March 2025 - Linux-stable-mirror

[PATCH v2 3/8] landlock: Add erratum for TCP fix

by Mickaël Salaün

Add erratum for the TCP socket identification fixed with commit 854277e2cc8c ("landlock: Fix non-TCP sockets restriction"). Fixes: 854277e2cc8c ("landlock: Fix non-TCP sockets restriction") Cc: Günther Noack <gnoack(a)google.com> Cc: Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20250318161443.279194-4-mic@digikod.net --- Changes since v1: - New patch. --- security/landlock/errata/abi-4.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 security/landlock/errata/abi-4.h diff --git a/security/landlock/errata/abi-4.h b/security/landlock/errata/abi-4.h new file mode 100644 index 000000000000..c052ee54f89f --- /dev/null +++ b/security/landlock/errata/abi-4.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +/** + * DOC: erratum_1 + * + * Erratum 1: TCP socket identification + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * + * This fix addresses an issue where IPv4 and IPv6 stream sockets (e.g., SMC, + * MPTCP, or SCTP) were incorrectly restricted by TCP access rights during + * :manpage:`bind(2)` and :manpage:`connect(2)` operations. This change ensures + * that only TCP sockets are subject to TCP access rights, allowing other + * protocols to operate without unnecessary restrictions. + */ +LANDLOCK_ERRATUM(1) -- 2.48.1

7 months, 3 weeks

1
0
0 0

[PATCH v2 1/8] landlock: Move code to ease future backports

by Mickaël Salaün

To ease backports in setup.c, let's group changes from __lsm_ro_after_init to __ro_after_init with commit f22f9aaf6c3d ("selinux: remove the runtime disable functionality"), and the landlock_lsmid addition with commit f3b8788cde61 ("LSM: Identify modules by more than name"). That will help to backport the following errata. Cc: Günther Noack <gnoack(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20250318161443.279194-2-mic@digikod.net --- Changes since v1: - New patch. --- security/landlock/setup.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/security/landlock/setup.c b/security/landlock/setup.c index 28519a45b11f..c71832a8e369 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -19,6 +19,11 @@ bool landlock_initialized __ro_after_init = false; +const struct lsm_id landlock_lsmid = { + .name = LANDLOCK_NAME, + .id = LSM_ID_LANDLOCK, +}; + struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = { .lbs_cred = sizeof(struct landlock_cred_security), .lbs_file = sizeof(struct landlock_file_security), @@ -26,11 +31,6 @@ struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; -const struct lsm_id landlock_lsmid = { - .name = LANDLOCK_NAME, - .id = LSM_ID_LANDLOCK, -}; - static int __init landlock_init(void) { landlock_add_cred_hooks(); -- 2.48.1

7 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? ...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? [-Werror=implicit-function-declaration] in io_uring/io_uring.o (io_uring/io_uring.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:160797c1391e9c7479eace7259b46a47c35c7db7 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 52baa369b052eae3278dda3062d63a3058eb9cfe Log excerpt: ===================================================== io_uring/io_uring.c:2708:17: error: implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? [-Werror=implicit-function-declaration] 2708 | vunmap(ptr); | ^~~~~~ | kunmap io_uring/io_uring.c: In function ‘__io_uaddr_map’: io_uring/io_uring.c:2784:21: error: implicit declaration of function ‘vmap’; did you mean ‘kmap’? [-Werror=implicit-function-declaration] 2784 | page_addr = vmap(page_array, nr_pages, VM_MAP, PAGE_KERNEL); | ^~~~ | kmap io_uring/io_uring.c:2784:48: error: ‘VM_MAP’ undeclared (first use in this function); did you mean ‘VM_MTE’? 2784 | page_addr = vmap(page_array, nr_pages, VM_MAP, PAGE_KERNEL); | ^~~~~~ | VM_MTE io_uring/io_uring.c:2784:48: note: each undeclared identifier is reported only once for each function it appears in io_uring/io_uring.c: In function ‘io_mem_alloc_single’: io_uring/io_uring.c:2863:37: error: ‘VM_MAP’ undeclared (first use in this function); did you mean ‘VM_MTE’? 2863 | ret = vmap(pages, nr_pages, VM_MAP, PAGE_KERNEL); | ^~~~~~ | VM_MTE CC crypto/sha256_generic.o cc1: some warnings being treated as errors ===================================================== # Builds where the incident occurred: ## 32r2el_defconfig on (mips): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67d98bca28b1441c081c56f5 #kernelci issue maestro:160797c1391e9c7479eace7259b46a47c35c7db7 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

