IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
three unrelated MM fixes.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCZoYyTAAKCRDdBJ7gKXxA
ju7KAQCxpW3zGuZmFiBJNYYor+GAPBsqPgQ8RrSusklJiVDMlQD+LuV2gI1ARIm/
6f1bZjEYomswEZyCq6FHZQuhWqLVhw4=
=1oCx
-----END PGP SIGNATURE-----
Merge tag 'mm-hotfixes-stable-2024-07-03-22-23' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc fixes from, Andrew Morton:
"6 hotfies, all cc:stable. Some fixes for longstanding nilfs2 issues
and three unrelated MM fixes"
* tag 'mm-hotfixes-stable-2024-07-03-22-23' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
nilfs2: fix incorrect inode allocation from reserved inodes
nilfs2: add missing check for inode numbers on directory entries
nilfs2: fix inode number range checks
mm: avoid overflows in dirty throttling logic
Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"
mm: optimize the redundant loop of mm_update_owner_next()
It was reported that the ioctl() number used to update the ring buffer
memory mapping conflicted with the TCGETS ioctl causing strace to report:
$ strace -e ioctl stty
ioctl(0, TCGETS or TRACE_MMAP_IOCTL_GET_READER, {c_iflag=ICRNL|IXON, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0
Since this ioctl hasn't been in a full release yet, change it from "T", 0x1
to "R" 0x20, and also reserve 0x20-0x2F for future ioctl commands, as
some more are being worked on for the future.
-----BEGIN PGP SIGNATURE-----
iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZoW49RQccm9zdGVkdEBn
b29kbWlzLm9yZwAKCRAp5XQQmuv6qhnxAP9gKeqaiBFcPQ9fVJB3pBfP960asb8b
UfAR0BwxjrLn3AD/Wv7HpzawRmirdeDL2sx7XIKdLCY8hknWWNot/CGibww=
=BKeF
-----END PGP SIGNATURE-----
Merge tag 'trace-v6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
Pull tracing fix from Steven Rostedt:
"Fix ioctl conflict with memmapped ring buffer ioctl
It was reported that the ioctl() number used to update the ring buffer
memory mapping conflicted with the TCGETS ioctl causing strace to
report:
$ strace -e ioctl stty
ioctl(0, TCGETS or TRACE_MMAP_IOCTL_GET_READER, {c_iflag=ICRNL|IXON, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0
Since this ioctl hasn't been in a full release yet, change it from
"T", 0x1 to "R" 0x20, and also reserve 0x20-0x2F for future ioctl
commands, as some more are being worked on for the future"
* tag 'trace-v6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
tracing: Have memmapped ring buffer use ioctl of "R" range 0x20-2F
If the bitmap block that manages the inode allocation status is corrupted,
nilfs_ifile_create_inode() may allocate a new inode from the reserved
inode area where it should not be allocated.
Previous fix commit d325dc6eb763 ("nilfs2: fix use-after-free bug of
struct nilfs_root"), fixed the problem that reserved inodes with inode
numbers less than NILFS_USER_INO (=11) were incorrectly reallocated due to
bitmap corruption, but since the start number of non-reserved inodes is
read from the super block and may change, in which case inode allocation
may occur from the extended reserved inode area.
If that happens, access to that inode will cause an IO error, causing the
file system to degrade to an error state.
Fix this potential issue by adding a wraparound option to the common
metadata object allocation routine and by modifying
nilfs_ifile_create_inode() to disable the option so that it only allocates
inodes with inode numbers greater than or equal to the inode number read
in "nilfs->ns_first_ino", regardless of the bitmap status of reserved
inodes.
Link: https://lkml.kernel.org/r/20240623051135.4180-4-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: Hillf Danton <hdanton@sina.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Syzbot reported that mounting and unmounting a specific pattern of
corrupted nilfs2 filesystem images causes a use-after-free of metadata
file inodes, which triggers a kernel bug in lru_add_fn().
As Jan Kara pointed out, this is because the link count of a metadata file
gets corrupted to 0, and nilfs_evict_inode(), which is called from iput(),
tries to delete that inode (ifile inode in this case).
The inconsistency occurs because directories containing the inode numbers
of these metadata files that should not be visible in the namespace are
read without checking.
Fix this issue by treating the inode numbers of these internal files as
errors in the sanity check helper when reading directory folios/pages.
Also thanks to Hillf Danton and Matthew Wilcox for their initial mm-layer
analysis.
Link: https://lkml.kernel.org/r/20240623051135.4180-3-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+d79afb004be235636ee8@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=d79afb004be235636ee8
Reported-by: Jan Kara <jack@suse.cz>
Closes: https://lkml.kernel.org/r/20240617075758.wewhukbrjod5fp5o@quack3
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: Hillf Danton <hdanton@sina.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Patch series "nilfs2: fix potential issues related to reserved inodes".
This series fixes one use-after-free issue reported by syzbot, caused by
nilfs2's internal inode being exposed in the namespace on a corrupted
filesystem, and a couple of flaws that cause problems if the starting
number of non-reserved inodes written in the on-disk super block is
intentionally (or corruptly) changed from its default value.
This patch (of 3):
In the current implementation of nilfs2, "nilfs->ns_first_ino", which
gives the first non-reserved inode number, is read from the superblock,
but its lower limit is not checked.
As a result, if a number that overlaps with the inode number range of
reserved inodes such as the root directory or metadata files is set in the
super block parameter, the inode number test macros (NILFS_MDT_INODE and
NILFS_VALID_INODE) will not function properly.
In addition, these test macros use left bit-shift calculations using with
the inode number as the shift count via the BIT macro, but the result of a
shift calculation that exceeds the bit width of an integer is undefined in
the C specification, so if "ns_first_ino" is set to a large value other
than the default value NILFS_USER_INO (=11), the macros may potentially
malfunction depending on the environment.
Fix these issues by checking the lower bound of "nilfs->ns_first_ino" and
by preventing bit shifts equal to or greater than the NILFS_USER_INO
constant in the inode number test macros.
Also, change the type of "ns_first_ino" from signed integer to unsigned
integer to avoid the need for type casting in comparisons such as the
lower bound check introduced this time.
Link: https://lkml.kernel.org/r/20240623051135.4180-1-konishi.ryusuke@gmail.com
Link: https://lkml.kernel.org/r/20240623051135.4180-2-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: Hillf Danton <hdanton@sina.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
The dirty throttling logic is interspersed with assumptions that dirty
limits in PAGE_SIZE units fit into 32-bit (so that various multiplications
fit into 64-bits). If limits end up being larger, we will hit overflows,
possible divisions by 0 etc. Fix these problems by never allowing so
large dirty limits as they have dubious practical value anyway. For
dirty_bytes / dirty_background_bytes interfaces we can just refuse to set
so large limits. For dirty_ratio / dirty_background_ratio it isn't so
simple as the dirty limit is computed from the amount of available memory
which can change due to memory hotplug etc. So when converting dirty
limits from ratios to numbers of pages, we just don't allow the result to
exceed UINT_MAX.
This is root-only triggerable problem which occurs when the operator
sets dirty limits to >16 TB.
Link: https://lkml.kernel.org/r/20240621144246.11148-2-jack@suse.cz
Signed-off-by: Jan Kara <jack@suse.cz>
Reported-by: Zach O'Keefe <zokeefe@google.com>
Reviewed-By: Zach O'Keefe <zokeefe@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Patch series "mm: Avoid possible overflows in dirty throttling".
Dirty throttling logic assumes dirty limits in page units fit into
32-bits. This patch series makes sure this is true (see patch 2/2 for
more details).
This patch (of 2):
This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.
The commit is broken in several ways. Firstly, the removed (u64) cast
from the multiplication will introduce a multiplication overflow on 32-bit
archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the
default settings with 4GB of RAM will trigger this). Secondly, the
div64_u64() is unnecessarily expensive on 32-bit archs. We have
div64_ul() in case we want to be safe & cheap. Thirdly, if dirty
thresholds are larger than 1<<32 pages, then dirty balancing is going to
blow up in many other spectacular ways anyway so trying to fix one
possible overflow is just moot.
Link: https://lkml.kernel.org/r/20240621144017.30993-1-jack@suse.cz
Link: https://lkml.kernel.org/r/20240621144246.11148-1-jack@suse.cz
Fixes: 9319b647902c ("mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again")
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-By: Zach O'Keefe <zokeefe@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
When mm_update_owner_next() is racing with swapoff (try_to_unuse()) or
/proc or ptrace or page migration (get_task_mm()), it is impossible to
find an appropriate task_struct in the loop whose mm_struct is the same as
the target mm_struct.
If the above race condition is combined with the stress-ng-zombie and
stress-ng-dup tests, such a long loop can easily cause a Hard Lockup in
write_lock_irq() for tasklist_lock.
Recognize this situation in advance and exit early.
Link: https://lkml.kernel.org/r/20240620122123.3877432-1-alexjlzheng@tencent.com
Signed-off-by: Jinliang Zheng <alexjlzheng@tencent.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Mateusz Guzik <mjguzik@gmail.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Tycho Andersen <tandersen@netflix.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmaFVo0QHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgptHDEACB+g4or5yQNnfhoNiwgQhP3I5A/xtPhz9i
QtItzjUnUiRiTkl127Fw7BNwu2TVs+T/CeEORBsC4g8LsaDKAh4zT/xYG5uUhcMi
riVh62oIbFfAznOi3QCG5eTG2hQJGwAXgiao8YFEHhwZ8KQbztIP9y7DfTjydPet
umgqrc/IMju6afgUvP3Fcuff7UkeFzRRbVKguj73M+Ua3lwjkGCm57GprPv6t82R
Ac+OMo4RTsrM/95pdf3PMwXXAk3+otjSqMtMPoz4IKMLaEpOaszsgAZWl/bSENTa
NXPu+YQYMdr1S00UIWYqX3NVx7s0QwvYKPtVj54e/YdEFFNm8H3jDUQpVOlpKQBd
uGf5vT3WofUcLXXVkhPXjyNfZVUJla4cR0mM9oE5gSVU1pu7FHpyFNH1NCoId6//
XL7HXmxCd5tdRFOa8CjuN5+4askpfvuSEAaYFXA825QRv+Wtuo6z7rBJWlYzIMBW
zvVvK8SZIaPmPAZorL8JPdc9sY+pr22AG7oiZqQ5Mc/m9Kz1lRYFdcPQlQKQPccm
O6DYP+j4k4uvKq27i/v2sAzC1VPKdQ+VGUpkK58eVLXFWIVieqA/Ji8VRi04FHrE
fh0ESyJyQIsNEszGC0a+U9qn6ROm8123Tz8rplkfYZaOVO1uD4xh1Hpfuii2SSre
Ey5ER8OJ9w==
=lvk+
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.10-20240703' of git://git.kernel.dk/linux
Pull io_uring fix from Jens Axboe:
"A fix for a feature that went into the 6.10 merge window actually
ended up causing a regression in building bundles for receives.
