80539 Commits

Author SHA1 Message Date
5dd0547a3e UPSTREAM: mm: replace vma->vm_flags direct modifications with modifier calls
Replace direct modifications to vma->vm_flags with calls to modifier
functions to be able to track flag changes and to keep vma locking
correctness.

[akpm@linux-foundation.org: fix drivers/misc/open-dice.c, per Hyeonggon Yoo]
Link: https://lkml.kernel.org/r/20230126193752.297968-5-surenb@google.com
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Acked-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arjun Roy <arjunroy@google.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: David Rientjes <rientjes@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Greg Thelen <gthelen@google.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jann Horn <jannh@google.com>
Cc: Joel Fernandes <joelaf@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Kent Overstreet <kent.overstreet@linux.dev>
Cc: Laurent Dufour <ldufour@linux.ibm.com>
Cc: Lorenzo Stoakes <lstoakes@gmail.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Minchan Kim <minchan@google.com>
Cc: Paul E. McKenney <paulmck@kernel.org>
Cc: Peter Oskolkov <posk@google.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Punit Agrawal <punit.agrawal@bytedance.com>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Soheil Hassas Yeganeh <soheil@google.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

(cherry picked from commit 1c71222e5f2393b5ea1a41795c67589eea7e3490)

Bug: 161210518
Change-Id: Ifc352b487db109adab17dd33a83f5c7e68c0bbc6
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2023-06-07 14:24:57 +00:00
a390414140 ANDROID: vendor_hooks: add hooks for extra memory
Add vendor hooks for extra memory. If there is extra memory, this can
be accounted like other memory stats. One of the usecases could be
cleancache. If some of ram memory is used for cleancache, its free,
cache, and total size could be added through these vendor hooks.

Bug: 283896254

Change-Id: Iad7330310528581f09842f45860f05dc84823f41
Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com>
2023-06-07 01:06:25 +00:00
c3ee18fefa BACKPORT: FROMLIST: ovl: get_acl: Fix null pointer dereference at realinode in rcu-walk mode
Following process:
         P1                     P2
 path_openat
  link_path_walk
   may_lookup
    inode_permission(rcu)
     ovl_permission
      acl_permission_check
       check_acl
        get_cached_acl_rcu
         ovl_get_inode_acl
          realinode = ovl_inode_real(ovl_inode)
                              drop_cache
                               __dentry_kill(ovl_dentry)
                                iput(ovl_inode)
                                 ovl_destroy_inode(ovl_inode)
                                  dput(oi->__upperdentry)
                                   dentry_kill(upperdentry)
                                    dentry_unlink_inode
                                     upperdentry->d_inode = NULL
            ovl_inode_upper
             upperdentry = ovl_i_dentry_upper(ovl_inode)
             d_inode(upperdentry) // returns NULL
          IS_POSIXACL(realinode) // NULL pointer dereference
, will trigger an null pointer dereference at realinode:
  [  205.472797] BUG: kernel NULL pointer dereference, address:
                 0000000000000028
  [  205.476701] CPU: 2 PID: 2713 Comm: ls Not tainted
                 6.3.0-12064-g2edfa098e750-dirty #1216
  [  205.478754] RIP: 0010:do_ovl_get_acl+0x5d/0x300
  [  205.489584] Call Trace:
  [  205.489812]  <TASK>
  [  205.490014]  ovl_get_inode_acl+0x26/0x30
  [  205.490466]  get_cached_acl_rcu+0x61/0xa0
  [  205.490908]  generic_permission+0x1bf/0x4e0
  [  205.491447]  ovl_permission+0x79/0x1b0
  [  205.491917]  inode_permission+0x15e/0x2c0
  [  205.492425]  link_path_walk+0x115/0x550
  [  205.493311]  path_lookupat.isra.0+0xb2/0x200
  [  205.493803]  filename_lookup+0xda/0x240
  [  205.495747]  vfs_fstatat+0x7b/0xb0

Fetch a reproducer in [Link].