7 months, 3 weeks

1
0
0 0

Re: Patch "mm: shmem: skip swapcache for swapin of synchronous swap device" has been added to the 6.12-stable tree

by Hugh Dickins

On Tue, 18 Mar 2025, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > mm: shmem: skip swapcache for swapin of synchronous swap device > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > mm-shmem-skip-swapcache-for-swapin-of-synchronous-sw.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit df6cb03ef8e3bf53ebe143c79cf2c073bfa0584b > Author: Baolin Wang <baolin.wang(a)linux.alibaba.com> > Date: Wed Jan 8 10:16:49 2025 +0800 > > mm: shmem: skip swapcache for swapin of synchronous swap device > > [ Upstream commit 1dd44c0af4fa1e80a4e82faa10cbf5d22da40362 ] > > With fast swap devices (such as zram), swapin latency is crucial to > applications. For shmem swapin, similar to anonymous memory swapin, we > can skip the swapcache operation to improve swapin latency. Testing 1G > shmem sequential swapin without THP enabled, I observed approximately a 6% > performance improvement: (Note: I repeated 5 times and took the mean data > for each test) > > w/o patch w/ patch changes > 534.8ms 501ms +6.3% > > In addition, currently, we always split the large swap entry stored in the > shmem mapping during shmem large folio swapin, which is not perfect, > especially with a fast swap device. We should swap in the whole large > folio instead of splitting the precious large folios to take advantage of > the large folios and improve the swapin latency if the swap device is > synchronous device, which is similar to anonymous memory mTHP swapin. > Testing 1G shmem sequential swapin with 64K mTHP and 2M mTHP, I observed > obvious performance improvement: > > mTHP=64K > w/o patch w/ patch changes > 550.4ms 169.6ms +69% > > mTHP=2M > w/o patch w/ patch changes > 542.8ms 126.8ms +77% > > Note that skipping swapcache requires attention to concurrent swapin > scenarios. Fortunately the swapcache_prepare() and > shmem_add_to_page_cache() can help identify concurrent swapin and large > swap entry split scenarios, and return -EEXIST for retry. > > [akpm(a)linux-foundation.org: use IS_ENABLED(), tweak comment grammar] > Link: https://lkml.kernel.org/r/3d9f3bd3bc6ec953054baff5134f66feeaae7c1e.17363017… > Signed-off-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> > Cc: David Hildenbrand <david(a)redhat.com> > Cc: "Huang, Ying" <ying.huang(a)linux.alibaba.com> > Cc: Hugh Dickins <hughd(a)google.com> > Cc: Kairui Song <kasong(a)tencent.com> > Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> > Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> > Cc: Ryan Roberts <ryan.roberts(a)arm.com> > Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> > Stable-dep-of: 058313515d5a ("mm: shmem: fix potential data corruption during shmem swapin") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> No, NAK to this one going to stable. Hugh > > diff --git a/mm/shmem.c b/mm/shmem.c > index 5960e5035f983..738893d7fe083 100644 > --- a/mm/shmem.c > +++ b/mm/shmem.c > @@ -1878,6 +1878,65 @@ static struct folio *shmem_alloc_and_add_folio(struct vm_fault *vmf, > return ERR_PTR(error); > } > > +static struct folio *shmem_swap_alloc_folio(struct inode *inode, > + struct vm_area_struct *vma, pgoff_t index, > + swp_entry_t entry, int order, gfp_t gfp) > +{ > + struct shmem_inode_info *info = SHMEM_I(inode); > + struct folio *new; > + void *shadow; > + int nr_pages; > + > + /* > + * We have arrived here because our zones are constrained, so don't > + * limit chance of success with further cpuset and node constraints. > + */ > + gfp &= ~GFP_CONSTRAINT_MASK; > + if (IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE) && order > 0) { > + gfp_t huge_gfp = vma_thp_gfp_mask(vma); > + > + gfp = limit_gfp_mask(huge_gfp, gfp); > + } > + > + new = shmem_alloc_folio(gfp, order, info, index); > + if (!new) > + return ERR_PTR(-ENOMEM); > + > + nr_pages = folio_nr_pages(new); > + if (mem_cgroup_swapin_charge_folio(new, vma ? vma->vm_mm : NULL, > + gfp, entry)) { > + folio_put(new); > + return ERR_PTR(-ENOMEM); > + } > + > + /* > + * Prevent parallel swapin from proceeding with the swap cache flag. > + * > + * Of course there is another possible concurrent scenario as well, > + * that is to say, the swap cache flag of a large folio has already > + * been set by swapcache_prepare(), while another thread may have > + * already split