January 2024 - Linux-stable-mirror

[PATCH AUTOSEL 4.14 1/6] reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning

by Sasha Levin

From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> [ Upstream commit b5ec294472794ed9ecba0cb4b8208372842e7e0d ] 'type' is an enum, thus cast of pointer on 64-bit compile test with W=1 causes: hi6220_reset.c:166:9: error: cast to smaller integer type 'enum hi6220_reset_ctrl_type' from 'const void *' [-Werror,-Wvoid-pointer-to-enum-cast] Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20230810091300.70197-1-krzysztof.kozlowski@linaro… Signed-off-by: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/reset/hisilicon/hi6220_reset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/reset/hisilicon/hi6220_reset.c b/drivers/reset/hisilicon/hi6220_reset.c index d5e5229308f22..d77a7ad7e57a7 100644 --- a/drivers/reset/hisilicon/hi6220_reset.c +++ b/drivers/reset/hisilicon/hi6220_reset.c @@ -107,7 +107,7 @@ static int hi6220_reset_probe(struct platform_device *pdev) if (!data) return -ENOMEM; - type = (enum hi6220_reset_ctrl_type)of_device_get_match_data(dev); + type = (uintptr_t)of_device_get_match_data(dev); regmap = syscon_node_to_regmap(np); if (IS_ERR(regmap)) { -- 2.43.0

1 year, 1 month

2
7
0 0

[PATCH AUTOSEL 4.19 1/7] reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning

by Sasha Levin

From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> [ Upstream commit b5ec294472794ed9ecba0cb4b8208372842e7e0d ] 'type' is an enum, thus cast of pointer on 64-bit compile test with W=1 causes: hi6220_reset.c:166:9: error: cast to smaller integer type 'enum hi6220_reset_ctrl_type' from 'const void *' [-Werror,-Wvoid-pointer-to-enum-cast] Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20230810091300.70197-1-krzysztof.kozlowski@linaro… Signed-off-by: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/reset/hisilicon/hi6220_reset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/reset/hisilicon/hi6220_reset.c b/drivers/reset/hisilicon/hi6220_reset.c index d5e5229308f22..d77a7ad7e57a7 100644 --- a/drivers/reset/hisilicon/hi6220_reset.c +++ b/drivers/reset/hisilicon/hi6220_reset.c @@ -107,7 +107,7 @@ static int hi6220_reset_probe(struct platform_device *pdev) if (!data) return -ENOMEM; - type = (enum hi6220_reset_ctrl_type)of_device_get_match_data(dev); + type = (uintptr_t)of_device_get_match_data(dev); regmap = syscon_node_to_regmap(np); if (IS_ERR(regmap)) { -- 2.43.0

1 year, 1 month

3
9
0 0

[PATCH AUTOSEL 6.1 1/5] virtio_blk: fix snprintf truncation compiler warning

by Sasha Levin

From: Stefan Hajnoczi <stefanha(a)redhat.com> [ Upstream commit b8e0792449928943c15d1af9f63816911d139267 ] Commit 4e0400525691 ("virtio-blk: support polling I/O") triggers the following gcc 13 W=1 warnings: drivers/block/virtio_blk.c: In function ‘init_vq’: drivers/block/virtio_blk.c:1077:68: warning: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size 7 [-Wformat-truncation=] 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~ drivers/block/virtio_blk.c:1077:58: note: directive argument in the range [-2147483648, 65534] 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~~~~~~~~~~~~ drivers/block/virtio_blk.c:1077:17: note: ‘snprintf’ output between 11 and 21 bytes into a destination of size 16 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a false positive because the lower bound -2147483648 is incorrect. The true range of i is [0, num_vqs - 1] where 0 < num_vqs < 65536. The code mixes int, unsigned short, and unsigned int types in addition to using "%d" for an unsigned value. Use unsigned short and "%u" consistently to solve the compiler warning. Cc: Suwan Kim <suwan.kim027(a)gmail.com> Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202312041509.DIyvEt9h-lkp@intel.com/ Signed-off-by: Stefan Hajnoczi <stefanha(a)redhat.com> Message-Id: <20231204140743.1487843-1-stefanha(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/block/virtio_blk.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index efa5535a8e1d8..3124837aa406f 100644 --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c @@ -609,12 +609,12 @@ static void virtblk_config_changed(struct virtio_device *vdev) static int init_vq(struct virtio_blk *vblk) { int err; - int i; + unsigned short i; vq_callback_t **callbacks; const char **names; struct virtqueue **vqs; unsigned short num_vqs; - unsigned int num_poll_vqs; + unsigned short num_poll_vqs; struct virtio_device *vdev = vblk->vdev; struct irq_affinity desc = { 0, }; @@ -658,13 +658,13 @@ static int init_vq(struct virtio_blk *vblk) for (i = 0; i < num_vqs - num_poll_vqs; i++) { callbacks[i] = virtblk_done; - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%d", i); + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%u", i); names[i] = vblk->vqs[i].name; } for (; i < num_vqs; i++) { callbacks[i] = NULL; - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%u", i); names[i] = vblk->vqs[i].name; } -- 2.43.0

