May 2024 - Linux-stable-mirror

[PATCH] Input: try trimming too long modalias strings

by Jason Andryuk

From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> commit 0774d19038c496f0c3602fb505c43e1b2d8eed85 upstream. If an input device declares too many capability bits then modalias string for such device may become too long and not fit into uevent buffer, resulting in failure of sending said uevent. This, in turn, may prevent userspace from recognizing existence of such devices. This is typically not a concern for real hardware devices as they have limited number of keys, but happen with synthetic devices such as ones created by xen-kbdfront driver, which creates devices as being capable of delivering all possible keys, since it doesn't know what keys the backend may produce. To deal with such devices input core will attempt to trim key data, in the hope that the rest of modalias string will fit in the given buffer. When trimming key data it will indicate that it is not complete by placing "+," sign, resulting in conversions like this: old: k71,72,73,74,78,7A,7B,7C,7D,8E,9E,A4,AD,E0,E1,E4,F8,174, new: k71,72,73,74,78,7A,7B,7C,+, This should allow existing udev rules continue to work with existing devices, and will also allow writing more complex rules that would recognize trimmed modalias and check input device characteristics by other means (for example by parsing KEY= data in uevent or parsing input device sysfs attributes). Note that the driver core may try adding more uevent environment variables once input core is done adding its own, so when forming modalias we can not use the entire available buffer, so we reduce it by somewhat an arbitrary amount (96 bytes). Reported-by: Jason Andryuk <jandryuk(a)gmail.com> Reviewed-by: Peter Hutterer <peter.hutterer(a)who-t.net> Tested-by: Jason Andryuk <jandryuk(a)gmail.com> Link: https://lore.kernel.org/r/ZjAWMQCJdrxZkvkB@google.com Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> [ Apply to linux-6.1.y ] Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com> --- Patch did not automatically apply to 6.1.y because input_print_modalias_parts() does not have const on *id. Tested on 6.1. Seems to also apply and build on 5.4 and 4.19. drivers/input/input.c | 104 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 89 insertions(+), 15 deletions(-) diff --git a/drivers/input/input.c b/drivers/input/input.c index 8b6a922f8470..eb2bb8cbec3c 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1374,19 +1374,19 @@ static int input_print_modalias_bits(char *buf, int size, char name, unsigned long *bm, unsigned int min_bit, unsigned int max_bit) { - int len = 0, i; + int bit = min_bit; + int len = 0; len += snprintf(buf, max(size, 0), "%c", name); - for (i = min_bit; i < max_bit; i++) - if (bm[BIT_WORD(i)] & BIT_MASK(i)) - len += snprintf(buf + len, max(size - len, 0), "%X,", i); + for_each_set_bit_from(bit, bm, max_bit) + len += snprintf(buf + len, max(size - len, 0), "%X,", bit); return len; } -static int input_print_modalias(char *buf, int size, struct input_dev *id, - int add_cr) +static int input_print_modalias_parts(char *buf, int size, int full_len, + const struct input_dev *id) { - int len; + int len, klen, remainder, space; len = snprintf(buf, max(size, 0), "input:b%04Xv%04Xp%04Xe%04X-", @@ -1395,8 +1395,48 @@ static int input_print_modalias(char *buf, int size, struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'e', id->evbit, 0, EV_MAX); - len += input_print_modalias_bits(buf + len, size - len, + + /* + * Calculate the remaining space in the buffer making sure we + * have place for the terminating 0. + */ + space = max(size - (len + 1), 0); + + klen = input_print_modalias_bits(buf + len, size - len, 'k', id->keybit, KEY_MIN_INTERESTING, KEY_MAX); + len += klen; + + /* + * If we have more data than we can fit in the buffer, check + * if we can trim key data to fit in the rest. We will indicate + * that key data is incomplete by adding "+" sign at the end, like + * this: * "k1,2,3,45,+,". + * + * Note that we shortest key info (if present) is "k+," so we + * can only try to trim if key data is longer than that. + */ + if (full_len && size < full_len + 1 && klen > 3) { + remainder = full_len - len; + /* + * We can only trim if we have space for the remainder + * and also for at least "k+," which is 3 more characters. + */ + if (remainder <= space - 3) { + /* + * We are guaranteed to have 'k' in the buffer, so + * we need at least 3 additional bytes for storing + * "+," in addition to the remainder. + */ + for (int i = size - 1 - remainder - 3; i >= 0; i--) { + if (buf[i] == 'k' || buf[i] == ',') { + strcpy(buf + i + 1, "+,"); + len = i + 3; /* Not counting '\0' */ + break; + } + } + } + } + len += input_print_modalias_bits(buf + len, size - len, 'r', id->relbit, 0, REL_MAX); len += input_print_modalias_bits(buf + len, size - len, @@ -1412,12 +1452,25 @@ static int input_print_modalias(char *buf, int size, struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'w', id->swbit, 0, SW_MAX); - if (add_cr) - len += snprintf(buf + len, max(size - len, 0), "\n"); - return len; } +static int input_print_modalias(char *buf, int size, const struct input_dev *id) +{ + int full_len; + + /* + * Printing is done in 2 passes: first one figures out total length + * needed for the modalias string, second one will try to trim key + * data in case when buffer is too small for the entire modalias. + * If the buffer is too small regardless, it will fill as much as it + * can (without trimming key data) into the buffer and leave it to + * the caller to figure out what to do with the result. + */ + full_len = input_print_modalias_parts(NULL, 0, 0, id); + return input_print_modalias_parts(buf, size, full_len, id); +} + static ssize_t input_dev_show_modalias(struct device *dev, struct device_attribute *attr, char *buf) @@ -1425,7 +1478,9 @@ static ssize_t input_dev_show_modalias(struct device *dev, struct input_dev *id = to_input_dev(dev); ssize_t len; - len = input_print_modalias(buf, PAGE_SIZE, id, 1); + len = input_print_modalias(buf, PAGE_SIZE, id); + if (len < PAGE_SIZE - 2) + len += snprintf(buf + len, PAGE_SIZE - len, "\n"); return min_t(int, len, PAGE_SIZE); } @@ -1637,6 +1692,23 @@ static int input_add_uevent_bm_var(struct kobj_uevent_env *env, return 0; } +/* + * This is a pretty gross hack. When building uevent data the driver core + * may try adding more environment variables to kobj_uevent_env without + * telling us, so we have no idea how much of the buffer we can use to + * avoid overflows/-ENOMEM elsewhere. To work around this let's artificially + * reduce amount of memory we will use for the modalias environment variable. + * + * The potential additions are: + * + * SEQNUM=18446744073709551615 - (%llu - 28 bytes) + * HOME=/ (6 bytes) + * PATH=/sbin:/bin:/usr/sbin:/usr/bin (34 bytes) + * + * 68 bytes total. Allow extra buffer - 96 bytes + */ +#define UEVENT_ENV_EXTRA_LEN 96 + static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, struct input_dev *dev) { @@ -1646,9 +1718,11 @@ static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, return -ENOMEM; len = input_print_modalias(&env->buf[env->buflen - 1], - sizeof(env->buf) - env->buflen, - dev, 0); - if (len >= (sizeof(env->buf) - env->buflen)) + (int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN, + dev); + if (len >= ((int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN)) return -ENOMEM; env->buflen += len; -- 2.40.1