the large swap entry stored in the shmem mapping. > + * In this case, shmem_add_to_page_cache() will help identify the > + * concurrent swapin and return -EEXIST. > + */ > + if (swapcache_prepare(entry, nr_pages)) { > + folio_put(new); > + return ERR_PTR(-EEXIST); > + } > + > + __folio_set_locked(new); > + __folio_set_swapbacked(new); > + new->swap = entry; > + > + mem_cgroup_swapin_uncharge_swap(entry, nr_pages); > + shadow = get_shadow_from_swap_cache(entry); > + if (shadow) > + workingset_refault(new, shadow); > + folio_add_lru(new); > + swap_read_folio(new, NULL); > + return new; > +} > + > /* > * When a page is moved from swapcache to shmem filecache (either by the > * usual swapin of shmem_get_folio_gfp(), or by the less common swapoff of > @@ -1981,7 +2040,8 @@ static int shmem_replace_folio(struct folio **foliop, gfp_t gfp, > } > > static void shmem_set_folio_swapin_error(struct inode *inode, pgoff_t index, > - struct folio *folio, swp_entry_t swap) > + struct folio *folio, swp_entry_t swap, > + bool skip_swapcache) > { > struct address_space *mapping = inode->i_mapping; > swp_entry_t swapin_error; > @@ -1997,7 +2057,8 @@ static void shmem_set_folio_swapin_error(struct inode *inode, pgoff_t index, > > nr_pages = folio_nr_pages(folio); > folio_wait_writeback(folio); > - delete_from_swap_cache(folio); > + if (!skip_swapcache) > + delete_from_swap_cache(folio); > /* > * Don't treat swapin error folio as alloced. Otherwise inode->i_blocks > * won't be 0 when inode is released and thus trigger WARN_ON(i_blocks) > @@ -2101,6 +2162,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > struct shmem_inode_info *info = SHMEM_I(inode); > struct swap_info_struct *si; > struct folio *folio = NULL; > + bool skip_swapcache = false; > swp_entry_t swap; > int error, nr_pages; > > @@ -2122,6 +2184,8 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > /* Look it up and read it in.. */ > folio = swap_cache_get_folio(swap, NULL, 0); > if (!folio) { > + int order = xa_get_order(&mapping->i_pages, index); > + bool fallback_order0 = false; > int split_order; > > /* Or update major stats only when swapin succeeds?? */ > @@ -2131,6 +2195,33 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > count_memcg_event_mm(fault_mm, PGMAJFAULT); > } > > + /* > + * If uffd is active for the vma, we need per-page fault > + * fidelity to maintain the uffd semantics, then fallback > + * to swapin order-0 folio, as well as for zswap case. > + */ > + if (order > 0 && ((vma && unlikely(userfaultfd_armed(vma))) || > + !zswap_never_enabled())) > + fallback_order0 = true; > + > + /* Skip swapcache for synchronous device. */ > + if (!fallback_order0 && data_race(si->flags & SWP_SYNCHRONOUS_IO)) { > + folio = shmem_swap_alloc_folio(inode, vma, index, swap, order, gfp); > + if (!IS_ERR(folio)) { > + skip_swapcache = true; > + goto alloced; > + } > + > + /* > + * Fallback to swapin order-0 folio unless the swap entry > + * already exists. > + */ > + error = PTR_ERR(folio); > + folio = NULL; > + if (error == -EEXIST) > + goto failed; > + } > + > /* > * Now swap device can only swap in order 0 folio, then we > * should split the large swap entry stored in the pagecache > @@ -2161,9 +2252,10 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > } > } > > +alloced: > /* We have to do this with folio locked to prevent races */ > folio_lock(folio); > - if (!folio_test_swapcache(folio) || > + if ((!skip_swapcache && !folio_test_swapcache(folio)) || > folio->swap.val != swap.val || > !shmem_confirm_swap(mapping, index, swap)) { > error = -EEXIST; > @@ -2199,7 +2291,12 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > if (sgp == SGP_WRITE) > folio_mark_accessed(folio); > > - delete_from_swap_cache(folio); > + if (skip_swapcache) { > + folio->swap.val = 0; > + swapcache_clear(si, swap, nr_pages); > + } else { > + delete_from_swap_cache(folio); > + } > folio_mark_dirty(folio); > swap_free_nr(swap, nr_pages); > put_swap_device(si); > @@ -2210,8 +2307,11 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > if (!shmem_confirm_swap(mapping, index, swap)) > error = -EEXIST; > if (error == -EIO) > - shmem_set_folio_swapin_error(inode, index, folio, swap); > + shmem_set_folio_swapin_error(inode, index, folio, swap, > + skip_swapcache); > unlock: > + if (skip_swapcache) > + swapcache_clear(si, swap, folio_nr_pages(folio)); > if (folio) { > folio_unlock(folio); > folio_put(folio); >

