0bef7129bf
80415 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
db50ac4d0a |
Merge 6.1.22 into android14-6.1
Changes in 6.1.22 interconnect: qcom: osm-l3: fix icc_onecell_data allocation interconnect: qcom: sm8450: switch to qcom_icc_rpmh_* function interconnect: qcom: qcm2290: Fix MASTER_SNOC_BIMC_NRT perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output perf: fix perf_event_context->time tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr drm/amd/display: Include virtual signal to set k1 and k2 values drm/amd/display: fix k1 k2 divider programming for phantom streams drm/amd/display: Remove OTG DIV register write for Virtual signals. mptcp: refactor passive socket initialization mptcp: use the workqueue to destroy unaccepted sockets mptcp: fix UaF in listener shutdown drm/amd/display: Fix DP MST sinks removal issue arm64: dts: qcom: sm8450: Mark UFS controller as cache coherent power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition arm64: dts: imx8dxl-evk: Disable hibernation mode of AR8031 for EQOS arm64: dts: imx8dxl-evk: Fix eqos phy reset gpio ARM: dts: imx6sll: e70k02: fix usbotg1 pinctrl ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes arm64: dts: imx93: add missing #address-cells and #size-cells to i2c nodes NFS: Fix /proc/PID/io read_bytes for buffered reads xsk: Add missing overflow check in xdp_umem_reg iavf: fix inverted Rx hash condition leading to disabled hash iavf: fix non-tunneled IPv6 UDP packet type and hashing iavf: do not track VLAN 0 filters intel/igbvf: free irq on the error path in igbvf_request_msix() igbvf: Regard vf reset nack as success igc: fix the validation logic for taprio's gate list i2c: imx-lpi2c: check only for enabled interrupt flags i2c: mxs: ensure that DMA buffers are safe for DMA i2c: hisi: Only use the completion interrupt to finish the transfer scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() nfsd: don't replace page in rq_pages if it's a continuation of last page net: dsa: b53: mmap: fix device tree support net: usb: smsc95xx: Limit packet length to skb->len efi/libstub: smbios: Use length member instead of record struct size qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info xirc2ps_cs: Fix use after free bug in xirc2ps_detach net: phy: Ensure state transitions are processed from phy_stop() net: mdio: fix owner field for mdio buses registered using device-tree net: mdio: fix owner field for mdio buses registered using ACPI net: stmmac: Fix for mismatched host/device DMA address width thermal/drivers/mellanox: Use generic thermal_zone_get_trip() function mlxsw: core_thermal: Fix fan speed in maximum cooling state drm/i915: Print return value on error drm/i915/fbdev: lock the fbdev obj before vma pin drm/i915/guc: Rename GuC register state capture node to be more obvious drm/i915/guc: Fix missing ecodes drm/i915/gt: perform uc late init after probe error injection net: qcom/emac: Fix use after free bug in emac_remove due to race condition net: usb: lan78xx: Limit packet length to skb->len net/ps3_gelic_net: Fix RX sk_buff length net/ps3_gelic_net: Use dma_mapping_error octeontx2-vf: Add missing free for alloc_percpu bootconfig: Fix testcase to increase max node keys: Do not cache key in task struct if key is requested from kernel thread ice: check if VF exists before mode check iavf: fix hang on reboot with ice i40e: fix flow director packet filter programming bpf: Adjust insufficient default bpf_jit_limit net/mlx5e: Set uplink rep as NETNS_LOCAL net/mlx5e: Block entering switchdev mode with ns inconsistency net/mlx5: Fix steering rules cleanup net/mlx5e: Overcome slow response for first macsec ASO WQE net/mlx5: Read the TC mapping of all priorities on ETS query net/mlx5: E-Switch, Fix an Oops in error handling code net: dsa: tag_brcm: legacy: fix daisy-chained switches atm: idt77252: fix kmemleak when rmmod idt77252 erspan: do not use skb_mac_header() in ndo_start_xmit() net/sonic: use dma_mapping_error() for error check nvme-tcp: fix nvme_tcp_term_pdu to match spec mlxsw: spectrum_fid: Fix incorrect local port type hvc/xen: prevent concurrent accesses to the shared ring ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA ksmbd: add low bound validation to FSCTL_QUERY_ALLOCATED_RANGES ksmbd: fix possible refcount leak in smb2_open() Bluetooth: hci_sync: Resume adv with no RPA when active scan Bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet Bluetooth: btusb: Remove detection of ISO packets over bulk Bluetooth: ISO: fix timestamped HCI ISO data packet parsing Bluetooth: Remove "Power-on" check from Mesh feature gve: Cache link_speed value from device net: asix: fix modprobe "sysfs: cannot create duplicate filename" net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup() net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup() net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case net: mdio: thunder: Add missing fwnode_handle_put() drm/amd/display: Set dcn32 caps.seamless_odm Bluetooth: btqcomsmd: Fix command timeout after setting BD address Bluetooth: L2CAP: Fix responding with wrong PDU type Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work Bluetooth: mgmt: Fix MGMT add advmon with RSSI command Bluetooth: HCI: Fix global-out-of-bounds platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl entry: Fix noinstr warning in __enter_from_user_mode() perf/x86/amd/core: Always clear status for idx entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up hwmon: fix potential sensor registration fail if of_node is missing hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs scsi: qla2xxx: Synchronize the IOCB count to be in order scsi: qla2xxx: Perform lockless command completion in abort path smb3: lower default deferred close timeout to address perf regression smb3: fix unusable share after force unmount failure uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 thunderbolt: Use scale field when allocating USB3 bandwidth thunderbolt: Call tb_check_quirks() after initializing adapters thunderbolt: Add quirk to disable CLx thunderbolt: Fix memory leak in margining thunderbolt: Disable interrupt auto clear for rings thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access thunderbolt: Use const qualifier for `ring_interrupt_index` thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) ACPI: x86: Drop quirk for HP Elitebook ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable riscv: Bump COMMAND_LINE_SIZE value to 1024 drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded ca8210: fix mac_len negative array access HID: logitech-hidpp: Add support for Logitech MX Master 3S mouse HID: intel-ish-hid: ipc: Fix potential use-after-free in work function m68k: mm: Fix systems with memory at end of 32-bit address space m68k: Only force 030 bus error if PC not in exception table selftests/bpf: check that modifier resolves after pointer scsi: target: iscsi: Fix an error message in iscsi_check_key() scsi: qla2xxx: Add option to disable FC2 Target support scsi: hisi_sas: Check devm_add_action() return value scsi: ufs: core: Add soft dependency on governor_simpleondemand scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() scsi: lpfc: Avoid usage of list iterator variable after loop scsi: mpi3mr: Driver unload crashes host when enhanced logging is enabled scsi: mpi3mr: Wait for diagnostic save during controller init scsi: mpi3mr: NVMe command size greater than 8K fails scsi: mpi3mr: Bad drive in topology results kernel crash scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file platform/x86: int3472: Add GPIOs to Surface Go 3 Board data net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 net: usb: qmi_wwan: add Telit 0x1080 composition drm/amd/display: Update clock table to include highest clock setting sh: sanitize the flags on sigreturn drm/amdgpu: Fix call trace warning and hang when removing amdgpu device drm/amd: Fix initialization mistake for NBIO 7.3.0 net/sched: act_mirred: better wording on protection against excessive stack growth act_mirred: use the backlog for nested calls to mirred ingress cifs: lock chan_lock outside match_session cifs: append path to open_enter trace event cifs: do not poll server interfaces too regularly cifs: empty interface list when server doesn't support query interfaces cifs: dump pending mids for all channels in DebugData cifs: print session id while listing open files cifs: fix dentry lookups in directory handle cache x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() selftests/x86/amx: Add a ptrace test scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR usb: misc: onboard-hub: add support for Microchip USB2517 USB 2.0 hub usb: dwc2: drd: fix inconsistent mode if role-switch-default-mode="host" usb: dwc2: fix a devres leak in hw_enable upon suspend resume usb: gadget: u_audio: don't let userspace block driver unbind btrfs: zoned: fix btrfs_can_activate_zone() to support DUP profile Bluetooth: Fix race condition in hci_cmd_sync_clear efi: sysfb_efi: Fix DMI quirks not working for simpledrm mm/slab: Fix undefined init_cache_node_node() for NUMA and !SMP fscrypt: destroy keyring after security_sb_delete() fsverity: Remove WQ_UNBOUND from fsverity read workqueue lockd: set file_lock start and end when decoding nlm4 testargs arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name igb: revert rtnl_lock() that causes deadlock dm thin: fix deadlock when swapping to thin device usb: typec: tcpm: fix create duplicate source-capabilities file usb: typec: tcpm: fix warning when handle discover_identity message usb: cdns3: Fix issue with using incorrect PCI device function usb: cdnsp: Fixes issue with redundant