4: force overhead calculation if the s_overhead_cluster makes no sense ext4: update the cached overhead value in the superblock Tim Crawford (1): ALSA: hda/realtek: Add quirk for Clevo NP70PNP Tom Rix (1): scsi: sr: Do not leak information in ioctl Tomas Melin (1): net: macb: Restart tx only if queue pointer is lagging Tony Lu (1): net/smc: Fix sock leak when release after smc_shutdown() Tudor Ambarus (1): spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller Vinicius Costa Gomes (1): igc: Fix suspending when PTM is active Vitaly Kuznetsov (1): KVM: x86: hyper-v: Avoid writing to TSC page without an active vCPU Vladimir Oltean (1): net: mscc: ocelot: fix broken IP multicast flooding Wojciech Drewek (1): ice: fix crash in switchdev mode Xiaoke Wang (2): drm/msm/disp: check the return value of kzalloc() drm/msm/mdp5: check the return of kzalloc() Xiaomeng Tong (4): dma: at_xdmac: fix a missing check on list iterator ASoC: rt5682: fix an incorrect NULL check on list iterator ASoC: soc-dapm: fix two incorrect uses of list iterator codecs: rt5682s: fix an incorrect NULL check on list iterator Xu Yu (1): mm/memory-failure.c: skip huge_zero_page in memory_failure() Ye Bin (3): ext4: fix symlink file size not match to file content ext4: fix use-after-free in ext4_search_dir jbd2: fix a potential race while discarding reserved buffers after an abort Zack Rusin (1): drm/vmwgfx: Fix gem refcounting and memory evictions Zheyu Ma (1): ata: pata_marvell: Check the 'bmdma_addr' beforing reading Zhipeng Xie (1): perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled Zqiang (1): irq_work: use kasan_record_aux_stack_noalloc() record callstack kuyo chang (1): sched/pelt: Fix attach_entity_load_avg() corner case wangjianjian (C) (1): ext4, doc: fix incorrect h_reserved size zhangqilong (1): dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources

1 year, 6 months

5
15
0 0

[PATCH] ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min

by Marek Vasut

While the $val/$val2 values passed in from userspace are always >= 0 integers, the limits of the control can be signed integers and the $min can be non-zero and less than zero. To correctly validate $val/$val2 against platform_max, add the $min offset to val first. Fixes: 817f7c9335ec0 ("ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()") Signed-off-by: Marek Vasut <marex(a)denx.de> Cc: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/soc-ops.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c index f24f7354f46fe..6389a512c4dc6 100644 --- a/sound/soc/soc-ops.c +++ b/sound/soc/soc-ops.c @@ -317,7 +317,7 @@ int snd_soc_put_volsw(struct snd_kcontrol *kcontrol, mask = BIT(sign_bit + 1) - 1; val = ucontrol->value.integer.value[0]; - if (mc->platform_max && val > mc->platform_max) + if (mc->platform_max && ((int)val + min) > mc->platform_max) return -EINVAL; if (val > max - min) return -EINVAL; @@ -330,7 +330,7 @@ int snd_soc_put_volsw(struct snd_kcontrol *kcontrol, val = val << shift; if (snd_soc_volsw_is_stereo(mc)) { val2 = ucontrol->value.integer.value[1]; - if (mc->platform_max && val2 > mc->platform_max) + if (mc->platform_max && ((int)val2 + min) > mc->platform_max) return -EINVAL; if (val2 > max - min) return -EINVAL; -- 2.34.1

1 year, 6 months

6
14
0 0

[PATCH v3] ext4: fix race condition between ext4_write and ext4_convert_inline_data