7 months, 3 weeks

1
0
0 0

[PATCH 6.1&6.6 0/3] sign-file,extract-cert: switch to PROVIDER API for OpenSSL >= 3.0

by Huacai Chen

Backport this series to 6.1&6.6 because we get build errors with GCC14 and OpenSSL3 (or later): certs/extract-cert.c: In function 'main': certs/extract-cert.c:124:17: error: implicit declaration of function 'ENGINE_load_builtin_engines' [-Wimplicit-function-declaration] 124 | ENGINE_load_builtin_engines(); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ certs/extract-cert.c:126:21: error: implicit declaration of function 'ENGINE_by_id' [-Wimplicit-function-declaration] 126 | e = ENGINE_by_id("pkcs11"); | ^~~~~~~~~~~~ certs/extract-cert.c:126:19: error: assignment to 'ENGINE *' {aka 'struct engine_st *'} from 'int' makes pointer from integer without a cast [-Wint-conversion] 126 | e = ENGINE_by_id("pkcs11"); | ^ certs/extract-cert.c:128:21: error: implicit declaration of function 'ENGINE_init' [-Wimplicit-function-declaration] 128 | if (ENGINE_init(e)) | ^~~~~~~~~~~ certs/extract-cert.c:133:30: error: implicit declaration of function 'ENGINE_ctrl_cmd_string' [-Wimplicit-function-declaration] 133 | ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN"); | ^~~~~~~~~~~~~~~~~~~~~~ certs/extract-cert.c:64:32: note: in definition of macro 'ERR' 64 | bool __cond = (cond); \ | ^~~~ certs/extract-cert.c:134:17: error: implicit declaration of function 'ENGINE_ctrl_cmd' [-Wimplicit-function-declaration] 134 | ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); | ^~~~~~~~~~~~~~~ In theory 5.4&5.10&5.15 also need this, but they need more efforts because file paths are different. The ENGINE interface has its limitations and it has been superseded by the PROVIDER API, it is deprecated in OpenSSL version 3.0. Some distros have started removing it from header files. Update sign-file and extract-cert to use PROVIDER API for OpenSSL Major >= 3. Tested on F39 with openssl-3.1.1, pkcs11-provider-0.5-2, openssl-pkcs11-0.4.12-4 and softhsm-2.6.1-5 by using same key/cert as PEM and PKCS11 and comparing that the result is identical. Jan Stancek (3): sign-file,extract-cert: move common SSL helper functions to a header sign-file,extract-cert: avoid using deprecated ERR_get_error_line() sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 Signed-off-by: Jan Stancek <jstancek(a)redhat.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- MAINTAINERS | 1 + certs/Makefile | 2 +- certs/extract-cert.c | 138 +++++++++++++++++++++++-------------------- scripts/sign-file.c | 134 +++++++++++++++++++++-------------------- scripts/ssl-common.h | 32 ++++++++++ 5 files changed, 178 insertions(+), 129 deletions(-) create mode 100644 scripts/ssl-common.h --- 2.27.0