Use the helper ovl_i_path_realinode() to get realinode and then do
non-nullptr checking.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=217404
Fixes: 332f606b32b6 ("ovl: enable RCU'd ->get_acl()")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Suggested-by: Christian Brauner <brauner@kernel.org>
Suggested-by: Amir Goldstein <amir73il@gmail.com>

Reviewed-by: Amir Goldstein <amir73il@gmail.com>

Bug: 285105314
Link: https://lore.kernel.org/linux-unionfs/20230516-topografie-gejubelt-dba162b6e735@brauner/T/
Change-Id: Ib1f5fcb707a3db43a497cf4ae663156c202d6849
Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com>
2023-06-07 00:40:32 +00:00
8d59a7676c BACKPORT: FROMLIST: ovl: ovl_permission: Fix null pointer dereference at realinode in rcu-walk mode
Following process:
          P1                     P2
  path_lookupat
   link_path_walk
    inode_permission
     ovl_permission
       ovl_i_path_real(inode, &realpath)
         path->dentry = ovl_i_dentry_upper(inode)
                           drop_cache
                            __dentry_kill(ovl_dentry)
                             iput(ovl_inode)
                              ovl_destroy_inode(ovl_inode)
                               dput(oi->__upperdentry)
                                dentry_kill(upperdentry)
                                 dentry_unlink_inode
                                  upperdentry->d_inode = NULL
       realinode = d_inode(realpath.dentry) // return NULL
       inode_permission(realinode)
        inode->i_sb  // NULL pointer dereference
 , will trigger an null pointer dereference at realinode:
   [  335.664979] BUG: kernel NULL pointer dereference,
                  address: 0000000000000002
   [  335.668032] CPU: 0 PID: 2592 Comm: ls Not tainted 6.3.0
   [  335.669956] RIP: 0010:inode_permission+0x33/0x2c0
   [  335.678939] Call Trace:
   [  335.679165]  <TASK>
   [  335.679371]  ovl_permission+0xde/0x320
   [  335.679723]  inode_permission+0x15e/0x2c0
   [  335.680090]  link_path_walk+0x115/0x550
   [  335.680771]  path_lookupat.isra.0+0xb2/0x200
   [  335.681170]  filename_lookup+0xda/0x240
   [  335.681922]  vfs_statx+0xa6/0x1f0
   [  335.682233]  vfs_fstatat+0x7b/0xb0

 Fetch a reproducer in [Link].

 Use the helper ovl_i_path_realinode() to get realinode and then do
 non-nullptr checking.

 Link: https://bugzilla.kernel.org/show_bug.cgi?id=217405
 Fixes: 4b7791b2e958 ("ovl: handle idmappings in ovl_permission()")
 Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
 Suggested-by: Christian Brauner <brauner@kernel.org>
 Suggested-by: Amir Goldstein <amir73il@gmail.com>

 Reviewed-by: Amir Goldstein <amir73il@gmail.com>

Bug: 285105314
Link: https://lore.kernel.org/linux-unionfs/20230516-topografie-gejubelt-dba162b6e735@brauner/T/
Change-Id: If89ff32991b8075844f11efbae05edaa6465b5ee
Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com>
2023-06-07 00:40:32 +00:00
2de1ee6dd8 BACKPORT: FROMLIST: ovl: Let helper ovl_i_path_real() return the realinode
Let helper ovl_i_path_real() return the realinode to prepare for
checking non-null realinode in rcu walking path.

Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>

Bug: 285105314
Link: https://lore.kernel.org/lkml/20230516-topografie-gejubelt-dba162b6e735@brauner/T/
Change-Id: I4fed6fe0874215eb381b6879565a98b855916931
Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com>
2023-06-06 23:18:25 +00:00
c959a3fc91 ANDROID: f2fs: enable cleancache
cleancache is enabled for only ext4 and btrfs. Since f2fs is one
of the main fs in Android, this patch enables cleancache for f2fs.

