February 2023 - Linux-stable-mirror

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.166 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-kernel-oops_count | 6 Documentation/ABI/testing/sysfs-kernel-warn_count | 6 Documentation/admin-guide/sysctl/kernel.rst | 19 Makefile | 2 arch/alpha/kernel/traps.c | 6 arch/alpha/mm/fault.c | 2 arch/arm/boot/dts/imx6qdl-gw560x.dtsi | 1 arch/arm/boot/dts/imx6ul-pico-dwarf.dts | 2 arch/arm/boot/dts/imx7d-pico-dwarf.dts | 4 arch/arm/boot/dts/imx7d-pico-nymph.dts | 4 arch/arm/boot/dts/sam9x60.dtsi | 2 arch/arm/kernel/traps.c | 2 arch/arm/mach-imx/cpu-imx25.c | 1 arch/arm/mach-imx/cpu-imx27.c | 1 arch/arm/mach-imx/cpu-imx31.c | 1 arch/arm/mach-imx/cpu-imx35.c | 1 arch/arm/mach-imx/cpu-imx5.c | 1 arch/arm/mm/fault.c | 2 arch/arm/mm/nommu.c | 2 arch/arm64/boot/dts/freescale/imx8mm-beacon-baseboard.dtsi | 4 arch/arm64/kernel/traps.c | 2 arch/arm64/mm/fault.c | 2 arch/csky/abiv1/alignment.c | 2 arch/csky/kernel/traps.c | 2 arch/h8300/kernel/traps.c | 3 arch/h8300/mm/fault.c | 2 arch/hexagon/kernel/traps.c | 2 arch/ia64/Kconfig | 2 arch/ia64/kernel/mca_drv.c | 2 arch/ia64/kernel/traps.c | 2 arch/ia64/mm/fault.c | 2 arch/m68k/kernel/traps.c | 2 arch/m68k/mm/fault.c | 2 arch/microblaze/kernel/exceptions.c | 4 arch/mips/kernel/traps.c | 2 arch/nds32/kernel/fpu.c | 2 arch/nds32/kernel/traps.c | 8 arch/nios2/kernel/traps.c | 4 arch/openrisc/kernel/traps.c | 2 arch/parisc/kernel/traps.c | 2 arch/powerpc/kernel/traps.c | 2 arch/riscv/kernel/traps.c | 2 arch/riscv/mm/fault.c | 2 arch/s390/include/asm/debug.h | 6 arch/s390/kernel/dumpstack.c | 2 arch/s390/kernel/nmi.c | 2 arch/s390/kvm/interrupt.c | 12 arch/sh/kernel/traps.c | 2 arch/sparc/kernel/traps_32.c | 4 arch/sparc/kernel/traps_64.c | 4 arch/x86/entry/entry_32.S | 6 arch/x86/entry/entry_64.S | 6 arch/x86/events/amd/core.c | 2 arch/x86/kernel/acpi/cstate.c | 15 arch/x86/kernel/dumpstack.c | 4 arch/x86/kernel/i8259.c | 1 arch/x86/kernel/irqinit.c | 4 arch/x86/kvm/vmx/vmx.c | 21 arch/xtensa/kernel/traps.c | 2 block/blk-core.c | 4 drivers/base/test/test_async_driver_probe.c | 2 drivers/clk/clk-devres.c | 91 ++ drivers/cpufreq/armada-37xx-cpufreq.c | 2 drivers/cpufreq/cpufreq-dt-platdev.c | 1 drivers/dma/dmaengine.c | 7 drivers/dma/xilinx/xilinx_dma.c | 4 drivers/edac/edac_device.c | 15 drivers/edac/highbank_mc_edac.c | 7 drivers/edac/qcom_edac.c | 5 drivers/firmware/arm_scmi/shmem.c | 9 drivers/gpio/gpio-mxc.c | 2 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/nouveau/nouveau_bo.c | 9 drivers/gpu/drm/panfrost/Kconfig | 3 drivers/hid/hid-betopff.c | 17 drivers/hid/hid-bigbenff.c | 5 drivers/hid/hid-core.c | 4 drivers/hid/hid-ids.h | 1 drivers/hid/hid-quirks.c | 1 drivers/hid/intel-ish-hid/ishtp/dma-if.c | 10 drivers/i2c/busses/i2c-designware-common.c | 11 drivers/i2c/busses/i2c-designware-platdrv.c | 5 drivers/infiniband/core/verbs.c | 7 drivers/infiniband/hw/hfi1/user_exp_rcv.c | 200 ++++-- drivers/infiniband/hw/hfi1/user_exp_rcv.h | 3 drivers/input/mouse/synaptics.c | 1 drivers/memory/atmel-sdramc.c | 6 drivers/memory/mvebu-devbus.c | 3 drivers/net/dsa/microchip/ksz9477.c | 4 drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 23 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 24 drivers/net/ethernet/amd/xgbe/xgbe.h | 2 drivers/net/ethernet/broadcom/tg3.c | 8 drivers/net/ethernet/cadence/macb_main.c | 9 drivers/net/ethernet/mellanox/mlx5/core/main.c | 8 drivers/net/ethernet/renesas/ravb_main.c | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/mdio/mdio-mux-meson-g12a.c | 23 drivers/net/phy/mdio_bus.c | 7 drivers/net/usb/sr9700.c | 2 drivers/net/wan/fsl_ucc_hdlc.c | 6 drivers/net/wireless/rndis_wlan.c | 19 drivers/nvme/host/pci.c | 2 drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 4 drivers/phy/ti/Kconfig | 4 drivers/platform/x86/asus-nb-wmi.c | 1 drivers/platform/x86/touchscreen_dmi.c | 25 drivers/scsi/hisi_sas/hisi_sas_main.c | 2 drivers/scsi/hpsa.c | 2 drivers/scsi/scsi_transport_iscsi.c | 50 + drivers/soc/qcom/cpr.c | 6 drivers/spi/spidev.c | 2 drivers/thermal/intel/int340x_thermal/int340x_thermal_zone.c | 28 drivers/thermal/intel/int340x_thermal/int340x_thermal_zone.h | 1 drivers/usb/gadget/function/f_fs.c | 7 drivers/usb/host/xhci.c | 2 drivers/w1/w1.c | 6 drivers/w1/w1_int.c | 5 fs/affs/file.c | 2 fs/cifs/smbdirect.c | 1 fs/nfsd/netns.h | 6 fs/nfsd/nfs4state.c | 8 fs/nfsd/nfsctl.c | 14 fs/nfsd/nfsd.h | 3 fs/nfsd/nfssvc.c | 35 + fs/proc/proc_sysctl.c | 33 fs/reiserfs/super.c | 6 include/linux/clk.h | 109 +++ include/linux/kernel.h | 7 include/linux/sched/task.h | 1 include/linux/sysctl.h | 3 include/linux/units.h | 20 include/net/sch_generic.h | 7 include/net/sock.h | 2 include/scsi/scsi_transport_iscsi.h | 9 include/uapi/linux/netfilter/nf_conntrack_sctp.h | 2 include/uapi/linux/netfilter/nfnetlink_cttimeout.h | 2 kernel/bpf/verifier.c | 4 kernel/exit.c | 72 ++ kernel/kcsan/kcsan-test.c | 7 kernel/kcsan/report.c | 4 kernel/module.c | 26 kernel/panic.c | 90 ++ kernel/sched/core.c | 3 kernel/sysctl.c | 11 kernel/trace/trace.c | 2 kernel/trace/trace.h | 1 kernel/trace/trace_events_hist.c | 2 kernel/trace/trace_output.c | 3 lib/lockref.c | 1 lib/nlattr.c | 3 lib/ubsan.c | 11 mm/kasan/report.c | 12 net/bluetooth/hci_core.c | 1 net/core/net_namespace.c | 2 net/ipv4/fib_semantics.c | 2 net/ipv4/inet_hashtables.c | 17 net/ipv4/inet_timewait_sock.c | 8 net/ipv4/metrics.c | 2 net/ipv4/tcp.c | 2 net/l2tp/l2tp_core.c | 116 +-- net/netfilter/nf_conntrack_proto_sctp.c | 118 +-- net/netfilter/nf_conntrack_proto_tcp.c | 10 net/netfilter/nf_conntrack_standalone.c | 8 net/netfilter/nft_set_rbtree.c | 332 ++++++---- net/netlink/af_netlink.c | 38 - net/netrom/nr_timer.c | 1 net/nfc/llcp_core.c | 1 net/sched/sch_taprio.c | 2 net/sctp/bind_addr.c | 6 scripts/tracing/ftrace-bisect.sh | 34 - security/tomoyo/Makefile | 2 sound/soc/fsl/fsl-asoc-card.c | 8 sound/soc/fsl/fsl_micfil.c | 16 sound/soc/fsl/fsl_ssi.c | 4 tools/gpio/gpio-event-mon.c | 1 tools/objtool/check.c | 3 tools/testing/selftests/bpf/prog_tests/jeq_infer_not_null.c | 9 tools/testing/selftests/bpf/progs/jeq_infer_not_null_fail.c | 42 - tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic_event_syntax_errors.tc | 35 - 180 files changed, 1529 insertions(+), 764 deletions(-) Adam Ford (1): arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux Alexander Potapenko (1): affs: initialize fsdata in affs_truncate() Alexey V. Vissarionov (1): scsi: hpsa: Fix allocation size for scsi_host_alloc() Andy Shevchenko (2): units: Add SI metric prefix definitions i2c: designware: Use DIV_ROUND_CLOSEST() macro Archie Pusaka (1): Bluetooth: hci_sync: cancel cmd_timer if hci_open failed Arnd Bergmann (1): drm/panfrost: fix GENERIC_ATOMIC64 dependency Bartosz Golaszewski (1): spi: spidev: remove debug messages that access spidev->spi without locking Chancel Liu (1): ASoC: fsl_micfil: Correct the number of steps on SX controls Chen Zhongjin (1): driver core: Fix test_async_probe_init saves device in wrong array Christoph Hellwig (1): block: fix and cleanup bio_check_ro Christophe JAILLET (1): PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() Claudiu Beznea (1): ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 Colin Ian King (1): perf/x86/amd: fix potential integer overflow on shift of a int Cong Wang (2): l2tp: convert l2tp_tunnel_list to idr l2tp: close all race conditions in l2tp_tunnel_register() Cristian Marussi (2): firmware: arm_scmi: Harden shared memory access in fetch_response firmware: arm_scmi: Harden shared memory access in fetch_notification Daniel Lezcano (1): units: Add Watt units Dario Binacchi (1): ARM: imx: add missing of_node_put() David Christensen (1): net/tg3: resolve deadlock in tg3_reset_task() during EEH David Howells (1): cifs: Fix oops due to uncleared server->smbd_conn in reconnect David Morley (1): tcp: fix rate_app_limited to default to 1 Dean Luick (5): IB/hfi1: Reject a