7 months, 3 weeks

3
7
0 0

[PATCH 6.1.y] drm/mediatek: Fix coverity issue with unintentional integer overflow

by bin.lan.cn＠windriver.com

From: "Jason-JH.Lin" <jason-jh.lin(a)mediatek.com> [ Upstream commit b0b0d811eac6b4c52cb9ad632fa6384cf48869e7 ] 1. Instead of multiplying 2 variable of different types. Change to assign a value of one variable and then multiply the other variable. 2. Add a int variable for multiplier calculation instead of calculating different types multiplier with dma_addr_t variable directly. Fixes: 1a64a7aff8da ("drm/mediatek: Fix cursor plane no update") Signed-off-by: Jason-JH.Lin <jason-jh.lin(a)mediatek.com> Reviewed-by: Alexandre Mergnat <amergnat(a)baylibre.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Link: https://patchwork.kernel.org/project/dri-devel/patch/20230907091425.9526-1-… Signed-off-by: Chun-Kuang Hu <chunkuang.hu(a)kernel.org> [ For certain code segments with coverity issue do not exist in function mtk_plane_update_new_state(), those not present in v6.1 are not back ported. ] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/gpu/drm/mediatek/mtk_drm_gem.c | 9 ++++++++- drivers/gpu/drm/mediatek/mtk_drm_plane.c | 13 +++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c index 21e584038581..336a6ee792c6 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c @@ -119,7 +119,14 @@ int mtk_drm_gem_dumb_create(struct drm_file *file_priv, struct drm_device *dev, int ret; args->pitch = DIV_ROUND_UP(args->width * args->bpp, 8); - args->size = args->pitch * args->height; + + /* + * Multiply 2 variables of different types, + * for example: args->size = args->spacing * args->height; + * may cause coverity issue with unintentional overflow. + */ + args->size = args->pitch; + args->size *= args->height; mtk_gem = mtk_drm_gem_create(dev, args->size, false); if (IS_ERR(mtk_gem)) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c b/drivers/gpu/drm/mediatek/mtk_drm_plane.c index 30d361671aa9..fb062e52eb12 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c @@ -120,6 +120,7 @@ static void mtk_plane_update_new_state(struct drm_plane_state *new_state, struct mtk_drm_gem_obj *mtk_gem; unsigned int pitch, format; dma_addr_t addr; + int offset; gem = fb->obj[0]; mtk_gem = to_mtk_gem_obj(gem); @@ -127,8 +128,16 @@ static void mtk_plane_update_new_state(struct drm_plane_state *new_state, pitch = fb->pitches[0]; format = fb->format->format; - addr += (new_state->src.x1 >> 16) * fb->format->cpp[0]; - addr += (new_state->src.y1 >> 16) * pitch; + /* + * Using dma_addr_t variable to calculate with multiplier of different types, + * for example: addr += (new_state->src.x1 >> 16) * fb->format->cpp[0]; + * may cause coverity issue with unintentional overflow. + */ + offset = (new_state->src.x1 >> 16) * fb->format->cpp[0]; + addr += offset; + offset = (new_state->src.y1 >> 16) * pitch; + addr += offset; + mtk_plane_state->pending.enable = true; mtk_plane_state->pending.pitch = pitch; -- 2.34.1