7 months

2
2
0 0

[PATCH] f2fs: fix to force buffered IO on inline_data inode

by Chao Yu

It will return all zero data when DIO reading from inline_data inode, it is because f2fs_iomap_begin() assign iomap->type w/ IOMAP_HOLE incorrectly for this case. We can let iomap framework handle inline data via assigning iomap->type and iomap->inline_data correctly, however, it will be a little bit complicated when handling race case in between direct IO and buffered IO. So, let's force to use buffered IO to fix this issue. Cc: stable(a)vger.kernel.org Reported-by: Barry Song <v-songbaohua(a)oppo.com> Signed-off-by: Chao Yu <chao(a)kernel.org> --- fs/f2fs/file.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index db6236f27852..e038910ad1e5 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -851,6 +851,8 @@ static bool f2fs_force_buffered_io(struct inode *inode, int rw) return true; if (f2fs_compressed_file(inode)) return true; + if (f2fs_has_inline_data(inode)) + return true; /* disallow direct IO if any of devices has unaligned blksize */ if (f2fs_is_multi_device(sbi) && !sbi->aligned_blksize) -- 2.40.1

7 months

2
1
0 0

Candidates for stable v6.9..v6.10-rc1 Out Of Bounds

by Ronnie Sahlberg

These commits reference out.of.bound between v6.9 and v6.10-rc1 These commits are not, yet, in stable/linux-rolling-stable. Let me know if you would rather me compare to a different repo/branch. The list has been manually pruned to only contain commits that look like actual issues. If they contain a Fixes line it has been verified that at least one of the commits that the Fixes tag(s) reference is in stable/linux-rolling-stable 2ba24864d2f61b52210b Syz Fuzzers, Out of bounds 3ebc46ca8675de6378e3 Syz Fuzzers, Out of bounds 9841991a446c87f90f66 Kernel panic, NULL pointer, Out of bounds 51fafb3cd7fcf4f46826 Out of bounds 45cf976008ddef4a9c9a Out of bounds 8b2faf1a4f3b6c748c0d Out of bounds faa4364bef2ec0060de3 Buffer overflow, Out of bounds 8ee1b439b1540ae54314 Out of bounds 7b4c74cf22d7584d1eb4 Out of bounds 1008368e1c7e36bdec01 Out of bounds -- Ronnie Sahlberg [Principal Software Engineer, Linux] P 775 384 8203 | E [email] | W ciq.com

7 months

2
1
0 0

Candidates for stable v6.9..v6.10-rc1 KASAN

by Ronnie Sahlberg

These commits reference KASAN between v6.9 and v6.10-rc1 These commits are not, yet, in stable/linux-rolling-stable. Let me know if you would rather me compare to a different repo/branch. The list has been manually pruned to only contain commits that look like actual issues. If they contain a Fixes line it has been verified that at least one of the commits that the Fixes tag(s) reference is in stable/linux-rolling-stable 195aba96b854dd664768 KASAN, Out of bounds 2e577732e8d28b9183df Kernel panic, KASAN 20faaf30e55522bba2b5 KASAN, Syz Fuzzers, Out of bounds c1115ddbda9c930fba0f KASAN, NULL pointer -- Ronnie Sahlberg [Principal Software Engineer, Linux] P 775 384 8203 | E [email] | W ciq.com

7 months

2
1
0 0

[PATCH 6.9.y] erofs: avoid allocating DEFLATE streams before mounting

by Gao Xiang