by Baokun Li

Hulk Robot reported a BUG_ON: ================================================================== EXT4-fs error (device loop3): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free clusters kernel BUG at fs/ext4/ext4_jbd2.c:53! invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 25371 Comm: syz-executor.3 Not tainted 5.10.0+ #1 RIP: 0010:ext4_put_nojournal fs/ext4/ext4_jbd2.c:53 [inline] RIP: 0010:__ext4_journal_stop+0x10e/0x110 fs/ext4/ext4_jbd2.c:116 [...] Call Trace: ext4_write_inline_data_end+0x59a/0x730 fs/ext4/inline.c:795 generic_perform_write+0x279/0x3c0 mm/filemap.c:3344 ext4_buffered_write_iter+0x2e3/0x3d0 fs/ext4/file.c:270 ext4_file_write_iter+0x30a/0x11c0 fs/ext4/file.c:520 do_iter_readv_writev+0x339/0x3c0 fs/read_write.c:732 do_iter_write+0x107/0x430 fs/read_write.c:861 vfs_writev fs/read_write.c:934 [inline] do_pwritev+0x1e5/0x380 fs/read_write.c:1031 [...] ================================================================== Above issue may happen as follows: cpu1 cpu2 __________________________|__________________________ do_pwritev vfs_writev do_iter_write ext4_file_write_iter ext4_buffered_write_iter generic_perform_write ext4_da_write_begin vfs_fallocate ext4_fallocate ext4_convert_inline_data ext4_convert_inline_data_nolock ext4_destroy_inline_data_nolock clear EXT4_STATE_MAY_INLINE_DATA ext4_map_blocks ext4_ext_map_blocks ext4_mb_new_blocks ext4_mb_regular_allocator ext4_mb_good_group_nolock ext4_mb_init_group ext4_mb_init_cache ext4_mb_generate_buddy --> error ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) ext4_restore_inline_data set EXT4_STATE_MAY_INLINE_DATA ext4_block_write_begin ext4_da_write_end ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) ext4_write_inline_data_end handle=NULL ext4_journal_stop(handle) __ext4_journal_stop ext4_put_nojournal(handle) ref_cnt = (unsigned long)handle BUG_ON(ref_cnt == 0) ---> BUG_ON The lock held by ext4_convert_inline_data is xattr_sem, but the lock held by generic_perform_write is i_rwsem. Therefore, the two locks can be concurrent. To solve above issue, we add inode_lock() for ext4_convert_inline_data(). At the same time, move ext4_convert_inline_data() in front of ext4_punch_hole(), remove similar handling from ext4_punch_hole(). Fixes: 0c8d414f163f ("ext4: let fallocate handle inline data correctly") Cc: stable(a)vger.kernel.org Reported-by: Hulk Robot <hulkci(a)huawei.com> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- V1->V2: Increase the range of the inode_lock. V2->V3: Move the lock outside the ext4_convert_inline_data(). And reorganize ext4_fallocate(). fs/ext4/extents.c | 10 ++++++---- fs/ext4/inode.c | 9 --------- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index e473fde6b64b..474479ce76e0 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -4693,15 +4693,17 @@ long ext4_fallocate(struct file *file, int mode, loff_t offset, loff_t len) FALLOC_FL_INSERT_RANGE)) return -EOPNOTSUPP; + inode_lock(inode); + ret = ext4_convert_inline_data(inode); + inode_unlock(inode); + if (ret) + goto exit; + if (mode & FALLOC_FL_PUNCH_HOLE) { ret = ext4_punch_hole(file, offset, len); goto exit; } - ret = ext4_convert_inline_data(inode); - if (ret) - goto exit; - if (mode & FALLOC_FL_COLLAPSE_RANGE) { ret = ext4_collapse_range(file, offset, len); goto exit; diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 646ece9b3455..4779673d733e 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3967,15 +3967,6 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) trace_ext4_punch_hole(inode, offset, length, 0); - ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA); - if (ext4_has_inline_data(inode)) { - filemap_invalidate_lock(mapping); - ret = ext4_convert_inline_data(inode); - filemap_invalidate_unlock(mapping); - if (ret) - return ret; - } - /* * Write out all dirty pages to avoid race conditions * Then release them. -- 2.31.1