zero-length user expected buffer IB/hfi1: Reserve user expected TIDs IB/hfi1: Fix expected receive setup error exit issues IB/hfi1: Immediately remove invalid memory from hardware IB/hfi1: Remove user expected buffer invalidate race Deepak Sharma (1): x86: ACPI: cstate: Optimize C3 entry on AMD CPUs Dmitry Torokhov (1): Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" Dongliang Mu (1): fs: reiserfs: remove useless new_opts in reiserfs_remount Eric Dumazet (9): net/sched: sch_taprio: fix possible use-after-free l2tp: prevent lockdep issue in l2tp_tunnel_register() netlink: prevent potential spectre v1 gadgets netlink: annotate data races around nlk->portid netlink: annotate data races around dst_portid and dst_group netlink: annotate data races around sk_state ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() ipv4: prevent potential spectre v1 gadget in fib_metrics_match() net/sched: sch_taprio: do not schedule in taprio_reset() Eric W. Biederman (2): exit: Add and use make_task_dead. objtool: Add a missing comma to avoid string concatenation Esina Ekaterina (1): net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs Fabio Estevam (3): ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' ARM: dts: imx7d-pico: Use 'clock-frequency' ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' Florian Westphal (1): netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state Gaosheng Cui (2): memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() Giulio Benetti (1): ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment Greg Kroah-Hartman (1): Linux 5.10.166 Hans de Goede (1): platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK Heiko Carstens (1): KVM: s390: interrupt: use READ_ONCE() before cmpxchg() Heiner Kallweit (2): net: mdio: validate parameter addr in mdiobus_get_phy() net: stmmac: fix invalid call to mdiobus_get_phy() Hendrik Borghorst (1): KVM: x86/vmx: Do not skip segment attributes if unusable bit is set Ivo Borisov Shopov (1): tools: gpio: fix -c option of gpio-event-mon Jakub Sitnicki (2): l2tp: Serialize access to sk_user_data with sk_callback_lock l2tp: Don't sleep and disable BH under writer-side sk_callback_lock Jann Horn (1): exit: Put an upper limit on how often we can oops Jason Xing (1): tcp: avoid the lookup process failing to get sk in ehash table Jerome Brunet (1): net: mdio-mux-meson-g12a: force internal PHY off on mux switch Jiasheng Jiang (1): HID: intel_ish-hid: Add check for ishtp_dma_tx_map Jiri Kosina (1): HID: revert CHERRY_MOUSE_000C quirk Jisoo Jang (1): net: nfc: Fix use-after-free in local_cleanup() Karol Herbst (1): nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf Kees Cook (8): panic: Separate sysctl logic from CONFIG_SMP exit: Expose "oops_count" to sysfs exit: Allow oops_limit to be disabled panic: Consolidate open-coded panic_on_warn checks panic: Introduce warn_limit panic: Expose "warn_count" to sysfs docs: Fix path paste-o for /sys/kernel/warn_count exit: Use READ_ONCE() for all oops/warn limit reads Keith Busch (1): nvme-pci: fix timeout request state check Kishon Vijay Abraham I (1): xhci: Set HCD flag to defer primary roothub registration Koba Ko (1): dmaengine: Fix double increment of client_count in dma_chan_get() Kuniyuki Iwashima (1): netrom: Fix use-after-free of a listening socket. Lareine Khawaly (1): i2c: designware: use casting of u64 in clock multiplication to avoid overflow Liu Shixin (1): dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() Luis Gerhorst (1): bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation Manivannan Sadhasivam (2): EDAC/device: Respect any driver-supplied workqueue polling value EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info Marcelo Ricardo Leitner (1): sctp: fail if no bound addresses can be used for a given scope Marek Vasut (1): gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode Mark Brown (2): ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets Masahiro Yamada (1): tomoyo: fix broken dependency on *.conf.default Mateusz Guzik (1): lockref: stop doing cpu_relax in the cmpxchg loop Max Filippov (1): kcsan: test: don't put the expect array on the stack Miaoqian Lin (1): EDAC/highbank: Fix memory leak in highbank_mc_probe() Michael Klein (1): platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD Miles Chen (1): cpufreq: armada-37xx: stop using 0 as NULL pointer Natalia Petrova (1): trace_events_hist: add check for return value of 'create_hist_field' Nathan Chancellor (3): hexagon: Fix function name in die() h8300: Fix build errors from do_exit() to make_task_dead() transition csky: Fix function name in csky_alignment() and die() Niklas Schnelle (1): s390/debug: add _ASM_S390_ prefix to header guard Pablo Neira Ayuso (2): netfilter: nft_set_rbtree: Switch to node list walk for overlap detection netfilter: nft_set_rbtree: skip elements in transaction from garbage collection Paolo Abeni (1): net: fix UaF in netns ops registration error path Patrick Thompson (1): drm: Add orientation quirk for Lenovo ideapad D330-10IGL Petr Pavlu (1): module: Don't wait for GOING modules Pietro Borrello (3): HID: check empty report_list in hid_validate_values() HID: check empty report_list in bigben_probe() HID: betop: check shape of output reports Rafael J. Wysocki (1): thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() Raju Rangoju (2): amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent amd-xgbe: Delay AN timeout during KR training Rakesh Sankaranarayanan (1): net: dsa: microchip: ksz9477: port map correction in ALU table entry register Randy Dunlap (3): phy: ti: fix Kconfig warning and operator precedence net: mlx5: eliminate anonymous module_init & module_exit ia64: make IA64_MCA_RECOVERY bool instead of tristate Robert Hancock (1): net: macb: fix PTP TX timestamp failure due to packet padding Sasha Levin (1): Revert "selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID" Shang XiaoJing (1): phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() Srinivas Pandruvada (1): thermal: intel: int340x: Protect trip temperature from concurrent updates Sriram Yagnaraman (2): netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE netfilter: conntrack: unify established states for SCTP paths Steven Rostedt (Google) (2): tracing: Make sure trace_printk() can output as soon as it can be used ftrace/scripts: Update the instructions for ftrace-bisect.sh Sumit Gupta (1): cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist Szymon Heidrich (2): wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid net: usb: sr9700: Handle negative len Thomas Gleixner (1): x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL Tiezhu Yang (3): panic: unset panic_on_warn inside panic() ubsan: no need to unset panic_on_warn in ubsan_epilogue() kasan: no need to unset panic_on_warn in end_report() Trond Myklebust (1): nfsd: Ensure knfsd shuts down when the "nfsd" pseudofs is unmounted Udipto Goswami (2): usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait usb: gadget: f_fs: Ensure ep0req is dequeued before free_request Uwe Kleine-König (3): clk: generalize devm_clk_get() a bit clk: Provide new devm_clk helpers for prepared and enabled clocks clk: Fix pointer casting to prevent oops in devm_clk_release() Wenchao Hao (1): scsi: iscsi: Fix multiple iSCSI session unbind events sent to userspace Xiaoming Ni (1): sysctl: add a new register_sysctl_init() interface Yang Yingliang (2): w1: fix deadloop in __w1_remove_master_device() w1: fix WARNING after calling w1_process() Yihang Li (1): scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id Yonatan Nachum (1): RDMA/core: Fix ib block iterator counter overflow Yoshihiro Shimoda (1): net: ravb: Fix possible hang if RIS2_QFF1 happen Zheng Yejian (1): Revert "selftests/ftrace: Update synthetic event syntax errors" tangmeng (1): kernel/panic: move panic sysctls to its own file

