IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
According to commit "vfs: parse: deal with zero length string value",
kernel will set the param->string to null pointer in vfs_parse_fs_string()
if fs string has zero length.
Yet the problem is that, nfs_fs_context_parse_param() will dereferences the
param->string, without checking whether it is a null pointer, which may
trigger a null-ptr-deref bug.
This patch solves it by adding sanity check on param->string
in nfs_fs_context_parse_param().
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
After converting file f_flags to open context mode by flags_to_mode(), open
context mode will have FMODE_EXEC when file open for exec, so we check
FMODE_EXEC from open context mode.
No functional change, just simplify the code.
Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Because file f_mode never have FMODE_EXEC, open context mode won't get
FMODE_EXEC from file f_mode. Open context mode only care about FMODE_READ/
FMODE_WRITE/FMODE_EXEC, and all info about open context mode can be convert
from file f_flags, so convert file f_flags to open context mode by
flags_to_mode().
Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
We should check that the filehandles match before transferring the
sillyrename data to the newly looked-up dentry in case the name was
reused on the server.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
When mounting from a NFSv4 referral, path->dentry can end up being a
negative dentry, so derive the struct nfs_server from the dentry
itself instead.
Fixes: 2b0143b5c9 ("VFS: normal filesystems (and lustre): d_inode() annotations")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
If we're asked to recover open state while a delegation return is
outstanding, then the state manager thread cannot use a cached open, so
if the server returns a delegation, we can end up deadlocked behind the
pending delegreturn.
To avoid this problem, let's just ask the server not to give us a
delegation unless we're explicitly reclaiming one.
Fixes: be36e185bd ("NFSv4: nfs4_open_recover_helper() must set share access")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Since commit 1a34c8c9a4 ("NFS: Support larger readdir buffers") has
updated dtsize, and with recent improvements to the READDIRPLUS helper
heuristic, the heuristic may not trigger until many dentries are emitted
to userspace. This will cause many thousands of GETATTR calls for "ls
-l" when the directory's pagecache has already been populated. This
manifests as poor performance for long directory listings after an
initially fast "ls -l".
Fix this by emitting only 17 entries for any first pass through the NFS
directory's ->iterate_shared(), which allows userpace to prime the
counters for the heuristic.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
The call to nfs4_label_init_security() should return a fully initialised
label.
Fixes: aa9c266962 ("NFS: Client implementation of Labeled-NFS")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
We must not change the value of label->len if it is zero, since that
indicates we stored a label.
Fixes: b4487b9354 ("nfs: Fix getxattr kernel panic and memory overflow")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
If the server returns a reply that includes a security label, then we
must decode it whether or not we can store the results.
Fixes: 1e2f67da89 ("NFS: Remove the nfs4_label argument from decode_getattr_*() functions")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
We need to clear the FATTR4_WORD2_SECURITY_LABEL bitmap flag
irrespective of whether or not the label is too long.
Fixes: aa9c266962 ("NFS: Client implementation of Labeled-NFS")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
POSIX typically only refreshes the user's supplementary group
information upon login. Since NFS servers may often refresh their
concept of the user supplementary group membership at their own cadence,
it is possible for the NFS client's access cache to become stale due to
the user's group membership changing on the server after the user has
already logged in on the client.
While it is reasonable to expect that such group membership changes are
rare, and that we do not want to optimise the cache to accommodate them,
it is also not unreasonable for the user to expect that if they log out
and log back in again, that the staleness would clear up.
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Tested-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Here are some small USB fixes for 6.1-rc7 that resolve some reported
problems:
- cdnsp driver fixes for reported problems
- dwc3 fixes for some small reported problems
- uvc gadget driver fix for reported regression due to changes
in 6.1-rc1.
All of these have been in linux-next with no reported problems.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCY4NttA8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ynf/gCgrBbxZPNyta4Z9ufj5bDTJafRQGkAoNKnZzY+
6QzcyjQzNn5phzFGn7Yu
=/qTO
-----END PGP SIGNATURE-----
Merge tag 'usb-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are some small USB fixes for 6.1-rc7 that resolve some reported
problems:
- cdnsp driver fixes for reported problems
- dwc3 fixes for some small reported problems
- uvc gadget driver fix for reported regression
All of these have been in linux-next with no reported problems"
* tag 'usb-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1
usb: dwc3: gadget: Clear ep descriptor last
usb: dwc3: exynos: Fix remove() function
usb: cdnsp: Fix issue with Clear Feature Halt Endpoint
usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer
usb: gadget: uvc: also use try_format in set_format
Here are some small driver fixes for 6.1-rc7, they include:
- build warning fix for the vdso when using new versions of grep
- iio driver fixes for reported issues
- small nvmem driver fixes
- fpga Kconfig fix
- interconnect dt binding fix
All of these have been in linux-next with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCY4NssA8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ynIiwCeKIuEGSNjFeyHe/GFRGD3tH/BjjIAn2kAGgJy
CaZ5u/MpUd2ZEnsaNvV3
=oNVq
-----END PGP SIGNATURE-----
Merge tag 'char-misc-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are some small driver fixes for 6.1-rc7, they include:
- build warning fix for the vdso when using new versions of grep
- iio driver fixes for reported issues
- small nvmem driver fixes
- fpga Kconfig fix
- interconnect dt binding fix
All of these have been in linux-next with no reported issues"
* tag 'char-misc-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
lib/vdso: use "grep -E" instead of "egrep"
nvmem: lan9662-otp: Change return type of lan9662_otp_wait_flag_clear()
nvmem: rmem: Fix return value check in rmem_read()
fpga: m10bmc-sec: Fix kconfig dependencies
dt-bindings: iio: adc: Remove the property "aspeed,trim-data-valid"
iio: adc: aspeed: Remove the trim valid dts property.
iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
iio: accel: bma400: Fix memory leak in bma400_get_steps_reg()
iio: light: rpr0521: add missing Kconfig dependencies
iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
iio: health: afe4403: Fix oob read in afe4403_read_raw
iio: light: apds9960: fix wrong register for gesture gain
dt-bindings: interconnect: qcom,msm8998-bwmon: Correct SC7280 CPU compatible
register in order to avoid a timer interrupt storm on ARM XGene-1
hardware running in NO_HZ mode
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmODSS0ACgkQEsHwGGHe
VUrsvhAAhRdjf9obB82fGsx8mpBH2kCCD89yHqUEuuw/lRDyEeAQ8Xz/+OQkNMUN
d+dgS6Dza3ZxM2SKkdE6QFMDF5d5Aj8qukB2QqJX3WfAv94SopSOKMo9r9ssGh4O
HQPhhOqcR8ejCkO5OESzA2AtRFIqWNqOjl1eL666dtc6Oof+34ZdJX5JLEYAwEVq
ECMJnmR5hAcjai/F/GqyMMQCL/xhMApu8CoUAMWJrJmIrwf0o32/UxM3A/xjxCGj
9RQnjX7oSXHoGbK6nzbDrABExbWginL3/Pn2MGKxDBjfikeu1/wdtO6Tm+YeXdnm
sNfBvrFBEJ6qugNbwSLyrmemhgw1HCa690ZoygM4TVF2ITFMIaYPN+OJCHHc3Vtn
x5ZcD73gDo+ErfwDnLUxY8ovG2i6wRwUp7T+MRcZv88/G4+gAxinR7fshar+dJRv
Hp7WeZb1WVTOpTzS7m04kWU5RXhfE6Oezqhhzba7kFIrhUyhp+omFun8VfhubHH4
1jbLURWIu4x85I84XKjLJgy4YyldPGpH0ROVX9aXJ4dtHB4nVZpDLPfNv1OmLSQN
NJtJ5lAXwdYOTOlgmUr9/ro6TzXJM/Kcd+3JW+N5JGbNRMfYhNEloRD0msmdzhFj
sB/z1oTTxFj5ai85LNKv7olHR1gCYKnKFDsBVYIZSBv2i33tQR0=
=PDBt
-----END PGP SIGNATURE-----
Merge tag 'timers_urgent_for_v6.1_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fix from Borislav Petkov:
- Return the proper timer register width (31 bits) for a 32-bit signed
register in order to avoid a timer interrupt storm on ARM XGene-1
hardware running in NO_HZ mode
* tag 'timers_urgent_for_v6.1_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
clocksource/drivers/arm_arch_timer: Fix XGene-1 TVAL register math error
ppc64le which confuses faddr2line's function offsets conversion
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmODSCEACgkQEsHwGGHe
VUoN7BAAscJobTTygbwyPI4UYE49jMxDH49ZNCTskcrifkA3CExBhN8uN0Lqb3Wq
HFYHd0mS7KZa5Fg8CqNQClqwJ6Soo33jgBKy85AsZXZbH5yUa7V0GgdV4UNk62GF
ldF2CK/B49RnuQHS339/BeQgU5xdVvuKlZUswc2pxRIW5wgHGP37TA2rh4GimPbs
px194cTceYpmKMfHeU7COM5NiIWMqGhwn3JEkKCOVaWabLVglVolmcBDlDHCz0Ge
wZWkyurk80r5e7qo+UnTbKTuKFOOOBd5KY3MhDRexRPFQKytVgzuoy74OlUfl+md
SQWr6rcEo5goFHoudMTPsqy9i2+CLPwAg/9biVHsgwQiqhRBnNs/YfWT+JTfaZpZ
EvMlN8NsPsMpmNK/AW32fr8S8gB4noXCztOmiKX8xh//eEEZ+lL2ExQcNrJ5XKBJ
8/CvbttSERXHjp7raomowxh4WQNA7q9Kx87fP2FI75pkC28pMaOPa+r04sTtiJQj
E9hc/3J/a6rb2iZb+obFf/lpHDXY6KfrH1sYrlsOTDl4DAOt22bocuvgiOluJMTj
7/XwKu7gUF7pJ2lkFVEjloRLfRdNFDWthnDqxo3Ryf259fECOxTzo2QS+li2vNmP
/PcluaoJokB+yh27YeULzq1NFz51ufMw+KgKbcVZOxhgTAgIAb0=
=HslR
-----END PGP SIGNATURE-----
Merge tag 'objtool_urgent_for_v6.1_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull objtool fix from Borislav Petkov:
- Handle different output of readelf on different distros running
ppc64le which confuses faddr2line's function offsets conversion
* tag 'objtool_urgent_for_v6.1_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
scripts/faddr2line: Fix regression in name resolution on ppc64le
*after* the size computation is done to prevent and hypothetical ioremap
failures
- Change the MSR save/restore functionality during suspend to rely on
flags denoting that the related MSRs are actually supported vs reading
them and assuming they are (an Atom one allows reading but not writing,
thus breaking this scheme at resume time.)
