March 2023 - Linux-stable-mirror

[PATCH] f2fs: get out of a repeat loop when getting a locked data page

by Jaegeuk Kim

https://bugzilla.kernel.org/show_bug.cgi?id=216050 Somehow we're getting a page which has a different mapping. Let's avoid the infinite loop. Cc: <stable(a)vger.kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> --- fs/f2fs/data.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index bf51e6e4eb64..80702c93e885 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1329,18 +1329,14 @@ struct page *f2fs_get_lock_data_page(struct inode *inode, pgoff_t index, { struct address_space *mapping = inode->i_mapping; struct page *page; -repeat: + page = f2fs_get_read_data_page(inode, index, 0, for_write, NULL); if (IS_ERR(page)) return page; /* wait for read completion */ lock_page(page); - if (unlikely(page->mapping != mapping)) { - f2fs_put_page(page, 1); - goto repeat; - } - if (unlikely(!PageUptodate(page))) { + if (unlikely(page->mapping != mapping || !PageUptodate(page))) { f2fs_put_page(page, 1); return ERR_PTR(-EIO); } -- 2.40.0.348.gf938b09366-goog

9 months, 1 week

4
12
0 0

[RESEND] gpio: ws16c48: Fix off-by-one error in WS16C48 resource region extent

by William Breathitt Gray

The WinSystems WS16C48 I/O address region spans offsets 0x0 through 0xA, which is a total of 11 bytes. Fix the WS16C48_EXTENT define to the correct value of 11 so that access to necessary device registers is properly requested in the ws16c48_probe() callback by the devm_request_region() function call. Fixes: 2c05a0f29f41 ("gpio: ws16c48: Implement and utilize register structures") Cc: stable(a)vger.kernel.org Cc: Paul Demetrotion <pdemetrotion(a)winsystems.com> Signed-off-by: William Breathitt Gray <william.gray(a)linaro.org> --- drivers/gpio/gpio-ws16c48.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-ws16c48.c b/drivers/gpio/gpio-ws16c48.c index e73885a4dc32..afb42a8e916f 100644 --- a/drivers/gpio/gpio-ws16c48.c +++ b/drivers/gpio/gpio-ws16c48.c @@ -18,7 +18,7 @@ #include <linux/spinlock.h> #include <linux/types.h> -#define WS16C48_EXTENT 10 +#define WS16C48_EXTENT 11 #define MAX_NUM_WS16C48 max_num_isa_dev(WS16C48_EXTENT) static unsigned int base[MAX_NUM_WS16C48]; base-commit: 4827aae061337251bb91801b316157a78b845ec7 -- 2.39.2

9 months, 1 week

2
5
0 0

[PATCH 2/3] acpi/processor: sanitize _PDC buffer bits when running as Xen dom0

by Roger Pau Monne

The Processor _PDC buffer bits notify ACPI of the OS capabilities, and so ACPI can adjust the return of other Processor methods taking the OS capabilities into account. When Linux is running as a Xen dom0, it's the hypervisor the entity in charge of processor power management, and hence Xen needs to make sure the capabilities reported in the _PDC buffer match the capabilities of the driver in Xen. Introduce a small helper to sanitize the buffer when running as Xen dom0. Signed-off-by: Roger Pau Monné <roger.pau(a)citrix.com> Cc: stable(a)vger.kernel.org --- arch/x86/include/asm/xen/hypervisor.h | 2 ++ arch/x86/xen/enlighten.c | 17 +++++++++++++++++ drivers/acpi/processor_pdc.c | 8 ++++++++ 3 files changed, 27 insertions(+) diff --git a/arch/x86/include/asm/xen/hypervisor.h b/arch/x86/include/asm/xen/hypervisor.h index b9f512138043..b4ed90ef5e68 100644 --- a/arch/x86/include/asm/xen/hypervisor.h +++ b/arch/x86/include/asm/xen/hypervisor.h @@ -63,12 +63,14 @@ void __init mem_map_via_hcall(struct boot_params *boot_params_p); #ifdef CONFIG_XEN_DOM0 bool __init xen_processor_present(uint32_t acpi_id); +void xen_sanitize_pdc(uint32_t *buf); #else static inline bool xen_processor_present(uint32_t acpi_id) { BUG(); return false; } +static inline void xen_sanitize_pdc(uint32_t *buf) { BUG(); } #endif #endif /* _ASM_X86_XEN_HYPERVISOR_H */ diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c index d4c44361a26c..394dd6675113 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -372,4 +372,21 @@ bool __init xen_processor_present(uint32_t acpi_id) return false; } + +void xen_sanitize_pdc(uint32_t *buf) +{ + struct xen_platform_op op = { + .cmd = XENPF_set_processor_pminfo, + .interface_version = XENPF_INTERFACE_VERSION, + .u.set_pminfo.id = -1, + .u.set_pminfo.type = XEN_PM_PDC, + }; + int ret; + + set_xen_guest_handle(op.u.set_pminfo.pdc, buf); + ret = HYPERVISOR_platform_op(&op); + if (ret) + pr_info("sanitize of _PDC buffer bits from Xen failed: %d\n", + ret); +} #endif diff --git a/drivers/acpi/processor_pdc.c b/drivers/acpi/processor_pdc.c index 18fb04523f93..58f4c208517a 100644 --- a/drivers/acpi/processor_pdc.c +++ b/drivers/acpi/processor_pdc.c @@ -137,6 +137,14 @@ acpi_processor_eval_pdc(acpi_handle handle, struct acpi_object_list *pdc_in) buffer[2] &= ~(ACPI_PDC_C_C2C3_FFH | ACPI_PDC_C_C1_FFH); } + if (xen_initial_domain()) + /* + * When Linux is running as Xen dom0 it's the hypervisor the + * entity in charge of the processor power management, and so + * Xen needs to check the OS capabilities reported in the _PDC + * buffer matches what the hypervisor driver supports. + */ + xen_sanitize_pdc((uint32_t *)pdc_in->pointer->buffer.pointer); status = acpi_evaluate_object(handle, "_PDC", pdc_in, NULL); if (ACPI_FAILURE(status)) -- 2.37.3