1 year, 1 month

2
6
0 0

[Regression 6.1.y] From "cifs: Fix flushing, invalidation and file size with copy_file_range()"

by Salvatore Bonaccorso

Hi Looping in as well regressions(a)lists.linux.dev list (and add linux-cifs(a)vger.kernel.org as well here). On Wed, Jan 03, 2024 at 11:40:04PM +0000, Jitindar Singh, Suraj wrote: > Hi, > > When testing the v6.1.69 kernel I bisected an issue to the below commit > which was added in v6.1.68. When running the xfstests[1] on cifs I > observe a null pointer dereference in cifs_flush_folio() because folio > is null and dereferenced in size = folio_size(folio). > > [1] https://github.com/kdave/xfstests > > This can be reproduced using many of the xfstests but reproduces with > generic/001 like below: > > $ ./check -cifs generic/001 > > FSTYP -- cifs > PLATFORM -- Linux/x86_64 ip-172-31-36-150 6.1.69 #2 SMP > PREEMPT_DYNAMIC Wed Jan 3 22:36:43 UTC 2024 > MKFS_OPTIONS -- //172.31.34.66/scratch > MOUNT_OPTIONS -- -ousername=ec2- > user,password=abc123,noperm,mfsymlinks,cifsacl,actimeo=0 -o > context=system_u:object_r:root_t:s0 //172.31.34.66/scratch /mnt/scratch > > generic/001 10s ... > > [ 244.135555] run fstests generic/001 at 2024-01-03 22:44:59 > [ 244.637499] BUG: kernel NULL pointer dereference, address: > 0000000000000000 > [ 244.638204] #PF: supervisor read access in kernel mode > [ 244.638698] #PF: error_code(0x0000) - not-present page > [ 244.639194] PGD 0 P4D 0 > [ 244.639466] Oops: 0000 [#1] PREEMPT SMP NOPTI > [ 244.698047] CPU: 11 PID: 4123 Comm: cp Not tainted 6.1.69 #2 > [ 244.698598] Hardware name: Amazon EC2 m6i.4xlarge/, BIOS 1.0 > 10/16/2017 > [ 244.699228] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs] > [ 244.699782] Code: d2 41 54 89 cc 31 c9 55 53 48 89 f3 48 c1 ee 0c 48 > 83 ec 08 48 8b 7f 30 e8 7d 2c a6 f8 48 3d 00 f0 ff ff 0f 87 a5 00 00 00 > <48> 8b 10 48 89 c5 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4d > [ 244.799263] RSP: 0018:ffffc25441ffbd20 EFLAGS: 00010207 > [ 244.888911] RAX: 0000000000000000 RBX: 0000000000000000 RCX: > 0000000000000000 > [ 244.898446] RDX: 0000000000000000 RSI: 0000000000000000 RDI: > ffff9ed945eac000 > [ 244.899136] RBP: 00000000000003a1 R08: 0000000000000001 R09: > 0000000000000000 > [ 244.997779] R10: 0000000000003e7f R11: 0000000000000000 R12: > ffffc25441ffbd90 > [ 244.998564] R13: ffffc25441ffbd88 R14: ffff9ed94af23850 R15: > 0000000000000001 > [ 244.999264] FS: 00007f111404d340(0000) GS:ffff9ee7fecc0000(0000) > knlGS:0000000000000000 > [ 245.097782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 245.098345] CR2: 0000000000000000 CR3: 00000001211fc001 CR4: > 00000000007706e0 > [ 245.099122] DR0: 0000000000000000 DR1: 0000000000000000 DR2: > 0000000000000000 > [ 245.099854] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: > 0000000000000400 > [ 245.198200] PKRU: 55555554 > [ 245.198478] Call Trace: > [ 245.198735] <TASK> > [ 245.198967] ? show_trace_log_lvl+0x1c4/0x2d2 > [ 245.199399] ? show_trace_log_lvl+0x1c4/0x2d2 > [ 245.199830] ? cifs_remap_file_range+0x15d/0x5e0 [cifs] > [ 245.298029] ? __die_body.cold+0x8/0xd > [ 245.298402] ? page_fault_oops+0xac/0x140 > [ 245.298943] ? exc_page_fault+0x62/0x140 > [ 245.299336] ? asm_exc_page_fault+0x22/0x30 > [ 245.299751] ? cifs_flush_folio+0x3f/0x100 [cifs] > [ 245.397858] ? cifs_precopy_set_eof+0x73/0x110 [cifs] > [ 245.398383] cifs_remap_file_range+0x15d/0x5e0 [cifs] > [ 245.398909] do_clone_file_range+0xe7/0x230 > [ 245.399329] vfs_clone_file_range+0x37/0x140 > [ 245.399861] ioctl_file_clone+0x45/0xa0 > [ 245.497918] do_vfs_ioctl+0x79/0x890 > [ 245.498328] __x64_sys_ioctl+0x69/0xc0 > [ 245.498706] do_syscall_64+0x38/0x90 > [ 245.499070] entry_SYSCALL_64_after_hwframe+0x64/0xce > [ 245.499568] RIP: 0033:0x7f1113e3ec6b > [ 245.499929] Code: 73 01 c3 48 8b 0d 9500 f7 d8 64 89 01 48 83 c8 ff > c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 > <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 65 a1 1b 00 f7 d8 64 89 01 48 > [ 245.599410] RSP: 002b:00007fff140ebb88 EFLAGS: 00000246 ORIG_RAX: > 0000000000000010 > [ 245.697930] RAX: ffffffffffffffda RBX: 00007fff140ec3b0 RCX: > 00007f1113e3ec6b > [ 245.698620] RDX: 0000000000000003 RSI: 0000000040049409 RDI: > 0000000000000004 > [ 245.699306] RBP: 0000000000000003 R08: 0000000000000001 R09: > 0000000000000004 > [ 245.797942] R10: 0000000000001000 R11: 0000000000000246 R12: > 00007fff140ed616 > [ 245.798789] R13: 00007fff140ebfa0 R14: 0000000000000000 R15: > 0000000000000002 > [ 245.799485] </TASK> > [ 245.799720] Modules