- prevent IV reuse in the AES-GCM communication scheme between SNP
guests and the AMD secure processor
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmODRegACgkQEsHwGGHe
VUr3Fw//dZr1BpLA2PoHBWRKw+tJA7NZ5QgYPwYgpZysI3LiSd3wHiYx12AMYl/1
rvG0ELCwR5MUt3s0owqm4XlzmNbFG/ISsaR3d2mUlqgPrztYKZTHUP14LjzbCgdx
53FSWqxeK5+NkQcUXF/GsR5flbHHG40wM9PK6UDm+xZPvoTKkBlCNcId+5yMtq0J
ZvemhZ9rMGoA6bRWvRIhzKdzz9+MRcKMMjcAULNtngIlE/CfdkkIGios0JmPshSB
h10/CmYRz38U90sqFXF/9DJPo6oFB9DOxIZmyb6cTmJCasSwfuU4uEtTiIuNMw0Y
zflc1vNnOkpdPvn8nXWwo/OWdjg9oh/TJOzthjyxjlVs4DYjBRnXykdO6lUQWjVI
XWE4sP8lt2J4wsiURzcaroqfqpQu1Y/hlh/io5xp8vE2qZaOjgADYV1ZHgB/Y20I
Opm4ICsMYN4ZQqejKfhq/Fu15Y6qqGIl0pNBjOJK0rdaDPthFd4+UEJGvd57RdNl
RCWC8EvsI8LGWDkGJeR1sytVJT7adWsfy6bYg98BQ2rId4oj89kZYZNqJROf/hv5
aU7i9AMh8WodZTGh2bfwq+dLvACccc2rqbYh0Q7Uwm3IjaPTWiPHanqsvSo6+GrO
aO4IUoUidXheVPJu3qfiNTJ4GtTUnqDiatpbfA+Do+Rva2wWBFw=
=xYpH
-----END PGP SIGNATURE-----
Merge tag 'x86_urgent_for_v6.1_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Borislav Petkov:
- ioremap: mask out the bits which are not part of the physical address
*after* the size computation is done to prevent any hypothetical
ioremap failures
- Change the MSR save/restore functionality during suspend to rely on
flags denoting that the related MSRs are actually supported vs
reading them and assuming they are (an Atom one allows reading but
not writing, thus breaking this scheme at resume time)
- prevent IV reuse in the AES-GCM communication scheme between SNP
guests and the AMD secure processor
* tag 'x86_urgent_for_v6.1_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
x86/pm: Add enumeration check before spec MSRs save/restore setup
x86/tsx: Add a feature bit for TSX control MSR support
virt/sev-guest: Prevent IV reuse in the SNP guest driver
- output the address in the sample only when it has been requested
- handle the case where user-only events can hit in kernel and thus
upset the sigtrap sanity checking
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmODP5wACgkQEsHwGGHe
VUqmBhAAnxQTCg4agqtKQyHAnFGZb09dE6pYghcpJzF2sOh9sffCYl9XYd53AGVS
z7nTGagPmT0AxdtjbFvDnxXuvpPVfcS9rIKG6oBzPUcXSVKr9PsqzZJJiAibg+uP
OSkC75tqNgBTnyDSGc+C5yd7LmWV98Y66t0fhwGUTHpAPY+vkbvYvi8yJYfVqZsA
Fc/6j+MJMFO1/52GoP42HVs2F7oyuXceJAAVhyYkYitC23mvrK2BRTZAkKsfRKBk
Un5gFMo+iFUTrOMo48f8BMNEtgfC5iAPPK2ZlFGwTEbDQ98+inf461s8jZq/Yeg7
KcdHw0Tk1rynBrFlbbUQArDEPyqzmj10FMVZ5VgUNdMneGEy+EUdpcoilX0ZccaA
NMnNDMPpU4S0cbuGn43Y2Jlv4QA9oECHqZ8NndAoJ5domR9g12WyVibD5W/bYBYQ
4Z2lv6luOCfWd2xQgT4s0tfMjwQb7NKmTrT4No9je7/IBDS5YjzBjPriAd4kbhFj
MUt6KKLK0fN4ASmxajXp6iYRALL2nvgJ2w1gzO0pcjMGCJ1WZBKDdfbNLbgulCwq
GJHNc55F7lWmkMNFLbWb28YLHjXGskQj4J/RARFszQq9khQnPEFj4X69StQfrghT
77rJF9CrS3KnxG4gCNWe5qvfQb9+Fi7IhwyWDI9VR0DITxGogvY=
=9CQa
-----END PGP SIGNATURE-----
Merge tag 'perf_urgent_for_v6.1_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Borislav Petkov:
"Two more fixes to the perf sigtrap handling:
- output the address in the sample only when it has been requested
- handle the case where user-only events can hit in kernel and thus
upset the sigtrap sanity checking"
* tag 'perf_urgent_for_v6.1_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf: Consider OS filter fail
perf: Fixup SIGTRAP and sample_flags interaction
* Fixes for Xen emulation. While nobody should be enabling it in
the kernel (the only public users of the feature are the selftests),
the bug effectively allows userspace to read arbitrary memory.
* Correctness fixes for nested hypervisors that do not intercept INIT
or SHUTDOWN on AMD; the subsequent CPU reset can cause a use-after-free
when it disables virtualization extensions. While downgrading the panic
to a WARN is quite easy, the full fix is a bit more laborious; there
are also tests. This is the bulk of the pull request.
* Fix race condition due to incorrect mmu_lock use around
make_mmu_pages_available().
Generic:
* Obey changes to the kvm.halt_poll_ns module parameter in VMs
not using KVM_CAP_HALT_POLL, restoring behavior from before
the introduction of the capability
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmODI84UHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroPVJwgAombWOBf549JiHGPtwejuQO20nTSj
Om9pzWQ9dR182P+ju/FdqSPXt/Lc8i+z5zSXDrV3HQ6/a3zIItA+bOAUiMFvHNAQ
w/7pEb1MzVOsEg2SXGOjZvW3WouB4Z4R0PosInYjrFrRGRAaw5iaTOZHGezE44t2
WBWk1PpdMap7J/8sjNT1ble72ig9JdSW4qeJUQ1GWxHCigI5sESCQVqF446KM0jF
gTYPGX5TqpbWiIejF0yNew9yNKMi/yO4Pz8I5j3vtopeHx24DCIqUAGaEg6ykErX
vnzYbVP7NaFrqtje49PsK6i1cu2u7uFPArj0dxo3DviQVZVHV1q6tNmI4A==
=Qgei
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
"x86:
- Fixes for Xen emulation. While nobody should be enabling it in the
kernel (the only public users of the feature are the selftests),
the bug effectively allows userspace to read arbitrary memory.
- Correctness fixes for nested hypervisors that do not intercept INIT
or SHUTDOWN on AMD; the subsequent CPU reset can cause a
use-after-free when it disables virtualization extensions. While
downgrading the panic to a WARN is quite easy, the full fix is a
bit more laborious; there are also tests. This is the bulk of the
pull request.
- Fix race condition due to incorrect mmu_lock use around
make_mmu_pages_available().