10 months, 1 week

4
5
0 0

[PATCH v7] tty: fix hang on tty device with no_room set

by juanfengpy＠gmail.com

From: Hui Li <caelli(a)tencent.com> We have met a hang on pty device, the reader was blocking at epoll on master side, the writer was sleeping at wait_woken inside n_tty_write on slave side, and the write buffer on tty_port was full, we found that the reader and writer would never be woken again and blocked forever. The problem was caused by a race between reader and kworker: n_tty_read(reader): n_tty_receive_buf_common(kworker): copy_from_read_buf()| |room = N_TTY_BUF_SIZE - (ldata->read_head - tail) |room <= 0 n_tty_kick_worker() | |ldata->no_room = true After writing to slave device, writer wakes up kworker to flush data on tty_port to reader, and the kworker finds that reader has no room to store data so room <= 0 is met. At this moment, reader consumes all the data on reader buffer and calls n_tty_kick_worker to check ldata->no_room which is false and reader quits reading. Then kworker sets ldata->no_room=true and quits too. If write buffer is not full, writer will wake kworker to flush data again after following writes, but if write buffer is full and writer goes to sleep, kworker will never be woken again and tty device is blocked. This problem can be solved with a check for read buffer size inside n_tty_receive_buf_common, if read buffer is empty and ldata->no_room is true, a call to n_tty_kick_worker is necessary to keep flushing data to reader. Cc: <stable(a)vger.kernel.org> Fixes: 42458f41d08f ("n_tty: Ensure reader restarts worker for next reader") Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Hui Li <caelli(a)tencent.com> --- Patch changelogs between v1 and v2: -add barrier inside n_tty_read and n_tty_receive_buf_common; -comment why barrier is needed; -access to ldata->no_room is changed with READ_ONCE and WRITE_ONCE; Patch changelogs between v2 and v3: -in function n_tty_receive_buf_common, add unlikely to check ldata->no_room, eg: if (unlikely(ldata->no_room)), and READ_ONCE is removed here to get locality; -change comment for barrier to show the race condition to make comment easier to understand; Patch changelogs between v3 and v4: -change subject from 'tty: fix a possible hang on tty device' to 'tty: fix hang on tty device with no_room set' to make subject more obvious; Patch changelogs between v4 and v5: -name is changed from cael to caelli, li is added as the family name and caelli is the fullname. Patch changelogs between v5 and v6: -change from and Signed-off-by, from 'caelli <juanfengpy(a)gmail.com>' to 'caelli <caelli(a)tencent.com>', later one is my corporate address. Patch changelogs between v6 and v7: -change name from caelli to 'Hui Li', which is my name in chinese. -the comment for barrier is improved, and a Fixes and Reviewed-by tags is added. drivers/tty/n_tty.c | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c index c8f56c9b1a1c..8c17304fffcf 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -204,8 +204,8 @@ static void n_tty_kick_worker(struct tty_struct *tty) struct n_tty_data *ldata = tty->disc_data; /* Did the input worker stop? Restart it */ - if (unlikely(ldata->no_room)) { - ldata->no_room = 0; + if (unlikely(READ_ONCE(ldata->no_room))) { + WRITE_ONCE(ldata->no_room, 0); WARN_RATELIMIT(tty->port->itty == NULL, "scheduling with invalid itty\n"); @@ -1698,7 +1698,7 @@ n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp, if (overflow && room < 0) ldata->read_head--; room = overflow; - ldata->no_room = flow && !room; + WRITE_ONCE(ldata->no_room, flow && !room); } else overflow = 0; @@ -1729,6 +1729,27 @@ n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp, } else n_tty_check_throttle(tty); + if (unlikely(ldata->no_room)) { + /* + * Barrier here is to ensure to read the latest read_tail in + * chars_in_buffer() and to make sure that read_tail is not loaded + * before ldata->no_room is set, otherwise, following race may occur: + * n_tty_receive_buf_common() + * n_tty_read() + * if (!chars_in_buffer(tty))->false + * copy_from_read_buf() + * read_tail=commit_head + * n_tty_kick_worker() + * if (ldata->no_room)->false + * ldata->no_room = 1 + * Then both kworker and reader will fail to kick n_tty_kick_worker(), + * smp_mb is paired with smp_mb() in n_tty_read(). + */ + smp_mb(); + if (!chars_in_buffer(tty)) + n_tty_kick_worker(tty); + } + up_read(&tty->termios_rwsem); return rcvd; @@ -2282,8 +2303,25 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file, if (time) timeout = time; } - if (old_tail != ldata->read_tail) + if (old_tail != ldata->read_tail) { + /* + * Make sure no_room is not read in n_tty_kick_worker() + * before setting ldata->read_tail in copy_from_read_buf(), + * otherwise, following race may occur: + * n_tty_read() + * n_tty_receive_buf_common() + * n_tty_kick_worker() + * if(ldata->no_room)->false + * ldata->no_room = 1 + * if (!chars_in_buffer(tty))->false + * copy_from_read_buf() + * read_tail=commit_head + * Both reader and kworker will fail to kick tty_buffer_restart_work(), + * smp_mb is paired with smp_mb() in n_tty_receive_buf_common(). + */ + smp_mb(); n_tty_kick_worker(tty); + } up_read(&tty->termios_rwsem); remove_wait_queue(&tty->read_wait, &wait); -- 2.27.0