Status Stage usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver usb: chipdea: core: fix return -EINVAL if request role is the same with current role usb: chipidea: core: fix possible concurrent when switch role usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() usb: ucsi_acpi: Increase the command completion timeout mm: kfence: fix using kfence_metadata without initialization in show_object() kfence: avoid passing -g for test io_uring/net: avoid sending -ECONNABORTED on repeated connection requests io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get() Revert "kasan: drop skip_kasan_poison variable in free_pages_prepare" test_maple_tree: add more testing for mas_empty_area() maple_tree: fix mas_skip_node() end slot detection ksmbd: fix wrong signingkey creation when encryption is AES256 ksmbd: set FILE_NAMED_STREAMS attribute in FS_ATTRIBUTE_INFORMATION ksmbd: don't terminate inactive sessions after a few seconds ksmbd: return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect ksmbd: return unsupported error on smb1 mount wifi: mac80211: fix qos on mesh interfaces nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk drm/meson: fix missing component unbind on bind errors drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi drm/i915/active: Fix missing debug object activation drm/i915: Preserve crtc_state->inherited during state clearing drm/amdgpu: skip ASIC reset for APUs when go to S4 drm/amdgpu: reposition the gpu reset checking for reuse riscv: mm: Fix incorrect ASID argument when flushing TLB riscv: Handle zicsr/zifencei issues between clang and binutils tee: amdtee: fix race condition in amdtee_open_session firmware: arm_scmi: Fix device node validation for mailbox transport arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent arm64: dts: qcom: sm8150: Fix the iommu mask used for PCIe controllers soc: qcom: llcc: Fix slice configuration values for SC8280XP mm/ksm: fix race with VMA iteration and mm_struct teardown bus: imx-weim: fix branch condition evaluates to a garbage value i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() dm stats: check for and propagate alloc_percpu failure dm crypt: add cond_resched() to dmcrypt_write() dm crypt: avoid accessing uninitialized tasklet sched/fair: sanitize vruntime of entity being placed sched/fair: Sanitize vruntime of entity being migrated drm/amdkfd: introduce dummy cache info for property asic drm/amdkfd: Fix the warning of array-index-out-of-bounds drm/amdkfd: add GC 11.0.4 KFD support drm/amdkfd: Fix the memory overrun Linux 6.1.22 Change-Id: Id13b4655dbfb59c29a0b8953e5e0cda3703f1879 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Ryusuke Konishi
|
5f33b042f7 |
nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
commit 003587000276f81d0114b5ce773d80c119d8cb30 upstream. The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO. This can occur when the element size of the user space metadata given by the v_size member of the argument nilfs_argv structure is larger than the size of the metadata element (nilfs_suinfo structure or nilfs_cpinfo structure) on the file system side. KMSAN-enabled kernels detect this issue as follows: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc0/0x100 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [inline] _copy_to_user+0xc0/0x100 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [inline] nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [inline] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572 alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287 __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599 nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [inline] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Bytes 16-127 of 3968 are uninitialized ... This eliminates the leak issue by initializing the page allocated as buffer using get_zeroed_page(). Link: https://lkml.kernel.org/r/20230307085548.6290-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com> Reported-by: syzbot+132fdd2f1e1805fdc591@syzkaller.appspotmail.com Link: https://lkml.kernel.org/r/000000000000a5bd2d05f63f04ae@google.com Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Namjae Jeon
|
0b3ec5671a |
ksmbd: return unsupported error on smb1 mount
commit 39b291b86b5988bf8753c3874d5c773399d09b96 upstream. ksmbd disconnect connection when mounting with vers=smb1. ksmbd should send smb1 negotiate response to client for correct unsupported error return. This patch add needed SMB1 macros and fill NegProt part of the response for smb1 negotiate response. Cc: stable@vger.kernel.org Reported-by: Steve French <stfrench@microsoft.com> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Namjae Jeon
|
3060466e38 |
ksmbd: return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect
commit b53e8cfec30b93c120623232ba27c041b1ef8f1a upstream. ksmbd returned "Input/output error" when mounting with vers=2.0 to ksmbd. It should return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect. Cc: stable@vger.kernel.org Reported-by: Steve French <stfrench@microsoft.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Namjae Jeon
|
fe9591a5a0 |
ksmbd: don't terminate inactive sessions after a few seconds
commit be6f42fad5f5fd1fea9d562df82c38ad6ed3bfe9 upstream. Steve reported that inactive sessions are terminated after a few seconds. ksmbd terminate when receiving -EAGAIN error from kernel_recvmsg(). -EAGAIN means there is no data available in timeout. So ksmbd should keep connection with unlimited retries instead of terminating inactive sessions. Cc: stable@vger.kernel.org Reported-by: Steve French <stfrench@microsoft.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Namjae Jeon
|
d55c056089 |
ksmbd: set FILE_NAMED_STREAMS attribute in FS_ATTRIBUTE_INFORMATION
commit 728f14c72b71a19623df329c1c7c9d1452e56f1e upstream. If vfs objects = streams_xattr in ksmbd.conf FILE_NAMED_STREAMS should be set to Attributes in FS_ATTRIBUTE_INFORMATION. MacOS client show "Format: SMB (Unknown)" on faked NTFS and no streams support. Cc: stable@vger.kernel.org Reported-by: Miao Lihua <441884205@qq.com> Tested-by: Miao Lihua <441884205@qq.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Namjae Jeon
|
e54752f596 |
ksmbd: fix wrong signingkey creation when encryption is AES256
commit 7a891d4b62d62566323676cb0e922ded4f37afe1 upstream. MacOS and Win11 support AES256 encrytion and it is included in the cipher array of encryption context. Especially on macOS, The most preferred cipher is AES256. Connecting to ksmbd fails on newer MacOS clients that support AES256 encryption. MacOS send disconnect request after receiving final session setup response from ksmbd. Because final session setup is signed with signing key was generated incorrectly. For signging key, 'L' value should be initialized to 128 if key size is 16bytes. Cc: stable@vger.kernel.org Reported-by: Miao Lihua <441884205@qq.com> Tested-by: Miao Lihua <441884205@qq.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Jeff Layton
|
41a68444e5 |
lockd: set file_lock start and end when decoding nlm4 testargs
commit 7ff84910c66c9144cc0de9d9deed9fb84c03aff0 upstream. Commit |
||
Nathan Huckleberry
|
260becc389 |
fsverity: Remove WQ_UNBOUND from fsverity read workqueue
commit f959325e6ac3f499450088b8d9c626d1177be160 upstream.
WQ_UNBOUND causes significant scheduler latency on ARM64/Android. This
is problematic for latency sensitive workloads, like I/O
post-processing.
Removing WQ_UNBOUND gives a 96% reduction in fsverity workqueue related
scheduler latency and improves app cold startup times by ~30ms.
WQ_UNBOUND was also removed from the dm-verity workqueue for the same
reason [1].
This code was tested by running Android app startup benchmarks and
measuring how long the fsverity workqueue spent in the runnable state.
Before
Total workqueue scheduler latency: 553800us
After
Total workqueue scheduler latency: 18962us
[1]: https://lore.kernel.org/all/20230202012348.885402-1-nhuck@google.com/
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Fixes:
|
||
Eric Biggers
|
d77531fac6 |
fscrypt: destroy keyring after security_sb_delete()
commit ccb820dc7d2236b1af0d54ae038a27b5b6d5ae5a upstream.
fscrypt_destroy_keyring() must be called after all potentially-encrypted
inodes were evicted; otherwise it cannot safely destroy the keyring.
Since inodes that are in-use by the Landlock LSM don't get evicted until
security_sb_delete(), this means that fscrypt_destroy_keyring() must be
called *after* security_sb_delete().
This fixes a WARN_ON followed by a NULL dereference, only possible if
Landlock was being used on encrypted files.
Fixes:
|
||
Naohiro Aota
|
00331677c0 |
btrfs: zoned: fix btrfs_can_activate_zone() to support DUP profile
commit 9e1cdf0c354e46e428c0e0cab008abbe81b6013d upstream.
btrfs_can_activate_zone() returns true if at least one device has one zone
available for activation. This is OK for the single profile, but not OK for
DUP profile. We need two zones to create a DUP block group. Fix it by
properly handling the case with the profile flags.
Fixes:
|
||
Paulo Alcantara
|
3626280487 |
cifs: fix dentry lookups in directory handle cache
commit be4fde79812f02914e350bde0bc4cfeae8429378 upstream.
Get rid of any prefix paths in @path before lookup_positive_unlocked()
as it will call ->lookup() which already adds those prefix paths
through build_path_from_dentry().
This has caused a performance regression when mounting shares with a
prefix path where readdir(2) would end up retrying several times to
open bad directory names that contained duplicate prefix paths.
Fix this by skipping any prefix paths in @path before calling
lookup_positive_unlocked().