1 year, 6 months

4
4
0 0

[PATCH AUTOSEL 5.15 01/27] gfs2: assign rgrp glock before compute_bitstructs

by Sasha Levin

From: Bob Peterson <rpeterso(a)redhat.com> [ Upstream commit 428f651cb80b227af47fc302e4931791f2fb4741 ] Before this patch, function read_rindex_entry called compute_bitstructs before it allocated a glock for the rgrp. But if compute_bitstructs found a problem with the rgrp, it called gfs2_consist_rgrpd, and that called gfs2_dump_glock for rgd->rd_gl which had not yet been assigned. read_rindex_entry compute_bitstructs gfs2_consist_rgrpd gfs2_dump_glock <---------rgd->rd_gl was not set. This patch changes read_rindex_entry so it assigns an rgrp glock before calling compute_bitstructs so gfs2_dump_glock does not reference an unassigned pointer. If an error is discovered, the glock must also be put, so a new goto and label were added. Reported-by: syzbot+c6fd14145e2f62ca0784(a)syzkaller.appspotmail.com Signed-off-by: Bob Peterson <rpeterso(a)redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/gfs2/rgrp.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c index c3b00ba92ed2..e21f8e10d70b 100644 --- a/fs/gfs2/rgrp.c +++ b/fs/gfs2/rgrp.c @@ -922,15 +922,15 @@ static int read_rindex_entry(struct gfs2_inode *ip) spin_lock_init(&rgd->rd_rsspin); mutex_init(&rgd->rd_mutex); - error = compute_bitstructs(rgd); - if (error) - goto fail; - error = gfs2_glock_get(sdp, rgd->rd_addr, &gfs2_rgrp_glops, CREATE, &rgd->rd_gl); if (error) goto fail; + error = compute_bitstructs(rgd); + if (error) + goto fail_glock; + rgd->rd_rgl = (struct gfs2_rgrp_lvb *)rgd->rd_gl->gl_lksb.sb_lvbptr; rgd->rd_flags &= ~(GFS2_RDF_UPTODATE | GFS2_RDF_PREFERRED); if (rgd->rd_data > sdp->sd_max_rg_data) @@ -944,6 +944,7 @@ static int read_rindex_entry(struct gfs2_inode *ip) } error = 0; /* someone else read in the rgrp; free it and ignore it */ +fail_glock: gfs2_glock_put(rgd->rd_gl); fail: -- 2.35.1

1 year, 6 months

2
30
0 0

[PATCH 2/2] ext4: Avoid cycles in directory h-tree

by Jan Kara

A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already verified under its hands while doing a node split and consequently accessing unallocated memory. Fix the problem by verifying traversed block numbers are unique. CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/ext4/namei.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index ca6ee9940599..06441ad6104d 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -777,12 +777,14 @@ static struct dx_frame * dx_probe(struct ext4_filename *fname, struct inode *dir, struct dx_hash_info *hinfo, struct dx_frame *frame_in) { - unsigned count, indirect; + unsigned count, indirect, level, i; struct dx_entry *at, *entries, *p, *q, *m; struct dx_root *root; struct dx_frame *frame = frame_in; struct dx_frame *ret_err = ERR_PTR(ERR_BAD_DX_DIR); u32 hash; + ext4_lblk_t block; + ext4_lblk_t blocks[EXT4_HTREE_LEVEL]; memset(frame_in, 0, EXT4_HTREE_LEVEL * sizeof(frame_in[0])); frame->bh = ext4_read_dirblock(dir, 0, INDEX); @@ -854,6 +856,8 @@ dx_probe(struct ext4_filename *fname, struct inode *dir, } dxtrace(printk("Look up %x", hash)); + level = 0; + blocks[0] = 0; while (1) { count = dx_get_count(entries); if (!count || count > dx_get_limit(entries)) { @@ -882,15 +886,27 @@ dx_probe(struct ext4_filename *fname, struct inode *dir, dx_get_block(at))); frame->entries = entries; frame->at = at; - if (!indirect--) + + block = dx_get_block(at); + for (i = 0; i <= level; i++) { + if (blocks[i] == block) { + ext4_warning_inode(dir, + "dx entry: tree cycle block %u points back to block %u", + blocks[level], block); + goto fail; + } + } + blocks[++level] = block; + if (level > indirect) return frame; frame++; - frame->bh = ext4_read_dirblock(dir, dx_get_block(at), INDEX); + frame->bh = ext4_read_dirblock(dir, block, INDEX); if (IS_ERR(frame->bh)) { ret_err = (struct dx_frame *) frame->bh; frame->bh = NULL; goto fail; } + entries = ((struct dx_node *) frame->bh->b_data)->entries; if (dx_get_limit(entries) != dx_node_limit(dir)) { @@ -1278,7 +1294,7 @@ static int dx_make_map(struct inode *dir, struct buffer_head *bh, count++; cond_resched(); } - de = ext4_next_entry(de, blocksize); + de = ext4_next_entry(de, dir->i_sb->s_blocksize); } return count; } -- 2.34.1