7 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] smb: client: Fix match_session bug preventing session reuse" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 605b249ea96770ac4fac4b8510a99e0f8442be5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031653-guide-earthen-3c35@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 605b249ea96770ac4fac4b8510a99e0f8442be5e Mon Sep 17 00:00:00 2001 From: Henrique Carvalho <henrique.carvalho(a)suse.com> Date: Tue, 11 Mar 2025 15:23:59 -0300 Subject: [PATCH] smb: client: Fix match_session bug preventing session reuse Fix a bug in match_session() that can causes the session to not be reused in some cases. Reproduction steps: mount.cifs //server/share /mnt/a -o credentials=creds mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp cat /proc/fs/cifs/DebugData | grep SessionId | wc -l mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp mount.cifs //server/share /mnt/a -o credentials=creds cat /proc/fs/cifs/DebugData | grep SessionId | wc -l Cc: stable(a)vger.kernel.org Reviewed-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Henrique Carvalho <henrique.carvalho(a)suse.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index f917de020dd5..73f93a35eedd 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx, bool match_super) { - if (ctx->sectype != Unspecified && - ctx->sectype != ses->sectype) - return 0; + struct TCP_Server_Info *server = ses->server; + enum securityEnum ctx_sec, ses_sec; if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) return 0; @@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, if (ses->chan_max < ctx->max_channels) return 0; - switch (ses->sectype) { + ctx_sec = server->ops->select_sectype(server, ctx->sectype); + ses_sec = server->ops->select_sectype(server, ses->sectype); + + if (ctx_sec != ses_sec) + return 0; + + switch (ctx_sec) { + case IAKerb: case Kerberos: if (!uid_eq(ctx->cred_uid, ses->cred_uid)) return 0; break; + case NTLMv2: + case RawNTLMSSP: default: /* NULL username means anonymous session */ if (ses->user_name == NULL) {

7 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] smb: client: Fix match_session bug preventing session reuse" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 605b249ea96770ac4fac4b8510a99e0f8442be5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031653-reboot-darwinism-60dd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 605b249ea96770ac4fac4b8510a99e0f8442be5e Mon Sep 17 00:00:00 2001 From: Henrique Carvalho <henrique.carvalho(a)suse.com> Date: Tue, 11 Mar 2025 15:23:59 -0300 Subject: [PATCH] smb: client: Fix match_session bug preventing session reuse Fix a bug in match_session() that can causes the session to not be reused in some cases. Reproduction steps: mount.cifs //server/share /mnt/a -o credentials=creds mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp cat /proc/fs/cifs/DebugData | grep SessionId | wc -l mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp mount.cifs //server/share /mnt/a -o credentials=creds cat /proc/fs/cifs/DebugData | grep SessionId | wc -l Cc: stable(a)vger.kernel.org Reviewed-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Henrique Carvalho <henrique.carvalho(a)suse.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index f917de020dd5..73f93a35eedd 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx, bool match_super) { - if (ctx->sectype != Unspecified && - ctx->sectype != ses->sectype) - return 0; + struct TCP_Server_Info *server = ses->server; + enum securityEnum ctx_sec, ses_sec; if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) return 0; @@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, if (ses->chan_max < ctx->max_channels) return 0; - switch (ses->sectype) { + ctx_sec = server->ops->select_sectype(server, ctx->sectype); + ses_sec = server->ops->select_sectype(server, ses->sectype); + + if (ctx_sec != ses_sec) + return 0; + + switch (ctx_sec) { + case IAKerb: case Kerberos: if (!uid_eq(ctx->cred_uid, ses->cred_uid)) return 0; break; + case NTLMv2: + case RawNTLMSSP: default: /* NULL username means anonymous session */ if (ses->user_name == NULL) {