commit 80eb4f62056d6ae709bdd0636ab96ce660f494b2 upstream. Currently, each DEFLATE stream takes one 32 KiB permanent internal window buffer even if there is no running instance which uses DEFLATE algorithm. It's unexpected and wasteful on embedded devices with limited resources and servers with hundreds of CPU cores if DEFLATE is enabled but unused. Fixes: ffa09b3bd024 ("erofs: DEFLATE compression support") Cc: <stable(a)vger.kernel.org> # 6.6+ Reviewed-by: Sandeep Dhavale <dhavale(a)google.com> Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> Link: https://lore.kernel.org/r/20240520090106.2898681-1-hsiangkao@linux.alibaba.… --- fs/erofs/decompressor_deflate.c | 55 +++++++++++++++++---------------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/fs/erofs/decompressor_deflate.c b/fs/erofs/decompressor_deflate.c index 81e65c453ef0..3a3461561a3c 100644 --- a/fs/erofs/decompressor_deflate.c +++ b/fs/erofs/decompressor_deflate.c @@ -46,39 +46,15 @@ int __init z_erofs_deflate_init(void) /* by default, use # of possible CPUs instead */ if (!z_erofs_deflate_nstrms) z_erofs_deflate_nstrms = num_possible_cpus(); - - for (; z_erofs_deflate_avail_strms < z_erofs_deflate_nstrms; - ++z_erofs_deflate_avail_strms) { - struct z_erofs_deflate *strm; - - strm = kzalloc(sizeof(*strm), GFP_KERNEL); - if (!strm) - goto out_failed; - - /* XXX: in-kernel zlib cannot shrink windowbits currently */ - strm->z.workspace = vmalloc(zlib_inflate_workspacesize()); - if (!strm->z.workspace) { - kfree(strm); - goto out_failed; - } - - spin_lock(&z_erofs_deflate_lock); - strm->next = z_erofs_deflate_head; - z_erofs_deflate_head = strm; - spin_unlock(&z_erofs_deflate_lock); - } return 0; - -out_failed: - erofs_err(NULL, "failed to allocate zlib workspace"); - z_erofs_deflate_exit(); - return -ENOMEM; } int z_erofs_load_deflate_config(struct super_block *sb, struct erofs_super_block *dsb, void *data, int size) { struct z_erofs_deflate_cfgs *dfl = data; + static DEFINE_MUTEX(deflate_resize_mutex); + static bool inited; if (!dfl || size < sizeof(struct z_erofs_deflate_cfgs)) { erofs_err(sb, "invalid deflate cfgs, size=%u", size); @@ -89,9 +65,36 @@ int z_erofs_load_deflate_config(struct super_block *sb, erofs_err(sb, "unsupported windowbits %u", dfl->windowbits); return -EOPNOTSUPP; } + mutex_lock(&deflate_resize_mutex); + if (!inited) { + for (; z_erofs_deflate_avail_strms < z_erofs_deflate_nstrms; + ++z_erofs_deflate_avail_strms) { + struct z_erofs_deflate *strm; + + strm = kzalloc(sizeof(*strm), GFP_KERNEL); + if (!strm) + goto failed; + /* XXX: in-kernel zlib cannot customize windowbits */ + strm->z.workspace = vmalloc(zlib_inflate_workspacesize()); + if (!strm->z.workspace) { + kfree(strm); + goto failed; + } + spin_lock(&z_erofs_deflate_lock); + strm->next = z_erofs_deflate_head; + z_erofs_deflate_head = strm; + spin_unlock(&z_erofs_deflate_lock); + } + inited = true; + } + mutex_unlock(&deflate_resize_mutex); erofs_info(sb, "EXPERIMENTAL DEFLATE feature in use. Use at your own risk!"); return 0; +failed: + mutex_unlock(&deflate_resize_mutex); + z_erofs_deflate_exit(); + return -ENOMEM; } int z_erofs_deflate_decompress(struct z_erofs_decompress_req *rq, -- 2.39.3