10 months

1
1
0 0

[PATCH 0/2] serial: 8250_dma: DMA Rx race fixes

by Ilpo Järvinen

Fix two races in DMA Rx completion and rearm handling. I know in advance that the first patch will not be backport friendly because of commit 56dc5074cbec ("serial: 8250_dma: Rearm DMA Rx if more data is pending") that is not even in 6.1 but I can create the custom backport on request. Cc: stable(a)vger.kernel.org Ilpo Järvinen (2): serial: 8250_dma: Fix DMA Rx completion race serial: 8250_dma: Fix DMA Rx rearm race drivers/tty/serial/8250/8250_dma.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) -- 2.30.2

10 months

2
4
0 0

[PATCH] mtd: spi-nor: spansion: Keep CFR5V[6] as 1 in Octal DTR enable/disable

by tkuw584924＠gmail.com

From: Takahiro Kuwano <Takahiro.Kuwano(a)infineon.com> CFR5V[6] is reserved bit and must always be 1. Fixes: c3266af101f2 ("mtd: spi-nor: spansion: add support for Cypress Semper flash") Signed-off-by: Takahiro Kuwano <Takahiro.Kuwano(a)infineon.com> Cc: stable(a)vger.kernel.org --- drivers/mtd/spi-nor/spansion.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/spi-nor/spansion.c b/drivers/mtd/spi-nor/spansion.c index b621cdfd506f..4e094a432d29 100644 --- a/drivers/mtd/spi-nor/spansion.c +++ b/drivers/mtd/spi-nor/spansion.c @@ -21,8 +21,8 @@ #define SPINOR_REG_CYPRESS_CFR3V 0x00800004 #define SPINOR_REG_CYPRESS_CFR3V_PGSZ BIT(4) /* Page size. */ #define SPINOR_REG_CYPRESS_CFR5V 0x00800006 -#define SPINOR_REG_CYPRESS_CFR5V_OCT_DTR_EN 0x3 -#define SPINOR_REG_CYPRESS_CFR5V_OCT_DTR_DS 0 +#define SPINOR_REG_CYPRESS_CFR5V_OCT_DTR_EN 0x43 +#define SPINOR_REG_CYPRESS_CFR5V_OCT_DTR_DS 0x40 #define SPINOR_OP_CYPRESS_RD_FAST 0xee /* Cypress SPI NOR flash operations. */ -- 2.25.1