linked in: cmac nls_utf8 cifs cifs_arc4 cifs_md4 > dns_lver mousedev sunrpc nls_ascii nls_cp437 vfat fat psmouse > ghash_clmulni_intel atkbd libps2 vivaldi_fmap aesni_intel ena i8042 > crypto_simd serio cryptd button drm sch_fq_codel fuse i2c_core configfs > drm_panel_orientation_quirks loop backlight dmi_sysfs crc32_pclmul > intel dm_mirror dm_region_hash dm_log dm_mod dax efivarfs > [ 245.998457] CR2: 0000000000000000 > [ 245.998800] ---[ end trace 0000000000000000 ]--- > [ 246.087916] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs] > [ 246.088794] Code: d2 41 54 49 89 cc 31 c9 55 53 48 89 f3 48 c1 ee 0c > 48 83 ec 08 48 8b 7f 30 e8 7d 2c a6 f8 48 3d 00 f0 ff ff 0f 87 a5 00 00 > 00 <48> 8b 10 48 89 c5 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4d > [ 246.099436] RSP: 0018:ffffc25441ffbd20 EFLAGS: 00010207 > [ 246.189258] RAX: 0000000000000000 RBX: 0000000000000000 RCX: > 0000000000000000 > [ 246.198724] RDX: 0000000000000000 RSI: 0000000000000000 RDI: > ffff9ed945eac000 > [ 246.199411] RBP: 00000000000003a1 R08: 0000000000000001 R09: > 0000000000000000 > [ 246.298002] R10: 0000000000003e7f R11: 0000000000000000 R12: > ffffc25441ffbd90 > [ 246.298687] R13: ffffc25441ffbd88 R14: ffff9ed94af23850 R15: > 0000000000000001 > [ 246.299372] FS: 00007f111404d340(0000) GS:ffff9ee7fecc0000(0000) > knlGS:0000000000000000 > [ 246.398006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 246.398569] CR2: 0000000000000000 CR3: 00000001211fc001 CR4: > 00000000007706e0 > [ 246.399254] DR0: 0000000000000000 DR1: 0000000000000000 DR2: > 0000000000000000 > [ 246.399934] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: > 0000000000000400 > [ 246.498414] PKRU: 55555554 > [ 246.498698] Kernel panic - not syncing: Fatal exception > [ 246.500042] Kernel Offset: 0x38000000 from 0xffffffff81000000 > (relocation range: 0xffffffff80000000-0xffffffffbfffffff) > [ 246.698094] Rebooting in 5 seconds.. > > Any ideas what is causing this and what the resolution is? This doesn't > occur on the upstream/master kernel. > > Thanks, > Suraj > > On Mon, 2023-12-11 at 13:57 +0100, gregkh(a)linuxfoundation.org wrote: > > > > This is a note to let you know that I've just added the patch titled > > > > cifs: Fix flushing, invalidation and file size with > > copy_file_range() > > > > to the 6.1-stable tree which can be found at: > > > > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > > > The filename of the patch is: > > cifs-fix-flushing-invalidation-and-file-size-with- > > copy_file_range.patch > > and it can be found in the queue-6.1 subdirectory. > > > > If you, or anyone else, feels it should not be added to the stable > > tree, > > please let <stable(a)vger.kernel.org> know about it. > > > > > > > From 7b2404a886f8b91250c31855d287e632123e1746 Mon Sep 17 00:00:00 > > > 2001 > > From: David Howells <dhowells(a)redhat.com> > > Date: Fri, 1 Dec 2023 00:22:00 +0000 > > Subject: cifs: Fix flushing, invalidation and file size with > > copy_file_range() > > > > From: David Howells <dhowells(a)redhat.com> > > > > commit 7b2404a886f8b91250c31855d287e632123e1746 upstream. > > > > Fix a number of issues in the cifs filesystem implementation of the > > copy_file_range() syscall in cifs_file_copychunk_range(). > > > > Firstly, the invalidation of the destination range is handled > > incorrectly: > > We shouldn't just invalidate the whole file as dirty data in the file > > may > > get lost and we can't just call truncate_inode_pages_range() to > > invalidate > > the destination range as that will erase parts of a partial folio at > > each > > end whilst invalidating and discarding all the folios in the middle. > > We > > need to force all the folios covering the range to be reloaded, but > > we > > mustn't lose dirty data in them that's not in the destination range. > > > > Further, we shouldn't simply round out the range to PAGE_SIZE at each > > end > > as cifs should move to support multipage folios. > > > > Secondly, there's an issue whereby a write may have extended the file > > locally, but not have been written back yet. This can leaves the > > local > > idea of the EOF at a later point than the server's EOF. If a copy > > request > > is issued, this will fail on the server with STATUS_INVALID_VIEW_SIZE > > (which gets translated to -EIO locally) if the copy source extends > > past the > > server's EOF. > > > > Fix this by: > > > > (0) Flush the source region (already done). The flush does nothing > > and > > the EOF isn't moved if the source region has