August 2024 - Linux-stable-mirror

Re: [LTP] [PATCH 1/1] nfsstat01: Update client RPC calls for kernel 6.9

by Calum Mackay

To clarify… On 02/07/2024 5:54 pm, Calum Mackay wrote: > hi Petr, > > I noticed your LTP patch [1][2] which adjusts the nfsstat01 test on v6.9 > kernels, to account for Josef's changes [3], which restrict the NFS/RPC > stats per-namespace. > > I see that Josef's changes were backported, as far back as longterm > v5.4, Sorry, that's not quite accurate. Josef's NFS client changes were all backported from v6.9, as far as longterm v5.4.y: 2057a48d0dd0 sunrpc: add a struct rpc_stats arg to rpc_create_args d47151b79e32 nfs: expose /proc/net/sunrpc/nfs in net namespaces 1548036ef120 nfs: make the rpc_stat per net namespace Of Josef's NFS server changes, four were backported from v6.9 to v6.8: 418b9687dece sunrpc: use the struct net as the svc proc private d98416cc2154 nfsd: rename NFSD_NET_* to NFSD_STATS_* 93483ac5fec6 nfsd: expose /proc/net/sunrpc/nfsd in net namespaces 4b14885411f7 nfsd: make all of the nfsd stats per-network namespace and the others remained only in v6.9: ab42f4d9a26f sunrpc: don't change ->sv_stats if it doesn't exist a2214ed588fb nfsd: stop setting ->pg_stats for unused stats f09432386766 sunrpc: pass in the sv_stats struct through svc_create_pooled 3f6ef182f144 sunrpc: remove ->pg_stats from svc_program e41ee44cc6a4 nfsd: remove nfsd_stats, make th_cnt a global counter 16fb9808ab2c nfsd: make svc_stat per-network namespace instead of global I'm wondering if this difference between NFS client, and NFS server, stat behaviour, across kernel versions, may perhaps cause some user confusion? cheers, calum. > so your check for kernel version "6.9" in the test may need to be > adjusted, if LTP is intended to be run on stable kernels? > > best wishes, > calum. > > > [1] https://lore.kernel.org/ltp/20240620111129.594449-1-pvorel@suse.cz/ > [2] https://patchwork.ozlabs.org/project/ltp/ > patch/20240620111129.594449-1-pvorel(a)suse.cz/ > [3] https://lore.kernel.org/linux-nfs/ > cover.1708026931.git.josef(a)toxicpanda.com/

1 year, 4 months

9
20
0 0

[PATCH v2] usb: dwc3: ep0: Don't reset resource alloc flag (including ep0)

by Michael Grzeschik

The DWC3_EP_RESOURCE_ALLOCATED flag ensures that the resource of an endpoint is only assigned once. Unless the endpoint is reset, don't clear this flag. Otherwise we may set endpoint resource again, which prevents the driver from initiate transfer after handling a STALL or endpoint halt to the control endpoint. Commit f2e0eee47038 ("usb: dwc3: ep0: Don't reset resource alloc flag") was fixing the initial issue, but did this only for physical ep1. Since the function dwc3_ep0_stall_and_restart is resetting the flags for both physical endpoints, this also has to be done for ep0. Cc: stable(a)vger.kernel.org Fixes: b311048c174d ("usb: dwc3: gadget: Rewrite endpoint allocation flow") Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Michael Grzeschik <m.grzeschik(a)pengutronix.de> --- v2: Added missing double quotes in the referenced patch name - Link to v1: https://lore.kernel.org/r/20240814-dwc3hwep0reset-v1-1-087b0d26f3d0@pengutr… --- drivers/usb/dwc3/ep0.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c index d96ffbe520397..c9533a99e47c8 100644 --- a/drivers/usb/dwc3/ep0.c +++ b/drivers/usb/dwc3/ep0.c @@ -232,7 +232,8 @@ void dwc3_ep0_stall_and_restart(struct dwc3 *dwc) /* stall is always issued on EP0 */ dep = dwc->eps[0]; __dwc3_gadget_ep_set_halt(dep, 1, false); - dep->flags = DWC3_EP_ENABLED; + dep->flags &= DWC3_EP_RESOURCE_ALLOCATED; + dep->flags |= DWC3_EP_ENABLED; dwc->delayed_status = false; if (!list_empty(&dep->pending_list)) { --- base-commit: 38343be0bf9a7d7ef0d160da5f2db887a0e29b62 change-id: 20240814-dwc3hwep0reset-b4d371873494 Best regards, -- Michael Grzeschik <m.grzeschik(a)pengutronix.de>