1 year, 6 months

2
2
0 0

[PATCH 1/2] ext4: Verify dir block before splitting it

by Jan Kara

Before splitting a directory block verify its directory entries are sane so that the splitting code does not access memory it should not. CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/ext4/namei.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index 767b4bfe39c3..ca6ee9940599 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -277,9 +277,9 @@ static struct dx_frame *dx_probe(struct ext4_filename *fname, struct dx_hash_info *hinfo, struct dx_frame *frame); static void dx_release(struct dx_frame *frames); -static int dx_make_map(struct inode *dir, struct ext4_dir_entry_2 *de, - unsigned blocksize, struct dx_hash_info *hinfo, - struct dx_map_entry map[]); +static int dx_make_map(struct inode *dir, struct buffer_head *bh, + struct dx_hash_info *hinfo, + struct dx_map_entry *map_tail); static void dx_sort_map(struct dx_map_entry *map, unsigned count); static struct ext4_dir_entry_2 *dx_move_dirents(struct inode *dir, char *from, char *to, struct dx_map_entry *offsets, @@ -1249,15 +1249,23 @@ static inline int search_dirblock(struct buffer_head *bh, * Create map of hash values, offsets, and sizes, stored at end of block. * Returns number of entries mapped. */ -static int dx_make_map(struct inode *dir, struct ext4_dir_entry_2 *de, - unsigned blocksize, struct dx_hash_info *hinfo, +static int dx_make_map(struct inode *dir, struct buffer_head *bh, + struct dx_hash_info *hinfo, struct dx_map_entry *map_tail) { int count = 0; - char *base = (char *) de; + struct ext4_dir_entry_2 *de = (struct ext4_dir_entry_2 *)bh->b_data; + unsigned int buflen = bh->b_size; + char *base = bh->b_data; struct dx_hash_info h = *hinfo; - while ((char *) de < base + blocksize) { + if (ext4_has_metadata_csum(dir->i_sb)) + buflen -= sizeof(struct ext4_dir_entry_tail); + + while ((char *) de < base + buflen) { + if (ext4_check_dir_entry(dir, NULL, de, bh, base, buflen, + ((char *)de) - base)) + return -EFSCORRUPTED; if (de->name_len && de->inode) { if (ext4_hash_in_dirent(dir)) h.hash = EXT4_DIRENT_HASH(de); @@ -1270,7 +1278,6 @@ static int dx_make_map(struct inode *dir, struct ext4_dir_entry_2 *de, count++; cond_resched(); } - /* XXX: do we need to check rec_len == 0 case? -Chris */ de = ext4_next_entry(de, blocksize); } return count; @@ -1943,8 +1950,11 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir, /* create map in the end of data2 block */ map = (struct dx_map_entry *) (data2 + blocksize); - count = dx_make_map(dir, (struct ext4_dir_entry_2 *) data1, - blocksize, hinfo, map); + count = dx_make_map(dir, *bh, hinfo, map); + if (count < 0) { + err = count; + goto journal_error; + } map -= count; dx_sort_map(map, count); /* Ensure that neither split block is over half full */ -- 2.34.1

1 year, 6 months

2
2
0 0

[PATCH] cgroup/cpuset: Remove redundant cpu/node masks setup in cpuset_init_smp()