10 months

5
13
0 0

Money Sent

by customerfeedback＠paycom.com

Working as a personal assistant for a businessman who is establishing a new location of his company in your city will pay you $750 a week. You will primarily work from home, and you will receive sufficient training and training materials to improve your ability to deliver services accurately and without stress. Please fill out the google application for if you are interested in working as a personal assistant part-time for $750 weekly docs.google.com/forms/d/e/1FAIpQLSev9NsI0Yej9ewR2JyVf_WxNcQvBrEtWeNrD57fBoJ…

10 months

1
0
0 0

[PATCH v7 1/2] ceph: move mount state enum to fs/ceph/super.h

by xiubli＠redhat.com

From: Xiubo Li <xiubli(a)redhat.com> These flags are only used in ceph filesystem in fs/ceph, so just move it to the place it should be. Cc: stable(a)vger.kernel.org URL: https://tracker.ceph.com/issues/57686 Signed-off-by: Xiubo Li <xiubli(a)redhat.com> --- fs/ceph/super.h | 10 ++++++++++ include/linux/ceph/libceph.h | 10 ---------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/fs/ceph/super.h b/fs/ceph/super.h index 0ed3be75bb9a..cd95b426ee00 100644 --- a/fs/ceph/super.h +++ b/fs/ceph/super.h @@ -100,6 +100,16 @@ struct ceph_mount_options { char *mon_addr; }; +/* mount state */ +enum { + CEPH_MOUNT_MOUNTING, + CEPH_MOUNT_MOUNTED, + CEPH_MOUNT_UNMOUNTING, + CEPH_MOUNT_UNMOUNTED, + CEPH_MOUNT_SHUTDOWN, + CEPH_MOUNT_RECOVER, +}; + #define CEPH_ASYNC_CREATE_CONFLICT_BITS 8 struct ceph_fs_client { diff --git a/include/linux/ceph/libceph.h b/include/linux/ceph/libceph.h index 00af2c98da75..4497d0a6772c 100644 --- a/include/linux/ceph/libceph.h +++ b/include/linux/ceph/libceph.h @@ -99,16 +99,6 @@ struct ceph_options { #define CEPH_AUTH_NAME_DEFAULT "guest" -/* mount state */ -enum { - CEPH_MOUNT_MOUNTING, - CEPH_MOUNT_MOUNTED, - CEPH_MOUNT_UNMOUNTING, - CEPH_MOUNT_UNMOUNTED, - CEPH_MOUNT_SHUTDOWN, - CEPH_MOUNT_RECOVER, -}; - static inline unsigned long ceph_timeout_jiffies(unsigned long timeout) { return timeout ?: MAX_SCHEDULE_TIMEOUT; -- 2.31.1