no dirty data. > > > > (1) Move the EOF to the end of the source region if it isn't already > > at > > least at this point. If we can't do this, for instance if the > > server > > doesn't support it, just flush the entire source file. > > > > (2) Find the folio (if present) at each end of the range, flushing > > it and > > increasing the region-to-be-invalidated to cover those in their > > entirety. > > > > (3) Fully discard all the folios covering the range as we want them > > to be > > reloaded. > > > > (4) Then perform the copy. > > > > Thirdly, set i_size after doing the copychunk_range operation as this > > value > > may be used by various things internally. stat() hides the issue > > because > > setting ->time to 0 causes cifs_getatr() to revalidate the > > attributes. > > > > These were causing the generic/075 xfstest to fail. > > > > Fixes: 620d8745b35d ("Introduce cifs_copy_file_range()") > > Cc: stable(a)vger.kernel.org > > Signed-off-by: David Howells <dhowells(a)redhat.com> > > cc: Paulo Alcantara <pc(a)manguebit.com> > > cc: Shyam Prasad N <nspmangalore(a)gmail.com> > > cc: Rohith Surabattula <rohiths.msft(a)gmail.com> > > cc: Matthew Wilcox <willy(a)infradead.org> > > cc: Jeff Layton <jlayton(a)kernel.org> > > cc: linux-cifs(a)vger.kernel.org > > cc: linux-mm(a)kvack.org > > Signed-off-by: David Howells <dhowells(a)redhat.com> > > Signed-off-by: Steve French <stfrench(a)microsoft.com> > > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > --- > > fs/smb/client/cifsfs.c | 102 > > +++++++++++++++++++++++++++++++++++++++++++++++-- > > 1 file changed, 99 insertions(+), 3 deletions(-) > > > > --- a/fs/smb/client/cifsfs.c > > +++ b/fs/smb/client/cifsfs.c > > @@ -1191,6 +1191,72 @@ const struct inode_operations cifs_symli > > .listxattr = cifs_listxattr, > > }; > > > > +/* > > + * Advance the EOF marker to after the source range. > > + */ > > +static int cifs_precopy_set_eof(struct inode *src_inode, struct > > cifsInodeInfo *src_cifsi, > > + struct cifs_tcon *src_tcon, > > + unsigned int xid, loff_t src_end) > > +{ > > + struct cifsFileInfo *writeable_srcfile; > > + int rc = -EINVAL; > > + > > + writeable_srcfile = find_writable_file(src_cifsi, > > FIND_WR_FSUID_ONLY); > > + if (writeable_srcfile) { > > + if (src_tcon->ses->server->ops->set_file_size) > > + rc = src_tcon->ses->server->ops- > > >set_file_size( > > + xid, src_tcon, writeable_srcfile, > > + src_inode->i_size, true /* no need to > > set sparse */); > > + else > > + rc = -ENOSYS; > > + cifsFileInfo_put(writeable_srcfile); > > + cifs_dbg(FYI, "SetFSize for copychunk rc = %d\n", > > rc); > > + } > > + > > + if (rc < 0) > > + goto set_failed; > > + > > + netfs_resize_file(&src_cifsi->netfs, src_end); > > + fscache_resize_cookie(cifs_inode_cookie(src_inode), src_end); > > + return 0; > > + > > +set_failed: > > + return filemap_write_and_wait(src_inode->i_mapping); > > +} > > + > > +/* > > + * Flush out either the folio that overlaps the beginning of a range > > in which > > + * pos resides or the folio that overlaps the end of a range unless > > that folio > > + * is entirely within the range we're going to invalidate. We > > extend the flush > > + * bounds to encompass the folio. > > + */ > > +static int cifs_flush_folio(struct inode *inode, loff_t pos, loff_t > > *_fstart, loff_t *_fend, > > + bool first) > > +{ > > + struct folio *folio; > > + unsigned long long fpos, fend; > > + pgoff_t index = pos / PAGE_SIZE; > > + size_t size; > > + int rc = 0; > > + > > + folio = filemap_get_folio(inode->i_mapping, index); > > + if (IS_ERR(folio)) > > + return 0; > > + > > + size = folio_size(folio); > > + fpos = folio_pos(folio); > > + fend = fpos + size - 1; > > + *_fstart = min_t(unsigned long long, *_fstart, fpos); > > + *_fend = max_t(unsigned long long, *_fend, fend); > > + if ((first && pos == fpos) || (!first && pos == fend)) > > + goto out; > > + > > + rc = filemap_write_and_wait_range(inode->i_mapping, fpos, > > fend); > > +out: > > + folio_put(folio); > > + return rc; > > +} > > + > > static loff_t cifs_remap_file_range(struct file *src_file, loff_t > > off, > > struct file *dst_file, loff_t destoff, loff_t len, > > unsigned int remap_flags) > > @@ -1260,10 +1326,12 @@ ssize_t cifs_file_copychunk_range(unsign > > { > > struct inode *src_inode = file_inode(src_file); > > struct inode *target_inode = file_inode(dst_file); > > + struct cifsInodeInfo *src_cifsi = CIFS_I(src_inode); > > struct cifsFileInfo *smb_file_src; > > struct cifsFileInfo *smb_file_target; > > struct cifs_tcon *src_tcon; > > struct cifs_tcon *target_tcon; > > + unsigned long long destend, fstart, fend; > > ssize_t rc; > > > > cifs_dbg(FYI, "copychunk range\n"); > > @@ -1303,13 +1371,41 @@ ssize_t cifs_file_copychunk_range(unsign > > if (rc) > > goto unlock; > > > > - /* should we flush first and last page first */ > > - truncate_inode_pages(&target_inode->i_data, 0); > > + /* The server-side copy will fail if the source crosses the > > EOF marker. > > + * Advance the EOF marker after the flush above to the end of > > the range > > + * if it's short of that. > > + */ > > + if (src_cifsi->server_eof < off + len) { > > + rc = cifs_precopy_set_eof(src_inode, src_cifsi, > > src_tcon, xid, off + len); > > + if (rc < 0) > > + goto unlock; > > + } > > + > > + destend = destoff + len - 1; > > + > > + /* Flush the folios at either end of the destination range to > > prevent > > + * accidental loss of dirty data outside of the range. > > + */ > > + fstart = destoff; > > + fend = destend; > > + > > + rc = cifs_flush_folio(target_inode, destoff, &fstart, &fend, > > true); > > + if (rc) > > + goto unlock; > > + rc = cifs_flush_folio(target_inode, destend, &fstart, &fend, > > false); > > + if (rc) > > + goto unlock; > > + > > + /* Discard all the folios that overlap the destination > > region. */ > > + truncate_inode_pages_range(&target_inode->i_data, fstart, > > fend); > > > > rc = file_modified(dst_file); > > - if (!rc) > > + if (!rc) { > > rc = target_tcon->ses->server->ops- > > >copychunk_range(xid, > > smb_file_src, smb_file_target, off, len, > > destoff); > > + if (rc > 0 && destoff + rc > > > i_size_read(target_inode)) > > + truncate_setsize(target_inode, destoff + rc); > > + } > > > > file_accessed(src_file); > > > > > > > > Patches currently in stable-queue which might be from > > dhowells(a)redhat.com are > > > > queue-6.1/cifs-fix-flushing-invalidation-and-file-size-with- > > copy_file_range.patch > > queue-6.1/cifs-fix-flushing-invalidation-and-file-size-with- > > ficlone.patch > > queue-6.1/cifs-fix-non-availability-of-dedup-breaking-generic- > > 304.patch > > > It looks we had as well some reports in Debian about this regression. Copying a file within the same cifs mount seems to trigger the NULL pointer dereference: [ 1640.742300] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 1640.742309] #PF: supervisor read access in kernel mode [ 1640.742313] #PF: error_code(0x0000) - not-present page [ 1640.742317] PGD 0 P4D 0 [ 1640.742322] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 1640.742327] CPU: 6 PID: 1972 Comm: cp Not tainted 6.1.0-17-amd64 #1 Debian 6.1.69-1 [ 1640.742333] Hardware name: LENOVO 20XXS1FU00/20XXS1FU00, BIOS N32ET89W (1.65 ) 11/13/2023 [ 1640.742336] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs] [ 1640.742412] Code: d2 41 54 49 89 cc 31 c9 55 48 89 f5 48 c1 ee 0c 53 48 83 ec 08 48 8b 7f 30 e8 8d 9a 97 dd 48 3d 00 f0 ff ff 0f 87 a5 00 00 00 <48> 8b 10 48 89 c3 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4b [ 1640.742417] RSP: 0018:ffff9eac8181fd18 EFLAGS: 00010207 [ 1640.742422] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 1640.742425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8a0a758b0000 [ 1640.742428] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 1640.742431] R10: 0000000000000003 R11: ffff8a09c596fa00 R12: ffff9eac8181fd88 [ 1640.742433] R13: ffff9eac8181fd80 R14: ffff8a0a707bda48 R15: 0000000000000001 [ 1640.742437] FS: 00007f7dc8764800(0000) GS:ffff8a10ff780000(0000) knlGS:0000000000000000 [ 1640.742441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1640.742444] CR2: 0000000000000000 CR3: 000000015eff0003 CR4: 0000000000770ee0 [ 1640.742448] PKRU: 55555554 [ 1640.742450] Call Trace: [ 1640.742454] <TASK> [ 1640.742459] ? __die_body.cold+0x1a/0x1f [ 1640.742468] ? page_fault_oops+0xd2/0x2b0 [ 1640.742476] ? exc_page_fault+0x70/0x170 [ 1640.742482] ? asm_exc_page_fault+0x22/0x30 [ 1640.742492] ? cifs_flush_folio+0x3f/0x100 [cifs] [ 1640.742558] ? cifs_flush_folio+0x33/0x100 [cifs] [ 1640.742622] ? cifs_precopy_set_eof+0x2b/0x150 [cifs] [ 1640.742688] cifs_remap_file_range+0x16d/0x680 [cifs] [ 1640.742755] do_clone_file_range+0xe6/0x230 [ 1640.742762] vfs_clone_file_range+0x37/0x140 [ 1640.742767] ioctl_file_clone+0x49/0xb0 [ 1640.742774] do_vfs_ioctl+0x77/0x910 [ 1640.742780] __x64_sys_ioctl+0x6e/0xd0 [ 1640.742785] do_syscall_64+0x58/0xc0 [ 1640.742794] entry_SYSCALL_64_after_hwframe+0x64/0xce [ 1640.742801] RIP: 0033:0x7f7dc8900b5b [ 1640.742806] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 