7 months, 3 weeks

3
2
0 0

[PATCH stable 5.4] mmc: cqhci: Fix checking of CQHCI_HALT state

by Kamal Dasu

From: Seunghwan Baek <sh8267.baek(a)samsung.com> commit aea62c744a9ae2a8247c54ec42138405216414da upstream To check if mmc cqe is in halt state, need to check set/clear of CQHCI_HALT bit. At this time, we need to check with &, not &&. Fixes: a4080225f51d ("mmc: cqhci: support for command queue enabled host") Cc: stable(a)vger.kernel.org Signed-off-by: Seunghwan Baek <sh8267.baek(a)samsung.com> Reviewed-by: Ritesh Harjani <ritesh.list(a)gmail.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240829061823.3718-2-sh8267.baek@samsung.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Kamal Dasu <kamal.dasu(a)broadcom.com> --- drivers/mmc/host/cqhci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mmc/host/cqhci.c b/drivers/mmc/host/cqhci.c index 10b36b156562..ae9c184ed898 100644 --- a/drivers/mmc/host/cqhci.c +++ b/drivers/mmc/host/cqhci.c @@ -580,7 +580,7 @@ static int cqhci_request(struct mmc_host *mmc, struct mmc_request *mrq) cqhci_writel(cq_host, 0, CQHCI_CTL); mmc->cqe_on = true; pr_debug("%s: cqhci: CQE on\n", mmc_hostname(mmc)); - if (cqhci_readl(cq_host, CQHCI_CTL) && CQHCI_HALT) { + if (cqhci_readl(cq_host, CQHCI_CTL) & CQHCI_HALT) { pr_err("%s: cqhci: CQE failed to exit halt state\n", mmc_hostname(mmc)); } -- 2.43.0

7 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] smb: client: Fix match_session bug preventing session reuse" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 605b249ea96770ac4fac4b8510a99e0f8442be5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031654-gulp-armful-f55b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 605b249ea96770ac4fac4b8510a99e0f8442be5e Mon Sep 17 00:00:00 2001 From: Henrique Carvalho <henrique.carvalho(a)suse.com> Date: Tue, 11 Mar 2025 15:23:59 -0300 Subject: [PATCH] smb: client: Fix match_session bug preventing session reuse Fix a bug in match_session() that can causes the session to not be reused in some cases. Reproduction steps: mount.cifs //server/share /mnt/a -o credentials=creds mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp cat /proc/fs/cifs/DebugData | grep SessionId | wc -l mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp mount.cifs //server/share /mnt/a -o credentials=creds cat /proc/fs/cifs/DebugData | grep SessionId | wc -l Cc: stable(a)vger.kernel.org Reviewed-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Henrique Carvalho <henrique.carvalho(a)suse.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index f917de020dd5..73f93a35eedd 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx, bool match_super) { - if (ctx->sectype != Unspecified && - ctx->sectype != ses->sectype) - return 0; + struct TCP_Server_Info *server = ses->server; + enum securityEnum ctx_sec, ses_sec; if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) return 0; @@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, if (ses->chan_max < ctx->max_channels) return 0; - switch (ses->sectype) { + ctx_sec = server->ops->select_sectype(server, ctx->sectype); + ses_sec = server->ops->select_sectype(server, ses->sectype); + + if (ctx_sec != ses_sec) + return 0; + + switch (ctx_sec) { + case IAKerb: case Kerberos: if (!uid_eq(ctx->cred_uid, ses->cred_uid)) return 0; break; + case NTLMv2: + case RawNTLMSSP: default: /* NULL username means anonymous session */ if (ses->user_name == NULL) {

7 months, 3 weeks

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2025