1 year, 4 months

1
0
0 0

IC Search Engine - Allboms

by allboms5＠plc2.top

1 year, 4 months

1
0
0 0

[PATCH] wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> The check should start from 5845 to 5925, which includes channels 169, 173, and 177. Cc: stable(a)vger.kernel.org Fixes: 09382d8f8641 ("wifi: mt76: mt7921: update the channel usage when the regd domain changed") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- drivers/net/wireless/mediatek/mt76/mt7921/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/init.c b/drivers/net/wireless/mediatek/mt76/mt7921/init.c index ef0c721d26e3..57672c69150e 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/init.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/init.c @@ -83,7 +83,7 @@ mt7921_regd_channel_update(struct wiphy *wiphy, struct mt792x_dev *dev) } /* UNII-4 */ - if (IS_UNII_INVALID(0, 5850, 5925)) + if (IS_UNII_INVALID(0, 5845, 5925)) ch->flags |= IEEE80211_CHAN_DISABLED; } -- 2.18.0

1 year, 4 months

1
0
0 0

[PATCH RESEND] pinctrl: single: fix potential NULL dereference in pcs_get_function()

by Ma Ke

pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. Cc: stable(a)vger.kernel.org Fixes: 571aec4df5b7 ("pinctrl: single: Use generic pinmux helpers for managing functions") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/pinctrl/pinctrl-single.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c index 4c6bfabb6bd7..4da3c3f422b6 100644 --- a/drivers/pinctrl/pinctrl-single.c +++ b/drivers/pinctrl/pinctrl-single.c @@ -345,6 +345,8 @@ static int pcs_get_function(struct pinctrl_dev *pctldev, unsigned pin, return -ENOTSUPP; fselector = setting->func; function = pinmux_generic_get_function(pctldev, fselector); + if (!function) + return -EINVAL; *func = function->data; if (!(*func)) { dev_err(pcs->dev, "%s could not find function%i\n", -- 2.25.1

1 year, 4 months

1
0
0 0

[PATCH v2 RESEND] EDAC/altera: Fix possible null pointer dereference

by Ma Ke

In altr_s10_sdram_check_ecc_deps(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. of_translate_address() is the same. Found by code review. Cc: stable(a)vger.kernel.org Fixes: e1bca853dddc ("EDAC/altera: Add SDRAM ECC check for U-Boot") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the check of of_translate_address() as suggestions. --- drivers/edac/altera_edac.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c index fe89f5c4837f..4fbfa338e05f 100644 --- a/drivers/edac/altera_edac.c +++ b/drivers/edac/altera_edac.c @@ -1086,6 +1086,7 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) struct arm_smccc_res result; struct device_node *np; phys_addr_t sdram_addr; + const __be32 *sdram_addrp; u32 read_reg; int ret; @@ -1093,8 +1094,14 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) if (!np) goto sdram_err; - sdram_addr = of_translate_address(np, of_get_address(np, 0, - NULL, NULL)); + sdram_addrp = of_get_address(np, 0, NULL, NULL); + if (!sdram_addrp) + return -EINVAL; + + sdram_addr = of_translate_address(np, sdram_addrp); + if (sdram_addr == OF_BAD_ADDR) + return -EINVAL; + of_node_put(np); sdram_ecc_addr = (unsigned long)sdram_addr + prv->ecc_en_ofst; arm_smccc_smc(INTEL_SIP_SMC_REG_READ, sdram_ecc_addr, -- 2.25.1