Generic:
- Obey changes to the kvm.halt_poll_ns module parameter in VMs not
using KVM_CAP_HALT_POLL, restoring behavior from before the
introduction of the capability"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: Update gfn_to_pfn_cache khva when it moves within the same page
KVM: x86/xen: Only do in-kernel acceleration of hypercalls for guest CPL0
KVM: x86/xen: Validate port number in SCHEDOP_poll
KVM: x86/mmu: Fix race condition in direct_page_fault
KVM: x86: remove exit_int_info warning in svm_handle_exit
KVM: selftests: add svm part to triple_fault_test
KVM: x86: allow L1 to not intercept triple fault
kvm: selftests: add svm nested shutdown test
KVM: selftests: move idt_entry to header
KVM: x86: forcibly leave nested mode on vCPU reset
KVM: x86: add kvm_leave_nested
KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use
KVM: x86: nSVM: leave nested mode on vCPU free
KVM: Obey kvm.halt_poll_ns in VMs not using KVM_CAP_HALT_POLL
KVM: Avoid re-reading kvm->max_halt_poll_ns during halt-polling
KVM: Cap vcpu->halt_poll_ns before halting rather than after
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmOC6QYACgkQiiy9cAdy
T1EaUgv/eEFpIzkRXuJHuPBlxWM7Gz6DiFkWd83ADcB15+4ADzPVdc1HqbnSw0/0
yPsxfhn95Ydo+zORPJ5puGUpveqNIen8xPeGaORGCCEMCYw5A58K2I8bkSYcMJUd
63hiLmw9ZpaXxkLXX/Y04hSYBwPIhwLSrT1kfPy7jru78DjvmOya1WHaBzQZQ0ej
374cDrG9yhWl+udFWJi1HxQt+fnJecaMNJy51BDeOeN3mM4j/kqHgYw2q5GfcbhL
nyr56UTxHvBpyciguKzqNIUVcFiANr7Il5Yz++NSjRcFUnhgoxPZ+eHMU1X6fpFB
fgLhcDsbBeWhPZnOAsb4X3HEhb41f61i5s2pYzwU7bhXYla0UrqEIS9RNjh3dgPx
WnRErVPiOwPP6mRl+064KITWcv3riDb8QbwEtqJQQT1TUPXM0b190wq59lHqIpJk
rV41bV7s3z839CulF+2Y9fuQVe5SL90kDSxF3gOue4SCzBfbl0Tww5gn3IIHvo+5
cyZZ3wQU
=89M+
-----END PGP SIGNATURE-----
Merge tag '6.1-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
"Two small cifs/smb3 client fixes:
- an unlock missing in an error path in copychunk_range found by
xfstest 476
- a fix for a use after free in a debug code path"
* tag '6.1-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: fix missing unlock in cifs_file_copychunk_range()
cifs: Use after free in debug code
- Fix CC_HAS_ASM_GOTO_TIED_OUTPUT test in Kconfig
- Fix noisy "No such file or directory" message when KBUILD_BUILD_VERSION
is passed
- Include rust/ in source tarballs
- Fix missing FORCE for ARCH=nios2 builds
-----BEGIN PGP SIGNATURE-----
iQJJBAABCgAzFiEEbmPs18K1szRHjPqEPYsBB53g2wYFAmOCoa0VHG1hc2FoaXJv
eUBrZXJuZWwub3JnAAoJED2LAQed4NsGPfsP/j8YoPvEzI4GrI/htAHw1qdlSdns
xuGnRFItyRpAZaEnKENG4qBQVCxs+FhQy7B4Omtrer4Jjm6V75zVGGgv883Tlpoe
9y8K0nXKmA2BVIu+o0rgQZAX9BXWryWaoaWE5/Jt3bX4xdUaCOb0kyay5ix3/jw0
8eTtYFXZEy108IEqMlDoe2jzXjYdZ2SqCoTMwtQIhghxha7cGEN1APXFtauouvED
MH3KsqzzJv7tsfsHPE3tPQM3T3o9Cp22B0a6lZq1eXoARvOB8U0o5ykdk09MPC+u
SSShqkVYIhNnyfd+bmHb1qAizOtdISa24wEpgGQNKBEgmfXu/FYtRkUHKfnQF4iq
1ugpvVdDsB2o5OoQEZop4kKWGmFYX6aA6DZQflplJwT233TVknTrqxZShJ/IhWz3
hOgzMe+nf2ySm5Sd0E7hJbHmeE5r3ZQHeKAO4nv0flw6sCUmzMlcxitVXwMgPDFH
b9bpZHNMx8NXuuQfRVjTJmxg5RPMX5cvdzxGF/g1LwNwR5c5FcYvLvjhHtctKL1W
VcikG1w7Ovs0YKliCbsLAwatXu+cjiTErnX3pNARG0H92qC5m3cEvw+m9eVoW4zW
W1NlKzWAVNW9tRFe7Fw5VvA+0Qu3RzfRT/EMaSj0l2nSwSl2wHYas6bhriY1Y1fl
z50jQCkoHOOMfni0
=r9W4
-----END PGP SIGNATURE-----
Merge tag 'kbuild-fixes-v6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull Kbuild fixes from Masahiro Yamada:
- Fix CC_HAS_ASM_GOTO_TIED_OUTPUT test in Kconfig
- Fix noisy "No such file or directory" message when
KBUILD_BUILD_VERSION is passed
- Include rust/ in source tarballs
- Fix missing FORCE for ARCH=nios2 builds
* tag 'kbuild-fixes-v6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
nios2: add FORCE for vmlinuz.gz
scripts: add rust in scripts/Makefile.package
kbuild: fix "cat: .version: No such file or directory"
init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
Add FORCE to placate a warning from make:
arch/nios2/boot/Makefile:24: FORCE prerequisite is missing
Fixes: 2fc8483fdc ("nios2: Build infrastructure")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
- Fix rare data corruption on READ operations
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEKLLlsBKG3yQ88j7+M2qzM29mf5cFAmOCPhcACgkQM2qzM29m
f5ewTRAAuAjJvtnsRxZBILs76U3KpAnn3ghtYKtzCmanq1UEJAlTz5vLLCqJRTXw
OajN4f/T/kD3bY5XxYcsbSMhVJhgd7JMx/DyPjp3rY+nS1cS/CB+TxN3VqhOZJDl
MfEJTN0MxWrq0pXKYxuPECmwk/C7jAU4vjWU+sDWhu4Anig564fdPxGGWw9vRfh5
YP8U8cuM5LIFCM2ZSjPsqWEXgd7pbYpYdOx6JPA74ftia8RBU1YVbIqZ6uFXiTnV
tpKAuQYem2ixV6UfsrVbeHDfsSkQcX2iaTGlcLB5y12nprV0wTOQM6lONTD878vh
37oc8zG9cdpWfcRzkyB8a58jHfSk74pMkV300C38CeV1KtajFVoRkoTvLYJdxbf8
WPcRcbsXbotb4+A1D2H6QvPKUbrlK+HIHe8POU67tKq5BI8xRw+ojTsJ2ANYr9Jt
OviLUraUnKFvCK2LN03+Op4l+UBTIdOGzGMqveILfxPD6zlTYJbQQ64Nih4JLfJG
uDN2892H4He3he5oD9Dzoh2xSWfLV5PJEAaN9wW7pyv8D5HfYBXWPan6JeaMHnfW
+NcoFQ3cSewyMZ1Rw0aCsKfXRGwikJrbAsrlvNe+uFRD6ueeWULp5fnTlOn+0tW1
tp+EzLOMoNkL9NW/rLeCIPN1MNXzgabgd4Diq8U3iTDRxf0FahU=
=zxjk
-----END PGP SIGNATURE-----
Merge tag 'nfsd-6.1-6' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux
Pull nfsd fix from Chuck Lever:
- Fix rare data corruption on READ operations
* tag 'nfsd-6.1-6' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
NFSD: Fix reads with a non-zero offset that don't end on a page boundary
Fixes for the 6.1 cycle:
* rk817: Two error handling fixes
* ip5xxx: fix inter overflow in current calculation
* ab8500: fix thermal zone probing
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE72YNB0Y/i3JqeVQT2O7X88g7+poFAmOBZXQACgkQ2O7X88g7
+pqq8hAAod1RmFosXcbIoAxGkblosmq9PYCCYp2eBbbqUSbawjCEH4NzOGTIQZlK
xc6kJPOX0/2Z56pCWr9sfbj/cPbM0wTS067RyxA9Lh7e2bmPsHe19VXEKYfQf+xC
D8q0IFZVdQSxtJMbMK2WhutH38y2vDN35h/HpG1Tkial6ZEMJMBpuZEB8GkVddgr
mm7o+218U4WViMKcFUtLk/4ZTKiMRoHy89p3COe8Z9Cl9FdumIF2LHULDcqbXkOs
ytQ8kKGgd9SANJ8YXWAxPW9Y9v5rl6+0A8KRNltnBpqXkXOtnTI7IltXODuLdfPm
k6veoy+SLR0l1gtEMczZiw+833kmJWSFj3oIzdslQpZjJJrsRBStJsiukmkgzQCq
7fb3EmUDUR5dwfUKryWu/qbHXVnJ67zHodUT4xZmqsC6NS4UdDjJ4LNVx44rCUTa
FP+4+vHumY1rQWE6fcX2Nt6TjCO8RTVDp6uTCxjvkyVUsu/CTST0/COIu67anbJP
0L2rICgb0v7Nadc1AOWasx+PeCw92jUNCO/Q0s2dEnSzpo+HmSy3PqXwU07FNApv
f4Y+bwD041q0I+/TrSUVbJjFc4bOyShXTfPxUM8cLV+dhBZy1DM/CeVwRsaa05JK