Fix that up by ensuring we don't overwrite msg_inq before we use
it in the loop"
* tag 'io_uring-6.10-20240703' of git://git.kernel.dk/linux:
io_uring/net: don't clear msg_inq before io_recv_buf_select() needs it
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE+QmuaPwR3wnBdVwACF8+vY7k4RUFAmaE7gMACgkQCF8+vY7k
4RWc3xAAl9zujdnr2FHq+pOXDvigISxTZLuKcSG70JsFO57FtolpIyPyPdihal+9
ukISMDDbYimzctQL4pXSaV0KCNr+p72SbzaQATYjwb48McmakzATpXGmuaWwuErZ
ZjzMymu9szc+9gipl1OPNP8D2n5B6Gd2OOOiMzFzMnVTSw22YC+J882rTSEsYGnz
CadejknRnaaQXBXiYarU+/4oxLPPrw6PP3dgIhaCP74O6gng13UkZTwnIj4w4TSf
HKoDlqhaUvp+NWQlEUwEFKOw6NzBvCq/U3uGdqDrFwD/3BuNxOX7Zcv6IpAFm8I7
7qPYKqEkch33qOl3nL9T8CH864zM3yJmzk6IxI4PEH23wsR2fbLjOgqsXqUUlnFM
M44JRLdoK/XpV7/uHTYoL4RKKD4jFtg106tqTl7EuovmkbrMPWp1+xx7ZjPRYa6Y
2MfOmHeOj155QxUJHyGVJ4/y7qiomh1aFM3LAHAR2Cgtgxy9bumwenutJU0qUoNr
74snlFjMQVTG5FNvVUgVXW0JX2+kty3YJtQUxW0ixerBQUagiA1GCn/BXJ4QDIYh
ygH+z45IsHuYLB6/hznJ2ROP6U9cRFF/AvNSFEFoYN4Z6l/E3GKPytU58iGOWnkB
4p9lKkX1EWF45APQ90jvHn5/Zdg29kkpcv/UK9Oa3SzU4/x05oY=
=qWJ6
-----END PGP SIGNATURE-----
Merge tag 'media/v6.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
Pull media fixes from Mauro Carvalho Chehab:
"Some fixes related to the IPU6 driver"
* tag 'media/v6.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
media: ivsc: Depend on IPU_BRIDGE or not IPU_BRIDGE
media: intel/ipu6: Fix a null pointer dereference in ipu6_isys_query_stream_by_source
media: ipu6: Use the ISYS auxdev device as the V4L2 device's device
This kselftest fixes update for Linux 6.10-rc7 consists of one single
patch to fix the non-contiguous CBM resctrl:
- AMD supports non-contiguous CBM but does not report it via CPUID. This
test should not use CPUID on AMD to detect non-contiguous CBM support.
Fix the problem so the test uses CPUID to discover non-contiguous CBM
support only on Intel.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPZKym/RZuOCGeA/kCwJExA0NQxwFAmaEZZkACgkQCwJExA0N
QxwgbRAAwLYXO30O83wEYW3CpTQ+zuEGB9OUwZpDX1zFatREYXUfwxWWnnZVHoed
4/ifd4Xn+GcHEDZi1adzAadEAbHWyta8nTzpNvP15wQ1zLCDq33G/ec+aFYiAntK
zu/AGqwDvV+mgOq0OJ9QuZy/PSaB1WPcRXghxbaeiD0jJCZt8QL/WDjTuq7+n7J1
Sgbo0W9eoRpVNAgtAf8kFrghggvPAorrTvah28YMRM3yEGc5Vp3XtkURYAhbKBzr
ZF/04PUoM2GDN3ua1wY63n3eGz5CupP7f/AdCRxwW0YJgKjGQuKmyBSt7AAdsAvy
kV2eAy0Qb1u6JowJwfvJ/P5/nEgvtqovfMah/yLpr1Y0AIgycgKsmJcy6FaK1KlD
hV3omXNLlRQGgepViHI7PEQcsYhi8GX3Mi9M8oWu5QgMCsxXocvpUVBu64gmUakK
Foj3gI4CGPskgO5IT5FsZlv/PbyWNVntn+I7geSpemTxHy1e7CIxMGaDgSM3Wsps
3/IQvP4RwF0uHzvC5dK85JJe9toxD9zzXUZavyYUmrhSc6dfex0qvlynfhvvTL9S
+sJe3gdu09PFZCMRFIsWmmeN6EopNEr6cLO46uLnkrHZVi33yhtezuTloXimo2yR
udMYLsM2nVV5+S2m+0XGb+peXWu48bmxepNxHFfiIXDKWReaid0=
=Net1
-----END PGP SIGNATURE-----
Merge tag 'linux_kselftest-fixes-6.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
Pull kselftest fixes from Shuah Khan:
"One single patch to fix the non-contiguous CBM resctrl:
- AMD supports non-contiguous CBM but does not report it via CPUID.
This test should not use CPUID on AMD to detect non-contiguous CBM
support. Fix the problem so the test uses CPUID to discover
non-contiguous CBM support only on Intel"
* tag 'linux_kselftest-fixes-6.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
selftests/resctrl: Fix non-contiguous CBM for AMD
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCZoRT7gAKCRCRxhvAZXjc
opNXAP9dXdBWK0LqpLlN5Y01UQ8Kd7AqFCAEvFL5SCX3U3dJ8QD+IZbzIM2qhPJJ
f2gVyw7drWTfqJvWhzFch616QyGVNwA=
=daVI
-----END PGP SIGNATURE-----
Merge tag 'vfs-6.10-rc7.fixes.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
Pull vfs fixes from Christian Brauner:
"VFS:
- Improve handling of deep ancestor chains in is_subdir()
- Release locks cleanly when fctnl_setlk() races with close().
When setting a file lock fails the VFS tries to cleanup the already
created lock. The helper used for this calls back into the LSM
layer which may cause it to fail, leaving the stale lock accessible
via /proc/locks.
AFS:
- Fix a comma/semicolon typo"
* tag 'vfs-6.10-rc7.fixes.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
afs: Convert comma to semicolon
fs: better handle deep ancestor chains in is_subdir()
filelock: Remove locks reliably when fcntl/close race is detected
Jan reported that 'cd ..' may take a long time in deep directory
hierarchies under a bind-mount. If concurrent renames happen it is
possible to livelock in is_subdir() because it will keep retrying.
Change is_subdir() from simply retrying over and over to retry once and
then acquire the rename lock to handle deep ancestor chains better. The
list of alternatives to this approach were less then pleasant. Change
the scope of rcu lock to cover the whole walk while at it.
A big thanks to Jan and Linus. Both Jan and Linus had proposed
effectively the same thing just that one version ended up being slightly
more elegant.
Reported-by: Jan Kara <jack@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
- Fix possible global buffer memory leak when unloading EROFS module;
- Fix FS_IOC_GETFSUUID ioctl by using super_set_uuid();
- Reset m_llen to 0 so then it can retry if metadata is invalid.
-----BEGIN PGP SIGNATURE-----
iQJFBAABCgAvFiEEQ0A6bDUS9Y+83NPFUXZn5Zlu5qoFAmaEAJwRHHhpYW5nQGtl
cm5lbC5vcmcACgkQUXZn5Zlu5qoaSg//cHQSVWZ5joXjTEsSk5a1cROsEOz6I8PG
lY0jrYNxk/xrAapdsr3SzJ+5evz2f3bsKNAy6qHk1LUQwZOMoOWxVZfMmUjirGHy
GncsEbD1XPgW7W/GdbYdg1/fxvBd7z88G5JNv62F07e8MEWWme1YLgV2AykTgWux
FuzUPdunJj10NA235530GWcwsTf2GC774HXIiJdbh+l+iTfC4ESpJJf6+e+aQKaA
GCRAxTV8TQtY98+HKIKFNpXvR31iApRQ4crqkXIzmTiT9Num87vOzzzLo9dYTprX
/rG652hWjYMzOPCDyR4z/W8LM9oUdVjQdb3VITBfQbzz5z0EjJfNlAug8y5PAXKO
sJPTCEd3ayN9Hbn6XFXUc1MzNLMu7+wPop/Oui2dpszMpcLYffJ2cG6MRvdYByTD
cU7aqyKotcwFJYCDInSwFBIYb0sJ4tdz/NpeFmRPwRhHBjKmqn/wM8Rc8pewx7/3
TmnyeTzrD0SPIQi2RbHUl2JTq3zwJ9Ur8+FQKYY/ZqeeJcSkutjoQGybtxN4PkYZ
Gn/qLZHJ3SWY1Najhf85OmzyDWV4lxDoGzz+83E5Z8GkPT/Pa7DXdYql2rQJfGlk
sJ/Bx/+OK0dN1vylGkEiKnAiF/HSZlSQKX6v/swN15bEmpOHWSMn0NmW5qaf5I3Q
0Ix/PbO1OH0=
=it8r
-----END PGP SIGNATURE-----
Merge tag 'erofs-for-6.10-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs
Pull erofs fixes from Gao Xiang:
"The most important one fixes possible infinite loops reported by a
smartphone vendor OPPO recently due to some unexpected zero-sized
compressed pcluster out of interrupted I/Os, storage failures, etc.