by Waiman Long

There are 3 places where the cpu and node masks of the top cpuset can be initialized in the order they are executed: 1) start_kernel -> cpuset_init() 2) start_kernel -> cgroup_init() -> cpuset_bind() 3) kernel_init_freeable() -> do_basic_setup() -> cpuset_init_smp() The first cpuset_init() function just sets all the bits in the masks. The last one executed is cpuset_init_smp() which sets up cpu and node masks suitable for v1, but not v2. cpuset_bind() does the right setup for both v1 and v2 assuming that effective_mems and effective_cpus have been set up properly which is not strictly the case here. As a result, cpu and memory node hot add may fail to update the cpu and node masks of the top cpuset to include the newly added cpu or node in a cgroup v2 environment. To fix this problem, the redundant cpus_allowed and mems_allowed mask setup in cpuset_init_smp() are removed. The effective_cpus and effective_mems setup there are moved to cpuset_bind(). cc: stable(a)vger.kernel.org Signed-off-by: Waiman Long <longman(a)redhat.com> --- kernel/cgroup/cpuset.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index 9390bfd9f1cd..a2e15a43397e 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -2961,6 +2961,9 @@ static void cpuset_bind(struct cgroup_subsys_state *root_css) percpu_down_write(&cpuset_rwsem); spin_lock_irq(&callback_lock); + cpumask_copy(top_cpuset.effective_cpus, cpu_active_mask); + top_cpuset.effective_mems = node_states[N_MEMORY]; + if (is_in_v2_mode()) { cpumask_copy(top_cpuset.cpus_allowed, cpu_possible_mask); top_cpuset.mems_allowed = node_possible_map; @@ -3390,13 +3393,6 @@ static struct notifier_block cpuset_track_online_nodes_nb = { */ void __init cpuset_init_smp(void) { - cpumask_copy(top_cpuset.cpus_allowed, cpu_active_mask); - top_cpuset.mems_allowed = node_states[N_MEMORY]; - top_cpuset.old_mems_allowed = top_cpuset.mems_allowed; - - cpumask_copy(top_cpuset.effective_cpus, cpu_active_mask); - top_cpuset.effective_mems = node_states[N_MEMORY]; - register_hotmemory_notifier(&cpuset_track_online_nodes_nb); cpuset_migrate_mm_wq = alloc_ordered_workqueue("cpuset_migrate_mm", 0); -- 2.27.0

1 year, 6 months

3
4
0 0

[PATCH v4 RESEND] efi: Do not import certificates from UEFI Secure Boot for T2 Macs

by Aditya Garg

From: Aditya Garg <gargaditya08(a)live.com> On T2 Macs, the secure boot is handled by the T2 Chip. If enabled, only macOS and Windows are allowed to boot on these machines. Moreover, loading UEFI Secure Boot certificates is not supported on these machines on Linux. An attempt to do so causes a crash with the following logs :- Call Trace: <TASK> page_fault_oops+0x4f/0x2c0 ? search_bpf_extables+0x6b/0x80 ? search_module_extables+0x50/0x80 ? search_exception_tables+0x5b/0x60 kernelmode_fixup_or_oops+0x9e/0x110 __bad_area_nosemaphore+0x155/0x190 bad_area_nosemaphore+0x16/0x20 do_kern_addr_fault+0x8c/0xa0 exc_page_fault+0xd8/0x180 asm_exc_page_fault+0x1e/0x30 (Removed some logs from here) ? __efi_call+0x28/0x30 ? switch_mm+0x20/0x30 ? efi_call_rts+0x19a/0x8e0 ? process_one_work+0x222/0x3f0 ? worker_thread+0x4a/0x3d0 ? kthread+0x17a/0x1a0 ? process_one_work+0x3f0/0x3f0 ? set_kthread_struct+0x40/0x40 ? ret_from_fork+0x22/0x30 </TASK> ---[ end trace 1f82023595a5927f ]--- efi: Froze efi_rts_wq and disabled EFI Runtime Services integrity: Couldn't get size: 0x8000000000000015 integrity: MODSIGN: Couldn't get UEFI db list efi: EFI Runtime Services are disabled! integrity: Couldn't get size: 0x8000000000000015 integrity: Couldn't get UEFI dbx list integrity: Couldn't get size: 0x8000000000000015 integrity: Couldn't get mokx list integrity: Couldn't get size: 0x80000000 As a result of not being able to read or load certificates, secure boot cannot be enabled. This patch prevents querying of these UEFI variables, since these Macs seem to use a non-standard EFI hardware. Cc: stable(a)vger.kernel.org Signed-off-by: Aditya Garg <gargaditya08(a)live.com> --- v2 :- Reduce code size of the table. v3 :- Close the brackets which were left open by mistake. v4 :- Fix comment style issues, remove blank spaces and limit use of dmi_first_match() v4 RESEND :- Add stable to cc .../platform_certs/keyring_handler.h | 8 +++++ security/integrity/platform_certs/load_uefi.c | 35 +++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/security/integrity/platform_certs/keyring_handler.h b/security/integrity/platform_certs/keyring_handler.h index 284558f30..212d894a8 100644 --- a/security/integrity/platform_certs/keyring_handler.h +++ b/security/integrity/platform_certs/keyring_handler.h @@ -35,3 +35,11 @@ efi_element_handler_t get_handler_for_mok(const efi_guid_t *sig_type); efi_element_handler_t get_handler_for_dbx(const efi_guid_t *sig_type); #endif + +#ifndef UEFI_QUIRK_SKIP_CERT +#define UEFI_QUIRK_SKIP_CERT(vendor, product) \ + .matches = { \ + DMI_MATCH(DMI_BOARD_VENDOR, vendor), \ + DMI_MATCH(DMI_PRODUCT_NAME, product), \ + }, +#endif diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c index 5f45c3c07..c3393b2b1 100644 --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c @@ -3,6 +3,7 @@ #include <linux/kernel.h> #include <linux/sched.h> #include <linux/cred.h> +#include <linux/dmi.h> #include <linux/err.h> #include <linux/efi.h> #include <linux/slab.h> @@ -12,6 +13,33 @@ #include "../integrity.h" #include "keyring_handler.h" +/* + * Apple Macs with T2 Security chip seem to be using a non standard + * implementation of Secure Boot. For Linux to run on these machines + * Secure Boot needs to be turned off, since the T2 Chip manages + * Secure Boot and doesn't allow OS other than macOS or Windows to + * boot. If turned off, an attempt to get certificates causes a crash, + * so we simply prevent doing the same. + */ +static const struct dmi_system_id uefi_skip_cert[] = { + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,1") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,2") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,3") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,4") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,1") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,2") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,3") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,4") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,1") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,2") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir9,1") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacMini8,1") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacPro7,1") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,1") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,2") }, + { } +}; + /* * Look to see if a UEFI variable called MokIgnoreDB exists and return true if * it does. @@ -138,6 +166,13 @@ static int __init load_uefi_certs(void) unsigned long dbsize = 0, dbxsize = 0, mokxsize = 0; efi_status_t status; int rc = 0; + const struct dmi_system_id *dmi_id; + + dmi_id = dmi_first_match(uefi_skip_cert); + if (dmi_id) { + pr_err("Getting UEFI Secure Boot Certs is not supported on T2 Macs.\n"); + return false; + } if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) return false; -- 2.25.1