7 months

2
5
0 0

[PATCH stable-5.15.y 0/2] Fix PTP received on wrong port with bridged SJA1105 DSA

by Vladimir Oltean

It has been brought to my attention that what had been fixed 1 year ago here for kernels 5.18 and later: https://lore.kernel.org/netdev/20230626155112.3155993-1-vladimir.oltean@nxp… is still broken on linux-5.15.y. Short summary: PTP boundary clock is broken for ports under a VLAN-aware bridge. The reason is that the Fixes: tags in those patches were wrong. The issue originated from earlier, but the changes from 5.18 (blamed there), aka DSA FDB isolation, masked that. A straightforward cherry-pick was not possible, due to the conflict with the aforementioned DSA FDB isolation work from 5.18. So I redid patch 2/2 and marked what I had to adapt. Tested on the NXP LS1021A-TSN board. Vladimir Oltean (2): net: dsa: sja1105: always enable the INCL_SRCPT option net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT drivers/net/dsa/sja1105/sja1105_main.c | 9 ++----- net/dsa/tag_sja1105.c | 34 ++++++++++++++++++++------ 2 files changed, 28 insertions(+), 15 deletions(-) --- I'm sorry for the people who will want to backport DSA FDB isolation to linux-5.15.y :( -- 2.34.1

7 months

2
3
0 0

[PATCH 6.6.y 0/4] Fix missing net_helper.sh for net/udpgro_fwd.sh test

by Po-Hsu Lin

Since upstream commit 4acffb66 "selftests: net: explicitly wait for listener ready", the net_helper.sh from commit 3bdd9fd2 "selftests/net: synchronize udpgro tests' tx and rx connection" will be needed. Otherwise selftests/net/udpgro_fwd.sh will complain about: $ sudo ./udpgro_fwd.sh ./udpgro_fwd.sh: line 4: net_helper.sh: No such file or directory IPv4 No GRO ./udpgro_fwd.sh: line 134: wait_local_port_listen: command not found Patch "selftests/net: synchronize udpgro tests' tx and rx connection" adds the missing net_helper.sh. Context adjustment is needed for applying this patch, as the BPF_FILE is different in 6.6.y Patch "selftests: net: Remove executable bits from library scripts" fixes the script permission. Patch "selftests: net: included needed helper in the install targets" and "selftests: net: List helper scripts in TEST_FILES Makefile variable" will add this helper to the Makefile and fix the installation, lib.sh needs to be ignored for them. Benjamin Poirier (2): selftests: net: Remove executable bits from library scripts selftests: net: List helper scripts in TEST_FILES Makefile variable Lucas Karpinski (1): selftests/net: synchronize udpgro tests' tx and rx connection Paolo Abeni (1): selftests: net: included needed helper in the install targets tools/testing/selftests/net/Makefile | 4 ++-- tools/testing/selftests/net/net_helper.sh | 22 ++++++++++++++++++++++ tools/testing/selftests/net/setup_loopback.sh | 0 tools/testing/selftests/net/udpgro.sh | 13 ++++++------- tools/testing/selftests/net/udpgro_bench.sh | 5 +++-- tools/testing/selftests/net/udpgro_frglist.sh | 5 +++-- 6 files changed, 36 insertions(+), 13 deletions(-) create mode 100644 tools/testing/selftests/net/net_helper.sh mode change 100755 => 100644 tools/testing/selftests/net/setup_loopback.sh -- 2.7.4