Another patch fixes global buffer memory leak on unloading, and the
remaining one switches to use super_set_uuid() to keep with the other
filesystems.
Summary:
- Fix possible global buffer memory leak when unloading EROFS module
- Fix FS_IOC_GETFSUUID ioctl by using super_set_uuid()
- Reset m_llen to 0 so then it can retry if metadata is invalid"
* tag 'erofs-for-6.10-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs:
erofs: ensure m_llen is reset to 0 if metadata is invalid
erofs: convert to use super_set_uuid to support for FS_IOC_GETFSUUID
erofs: fix possible memory leak in z_erofs_gbuf_exit()
When fcntl_setlk() races with close(), it removes the created lock with
do_lock_file_wait().
However, LSMs can allow the first do_lock_file_wait() that created the lock
while denying the second do_lock_file_wait() that tries to remove the lock.
In theory (but AFAIK not in practice), posix_lock_file() could also fail to
remove a lock due to GFP_KERNEL allocation failure (when splitting a range
in the middle).
After the bug has been triggered, use-after-free reads will occur in
lock_get_status() when userspace reads /proc/locks. This can likely be used
to read arbitrary kernel memory, but can't corrupt kernel memory.
This only affects systems with SELinux / Smack / AppArmor / BPF-LSM in
enforcing mode and only works from some security contexts.
Fix it by calling locks_remove_posix() instead, which is designed to
reliably get rid of POSIX locks associated with the given file and
files_struct and is also used by filp_flush().
Fixes: c293621bbf67 ("[PATCH] stale POSIX lock handling")
Cc: stable@kernel.org
Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=2563
Signed-off-by: Jann Horn <jannh@google.com>
Link: https://lore.kernel.org/r/20240702-fs-lock-recover-2-v1-1-edd456f63789@google.com
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
For bundle receives to function properly, the previous iteration msg_inq
value is needed to make a judgement call on how much data there is to
receive. A previous fix ended up clearing it earlier as an error case
would potentially errantly set IORING_CQE_F_SOCK_NONEMPTY if the request
got failed.
Move the assignment to post assigning buffers for the receive, but
ensure that it's cleared for the buffer selection error case. With that,
buffer selection has the right msg_inq value and can correctly bundle
receives as designed.
Noticed while testing where it was apparent than more than 1 buffer was
never received. After fix was in place, multiple buffers are correctly
picked for receive. This provides a 10x speedup for the test case, as
the buffer size used was 64b.
Fixes: 18414a4a2eab ("io_uring/net: assign kmsg inq/flags before buffer selection")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
A couple of error leg problems, one affecting scsi_debug and the other
affecting pure SAS (i.e. not SATA) SCSI expanders.
Signed-off-by: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
-----BEGIN PGP SIGNATURE-----
iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCZoMgiiYcamFtZXMuYm90
dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishYTGAP9/+7vP
DR1Y6KucMx4XjvwkPL5DNxOyobq6poSktn8hqQD/ReaafXaC4H4l7bn2JEpeBO9P
vYog76vSs2jELmEEeHc=
=/weJ
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"A couple of error leg problems, one affecting scsi_debug and the other
affecting pure SAS (i.e. not SATA) SCSI expanders"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed
scsi: scsi_debug: Fix create target debugfs failure
- Fix no cxl_nvd during pmem region auto-assemble
- Avoid NULLL pointer dereference in region lookup
- Add missing checks to interleave capability
- Add cxl kdoc fix to address document compilation error
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE5DAy15EJMCV1R6v9YGjFFmlTOEoFAmaC5f0ACgkQYGjFFmlT
OEpjug/8DxnDA/hxi45kQHz0iwtMNFPv87qpC5MQ5XEXG0RLY4xka5UI7SKDPuo8
JZGWCi/wObUU0iAtG9tBji3aMkx9BM0PYj3LIMkQaZccUtS47xgzQius4c4KpPCC
gGDGEXc1oMVIIBzh7/ZXU6PTd4a3+8c6DZoSIUEyyt1j72R8ef9lans/w4Dl39FI
c+SVE4GdlnVe5/34CUTe+It8vn8bV/a9YXwjadIuXnOFxsPym2CdeADssj8IZUOS
pmDU5CdGPJAnL9jT+/NtuY312wrGi7ImxhLtD9/3pJhluqs/OMW4OWcIgDoDAP13
Ndn/eLoO2zgZtVAoCeMMuEQcRBZGwCcrIbN1CBVJ2HR+n6XlO7ICmABcOoZvhG0b
wdK6ukNnWLoP0xXRpqYWcTsGfjWTadKqom1hs6jJqMeJcK8HcQNzb8xNzoXdk0QR
wT8AKYRupwQuAY90mSp4aAlo8aJypAXB6tJzzp05QcgbTd+uif0STiiOzkG9FCAE
1v1snUjjkrIjUwODzX4Me2xw0AxSZdOvk//5mKB3fSQdXYxQUNfRunAI02qIM+8M
XPM/QxA+DeJEyD8BTnDo5J5SK5XhoMHaCPrOPYMm5bPYKS0TxHHCY4tMRAQTfhW+
QVcbkqi+WSAvVibl0OcwYmR64TnGMtCwhQrPFqaX+aWBpvhc+1c=
=6MV8
-----END PGP SIGNATURE-----
Merge tag 'cxl-fixes-6.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl
Pull cxl fixes from Dave Jiang:
- Fix no cxl_nvd during pmem region auto-assemble
- Avoid NULLL pointer dereference in region lookup
- Add missing checks to interleave capability
- Add cxl kdoc fix to address document compilation error
* tag 'cxl-fixes-6.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
cxl: documentation: add missing files to cxl driver-api
cxl/region: check interleave capability
cxl/region: Avoid null pointer dereference in region lookup
cxl/mem: Fix no cxl_nvd during pmem region auto-assembling
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmaC45kACgkQxWXV+ddt
WDt6yRAAkn3n/nkapAvQbtOEIAV9GOc+DYecQXLM+E6m85vsvOBO6OeO/QDfIGvI
ALNE4EEKTkmqk6AOLNX9rQUvo8aOaDXj/9bNZYuVSCzG2hfwLijv6DlRShxuEIE8
kzOisuIZ4w7aL7G7OsUa50j/BLdZ47+iVF/79N+odhdaCDhhK/CcfLbemiLUS9AF
OYkYDyl2WCo9HLduSlVHDWXNUKs7I6/S29UWQpkTKTkmLlMk7rdkgbpjgpKjFxsd
/CuVW5NEGs+4dkV2OdOJ9t+f4qGJ56YuJanvrV3R1bGh+sgDzrcA0kP8318nFzgG
KBYTXjAZoe5RAi4IYfMhSrEExo2JJYFeei0B7Dv3M4IvxLOF7NdMvppBFdODF0A4
20gZ8EgNtZ0sMEafK2WAZSI23sjX0TH+/P3FFKQszxX0fRH3NV6al2drhuBTeIKr
UzxDqeDuqpDHSZskHIMR9nMEymcov5JTg5v2ds64WiT8kr3L23u3j1KO+8UrZ8j4
eB5vYEXE9VJDNPoJQ/qhbqDduzIJ1s+RU8lhEVIUJRIThRk/oHc7YcXgXKqvS6RM
ilJeAzjEhp2t3CQDfx+FJ9jjgi5jhOoCkbITg6iiiExIt++XOXJtL0y2BH514LA5
5jQXoXl/YnukfCaKLNRsxYXCw7JAQxWQiVq3s9g1tG5679zrfNA=
=RkBU
-----END PGP SIGNATURE-----
Merge tag 'for-6.10-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
Pull btrfs fix from David Sterba:
"A fixup for a recent fix that prevents an infinite loop during block
group reclaim.
Unfortunately it introduced an unsafe way of updating block group list
and could race with relocation. This could be hit on fast devices when
relocation/balance does not have enough space"
* tag 'for-6.10-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
btrfs: fix adding block group to a reclaim list and the unused list during reclaim
This fixes up a last minute build regression from the previous
set of bug fixes.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmaCpvMACgkQYKtH/8kJ
UicxhQ/9EaBkcdd5FmFkEjsLn3EVzAdIybmrBXrYGhxHacOcLqf8XfbPXUK+icT1
TAQEnr0cqeJq+cAADWx+Ze4V3cQIjdXqnXGWVhLvLU5V14l7yrkAjBDCUANo30oP
7oRaU+sCafhlCpJZ3IK6feyypZL5N+nZY12kVnmAfwr5T08h5JQnSk5HBqh8giU+
0ocsgN8+F9SIzeMq1hocCGu02c9nD62xcwt0cAL6qkoHypx4n3j5rGgH8nj9uVAZ
hszeMFVZeTN77/7WdEjqz/YoBJYJVI+ByBB0GVqq0/2rTxEDujjLqc6AGC2JfcJ0
bM/xs1Xc8noSHEr1ySU4qHyBc1B7JygauvQBdpuNP5WuL0y+i/QmVKJhOwo5pmPn
IiuINxY58OLks7l/2QKsTzFDhBsP2ID9wWAuQ8KdD0vFVdcEGz59/yzR/2+9e89A
5C1YiBisjRvGxdFd+ckz2cPkIZcBe6jIWnrqkBuywxJwCnxOsSLpmj0QygN49j54
om9WVdqmj+SKJ++kITYHb1lnPX9IT2Y2sCOuq0sMDQx4zqBOsHsiA+XqHs3fLMaI
eGtHGkTQGrpcIR9yHn7LWAGTGi13L0XGXXq89fF2mG9wkjm4JBQzZWHiWX6aOfmI
PTDjKXb1CDdpZVm3+SKi3UN8jC8yFpo2K+9d7+g3mr17+4uGemo=
=mBs0
-----END PGP SIGNATURE-----
Merge tag 'asm-generic-fixes-6.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic
Pull asm-generic fix from Arnd Bergmann:
"This fixes up a last minute build regression from the previous set of
bug fixes"
* tag 'asm-generic-fixes-6.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic:
syscalls: fix sys_fanotify_mark prototype
A number of devicetree fixes came in for the rockchip platforms, correcting
some of the address information, and reverting a change to the MMC controller
configuration that caused regressions.