Fixes:
|
||
Shyam Prasad N
|
d4bab65f80 |
cifs: print session id while listing open files
commit 175b54abc443b6965e9379b71ec05f7c73c192e9 upstream. In the output of /proc/fs/cifs/open_files, we only print the tree id for the tcon of each open file. It becomes difficult to know which tcon these files belong to with just the tree id. This change dumps ses id in addition to all other data today. Signed-off-by: Shyam Prasad N <sprasad@microsoft.com> Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com> Cc: stable@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Shyam Prasad N
|
dc9e203f9f |
cifs: dump pending mids for all channels in DebugData
commit d12bc6d26f92c51b28e8f4a146ffcc630b688198 upstream. Currently, we only dump the pending mid information only on the primary channel in /proc/fs/cifs/DebugData. If multichannel is active, we do not print the pending MID list on secondary channels. This change will dump the pending mids for all the channels based on server->conn_id. Signed-off-by: Shyam Prasad N <sprasad@microsoft.com> Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com> Cc: stable@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Shyam Prasad N
|
f401c35e6c |
cifs: empty interface list when server doesn't support query interfaces
commit 896cd316b841053f6df95ab77b5f1322c16a8e18 upstream. When querying server interfaces returns -EOPNOTSUPP, clear the list of interfaces. Assumption is that multichannel would be disabled too. Signed-off-by: Shyam Prasad N <sprasad@microsoft.com> Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com> Cc: stable@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Shyam Prasad N
|
ee1767a12e |
cifs: do not poll server interfaces too regularly
commit 072a28c8907c841f7d4b56c78bce46d3ee211e73 upstream. We have the server interface list hanging off the tcon structure today for reasons unknown. So each tcon which is connected to a file server can query them separately, which is really unnecessary. To avoid this, in the query function, we will check the time of last update of the interface list, and avoid querying the server if it is within a certain range. Signed-off-by: Shyam Prasad N <sprasad@microsoft.com> Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com> Cc: stable@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Shyam Prasad N
|
a163106b6d |
cifs: append path to open_enter trace event
commit fddc6ccc487e5de07b98df8d04118d5dcb5e0407 upstream. We do not dump the file path for smb3_open_enter ftrace calls, which is a severe handicap while debugging using ftrace evens. This change adds that info. Unfortunately, we're not updating the path in open params in many places; which I had to do as a part of this change. SMB2_open gets path in utf16 format, but it's easier of path is supplied as char pointer in oparms. Signed-off-by: Shyam Prasad N <sprasad@microsoft.com> Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com> Cc: stable@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Shyam Prasad N
|
f11f6ea883 |
cifs: lock chan_lock outside match_session
commit 2f4e429c846972c8405951a9ff7a82aceeca7461 upstream.
Coverity had rightly indicated a possible deadlock
due to chan_lock being done inside match_session.
All callers of match_* functions should pick up the
necessary locks and call them.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Cc: stable@vger.kernel.org
Fixes:
|
||
Steve French
|
4a369bb391 |
smb3: fix unusable share after force unmount failure
commit 491eafce1a51c457701351a4bf40733799745314 upstream.
If user does forced unmount ("umount -f") while files are still open
on the share (as was seen in a Kubernetes example running on SMB3.1.1
mount) then we were marking the share as "TID_EXITING" in umount_begin()
which caused all subsequent operations (except write) to fail ... but
unfortunately when umount_begin() is called we do not know yet that
there are open files or active references on the share that would prevent
unmount from succeeding. Kubernetes had example when they were doing
umount -f when files were open which caused the share to become
unusable until the files were closed (and the umount retried).
Fix this so that TID_EXITING is not set until we are about to send
the tree disconnect (not at the beginning of forced umounts in
umount_begin) so that if "umount -f" fails (due to open files or
references) the mount is still usable.
Cc: stable@vger.kernel.org
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Steve French
|
3de686a365 |
smb3: lower default deferred close timeout to address perf regression
commit 7e0e76d99079be13c9961dde7c93b2d1ee665af4 upstream.
Performance tests with large number of threads noted that the change
of the default closetimeo (deferred close timeout between when
close is done by application and when client has to send the close
to the server), to 5 seconds from 1 second, significantly degraded
perf in some cases like this (in the filebench example reported,
the stats show close requests on the wire taking twice as long,
and 50% regression in filebench perf). This is stil configurable
via mount parm closetimeo, but to be safe, decrease default back
to its previous value of 1 second.
Reported-by: Yin Fengwei <fengwei.yin@intel.com>
Reported-by: kernel test robot <yujie.liu@intel.com>
Link: https://lore.kernel.org/lkml/997614df-10d4-af53-9571-edec36b0e2f3@intel.com/
Fixes:
|
||
ChenXiaoSong
|
303f8e58cc |
ksmbd: fix possible refcount leak in smb2_open()
[ Upstream commit 2624b445544ffc1472ccabfb6ec867c199d4c95c ]
Reference count of acls will leak when memory allocation fails. Fix this
by adding the missing posix_acl_release().
Fixes:
|
||
|
Namjae Jeon
|
a4e6cd9253 |
ksmbd: add low bound validation to FSCTL_QUERY_ALLOCATED_RANGES
[ Upstream commit 342edb60dcda7a409430359b0cac2864bb9dfe44 ]
Smatch static checker warning:
fs/ksmbd/vfs.c:1040 ksmbd_vfs_fqar_lseek() warn: no lower bound on 'length'
fs/ksmbd/vfs.c:1041 ksmbd_vfs_fqar_lseek() warn: no lower bound on 'start'
Fix unexpected result that could caused from negative start and length.
Fixes:
|
||
|
Namjae Jeon
|
bd344dc3bb |
ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA
[ Upstream commit 2d74ec97131b1179a373b6d521f195c84e894eb6 ]
Smatch static checker warning:
fs/ksmbd/smb2pdu.c:7759 smb2_ioctl()
warn: no lower bound on 'off'
Fix unexpected result that could caused from negative off and bfz.
Fixes:
|
||
|
Jeff Layton
|
51ddb84baf |
nfsd: don't replace page in rq_pages if it's a continuation of last page
[ Upstream commit 27c934dd8832dd40fd34776f916dc201e18b319b ] The splice read calls nfsd_splice_actor to put the pages containing file data into the svc_rqst->rq_pages array. It's possible however to get a splice result that only has a partial page at the end, if (e.g.) the filesystem hands back a short read that doesn't cover the whole page. nfsd_splice_actor will plop the partial page into its rq_pages array and return. Then later, when nfsd_splice_actor is called again, the remainder of the page may end up being filled out. At this point, nfsd_splice_actor will put the page into the array _again_ corrupting the reply. If this is done enough times, rq_next_page will overrun the array and corrupt the trailing fields -- the rq_respages and rq_next_page pointers themselves. If we've already added the page to the array in the last pass, don't add it to the array a second time when dealing with a splice continuation. This was originally handled properly in nfsd_splice_actor, but commit |
||
Dave Wysochanski
|
4797ad1f56 |
NFS: Fix /proc/PID/io read_bytes for buffered reads
[ Upstream commit 9c88ea00fef03031ce6554531e89be82f6a42835 ] Prior to commit |
||
Jaegeuk Kim
|
1c94f5d776 |
FROMGIT: f2fs: fix scheduling while atomic in decompression path
[ 16.945668][ C0] Call trace: [ 16.945678][ C0] dump_backtrace+0x110/0x204 [ 16.945706][ C0] dump_stack_lvl+0x84/0xbc [ 16.945735][ C0] __schedule_bug+0xb8/0x1ac [ 16.945756][ C0] __schedule+0x724/0xbdc [ 16.945778][ C0] schedule+0x154/0x258 [ 16.945793][ C0] bit_wait_io+0x48/0xa4 [ 16.945808][ C0] out_of_line_wait_on_bit+0x114/0x198 [ 16.945824][ C0] __sync_dirty_buffer+0x1f8/0x2e8 [ 16.945853][ C0] __f2fs_commit_super+0x140/0x1f4 [ 16.945881][ C0] f2fs_commit_super+0x110/0x28c [ 16.945898][ C0] f2fs_handle_error+0x1f4/0x2f4 [ 16.945917][ C0] f2fs_decompress_cluster+0xc4/0x450 [ 16.945942][ C0] f2fs_end_read_compressed_page+0xc0/0xfc [ 16.945959][ C0] f2fs_handle_step_decompress+0x118/0x1cc [ 16.945978][ C0] f2fs_read_end_io+0x168/0x2b0 [ 16.945993][ C0] bio_endio+0x25c/0x2c8 [ 16.946015][ C0] dm_io_dec_pending+0x3e8/0x57c [ 16.946052][ C0] clone_endio+0x134/0x254 [ 16.946069][ C0] bio_endio+0x25c/0x2c8 [ 16.946084][ C0] blk_update_request+0x1d4/0x478 [ 16.946103][ C0] scsi_end_request+0x38/0x4cc [ 16.946129][ C0] scsi_io_completion+0x94/0x184 [ 16.946147][ C0] scsi_finish_command+0xe8/0x154 [ 16.946164][ C0] scsi_complete+0x90/0x1d8 [ 16.946181][ C0] blk_done_softirq+0xa4/0x11c [ 16.946198][ C0] _stext+0x184/0x614 [ 16.946214][ C0] __irq_exit_rcu+0x78/0x144 [ 16.946234][ C0] handle_domain_irq+0xd4/0x154 [ 16.946260][ C0] gic_handle_irq.33881+0x5c/0x27c [ 16.946281][ C0] call_on_irq_stack+0x40/0x70 [ 16.946298][ C0] do_interrupt_handler+0x48/0xa4 [ 16.946313][ C0] el1_interrupt+0x38/0x68 [ 16.946346][ C0] el1h_64_irq_handler+0x20/0x30 [ 16.946362][ C0] el1h_64_irq+0x78/0x7c [ 16.946377][ C0] finish_task_switch+0xc8/0x3d8 [ 16.946394][ C0] __schedule+0x600/0xbdc [ 16.946408][ C0] preempt_schedule_common+0x34/0x5c [ 16.946423][ C0] preempt_schedule+0x44/0x48 [ 16.946438][ C0] process_one_work+0x30c/0x550 [ 16.946456][ C0] worker_thread+0x414/0x8bc [ 16.946472][ C0] kthread+0x16c/0x1e0 [ 16.946486][ C0] ret_from_fork+0x10/0x20 Bug: 274972806 Fixes: |
||
Jaegeuk Kim
|
3d44f9b49e |
FROMGIT: f2fs v2: factor out discard_cmd usage from general rb_tree use
I found a bug in the previous version and this patch fixes the gap from
upstream version.