oPSkHldAeKO/bEmaMvnfI3IH+YAp40kFv494kEfSi+665LWLE9o=
=Iplg
-----END PGP SIGNATURE-----
Merge tag 'for-v6.1-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
Pull power supply fixes from Sebastian Reichel:
- rk817: Two error handling fixes
- ip5xxx: fix inter overflow in current calculation
- ab8500: fix thermal zone probing
* tag 'for-v6.1-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply:
power: supply: ab8500: Defer thermal zone probe
power: supply: ip5xxx: Fix integer overflow in current_now calculation
power: supply: rk817: Change rk817_chg_cur_to_reg to int
power: supply: rk817: check correct variable
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmOBLEoQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgponRD/90Nx2W6P8iN21w3ZtzhtYiG9WVBhUtQqhK
IFCUuaq7Meh8Iz6dpoOhEBHZ3alxZRptYLVVKMGUxkOUjzJPKljermvcb/If288G
5yaRrBtwkL+opZuDTwTiDFrUFGAY8+Uk/cmse8iqLkmQ+eJxmpr28tTrkOEToinS
D8JEnXG0YTRNe7o52wBC0rD2zJURHidAqyHuKdXP9DnPntSKfWQNZHK6kWwiJ20W
UQDgk3sycbmv8WXQ2nsDvrGf1s9FeQzS+gu5gWiA1sbQ5yhBvnGpT/U9E8WOeCZR
wszfWlsjOfv6N095o6plNeVo3Ti/QgliGiJvuBhkEhU6M9kOCEKzTh0W5DNyDpyo
DVB4/FmSyBKf1Aif9eo3gUqBdaaKaNn5b2vmgwuY/P5ALjanrL8izsnzdMfxOyRf
wNFgiYlD3VOksWxHUnPLx9nMtM9uDjkdE8IeRr/4bfP46qxSOpC1dZWvu6Ot1vPr
bfYo0QM+wUis4tfdxW9MIIi8oDAV0jbPN3zC2/c1end0KfZzlBiRh/1aernWweAj
NgVJC+9GhzR0RV0T74vH1JY5Xa5PF3VREbNeCYhzLPH/QtI/dCNIVhAv13p06+6x
zkeyMKUo8oLNl7WJRDb5WU/k2gr1msbwxvS/IdE1PuopqTefU9zdDlP/bYab0xla
E6DHJ2aHlw==
=41zr
-----END PGP SIGNATURE-----
Merge tag 'block-6.1-2022-11-25' of git://git.kernel.dk/linux
Pull block fixes from Jens Axboe:
- A few fixes for s390 sads (Stefan, Colin)
- Ensure that ublk doesn't reorder requests, as that can be problematic
on devices that need specific ordering (Ming)
- Fix a queue reference leak in disk allocation handling (Christoph)
* tag 'block-6.1-2022-11-25' of git://git.kernel.dk/linux:
ublk_drv: don't forward io commands in reserve order
s390/dasd: fix possible buffer overflow in copy_pair_show
s390/dasd: fix no record found for raw_track_access
s390/dasd: increase printing of debug data payload
s390/dasd: Fix spelling mistake "Ivalid" -> "Invalid"
blk-mq: fix queue reference leak on blk_mq_alloc_disk_for_queue failure
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmOBLDcQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgptRwD/0bExcw6CCDp/Lseux/77lUuxO58GdSQqWL
I6LA11rY1wcQvvcPfDG4e1JEiMHsmbvLNtv2/ZyVcLT8vJwf+FBZuzLeKrZAv24K
8XTKmWrHhqEGJqyKctbHQuS79XZt2tOcb+y5S5Ny3lzArql2CAiQrDyNZsQx5eFf
PIUJ0stqu4bp9ag/4q/DxJLXdX0CEvv+06xb8PaeqaN67iWwp95GTqkyKop7D+Vj
Qs626dqK3jp1HWpkn46uF90b4MOl1IU52r1uVEKH0yf1Iu37WajAP/w0G6krRq2P
57+HOsfrHiih22stjKCF9SzTncSCzQPgtF7we0w5dtz6TfOkHpPbXu1t6dIcmeXV
nT+oQ4kfeAGRNpW0B0gwbuxyVZys8C4RmZ7nMDj+u6Z6cBCxjBAHLlUbjp/dejXn
PcRdumeGq+1zzK9oRUiMiQEPft3BWWiizGztOzYeonN9G8LkCI4187UpzlTb1mmN
9CnRoCnx8v9zjqNF4TjH08atmJxjqWf+0AzH81dTxbJO60RX9ByvEJNwpV6BwxQ7
XAiA00h3s6MeX77RkazdoEsA9GCZd1C2gyCHpwH0cG5vgobMOn0M3M8F/OPfxI9e
v8AVJgp2x8cMUXzt0PRJyxjXfOV8yRfuiVFpZ1ArIBKlCF1/6JfF0MDWSE6+zkXj
9KgZQ1poVQ==
=SpdW
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.1-2022-11-25' of git://git.kernel.dk/linux
Pull io_uring fixes from Jens Axboe:
- A few poll related fixes. One fixing a race condition between poll
cancelation and trigger, and one making the overflow handling a bit
more robust (Lin, Pavel)
- Fix an fput() for error handling in the direct file table (Lin)
- Fix for a regression introduced in this cycle, where we don't always
get TIF_NOTIFY_SIGNAL cleared appropriately (me)
* tag 'io_uring-6.1-2022-11-25' of git://git.kernel.dk/linux:
io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available
io_uring/poll: fix poll_refs race with cancelation
io_uring/filetable: fix file reference underflow
io_uring: make poll refs more robust
io_uring: cmpxchg for poll arm refs release
- Fix a race between zonefs module initialization of sysfs attribute
directory and mounting a drive (from Xiaoxu).
- Fix active zone accounting in the rare case of an IO error due to a
zone transition to offline or read-only state (from me).
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCY4FHbQAKCRDdoc3SxdoY
dtVJAQDQPKQW7GlxgmfsxNZz4bR9CT2DHqoprN1g1bbKM9hYKwEApq0xtpBjyqX2
EaePIFvlYa67f5kWnW4XEd5vetbh0AI=
=imdG
-----END PGP SIGNATURE-----
Merge tag 'zonefs-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs
Pull zonefs fixes from Damien Le Moal:
- Fix a race between zonefs module initialization of sysfs attribute
directory and mounting a drive (from Xiaoxu).
- Fix active zone accounting in the rare case of an IO error due to a
zone transition to offline or read-only state (from me).
* tag 'zonefs-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs:
zonefs: Fix active zone accounting
zonefs: Fix race between modprobe and mount
This is more changes than I'd like this late although the diffstat is
still fairly small, I kept on holding off as new fixes came in to give
things time to soak in -next but should probably have tagged and sent an
additional pull request earlier.
There's some relatively large fixes to the twl6030 driver to fix issues
with the TWL6032 variant which resulted from some work on the core
TWL6030 driver, a couple of fixes for error handling paths (mostly in
the core), and a nice stability fix for the sgl51000 driver that's been
pulled out of a BSP.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmOBOHkACgkQJNaLcl1U
h9DSNwf+KFunln/2mpx6UrLa5kl5QQGDtBruEcEBkKnUAx/YZlZ2nFT08bV4V1D0
/STa4PZdThem89VBRClQvxdyPE4qKIUvWsLmTUXF9P48m11bI+PMGCBMoKgjs4ZL
jMTZi/JD+4oZcJcOG5Qu3rihdBxotrsvlk2QUMs+PaPx2JPyr1CpBXAseMkVcqrD
QzyRWUgCjS2bfnc9Xd7gll1MXeSIcN2oD14ec//5Wv0KItGs2i0cOCUY+U4Dffus
b+75g7sU4znCD6bcycKdTJEqcqrotrZycGnq3K36ycrAGulQrH4SwohEc2PUlnUa
ZrKBjC6iFkSutk0dYlSz4k7AfRzjrw==
=kf38
-----END PGP SIGNATURE-----
Merge tag 'regulator-fix-v6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"This is more changes than I'd like this late although the diffstat is
still fairly small, I kept on holding off as new fixes came in to give
things time to soak in -next but should probably have tagged and sent
an additional pull request earlier.