10 months

1
0
0 0

[PATCH v6] ceph: blocklist the kclient when receiving corrupted snap trace

by xiubli＠redhat.com

From: Xiubo Li <xiubli(a)redhat.com> When received corrupted snap trace we don't know what exactly has happened in MDS side. And we shouldn't continue IOs and metadatas access to MDS, which may corrupt or get incorrect contents. This patch will just block all the further IO/MDS requests immediately and then evict the kclient itself. The reason why we still need to evict the kclient just after blocking all the further IOs is that the MDS could revoke the caps faster. Cc: stable(a)vger.kernel.org URL: https://tracker.ceph.com/issues/57686 Reviewed-by: Venky Shankar <vshankar(a)redhat.com> Signed-off-by: Xiubo Li <xiubli(a)redhat.com> --- V6: - switch to ceph_inode_is_shutdown() to check the mount state - fix two debug logs - use the WRITE_ONCE to set the FENCE_IO state V5: - s/CEPH_MOUNT_CORRUPTED/CEPH_MOUNT_FENCE_IO/g V4: - block all the IO/metadata requests before evicting the client. V3: - Fixed ERROR: spaces required around that ':' (ctx:VxW) V2: - Switched to WARN() to taint the Linux kernel. fs/ceph/addr.c | 17 +++++++++++++++-- fs/ceph/caps.c | 17 ++++++++++++++--- fs/ceph/file.c | 9 +++++++++ fs/ceph/mds_client.c | 28 +++++++++++++++++++++++++--- fs/ceph/snap.c | 38 ++++++++++++++++++++++++++++++++++++-- fs/ceph/super.h | 1 + 6 files changed, 100 insertions(+), 10 deletions(-) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 6fb329a70ac1..13d1c24d2f53 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -305,13 +305,18 @@ static void ceph_netfs_issue_read(struct netfs_io_subrequest *subreq) struct inode *inode = rreq->inode; struct ceph_inode_info *ci = ceph_inode(inode); struct ceph_fs_client *fsc = ceph_inode_to_client(inode); - struct ceph_osd_request *req; + struct ceph_osd_request *req = NULL; struct ceph_vino vino = ceph_vino(inode); struct iov_iter iter; int err = 0; u64 len = subreq->len; bool sparse = ceph_test_mount_opt(fsc, SPARSEREAD); + if (ceph_inode_is_shutdown(inode)) { + err = -EIO; + goto out; + } + if (ceph_has_inline_data(ci) && ceph_netfs_issue_op_inline(subreq)) return; @@ -557,6 +562,9 @@ static int writepage_nounlock(struct page *page, struct writeback_control *wbc) dout("writepage %p idx %lu\n", page, page->index); + if (ceph_inode_is_shutdown(inode)) + return -EIO; + /* verify this is a writeable snap context */ snapc = page_snap_context(page); if (!snapc) { @@ -1637,7 +1645,7 @@ int ceph_uninline_data(struct file *file) struct ceph_inode_info *ci = ceph_inode(inode); struct ceph_fs_client *fsc = ceph_inode_to_client(inode); struct ceph_osd_request *req = NULL; - struct ceph_cap_flush *prealloc_cf; + struct ceph_cap_flush *prealloc_cf = NULL; struct folio *folio = NULL; u64 inline_version = CEPH_INLINE_NONE; struct page *pages[1]; @@ -1651,6 +1659,11 @@ int ceph_uninline_data(struct file *file) dout("uninline_data %p %llx.%llx inline_version %llu\n", inode, ceph_vinop(inode), inline_version); + if (ceph_inode_is_shutdown(inode)) { + err = -EIO; + goto out; + } + if (inline_version == CEPH_INLINE_NONE) return 0; diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c index 948136f81fc8..5230ab64fff0 100644 --- a/fs/ceph/caps.c +++ b/fs/ceph/caps.c @@ -4134,6 +4134,7 @@ void ceph_handle_caps(struct ceph_mds_session *session, void *p, *end; struct cap_extra_info extra_info = {}; bool queue_trunc; + bool close_sessions = false; dout("handle_caps from mds%d\n", session->s_mds); @@ -4275,9 +4276,13 @@ void ceph_handle_caps(struct ceph_mds_session *session, realm = NULL; if (snaptrace_len) { down_write(&mdsc->snap_rwsem); - ceph_update_snap_trace(mdsc, snaptrace, - snaptrace + snaptrace_len, - false, &realm); + if (ceph_update_snap_trace(mdsc, snaptrace, + snaptrace + snaptrace_len, + false, &realm)) { + up_write(&mdsc->snap_rwsem); + close_sessions = true; + goto done; + } downgrade_write(&mdsc->snap_rwsem); } else { down_read(&mdsc->snap_rwsem); @@ -4341,6 +4346,11 @@ void ceph_handle_caps(struct ceph_mds_session *session, iput(inode); out: ceph_put_string(extra_info.pool_ns); + + /* Defer closing the sessions after s_mutex lock being released */ + if (close_sessions) + ceph_mdsc_close_sessions(mdsc); + return; flush_cap_releases: @@ -4350,6 +4360,7 @@ void ceph_handle_caps(struct ceph_mds_session *session, * cap). */ ceph_flush_cap_releases(mdsc, session); + goto done; bad: diff --git a/fs/ceph/file.c b/fs/ceph/file.c index 59c89c436185..1ba3c07e242b 100644 --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -976,6 +976,9 @@ static ssize_t ceph_sync_read(struct kiocb *iocb, struct iov_iter *to, dout("sync_read on file %p %llu~%u %s\n", file, off, (unsigned)len, (file->f_flags & O_DIRECT) ? "O_DIRECT" : ""); + if (ceph_inode_is_shutdown(inode)) + return -EIO; + if (!len) return 0; /* @@ -1342,6 +1345,9 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter, bool should_dirty = !write && user_backed_iter(iter); bool sparse = ceph_test_mount_opt(fsc, SPARSEREAD); + if (ceph_inode_is_shutdown(inode)) + return -EIO; + if (write && ceph_snap(file_inode(file)) != CEPH_NOSNAP) return -EROFS; @@ -2078,6 +2084,9 @@ static int ceph_zero_partial_object(struct inode *inode, loff_t zero = 0; int op; + if (ceph_inode_is_shutdown(inode)) + return -EIO; + if (!length) { op = offset ? CEPH_OSD_OP_DELETE : CEPH_OSD_OP_TRUNCATE; length = &zero; diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index cbbaf334b6b8..b60812707fce 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -957,6 +957,9 @@ static struct ceph_mds_session *register_session(struct ceph_mds_client *mdsc, { struct ceph_mds_session *s; + if (READ_ONCE(mdsc->fsc->mount_state) == CEPH_MOUNT_FENCE_IO) + return ERR_PTR(-EIO); + if (mds >= mdsc->mdsmap->possible_max_rank) return ERR_PTR(-EINVAL); @@ -1632,6 +1635,9 @@ static int __open_session(struct ceph_mds_client *mdsc, int mstate; int mds = session->s_mds; + if (READ_ONCE(mdsc->fsc->mount_state) == CEPH_MOUNT_FENCE_IO) + return -EIO; + /* wait for mds to go active? */ mstate = ceph_mdsmap_get_state(mdsc->mdsmap, mds); dout("open_session to mds%d (%s)\n", mds, @@ -3205,6 +3211,11 @@ static void __do_request(struct ceph_mds_client *mdsc, err = -ETIMEDOUT; goto finish; } + if (READ_ONCE(mdsc->fsc->mount_state) == CEPH_MOUNT_FENCE_IO) { + dout("do_request metadata corrupted\n"); + err = -EIO; + goto finish; + } if (READ_ONCE(mdsc->fsc->mount_state) == CEPH_MOUNT_SHUTDOWN) { dout("do_request forced umount\n"); err = -EIO; @@ -3584,6 +3595,7 @@ static void handle_reply(struct ceph_mds_session *session, struct ceph_msg *msg) u64 tid; int err, result; int mds = session->s_mds; + bool close_sessions = false; if (msg->front.iov_len < sizeof(*head)) { pr_err("mdsc_handle_reply got corrupt (short) reply\n"); @@ -3698,10 +3710,15 @@ static void handle_reply(struct ceph_mds_session *session, struct ceph_msg *msg) realm = NULL; if (rinfo->snapblob_len) { down_write(&mdsc->snap_rwsem); - ceph_update_snap_trace(mdsc, rinfo->snapblob, + err = ceph_update_snap_trace(mdsc, rinfo->snapblob, rinfo->snapblob + rinfo->snapblob_len, le32_to_cpu(head->op) == CEPH_MDS_OP_RMSNAP, &realm); + if (err) { + up_write(&mdsc->snap_rwsem); + close_sessions = true; + goto out_err; + } downgrade_write(&mdsc->snap_rwsem); } else { down_read(&mdsc->snap_rwsem); @@ -3759,6 +3776,10 @@ static void handle_reply(struct ceph_mds_session *session, struct ceph_msg *msg) req->r_end_latency, err); out: ceph_mdsc_put_request(req); + + /* Defer closing the sessions after s_mutex lock being released */ + if (close_sessions) + ceph_mdsc_close_sessions(mdsc); return; } @@ -5358,7 +5379,7 @@ static bool done_closing_sessions(struct ceph_mds_client *mdsc, int skipped) } /* - * called after sb is ro. + * called after sb is ro or when metadata corrupted. */ void ceph_mdsc_close_sessions(struct ceph_mds_client *mdsc) { @@ -5648,7 +5669,8 @@ static void mds_peer_reset(struct ceph_connection *con) struct ceph_mds_client *mdsc = s->s_mdsc; pr_warn("mds%d closed our session\n", s->s_mds); - send_mds_reconnect(mdsc, s); + if (READ_ONCE(mdsc->fsc->mount_state) != CEPH_MOUNT_FENCE_IO) + send_mds_reconnect(mdsc, s); } static void mds_dispatch(struct ceph_connection *con, struct ceph_msg *msg) diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c index c1c452afa84d..3d417ec8da0c 100644 --- a/fs/ceph/snap.c +++ b/fs/ceph/snap.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 #include <linux/ceph/ceph_debug.h> +#include <linux/fs.h> #include <linux/sort.h> #include <linux/slab.h> #include <linux/iversion.h> @@ -767,8 +768,10 @@ int ceph_update_snap_trace(struct ceph_mds_client *mdsc, struct ceph_snap_realm *realm; struct ceph_snap_realm *first_realm = NULL; struct ceph_snap_realm *realm_to_rebuild = NULL; + struct ceph_client *client = mdsc->fsc->client; int rebuild_snapcs; int err = -ENOMEM; + int ret; LIST_HEAD(dirty_realms); lockdep_assert_held_write(&mdsc->snap_rwsem); @@ -885,6 +888,27 @@ int ceph_update_snap_trace(struct ceph_mds_client *mdsc, if (first_realm) ceph_put_snap_realm(mdsc, first_realm); pr_err("%s error %d\n", __func__, err); + + /* + * When receiving a corrupted snap trace we don't know what + * exactly has happened in MDS side. And we shouldn't continue + * writing to OSD, which may corrupt the snapshot contents. + * + * Just try to blocklist this kclient and then this kclient + * must be remounted to continue after the corrupted metadata + * fixed in the MDS side. + */ + WRITE_ONCE(mdsc->fsc->mount_state, CEPH_MOUNT_FENCE_IO); + ret = ceph_monc_blocklist_add(&client->monc, &client->msgr.inst.addr); + if (ret) + pr_err("%s blocklist of %s failed: %d", __func__, + ceph_pr_addr(&client->msgr.inst.addr), ret); + + WARN(1, "%s: %s%s do remount to continue%s", + __func__, ret ? "" : ceph_pr_addr(&client->msgr.inst.addr), + ret ? "" : " was blocklisted,", + err == -EIO ? " after corrupted snaptrace is fixed" : ""); + return err; } @@ -985,6 +1009,7 @@ void ceph_handle_snap(struct ceph_mds_client *mdsc, __le64 *split_inos = NULL, *split_realms = NULL; int i; int locked_rwsem = 0; + bool close_sessions = false; /* decode */ if (msg->front.iov_len < sizeof(*h)) @@ -1093,8 +1118,12 @@ void ceph_handle_snap(struct ceph_mds_client *mdsc, * update using the provided snap trace. if we are deleting a * snap, we can avoid queueing cap_snaps. */ - ceph_update_snap_trace(mdsc, p, e, - op == CEPH_SNAP_OP_DESTROY, NULL); + if (ceph_update_snap_trace(mdsc, p, e, + op == CEPH_SNAP_OP_DESTROY, + NULL)) { + close_sessions = true; + goto bad; + } if (op == CEPH_SNAP_OP_SPLIT) /* we took a reference when we created the realm, above */ @@ -1113,6 +1142,11 @@ void ceph_handle_snap(struct ceph_mds_client *mdsc, out: if (locked_rwsem) up_write(&mdsc->snap_rwsem); + + /* Defer closing the sessions after s_mutex lock being released */ + if (close_sessions) + ceph_mdsc_close_sessions(mdsc); + return; } diff --git a/fs/ceph/super.h b/fs/ceph/super.h index ec1edfae20a0..22086f78732f 100644 --- a/fs/ceph/super.h +++ b/fs/ceph/super.h @@ -111,6 +111,7 @@ enum { CEPH_MOUNT_UNMOUNTED, CEPH_MOUNT_SHUTDOWN, CEPH_MOUNT_RECOVER, + CEPH_MOUNT_FENCE_IO, }; #define CEPH_ASYNC_CREATE_CONFLICT_BITS 8 -- 2.31.1