1640.742810] RSP: 002b:00007ffe4b899000 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1640.742815] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f7dc8900b5b [ 1640.742817] RDX: 0000000000000003 RSI: 0000000040049409 RDI: 0000000000000004 [ 1640.742820] RBP: 00007ffe4b899440 R08: 00007ffe4b899600 R09: 0000000000000001 [ 1640.742823] R10: 00007f7dc881a358 R11: 0000000000000246 R12: 0000000000000001 [ 1640.742825] R13: 00007ffe4b899dc3 R14: 0000000000008000 R15: 0000000000000000 [ 1640.742831] </TASK> [ 1640.742832] Modules linked in: nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver fscache netfs ctr ccm rfcomm cmac algif_hash algif_skcipher af_alg snd_seq_dummy snd_hrtimer snd_seq snd_seq_device bnep btusb btrtl btbcm btintel btmtk bluetooth uvcvideo videobuf2_vmalloc videobuf2_memops jitterentropy_rng videobuf2_v4l2 videobuf2_common drbg videodev ansi_cprng mc ecdh_generic ecc qrtr ip6t_REJECT nf_reject_ipv6 xt_hl ip6_tables ip6t_rt snd_ctl_led snd_soc_skl_hda_dsp snd_soc_intel_hda_dsp_common binfmt_misc snd_soc_hdac_hdmi ipt_REJECT snd_sof_probes nf_reject_ipv4 xt_LOG nf_log_syslog xt_comment nft_limit xt_limit xt_addrtype snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_soc_dmic snd_sof_pci_intel_tgl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation joydev soundwire_cadence snd_sof_intel_hda x86_pkg_temp_thermal snd_sof_pci intel_powerclamp snd_sof_xtensa_dsp coretemp snd_sof snd_sof_utils snd_soc_hdac_hda kvm_intel snd_hda_ext_core [ 1640.742921] snd_soc_acpi_intel_match xt_tcpudp snd_soc_acpi kvm snd_soc_core xt_conntrack irqbypass nf_conntrack crc32_pclmul snd_compress nf_defrag_ipv6 soundwire_bus nf_defrag_ipv4 ghash_clmulni_intel iwlmvm nft_compat snd_hda_intel sha512_ssse3 snd_intel_dspcfg nf_tables snd_intel_sdw_acpi sha512_generic mac80211 libcrc32c snd_hda_codec hid_multitouch nfnetlink processor_thermal_device_pci_legacy hid_generic sha256_ssse3 iTCO_wdt snd_hda_core processor_thermal_device sha1_ssse3 intel_pmc_bxt iTCO_vendor_support processor_thermal_rfim libarc4 pmt_telemetry rapl thinkpad_acpi snd_hwdep xhci_pci processor_thermal_mbox mei_hdcp watchdog intel_rapl_msr snd_pcm pmt_class nls_ascii nvram intel_cstate processor_thermal_rapl xhci_hcd ucsi_acpi iwlwifi platform_profile snd_timer nls_cp437 intel_uncore i2c_hid_acpi intel_lpss_pci usbcore typec_ucsi ledtrig_audio think_lmi mei_me i2c_i801 intel_rapl_common snd pcspkr vfat i2c_hid intel_lpss roles cfg80211 firmware_attributes_class mei [ 1640.743007] thunderbolt usb_common soundcore wmi_bmof fat int3403_thermal idma64 i2c_smbus intel_vsec typec intel_soc_dts_iosf hid igen6_edac button battery ac rfkill soc_button_array int340x_thermal_zone int3400_thermal intel_hid intel_pmc_core acpi_thermal_rel acpi_tad acpi_pad sparse_keymap msr parport_pc ppdev lp parport loop fuse efi_pstore configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic dm_crypt dm_mod i915 i2c_algo_bit drm_buddy nvme drm_display_helper nvme_core crc32c_intel t10_pi drm_kms_helper crc64_rocksoft cec crc64 rc_core crc_t10dif ttm crct10dif_generic aesni_intel crct10dif_pclmul psmouse drm evdev crypto_simd cryptd crct10dif_common serio_raw video wmi [ 1640.743095] CR2: 0000000000000000 [ 1640.743098] ---[ end trace 0000000000000000 ]--- [ 1640.957607] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs] [ 1640.957681] Code: d2 41 54 49 89 cc 31 c9 55 48 89 f5 48 c1 ee 0c 53 48 83 ec 08 48 8b 7f 30 e8 8d 9a 97 dd 48 3d 00 f0 ff ff 0f 87 a5 00 00 00 <48> 8b 10 48 89 c3 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4b [ 1640.957683] RSP: 0018:ffff9eac8181fd18 EFLAGS: 00010207 [ 1640.957685] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 1640.957686] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8a0a758b0000 [ 1640.957687] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 1640.957688] R10: 0000000000000003 R11: ffff8a09c596fa00 R12: ffff9eac8181fd88 [ 1640.957689] R13: ffff9eac8181fd80 R14: ffff8a0a707bda48 R15: 0000000000000001 [ 1640.957691] FS: 00007f7dc8764800(0000) GS:ffff8a10ff780000(0000) knlGS:0000000000000000 [ 1640.957692] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1640.957693] CR2: 0000000000000000 CR3: 000000015eff0003 CR4: 0000000000770ee0 [ 1640.957695] PKRU: 55555554 [ 1640.957696] note: cp[1972] exited with irqs disabled #regzbot ^introduced 18b02e4343e8f5be6a2f44c7ad9899b385a92730 #regzbot link: https://bugs.debian.org/1060005 #regzbot link: https://bugs.debian.org/1060052 Regards, Salvatore