1 year, 6 months

2
13
0 0

[PATCH] f2fs: fix to do sanity check for inline inode

by Chao Yu

As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215895 I have encountered a bug in F2FS file system in kernel v5.17. The kernel message is shown below: kernel BUG at fs/inode.c:611! Call Trace: evict+0x282/0x4e0 __dentry_kill+0x2b2/0x4d0 dput+0x2dd/0x720 do_renameat2+0x596/0x970 __x64_sys_rename+0x78/0x90 do_syscall_64+0x3b/0x90 The root cause is: fuzzed inode has both inline_data flag and encrypted flag, so after it was deleted by rename(), during f2fs_evict_inode(), it will cause inline data conversion due to flags confilction, then page cache will be polluted and trigger panic in clear_inode(). This patch tries to fix the issue by do more sanity checks for inline data inode in sanity_check_inode(). Cc: stable(a)vger.kernel.org Reported-by: Ming Yan <yanming(a)tju.edu.cn> Signed-off-by: Chao Yu <chao.yu(a)oppo.com> --- fs/f2fs/f2fs.h | 7 +++++++ fs/f2fs/inode.c | 3 +-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 27aa93caec06..64c511b498cc 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4173,6 +4173,13 @@ static inline void f2fs_set_encrypted_inode(struct inode *inode) */ static inline bool f2fs_post_read_required(struct inode *inode) { + /* + * used by sanity_check_inode(), when disk layout fields has not + * been synchronized to inmem fields. + */ + if (file_is_encrypt(inode) || file_is_verity(inode) || + F2FS_I(inode)->i_flags & F2FS_COMPR_FL) + return true; return f2fs_encrypted_file(inode) || fsverity_active(inode) || f2fs_compressed_file(inode); } diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 83639238a1fe..234b8ed02644 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -276,8 +276,7 @@ static bool sanity_check_inode(struct inode *inode, struct page *node_page) } } - if (f2fs_has_inline_data(inode) && - (!S_ISREG(inode->i_mode) && !S_ISLNK(inode->i_mode))) { + if (f2fs_has_inline_data(inode) && !f2fs_may_inline_data(inode)) { set_sbi_flag(sbi, SBI_NEED_FSCK); f2fs_warn(sbi, "%s: inode (ino=%lx, mode=%u) should not have inline_data, run fsck to fix", __func__, inode->i_ino, inode->i_mode); -- 2.25.1

1 year, 6 months

2
8
0 0

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2022