10 months, 1 week

3
5
0 0

[PATCH v1 1/5] hostfs: Fix ephemeral inodes

by Mickaël Salaün

hostfs creates a new inode for each opened or created file, which created useless inode allocations and forbade identifying a host file with a kernel inode. Fix this uncommon filesystem behavior by tying kernel inodes to host file's inode and device IDs. Even if the host filesystem inodes may be recycled, this cannot happen while a file referencing it is open, which is the case with hostfs. It should be noted that hostfs inode IDs may not be unique for the same hostfs superblock because multiple host's (backed) superblocks may be used. Delete inodes when dropping them to force backed host's file descriptors closing. This enables to entirely remove ARCH_EPHEMERAL_INODES, and then makes Landlock fully supported by UML. This is very useful for testing (ongoing and backported) changes. These changes also factor out and simplify some helpers thanks to the new hostfs_inode_update() and the hostfs_iget() revamp: read_name(), hostfs_create(), hostfs_lookup(), hostfs_mknod(), and hostfs_fill_sb_common(). A following commit with new Landlock tests check this new hostfs inode consistency. Cc: Anton Ivanov <anton.ivanov(a)cambridgegreys.com> Cc: Johannes Berg <johannes(a)sipsolutions.net> Cc: Richard Weinberger <richard(a)nod.at> Cc: <stable(a)vger.kernel.org> # 5.15.x: ce72750f04d6: hostfs: Fix writeback of dirty pages Cc: <stable(a)vger.kernel.org> # 5.15+ Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20230309165455.175131-2-mic@digikod.net --- arch/Kconfig | 7 -- arch/um/Kconfig | 1 - fs/hostfs/hostfs.h | 1 + fs/hostfs/hostfs_kern.c | 213 +++++++++++++++++++------------------- fs/hostfs/hostfs_user.c | 1 + security/landlock/Kconfig | 2 +- 6 files changed, 109 insertions(+), 116 deletions(-) diff --git a/arch/Kconfig b/arch/Kconfig index e3511afbb7f2..d5f0841ac3c1 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -1156,13 +1156,6 @@ config COMPAT_32BIT_TIME config ARCH_NO_PREEMPT bool -config ARCH_EPHEMERAL_INODES - def_bool n - help - An arch should select this symbol if it doesn't keep track of inode - instances on its own, but instead relies on something else (e.g. the - host kernel for an UML kernel). - config ARCH_SUPPORTS_RT bool diff --git a/arch/um/Kconfig b/arch/um/Kconfig index 541a9b18e343..4057d5267c6a 100644 --- a/arch/um/Kconfig +++ b/arch/um/Kconfig @@ -5,7 +5,6 @@ menu "UML-specific options" config UML bool default y - select ARCH_EPHEMERAL_INODES select ARCH_HAS_FORTIFY_SOURCE select ARCH_HAS_GCOV_PROFILE_ALL select ARCH_HAS_KCOV diff --git a/fs/hostfs/hostfs.h b/fs/hostfs/hostfs.h index 69cb796f6270..0239e3af3945 100644 --- a/fs/hostfs/hostfs.h +++ b/fs/hostfs/hostfs.h @@ -65,6 +65,7 @@ struct hostfs_stat { unsigned long long blocks; unsigned int maj; unsigned int min; + dev_t dev; }; extern int stat_file(const char *path, struct hostfs_stat *p, int fd); diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c index 28b4f15c19eb..19496f732016 100644 --- a/fs/hostfs/hostfs_kern.c +++ b/fs/hostfs/hostfs_kern.c @@ -26,6 +26,7 @@ struct hostfs_inode_info { fmode_t mode; struct inode vfs_inode; struct mutex open_mutex; + dev_t dev; }; static inline struct hostfs_inode_info *HOSTFS_I(struct inode *inode) @@ -182,14 +183,6 @@ static char *follow_link(char *link) return ERR_PTR(n); } -static struct inode *hostfs_iget(struct super_block *sb) -{ - struct inode *inode = new_inode(sb); - if (!inode) - return ERR_PTR(-ENOMEM); - return inode; -} - static int hostfs_statfs(struct dentry *dentry, struct kstatfs *sf) { /* @@ -228,6 +221,7 @@ static struct inode *hostfs_alloc_inode(struct super_block *sb) return NULL; hi->fd = -1; hi->mode = 0; + hi->dev = 0; inode_init_once(&hi->vfs_inode); mutex_init(&hi->open_mutex); return &hi->vfs_inode; @@ -240,6 +234,7 @@ static void hostfs_evict_inode(struct inode *inode) if (HOSTFS_I(inode)->fd != -1) { close_file(&HOSTFS_I(inode)->fd); HOSTFS_I(inode)->fd = -1; + HOSTFS_I(inode)->dev = 0; } } @@ -265,6 +260,7 @@ static int hostfs_show_options(struct seq_file *seq, struct dentry *root) static const struct super_operations hostfs_sbops = { .alloc_inode = hostfs_alloc_inode, .free_inode = hostfs_free_inode, + .drop_inode = generic_delete_inode, .evict_inode = hostfs_evict_inode, .statfs = hostfs_statfs, .show_options = hostfs_show_options, @@ -512,18 +508,31 @@ static const struct address_space_operations hostfs_aops = { .write_end = hostfs_write_end, }; -static int read_name(struct inode *ino, char *name) +static int hostfs_inode_update(struct inode *ino, const struct hostfs_stat *st) +{ + set_nlink(ino, st->nlink); + i_uid_write(ino, st->uid); + i_gid_write(ino, st->gid); + ino->i_atime = + (struct timespec64){ st->atime.tv_sec, st->atime.tv_nsec }; + ino->i_mtime = + (struct timespec64){ st->mtime.tv_sec, st->mtime.tv_nsec }; + ino->i_ctime = + (struct timespec64){ st->ctime.tv_sec, st->ctime.tv_nsec }; + ino->i_size = st->size; + ino->i_blocks = st->blocks; + return 0; +} + +static int hostfs_inode_set(struct inode *ino, void *data) { + struct hostfs_stat *st = data; dev_t rdev; - struct hostfs_stat st; - int err = stat_file(name, &st, -1); - if (err) - return err; /* Reencode maj and min with the kernel encoding.*/ - rdev = MKDEV(st.maj, st.min); + rdev = MKDEV(st->maj, st->min); - switch (st.mode & S_IFMT) { + switch (st->mode & S_IFMT) { case S_IFLNK: ino->i_op = &hostfs_link_iops; break; @@ -535,7 +544,7 @@ static int read_name(struct inode *ino, char *name) case S_IFBLK: case S_IFIFO: case S_IFSOCK: - init_special_inode(ino, st.mode & S_IFMT, rdev); + init_special_inode(ino, st->mode & S_IFMT, rdev); ino->i_op = &hostfs_iops; break; case S_IFREG: @@ -547,17 +556,42 @@ static int read_name(struct inode *ino, char *name) return -EIO; } - ino->i_ino = st.ino; - ino->i_mode = st.mode; - set_nlink(ino, st.nlink); - i_uid_write(ino, st.uid); - i_gid_write(ino, st.gid); - ino->i_atime = (struct timespec64){ st.atime.tv_sec, st.atime.tv_nsec }; - ino->i_mtime = (struct timespec64){ st.mtime.tv_sec, st.mtime.tv_nsec }; - ino->i_ctime = (struct timespec64){ st.ctime.tv_sec, st.ctime.tv_nsec }; - ino->i_size = st.size; - ino->i_blocks = st.blocks; - return 0; + HOSTFS_I(ino)->dev = st->dev; + ino->i_ino = st->ino; + ino->i_mode = st->mode; + return hostfs_inode_update(ino, st); +} + +static int hostfs_inode_test(struct inode *inode, void *data) +{ + const struct hostfs_stat *st = data; + + return inode->i_ino == st->ino && HOSTFS_I(inode)->dev == st->dev; +} + +static struct inode *hostfs_iget(struct super_block *sb, char *name) +{ + struct inode *inode; + struct hostfs_stat st; + int err = stat_file(name, &st, -1); + + if (err) + return ERR_PTR(err); + + inode = iget5_locked(sb, st.ino, hostfs_inode_test, hostfs_inode_set, + &st); + if (!inode) + return ERR_PTR(-ENOMEM); + + if (inode->i_state & I_NEW) { + unlock_new_inode(inode); + } else { + spin_lock(&inode->i_lock); + hostfs_inode_update(inode, &st); + spin_unlock(&inode->i_lock); + } + + return inode; } static int hostfs_create(struct mnt_idmap *idmap, struct inode *dir, @@ -565,62 +599,48 @@ static int hostfs_create(struct mnt_idmap *idmap, struct inode *dir, { struct inode *inode; char *name; - int error, fd; - - inode = hostfs_iget(dir->i_sb); - if (IS_ERR(inode)) { - error = PTR_ERR(inode); - goto out; - } + int fd; - error = -ENOMEM; name = dentry_name(dentry); if (name == NULL) - goto out_put; + return -ENOMEM; fd = file_create(name, mode & 0777); - if (fd < 0) - error = fd; - else - error = read_name(inode, name); + if (fd < 0) { + __putname(name); + return fd; + } + inode = hostfs_iget(dir->i_sb, name); __putname(name); - if (error) - goto out_put; + if (IS_ERR(inode)) + return PTR_ERR(inode); HOSTFS_I(inode)->fd = fd; HOSTFS_I(inode)->mode = FMODE_READ | FMODE_WRITE; d_instantiate(dentry, inode); return 0; - - out_put: - iput(inode); - out: - return error; } static struct dentry *hostfs_lookup(struct inode *ino, struct dentry *dentry, unsigned int flags) { - struct inode *inode; + struct inode *inode = NULL; char *name; - int err; - - inode = hostfs_iget(ino->i_sb); - if (IS_ERR(inode)) - goto out; - err = -ENOMEM; name = dentry_name(dentry); - if (name) { - err = read_name(inode, name); - __putname(name); - } - if (err) { - iput(inode); - inode = (err == -ENOENT) ? NULL : ERR_PTR(err); + if (name == NULL) + return ERR_PTR(-ENOMEM); + + inode = hostfs_iget(ino->i_sb, name); + __putname(name); + if (IS_ERR(inode)) { + if (PTR_ERR(inode) == -ENOENT) + inode = NULL; + else + return ERR_CAST(inode); } - out: + return d_splice_alias(inode, dentry); } @@ -704,35 +724,23 @@ static int hostfs_mknod(struct mnt_idmap *idmap, struct inode *dir, char *name; int err; - inode = hostfs_iget(dir->i_sb); - if (IS_ERR(inode)) { - err = PTR_ERR(inode); - goto out; - } - - err = -ENOMEM; name = dentry_name(dentry); if (name == NULL) - goto out_put; + return -ENOMEM; err = do_mknod(name, mode, MAJOR(dev), MINOR(dev)); - if (err) - goto out_free; + if (err) { + __putname(name); + return err; + } - err = read_name(inode, name); + inode = hostfs_iget(dir->i_sb, name); __putname(name); - if (err) - goto out_put; + if (IS_ERR(inode)) + return PTR_ERR(inode); d_instantiate(dentry, inode); return 0; - - out_free: - __putname(name); - out_put: - iput(inode); - out: - return err; } static int hostfs_rename2(struct mnt_idmap *idmap, @@ -929,49 +937,40 @@ static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent) sb->s_maxbytes = MAX_LFS_FILESIZE; err = super_setup_bdi(sb); if (err) - goto out; + return err; /* NULL is printed as '(null)' by printf(): avoid that. */ if (req_root == NULL) req_root = ""; - err = -ENOMEM; sb->s_fs_info = host_root_path = kasprintf(GFP_KERNEL, "%s/%s", root_ino, req_root); if (host_root_path == NULL) - goto out; - - root_inode = new_inode(sb); - if (!root_inode) - goto out; + return -ENOMEM; - err = read_name(root_inode, host_root_path); - if (err) - goto out_put; + root_inode = hostfs_iget(sb, host_root_path); + if (IS_ERR(root_inode)) + return PTR_ERR(root_inode); if (S_ISLNK(root_inode->i_mode)) { - char *name = follow_link(host_root_path); - if (IS_ERR(name)) { - err = PTR_ERR(name); - goto out_put; - } - err = read_name(root_inode, name); + char *name; + + iput(root_inode); + name = follow_link(host_root_path); + if (IS_ERR(name)) + return PTR_ERR(name); + + root_inode = hostfs_iget(sb, name); kfree(name); - if (err) - goto out_put; + if (IS_ERR(root_inode)) + return PTR_ERR(root_inode); } - err = -ENOMEM; sb->s_root = d_make_root(root_inode); if (sb->s_root == NULL) - goto out; + return -ENOMEM; return 0; - -out_put: - iput(root_inode); -out: - return err; } static struct dentry *hostfs_read_sb(struct file_system_type *type, diff --git a/fs/hostfs/hostfs_user.c b/fs/hostfs/hostfs_user.c index 5ecc4706172b..840619e39a1a 100644 --- a/fs/hostfs/hostfs_user.c +++ b/fs/hostfs/hostfs_user.c @@ -36,6 +36,7 @@ static void stat64_to_hostfs(const struct stat64 *buf, struct hostfs_stat *p) p->blocks = buf->st_blocks; p->maj = os_major(buf->st_rdev); p->min = os_minor(buf->st_rdev); + p->dev = buf->st_dev; } int stat_file(const char *path, struct hostfs_stat *p, int fd) diff --git a/security/landlock/Kconfig b/security/landlock/Kconfig index 8e33c4e8ffb8..c1e862a38410 100644 --- a/security/landlock/Kconfig +++ b/security/landlock/Kconfig @@ -2,7 +2,7 @@ config SECURITY_LANDLOCK bool "Landlock support" - depends on SECURITY && !ARCH_EPHEMERAL_INODES + depends on SECURITY select SECURITY_PATH help Landlock is a sandboxing mechanism that enables processes to restrict -- 2.39.2