Fixes: fcc385fd44a0 ("FROMGIT: f2fs: factor out discard_cmd usage from general rb_tree use")
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
(cherry picked from commit e39836183be8
https: //git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git dev)
Change-Id: I4dbfb9f1f2cc956685a7c4de5fcfbba705c30cfb
|
||
|
Greg Kroah-Hartman
|
d14ac9ddc6 |
Merge 6.1.21 into android14-6.1
Changes in 6.1.21
xfrm: Allow transport-mode states with AF_UNSPEC selector
drm/virtio: Pass correct device to dma_sync_sgtable_for_device()
drm/msm/gem: Prevent blocking within shrinker loop
drm/panfrost: Don't sync rpm suspension after mmu flushing
fbdev: chipsfb: Fix error codes in chipsfb_pci_init()
cifs: Move the in_send statistic to __smb_send_rqst()
drm/meson: fix 1px pink line on GXM when scaling video overlay
clk: HI655X: select REGMAP instead of depending on it
ASoC: SOF: Intel: MTL: Fix the device description
ASoC: SOF: Intel: HDA: Fix device description
ASoC: SOF: Intel: SKL: Fix device description
ASOC: SOF: Intel: pci-tgl: Fix device description
ASoC: SOF: ipc4-topology: set dmic dai index from copier
docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate
scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
scsi: mpi3mr: Fix throttle_groups memory leak
scsi: mpi3mr: Fix config page DMA memory leak
scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove()
scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()
scsi: mpi3mr: Return proper values for failures in firmware init path
scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()
scsi: mpi3mr: ioctl timeout when disabling/enabling interrupt
scsi: mpi3mr: Fix expander node leak in mpi3mr_remove()
ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
netfilter: nft_nat: correct length for loading protocol registers
netfilter: nft_masq: correct length for loading protocol registers
netfilter: nft_redir: correct length for loading protocol registers
netfilter: nft_redir: correct value of inet type `.maxattrs`
scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD
scsi: core: Fix a procfs host directory removal regression
ftrace,kcfi: Define ftrace_stub_graph conditionally
tcp: tcp_make_synack() can be called from process context
vdpa/mlx5: should not activate virtq object when suspended
wifi: nl80211: fix NULL-ptr deref in offchan check
wifi: cfg80211: fix MLO connection ownership
selftests: fix LLVM build for i386 and x86_64
nfc: pn533: initialize struct pn533_out_arg properly
ipvlan: Make skb->skb_iif track skb->dev for l3s mode
i40e: Fix kernel crash during reboot when adapter is in recovery mode
vhost-vdpa: free iommu domain after last use during cleanup
vdpa_sim: not reset state in vdpasim_queue_ready
vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready
PCI: s390: Fix use-after-free of PCI resources with per-function hotplug
drm/i915/psr: Use calculated io and fast wake lines
drm/i915/sseu: fix max_subslices array-index-out-of-bounds access
net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
qed/qed_dev: guard against a possible division by zero
net: dsa: mt7530: remove now incorrect comment regarding port 5
net: dsa: mt7530: set PLL frequency and trgmii only when trgmii is used
block: do not reverse request order when flushing plug list
loop: Fix use-after-free issues
net: tunnels: annotate lockless accesses to dev->needed_headroom
net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
tcp: Fix bind() conflict check for dual-stack wildcard address.
nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
mlxsw: spectrum: Fix incorrect parsing depth after reload
net/smc: fix deadlock triggered by cancel_delayed_work_syn()
net: usb: smsc75xx: Limit packet length to skb->len
drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc
powerpc/mm: Fix false detection of read faults
block: null_blk: Fix handling of fake timeout request
nvme: fix handling single range discard request
nvmet: avoid potential UAF in nvmet_req_complete()
block: sunvdc: add check for mdesc_grab() returning NULL
net/mlx5e: Fix macsec ASO context alignment
net/mlx5e: Don't cache tunnel offloads capability
net/mlx5: Fix setting ec_function bit in MANAGE_PAGES
net/mlx5: Disable eswitch before waiting for VF pages
net/mlx5e: Support Geneve and GRE with VF tunnel offload
net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules
net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port
net/mlx5e: Fix cleanup null-ptr deref on encap lock
net/mlx5: Set BREAK_FW_WAIT flag first when removing driver
veth: Fix use after free in XDP_REDIRECT
ice: xsk: disable txq irq before flushing hw
net: dsa: don't error out when drivers return ETH_DATA_LEN in .port_max_mtu()
net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290
ravb: avoid PHY being resumed when interface is not up
sh_eth: avoid PHY being resumed when interface is not up
ipv4: Fix incorrect table ID in IOCTL path
net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
net: atlantic: Fix crash when XDP is enabled but no program is loaded
net/iucv: Fix size of interrupt data
i825xx: sni_82596: use eth_hw_addr_set()
selftests: net: devlink_port_split.py: skip test if no suitable device available
qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
net: dsa: microchip: fix RGMII delay configuration on KSZ8765/KSZ8794/KSZ8795
ethernet: sun: add check for the mdesc_grab()
bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change
bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails
hwmon: (adt7475) Display smoothing attributes in correct order
hwmon: (adt7475) Fix masking of hysteresis registers
hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
hwmon: (ina3221) return prober error code
hwmon: (ucd90320) Add minimum delay between bus accesses
hwmon: tmp512: drop of_match_ptr for ID table
kconfig: Update config changed flag before calling callback
hwmon: (adm1266) Set `can_sleep` flag for GPIO chip
hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip
media: m5mols: fix off-by-one loop termination error
mmc: atmel-mci: fix race between stop command and start of next command
soc: mediatek: mtk-svs: keep svs alive if CONFIG_DEBUG_FS not supported
jffs2: correct logic when creating a hole in jffs2_write_begin
rust: arch/um: Disable FP/SIMD instruction to match x86
ext4: fail ext4_iget if special inode unallocated
ext4: update s_journal_inum if it changes after journal replay
ext4: fix task hung in ext4_xattr_delete_inode
drm/amdkfd: Fix an illegal memory access
net/9p: fix bug in client create for .L
LoongArch: Only call get_timer_irq() once in constant_clockevent_init()
sh: intc: Avoid spurious sizeof-pointer-div warning
drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
ext4: fix possible double unlock when moving a directory
Revert "tty: serial: fsl_lpuart: adjust SERIAL_FSL_LPUART_CONSOLE config dependency"
tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted
serial: 8250_em: Fix UART port type
serial: 8250_fsl: fix handle_irq locking
serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
firmware: xilinx: don't make a sleepable memory allocation from an atomic context
memory: tegra: fix interconnect registration race
memory: tegra20-emc: fix interconnect registration race
memory: tegra124-emc: fix interconnect registration race
memory: tegra30-emc: fix interconnect registration race
drm/ttm: Fix a NULL pointer dereference
s390/ipl: add missing intersection check to ipl_report handling
interconnect: fix icc_provider_del() error handling
interconnect: fix provider registration API
interconnect: imx: fix registration race
interconnect: fix mem leak when freeing nodes
interconnect: qcom: osm-l3: fix registration race
interconnect: qcom: rpm: fix probe child-node error handling
interconnect: qcom: rpm: fix registration race
interconnect: qcom: rpmh: fix probe child-node error handling
interconnect: qcom: rpmh: fix registration race
interconnect: qcom: msm8974: fix registration race
interconnect: exynos: fix node leak in probe PM QoS error path
interconnect: exynos: fix registration race
md: select BLOCK_LEGACY_AUTOLOAD
cifs: generate signkey for the channel that's reconnecting
tracing: Make splice_read available again
tracing: Check field value in hist_field_name()
tracing: Make tracepoint lockdep check actually test something
cifs: Fix smb2_set_path_size()
KVM: SVM: Fix a benign off-by-one bug in AVIC physical table mask
KVM: SVM: Modify AVIC GATag to support max number of 512 vCPUs
KVM: nVMX: add missing consistency checks for CR0 and CR4
ALSA: hda: intel-dsp-config: add MTL PCI id
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform
Revert "riscv: mm: notify remote harts about mmu cache updates"
riscv: asid: Fixup stale TLB entry cause application crash
drm/shmem-helper: Remove another errant put in error path
drm/sun4i: fix missing component unbind on bind errors
drm/i915/active: Fix misuse of non-idle barriers as fence trackers
drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz
drm/amdgpu: Don't resume IOMMU after incomplete init
drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume
drm/amd/pm: bump SMU 13.0.4 driver_if header version
drm/amd/display: Do not set DRR on pipe Commit
drm/amd/display: disconnect MPCC only on OTG change
mptcp: fix possible deadlock in subflow_error_report
mptcp: add ro_after_init for tcp{,v6}_prot_override
mptcp: avoid setting TCP_CLOSE state twice
mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket()
ftrace: Fix invalid address access in lookup_rec() when index is 0
ocfs2: fix data corruption after failed write
nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV3000
ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