1 year, 1 month

6
13
0 0

Re: [Regression 6.1.y] From "cifs: Fix flushing, invalidation and file size with copy_file_range()"

by Matthew Wilcox

On Sat, Jan 13, 2024 at 11:08:00AM -0600, Steve French wrote: > I thought that it was "safer" since if it was misapplied to version where > new folio rc behavior it wouldn't regress anything There are only three versions where this patch can be applied: 6.7, 6.6 and 6.1. AIUI it's a backport from 6.7, it's already applied to 6.6, and it misapplies to 6.1. So this kind of belt-and-braces approach is unnecessary.

1 year, 1 month

2
1
0 0

Crash in NVME tracing on 5.10LTS

by John Sperbeck

With 5.10LTS (e.g., 5.10.206), on a machine using an NVME device, the following tracing commands will trigger a crash due to a NULL pointer dereference: KDIR=/sys/kernel/debug/tracing echo 1 > $KDIR/tracing_on echo 1 > $KDIR/events/nvme/enable echo "Waiting for trace events..." cat $KDIR/trace_pipe The backtrace looks something like this: Call Trace: <IRQ> ? __die_body+0x6b/0xb0 ? __die+0x9e/0xb0 ? no_context+0x3eb/0x460 ? ttwu_do_activate+0xf0/0x120 ? __bad_area_nosemaphore+0x157/0x200 ? select_idle_sibling+0x2f/0x410 ? bad_area_nosemaphore+0x13/0x20 ? do_user_addr_fault+0x2ab/0x360 ? exc_page_fault+0x69/0x180 ? asm_exc_page_fault+0x1e/0x30 ? trace_event_raw_event_nvme_complete_rq+0xba/0x170 ? trace_event_raw_event_nvme_complete_rq+0xa3/0x170 nvme_complete_rq+0x168/0x170 nvme_pci_complete_rq+0x16c/0x1f0 nvme_handle_cqe+0xde/0x190 nvme_irq+0x78/0x100 __handle_irq_event_percpu+0x77/0x1e0 handle_irq_event+0x54/0xb0 handle_edge_irq+0xdf/0x230 asm_call_irq_on_stack+0xf/0x20 </IRQ> common_interrupt+0x9e/0x150 asm_common_interrupt+0x1e/0x40 It looks to me like these two upstream commits were backported to 5.10: 679c54f2de67 ("nvme: use command_id instead of req->tag in trace_nvme_complete_rq()") e7006de6c238 ("nvme: code command_id with a genctr for use-after-free validation") But they depend on this upstream commit to initialize the 'cmd' field in some cases: f4b9e6c90c57 ("nvme: use driver pdu command for passthrough") Does it sound like I'm on the right track? The 5.15LTS and later seems to be okay.