10 months

4
4
0 0

[merged mm-hotfixes-stable] mm-memcg-fix-null-pointer-in-mem_cgroup_track_foreign_dirty_slowpath.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() has been removed from the -mm tree. Its filename was mm-memcg-fix-null-pointer-in-mem_cgroup_track_foreign_dirty_slowpath.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kefeng Wang <wangkefeng.wang(a)huawei.com> Subject: mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() Date: Sun, 29 Jan 2023 12:09:45 +0800 As commit 18365225f044 ("hwpoison, memcg: forcibly uncharge LRU pages"), hwpoison will forcibly uncharg a LRU hwpoisoned page, the folio_memcg could be NULl, then, mem_cgroup_track_foreign_dirty_slowpath() could occurs a NULL pointer dereference, let's do not record the foreign writebacks for folio memcg is null in mem_cgroup_track_foreign_dirty() to fix it. Link: https://lkml.kernel.org/r/20230129040945.180629-1-wangkefeng.wang@huawei.com Fixes: 97b27821b485 ("writeback, memcg: Implement foreign dirty flushing") Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Reported-by: Ma Wupeng <mawupeng1(a)huawei.com> Tested-by: Miko Larsson <mikoxyzzz(a)gmail.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Ma Wupeng <mawupeng1(a)huawei.com> Cc: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/memcontrol.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/include/linux/memcontrol.h~mm-memcg-fix-null-pointer-in-mem_cgroup_track_foreign_dirty_slowpath +++ a/include/linux/memcontrol.h @@ -1666,10 +1666,13 @@ void mem_cgroup_track_foreign_dirty_slow static inline void mem_cgroup_track_foreign_dirty(struct folio *folio, struct bdi_writeback *wb) { + struct mem_cgroup *memcg; + if (mem_cgroup_disabled()) return; - if (unlikely(&folio_memcg(folio)->css != wb->memcg_css)) + memcg = folio_memcg(folio); + if (unlikely(memcg && &memcg->css != wb->memcg_css)) mem_cgroup_track_foreign_dirty_slowpath(folio, wb); } _ Patches currently in -mm which might be from wangkefeng.wang(a)huawei.com are mm-hwposion-support-recovery-from-ksm_might_need_to_copy.patch mm-hwposion-support-recovery-from-ksm_might_need_to_copy-v3.patch mm-madvise-use-vm_normal_folio-in-madvise_free_pte_range.patch