vp_vdpa: fix the crash in hot unplug with vp_vdpa
mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage
mm: teach mincore_hugetlb about pte markers
powerpc/64: Set default CPU in Kconfig
powerpc/boot: Don't always pass -mcpu=powerpc when building 32-bit uImage
mmc: sdhci_am654: lower power-on failed message severity
fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
trace/hwlat: Do not wipe the contents of per-cpu thread data
trace/hwlat: Do not start per-cpu thread if it is already running
ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent
net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit
fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release()
cpuidle: psci: Iterate backwards over list in psci_pd_remove()
ASoC: Intel: soc-acpi: fix copy-paste issue in topology names
ASoC: qcom: q6prm: fix incorrect clk_root passed to ADSP
x86/mce: Make sure logged MCEs are processed after sysfs update
x86/mm: Fix use of uninitialized buffer in sme_enable()
x86/resctrl: Clear staged_config[] before and after it is used
powerpc: Pass correct CPU reference to assembler
virt/coco/sev-guest: Check SEV_SNP attribute at probe time
virt/coco/sev-guest: Simplify extended guest request handling
virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request()
virt/coco/sev-guest: Carve out the request issuing logic into a helper
virt/coco/sev-guest: Do some code style cleanups
virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case
virt/coco/sev-guest: Add throttling awareness
io_uring/msg_ring: let target know allocated index
perf: Fix check before add_event_to_groups() in perf_group_detach()
powerpc: Disable CPU unknown by CLANG when CC_IS_CLANG
powerpc/64: Replace -mcpu=e500mc64 by -mcpu=e5500
Linux 6.1.21
Change-Id: I4b7f6e01381c0c121c9e89e51071ea60f1f7e29a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
a22c3a8790 |
Merge 6.1.20 into android14-6.1
Changes in 6.1.20
fs: prevent out-of-bounds array speculation when closing a file descriptor
btrfs: fix unnecessary increment of read error stat on write error
btrfs: fix percent calculation for bg reclaim message
io_uring/uring_cmd: ensure that device supports IOPOLL
erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms
perf inject: Fix --buildid-all not to eat up MMAP2
fork: allow CLONE_NEWTIME in clone3 flags
RISC-V: Stop emitting attributes
x86/CPU/AMD: Disable XSAVES on AMD family 0x17
drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15
drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21
drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv
drm/display: Don't block HDR_OUTPUT_METADATA on unknown EOTF
drm/connector: print max_requested_bpc in state debugfs
staging: rtl8723bs: Fix key-store index handling
staging: rtl8723bs: Pass correct parameters to cfg80211_get_bss()
ext4: fix cgroup writeback accounting with fs-layer encryption
ext4: fix RENAME_WHITEOUT handling for inline directories
ext4: fix another off-by-one fsmap error on 1k block filesystems
ext4: move where set the MAY_INLINE_DATA flag is set
ext4: fix WARNING in ext4_update_inline_data
ext4: zero i_disksize when initializing the bootloader inode
HID: core: Provide new max_buffer_size attribute to over-ride the default
HID: uhid: Over-ride the default maximum data buffer value with our own
nfc: change order inside nfc_se_io error path
KVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling
KVM: VMX: Don't bother disabling eVMCS static key on module exit
KVM: x86: Move guts of kvm_arch_init() to standalone helper
KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace
fs: dlm: fix log of lowcomms vs midcomms
fs: dlm: add midcomms init/start functions
fs: dlm: start midcomms before scand
fs: dlm: remove send repeat remove handling
fs: dlm: use packet in dlm_mhandle
fd: dlm: trace send/recv of dlm message and rcom
fs: dlm: fix use after free in midcomms commit
fs: dlm: use WARN_ON_ONCE() instead of WARN_ON()
fs: dlm: be sure to call dlm_send_queue_flush()
fs: dlm: fix race setting stop tx flag
udf: Fix off-by-one error when discarding preallocation
bus: mhi: ep: Power up/down MHI stack during MHI RESET
bus: mhi: ep: Change state_lock to mutex
Input: exc3000 - properly stop timer on shutdown
ipmi:ssif: Remove rtc_us_timer
ipmi:ssif: Increase the message retry time
ipmi:ssif: Add a timer between request retries
spi: intel: Check number of chip selects after reading the descriptor
drm/i915: Introduce intel_panel_init_alloc()
drm/i915: Do panel VBT init early if the VBT declares an explicit panel type
drm/i915: Populate encoder->devdata for DSI on icl+
block: Revert "block: Do not reread partition table on exclusively open device"
block: fix scan partition for exclusively open device again
riscv: Add header include guards to insn.h
scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
ext4: Fix possible corruption when moving a directory
cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID
drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype
drm/msm: Fix potential invalid ptr free
drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register
drm/msm/a5xx: fix highest bank bit for a530
drm/msm/a5xx: fix the emptyness check in the preempt code
drm/msm/a5xx: fix context faults during ring switch
bgmac: fix *initial* chip reset to support BCM5358
nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
powerpc: dts: t1040rdb: fix compatible string for Rev A boards
tls: rx: fix return value for async crypto
drm/msm/dpu: disable features unsupported by QCM2290
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
net: lan966x: Fix port police support using tc-matchall
selftests: nft_nat: ensuring the listening side is up before starting the client
netfilter: nft_last: copy content when cloning expression
netfilter: nft_quota: copy content when cloning expression
net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
net: use indirect calls helpers for sk_exit_memory_pressure()
perf stat: Fix counting when initial delay configured
net: lan78xx: fix accessing the LAN7800's internal phy specific registers from the MAC driver
net: caif: Fix use-after-free in cfusbl_device_notify()
ice: copy last block omitted in ice_get_module_eeprom()
bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()
drm/msm/dpu: fix len of sc7180 ctl blocks
drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK
drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks
drm/msm/dpu: clear DSPP reservations in rm release
net: stmmac: add to set device wake up flag when stmmac init phy
net: phylib: get rid of unnecessary locking
bnxt_en: Avoid order-5 memory allocation for TPA data
netfilter: ctnetlink: revert to dumping mark regardless of event type
netfilter: tproxy: fix deadlock due to missing BH disable
m68k: mm: Move initrd phys_to_virt handling after paging_init()
btrfs: fix extent map logging bit not cleared for split maps after dropping range
bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES
btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR
net: phy: smsc: fix link up detection in forced irq mode
net: ethernet: mtk_eth_soc: fix RX data corruption issue
net: tls: fix device-offloaded sendpage straddling records
scsi: megaraid_sas: Update max supported LD IDs to 240
scsi: sd: Fix wrong zone_write_granularity value during revalidate
netfilter: conntrack: adopt safer max chain length
platform: mellanox: select REGMAP instead of depending on it
platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it
block: fix wrong mode for blkdev_put() from disk_scan_partitions()
NFSD: Protect against filesystem freezing
ice: Fix DSCP PFC TLV creation
ethernet: ice: avoid gcc-9 integer overflow warning
net/smc: fix fallback failed while sendmsg with fastopen
octeontx2-af: Unlock contexts in the queue context cache in case of fault detection
SUNRPC: Fix a server shutdown leak
net: dsa: mt7530: permit port 5 to work without port 6 on MT7621 SoC
af_unix: fix struct pid leaks in OOB support
erofs: Revert "erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
RISC-V: Don't check text_mutex during stop_machine
drm/amdgpu: fix return value check in kfd
ext4: Fix deadlock during directory rename
drm/amdgpu/soc21: don't expose AV1 if VCN0 is harvested
drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4
adreno: Shutdown the GPU properly
drm/msm/adreno: fix runtime PM imbalance at unbind
watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
MIPS: Fix a compilation issue
powerpc/64: Don't recurse irq replay
powerpc/iommu: fix memory leak with using debugfs_lookup()
clk: renesas: rcar-gen3: Disable R-Car H3 ES1.*
powerpc/bpf/32: Only set a stack frame when necessary
powerpc/64: Fix task_cpu in early boot when booting non-zero cpuid
powerpc/64: Move paca allocation to early_setup()
powerpc/kcsan: Exclude udelay to prevent recursive instrumentation
alpha: fix R_ALPHA_LITERAL reloc for large modules
macintosh: windfarm: Use unsigned type for 1-bit bitfields
PCI: Add SolidRun vendor ID
scripts: handle BrokenPipeError for python scripts
media: ov5640: Fix analogue gain control
media: rc: gpio-ir-recv: add remove function
drm/amd/display: Allow subvp on vactive pipes that are 2560x1440@60
drm/amd/display: adjust MALL size available for DCN32 and DCN321
filelocks: use mount idmapping for setlease permission check
Revert "bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES"
UML: define RUNTIME_DISCARD_EXIT
Linux 6.1.20
Change-Id: I2f92629ce02bc07295fea17b16f9bb567916a285
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Jan Kara via Ocfs2-devel
|
47eb055ad3 |
ocfs2: fix data corruption after failed write
commit 90410bcf873cf05f54a32183afff0161f44f9715 upstream.