10 months, 1 week

3
6
0 0

kernel error at led trigger "phy0tpt"

by Tobias Dahms

Hello, since some kernel versions I get a kernel errror while setting led trigger to phy0tpt. command to reproduce: echo phy0tpt > /sys/class/leds/bpi-r2\:isink\:blue/trigger same trigger, other led location => no error: echo phy0tpt > /sys/class/leds/bpi-r2\:pio\:blue/trigger other trigger, same led location => no error: echo phy0tx > /sys/class/leds/bpi-r2\:isink\:blue/trigger last good kernel: bpi-r2 5.19.17-bpi-r2 error at kernel versions: bpi-r2 6.0.19-bpi-r2 up to bpi-r2 6.3.0-rc1-bpi-r2+ wireless lan card: 01:00.0 Network controller: MEDIATEK Corp. MT7612E 802.11acbgn PCI Express Wireless Network Adapter distribution: Arch-Linux-ARM (with vanilla kernel instead of original distribution kernel) board: BananaPi-R2 log messages: Mär 12 12:54:55 bpi-r2 kernel: BUG: scheduling while atomic: swapper/0/0/0x00000100 Mär 12 12:54:55 bpi-r2 kernel: Modules linked in: aes_arm_bs crypto_simd cryptd nft_masq nft_ct nf_log_syslog nft_log nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink mt76x2e mt76x2_common mt76x02_lib mt76 spi_mt65xx pwm_mediatek mt6577_auxadc sch_fq_codel fuse configfs ip_tables x_tables Mär 12 12:54:55 bpi-r2 kernel: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.3.0-rc1-bpi-r2+ #1 Mär 12 12:54:55 bpi-r2 kernel: Hardware name: Mediatek Cortex-A7 (Device Tree) Mär 12 12:54:55 bpi-r2 kernel: Backtrace: Mär 12 12:54:55 bpi-r2 kernel: dump_backtrace from show_stack+0x20/0x24 Mär 12 12:54:55 bpi-r2 kernel: r7:c14ab340 r6:00000000 r5:c12507fc r4:600f0113 Mär 12 12:54:55 bpi-r2 kernel: show_stack from dump_stack_lvl+0x48/0x54 Mär 12 12:54:55 bpi-r2 kernel: dump_stack_lvl from dump_stack+0x18/0x1c Mär 12 12:54:55 bpi-r2 kernel: r5:c1508fc0 r4:00000000 Mär 12 12:54:55 bpi-r2 kernel: dump_stack from __schedule_bug+0x60/0x70 Mär 12 12:54:55 bpi-r2 kernel: __schedule_bug from __schedule+0x6b0/0x904 Mär 12 12:54:55 bpi-r2 kernel: r5:c1508fc0 r4:eed9d340 Mär 12 12:54:55 bpi-r2 kernel: __schedule from schedule+0x6c/0xe8 Mär 12 12:54:55 bpi-r2 kernel: r10:c1501ba0 r9:00000000 r8:00001b58 r7:c1508fc0 r6:00001b58 r5:0000004a Mär 12 12:54:55 bpi-r2 kernel: r4:c1508fc0 Mär 12 12:54:55 bpi-r2 kernel: schedule from schedule_hrtimeout_range_clock+0xec/0x14c Mär 12 12:54:55 bpi-r2 kernel: r5:0000004a r4:47ac1837 Mär 12 12:54:55 bpi-r2 kernel: schedule_hrtimeout_range_clock from schedule_hrtimeout_range+0x28/0x30 Mär 12 12:54:55 bpi-r2 kernel: r10:c1501c50 r9:c1508fc0 r8:00000002 r7:00000000 r6:c1501ba0 r5:00000000 Mär 12 12:54:55 bpi-r2 kernel: r4:00001b58 Mär 12 12:54:55 bpi-r2 kernel: schedule_hrtimeout_range from usleep_range_state+0x6c/0x90 Mär 12 12:54:55 bpi-r2 kernel: usleep_range_state from pwrap_read16+0xfc/0x2a0 Mär 12 12:54:55 bpi-r2 kernel: r9:0000004a r8:4844840c r7:0000004a r6:48447f8a r5:01980000 r4:c2703940 Mär 12 12:54:55 bpi-r2 kernel: pwrap_read16 from pwrap_regmap_read+0x24/0x28 Mär 12 12:54:55 bpi-r2 kernel: r10:00001f00 r9:00000000 r8:00000f00 r7:c2703940 r6:c1501c50 r5:00000330 Mär 12 12:54:55 bpi-r2 kernel: r4:c196e000 r3:c06f3fbc Mär 12 12:54:55 bpi-r2 kernel: pwrap_regmap_read from _regmap_read+0x70/0x160 Mär 12 12:54:55 bpi-r2 kernel: _regmap_read from _regmap_update_bits+0xc8/0x108 Mär 12 12:54:55 bpi-r2 kernel: r10:00001f00 r9:00000000 r8:00000f00 r7:c1508fc0 r6:00000330 r5:00000000 Mär 12 12:54:55 bpi-r2 kernel: r4:c196e000 r3:00000000 Mär 12 12:54:55 bpi-r2 kernel: _regmap_update_bits from regmap_update_bits_base+0x60/0x84 Mär 12 12:54:55 bpi-r2 kernel: r10:00000000 r9:00000f00 r8:00000000 r7:00001f00 r6:00000000 r5:00000330 Mär 12 12:54:55 bpi-r2 kernel: r4:c196e000 Mär 12 12:54:55 bpi-r2 kernel: regmap_update_bits_base from mt6323_led_set_blink+0xf0/0x148 Mär 12 12:54:55 bpi-r2 kernel: r10:eed94800 r9:c16998c0 r8:c196e000 r7:c31f0c48 r6:c2456f48 r5:00000000 Mär 12 12:54:55 bpi-r2 kernel: r4:0000014e Mär 12 12:54:55 bpi-r2 kernel: mt6323_led_set_blink from led_blink_setup+0x3c/0x110 Mär 12 12:54:55 bpi-r2 kernel: r9:c16998c0 r8:00000770 r7:c1501d60 r6:c1501d5c r5:c1501d60 r4:c31f0c48 Mär 12 12:54:55 bpi-r2 kernel: led_blink_setup from led_blink_set+0x60/0x64 Mär 12 12:54:55 bpi-r2 kernel: r7:c1501d60 r6:c1501d5c r5:c31f0c58 r4:c31f0c48 Mär 12 12:54:55 bpi-r2 kernel: led_blink_set from led_trigger_blink+0x44/0x58 Mär 12 12:54:55 bpi-r2 kernel: r7:c1501d60 r6:c1501d5c r5:c5b69740 r4:c31f0c48 Mär 12 12:54:55 bpi-r2 kernel: led_trigger_blink from tpt_trig_timer+0x10c/0x130 Mär 12 12:54:55 bpi-r2 kernel: r7:c0df71f0 r6:c1508fc0 r5:c5b685a0 r4:c597b628 Mär 12 12:54:55 bpi-r2 kernel: tpt_trig_timer from call_timer_fn+0x48/0x168 Mär 12 12:54:55 bpi-r2 kernel: r6:c597b628 r5:00000100 r4:c16998c0 Mär 12 12:54:55 bpi-r2 kernel: call_timer_fn from run_timer_softirq+0x600/0x6c8 Mär 12 12:54:55 bpi-r2 kernel: r9:c16998c0 r8:00000000 r7:00000770 r6:00000000 r5:c1501de4 r4:c597b628 Mär 12 12:54:55 bpi-r2 kernel: run_timer_softirq from __do_softirq+0x140/0x34c Mär 12 12:54:55 bpi-r2 kernel: r10:00000082 r9:00000100 r8:c1698481 r7:c1698f60 r6:00000001 r5:00000002 Mär 12 12:54:55 bpi-r2 kernel: r4:c1503084 Mär 12 12:54:55 bpi-r2 kernel: __do_softirq from irq_exit+0xb8/0xe8 Mär 12 12:54:55 bpi-r2 kernel: r10:10c5387d r9:c1508fc0 r8:c1698481 r7:c1501f0c r6:00000000 r5:c1501ed8 Mär 12 12:54:55 bpi-r2 kernel: r4:c14aaf58 Mär 12 12:54:55 bpi-r2 kernel: irq_exit from generic_handle_arch_irq+0x48/0x4c Mär 12 12:54:55 bpi-r2 kernel: r5:c1501ed8 r4:c14aaf58 Mär 12 12:54:55 bpi-r2 kernel: generic_handle_arch_irq from __irq_svc+0x88/0xb0 Mär 12 12:54:55 bpi-r2 kernel: Exception stack(0xc1501ed8 to 0xc1501f20) Mär 12 12:54:55 bpi-r2 kernel: 1ec0: 000862f4 2d8f2000 Mär 12 12:54:55 bpi-r2 kernel: 1ee0: c1508fc0 00000000 c1699cc0 c1504f10 c1504f70 00000001 c1698481 c123a9b4 Mär 12 12:54:55 bpi-r2 kernel: 1f00: 10c5387d c1501f3c 00000001 c1501f28 c0e36fa0 c0e3767c 600f0013 ffffffff Mär 12 12:54:55 bpi-r2 kernel: r7:c1501f0c r6:ffffffff r5:600f0013 r4:c0e3767c Mär 12 12:54:55 bpi-r2 kernel: default_idle_call from do_idle+0xc4/0x124 Mär 12 12:54:55 bpi-r2 kernel: r5:c1504f10 r4:00000001 