10 months

1
0
0 0

[merged mm-hotfixes-stable] mm-swapfile-add-cond_resched-in-get_swap_pages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/swapfile: add cond_resched() in get_swap_pages() has been removed from the -mm tree. Its filename was mm-swapfile-add-cond_resched-in-get_swap_pages.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Longlong Xia <xialonglong1(a)huawei.com> Subject: mm/swapfile: add cond_resched() in get_swap_pages() Date: Sat, 28 Jan 2023 09:47:57 +0000 The softlockup still occurs in get_swap_pages() under memory pressure. 64 CPU cores, 64GB memory, and 28 zram devices, the disksize of each zram device is 50MB with same priority as si. Use the stress-ng tool to increase memory pressure, causing the system to oom frequently. The plist_for_each_entry_safe() loops in get_swap_pages() could reach tens of thousands of times to find available space (extreme case: cond_resched() is not called in scan_swap_map_slots()). Let's add cond_resched() into get_swap_pages() when failed to find available space to avoid softlockup. Link: https://lkml.kernel.org/r/20230128094757.1060525-1-xialonglong1@huawei.com Signed-off-by: Longlong Xia <xialonglong1(a)huawei.com> Reviewed-by: "Huang, Ying" <ying.huang(a)intel.com> Cc: Chen Wandun <chenwandun(a)huawei.com> Cc: Huang Ying <ying.huang(a)intel.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/swapfile.c~mm-swapfile-add-cond_resched-in-get_swap_pages +++ a/mm/swapfile.c @@ -1100,6 +1100,7 @@ start_over: goto check_out; pr_debug("scan_swap_map of si %d failed to find offset\n", si->type); + cond_resched(); spin_lock(&swap_avail_lock); nextsi: _ Patches currently in -mm which might be from xialonglong1(a)huawei.com are mm-swapfile-remove-pr_debug-in-get_swap_pages.patch

10 months

1
0
0 0

[merged mm-hotfixes-stable] squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Squashfs: fix handling and sanity checking of xattr_ids count has been removed from the -mm tree. Its filename was squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Phillip Lougher <phillip(a)squashfs.org.uk> Subject: Squashfs: fix handling and sanity checking of xattr_ids count Date: Fri, 27 Jan 2023 06:18:42 +0000 A Sysbot [1] corrupted filesystem exposes two flaws in the handling and sanity checking of the xattr_ids count in the filesystem. Both of these flaws cause computation overflow due to incorrect typing. In the corrupted filesystem the xattr_ids value is 4294967071, which stored in a signed variable becomes the negative number -225. Flaw 1 (64-bit systems only): The signed integer xattr_ids variable causes sign extension. This causes variable overflow in the SQUASHFS_XATTR_*(A) macros. The variable is first multiplied by sizeof(struct squashfs_xattr_id) where the type of the sizeof operator is "unsigned long". On a 64-bit system this is 64-bits in size, and causes the negative number to be sign extended and widened to 64-bits and then become unsigned. This produces the very large number 18446744073709548016 or 2^64 - 3600. This number when rounded up by SQUASHFS_METADATA_SIZE - 1 (8191 bytes) and divided by SQUASHFS_METADATA_SIZE overflows and produces a length of 0 (stored in len). Flaw 2 (32-bit systems only): On a 32-bit system the integer variable is not widened by the unsigned long type of the sizeof operator (32-bits), and the signedness of the variable has no effect due it always being treated as unsigned. The above corrupted xattr_ids value of 4294967071, when multiplied overflows and produces the number 4294963696 or 2^32 - 3400. This number when rounded up by SQUASHFS_METADATA_SIZE - 1 (8191 bytes) and divided by SQUASHFS_METADATA_SIZE overflows again and produces a length of 0. The effect of the 0 length computation: In conjunction with the corrupted xattr_ids field, the filesystem also has a corrupted xattr_table_start value, where it matches the end of filesystem value of 850. This causes the following sanity check code to fail because the incorrectly computed len of 0 matches the incorrect size of the table reported by the superblock (0 bytes). len = SQUASHFS_XATTR_BLOCK_BYTES(*xattr_ids); indexes = SQUASHFS_XATTR_BLOCKS(*xattr_ids); /* * The computed size of the index table (len bytes) should exactly * match the table start and end points */ start = table_start + sizeof(*id_table); end = msblk->bytes_used; if (len != (end - start)) return ERR_PTR(-EINVAL); Changing the xattr_ids variable to be "usigned int" fixes the flaw on a 64-bit system. This relies on the fact the computation is widened by the unsigned long type of the sizeof operator. Casting the variable to u64 in the above macro fixes this flaw on a 32-bit system. It also means 64-bit systems do not implicitly rely on the type of the sizeof operator to widen the computation. [1] https://lore.kernel.org/lkml/000000000000cd44f005f1a0f17f@google.com/ Link: https://lkml.kernel.org/r/20230127061842.10965-1-phillip@squashfs.org.uk Fixes: 506220d2ba21 ("squashfs: add more sanity checks in xattr id lookup") Signed-off-by: Phillip Lougher <phillip(a)squashfs.org.uk> Reported-by: <syzbot+082fa4af80a5bb1a9843(a)syzkaller.appspotmail.com> Cc: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Cc: Fedor Pchelkin <pchelkin(a)ispras.ru> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/squashfs/squashfs_fs.h | 2 +- fs/squashfs/squashfs_fs_sb.h | 2 +- fs/squashfs/xattr.h | 4 ++-- fs/squashfs/xattr_id.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) --- a/fs/squashfs/squashfs_fs.h~squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count +++ a/fs/squashfs/squashfs_fs.h @@ -183,7 +183,7 @@ static inline int squashfs_block_size(__ #define SQUASHFS_ID_BLOCK_BYTES(A) (SQUASHFS_ID_BLOCKS(A) *\ sizeof(u64)) /* xattr id lookup table defines */ -#define SQUASHFS_XATTR_BYTES(A) ((A) * sizeof(struct squashfs_xattr_id)) +#define SQUASHFS_XATTR_BYTES(A) (((u64) (A)) * sizeof(struct squashfs_xattr_id)) #define SQUASHFS_XATTR_BLOCK(A) (SQUASHFS_XATTR_BYTES(A) / \ SQUASHFS_METADATA_SIZE) --- a/fs/squashfs/squashfs_fs_sb.h~squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count +++ a/fs/squashfs/squashfs_fs_sb.h @@ -63,7 +63,7 @@ struct squashfs_sb_info { long long bytes_used; unsigned int inodes; unsigned int fragments; - int xattr_ids; + unsigned int xattr_ids; unsigned int ids; bool panic_on_errors; const struct squashfs_decompressor_thread_ops *thread_ops; --- a/fs/squashfs/xattr.h~squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count +++ a/fs/squashfs/xattr.h @@ -10,12 +10,12 @@ #ifdef CONFIG_SQUASHFS_XATTR extern __le64 *squashfs_read_xattr_id_table(struct super_block *, u64, - u64 *, int *); + u64 *, unsigned int *); extern int squashfs_xattr_lookup(struct super_block *, unsigned int, int *, unsigned int *, unsigned long long *); #else static inline __le64 *squashfs_read_xattr_id_table(struct super_block *sb, - u64 start, u64 *xattr_table_start, int *xattr_ids) + u64 start, u64 *xattr_table_start, unsigned int *xattr_ids) { struct squashfs_xattr_id_table *id_table; --- a/fs/squashfs/xattr_id.c~squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count +++ a/fs/squashfs/xattr_id.c @@ -56,7 +56,7 @@ int squashfs_xattr_lookup(struct super_b * Read uncompressed xattr id lookup table indexes from disk into memory */ __le64 *squashfs_read_xattr_id_table(struct super_block *sb, u64 table_start, - u64 *xattr_table_start, int *xattr_ids) + u64 *xattr_table_start, unsigned int *xattr_ids) { struct squashfs_sb_info *msblk = sb->s_fs_info; unsigned int len, indexes; _ Patches currently in -mm which might be from phillip(a)squashfs.org.uk are