1 year, 1 month

3
5
0 0

[REGRESSION] In v5.15.146 an ax88179_178a USB ethernet adapter causes crashes

by Jeffery Miller

For 5.15 attempting to use an ax88179_178a adapter "0b95:1790 ASIX Electronics Corp. AX88179 Gigabit Ethernet" started causing crashes. This did not reproduce in the 6.6 kernel. The crashes were narrowed down to the following two commits brought into v5.15.146: commit d63fafd6cc28 ("net: usb: ax88179_178a: avoid failed operations when device is disconnected") commit f860413aa00c ("net: usb: ax88179_178a: wol optimizations") Those two use an uninitialized pointer `dev->driver_priv`. In later kernels this pointer is initialized in commit 2bcbd3d8a7b4 ("net: usb: ax88179_178a: move priv to driver_priv"). Picking in the two following commits fixed the issue for me on 5.15: commit 9718f9ce5b86 ("net: usb: ax88179_178a: remove redundant init code") commit 2bcbd3d8a7b4 ("net: usb: ax88179_178a: move priv to driver_priv") The commit 9718f9ce5b86 ("net: usb: ax88179_178a: remove redundant init code") was required for the fix to apply cleanly.

1 year, 1 month

3
2
0 0

[PATCH 5.15 0/2] tracing/kprobes: Fix symbol counting logic by looking at modules as well

by Markus Boehme

This backports the fix to the kprobe_events interface allowing to create kprobes on symbols defined in loadable modules again. The backport is simpler than ones for later kernels, since the backport of the commit introducing the bug already brought along much of the code needed to fix it. Andrii Nakryiko (1): tracing/kprobes: Fix symbol counting logic by looking at modules as well Jiri Olsa (1): kallsyms: Make module_kallsyms_on_each_symbol generally available include/linux/module.h | 9 +++++++++ kernel/module.c | 2 -- kernel/trace/trace_kprobe.c | 2 ++ 3 files changed, 11 insertions(+), 2 deletions(-) -- 2.40.1

1 year, 1 month

2
3
0 0

[PATCH stable 4.19.x 1/4] net: add a route cache full diagnostic message

by Suraj Jitindar Singh

From: Peter Oskolkov <posk(a)google.com> commit 22c2ad616b74f3de2256b242572ab449d031d941 upstream. In some testing scenarios, dst/route cache can fill up so quickly that even an explicit GC call occasionally fails to clean it up. This leads to sporadically failing calls to dst_alloc and "network unreachable" errors to the user, which is confusing. This patch adds a diagnostic message to make the cause of the failure easier to determine. Signed-off-by: Peter Oskolkov <posk(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Suraj Jitindar Singh <surajjs(a)amazon.com> Cc: <stable(a)vger.kernel.org> # 4.19.x --- net/core/dst.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/net/core/dst.c b/net/core/dst.c index 81ccf20e2826..a263309df115 100644 --- a/net/core/dst.c +++ b/net/core/dst.c @@ -98,8 +98,12 @@ void *dst_alloc(struct dst_ops *ops, struct net_device *dev, struct dst_entry *dst; if (ops->gc && dst_entries_get_fast(ops) > ops->gc_thresh) { - if (ops->gc(ops)) + if (ops->gc(ops)) { + printk_ratelimited(KERN_NOTICE "Route cache is full: " + "consider increasing sysctl " + "net.ipv[4|6].route.max_size.\n"); return NULL; + } } dst = kmem_cache_alloc(ops->kmem_cachep, GFP_ATOMIC); -- 2.34.1

1 year, 1 month

2
4
0 0

[PATCH 5.4.y] netfilter: nf_tables: Reject tables of unsupported family

by Cengiz Can

From: Phil Sutter <phil(a)nwl.cc> commit f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 upstream. An nftables family is merely a hollow container, its family just a number and such not reliant on compile-time options other than nftables support itself. Add an artificial check so attempts at using a family the kernel can't support fail as early as possible. This helps user space detect kernels which lack e.g. NFPROTO_INET. Signed-off-by: Phil Sutter <phil(a)nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Cengiz Can <cengiz.can(a)canonical.com> --- net/netfilter/nf_tables_api.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 78be121f38ac..915df77161e1 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1005,6 +1005,30 @@ static int nft_objname_hash_cmp(struct rhashtable_compare_arg *arg, return strcmp(obj->key.name, k->name); } +static bool nft_supported_family(u8 family) +{ + return false +#ifdef CONFIG_NF_TABLES_INET + || family == NFPROTO_INET +#endif +#ifdef CONFIG_NF_TABLES_IPV4 + || family == NFPROTO_IPV4 +#endif +#ifdef CONFIG_NF_TABLES_ARP + || family == NFPROTO_ARP +#endif +#ifdef CONFIG_NF_TABLES_NETDEV + || family == NFPROTO_NETDEV +#endif +#if IS_ENABLED(CONFIG_NF_TABLES_BRIDGE) + || family == NFPROTO_BRIDGE +#endif +#ifdef CONFIG_NF_TABLES_IPV6 + || family == NFPROTO_IPV6 +#endif + ; +} + static int nf_tables_newtable(struct net *net, struct sock *nlsk, struct sk_buff *skb, const struct nlmsghdr *nlh, const struct nlattr * const nla[], @@ -1020,6 +1044,9 @@ static int nf_tables_newtable(struct net *net, struct sock *nlsk, struct nft_ctx ctx; int err; + if (!nft_supported_family(family)) + return -EOPNOTSUPP; + lockdep_assert_held(&nft_net->commit_mutex); attr = nla[NFTA_TABLE_NAME]; table = nft_table_lookup(net, attr, family, genmask); -- 2.40.1

1 year, 1 month

2
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2024