Four drivers have one code change each, addressing minor build issues for
the optee firmware driver, the litex SoC platform driver and two reset
drivers.
The riscv fixes as also simple, mainly turning off device nodes in the
canaan dts files unless they are actually usable on a particular board.
Finally, Drew takes over maintaining the THEAD RISC-V SoC platform.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmaCpVIACgkQYKtH/8kJ
UieIfQ/+KtxzYPfLsUgSZJCeKa6d1A9EgtTBtcEn6gI4HAc5NFDGvYIIetWI/RYN
2+zOLRdQ8t3CIi2c1sTqy1m+j5vX94p4/2WSW41zASHxN+ryz8VM2SKzE5TGV8IE
WyHv5fBIHY97u2zegq8K4c/ze2W7bdwBd1V5tYwk7tZnm6VFNMCESQ+Q4mu7kjdy
irCdxr0j+uDO0cGppwuGWSSR+BiCCCDhu9YjmluD9B57IIB95lyQRgdGy/V9cT9D
yJS6VwEi+EFBNbzt7TzNrPiXvymQzDeC5K7JavfSRRxW1a/rWLmkmxripiSVZirf
nHR7cIivj0gvjeZiM3UH/ZMPUdzRk4YXr9889EbO+JQ/iZy/1YIJHKuqLbCjAQZp
RgjuYYAuG91aHeCHN6cSflNoC49FmmBi9k1GkBdWviU0mhBrfaNfqspMkWUuH34g
w49H9iflFzJsh6p18h2wG3pB28zubUhLfpmbG5EOP4kXBYvgegAsY9mgSNWcdFFk
JBxcJlToCm6ooha8bBCpsnDf8/Y1LMlUIcP2Spd/iZ0pxtF2wR8Pt80KDuVko+fj
TZF3UTu3wuDCyHnSvX0Fc0YTQV0huVawd23upWBxpcdOa4vsScnUbMdKqBIjA6TX
cGK+fCtVSk45KoAlRi4eLcnNmgse1G2J+ujcrs0QakLxdCx+Ggk=
=+O9s
-----END PGP SIGNATURE-----
Merge tag 'arm-fixes-6.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull SoC fixes from Arnd Bergmann:
"A number of devicetree fixes came in for the rockchip platforms,
correcting some of the address information, and reverting a change to
the MMC controller configuration that caused regressions.
Four drivers have one code change each, addressing minor build issues
for the optee firmware driver, the litex SoC platform driver and two
reset drivers.
The riscv fixes as also simple, mainly turning off device nodes in the
canaan dts files unless they are actually usable on a particular
board.
Finally, Drew takes over maintaining the THEAD RISC-V SoC platform"
* tag 'arm-fixes-6.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
drivers/soc/litex: drop obsolete dependency on COMPILE_TEST
tee: optee: ffa: Fix missing-field-initializers warning
arm64: dts: rockchip: Add sound-dai-cells for RK3368
arm64: dts: rockchip: Fix the i2c address of es8316 on Cool Pi 4B
reset: hisilicon: hi6220: add missing MODULE_DESCRIPTION() macro
reset: gpio: Fix missing gpiolib dependency for GPIO reset controller
MAINTAINERS: thead: update Maintainer
arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E
riscv: dts: starfive: Set EMMC vqmmc maximum voltage to 3.3V on JH7110 boards
arm64: dts: rockchip: make poweroff(8) work on Radxa ROCK 5A
Revert "arm64: dts: rockchip: remove redundant cd-gpios from rk3588 sdmmc nodes"
ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node
arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch on rk3399-gru
arm64: dts: rockchip: set correct pwm0 pinctrl on rk3588-tiger
riscv: dts: canaan: Disable I/O devices unless used
riscv: dts: canaan: Clean up serial aliases
arm64: dts: rockchip: Rename LED related pinctrl nodes on rk3308-rock-pi-s
arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s
arm64: dts: rockchip: Fix rk3308 codec@ff560000 reset-names
arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B
Rockchip NAND controller driver was not checking the timings properly
and the introduction of NV-DDR support broke it.
The core was also misbehaving in some very specific cases: in case of
(unlikely) bitflips in the parameter page, the fallback might have
failed as well but for software reasons.
Finally, the chosen ECC configuration was no longer properly propagated
to upper layers, mostly failing an info message at probe time.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE9HuaYnbmDhq/XIDIJWrqGEe9VoQFAmaCmhsACgkQJWrqGEe9
VoQsIQf+OBYRAEI5q31rPnGQUnt1NFIjbVKdcdTu6fSK3Xb+DcXsPEJrYdh3RFQz
tbT+yZ0KzGHxo7e0e+K5SqtlpmBAyT6SZi00jfaag0qgvU8R+px7Okcywc6iIdCX
7lIDnyrMy8kurz6FsJ7I9CvwCUiWOCmJTJbVSfnHvCg8TdfH7Sk2i02aDYyvEbcC
YKxGpZTLqwE7DFP0N9IdQ9j3Ke5gZu6+q3HdMpCZp/cDuLOsmStmomykPGDWjxDC
K72GqDT/kXqm7T5jHKAlFqm5nirDfqscuwGbiGcgOoM0JKFYicLe/bC2JL2HJr5M
ujGxeC379kjRcofm5hny8BWPxb9kuA==
=kC92
-----END PGP SIGNATURE-----
Merge tag 'mtd/fixes-for-6.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux
Pull mtd fixes from Miquel Raynal:
- Rockchip NAND controller driver was not checking the timings properly
and the introduction of NV-DDR support broke it.
- The core was also misbehaving in some very specific cases: in case of
(unlikely) bitflips in the parameter page, the fallback might have
failed as well but for software reasons.
- Finally, the chosen ECC configuration was no longer properly
propagated to upper layers, mostly failing an info message at probe
time.
* tag 'mtd/fixes-for-6.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux:
mtd: rawnand: rockchip: ensure NVDDR timings are rejected
mtd: rawnand: Bypass a couple of sanity checks during NAND identification
mtd: rawnand: Fix the nand_read_data_op() early check
mtd: rawnand: Ensure ECC configuration is propagated to upper layers
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCZoJSmAAKCRCRxhvAZXjc
ot3tAQCUjJh7jZvmmkUV0pF51JI1jEumk8d8vPORGsm1A6oMawEA+tyiWYkcIU3t
JUFGZSDce5MuJEI/frDPb98CW2dLkQA=
=fVtx
-----END PGP SIGNATURE-----
Merge tag 'vfs-6.10-rc7.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
Pull vfs fixes from Christian Brauner:
"Misc:
- Don't misleadingly warn during filesystem thaw operations.
It's possible that a block device which was frozen before it was
mounted can cause a failing thaw operation if someone concurrently
tried to mount it while that thaw operation was issued and the
device had already been temporarily claimed for the mount (The
mount will of course be aborted because the device is frozen).
netfs:
- Fix io_uring based write-through. Make sure that the total request
length is correctly set.
- Fix partial writes to folio tail.
- Remove some xarray helpers that were intended for bounce buffers
which got defered to a later patch series.
- Make netfs_page_mkwrite() whether folio->mapping is vallid after
acquiring the folio lock.
- Make netfs_page_mkrite() flush conflicting data instead of waiting.
fsnotify:
- Ensure that fsnotify creation events are generated before fsnotify
open events when a file is created via ->atomic_open(). The
ordering was broken before.
- Ensure that no fsnotify events are generated for O_PATH file
descriptors. While no fsnotify open events were generated, fsnotify
close events were. Make it consistent and don't produce any"
* tag 'vfs-6.10-rc7.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
netfs: Fix netfs_page_mkwrite() to flush conflicting data, not wait
netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid
netfs: Delete some xarray-wangling functions that aren't used
netfs: Fix early issue of write op on partial write to folio tail
netfs: Fix io_uring based write-through
vfs: generate FS_CREATE before FS_OPEN when ->atomic_open used.
fsnotify: Do not generate events for O_PATH file descriptors
fs: don't misleadingly warn during thaw operations
There is a potential parallel list adding for retrying in
btrfs_reclaim_bgs_work and adding to the unused list. Since the block
group is removed from the reclaim list and it is on a relocation work,
it can be added into the unused list in parallel. When that happens,
adding it to the reclaim list will corrupt the list head and trigger
list corruption like below.
Fix it by taking fs_info->unused_bgs_lock.
[177.504][T2585409] BTRFS error (device nullb1): error relocating ch= unk 2415919104
[177.514][T2585409] list_del corruption. next->prev should be ff1100= 0344b119c0, but was ff11000377e87c70. (next=3Dff110002390cd9c0)
[177.529][T2585409] ------------[ cut here ]------------
[177.537][T2585409] kernel BUG at lib/list_debug.c:65!