1 year, 4 months

1
0
0 0

[PATCH] usb: dwc3: ep0: Don't reset resource alloc flag (including ep0)

by Michael Grzeschik

The DWC3_EP_RESOURCE_ALLOCATED flag ensures that the resource of an endpoint is only assigned once. Unless the endpoint is reset, don't clear this flag. Otherwise we may set endpoint resource again, which prevents the driver from initiate transfer after handling a STALL or endpoint halt to the control endpoint. Commit f2e0eee47038 (usb: dwc3: ep0: Don't reset resource alloc flag) was fixing the initial issue, but did this only for physical ep1. Since the function dwc3_ep0_stall_and_restart is resetting the flags for both physical endpoints, this also has to be done for ep0. Cc: stable(a)vger.kernel.org Fixes: b311048c174d ("usb: dwc3: gadget: Rewrite endpoint allocation flow") Signed-off-by: Michael Grzeschik <m.grzeschik(a)pengutronix.de> --- drivers/usb/dwc3/ep0.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c index d96ffbe520397..c9533a99e47c8 100644 --- a/drivers/usb/dwc3/ep0.c +++ b/drivers/usb/dwc3/ep0.c @@ -232,7 +232,8 @@ void dwc3_ep0_stall_and_restart(struct dwc3 *dwc) /* stall is always issued on EP0 */ dep = dwc->eps[0]; __dwc3_gadget_ep_set_halt(dep, 1, false); - dep->flags = DWC3_EP_ENABLED; + dep->flags &= DWC3_EP_RESOURCE_ALLOCATED; + dep->flags |= DWC3_EP_ENABLED; dwc->delayed_status = false; if (!list_empty(&dep->pending_list)) { --- base-commit: 38343be0bf9a7d7ef0d160da5f2db887a0e29b62 change-id: 20240814-dwc3hwep0reset-b4d371873494 Best regards, -- Michael Grzeschik <m.grzeschik(a)pengutronix.de>

1 year, 4 months

3
5
0 0

[merged] squashfs-sanity-check-symbolic-link-size.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Squashfs: sanity check symbolic link size has been removed from the -mm tree. Its filename was squashfs-sanity-check-symbolic-link-size.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Phillip Lougher <phillip(a)squashfs.org.uk> Subject: Squashfs: sanity check symbolic link size Date: Sun, 11 Aug 2024 21:13:01 +0100 Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. squashfs_read_inode() is called to read the symbolic link from disk. This assigns the corrupted value 3875536935 to inode->i_size. 2. Later squashfs_symlink_read_folio() is called, which assigns this corrupted value to the length variable, which being a signed int, overflows producing a negative number. 3. The following loop that fills in the page contents checks that the copied bytes is less than length, which being negative means the loop is skipped, producing an unitialised page. This patch adds a sanity check which checks that the symbolic link size is not larger than expected. Link: https://lkml.kernel.org/r/20240811201301.13076-1-phillip@squashfs.org.uk Signed-off-by: Phillip Lougher <phillip(a)squashfs.org.uk> Reported-by: Lizhi Xu <lizhi.xu(a)windriver.com> Reported-by: syzbot+24ac24ff58dc5b0d26b9(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000a90e8c061e86a76b@google.com/ Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Phillip Lougher <phillip(a)squashfs.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/squashfs/inode.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/fs/squashfs/inode.c~squashfs-sanity-check-symbolic-link-size +++ a/fs/squashfs/inode.c @@ -279,8 +279,13 @@ int squashfs_read_inode(struct inode *in if (err < 0) goto failed_read; - set_nlink(inode, le32_to_cpu(sqsh_ino->nlink)); inode->i_size = le32_to_cpu(sqsh_ino->symlink_size); + if (inode->i_size > PAGE_SIZE) { + ERROR("Corrupted symlink\n"); + return -EINVAL; + } + + set_nlink(inode, le32_to_cpu(sqsh_ino->nlink)); inode->i_op = &squashfs_symlink_inode_ops; inode_nohighmem(inode); inode->i_data.a_ops = &squashfs_symlink_aops; _ Patches currently in -mm which might be from phillip(a)squashfs.org.uk are