There's some relatively large fixes to the twl6030 driver to fix
issues with the TWL6032 variant which resulted from some work on the
core TWL6030 driver, a couple of fixes for error handling paths
(mostly in the core), and a nice stability fix for the sgl51000 driver
that's been pulled out of a BSP"
* tag 'regulator-fix-v6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: twl6030: fix get status of twl6032 regulators
regulator: twl6030: re-add TWL6032_SUBCLASS
regulator: slg51000: Wait after asserting CS pin
regulator: core: fix UAF in destroy_regulator()
regulator: rt5759: fix OOB in validate_desc()
regulator: core: fix kobject release warning and memory leak in regulator_register()
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmOBCJEACgkQxWXV+ddt
WDu5Nw/+P59ARfAm/4HRId4iL6UKozSMc+blWLeP9KkjcytdAfek0oGe3gZ7NJVK
8VYa93yNneCTkNFLIEpqEduGQjN04dr0odRUXD/kIR8EEtjbgDrH9ZmL47An5wVH
qE8ILlh2+DXk/QLTpjo8n4mm+MJDJYzfz/jVV9vl8ehMahjj1M0/KmO/vNvDbP2s
owWU1FBjX7TV6kHa+SQGqd1HfXS1YUx203I4SDmPj8vSXtysvSOWClT3HO6i6O5S
MSS3Me+rx9eMFMISNghL8I466+lPlGxK14DmLUE4l0kfoKyd4eHQw+ft76D6Twuz
JqjegAGA1nzqDO0XDXb4WPjrPKG8r8Ven2eInF3kncku9GyeEafL+L+nmj7PHsE7
dixWo2TQ9z1Wm/n1NWlU02ZSLdbetUtYTvZczUhevtNzuYUtILihcFZO3+Cp7V4p
R2WwJ5XXdfS8g8Q9kJCOuVd9fZ+3hQvEF1IwWCP9ZZfmIC6/4/uGGFB6TJu7HmZC
trpQYn9l5aP9L9Uq8t+9j+XoDEzQW0tZGpiYI9ypAa5Q5xbw3Ez2JNTbF7YVqQE2
iFDwuuy/X1iNvifniQgdodKVQLK/PcNrlcNb/gPG6cGCWjlTj3SKT9SlrwAgSDZW
pFWFb9NtN3ORjLeCiONo/ZGpZzM9/XQplub+4WuXQXGNJasRIoE=
=Q4JA
-----END PGP SIGNATURE-----
Merge tag 'for-6.1-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
Pull btrfs fixes from David Sterba:
- fix a regression in nowait + buffered write
- in zoned mode fix endianness when comparing super block generation
- locking and lockdep fixes:
- fix potential sleeping under spinlock when setting qgroup limit
- lockdep warning fixes when btrfs_path is freed after copy_to_user
- do not modify log tree while holding a leaf from fs tree locked
- fix freeing of sysfs files of static features on error
- use kv.alloc for zone map allocation as a fallback to avoid warnings
due to high order allocation
- send, avoid unaligned encoded writes when attempting to clone range
* tag 'for-6.1-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
btrfs: do not modify log tree while holding a leaf from fs tree locked
btrfs: use kvcalloc in btrfs_get_dev_zone_info
btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
btrfs: send: avoid unaligned encoded writes when attempting to clone range
btrfs: zoned: fix missing endianness conversion in sb_write_pointer
btrfs: free btrfs_path before copying subvol info to userspace
btrfs: free btrfs_path before copying fspath to userspace
btrfs: free btrfs_path before copying inodes to userspace
btrfs: free btrfs_path before copying root refs to userspace
btrfs: fix assertion failure and blocking during nowait buffered write
- Revert a recent schedutil cpufreq governor change that introduced
a performace regression on Pixel 6 (Sam Wu).
- Fix amd-pstate driver initialization after running the kernel via
kexec (Wyes Karny).
- Turn amd-pstate into a built-in driver which allows it to take
precedence over acpi-cpufreq by default on supported systems and
amend it with a mechanism to disable this behavior (Perry Yuan).
- Update amd-pstate documentation in accordance with the other changes
made to it (Perry Yuan).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmOA9bgSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxfpsP/j1JTOy3tPCsvPgI+b/RCWq33sm5PpaU
iFYpfxE9uexy2FyGgsZSqp4fMpMw9fCjiCpv/yfxtLmKccmOyW2kG7IYnNuV5QuN
FnN6B9WfsLohbuk87H07GpuGZTy4OISjmEGE/gTHXhY6n0eQ9utiX9b8zQuRdhsO
Gz7N0GaYrDh1lo9HeHNXiXbgIuVSj8iRyzWjJwdeha8NhZxwzQ3tZz5zNcBlCeJ+
sFtopCWqDZ5DbmKQy4rYXRuW8zC6UUQ4opqcpG5+0e5e51aa0lexJtUqxcyuKqHd
8plSZEEofCd7XecsvdXGzxhN29FFFIPkHZHic6/GQQou0gC8uGdp/LQMCoiZ3sJ1
3YblYJkYXMCsi9COjCAesMwy6PENL98XLfQYVmfT/EEHPgyxG1hD0a/xf0UvXzsf
V2h/gX+gfnDspCtStkrprapQb1WTCgA8d4tOB6x47EpCfY+H3HrNPFNIpJ93ErQJ
rAe8jAARh1qAbOEWYipc0XmnJLV4aDBAkR+6uE7GHXu6ESOUfvOzpVrQ5d3x4Ohk
a+vyupwiRGxRRoBjuGFyf/v15g6/UeLi5A/4Qi5SpCM7Uet7RnE/ltxjbgZJZgfG
gtBJvNaFExWJI5hFZIpz4hubsWvFMaF6SwlXnVMdYGuKZl0w119wAHFLkyO4EmHk
5RacLxDHEJ4q
=+qZV
-----END PGP SIGNATURE-----
Merge tag 'pm-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These revert a recent change in the schedutil cpufreq governor that
had not been expected to make any functional difference, but turned
out to introduce a performance regression, fix an initialization issue
in the amd-pstate driver and make it actually replace the venerable
ACPI cpufreq driver on the supported systems by default.
Specifics:
- Revert a recent schedutil cpufreq governor change that introduced a
performace regression on Pixel 6 (Sam Wu)
- Fix amd-pstate driver initialization after running the kernel via
kexec (Wyes Karny)
- Turn amd-pstate into a built-in driver which allows it to take
precedence over acpi-cpufreq by default on supported systems and
amend it with a mechanism to disable this behavior (Perry Yuan)
- Update amd-pstate documentation in accordance with the other
changes made to it (Perry Yuan)"
* tag 'pm-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
Documentation: add amd-pstate kernel command line options
Documentation: amd-pstate: add driver working mode introduction
cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection
cpufreq: amd-pstate: change amd-pstate driver to be built-in type
cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init
Revert "cpufreq: schedutil: Move max CPU capacity to sugov_policy"
- Fix size of incorrectly increased from four to eight bytes
TOD field of crash dump save area. As result in case of
kdump NT_S390_TODPREG ELF notes section contains correct
value and "detected read beyond size of field" compiler
warning goes away.
- Fix memory leak in cryptographic Adjunct Processors (AP)
module on initialization failure path.
- Add Gerald Schaefer <gerald.schaefer@linux.ibm.com> and
Alexander Gordeev <agordeev@linux.ibm.com> as S390 memory
management maintainers. Also rename the S390 section to
S390 ARCHITECTURE to be a bit more precise.
-----BEGIN PGP SIGNATURE-----
iI0EABYIADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCY4DkjxccYWdvcmRlZXZA
bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8JrmAP928nAXDg4Gfctxka3tANgqu6uZ
SLQ79G717Hq+OHyYjwD9GHFrKjfaimYocAsyf9jPyKnnac4jVydA42CLdLbV2AI=
=Vl1I
-----END PGP SIGNATURE-----
Merge tag 's390-6.1-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 updates from Alexander Gordeev:
- Fix size of incorrectly increased from four to eight bytes TOD field
of crash dump save area. As result in case of kdump NT_S390_TODPREG
ELF notes section contains correct value and "detected read beyond
size of field" compiler warning goes away.
- Fix memory leak in cryptographic Adjunct Processors (AP) module on
initialization failure path.
- Add Gerald Schaefer <gerald.schaefer@linux.ibm.com> and Alexander
Gordeev <agordeev@linux.ibm.com> as S390 memory management
maintainers. Also rename the S390 section to S390 ARCHITECTURE to be
a bit more precise.