When buffered write fails to copy data into underlying page cache page,
ocfs2_write_end_nolock() just zeroes out and dirties the page. This can
leave dirty page beyond EOF and if page writeback tries to write this page
before write succeeds and expands i_size, page gets into inconsistent
state where page dirty bit is clear but buffer dirty bits stay set
resulting in page data never getting written and so data copied to the
page is lost. Fix the problem by invalidating page beyond EOF after
failed write.
Link: https://lkml.kernel.org/r/20230302153843.18499-1-jack@suse.cz
Fixes:
|
||
Volker Lendecke
|
72f90f9cf0 |
cifs: Fix smb2_set_path_size()
commit 211baef0eabf4169ce4f73ebd917749d1a7edd74 upstream. If cifs_get_writable_path() finds a writable file, smb2_compound_op() must use that file's FID and not the COMPOUND_FID. Cc: stable@vger.kernel.org Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Shyam Prasad N
|
4aa004224c |
cifs: generate signkey for the channel that's reconnecting
commit 05ce0448c3f36febd8db0ee0e9e16557f3ab5ee8 upstream. Before my changes to how multichannel reconnects work, the primary channel was always used to do a non-binding session setup. With my changes, that is not the case anymore. Missed this place where channel at index 0 was forcibly updated with the signing key. Signed-off-by: Shyam Prasad N <sprasad@microsoft.com> Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com> Cc: stable@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Theodore Ts'o
|
e71eb4dca4 |
ext4: fix possible double unlock when moving a directory
commit 70e42feab2e20618ddd0cbfc4ab4b08628236ecd upstream.
Fixes: 0813299c586b ("ext4: Fix possible corruption when moving a directory")
Link: https://lore.kernel.org/r/5efbe1b9-ad8b-4a4f-b422-24824d2b775c@kili.mountain
Reported-by: Dan Carpenter <error27@gmail.com>
Reported-by: syzbot+0c73d1d8b952c5f3d714@syzkaller.appspotmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Baokun Li
|
94fd091576 |
ext4: fix task hung in ext4_xattr_delete_inode
[ Upstream commit 0f7bfd6f8164be32dbbdf36aa1e5d00485c53cd7 ]
Syzbot reported a hung task problem:
==================================================================
INFO: task syz-executor232:5073 blocked for more than 143 seconds.
Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-exec232 state:D stack:21024 pid:5073 ppid:5072 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5244 [inline]
__schedule+0x995/0xe20 kernel/sched/core.c:6555
schedule+0xcb/0x190 kernel/sched/core.c:6631
__wait_on_freeing_inode fs/inode.c:2196 [inline]
find_inode_fast+0x35a/0x4c0 fs/inode.c:950
iget_locked+0xb1/0x830 fs/inode.c:1273
__ext4_iget+0x22e/0x3ed0 fs/ext4/inode.c:4861
ext4_xattr_inode_iget+0x68/0x4e0 fs/ext4/xattr.c:389
ext4_xattr_inode_dec_ref_all+0x1a7/0xe50 fs/ext4/xattr.c:1148
ext4_xattr_delete_inode+0xb04/0xcd0 fs/ext4/xattr.c:2880
ext4_evict_inode+0xd7c/0x10b0 fs/ext4/inode.c:296
evict+0x2a4/0x620 fs/inode.c:664
ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474
__ext4_fill_super fs/ext4/super.c:5516 [inline]
ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644
get_tree_bdev+0x400/0x620 fs/super.c:1282
vfs_get_tree+0x88/0x270 fs/super.c:1489
do_new_mount+0x289/0xad0 fs/namespace.c:3145
do_mount fs/namespace.c:3488 [inline]
__do_sys_mount fs/namespace.c:3697 [inline]
__se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa5406fd5ea
RSP: 002b:00007ffc7232f968 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5406fd5ea
RDX: 0000000020000440 RSI: 0000000020000000 RDI: 00007ffc7232f970
RBP: 00007ffc7232f970 R08: 00007ffc7232f9b0 R09: 0000000000000432
R10: 0000000000804a03 R11: 0000000000000202 R12: 0000000000000004
R13: 0000555556a7a2c0 R14: 00007ffc7232f9b0 R15: 0000000000000000
</TASK>
==================================================================
The problem is that the inode contains an xattr entry with ea_inum of 15
when cleaning up an orphan inode <15>. When evict inode <15>, the reference
counting of the corresponding EA inode is decreased. When EA inode <15> is
found by find_inode_fast() in __ext4_iget(), it is found that the EA inode
holds the I_FREEING flag and waits for the EA inode to complete deletion.
As a result, when inode <15> is being deleted, we wait for inode <15> to
complete the deletion, resulting in an infinite loop and triggering Hung
Task. To solve this problem, we only need to check whether the ino of EA
inode and parent is the same before getting EA inode.
Link: https://syzkaller.appspot.com/bug?extid=77d6fcc37bbb92f26048
Reported-by: syzbot+77d6fcc37bbb92f26048@syzkaller.appspotmail.com
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230110133436.996350-1-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Baokun Li
|
70e66bdeae |
ext4: update s_journal_inum if it changes after journal replay
[ Upstream commit 3039d8b8692408438a618fac2776b629852663c3 ] When mounting a crafted ext4 image, s_journal_inum may change after journal replay, which is obviously unreasonable because we have successfully loaded and replayed the journal through the old s_journal_inum. And the new s_journal_inum bypasses some of the checks in ext4_get_journal(), which may trigger a null pointer dereference problem. So if s_journal_inum changes after the journal replay, we ignore the change, and rewrite the current journal_inum to the superblock. Link: https://bugzilla.kernel.org/show_bug.cgi?id=216541 Reported-by: Luís Henriques <lhenriques@suse.de> Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230107032126.4165860-3-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Baokun Li
|
b4afe4629e |
ext4: fail ext4_iget if special inode unallocated
[ Upstream commit 5cd740287ae5e3f9d1c46f5bfe8778972fd6d3fe ] In ext4_fill_super(), EXT4_ORPHAN_FS flag is cleared after ext4_orphan_cleanup() is executed. Therefore, when __ext4_iget() is called to get an inode whose i_nlink is 0 when the flag exists, no error is returned. If the inode is a special inode, a null pointer dereference may occur. If the value of i_nlink is 0 for any inodes (except boot loader inodes) got by using the EXT4_IGET_SPECIAL flag, the current file system is corrupted. Therefore, make the ext4_iget() function return an error if it gets such an abnormal special inode. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199179 Link: https://bugzilla.kernel.org/show_bug.cgi?id=216541 Link: https://bugzilla.kernel.org/show_bug.cgi?id=216539 Reported-by: Luís Henriques <lhenriques@suse.de> Suggested-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230107032126.4165860-2-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Yifei Liu
|
1cffdf91ca |
jffs2: correct logic when creating a hole in jffs2_write_begin
[ Upstream commit 23892d383bee15b64f5463bd7195615734bb2415 ] Bug description and fix: 1. Write data to a file, say all 1s from offset 0 to 16. 2. Truncate the file to a smaller size, say 8 bytes. 3. Write new bytes (say 2s) from an offset past the original size of the file, say at offset 20, for 4 bytes. This is supposed to create a "hole" in the file, meaning that the bytes from offset 8 (where it was truncated above) up to the new write at offset 20, should all be 0s (zeros). 4. Flush all caches using "echo 3 > /proc/sys/vm/drop_caches" (or unmount and remount) the f/s. 5. Check the content of the file. It is wrong. The 1s that used to be between bytes 9 and 16, before the truncation, have REAPPEARED (they should be 0s). We wrote a script and helper C program to reproduce the bug (reproduce_jffs2_write_begin_issue.sh, write_file.c, and Makefile). We can make them available to anyone. The above example is shown when writing a small file within the same first page. But the bug happens for larger files, as long as steps 1, 2, and 3 above all happen within the same page. The problem was traced to the jffs2_write_begin code, where it goes into an 'if' statement intended to handle writes past the current EOF (i.e., writes that may create a hole). The code computes a 'pageofs' that is the floor of the write position (pos), aligned to the page size boundary. In other words, 'pageofs' will never be larger than 'pos'. The code then sets the internal jffs2_raw_inode->isize to the size of max(current inode size, pageofs) but that is wrong: the new file size should be the 'pos', which is larger than both the current inode size and pageofs. Similarly, the code incorrectly sets the internal jffs2_raw_inode->dsize to the difference between the pageofs minus current inode size; instead it should be the current pos minus the current inode size. Finally, inode->i_size was also set incorrectly. The patch below fixes this bug. The bug was discovered using a new tool for finding f/s bugs using model checking, called MCFS (Model Checking File Systems). Signed-off-by: Yifei Liu <yifeliu@cs.stonybrook.edu> Signed-off-by: Erez Zadok <ezk@cs.stonybrook.edu> Signed-off-by: Manish Adkar <madkar@cs.stonybrook.edu> Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Zhang Xiaoxu
|
0b26f080cc |
cifs: Move the in_send statistic to __smb_send_rqst()
[ Upstream commit d0dc41119905f740e8d5594adce277f7c0de8c92 ]
When send SMB_COM_NT_CANCEL and RFC1002_SESSION_REQUEST, the
in_send statistic was lost.