10 months

1
0
0 0

[merged mm-hotfixes-stable] highmem-round-down-the-address-passed-to-kunmap_flush_on_unmap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: highmem: round down the address passed to kunmap_flush_on_unmap() has been removed from the -mm tree. Its filename was highmem-round-down-the-address-passed-to-kunmap_flush_on_unmap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: highmem: round down the address passed to kunmap_flush_on_unmap() Date: Thu, 26 Jan 2023 20:07:27 +0000 We already round down the address in kunmap_local_indexed() which is the other implementation of __kunmap_local(). The only implementation of kunmap_flush_on_unmap() is PA-RISC which is expecting a page-aligned address. This may be causing PA-RISC to be flushing the wrong addresses currently. Link: https://lkml.kernel.org/r/20230126200727.1680362-1-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Fixes: 298fa1ad5571 ("highmem: Provide generic variant of kmap_atomic*") Reviewed-by: Ira Weiny <ira.weiny(a)intel.com> Cc: "Fabio M. De Francesco" <fmdefrancesco(a)gmail.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Helge Deller <deller(a)gmx.de> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Bagas Sanjaya <bagasdotme(a)gmail.com> Cc: David Sterba <dsterba(a)suse.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Tony Luck <tony.luck(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/highmem-internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/include/linux/highmem-internal.h~highmem-round-down-the-address-passed-to-kunmap_flush_on_unmap +++ a/include/linux/highmem-internal.h @@ -200,7 +200,7 @@ static inline void *kmap_local_pfn(unsig static inline void __kunmap_local(const void *addr) { #ifdef ARCH_HAS_FLUSH_ON_KUNMAP - kunmap_flush_on_unmap(addr); + kunmap_flush_on_unmap(PTR_ALIGN_DOWN(addr, PAGE_SIZE)); #endif } @@ -227,7 +227,7 @@ static inline void *kmap_atomic_pfn(unsi static inline void __kunmap_atomic(const void *addr) { #ifdef ARCH_HAS_FLUSH_ON_KUNMAP - kunmap_flush_on_unmap(addr); + kunmap_flush_on_unmap(PTR_ALIGN_DOWN(addr, PAGE_SIZE)); #endif pagefault_enable(); if (IS_ENABLED(CONFIG_PREEMPT_RT)) _ Patches currently in -mm which might be from willy(a)infradead.org are mm-remove-folio_pincount_ptr-and-head_compound_pincount.patch mm-convert-head_subpages_mapcount-into-folio_nr_pages_mapped.patch doc-clarify-refcount-section-by-referring-to-folios-pages.patch mm-convert-total_compound_mapcount-to-folio_total_mapcount.patch mm-convert-page_remove_rmap-to-use-a-folio-internally.patch mm-convert-page_add_anon_rmap-to-use-a-folio-internally.patch mm-convert-page_add_file_rmap-to-use-a-folio-internally.patch mm-add-folio_add_new_anon_rmap.patch mm-add-folio_add_new_anon_rmap-fix-2.patch page_alloc-use-folio-fields-directly.patch mm-use-a-folio-in-hugepage_add_anon_rmap-and-hugepage_add_new_anon_rmap.patch mm-use-entire_mapcount-in-__page_dup_rmap.patch mm-debug-remove-call-to-head_compound_mapcount.patch hugetlb-remove-uses-of-folio_mapcount_ptr.patch mm-convert-page_mapcount-to-use-folio_entire_mapcount.patch mm-remove-head_compound_mapcount-and-_ptr-functions.patch mm-reimplement-compound_order.patch mm-reimplement-compound_nr.patch mm-reimplement-compound_nr-fix.patch mm-convert-set_compound_page_dtor-and-set_compound_order-to-folios.patch mm-convert-is_transparent_hugepage-to-use-a-folio.patch mm-convert-destroy_large_folio-to-use-folio_dtor.patch hugetlb-remove-uses-of-compound_dtor-and-compound_nr.patch mm-remove-first-tail-page-members-from-struct-page.patch doc-correct-struct-folio-kernel-doc.patch mm-move-page-deferred_list-to-folio-_deferred_list.patch mm-huge_memory-remove-page_deferred_list.patch mm-huge_memory-convert-get_deferred_split_queue-to-take-a-folio.patch mm-convert-deferred_split_huge_page-to-deferred_split_folio.patch shmem-convert-shmem_write_end-to-use-a-folio.patch mm-add-vma_alloc_zeroed_movable_folio.patch mm-convert-do_anonymous_page-to-use-a-folio.patch mm-convert-wp_page_copy-to-use-folios.patch mm-use-a-folio-in-copy_pte_range.patch mm-use-a-folio-in-copy_present_pte.patch mm-fs-convert-inode_attach_wb-to-take-a-folio.patch mm-convert-mem_cgroup_css_from_page-to-mem_cgroup_css_from_folio.patch mm-remove-page_evictable.patch mm-remove-mlock_vma_page.patch mm-remove-munlock_vma_page.patch mm-clean-up-mlock_page-munlock_page-references-in-comments.patch rmap-add-folio-parameter-to-__page_set_anon_rmap.patch filemap-convert-filemap_map_pmd-to-take-a-folio.patch filemap-convert-filemap_range_has_page-to-use-a-folio.patch readahead-convert-readahead_expand-to-use-a-folio.patch mm-add-memcpy_from_file_folio.patch fs-convert-writepage_t-callback-to-pass-a-folio.patch mpage-convert-__mpage_writepage-to-use-a-folio-more-fully.patch mpage-convert-__mpage_writepage-to-use-a-folio-more-fully-fix.patch

10 months

1
0
0 0

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2023