[177.545][T2585409] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[177.555][T2585409] CPU: 9 PID: 2585409 Comm: kworker/u128:2 Tainted: G W 6.10.0-rc5-kts #1
[177.568][T2585409] Hardware name: Supermicro SYS-520P-WTR/X12SPW-TF, BIOS 1.2 02/14/2022
[177.579][T2585409] Workqueue: events_unbound btrfs_reclaim_bgs_work[btrfs]
[177.589][T2585409] RIP: 0010:__list_del_entry_valid_or_report.cold+0x70/0x72
[177.624][T2585409] RSP: 0018:ff11000377e87a70 EFLAGS: 00010286
[177.633][T2585409] RAX: 000000000000006d RBX: ff11000344b119c0 RCX:0000000000000000
[177.644][T2585409] RDX: 000000000000006d RSI: 0000000000000008 RDI:ffe21c006efd0f40
[177.655][T2585409] RBP: ff110002e0509f78 R08: 0000000000000001 R09:ffe21c006efd0f08
[177.665][T2585409] R10: ff11000377e87847 R11: 0000000000000000 R12:ff110002390cd9c0
[177.676][T2585409] R13: ff11000344b119c0 R14: ff110002e0508000 R15:dffffc0000000000
[177.687][T2585409] FS: 0000000000000000(0000) GS:ff11000fec880000(0000) knlGS:0000000000000000
[177.700][T2585409] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[177.709][T2585409] CR2: 00007f06bc7b1978 CR3: 0000001021e86005 CR4:0000000000771ef0
[177.720][T2585409] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000
[177.731][T2585409] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400
[177.742][T2585409] PKRU: 55555554
[177.748][T2585409] Call Trace:
[177.753][T2585409] <TASK>
[177.759][T2585409] ? __die_body.cold+0x19/0x27
[177.766][T2585409] ? die+0x2e/0x50
[177.772][T2585409] ? do_trap+0x1ea/0x2d0
[177.779][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72
[177.788][T2585409] ? do_error_trap+0xa3/0x160
[177.795][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72
[177.805][T2585409] ? handle_invalid_op+0x2c/0x40
[177.812][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72
[177.820][T2585409] ? exc_invalid_op+0x2d/0x40
[177.827][T2585409] ? asm_exc_invalid_op+0x1a/0x20
[177.834][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72
[177.843][T2585409] btrfs_delete_unused_bgs+0x3d9/0x14c0 [btrfs]
There is a similar retry_list code in btrfs_delete_unused_bgs(), but it is
safe, AFAICS. Since the block group was in the unused list, the used bytes
should be 0 when it was added to the unused list. Then, it checks
block_group->{used,reserved,pinned} are still 0 under the
block_group->lock. So, they should be still eligible for the unused list,
not the reclaim list.
The reason it is safe there it's because because we're holding
space_info->groups_sem in write mode.
That means no other task can allocate from the block group, so while we
are at deleted_unused_bgs() it's not possible for other tasks to
allocate and deallocate extents from the block group, so it can't be
added to the unused list or the reclaim list by anyone else.
The bug can be reproduced by btrfs/166 after a few rounds. In practice
this can be hit when relocation cannot find more chunk space and ends
with ENOSPC.
Reported-by: Shinichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Suggested-by: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
Fixes: 4eb4e85c4f81 ("btrfs: retry block group reclaim without infinite loop")
CC: stable@vger.kernel.org # 5.15+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
My earlier fix missed an incorrect function prototype that shows up on
native 32-bit builds:
In file included from fs/notify/fanotify/fanotify_user.c:14:
include/linux/syscalls.h:248:25: error: conflicting types for 'sys_fanotify_mark'; have 'long int(int, unsigned int, u32, u32, int, const char *)' {aka 'long int(int, unsigned int, unsigned int, unsigned int, int, const char *)'}
1924 | SYSCALL32_DEFINE6(fanotify_mark,
| ^~~~~~~~~~~~~~~~~
include/linux/syscalls.h:862:17: note: previous declaration of 'sys_fanotify_mark' with type 'long int(int, unsigned int, u64, int, const char *)' {aka 'long int(int, unsigned int, long long unsigned int, int, const char *)'}
On x86 and powerpc, the prototype is also wrong but hidden in an #ifdef,
so it never caused problems.
Add another alternative declaration that matches the conditional function
definition.
Fixes: 403f17a33073 ("parisc: use generic sys_fanotify_mark implementation")
Cc: stable@vger.kernel.org
Reported-by: Guenter Roeck <linux@roeck-us.net>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
or wrong properties, this reverts the previous move away from
cd-gpios to the mmc-controller's internal card-detect.
With this change applied, it was reported that boards could not
detect card anymore, so this go reverted of course.
-----BEGIN PGP SIGNATURE-----
iQFEBAABCAAuFiEE7v+35S2Q1vLNA3Lx86Z5yZzRHYEFAmZ92SwQHGhlaWtvQHNu
dGVjaC5kZQAKCRDzpnnJnNEdgSDBB/95oWtHr8L4LZYeedAQLuf6regICaIIfjas
7skbt+e4Nryl5B0eaieHd9UtotS+FWw/1T6fOIoACMLILUsbqtffUOyhP+yJsG3O
fXFvi+8Mn9OOCbY1X28UTMnaLG1BLfc4TnMKXZsl6Rxt+pV0ktL9ZVUPzZOMA1tW
Ssj7xgNDfi/xqjx5PqNluHWM3XHXABWjUWwRjNebbgmyVWdo3vmU5QxayVPd0AzF
iSisrWojWLEVfL4+aQi2ten7udfSre7eB80KIySIQIoWzArqpt88/8LF+KM1jYpU
uTGqbC2azGXqAgOnSKcAlj/ogmZpkjb+oPdJKtBuFjPvgMBFAqQR
=vK3N
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmaCohgACgkQYKtH/8kJ
Uif56g/9ESQjQdCzSxHxqjaBML3yaFfvoYgaRwLf2HGiplN5y8GLaVmvjhMYRR0B
j9p2tZzSEe9kNTqPYfavaSd45OMJcJhDc3aiZ+NmSON2VS80zZoB+x7qiCGrskEj
VBZQYAEDenUiIA6Um3ikaLMlGJIjWsqcP3+wrIPVEWUYnEG9DyLjPou4f8anSPZo
Rx2tTFsuvnFfwaQE6q/OxoGu7m2aYNj6qSMAKrLgCu9sGnGafWrLrozZY/4LaW2K
BaXEoK8/RFqGK+6rm3KpctnW0sn2tSQOsbeqZbMdYRR6ntkIjLKZO/JNOvsT3pWK
ZDFXgKE/qaoQdhjFGs+3yjR8UenqLm2eoV8ubp5qpOPXyanRzHbK4M+wV0eAiSEI
SbgfvVUe5tiF98Sw6QxZ+f+PJs19gzLAlvEIQp/ziLPypw8sxegSScx5DiC6kQV4
NLQ8qtmNt/INczXaQplwTPjYwJUFcRIo6bMBlR6nkdOMwlsl00p4UqJ4tcHbUqHo
EPzjM/X25JIEFLjcuPuKunaR0J3/oIC4jXwjBcJzS/8tziKw/bBe5oGo3zgvhNW7
kmAjP3qbsvM6oN0UYE4iVKsyfKk8b2L3SUavkeesr+FgkIPiMrC0net7CL4mtBZ5
2QtnDgqVO7j/kCO4OsVQPe1/sLnxOTpqkJx79fY71a+UVt7YQ8Q=
=be1d
-----END PGP SIGNATURE-----
Merge tag 'v6.10-rockchip-dtsfixes1' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into arm/fixes
Apart from the regular dts fixes for wrong addresses, missing
or wrong properties, this reverts the previous move away from
cd-gpios to the mmc-controller's internal card-detect.
With this change applied, it was reported that boards could not
detect card anymore, so this go reverted of course.
* tag 'v6.10-rockchip-dtsfixes1' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip:
arm64: dts: rockchip: Add sound-dai-cells for RK3368
arm64: dts: rockchip: Fix the i2c address of es8316 on Cool Pi 4B
arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E
arm64: dts: rockchip: make poweroff(8) work on Radxa ROCK 5A
Revert "arm64: dts: rockchip: remove redundant cd-gpios from rk3588 sdmmc nodes"
ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node
arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch on rk3399-gru
arm64: dts: rockchip: set correct pwm0 pinctrl on rk3588-tiger
arm64: dts: rockchip: Rename LED related pinctrl nodes on rk3308-rock-pi-s
arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s
arm64: dts: rockchip: Fix rk3308 codec@ff560000 reset-names
arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B
Link: https://lore.kernel.org/r/10237789.nnTZe4vzsl@diego
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
- Add NOLPM quirk for for all Crucial BX SSD1 models.
Considering that we now have had bug reports for 3 different BX SSD1
variants from Crucial with the same product name, make the quirk more
inclusive, to catch more device models from the same generation.
- Fix a trivial null pointer dereference in the error path for
ata_host_release().
- Create a ata_port_free(), so that we don't miss freeing ata_port struct
members when freeing a struct ata_port.
- Fix a trivial double free in the error path for ata_host_alloc().
- Ensure that we remove the libata "remapped NVMe device count" sysfs
entry on .probe() error.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRN+ES/c4tHlMch3DzJZDGjmcZNcgUCZoHMzwAKCRDJZDGjmcZN
cj4wAP4nHi3Jr/ezwrIahwMGXV/VSlUhxOakj3OADdHe5spIogD/SrR8Uz7/m5QC
sMF0Rd2L7tfrQSDdJ/MztBi7cVprtQo=
=lnku
-----END PGP SIGNATURE-----
Merge tag 'ata-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux
Pull ata fixes from Niklas Cassel:
- Add NOLPM quirk for for all Crucial BX SSD1 models.
Considering that we now have had bug reports for 3 different BX SSD1
variants from Crucial with the same product name, make the quirk more
inclusive, to catch more device models from the same generation.
- Fix a trivial NULL pointer dereference in the error path for
ata_host_release().
- Create a ata_port_free(), so that we don't miss freeing ata_port
struct members when freeing a struct ata_port.
- Fix a trivial double free in the error path for ata_host_alloc().
- Ensure that we remove the libata "remapped NVMe device count" sysfs
entry on .probe() error.
* tag 'ata-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux:
ata: ahci: Clean up sysfs file on error
ata: libata-core: Fix double free on error
ata,scsi: libata-core: Do not leak memory for ata_port struct members
ata: libata-core: Fix null pointer dereference on error
ata: libata-core: Add ATA_HORKAGE_NOLPM for all Crucial BX SSD1 models
.probe() (ahci_init_one()) calls sysfs_add_file_to_group(), however,
if probe() fails after this call, we currently never call
sysfs_remove_file_from_group().
(The sysfs_remove_file_from_group() call in .remove() (ahci_remove_one())
does not help, as .remove() is not called on .probe() error.)