1 year, 4 months

1
0
0 0

[PATCH 1/2] usb: dwc3: st: fix probed platform device ref count on probe error path

by Krzysztof Kozlowski

The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources. Fixes: f83fca0707c6 ("usb: dwc3: add ST dwc3 glue layer to manage dwc3 HC") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/usb/dwc3/dwc3-st.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/drivers/usb/dwc3/dwc3-st.c b/drivers/usb/dwc3/dwc3-st.c index 211360eee95a..a9cb04043f08 100644 --- a/drivers/usb/dwc3/dwc3-st.c +++ b/drivers/usb/dwc3/dwc3-st.c @@ -219,10 +219,8 @@ static int st_dwc3_probe(struct platform_device *pdev) dwc3_data->regmap = regmap; res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "syscfg-reg"); - if (!res) { - ret = -ENXIO; - goto undo_platform_dev_alloc; - } + if (!res) + return -ENXIO; dwc3_data->syscfg_reg_off = res->start; @@ -233,8 +231,7 @@ static int st_dwc3_probe(struct platform_device *pdev) devm_reset_control_get_exclusive(dev, "powerdown"); if (IS_ERR(dwc3_data->rstc_pwrdn)) { dev_err(&pdev->dev, "could not get power controller\n"); - ret = PTR_ERR(dwc3_data->rstc_pwrdn); - goto undo_platform_dev_alloc; + return PTR_ERR(dwc3_data->rstc_pwrdn); } /* Manage PowerDown */ @@ -300,8 +297,6 @@ static int st_dwc3_probe(struct platform_device *pdev) reset_control_assert(dwc3_data->rstc_rst); undo_powerdown: reset_control_assert(dwc3_data->rstc_pwrdn); -undo_platform_dev_alloc: - platform_device_put(pdev); return ret; } -- 2.43.0

1 year, 4 months

3
5
0 0

[PATCH 6.1.y] xfs: remove WARN when dquot cache insertion fails

by Abhinav Jain

commit 4b827b3f305d ("xfs: remove WARN when dquot cache insertion fails") Disk quota cache insertion failure doesn't require this warning as the system can still manage and track disk quotas without caching the dquot object into memory. The failure doesn't imply any data loss or corruption. Therefore, the WARN_ON in xfs_qm_dqget_cache_insert function is aggressive and causes bot noise. I have confirmed there are no conflicts and also tested the using the C repro from syzkaller: https://syzkaller.appspot.com/text?tag=ReproC&x=15406772280000 Please do let me know if I missed out on anything as it's my first backport patch. Reported-by: syzbot+55fb1b7d909494fd520d(a)syzkaller.appspotmail.com Signed-off-by: Abhinav Jain <jain.abhinav177(a)gmail.com> --- fs/xfs/xfs_dquot.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/xfs/xfs_dquot.c b/fs/xfs/xfs_dquot.c index 8fb90da89787..7f071757f278 100644 --- a/fs/xfs/xfs_dquot.c +++ b/fs/xfs/xfs_dquot.c @@ -798,7 +798,6 @@ xfs_qm_dqget_cache_insert( error = radix_tree_insert(tree, id, dqp); if (unlikely(error)) { /* Duplicate found! Caller must try again. */ - WARN_ON(error != -EEXIST); mutex_unlock(&qi->qi_tree_lock); trace_xfs_dqget_dup(dqp); return error; -- 2.34.1

1 year, 4 months

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2024