* tag 's390-6.1-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
MAINTAINERS: add S390 MM section
s390/crashdump: fix TOD programmable field size
s390/ap: fix memory leak in ap_init_qci_info()
-----BEGIN PGP SIGNATURE-----
iQFHBAABCAAxFiEEIbPD0id6easf0xsudhRwX5BBoF4FAmOA1C0THHdlaS5saXVA
a2VybmVsLm9yZwAKCRB2FHBfkEGgXoofCADVaWCNcmktsiMxeNuMGJULbib5Jf/q
69axU1totvczkff0Cg9NuDQoqXIJKF9NB4HbO0atqI4VXwInk6Y8xxNFY/EzGAat
6Dr+y6lT2OL+qzjkk8yMB8CQM67XTfDNOVeo8tVSpTOnCohHyQw4QSJmlh/cO60l
h33UbvWwzTkxuZCGJxULGOEsydw1ktoEUC/TS0hqWVG/vmqfPBGiEb2oWU+lPE/0
cARhsV+VpLQ4bX960pcrbRvkEgydEtJHCvkU5k8C5ZoPaStNPvY/6we96eB+r4i+
htb4LDN8n7M9EZS30/xm/DLmemawKk57bv5fZtVv+98srtQhgO3kc2iu
=mp04
-----END PGP SIGNATURE-----
Merge tag 'hyperv-fixes-signed-20221125' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux
Pull hyperv fixes from Wei Liu:
- Fix IRTE allocation in Hyper-V PCI controller (Dexuan Cui)
- Fix handling of SCSI srb_status and capacity change events (Michael
Kelley)
- Restore VP assist page after CPU offlining and onlining (Vitaly
Kuznetsov)
- Fix some memory leak issues in VMBus (Yang Yingliang)
* tag 'hyperv-fixes-signed-20221125' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
PCI: hv: Only reuse existing IRTE allocation for Multi-MSI
scsi: storvsc: Fix handling of srb_status and capacity change events
x86/hyperv: Restore VP assist page after cpu offlining/onlining
There have been a lot of hotfixes this cycle, and this is quite a large
batch given how far we are into the -rc cycle. Presumably a reflection of
the unusually large amount of MM material which went into 6.1-rc1.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCY4Bd6gAKCRDdBJ7gKXxA
jvX6AQCsG1ld24kMpdD+70XXUyC29g/6/jribgtZApHyDYjxSwD/WmLNpPlUPRax
WB071Y5w65vjSTUKvwU0OLGbHwyxgAw=
=swD5
-----END PGP SIGNATURE-----
Merge tag 'mm-hotfixes-stable-2022-11-24' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull hotfixes from Andrew Morton:
"24 MM and non-MM hotfixes. 8 marked cc:stable and 16 for post-6.0
issues.
There have been a lot of hotfixes this cycle, and this is quite a
large batch given how far we are into the -rc cycle. Presumably a
reflection of the unusually large amount of MM material which went
into 6.1-rc1"
* tag 'mm-hotfixes-stable-2022-11-24' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (24 commits)
test_kprobes: fix implicit declaration error of test_kprobes
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
mm/cgroup/reclaim: fix dirty pages throttling on cgroup v1
mm: fix unexpected changes to {failslab|fail_page_alloc}.attr
swapfile: fix soft lockup in scan_swap_map_slots
hugetlb: fix __prep_compound_gigantic_page page flag setting
kfence: fix stack trace pruning
proc/meminfo: fix spacing in SecPageTables
mm: multi-gen LRU: retry folios written back while isolated
mailmap: update email address for Satya Priya
mm/migrate_device: return number of migrating pages in args->cpages
kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible
MAINTAINERS: update Alex Hung's email address
mailmap: update Alex Hung's email address
mm: mmap: fix documentation for vma_mas_szero
mm/damon/sysfs-schemes: skip stats update if the scheme directory is removed
mm/memory: return vm_fault_t result from migrate_to_ram() callback
mm: correctly charge compressed memory to its memcg
ipc/shm: call underlying open/close vm_ops
gcov: clang: fix the buffer overflow issue
...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQqUNBr3gm4hGXdBJlZ7Krx/gZQ6wUCY4A7qAAKCRBZ7Krx/gZQ
61SoAP9bWYuW44RNEkitOIPCi/bmWy5D9alVEjWinmxzsT94NgEA5rfc4uuSCLp1
se+Qgcu5iNKpHTXIOAOX7ozCCQJzQgo=
=GK/t
-----END PGP SIGNATURE-----
Merge tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:
"A couple of fixes, one of them for this cycle regression..."
* tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
vfs: vfs_tmpfile: ensure O_EXCL flag is enforced
fs: use acquire ordering in __fget_light()
With how task_work is added and signaled, we can have TIF_NOTIFY_SIGNAL
set and no task_work pending as it got run in a previous loop. Treat
TIF_NOTIFY_SIGNAL like get_signal(), always clear it if set regardless
of whether or not task_work is pending to run.
Cc: stable@vger.kernel.org
Fixes: 46a525e199 ("io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
A few more last-minute fixes for 6.1 that have been gathered in the
last week; nothing looks too worrisome, mostly device-specific small
fixes, including the ABI fix for ASoC SOF.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmN/muAOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE/mpRAAlNct2PsBa+zCqY0GRtrCsRKylM1+jQlqHUZ7
1dibJFA7tJJhgRB8cWnEDpNW8zKcsYiatYKJFIE8HFtECBZ3eMHgeSOaOmGdKLpN
EG+zaF5X6j37w7YTywTqU/cmZXRkLcDRK+bCcnz6d+TdhZj9DZuBtaWD8yFGQMTz
aUueasZ5N1Vs64hVLXG1vQWlIlYpzP32yF5MUHZp9Ie0siJqW0cwrghSBO4bZRNv
qnKIPpryDBZEIcqKv2/VumuYO88X4bDw9F4y2OPAjC4yS/9pxvFe2qIHQs70Zqbg
Tkv904OcaqcD0krY1Ux43Td7Hk6sBGYMc1knCoBvQlj9UTkjJ3UKugp9Evwscc3h
eAZABjFuAxzeODAAjYqFRqcP/9aVUEW5YkoBIjfpiSxYhikJaklaxYS2BoA6pmrj
wUF3EZOq3cOJw1sVu9UgmCtjJk9CojE18zVTQXU4oIPel1G8dA/FNbci+ux7rmQ1
J7lnySiVDfNtkpUXSJBcj0VC/BXWAFtjuaOEn0uoZDwJfdgYhjRptgeuX8WMB7xT
lDH30NyZ+YTbQNU+XK/+DtWnz3htjATKmNJGAodtynLhX+8i8Nkfsf7B5jAXsQZ4
RIkp8086ADD2ALhO82kUmba062xUwpra3VmwdLo7InBTuD9j7eXizd7nmiPt3G+/
77Oc2ug=
=5fKR
-----END PGP SIGNATURE-----
Merge tag 'sound-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A few more last-minute fixes for 6.1 that have been gathered in the
last week; nothing looks too worrisome, mostly device-specific small
fixes, including the ABI fix for ASoC SOF"
* tag 'sound-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ASoC: soc-pcm: Add NULL check in BE reparenting
ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
ASoC: SOF: dai: move AMD_HS to end of list to restore backwards-compatibility
ASoC: max98373: Add checks for devm_kcalloc
ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions
ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
ASoC: hdac_hda: fix hda pcm buffer overflow issue
ASoC: stm32: i2s: remove irqf_oneshot flag
ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register
amdgpu:
- amdgpu gang submit fix.
- DCN 3.1.4 fixes
- DP MST DSC deadlock fixes
- HMM userptr fixes
- Fix Aldebaran CU occupancy reporting
- GFX11 fixes
- PSP suspend/resume fix
- DCE12 KASAN fix
- DCN 3.2.x fixes
- Rotated cursor fix
- SMU 13.x fix
- DELL platform suspend/resume fixes
- VCN4 SR-IOV fix
- Display regression fix for polled connectors
i915:
- Fix GVT KVM reference count handling
- Never purge busy TTM objects
- Fix warn in intel_display_power_*_domain() functions
dma-buf:
- Use dma_fence_unwrap_for_each when importing sync files.
- Fix race in dma_heap_add().
fbcon:
- Fix use of uninitialized memory in logo.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmOANPQACgkQDHTzWXnE
hr4a/A/+JuYIIC0ZtGeY3mcmHIcNQIIeCDmf+/8BGZCp6Dr2Uz62jBhyylbrZ9MQ
lHHmV3HI1khC3S5v351zeEzFCfK9JKWs64I3sBuBF04yi49PvCD5+8MpgUPRgPWb
N6t319GlIw1X0ktA2tgzekGVJCSaCyZNUD4kvO9PwrLFTpVeqEoCUoYwmqLCt392
u0r9FYrAQLmH208/6DG5PnKHLXO5/VspJT09xz3faZdVAJtLc6Pr+npO2kUsx8Y0
quGtdh0OxhdsExhXWZGSm3DDEMmxqC0e14QX0dXuzOkTfIYRkUzkXLjph99nMEir
rpszx0wJrdjbWiL98nXi520KlcNZeeCM6s1WbXXBplgJHAhEXrcBuvNEH9s/SedL
qRBdqKtmxpeJkkimAfpqPvKkSmwyfNIZ01Yekrtm9ovmD2T6uO3zjX5411d4iHJ7
JiSwkcnaqR75Tbvq7aoOubQUB3S4JXIqqxuVgQicu7H/wcuImbcaaaaWmxPwIYRi
tn0Dwt+GY84bYi47g9DzcslpxFXV36c5aQv2HwdDfUu8/oqOZakgzYiZoxPIlT5K
y5TFvInNEhuNExezVRzbxp5asgPy3izEaUrrQIFJ8XchP4N6jr+17x174ix4O019
T4H9PhNybHGSVGWAkuy9+KTIOGbP5vbY1zzmEGjPlkKmv0BFDfM=
=o133
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2022-11-25' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Weekly fixes, amdgpu has not quite settled down.
Most of the changes are small, and the non-amdgpu ones are all fine.