Thus, if probe() fails after the sysfs_add_file_to_group() call, the next
time we insmod the module we will get:
sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:04.0/remapped_nvme'
CPU: 11 PID: 954 Comm: modprobe Not tainted 6.10.0-rc5 #43
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x5d/0x80
sysfs_warn_dup.cold+0x17/0x23
sysfs_add_file_mode_ns+0x11a/0x130
sysfs_add_file_to_group+0x7e/0xc0
ahci_init_one+0x31f/0xd40 [ahci]
Fixes: 894fba7f434a ("ata: ahci: Add sysfs attribute to show remapped NVMe device count")
Cc: stable@vger.kernel.org
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20240629124210.181537-10-cassel@kernel.org
Signed-off-by: Niklas Cassel <cassel@kernel.org>
libsas is currently not freeing all the struct ata_port struct members,
e.g. ncq_sense_buf for a driver supporting Command Duration Limits (CDL).
Add a function, ata_port_free(), that is used to free a ata_port,
including its struct members. It makes sense to keep the code related to
freeing a ata_port in its own function, which will also free all the
struct members of struct ata_port.
Fixes: 18bd7718b5c4 ("scsi: ata: libata: Handle completion of CDL commands using policy 0xD")
Reviewed-by: John Garry <john.g.garry@oracle.com>
Link: https://lore.kernel.org/r/20240629124210.181537-8-cassel@kernel.org
Signed-off-by: Niklas Cassel <cassel@kernel.org>
- Remove the executable bit from installed DTB files
- Escape $ in subshell execution in the debian-orig target
- Fix RPM builds with CONFIG_MODULES=n
- Fix xconfig with the O= option
- Fix scripts_gdb with the O= option
-----BEGIN PGP SIGNATURE-----
iQJJBAABCgAzFiEEbmPs18K1szRHjPqEPYsBB53g2wYFAmaBjccVHG1hc2FoaXJv
eUBrZXJuZWwub3JnAAoJED2LAQed4NsGkugP+wdEiVWMpps+/CpTJuvSroEv0Kos
Qqy0iQO9JP77tHfLnnMG2+tSvJh6nk7weitoiSkUuCfXde/8Y7HfvdldxzJI4kJD
HkJF6b0MCbZDPkvAQhj8CCtsGKNy7X020047/qVUK9OrNH1HZiLOvFNirYuN3nrF
T4/HK098S1ij8oAcF1F7psB231pXijQmIeMpVJAhjh9T3Kimu3tGENcVi1yu42tg
/emZvhgst1eCOz/e02GHt7n8v5SncYnT5/eBPmZ+nd19uW1QMLY0xES6/dpEd/hN
/jjMppqPPlJaYewIHXH8qaejcjyom/CBgxc9B6phGRd8IVR4YjK6DzPiwoAHXcvs
KWoJUfLX4FV3PvoaW4XiKifW4lnaADy11bZjIXiV2PHSM/PBNNNtS6BZQv/gB+Sa
a5qPRGjhc55pDIv63vTdEZ1HekWp8/XO5HkzWAFnInB+Fnuxqtwx8a6taM7Vgadq
O1K4b17UedmFMHSB4UUDKra+7pS0ZP6hLXzozGf3AS/TgUHMTvU8mN0+2k4kxJol
dA84pJUHBdnn/61SplNw2PBfP7QYhNJWfPU91Mn/noBwF/sMRFatCuFEgscgP2h+
0itls2RT1Z4dPN/XN7UiJ8s4vdeYkwCJGhMDIfFe/g3JWFYTuGPeKATVPJZ0DWzz
6otCioAfqFFotky7
=JlIv
-----END PGP SIGNATURE-----
Merge tag 'kbuild-fixes-v6.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull Kbuild fixes from Masahiro Yamada:
- Remove the executable bit from installed DTB files
- Escape $ in subshell execution in the debian-orig target
- Fix RPM builds with CONFIG_MODULES=n
- Fix xconfig with the O= option
- Fix scripts_gdb with the O= option
* tag 'kbuild-fixes-v6.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
kbuild: scripts/gdb: bring the "abspath" back
kbuild: Use $(obj)/%.cc to fix host C++ module builds
kbuild: rpm-pkg: fix build error with CONFIG_MODULES=n
kbuild: Fix build target deb-pkg: ln: failed to create hard link
kbuild: doc: Update default INSTALL_MOD_DIR from extra to updates
kbuild: Install dtb files as 0644 in Makefile.dtbinst
The kernel test robot reported that clang no longer compiles the 32-bit
x86 kernel in some configurations due to commit 95ece48165c1
("locking/atomic/x86: Rewrite x86_32 arch_atomic64_{,fetch}_{and,or,xor}()
functions").
The build fails with
arch/x86/include/asm/cmpxchg_32.h:149:9: error: inline assembly requires more registers than available
and the reason seems to be that not only does the cmpxchg8b instruction
need four fixed registers (EDX:EAX and ECX:EBX), with the emulation
fallback the inline asm also wants a fifth fixed register for the
address (it uses %esi for that, but that's just a software convention
with cmpxchg8b_emu).
Avoiding using another pointer input to the asm (and just forcing it to
use the "0(%esi)" addressing that we end up requiring for the sw
fallback) seems to fix the issue.
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202406230912.F6XFIyA6-lkp@intel.com/
Fixes: 95ece48165c1 ("locking/atomic/x86: Rewrite x86_32 arch_atomic64_{,fetch}_{and,or,xor}() functions")
Link: https://lore.kernel.org/all/202406230912.F6XFIyA6-lkp@intel.com/
Suggested-by: Uros Bizjak <ubizjak@gmail.com>
Reviewed-and-Tested-by: Uros Bizjak <ubizjak@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Here are some small driver fixes for 6.10-rc6. Included in here are:
- IIO driver fixes for reported issues
- Counter driver fix for a reported problem.
All of these have been in linux-next this week with no reported issues
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZoFlrA8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ymiMQCgkUmsCT9KQDt+/IqClfL+A6nBvUkAn08jRwGA
dXjTvroHgHsNCU/VXMwV
=FcWr
-----END PGP SIGNATURE-----
Merge tag 'char-misc-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are some small driver fixes for 6.10-rc6. Included in here are:
- IIO driver fixes for reported issues
- Counter driver fix for a reported problem.
All of these have been in linux-next this week with no reported
issues"
* tag 'char-misc-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
counter: ti-eqep: enable clock at probe
iio: chemical: bme680: Fix sensor data read operation
iio: chemical: bme680: Fix overflows in compensate() functions
iio: chemical: bme680: Fix calibration data variable
iio: chemical: bme680: Fix pressure value output
iio: humidity: hdc3020: fix hysteresis representation
iio: dac: fix ad9739a random config compile error
iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
iio: adc: ad7266: Fix variable checking bug
iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask
Here are 2 small staging driver fixes for 6.10-rc6, both for the
vc04_services drivers:
- build fix if CONFIG_DEBUGFS was not set
- initialization check fix that was much reported.
Both of these have been in linux-next this week with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZoFmKA8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+yk5fgCfaPNg7ikwjRrmgUJbN/e9wx99T90AoL+/iJws
4xL+J3dALmGWTPBqBnNA
=pIxW
-----END PGP SIGNATURE-----
Merge tag 'staging-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging driver fixes from Greg KH:
"Here are two small staging driver fixes for 6.10-rc6, both for the
vc04_services drivers:
- build fix if CONFIG_DEBUGFS was not set
- initialization check fix that was much reported.
Both of these have been in linux-next this week with no reported
issues"
* tag 'staging-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: vchiq_debugfs: Fix build if CONFIG_DEBUG_FS is not set
staging: vc04_services: vchiq_arm: Fix initialisation check
Here are a bunch of fixes/reverts for 6.10-rc6. Include in here are:
- revert the bunch of tty/serial/console changes that landed in -rc1
that didn't quite work properly yet. Everyone agreed to just revert
them for now and will work on making them better for a future
release instead of trying to quick fix the existing changes this
late in the release cycle
- 8250 driver port count bugfix
- Other tiny serial port bugfixes for reported issues
All of these have been in linux-next this week with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZoFmvg8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ymziACgvoDTxuDHHfPOd6h/1qrHqYpFK1YAn2IDMJGj
Ng4/I/gwnkJeeHQC5JSn
=g9o4
-----END PGP SIGNATURE-----
Merge tag 'tty-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Pull tty / serial / console fixes from Greg KH:
"Here are a bunch of fixes/reverts for 6.10-rc6. Include in here are:
- revert the bunch of tty/serial/console changes that landed in -rc1
that didn't quite work properly yet.