Mär 12 12:54:55 bpi-r2 kernel: do_idle from cpu_startup_entry+0x28/0x2c Mär 12 12:54:55 bpi-r2 kernel: r9:efffcd40 r8:00000000 r7:00000045 r6:c1326068 r5:c16fb9b8 r4:000000ec Mär 12 12:54:55 bpi-r2 kernel: cpu_startup_entry from rest_init+0xc0/0xc4 Mär 12 12:54:55 bpi-r2 kernel: rest_init from arch_post_acpi_subsys_init+0x0/0x30 Mär 12 12:54:55 bpi-r2 kernel: r5:c16fb9b8 r4:c16cc038 Mär 12 12:54:55 bpi-r2 kernel: arch_call_rest_init from start_kernel+0x6c0/0x704 Mär 12 12:54:55 bpi-r2 kernel: start_kernel from 0x0 Mär 12 12:54:55 bpi-r2 kernel: bad: scheduling from the idle thread! Mär 12 12:54:55 bpi-r2 kernel: CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.3.0-rc1-bpi-r2+ #1 Mär 12 12:54:55 bpi-r2 kernel: Hardware name: Mediatek Cortex-A7 (Device Tree) Mär 12 12:54:55 bpi-r2 kernel: Backtrace: Mär 12 12:54:55 bpi-r2 kernel: dump_backtrace from show_stack+0x20/0x24 Mär 12 12:54:55 bpi-r2 kernel: r7:c14ab340 r6:00000001 r5:c12507fc r4:60070013 Mär 12 12:54:55 bpi-r2 kernel: show_stack from dump_stack_lvl+0x48/0x54 Mär 12 12:54:55 bpi-r2 kernel: dump_stack_lvl from dump_stack+0x18/0x1c Mär 12 12:54:55 bpi-r2 kernel: r5:c1508fc0 r4:eed9d340 Mär 12 12:54:55 bpi-r2 kernel: dump_stack from dequeue_task_idle+0x30/0x44 Mär 12 12:54:55 bpi-r2 kernel: dequeue_task_idle from __schedule+0x4bc/0x904 Mär 12 12:54:55 bpi-r2 kernel: r5:c1508fc0 r4:eed9d340 Mär 12 12:54:55 bpi-r2 kernel: __schedule from schedule+0x6c/0xe8 Mär 12 12:54:55 bpi-r2 kernel: r10:c1501ba0 r9:00000000 r8:00001b58 r7:c1508fc0 r6:00001b58 r5:0000004a Mär 12 12:54:55 bpi-r2 kernel: r4:c1508fc0 Mär 12 12:54:55 bpi-r2 kernel: schedule from schedule_hrtimeout_range_clock+0xec/0x14c Mär 12 12:54:55 bpi-r2 kernel: r5:0000004a r4:492d8817 Mär 12 12:54:55 bpi-r2 kernel: schedule_hrtimeout_range_clock from schedule_hrtimeout_range+0x28/0x30 Mär 12 12:54:55 bpi-r2 kernel: r10:c1501c50 r9:c1508fc0 r8:00000002 r7:00000000 r6:c1501ba0 r5:00000000 Mär 12 12:54:55 bpi-r2 kernel: r4:00001b58 Mär 12 12:54:55 bpi-r2 kernel: schedule_hrtimeout_range from usleep_range_state+0x6c/0x90 Mär 12 12:54:55 bpi-r2 kernel: usleep_range_state from pwrap_read16+0xfc/0x2a0 Mär 12 12:54:55 bpi-r2 kernel: r9:0000004a r8:49c5f439 r7:0000004a r6:49c5f0eb r5:01990000 r4:c2703940 Mär 12 12:54:55 bpi-r2 kernel: pwrap_read16 from pwrap_regmap_read+0x24/0x28 Mär 12 12:54:55 bpi-r2 kernel: r10:0000ffff r9:00000000 r8:0000014d r7:c2703940 r6:c1501c50 r5:00000332 Mär 12 12:54:55 bpi-r2 kernel: r4:c196e000 r3:c06f3fbc Mär 12 12:54:55 bpi-r2 kernel: pwrap_regmap_read from _regmap_read+0x70/0x160 Mär 12 12:54:55 bpi-r2 kernel: _regmap_read from _regmap_update_bits+0xc8/0x108 Mär 12 12:54:55 bpi-r2 kernel: r10:0000ffff r9:00000000 r8:0000014d r7:c1508fc0 r6:00000332 r5:00000000 Mär 12 12:54:55 bpi-r2 kernel: r4:c196e000 r3:00000000 Mär 12 12:54:55 bpi-r2 kernel: _regmap_update_bits from regmap_update_bits_base+0x60/0x84 Mär 12 12:54:55 bpi-r2 kernel: r10:00000000 r9:0000014d r8:00000000 r7:0000ffff r6:00000000 r5:00000332 Mär 12 12:54:55 bpi-r2 kernel: r4:c196e000 Mär 12 12:54:55 bpi-r2 kernel: regmap_update_bits_base from mt6323_led_set_blink+0x138/0x148 Mär 12 12:54:55 bpi-r2 kernel: r10:eed94800 r9:00000000 r8:c196e000 r7:c31f0c48 r6:c2456f48 r5:00000000 Mär 12 12:54:55 bpi-r2 kernel: r4:0000014e Mär 12 12:54:55 bpi-r2 kernel: mt6323_led_set_blink from led_blink_setup+0x3c/0x110 Mär 12 12:54:55 bpi-r2 kernel: r9:c16998c0 r8:00000770 r7:c1501d60 r6:c1501d5c r5:c1501d60 r4:c31f0c48 Mär 12 12:54:55 bpi-r2 kernel: led_blink_setup from led_blink_set+0x60/0x64 Mär 12 12:54:55 bpi-r2 kernel: r7:c1501d60 r6:c1501d5c r5:c31f0c58 r4:c31f0c48 Mär 12 12:54:55 bpi-r2 kernel: led_blink_set from led_trigger_blink+0x44/0x58 Mär 12 12:54:55 bpi-r2 kernel: r7:c1501d60 r6:c1501d5c r5:c5b69740 r4:c31f0c48 Mär 12 12:54:55 bpi-r2 kernel: led_trigger_blink from tpt_trig_timer+0x10c/0x130 Mär 12 12:54:55 bpi-r2 kernel: r7:c0df71f0 r6:c1508fc0 r5:c5b685a0 r4:c597b628 Mär 12 12:54:55 bpi-r2 kernel: tpt_trig_timer from call_timer_fn+0x48/0x168 Mär 12 12:54:55 bpi-r2 kernel: r6:c597b628 r5:00000100 r4:c16998c0 Mär 12 12:54:55 bpi-r2 kernel: call_timer_fn from run_timer_softirq+0x600/0x6c8 Mär 12 12:54:55 bpi-r2 kernel: r9:c16998c0 r8:00000000 r7:00000770 r6:00000000 r5:c1501de4 r4:c597b628 Mär 12 12:54:55 bpi-r2 kernel: run_timer_softirq from __do_softirq+0x140/0x34c Mär 12 12:54:55 bpi-r2 kernel: r10:00000082 r9:00000100 r8:c1698481 r7:c1698f60 r6:00000001 r5:00000002 Mär 12 12:54:55 bpi-r2 kernel: r4:c1503084 Mär 12 12:54:55 bpi-r2 kernel: __do_softirq from irq_exit+0xb8/0xe8 Mär 12 12:54:55 bpi-r2 kernel: r10:10c5387d r9:c1508fc0 r8:c1698481 r7:c1501f0c r6:00000000 r5:c1501ed8 Mär 12 12:54:55 bpi-r2 kernel: r4:c14aaf58 Mär 12 12:54:55 bpi-r2 kernel: irq_exit from generic_handle_arch_irq+0x48/0x4c Mär 12 12:54:55 bpi-r2 kernel: r5:c1501ed8 r4:c14aaf58 Mär 12 12:54:55 bpi-r2 kernel: generic_handle_arch_irq from __irq_svc+0x88/0xb0 Mär 12 12:54:55 bpi-r2 kernel: Exception stack(0xc1501ed8 to 0xc1501f20) Mär 12 12:54:55 bpi-r2 kernel: 1ec0: 000862f4 2d8f2000 Mär 12 12:54:55 bpi-r2 kernel: 1ee0: c1508fc0 00000000 c1699cc0 c1504f10 c1504f70 00000001 c1698481 c123a9b4 Mär 12 12:54:55 bpi-r2 kernel: 1f00: 10c5387d c1501f3c 00000001 c1501f28 c0e36fa0 c0e3767c 600f0013 ffffffff Mär 12 12:54:55 bpi-r2 kernel: r7:c1501f0c r6:ffffffff r5:600f0013 r4:c0e3767c Mär 12 12:54:55 bpi-r2 kernel: default_idle_call from do_idle+0xc4/0x124 Mär 12 12:54:55 bpi-r2 kernel: r5:c1504f10 r4:00000001 Mär 12 12:54:55 bpi-r2 kernel: do_idle from cpu_startup_entry+0x28/0x2c Mär 12 12:54:55 bpi-r2 kernel: r9:efffcd40 r8:00000000 r7:00000045 r6:c1326068 r5:c16fb9b8 r4:000000ec Mär 12 12:54:55 bpi-r2 kernel: cpu_startup_entry from rest_init+0xc0/0xc4 Mär 12 12:54:55 bpi-r2 kernel: rest_init from arch_post_acpi_subsys_init+0x0/0x30 Mär 12 12:54:55 bpi-r2 kernel: r5:c16fb9b8 r4:c16cc038 Mär 12 12:54:55 bpi-r2 kernel: arch_call_rest_init from start_kernel+0x6c0/0x704 Mär 12 12:54:55 bpi-r2 kernel: start_kernel from 0x0 Mär 12 12:54:55 bpi-r2 kernel: ------------[ cut here ]------------ best regards Tobias Dahms