Let's move the in_send statistic to the send function to avoid
this scenario.
Fixes:
|
||
Matthias Männich
|
a58297e0d2 | Merge "Merge 6.1.18 into android14-6.1" into android14-6.1 | ||
|
Jaegeuk Kim
|
80b6086d4e |
FROMGIT: f2fs: remove entire rb_entry sharing
This is a last part to remove the memory sharing for rb_tree in extent_cache.
This should also fix arm32 memory alignment issue.
[struct extent_node] [struct rb_entry]
[0] struct rb_node rb_node; [0] struct rb_node rb_node;
union { union {
struct { struct {
[16] unsigned int fofs; [12] unsigned int ofs;
unsigned int len; unsigned int len;
};
unsigned long long key;
} __packed;
Cc: <stable@vger.kernel.org>
Fixes:
|
||
|
Jaegeuk Kim
|
452772e3c4 |
FROMGIT: f2fs: factor out discard_cmd usage from general rb_tree use
This is a second part to remove the mixed use of rb_tree in discard_cmd from
extent_cache.
This should also fix arm32 memory alignment issue caused by shared rb_entry.
[struct discard_cmd] [struct rb_entry]
[0] struct rb_node rb_node; [0] struct rb_node rb_node;
union { union {
struct { struct {
[16] block_t lstart; [12] unsigned int ofs;
block_t len; unsigned int len;
};
unsigned long long key;
} __packed;
Cc: <stable@vger.kernel.org>
Fixes:
|
||
|
Jaegeuk Kim
|
2fb48c440e |
FROMGIT: f2fs: factor out victim_entry usage from general rb_tree use
Let's reduce the complexity of mixed use of rb_tree in victim_entry from
extent_cache and discard_cmd.
This should fix arm32 memory alignment issue caused by shared rb_entry.
[struct victim_entry] [struct rb_entry]
[0] struct rb_node rb_node; [0] struct rb_node rb_node;
union {
struct {
unsigned int ofs;
unsigned int len;
};
[16] unsigned long long mtime; [12] unsigned long long key;
} __packed;
Cc: <stable@vger.kernel.org>
Fixes:
|
||
Paul Lawrence
|
47e132aed1 |
ANDROID: fuse-bpf: Correctly put backing files
Backing files were sometimes put twice before, this fixes it so backing files sent in response to lookups are closed exactly once always Test: fuse_test pases, Android no longer throws a double close Bug: 273737310 Change-Id: Ifa75ffd846185cfabfd1f5bad504078d955c99ed Signed-off-by: Paul Lawrence <paullawrence@google.com> |
||
|
Greg Kroah-Hartman
|
d956976040 |
Merge 6.1.18 into android14-6.1
Changes in 6.1.18 net/sched: Retire tcindex classifier auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() fs/jfs: fix shift exponent db_agl2size negative driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event() f2fs: don't rely on F2FS_MAP_* in f2fs_iomap_begin f2fs: fix to avoid potential deadlock objtool: Fix memory leak in create_static_call_sections() soc: mediatek: mtk-pm-domains: Allow mt8186 ADSP default power on memory: renesas-rpc-if: Split-off private data from struct rpcif memory: renesas-rpc-if: Move resource acquisition to .probe() soc: mediatek: mtk-svs: Enable the IRQ later pwm: sifive: Always let the first pwm_apply_state succeed pwm: stm32-lp: fix the check on arr and cmp registers update f2fs: introduce trace_f2fs_replace_atomic_write_block f2fs: correct i_size change for atomic writes f2fs: clear atomic_write_task in f2fs_abort_atomic_write() soc: mediatek: mtk-svs: restore default voltages when svs_init02() fail soc: mediatek: mtk-svs: reset svs when svs_resume() fail soc: mediatek: mtk-svs: Use pm_runtime_resume_and_get() in svs_init01() fs: f2fs: initialize fsdata in pagecache_write() f2fs: allow set compression option of files without blocks f2fs: fix to abort atomic write only during do_exist() um: vector: Fix memory leak in vector_config ubi: ensure that VID header offset + VID header size <= alloc, size ubifs: Fix build errors as symbol undefined ubifs: Fix memory leak in ubifs_sysfs_init() ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted ubifs: Rectify space budget for ubifs_xrename() ubifs: Fix wrong dirty space budget for dirty inode ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 ubifs: Reserve one leb for each journal head while doing budget ubi: Fix use-after-free when volume resizing failed ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() ubifs: Fix memory leak in alloc_wbufs() ubi: Fix possible null-ptr-deref in ubi_free_volume() ubifs: Re-statistic cleaned znode count if commit failed ubifs: dirty_cow_znode: Fix memleak in error handling path ubifs: ubifs_writepage: Mark page dirty after writing inode failed ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed f2fs: fix to avoid potential memory corruption in __update_iostat_latency() soc: qcom: stats: Populate all subsystem debugfs files ext4: use ext4_fc_tl_mem in fast-commit replay path ext4: don't show commit interval if it is zero netfilter: nf_tables: allow to fetch set elements when table has an owner x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list um: virtio_uml: free command if adding to virtqueue failed um: virtio_uml: mark device as unregistered when breaking it um: virtio_uml: move device breaking into workqueue um: virt-pci: properly remove PCI device from bus f2fs: synchronize atomic write aborts watchdog: rzg2l_wdt: Issue a reset before we put the PM clocks watchdog: rzg2l_wdt: Handle TYPE-B reset for RZ/V2M watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path watchdog: Fix kmemleak in watchdog_cdev_register watchdog: pcwd_usb: Fix attempting to access uninitialized memory watchdog: sbsa_wdog: Make sure the timeout programming is within the limits netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() netfilter: conntrack: fix rmmod double-free race netfilter: ip6t_rpfilter: Fix regression with VRF interfaces netfilter: ebtables: fix table blob use-after-free netfilter: xt_length: use skb len to match in length_mt6 netfilter: ctnetlink: make event listener tracking global netfilter: x_tables: fix percpu counter block leak on error path when creating new netns ptp: vclock: use mutex to fix "sleep on atomic" bug drm/i915: move a Kconfig symbol to unbreak the menu presentation ipv6: Add lwtunnel encap size of all siblings in nexthop calculation octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet net: sunhme: Fix region request sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop octeontx2-pf: Use correct struct reference in test condition net: fix __dev_kfree_skb_any() vs drop monitor 9p/xen: fix version parsing 9p/xen: fix connection sequence 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() spi: tegra210-quad: Fix validate combined sequence mlx5: fix skb leak while fifo resync and push mlx5: fix possible ptp queue fifo use-after-free net/mlx5: ECPF, wait for VF pages only after disabling host PFs net/mlx5e: Verify flow_source cap before using it net/mlx5: Geneve, Fix handling of Geneve object id as error code ext4: fix incorrect options show of original mount_opt and extend mount_opt2 nfc: fix memory leak of se_io context in nfc_genl_se_io net/sched: transition act_pedit to rcu and percpu stats net/sched: act_pedit: fix action bind logic net/sched: act_mpls: fix action bind logic net/sched: act_sample: fix action bind logic net: dsa: seville: ignore mscc-miim read errors from Lynx PCS net: dsa: felix: fix internal MDIO controller resource length ARM: dts: spear320-hmi: correct STMPE GPIO compatible tcp: tcp_check_req() can be called from process context vc_screen: modify vcs_size() handling in vcs_read() spi: tegra210-quad: Fix iterator outside loop rtc: sun6i: Always export the internal oscillator genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() scsi: ipr: Work around fortify-string warning scsi: mpi3mr: Fix an issue found by KASAN scsi: mpi3mr: Use number of bits to manage bitmap sizes rtc: allow rtc_read_alarm without read_alarm callback io_uring: fix size calculation when registering buf ring loop: loop_set_status_from_info() check before assignment ASoC: adau7118: don't disable regulators on device unbind ASoC: apple: mca: Fix final status read on SERDES reset ASoC: apple: mca: Fix SERDES reset sequence ASoC: apple: mca: Improve handling of unavailable DMA channels nvme: bring back auto-removal of deleted namespaces during sequential scan nvme-tcp: don't access released socket during error recovery nvme-fabrics: show well known discovery name ASoC: zl38060 add gpiolib dependency ASoC: mediatek: mt8195: add missing initialization thermal: intel: quark_dts: fix error pointer dereference thermal: intel: BXT_PMIC: select REGMAP instead of depending on it tracing: Add NULL checks for buffer in ring_buffer_free_read_page() kernel/printk/index.c: fix memory leak with using debugfs_lookup() firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak IB/hfi1: Update RMT size calculation iommu/amd: Fix error handling for pdev_pri_ats_enable() PCI/ACPI: Account for _S0W of the target bridge in acpi_pci_bridge_d3() media: uvcvideo: Remove format descriptions media: uvcvideo: Handle cameras with invalid descriptors media: uvcvideo: Handle errors from calls to usb_string media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 media: uvcvideo: Silence memcpy() run-time false positive warnings USB: fix memory leak with using debugfs_lookup() cacheinfo: Fix shared_cpu_map to handle shared caches at different levels staging: emxx_udc: Add checks for dma_alloc_coherent() tty: fix out-of-bounds access in tty_driver_lookup_tty() tty: serial: fsl_lpuart: disable the CTS when send break signal serial: sc16is7xx: setup GPIO controller later in probe mei: bus-fixup:upon error print return values of send and receive tools/iio/iio_utils:fix memory leak bus: mhi: ep: Fix the debug message for MHI_PKT_TYPE_RESET_CHAN_CMD cmd iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() media: uvcvideo: Add GUID for BGRA/X 8:8:8:8 soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() PCI: loongson: Prevent LS7A MRRS increases staging: pi433: fix memory leak with using debugfs_lookup() USB: dwc3: fix memory leak with using debugfs_lookup() USB: chipidea: fix memory leak with using debugfs_lookup() USB: ULPI: fix memory leak with using debugfs_lookup() USB: uhci: fix memory leak with using debugfs_lookup() USB: sl811: fix memory leak with using debugfs_lookup() USB: fotg210: fix memory leak with using debugfs_lookup() USB: isp116x: fix memory leak with using debugfs_lookup() USB: isp1362: fix memory leak with using debugfs_lookup() USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math USB: ene_usb6250: Allocate enough memory for full object usb: uvc: Enumerate valid values for color matching usb: gadget: uvc: Make bSourceID read/write PCI: Align extra resources for hotplug bridges properly PCI: Take other bus devices into account when distributing resources PCI: Distribute available resources for root buses, too tty: pcn_uart: fix memory leak with using debugfs_lookup() misc: vmw_balloon: fix memory leak with using debugfs_lookup() drivers: base: component: fix memory leak with using debugfs_lookup() drivers: base: dd: fix memory leak with using debugfs_lookup() kernel/fail_function: fix memory leak with using debugfs_lookup() PCI: loongson: Add more devices that need MRRS quirk PCI: Add ACS quirk for Wangxun NICs PCI: pciehp: Add Qualcomm quirk for Command Completed erratum phy: rockchip-typec: Fix unsigned comparison with less than zero RDMA/cma: Distinguish between sockaddr_in and sockaddr_in6 by size iommu: Attach device group to old domain in error path soundwire: cadence: Remove wasted space in response_buf soundwire: cadence: Drain the RX FIFO after an IO timeout net: tls: avoid hanging tasks on the tx_lock x86/resctl: fix scheduler confusion with 'current' vDPA/ifcvf: decouple hw features manipulators from the adapter vDPA/ifcvf: decouple config space ops from the adapter vDPA/ifcvf: alloc the mgmt_dev before the adapter vDPA/ifcvf: decouple vq IRQ releasers from the adapter vDPA/ifcvf: decouple config IRQ releaser from the adapter vDPA/ifcvf: decouple vq irq requester from the adapter vDPA/ifcvf: decouple config/dev IRQ requester and vectors allocator from the adapter vDPA/ifcvf: ifcvf_request_irq works on ifcvf_hw vDPA/ifcvf: manage ifcvf_hw in the mgmt_dev vDPA/ifcvf: allocate the adapter in dev_add() drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state() drm/display/dp_mst: Fix down/up message handling after sink disconnect drm/display/dp_mst: Fix down message handling after a packet reception error drm/display/dp_mst: Fix payload addition on a disconnected sink drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs drm/i915: Fix system suspend without fbdev being initialized media: uvcvideo: Fix race condition with usb_kill_urb io_uring: fix two assignments in if conditions io_uring/poll: allow some retries for poll triggering spuriously arm64: efi: Make efi_rt_lock a raw_spinlock arm64: mte: Fix/clarify the PG_mte_tagged semantics arm64: Reset KASAN tag in copy_highpage with HW tags only usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails Linux 6.1.18 Change-Id: Icb8e56528d481a17780bdd517c69efa9e76b94c0 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Seth Forshee
|
d663e13ca8 |
filelocks: use mount idmapping for setlease permission check
commit 42d0c4bdf753063b6eec55415003184d3ca24f6e upstream.
A user should be allowed to take out a lease via an idmapped mount if
the fsuid matches the mapped uid of the inode. generic_setlease() is
checking the unmapped inode uid, causing these operations to be denied.
Fix this by comparing against the mapped inode uid instead of the
unmapped uid.
Fixes:
|
||
Jan Kara
|
2ef7f82921 |
ext4: Fix deadlock during directory rename
[ Upstream commit 3c92792da8506a295afb6d032b4476e46f979725 ] As lockdep properly warns, we should not be locking i_rwsem while having transactions started as the proper lock ordering used by all directory handling operations is i_rwsem -> transaction start. Fix the lock ordering by moving the locking of the directory earlier in ext4_rename(). Reported-by: syzbot+9d16c39efb5fade84574@syzkaller.appspotmail.com Fixes: 0813299c586b ("ext4: Fix possible corruption when moving a directory") Link: https://syzkaller.appspot.com/bug?extid=9d16c39efb5fade84574 Signed-off-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230301141004.15087-1-jack@suse.cz Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Gao Xiang
|
99e9188f9c |
erofs: Revert "erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
[ Upstream commit 647dd2c3f0e16b71a1a77897d038164d48eea154 ]
Let's revert commit 12724ba38992 ("erofs: fix kvcalloc() misuse with
__GFP_NOFAIL") since kvmalloc() already supports __GFP_NOFAIL in commit
|
||
Chuck Lever
|
ad77608984 |
NFSD: Protect against filesystem freezing
[ Upstream commit fd9a2e1d513823e840960cb3bc26d8b7749d4ac2 ]
Flole observes this WARNING on occasion:
[1210423.486503] WARNING: CPU: 8 PID: 1524732 at fs/ext4/ext4_jbd2.c:75 ext4_journal_check_start+0x68/0xb0
Reported-by: <flole@flole.de>
Suggested-by: Jan Kara <jack@suse.cz>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217123
Fixes:
|
||
Filipe Manana
|
6a9379eba1 |
btrfs: fix extent map logging bit not cleared for split maps after dropping range
[ Upstream commit e4cc1483f35940c9288c332dd275f6fad485f8d2 ]
At btrfs_drop_extent_map_range() we are clearing the EXTENT_FLAG_LOGGING
bit on a 'flags' variable that was not initialized. This makes static
checkers complain about it, so initialize the 'flags' variable before
clearing the bit.
In practice this has no consequences, because EXTENT_FLAG_LOGGING should
not be set when btrfs_drop_extent_map_range() is called, as an fsync locks
the inode in exclusive mode, locks the inode's mmap semaphore in exclusive
mode too and it always flushes all delalloc.
Also add a comment about why we clear EXTENT_FLAG_LOGGING on a copy of the
flags of the split extent map.
Reported-by: Dan Carpenter <error27@gmail.com>
Link: https://lore.kernel.org/linux-btrfs/Y%2FyipSVozUDEZKow@kili/
Fixes:
|
||
|
Paulo Alcantara
|
512aa2fd8c |
cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID
[ Upstream commit b9ee2e307c6b06384b6f9e393a9b8e048e8fc277 ]
Do not map STATUS_OBJECT_NAME_INVALID to -EREMOTE under non-DFS
shares, or 'nodfs' mounts or CONFIG_CIFS_DFS_UPCALL=n builds.
Otherwise, in the slow path, get a referral to figure out whether it
is an actual DFS link.
This could be simply reproduced under a non-DFS share by running the
following
$ mount.cifs //srv/share /mnt -o ...
$ cat /mnt/$(printf '\U110000')
cat: '/mnt/'$'\364\220\200\200': Object is remote
Fixes: c877ce47e137 ("cifs: reduce roundtrips on create/qinfo requests")
CC: stable@vger.kernel.org # 6.2
Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|