Everyone agreed to just revert them for now and will work on making
them better for a future release instead of trying to quick fix the
existing changes this late in the release cycle
- 8250 driver port count bugfix
- Other tiny serial port bugfixes for reported issues
All of these have been in linux-next this week with no reported
issues"
* tag 'tty-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
Revert "printk: Save console options for add_preferred_console_match()"
Revert "printk: Don't try to parse DEVNAME:0.0 console options"
Revert "printk: Flag register_console() if console is set on command line"
Revert "serial: core: Add support for DEVNAME:0.0 style naming for kernel console"
Revert "serial: core: Handle serial console options"
Revert "serial: 8250: Add preferred console in serial8250_isa_init_ports()"
Revert "Documentation: kernel-parameters: Add DEVNAME:0.0 format for serial ports"
Revert "serial: 8250: Fix add preferred console for serial8250_isa_init_ports()"
Revert "serial: core: Fix ifdef for serial base console functions"
serial: bcm63xx-uart: fix tx after conversion to uart_port_tx_limited()
serial: core: introduce uart_port_tx_limited_flags()
Revert "serial: core: only stop transmit when HW fifo is empty"
serial: imx: set receiver level before starting uart
tty: mcf: MCF54418 has 10 UARTS
serial: 8250_omap: Implementation of Errata i2310
tty: serial: 8250: Fix port count mismatch with the device
Here are a handful of small USB driver fixes for 6.10-rc6 to resolve
some reported issues. Included in here are:
- typec driver bugfixes
- usb gadget driver reverts for commits that were reported to have
problems
- resource leak bugfix
- gadget driver bugfixes
- dwc3 driver bugfixes
- usb atm driver bugfix for when syzbot got loose on it
All of these have been in linux-next this week with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZoFnUA8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ym3ggCgyM2B+cIOH4FtyWi7FfXj8XjDsjIAoKzX45+o
TO/pSGQhRwx9PeFfDISM
=pFEO
-----END PGP SIGNATURE-----
Merge tag 'usb-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are a handful of small USB driver fixes for 6.10-rc6 to resolve
some reported issues. Included in here are:
- typec driver bugfixes
- usb gadget driver reverts for commits that were reported to have
problems
- resource leak bugfix
- gadget driver bugfixes
- dwc3 driver bugfixes
- usb atm driver bugfix for when syzbot got loose on it
All of these have been in linux-next this week with no reported issues"
* tag 'usb-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
usb: dwc3: core: Workaround for CSR read timeout
Revert "usb: gadget: u_ether: Replace netif_stop_queue with netif_device_detach"
Revert "usb: gadget: u_ether: Re-attach netif device to mirror detachment"
usb: gadget: aspeed_udc: fix device address configuration
usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
usb: typec: ucsi: glink: fix child node release in probe function
usb: musb: da8xx: fix a resource leak in probe()
usb: typec: ucsi_acpi: Add LG Gram quirk
usb: ucsi: stm32: fix command completion handling
usb: atm: cxacru: fix endpoint checking in cxacru_bind()
usb: gadget: printer: fix races against disable
usb: gadget: printer: SS+ support
- Make sure CPU hotplug dynamic prepare states are actually executed
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmaBF4QACgkQEsHwGGHe
VUq3JA//UOmjzHAdcRnGNnh6h1dMKyQW4KH98eiQMXaSuvDeBOCAd6Y4tq6YF/Om
AIxHgLlhOY5O1OSVJZhtxf/lALkolCAEIAkIvGvn6EpPjog5UtNoIf6XAzwLzMn3
O8WVASO2fkypaAYBY+tUEQoLY6CAfkxogV0lzNA8HGMr6Yf/YWueiK2GO63z9Bgt
n0h0362xqACMdUbFnPGrX2wpMDA+WuhHwl8Z1Z1TB0rprYiA/tFCMLcVkT3Fezjh
hx7sYMwBM8cunMya8p9ucd4kBUJROrfNo4SfHWfG0lsitW/cflTgRXOfLp4GFLvp
z0OI9oeSHQyRATOU9yiXrWcbO8M3rFRw4/YcdRZ+5mlydJWDM00DZPqPcuxs4R3Q
nH3gE82CvzWchLU5InHwYhi5oqwNUq1N8mz2bN4T9Yjtaj7zArSLqjqIafhxpJqV
9DllV9gGroAUawlRSgo5dpl2XvPcbr9Sx8bIJqwn36esuBb2qZwL6pOtVJIBr88O
QWamnvUH6NnIqweUUR9lRRjO5WjR3Xf2ECpEt5rNnqHXLn92usNaphEhBDo3tvrG
+O3pjNER3sTEgF43yYpDX0gMZmHuXfmN+fT6QDcDGk764As+/UawIHStyI3nustI
R7gM6SUx8Fv3883LuzZtQ7KNLuhPvLxf8YD2I626HpTtLA9tn5k=
=qGvT
-----END PGP SIGNATURE-----
Merge tag 'smp_urgent_for_v6.10_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull smp fixes from Borislav Petkov:
- Fix "nosmp" and "maxcpus=0" after the parallel CPU bringup work went
in and broke them
- Make sure CPU hotplug dynamic prepare states are actually executed
* tag 'smp_urgent_for_v6.10_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
cpu: Fix broken cmdline "nosmp" and "maxcpus=0"
cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked()
initialized even if the number of CPUs has been limited by a cmdline param
- Make sure interrupt lines on liointc hw are configured properly even when
interrupt routing changes
- Avoid use-after-free in the error path of the MSI init code
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmaBFiwACgkQEsHwGGHe
VUpxMA//QjUEdRe93t4jwcdYKjEPgPHEi+JBgL+tpTrrHUS5xrhLRhFGk7oDBG+u
hUMN1NzoPc/Qy8TStjC/rMgwH+NbHyTCb6q0K9ORLtkaZLLz6zlpqQuLiCrd1sMJ
GIztWw4WgvwkZVcFk1MiKfGyIbMBHbicYXEu64ymhkQ30aM1fID/gWvFs8pvaJNg
MnQ3APt45SoywHyqsqNYMr7G1al0Z/OgTf/MTH8R9QDFCnCo99cgWIU83yr9lNQP
z4HZaFSgkIE2Rfc5fsh9wA/K4iqIId06Fx/f4sF5BUXaVPhjUTSv9tIZSVfXfpsS
CuophjzKp5g05LIZUI32DZ+OEZpfR8DVdN6L8bhob5niJ0XqPVhkKf2ctHlmqP+p
FiRN/1SnZaz+ZbLtIV2groyRvD1N/DeDOZfbuCIyj0OhkrxC16XF3Olzb3ayuQXO
n3xXnFMTRmKzTMWQTjS7gMSPEwnImvLsBUhD/Qc7Ka2eiceEm/Q5yziptyYUX+/f
/W0b95rvXcMQMRcCcgwDTHvOV31UOWC0WzDNwZTksyhtNvFXd8MtDmlOE4KAGDyD
hFNNkxJSovtoTB2ogehsUX2QO09yEFirYqntnAmu3Xih56sg3PBcMZOU4O/5dwyw
2nUUJe1p1lvRf5MVd9re9uWxPvv3CYEAiPbHL8S4HEH8etajywg=
=Hh3B
-----END PGP SIGNATURE-----
Merge tag 'irq_urgent_for_v6.10_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull irq fixes from Borislav Petkov:
- Make sure multi-bridge machines get all eiointc interrupt controllers
initialized even if the number of CPUs has been limited by a cmdline
param
- Make sure interrupt lines on liointc hw are configured properly even
when interrupt routing changes
- Avoid use-after-free in the error path of the MSI init code
* tag 'irq_urgent_for_v6.10_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
PCI/MSI: Fix UAF in msi_capability_init
irqchip/loongson-liointc: Set different ISRs for different cores
irqchip/loongson-eiointc: Use early_cpu_to_node() instead of cpu_to_node()
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmaBFDwACgkQEsHwGGHe
VUqPnw//aRU3MsjXkoBKmK98O7M+6qoHL2rFRGcvw1o0GxzVB4gODgE2mZWeirG7
JLRp/lVX4xhR85NSBpKlmsnnkC8UCDnpXLRpO24ZTdlc84xEyJGsN0gHqJPjpm9M
GkBLRPOwDiSEBzL++6IyR/m3f88WDucQJXVyFa/LQIkSiFdzPBbLwX4otuIieD19
6niyXlqQQ+iAyvkDIH7tNELrOHxivPpH3+QQEfAdtE7TWamv5dkQpu9Kbf811vQb
DUsaD4E2+kQUY9ulevvz9OnsGpyhd3m30PUOHKdsrUfaE9bM/RTBDpnQ1dR3lPFD
kEb4OXsrcM0z++eIUUTBMpRATVjxl17nSgkDg5S6GLTq/Om4KQP33Co7iXE5D4sI
ephbA9jlnHAOtaNh/C1/95pIBidMBHw5HE63XcHJGei1x1pRtFx1apI9UezGGc9H
IwRzpKR2UorojCcJedZFiXGt54nJL9UUg7d7sybiVurlKOxIxnaB7cfg1MgeG9ke
yUGj6ElXvEAoEmnaf7ScAQnQ5VmkyJYTE8PUlR8h8dumQ3tyBEHanOUxqkQAlZ2P
TzVqNeCymh8XGChKKs9pHHUeySkQKYMBOZhEGwSGte0kw8JLJuEsTFud+vcONkda
4MqkH73ebPUdsH5pBNDX7eeDFLvrbpwPNh9u3wQtAnpMGLTKH4k=
=et0y
-----END PGP SIGNATURE-----
Merge tag 'timers_urgent_for_v6.10_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fix from Borislav Petkov:
- Warn when an hrtimer doesn't get a callback supplied
* tag 'timers_urgent_for_v6.10_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
hrtimer: Prevent queuing of hrtimer without a function callback
Sometimes, the on-disk metadata might be invalid due to user
interrupts, storage failures, or other unknown causes.
In that case, z_erofs_map_blocks_iter() may still return a valid
m_llen while other fields remain invalid (e.g., m_plen can be 0).
Due to the return value of z_erofs_scan_folio() in some path will
be ignored on purpose, the following z_erofs_scan_folio() could
then use the invalid value by accident.
Let's reset m_llen to 0 to prevent this.
Link: https://lore.kernel.org/r/20240629185743.2819229-1-hsiangkao@linux.alibaba.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Bugfixes:
- SUNRPC one more fix for the NFSv4.x backchannel timeouts
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEESQctxSBg8JpV8KqEZwvnipYKAPIFAmaAUuUACgkQZwvnipYK
APKO2A//XjinP2LBsPPtjNCrZRujWgYZDblymXeFyZKh8LEsORojvaijtE959VXQ
loPxmybv5Ht7Zg1p5vxRF00T6MX4eza50JAUfxa7QaUYTDMF7MX2sR1217aG2ht/
ccmWLz4+JiuSbiPyOHYgY044KXMN9jLth1PjaBn6Efw4waQTyL7nI9dm7Mu/miij
eyIYzDl2gb2XyB6+qG528XWi3nA57OGV3vHvET8S15Rvq6LwdYdnJykk/cG7uVkp
00ZsdotVBUtnGyrQrcbZulzqVdKRYCYrmWK33UhP9NSDazf9ou89ieTZqyFi2+8m
46rSmLmW2rx6u37he46ZVjly+0PFWGZaO/U/Qj7e19iA5bp5C8Sp5z8igo3dG93p
1SFNGH4SKJ6IuNz3mWfhza25/sV0ZTdVSDgGazzVpf/dHOdBJ24Btjo2ANo9oxct
3BP4k6mXrZyQse967WjOQIhGXC7DAwzU9rw0hLDd6PPQD+SA8KsIn3P4PFJSGqOP
VGE5QK2mGRUHUypo/b2YPueXHxLxN2NJv+xLvd/IiAUr0km8hcITnrhOgAf297/j
BK1qv2PdKhTFc0NTZ7frXrBV5hpbws98z5JOVq/lkt9spGqEdtjUzSeCd4gpJAWk
abHpHI59OZH8Byt9nJllDn/BbNJTDhk//dnytt4iklm1yllKs6k=
=c5Ek
-----END PGP SIGNATURE-----
Merge tag 'nfs-for-6.10-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
Pull NFS client fix from Trond Myklebust:
- One more SUNRPC fix for the NFSv4.x backchannel timeouts
* tag 'nfs-for-6.10-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
SUNRPC: Fix backchannel reply, again
* Always free only post-EOF delayed allocations for files with the
XFS_DIFLAG_PREALLOC or APPEND flags set.