10 months, 2 weeks

5
9
0 0

[PATCH v5 0/2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> Changelog: v4: - Replace sg_init_table()/sg_set_buf() with sg_init_one() (suggested by Eric) v3: v2: - Add patch by Herbert to take only the needed bytes for a MPI from the scatterlist - Use only one scatterlist for signature and digest (suggested by Eric) - Rename key variable to buf (suggested by Eric) - Rename key_max_len variable to buf_len - Use size_t for the buf_len variable instead of u32 v1: - Unconditionally copy the signature and digest to the buffer to keep the code simple (suggested by Eric) Herbert Xu (1): lib/mpi: Fix buffer overrun when SG is too long Roberto Sassu (1): KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() crypto/asymmetric_keys/public_key.c | 38 ++++++++++++++++------------- lib/mpi/mpicoder.c | 3 ++- 2 files changed, 23 insertions(+), 18 deletions(-) -- 2.25.1

10 months, 3 weeks

8
24
0 0

[PATCH AUTOSEL 6.2 01/30] drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update()

by Sasha Levin

From: Alexandr Sapozhnikov <alsp705(a)gmail.com> [ Upstream commit 7245e629dcaaf308f1868aeffa218e9849c77893 ] After having been compared to NULL value at cirrus.c:455, pointer 'pipe->plane.state->fb' is passed as 1st parameter in call to function 'cirrus_fb_blit_rect' at cirrus.c:461, where it is dereferenced at cirrus.c:316. Found by Linux Verification Center (linuxtesting.org) with SVACE. v2: * aligned commit message to line-length limits Signed-off-by: Alexandr Sapozhnikov <alsp705(a)gmail.com> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: https://patchwork.freedesktop.org/patch/msgid/20230215171549.16305-1-alsp70… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/tiny/cirrus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/tiny/cirrus.c b/drivers/gpu/drm/tiny/cirrus.c index 678c2ef1cae70..ffa7e61dd1835 100644 --- a/drivers/gpu/drm/tiny/cirrus.c +++ b/drivers/gpu/drm/tiny/cirrus.c @@ -455,7 +455,7 @@ static void cirrus_pipe_update(struct drm_simple_display_pipe *pipe, if (state->fb && cirrus->cpp != cirrus_cpp(state->fb)) cirrus_mode_set(cirrus, &crtc->mode, state->fb); - if (drm_atomic_helper_damage_merged(old_state, state, &rect)) + if (state->fb && drm_atomic_helper_damage_merged(old_state, state, &rect)) cirrus_fb_blit_rect(state->fb, &shadow_plane_state->data[0], &rect); } -- 2.39.2