There are a bunch of DP MST DSC fixes that fix some issues introduced
in a previous larger MST rework.
The biggest one is mainly propagating some error values properly
instead of bool returns, and I think it just looks large but doesn't
really change anything too much, except propagating errors that are
required to avoid deadlocks. I've gone over it and a few others and
they've had some decent testing over the last few weeks.
Summary:
amdgpu:
- amdgpu gang submit fix
- DCN 3.1.4 fixes
- DP MST DSC deadlock fixes
- HMM userptr fixes
- Fix Aldebaran CU occupancy reporting
- GFX11 fixes
- PSP suspend/resume fix
- DCE12 KASAN fix
- DCN 3.2.x fixes
- Rotated cursor fix
- SMU 13.x fix
- DELL platform suspend/resume fixes
- VCN4 SR-IOV fix
- Display regression fix for polled connectors
i915:
- Fix GVT KVM reference count handling
- Never purge busy TTM objects
- Fix warn in intel_display_power_*_domain() functions
dma-buf:
- Use dma_fence_unwrap_for_each when importing sync files
- Fix race in dma_heap_add()
fbcon:
- Fix use of uninitialized memory in logo"
* tag 'drm-fixes-2022-11-25' of git://anongit.freedesktop.org/drm/drm: (30 commits)
drm/amdgpu/vcn: re-use original vcn0 doorbell value
drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read"
drm/amd/display: No display after resume from WB/CB
drm/amdgpu: fix use-after-free during gpu recovery
drm/amd/pm: update driver if header for smu_13_0_7
drm/amd/display: Fix rotated cursor offset calculation
drm/amd/display: Use new num clk levels struct for max mclk index
drm/amd/display: Avoid setting pixel rate divider to N/A
drm/amd/display: Use viewport height for subvp mall allocation size
drm/amd/display: Update soc bounding box for dcn32/dcn321
drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
drm/amdgpu/psp: don't free PSP buffers on suspend
fbcon: Use kzalloc() in fbcon_prepare_logo()
dma-buf: fix racing conflict of dma_heap_add()
drm/amd/amdgpu: reserve vm invalidation engine for firmware
drm/amdgpu: Enable Aldebaran devices to report CU Occupancy
drm/amdgpu: fix userptr HMM range handling v2
drm/amdgpu: always register an MMU notifier for userptr
drm/amdgpu/dm/mst: Fix uninitialized var in pre_compute_mst_dsc_configs_for_state()
drm/amdgpu/dm/dp_mst: Don't grab mst_mgr->lock when computing DSC state
...
There is an interesting race condition of poll_refs which could result
in a NULL pointer dereference. The crash trace is like:
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 30781 Comm: syz-executor.2 Not tainted 6.0.0-g493ffd6605b2 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:io_poll_remove_entry io_uring/poll.c:154 [inline]
RIP: 0010:io_poll_remove_entries+0x171/0x5b4 io_uring/poll.c:190
Code: ...
RSP: 0018:ffff88810dfefba0 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000040000
RDX: ffffc900030c4000 RSI: 000000000003ffff RDI: 0000000000040000
RBP: 0000000000000008 R08: ffffffff9764d3dd R09: fffffbfff3836781
R10: fffffbfff3836781 R11: 0000000000000000 R12: 1ffff11003422d60
R13: ffff88801a116b04 R14: ffff88801a116ac0 R15: dffffc0000000000
FS: 00007f9c07497700(0000) GS:ffff88811a600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffb5c00ea98 CR3: 0000000105680005 CR4: 0000000000770ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
io_apoll_task_func+0x3f/0xa0 io_uring/poll.c:299
handle_tw_list io_uring/io_uring.c:1037 [inline]
tctx_task_work+0x37e/0x4f0 io_uring/io_uring.c:1090
task_work_run+0x13a/0x1b0 kernel/task_work.c:177
get_signal+0x2402/0x25a0 kernel/signal.c:2635
arch_do_signal_or_restart+0x3b/0x660 arch/x86/kernel/signal.c:869
exit_to_user_mode_loop kernel/entry/common.c:166 [inline]
exit_to_user_mode_prepare+0xc2/0x160 kernel/entry/common.c:201
__syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
syscall_exit_to_user_mode+0x58/0x160 kernel/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The root cause for this is a tiny overlooking in
io_poll_check_events() when cocurrently run with poll cancel routine
io_poll_cancel_req().
The interleaving to trigger use-after-free:
CPU0 | CPU1
|
io_apoll_task_func() | io_poll_cancel_req()
io_poll_check_events() |
// do while first loop |
v = atomic_read(...) |
// v = poll_refs = 1 |
... | io_poll_mark_cancelled()
| atomic_or()
| // poll_refs =
IO_POLL_CANCEL_FLAG | 1
|
atomic_sub_return(...) |
// poll_refs = IO_POLL_CANCEL_FLAG |
// loop continue |
|
| io_poll_execute()
| io_poll_get_ownership()
| // poll_refs =
IO_POLL_CANCEL_FLAG | 1
| // gets the ownership
v = atomic_read(...) |
// poll_refs not change |
|
if (v & IO_POLL_CANCEL_FLAG) |
return -ECANCELED; |
// io_poll_check_events return |
// will go into |
// io_req_complete_failed() free req |
|
| io_apoll_task_func()
| // also go into
io_req_complete_failed()
And the interleaving to trigger the kernel WARNING:
CPU0 | CPU1
|
io_apoll_task_func() | io_poll_cancel_req()
io_poll_check_events() |
// do while first loop |
v = atomic_read(...) |
// v = poll_refs = 1 |
... | io_poll_mark_cancelled()
| atomic_or()
| // poll_refs =
IO_POLL_CANCEL_FLAG | 1
|
atomic_sub_return(...) |
// poll_refs = IO_POLL_CANCEL_FLAG |
// loop continue |
|
v = atomic_read(...) |
// v = IO_POLL_CANCEL_FLAG |
| io_poll_execute()
| io_poll_get_ownership()
| // poll_refs =
IO_POLL_CANCEL_FLAG | 1
| // gets the ownership
|
WARN_ON_ONCE(!(v & IO_POLL_REF_MASK))) |
// v & IO_POLL_REF_MASK = 0 WARN |
|
| io_apoll_task_func()
| // also go into
io_req_complete_failed()
By looking up the source code and communicating with Pavel, the
implementation of this atomic poll refs should continue the loop of
io_poll_check_events() just to avoid somewhere else to grab the
ownership. Therefore, this patch simply adds another AND operation to
make sure the loop will stop if it finds the poll_refs is exactly equal
to IO_POLL_CANCEL_FLAG. Since io_poll_cancel_req() grabs ownership and
will finally make its way to io_req_complete_failed(), the req will
be reclaimed as expected.