* Do not align cow fork delalloc to cowextsz hint when running low on space.
* Allow zero-size symlinks and directories as long as the link count is
zero.
* Change XFS_IOC_EXCHANGE_RANGE to be a _IOW only ioctl. This was ioctl was
introduced during v6.10 developement cycle.
* xfs_init_new_inode() now creates an attribute fork on a newly created
inode even if ATTR feature flag is not enabled.
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQjMC4mbgVeU7MxEIYH7y4RirJu9AUCZnvYdwAKCRAH7y4RirJu
9DRmAP9VwmSgBrVGZ459K6LluP12FoIpzUljEYSiQiyjhxuQJgD/fou/8G+/TTQH
3TtdmC8Xo7SWRMq9+wPpH5OywbsvZQM=
=fV8d
-----END PGP SIGNATURE-----
Merge tag 'xfs-6.10-fixes-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Pull xfs fixes from Chandan Babu:
- Always free only post-EOF delayed allocations for files with the
XFS_DIFLAG_PREALLOC or APPEND flags set.
- Do not align cow fork delalloc to cowextsz hint when running low on
space.
- Allow zero-size symlinks and directories as long as the link count is
zero.
- Change XFS_IOC_EXCHANGE_RANGE to be a _IOW only ioctl. This was ioctl
was introduced during v6.10 developement cycle.
- xfs_init_new_inode() now creates an attribute fork on a newly created
inode even if ATTR feature flag is not enabled.
* tag 'xfs-6.10-fixes-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs
xfs: fix direction in XFS_IOC_EXCHANGE_RANGE
xfs: allow unlinked symlinks and dirs with zero size
xfs: restrict when we try to align cow fork delalloc to cowextsz hints
xfs: fix freeing speculative preallocations for preallocated files
of the previous wmt-driver
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEOZGx6rniZ1Gk92RdFA3kzBSgKbYFAmaADYQACgkQFA3kzBSg
KbYLHg//Zcm15ojDvBkvGCHnlien/ZwaVQnTmM1zuo8SziwlnNVBST9ib7wz0Mfr
SACAs3kGaNw5nSA/ryVxYw5s03YyWoqcwwgnB3rY+JX1lOsOxBv0Jzjh1SumwQHC
RGimQv7nU8Ype8HEcy6cy2WKBSH0gEDiHwUfraxDpRBejQTJqREtJGyMXQzNFzEr
QM1q6AuXSnhq75t3cpcN3d2xCnmnv6UbFEsxbYB+TWg8XVJkYwcc/hbGLz3wz3kz
G/eLgerPaDXDr372LPsTKyaKb07vrk3gCyqCpYFAV3FYtCHHSlaNFnrdJBZtZA+4
1k7QmDDlfoV+Or64oDdfgAhUhvZNqpwSmIlJs7SiNH/1xIqt9RDni3XOomCgi32l
IWiYN6XDVJxV81AyObYdI6qFLEgPja7MQCXFe3U06J//hxTuiBRcPnuDoakZVkgr
hMrEQKxlwkcQCBoZYIUjgFxEtRStXxp4d15TbjVNa4pLQmBstb7Ax8RHXNgbLQWn
3sIpoutSr1qMBKvb8SFKCZxTfjzScLwMDn+NIS04XmlAt8YZ5m8XwRkx5j/d1wUD
N0x7+wvP/O04Z4XfT3V46VD2Yp+bd6xrLx0LJx6W4f1hZCXUj3vaTL/ykFV5Sf6u
m07j+zzASprZ7NysGWhPYhn7J3Wxc2ng0ogjYQcP5Pt+saI62S4=
=pKpi
-----END PGP SIGNATURE-----
Merge tag 'i2c-for-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
"Two fixes for the testunit and and a fixup for the code reorganization
of the previous wmt-driver"
* tag 'i2c-for-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: testunit: discard write requests while old command is running
i2c: testunit: don't erase registers after STOP
i2c: viai2c: turn common code into a proper module
Highlights:
- Fix lg-laptop driver not working with 2024 LG laptop models
- Add missing MODULE_DESCRIPTION() macros to various modules
- nvsw-sn2201: Add check for platform_device_add_resources
The following is an automated git shortlog grouped by driver:
add missing MODULE_DESCRIPTION() macros:
- add missing MODULE_DESCRIPTION() macros
lg-laptop:
- Use ACPI device handle when evaluating WMAB/WMBB
- Change ACPI device id
- Remove LGEX0815 hotkey handling
platform/mellanox:
- nvsw-sn2201: Add check for platform_device_add_resources
platform/x86/intel:
- add missing MODULE_DESCRIPTION() macros
platform/x86/siemens:
- add missing MODULE_DESCRIPTION() macros
wireless-hotkey:
- Add support for LG Airplane Button
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEEuvA7XScYQRpenhd+kuxHeUQDJ9wFAmZ/6kUUHGhkZWdvZWRl
QHJlZGhhdC5jb20ACgkQkuxHeUQDJ9z+ywf/dQ9UqyJqejtRHrXjYYZqQyT/xXv9
8aCMXA/U7RPxnIP8Fwkb3hQXW4TMUMYrsz3sHxhCWiyb8fXBgEbrVxDVbIjehnf3
HZRVw/JeFqHe/bIp3QmOH05FSMdBWY34hhsm4dPEYyUiUUPN78ec7bekZ7ERMoFi
u3+jKUxIKlcqGqO6E0NtpLmz6Ltu07C5SHgvgpafs8FLuWTvr6dnbKMWB5k/1oCo
qn8aXopWsBclaPTPI/ehtHvPnWX9bhuTz0oQjZGrGJQmaVoo81guFLe+Ag2nKPNU
mhQQUvUKdDg6ojuSX7Hmtb7pBIP0noxHxuAXll0gePQXjpyJ0Pe07HlNMw==
=iWe/
-----END PGP SIGNATURE-----
Merge tag 'platform-drivers-x86-v6.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
Pull x86 platform driver fixes from Hans de Goede:
- Fix lg-laptop driver not working with 2024 LG laptop models
- Add missing MODULE_DESCRIPTION() macros to various modules
- nvsw-sn2201: Add check for platform_device_add_resources
* tag 'platform-drivers-x86-v6.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
platform/x86: add missing MODULE_DESCRIPTION() macros
platform/x86/intel: add missing MODULE_DESCRIPTION() macros
platform/x86/siemens: add missing MODULE_DESCRIPTION() macros
platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB
platform/x86: lg-laptop: Change ACPI device id
platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
platform/x86: wireless-hotkey: Add support for LG Airplane Button
platform/mellanox: nvsw-sn2201: Add check for platform_device_add_resources
- moxart-mmc: Revert "mmc: moxart-mmc: Use sg_miter for PIO"
- sdhci: Do not invert write-protect twice
- sdhci: Do not lock spinlock around mmc_gpio_get_ro()
- sdhci-pci/sdhci-pci-o2micro: Return proper error codes
- sdhci-brcmstb: Fix support for erase/trim/discard
-----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmZ/0ZAXHHVsZi5oYW5z
c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjClAhQ/+KqsMcO6i4Qjro14ltngYc9CL
Gct4k/eV5F2Zf6e7Xyz7E6z6lY9Y7QgHMGD5uxvUPxlunnzIYkFxw6Fj3Yg0/II5
4FfzYAhdRDVysD1leehsodo+AJhEp+v2buGwfbiJf1t6gYQzBKGY5y5KJhGN7Pud
v+CeEv9sTkIuRnYcSfn1CrcPZ2tb9nDbkNrcorO8wugXvKIDv2nk2EVhj7joRcUx
bL2xU65c+0LgtDlAPu9+v3hxnj4UusSGUMK0mwuGz+KNBv8lCnSa94J2swY2A3wp
z9pKdDp9PlGllm5c+FyefhQ+fSDI1YjqJPKrxSrZSRc02pUsQCcYFRlQykwtPd/o
HzknBIFc2JzySSeEczf2I3yx6gc85G7xpjDQtD63xacDrQxcTTRYKTpouTYx122j
x+R0zvE+s6DqlIgbA6laVYHh3o8lRI9xNAuThqlIsXcAT+KuZHMsUhCWq+faK1uv
2tzBQa0NErIUG0Vo8xgkoxdjgbTbaI/+lDR72Sp8g6k9JFRGVLEFOvB0M+zp1KqX
dq3/6fI7IMFntdNEIZw9tUnMUBbPe7hawzOZi1SLsAyeXKY2oE2yO3yFlVCzHEG8
BaSwrgppNtbv1VeqK8X0pj16rVZ4Eh7N68pYyofaURMv72exfSSJmZM0rTSDbXux
6WBy1mZB4CPTabfbriA=
=gj1M
-----END PGP SIGNATURE-----
Merge tag 'mmc-v6.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc
Pull MMC fixes from Ulf Hansson:
- moxart-mmc: Revert "mmc: moxart-mmc: Use sg_miter for PIO"
- sdhci: Do not invert write-protect twice
- sdhci: Do not lock spinlock around mmc_gpio_get_ro()
- sdhci-pci/sdhci-pci-o2micro: Return proper error codes
- sdhci-brcmstb: Fix support for erase/trim/discard
* tag 'mmc-v6.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
mmc: sdhci: Do not invert write-protect twice
Revert "mmc: moxart-mmc: Use sg_miter for PIO"
mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard
mmc: sdhci-pci-o2micro: Convert PCIBIOS_* return codes to errnos
mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