10 months, 3 weeks

4
40
0 0

Linux 5.15.104

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.104 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/filesystems/vfs.rst | 2 Makefile | 2 arch/riscv/include/asm/mmu.h | 2 arch/riscv/include/asm/tlbflush.h | 18 arch/riscv/mm/context.c | 40 - arch/riscv/mm/tlbflush.c | 28 - arch/s390/boot/ipl_report.c | 8 arch/s390/pci/pci.c | 16 arch/s390/pci/pci_bus.c | 12 arch/s390/pci/pci_bus.h | 3 arch/x86/kernel/cpu/mce/core.c | 1 arch/x86/kernel/cpu/resctrl/ctrlmondata.c | 7 arch/x86/kernel/cpu/resctrl/internal.h | 1 arch/x86/kernel/cpu/resctrl/rdtgroup.c | 25 + arch/x86/kvm/vmx/nested.c | 10 arch/x86/mm/mem_encrypt_identity.c | 3 drivers/block/loop.c | 25 - drivers/block/null_blk/main.c | 6 drivers/block/sunvdc.c | 2 drivers/clk/Kconfig | 2 drivers/cpuidle/cpuidle-psci-domain.c | 3 drivers/firmware/xilinx/zynqmp.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_events.c | 9 drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 43 +- drivers/gpu/drm/drm_gem_shmem_helper.c | 9 drivers/gpu/drm/i915/display/intel_display_types.h | 2 drivers/gpu/drm/i915/display/intel_psr.c | 207 +++++++--- drivers/gpu/drm/i915/gt/intel_ring.c | 2 drivers/gpu/drm/i915/i915_active.c | 24 - drivers/gpu/drm/meson/meson_vpp.c | 2 drivers/gpu/drm/panfrost/panfrost_mmu.c | 2 drivers/gpu/drm/sun4i/sun4i_drv.c | 6 drivers/hid/hid-core.c | 18 drivers/hid/uhid.c | 1 drivers/hwmon/adt7475.c | 8 drivers/hwmon/ina3221.c | 2 drivers/hwmon/ltc2992.c | 1 drivers/hwmon/pmbus/adm1266.c | 1 drivers/hwmon/pmbus/ucd9000.c | 75 +++ drivers/hwmon/tmp513.c | 2 drivers/hwmon/xgene-hwmon.c | 1 drivers/interconnect/core.c | 4 drivers/interconnect/samsung/exynos.c | 6 drivers/media/i2c/m5mols/m5mols_core.c | 2 drivers/mmc/host/atmel-mci.c | 3 drivers/mmc/host/sdhci_am654.c | 2 drivers/net/bonding/bond_main.c | 23 - drivers/net/dsa/mt7530.c | 64 +-- drivers/net/dsa/mv88e6xxx/chip.c | 16 drivers/net/ethernet/intel/i40e/i40e_main.c | 1 drivers/net/ethernet/intel/ice/ice.h | 14 drivers/net/ethernet/intel/ice/ice_main.c | 19 drivers/net/ethernet/intel/ice/ice_xsk.c | 4 drivers/net/ethernet/qlogic/qed/qed_dev.c | 5 drivers/net/ethernet/qlogic/qed/qed_mng_tlv.c | 2 drivers/net/ethernet/renesas/ravb_main.c | 12 drivers/net/ethernet/renesas/sh_eth.c | 12 drivers/net/ethernet/sun/ldmvsw.c | 3 drivers/net/ethernet/sun/sunvnet.c | 3 drivers/net/ipvlan/ipvlan_l3s.c | 1 drivers/net/phy/nxp-c45-tja11xx.c | 2 drivers/net/phy/smsc.c | 5 drivers/net/usb/smsc75xx.c | 7 drivers/nfc/pn533/usb.c | 1 drivers/nfc/st-nci/ndlc.c | 6 drivers/nvme/host/core.c | 28 - drivers/nvme/host/pci.c | 2 drivers/nvme/target/core.c | 4 drivers/pci/bus.c | 21 + drivers/pci/pci-driver.c | 4 drivers/pci/pci.c | 57 +- drivers/pci/pci.h | 16 drivers/pci/pcie/dpc.c | 4 drivers/scsi/hosts.c | 3 drivers/scsi/mpt3sas/mpt3sas_transport.c | 14 drivers/tty/serial/8250/8250_em.c | 4 drivers/tty/serial/8250/8250_fsl.c | 4 drivers/tty/serial/fsl_lpuart.c | 12 drivers/vdpa/vdpa_sim/vdpa_sim.c | 13 drivers/video/fbdev/stifb.c | 27 + fs/cifs/smb2inode.c | 31 + fs/cifs/transport.c | 21 - fs/ext4/inode.c | 18 fs/ext4/namei.c | 4 fs/ext4/super.c | 7 fs/ext4/xattr.c | 11 fs/jffs2/file.c | 15 include/drm/drm_bridge.h | 4 include/linux/hid.h | 3 include/linux/netdevice.h | 6 include/linux/pci.h | 1 include/linux/sh_intc.h | 5 include/linux/tracepoint.h | 15 io_uring/io_uring.c | 4 kernel/events/core.c | 2 kernel/trace/ftrace.c | 3 kernel/trace/trace.c | 2 kernel/trace/trace_events_hist.c | 3 kernel/trace/trace_hwlat.c | 3 mm/huge_memory.c | 6 net/9p/client.c | 2 net/ipv4/fib_frontend.c | 3 net/ipv4/ip_tunnel.c | 12 net/ipv4/tcp_output.c | 2 net/ipv6/ip6_tunnel.c | 4 net/iucv/iucv.c | 2 net/mptcp/pm_netlink.c | 16 net/mptcp/subflow.c | 12 net/netfilter/nft_masq.c | 2 net/netfilter/nft_nat.c | 2 net/netfilter/nft_redir.c | 4 net/smc/smc_cdc.c | 3 net/smc/smc_core.c | 2 net/xfrm/xfrm_state.c | 3 scripts/kconfig/confdata.c | 6 sound/hda/intel-dsp-config.c | 9 sound/pci/hda/hda_intel.c | 5 sound/pci/hda/patch_realtek.c | 1 tools/testing/selftests/net/devlink_port_split.py | 36 + 120 files changed, 919 insertions(+), 439 deletions(-) Alex Hung (1): drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes Alexandra Winter (1): net/iucv: Fix size of interrupt data Arınç ÜNAL (2): net: dsa: mt7530: remove now incorrect comment regarding port 5 net: dsa: mt7530: set PLL frequency and trgmii only when trgmii is used Baokun Li (3): ext4: fail ext4_iget if special inode unallocated ext4: update s_journal_inum if it changes after journal replay ext4: fix task hung in ext4_xattr_delete_inode Bard Liao (1): ALSA: hda: intel-dsp-config: add MTL PCI id Bart Van Assche (2): scsi: core: Fix a procfs host directory removal regression loop: Fix use-after-free issues Biju Das (1): serial: 8250_em: Fix UART port type Bjorn Helgaas (1): ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU() Breno Leitao (1): tcp: tcp_make_synack() can be called from process context Budimir Markovic (1): perf: Fix check before add_event_to_groups() in perf_group_detach() Błażej Szczygieł (1): drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume Chen Zhongjin (1): ftrace: Fix invalid address access in lookup_rec() when index is 0 Christian Hewitt (1): drm/meson: fix 1px pink line on GXM when scaling video overlay D. Wythe (1): net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() Damien Le Moal (2): block: null_blk: Fix handling of fake timeout request nvmet: avoid potential UAF in nvmet_req_complete() Daniil Tatianin (2): qed/qed_dev: guard against a possible division by zero qed/qed_mng_tlv: correctly zero out ->min instead of ->hour Dave Ertman (1): ice: avoid bonding causing auxiliary plug/unplug under RTNL lock David Hildenbrand (1): mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage Dmitry Osipenko (2): drm/panfrost: Don't sync rpm suspension after mmu flushing drm/shmem-helper: Remove another errant put in error path Elmer Miroslav Mosher Golovin (1): nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV3000 Eric Dumazet (1): net: tunnels: annotate lockless accesses to dev->needed_headroom Eric Van Hensbergen (1): net/9p: fix bug in client create for .L Eugenio Pérez (2): vdpa_sim: not reset state in vdpasim_queue_ready vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready Fedor Pchelkin (2): nfc: pn533: initialize struct pn533_out_arg properly io_uring: avoid null-ptr-deref in io_arm_poll_handler Francesco Dolcini (1): mmc: sdhci_am654: lower power-on failed message severity Geliang Tang (1): mptcp: add ro_after_init for tcp{,v6}_prot_override Glenn Washburn (1): docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate Greg Kroah-Hartman (1): Linux 5.15.104 Guo Ren (1): riscv: asid: Fixup stale TLB entry cause application crash Hamidreza H. Fard (1): ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro Heiner Kallweit (1): net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails Helge Deller (1): fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks Herbert Xu (1): xfrm: Allow transport-mode states with AF_UNSPEC selector Ido Schimmel (1): ipv4: Fix incorrect table ID in IOCTL path Ivan Vecera (1): i40e: Fix kernel crash during reboot when adapter is in recovery mode Janusz Krzysztofik (1): drm/i915/active: Fix misuse of non-idle barriers as fence trackers Jeremy Sowden (4): netfilter: nft_nat: correct length for loading protocol registers netfilter: nft_masq: correct length for loading protocol registers netfilter: nft_redir: correct length for loading protocol registers netfilter: nft_redir: correct value of inet type `.maxattrs` Jianguo Wu (1): ipvlan: Make skb->skb_iif track skb->dev for l3s mode Johan Hovold (4): serial: 8250_fsl: fix handle_irq locking interconnect: fix mem leak when freeing nodes interconnect: exynos: fix node leak in probe PM QoS error path drm/sun4i: fix missing component unbind on bind errors John Harrison (1): drm/i915: Don't use stolen memory for ring buffers with LLC José Roberto de Souza (3): drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area drm/i915/display/psr: Handle plane and pipe restrictions at every page flip Jouni Högander (1): drm/i915/psr: Use calculated io and fast wake lines Jurica Vukadin (1): kconfig: Update config changed flag before calling callback Krzysztof Kozlowski (1): hwmon: tmp512: drop of_match_ptr for ID table Lars-Peter Clausen (3): hwmon: (ucd90320) Add minimum delay between bus accesses hwmon: (adm1266) Set `can_sleep` flag for GPIO chip hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip Lee Jones (2): HID: core: Provide new max_buffer_size attribute to over-ride the default HID: uhid: Over-ride the default maximum data buffer value with our own Liang He (2): block: sunvdc: add check for mdesc_grab() returning NULL ethernet: sun: add check for the mdesc_grab() Linus Torvalds (1): media: m5mols: fix off-by-one loop termination error Liu Ying (1): drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc Lukas Wunner (2): PCI: Unify delay handling for reset and resume PCI/DPC: Await readiness of secondary bus after reset Maciej Fijalkowski (1): ice: xsk: disable txq irq before flushing hw Marcus Folkesson (1): hwmon: (ina3221) return prober error code Matthieu Baerts (1): mptcp: avoid setting TCP_CLOSE state twice Michael Karcher (1): sh: intc: Avoid spurious sizeof-pointer-div warning Ming Lei (1): nvme: fix handling single range discard request Nikita Zhandarovich (1): x86/mm: Fix use of uninitialized buffer in sme_enable() Niklas Schnelle (1): PCI: s390: Fix use-after-free of PCI resources with per-function hotplug Nikolay Aleksandrov (2): bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails Paolo Abeni (2): mptcp: fix possible deadlock in subflow_error_report mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket() Paolo Bonzini (1): KVM: nVMX: add missing consistency checks for CR0 and CR4 Po-Hsu Lin (1): selftests: net: devlink_port_split.py: skip test if no suitable device available Qu Huang (1): drm/amdkfd: Fix an illegal memory access Radu Pirea (OSS) (1): net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit Randy Dunlap (1): clk: HI655X: select REGMAP instead of depending on it Roman Gushchin (1): firmware: xilinx: don't make a sleepable memory allocation from an atomic context Sergey Matyukevich (1): Revert "riscv: mm: notify remote harts about mmu cache updates" Shawn Guo (1): cpuidle: psci: Iterate backwards over list in psci_pd_remove() Shawn Wang (1): x86/resctrl: Clear staged_config[] before and after it is used Sherry Sun (1): tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted Steven Rostedt (Google) (2): tracing: Check field value in hist_field_name() tracing: Make tracepoint lockdep check actually test something Sung-hun Kim (1): tracing: Make splice_read available again Sven Schnelle (1): s390/ipl: add missing intersection check to ipl_report handling Szymon Heidrich (2): net: usb: smsc75xx: Limit packet length to skb->len net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull Tero Kristo (1): trace/hwlat: Do not wipe the contents of per-cpu thread data Theodore Ts'o (1): ext4: fix possible double unlock when moving a directory Tobias Schramm (1): mmc: atmel-mci: fix race between stop command and start of next command Tom Rix (1): drm/i915/display: clean up comments Tony O'Brien (2): hwmon: (adt7475) Display smoothing attributes in correct order hwmon: (adt7475) Fix masking of hysteresis registers Vladimir Oltean (1): net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290 Volker Lendecke (1): cifs: Fix smb2_set_path_size() Wenchao Hao (1): scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Wenjia Zhang (1): net/smc: fix deadlock triggered by cancel_delayed_work_syn() Wolfram Sang (2): ravb: avoid PHY being resumed when interface is not up sh_eth: avoid PHY being resumed when interface is not up Yazen Ghannam (1): x86/mce: Make sure logged MCEs are processed after sysfs update Yifei Liu (1): jffs2: correct logic when creating a hole in jffs2_write_begin Zhang Xiaoxu (1): cifs: Move the in_send statistic to __smb_send_rqst() Zheng Wang (2): nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition

10 months, 4 weeks

2
7
0 0

[PATCH] ext4: Fix possible corruption when moving a directory

by Jan Kara

When we are renaming a directory to a different directory, we need to update '..' entry in the moved directory. However nothing prevents moved directory from being modified and even converted from the inline format to the normal format. When such race happens the rename code gets confused and we crash. Fix the problem by locking the moved directory. CC: stable(a)vger.kernel.org Fixes: 32f7f22c0b52 ("ext4: let ext4_rename handle inline dir") Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/ext4/namei.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index dd28453d6ea3..270fbcba75b6 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -3872,9 +3872,16 @@ static int ext4_rename(struct user_namespace *mnt_userns, struct inode *old_dir, if (new.dir != old.dir && EXT4_DIR_LINK_MAX(new.dir)) goto end_rename; } + /* + * We need to protect against old.inode directory getting + * converted from inline directory format into a normal one. + */ + inode_lock_nested(old.inode, I_MUTEX_NONDIR2); retval = ext4_rename_dir_prepare(handle, &old); - if (retval) + if (retval) { + inode_unlock(old.inode); goto end_rename; + } } /* * If we're renaming a file within an inline_data dir and adding or @@ -4006,6 +4013,8 @@ static int ext4_rename(struct user_namespace *mnt_userns, struct inode *old_dir, } else { ext4_journal_stop(handle); } + if (old.dir_bh) + inode_unlock(old.inode); release_bh: brelse(old.dir_bh); brelse(old.bh); -- 2.35.3

11 months

3
3
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2023