Fixes: aa43477b04 ("io_uring: poll rework")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Reviewed-by: Pavel Begunkov <asml.silence@gmail.com>
[axboe: tweak description and code style]
Signed-off-by: Jens Axboe <axboe@kernel.dk>
There is an interesting reference bug when -ENOMEM occurs in calling of
io_install_fixed_file(). KASan report like below:
[ 14.057131] ==================================================================
[ 14.059161] BUG: KASAN: use-after-free in unix_get_socket+0x10/0x90
[ 14.060975] Read of size 8 at addr ffff88800b09cf20 by task kworker/u8:2/45
[ 14.062684]
[ 14.062768] CPU: 2 PID: 45 Comm: kworker/u8:2 Not tainted 6.1.0-rc4 #1
[ 14.063099] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[ 14.063666] Workqueue: events_unbound io_ring_exit_work
[ 14.063936] Call Trace:
[ 14.064065] <TASK>
[ 14.064175] dump_stack_lvl+0x34/0x48
[ 14.064360] print_report+0x172/0x475
[ 14.064547] ? _raw_spin_lock_irq+0x83/0xe0
[ 14.064758] ? __virt_addr_valid+0xef/0x170
[ 14.064975] ? unix_get_socket+0x10/0x90
[ 14.065167] kasan_report+0xad/0x130
[ 14.065353] ? unix_get_socket+0x10/0x90
[ 14.065553] unix_get_socket+0x10/0x90
[ 14.065744] __io_sqe_files_unregister+0x87/0x1e0
[ 14.065989] ? io_rsrc_refs_drop+0x1c/0xd0
[ 14.066199] io_ring_exit_work+0x388/0x6a5
[ 14.066410] ? io_uring_try_cancel_requests+0x5bf/0x5bf
[ 14.066674] ? try_to_wake_up+0xdb/0x910
[ 14.066873] ? virt_to_head_page+0xbe/0xbe
[ 14.067080] ? __schedule+0x574/0xd20
[ 14.067273] ? read_word_at_a_time+0xe/0x20
[ 14.067492] ? strscpy+0xb5/0x190
[ 14.067665] process_one_work+0x423/0x710
[ 14.067879] worker_thread+0x2a2/0x6f0
[ 14.068073] ? process_one_work+0x710/0x710
[ 14.068284] kthread+0x163/0x1a0
[ 14.068454] ? kthread_complete_and_exit+0x20/0x20
[ 14.068697] ret_from_fork+0x22/0x30
[ 14.068886] </TASK>
[ 14.069000]
[ 14.069088] Allocated by task 289:
[ 14.069269] kasan_save_stack+0x1e/0x40
[ 14.069463] kasan_set_track+0x21/0x30
[ 14.069652] __kasan_slab_alloc+0x58/0x70
[ 14.069899] kmem_cache_alloc+0xc5/0x200
[ 14.070100] __alloc_file+0x20/0x160
[ 14.070283] alloc_empty_file+0x3b/0xc0
[ 14.070479] path_openat+0xc3/0x1770
[ 14.070689] do_filp_open+0x150/0x270
[ 14.070888] do_sys_openat2+0x113/0x270
[ 14.071081] __x64_sys_openat+0xc8/0x140
[ 14.071283] do_syscall_64+0x3b/0x90
[ 14.071466] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 14.071791]
[ 14.071874] Freed by task 0:
[ 14.072027] kasan_save_stack+0x1e/0x40
[ 14.072224] kasan_set_track+0x21/0x30
[ 14.072415] kasan_save_free_info+0x2a/0x50
[ 14.072627] __kasan_slab_free+0x106/0x190
[ 14.072858] kmem_cache_free+0x98/0x340
[ 14.073075] rcu_core+0x427/0xe50
[ 14.073249] __do_softirq+0x110/0x3cd
[ 14.073440]
[ 14.073523] Last potentially related work creation:
[ 14.073801] kasan_save_stack+0x1e/0x40
[ 14.074017] __kasan_record_aux_stack+0x97/0xb0
[ 14.074264] call_rcu+0x41/0x550
[ 14.074436] task_work_run+0xf4/0x170
[ 14.074619] exit_to_user_mode_prepare+0x113/0x120
[ 14.074858] syscall_exit_to_user_mode+0x1d/0x40
[ 14.075092] do_syscall_64+0x48/0x90
[ 14.075272] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 14.075529]
[ 14.075612] Second to last potentially related work creation:
[ 14.075900] kasan_save_stack+0x1e/0x40
[ 14.076098] __kasan_record_aux_stack+0x97/0xb0
[ 14.076325] task_work_add+0x72/0x1b0
[ 14.076512] fput+0x65/0xc0
[ 14.076657] filp_close+0x8e/0xa0
[ 14.076825] __x64_sys_close+0x15/0x50
[ 14.077019] do_syscall_64+0x3b/0x90
[ 14.077199] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 14.077448]
[ 14.077530] The buggy address belongs to the object at ffff88800b09cf00
[ 14.077530] which belongs to the cache filp of size 232
[ 14.078105] The buggy address is located 32 bytes inside of
[ 14.078105] 232-byte region [ffff88800b09cf00, ffff88800b09cfe8)
[ 14.078685]
[ 14.078771] The buggy address belongs to the physical page:
[ 14.079046] page:000000001bd520e7 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800b09de00 pfn:0xb09c
[ 14.079575] head:000000001bd520e7 order:1 compound_mapcount:0 compound_pincount:0
[ 14.079946] flags: 0x100000000010200(slab|head|node=0|zone=1)
[ 14.080244] raw: 0100000000010200 0000000000000000 dead000000000001 ffff88800493cc80
[ 14.080629] raw: ffff88800b09de00 0000000080190018 00000001ffffffff 0000000000000000
[ 14.081016] page dumped because: kasan: bad access detected
[ 14.081293]
[ 14.081376] Memory state around the buggy address:
[ 14.081618] ffff88800b09ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 14.081974] ffff88800b09ce80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 14.082336] >ffff88800b09cf00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 14.082690] ^
[ 14.082909] ffff88800b09cf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[ 14.083266] ffff88800b09d000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 14.083622] ==================================================================
The actual tracing of this bug is shown below:
commit 8c71fe7502 ("io_uring: ensure fput() called correspondingly
when direct install fails") adds an additional fput() in
io_fixed_fd_install() when io_file_bitmap_get() returns error values. In
that case, the routine will never make it to io_install_fixed_file() due
to an early return.
static int io_fixed_fd_install(...)
{
if (alloc_slot) {
...
ret = io_file_bitmap_get(ctx);
if (unlikely(ret < 0)) {
io_ring_submit_unlock(ctx, issue_flags);
fput(file);
return ret;
}
...
}
...
ret = io_install_fixed_file(req, file, issue_flags, file_slot);
...
}
In the above scenario, the reference is okay as io_fixed_fd_install()
ensures the fput() is called when something bad happens, either via
bitmap or via inner io_install_fixed_file().
However, the commit 61c1b44a21 ("io_uring: fix deadlock on iowq file
slot alloc") breaks the balance because it places fput() into the common
path for both io_file_bitmap_get() and io_install_fixed_file(). Since
io_install_fixed_file() handles the fput() itself, the reference
underflow come across then.
There are some extra commits make the current code into
io_fixed_fd_install() -> __io_fixed_fd_install() ->
io_install_fixed_file()
However, the fact that there is an extra fput() is called if
io_install_fixed_file() calls fput(). Traversing through the code, I
find that the existing two callers to __io_fixed_fd_install():
io_fixed_fd_install() and io_msg_send_fd() have fput() when handling
error return, this patch simply removes the fput() in
io_install_fixed_file() to fix the bug.
Fixes: 61c1b44a21 ("io_uring: fix deadlock on iowq file slot alloc")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/be4ba4b.5d44.184a0a406a4.Coremail.linma@zju.edu.cn
Signed-off-by: Jens Axboe <axboe@kernel.dk>
poll_refs carry two functions, the first is ownership over the request.
The second is notifying the io_poll_check_events() that there was an
event but wake up couldn't grab the ownership, so io_poll_check_events()
should retry.
We want to make poll_refs more robust against overflows. Instead of
always incrementing it, which covers two purposes with one atomic, check
if poll_refs is elevated enough and if so set a retry flag without
attempts to grab ownership. The gap between the bias check and following
atomics may seem racy, but we don't need it to be strict. Moreover there
might only be maximum 4 parallel updates: by the first and the second
poll entries, __io_arm_poll_handler() and cancellation. From those four,
only poll wake ups may be executed multiple times, but they're protected
by a spin.
Cc: stable@vger.kernel.org
Reported-by: Lin Ma <linma@zju.edu.cn>
Fixes: aa43477b04 ("io_uring: poll rework")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/c762bc31f8683b3270f3587691348a7119ef9c9d.1668963050.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Replace atomically substracting the ownership reference at the end of
arming a poll with a cmpxchg. We try to release ownership by setting 0
assuming that poll_refs didn't change while we were arming. If it did
change, we keep the ownership and use it to queue a tw, which is fully
capable to process all events and (even tolerates spurious wake ups).
It's a bit more elegant as we reduce races b/w setting the cancellation
flag and getting refs with this release, and with that we don't have to
worry about any kinds of underflows. It's not the fastest path for
polling. The performance difference b/w cmpxchg and atomic dec is
usually negligible and it's not the fastest path.
Cc: stable@vger.kernel.org
Fixes: aa43477b04 ("io_uring: poll rework")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/0c95251624397ea6def568ff040cad2d7926fd51.1668963050.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
If a file zone transitions to the offline or readonly state from an
active state, we must clear the zone active flag and decrement the
active seq file counter. Do so in zonefs_account_active() using the new
zonefs inode flags ZONEFS_ZONE_OFFLINE and ZONEFS_ZONE_READONLY. These
flags are set if necessary in zonefs_check_zone_condition() based on the
result of report zones operation after an IO error.
Fixes: 87c9ce3ffe ("zonefs: Add active seq file accounting")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Commit 868f9f2f8e ("vfs: fix copy_file_range() regression in cross-fs
copies") removed fallback to generic_copy_file_range() for cross-fs
cases inside vfs_copy_file_range().
To preserve behavior of nfsd and ksmbd server-side-copy, the fallback to
generic_copy_file_range() was added in nfsd and ksmbd code, but that
call is missing sb_start_write(), fsnotify hooks and more.
Ideally, nfsd and ksmbd would pass a flag to vfs_copy_file_range() that
will take care of the fallback, but that code would be subtle and we got
vfs_copy_file_range() logic wrong too many times already.
Instead, add a flag to explicitly request vfs_copy_file_range() to
perform only generic_copy_file_range() and let nfsd and ksmbd use this
flag only in the fallback path.
This choise keeps the logic changes to minimum in the non-nfsd/ksmbd code
paths to reduce the risk of further regressions.
Fixes: 868f9f2f8e ("vfs: fix copy_file_range() regression in cross-fs copies")
Tested-by: Namjae Jeon <linkinjeon@kernel.org>
Tested-by: Luis Henriques <lhenriques@suse.de>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
drm-misc-fixes for v6.1-rc7:
- Another amdgpu gang submit fix.
- Use dma_fence_unwrap_for_each when importing sync files.
- Fix race in dma_heap_add().
- Fix use of uninitialized memory in logo.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/a5721505-4823-98ef-7d6f-0ea478221391@linux.intel.com