7 months

2
5
0 0

Are the 'FAILED' notifications always sent?

by Matthieu Baerts

Hi Sasha, Thank you for the recent backports linked to MPTCP. Recently, I noticed that two patches [1] [2] with the same "Fixes" tag -- but without "Cc: stable", sorry for that -- have been backported to different stable versions. That's good, thank you! The first patch made its way to v5.15, while the second one went up to v6.8, but not to older stable versions. I understand it didn't go further because of other conflicts, and I'm ready to help to fix them. I just wanted to know if it is normal I didn't get any 'FAILED' notifications like the ones Greg send [3]: I rely on them to know which patches have been treated by the Stable team, but had conflicts. Will I get these notifications later (no hurry), or should I not rely on them to track fixes that could not be backported? Cheers, Matt [1] https://lore.kernel.org/mptcp/20240514011335.176158-2-martineau@kernel.org/ [2] https://lore.kernel.org/mptcp/20240514011335.176158-3-martineau@kernel.org/ [3] 'FAILED: patch "[PATCH] (...)" failed to apply to x.y-stable tree' -- Sponsored by the NGI0 Core fund.

7 months

2
2
0 0

[PATCH 6.6.y 0/3] Backport of "mptcp: fix full TCP keep-alive support"

by Matthieu Baerts (NGI0)

It looks like the patch "mptcp: fix full TCP keep-alive support" has been backported up to v6.8 recently (thanks!), but not before due to conflicts. I had to adapt a bit the code not to backport new features, but the modifications were simple, and isolated from the rest. MPTCP sockopt tests have been executed, and no issues have been reported. Matthieu Baerts (NGI0) (1): mptcp: fix full TCP keep-alive support Paolo Abeni (2): mptcp: avoid some duplicate code in socket option handling mptcp: cleanup SOL_TCP handling net/mptcp/protocol.h | 3 ++ net/mptcp/sockopt.c | 123 +++++++++++++++++++++++++++++-------------- 2 files changed, 87 insertions(+), 39 deletions(-) -- 2.43.0

7 months

2
4
0 0

[PATCH] Revert "drm/amdgpu: init iommu after amdkfd device init"

by Armin Wolf

This reverts commit 56b522f4668167096a50c39446d6263c96219f5f. A user reported that this commit breaks the integrated gpu of his notebook, causing a black screen. He was able to bisect the problematic commit and verified that by reverting it the notebook works again. He also confirmed that kernel 6.8.1 also works on his device, so the upstream commit itself seems to be ok. An amdgpu developer (Alex Deucher) confirmed that this patch should have never been ported to 5.15 in the first place, so revert this commit from the 5.15 stable series. Reported-by: Barry Kauler <bkauler(a)gmail.com> Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> --- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c index 222a1d9ecf16..5f6c32ec674d 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c @@ -2487,6 +2487,10 @@ static int amdgpu_device_ip_init(struct amdgpu_device *adev) if (r) goto init_failed; + r = amdgpu_amdkfd_resume_iommu(adev); + if (r) + goto init_failed; + r = amdgpu_device_ip_hw_init_phase1(adev); if (r) goto init_failed; @@ -2525,10 +2529,6 @@ static int amdgpu_device_ip_init(struct amdgpu_device *adev) if (!adev->gmc.xgmi.pending_reset) amdgpu_amdkfd_device_init(adev); - r = amdgpu_amdkfd_resume_iommu(adev); - if (r) - goto init_failed; - amdgpu_fru_get_product_info(adev); init_failed: -- 2.39.2

7 months

5
6
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2024