Bug: 236887352
Change-Id: Ib6e6e832234f72681058da848e9cff36c5a496f2
Signed-off-by: Minchan Kim <minchan@google.com>
(cherry picked from commit 32dfefb4c8e3e0068e66ae219c0d643c1f9b7a69)
2023-06-06 21:17:38 +00:00
2ea053d317 FROMGIT: userfaultfd: fix regression in userfaultfd_unmap_prep()
Android reported a performance regression in the userfaultfd unmap path.
A closer inspection on the userfaultfd_unmap_prep() change showed that a
second tree walk would be necessary in the reworked code.

Fix the regression by passing each VMA that will be unmapped through to
the userfaultfd_unmap_prep() function as they are added to the unmap list,
instead of re-walking the tree for the VMA.

Link: https://lkml.kernel.org/r/20230601015402.2819343-1-Liam.Howlett@oracle.com
Fixes: 69dbe6daf104 ("userfaultfd: use maple tree iterator to iterate VMAs")
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Reported-by: Suren Baghdasaryan <surenb@google.com>
Suggested-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

(cherry picked from commit de53cc0be1c8b47d595682932beb3c11be9e4e5a
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable)

Bug: 274059236
Change-Id: Ia189a5e98ffe86c4ca5ac3b686ada5f51826f2ed
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2023-06-06 20:05:25 +00:00
847b3f6c96 ANDROID: task_mmu: add vendor hook for swap entry
Add vendor hook in smaps_pte_entry for swap entry
- android_vh_smaps_pte_entry
- android_vh_show_smap

This vendor hook is to show more information for
swap entries of a process based on the
characteristics, such as written-back, same-filled
or huge (uncompressed).

Bug: 284059805

Change-Id: Ie4a48ae42212c056992d34a10b026b60439d0012
Signed-off-by: Sooyong Suk <s.suk@samsung.com>
2023-06-05 23:12:28 +00:00
c0f5b9920f UPSTREAM: fuse: always revalidate rename target dentry
commit ccc031e26afe60d2a5a3d93dabd9c978210825fb upstream.

The previous commit df8629af2934 ("fuse: always revalidate if exclusive
create") ensures that the dentries are revalidated on O_EXCL creates.  This
commit complements it by also performing revalidation for rename target
dentries.  Otherwise, a rename target file that only exists in kernel
dentry cache but not in the filesystem will result in EEXIST if
RENAME_NOREPLACE flag is used.

Change-Id: I3500c168b37469e0fcf5664a3deb4d54e45b926d
Signed-off-by: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
Signed-off-by: Zhang Tianci <zhangtianci.1997@bytedance.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Yang Bo <yb203166@antfin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 7ca973d830c0050ed8def693f7a8b2ef588b6142)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2023-05-30 14:31:59 +00:00
573ba7b6e6 ANDROID: vendor_hooks: Add hooks for memory when debug
Add vendors hooks for recording memory used

Vendor modules allocate and manages the memory itself.

These memories might not be included in kernel memory
statistics. Also, detailed references and vendor-specific
information are managed only inside modules. When
various problems such as memory leaks occurs, these
information should be showed in real-time.

Bug: 182443489
Bug: 234407991
Bug: 277799025

Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: I62d8bb2b6650d8b187b433f97eb833ef0b784df1
Signed-off-by: Hyesoo Yu <hyesoo.yu@samsung.com>
2023-05-25 21:06:40 +00:00
ae6e8fb652 UPSTREAM: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
commit 4f04351888a83e595571de672e0a4a8b74f4fb31 upstream.

When modifying the block device while it is mounted by the filesystem,
syzbot reported the following:

BUG: KASAN: slab-out-of-bounds in crc16+0x206/0x280 lib/crc16.c:58
Read of size 1 at addr ffff888075f5c0a8 by task syz-executor.2/15586

CPU: 1 PID: 15586 Comm: syz-executor.2 Not tainted 6.2.0-rc5-syzkaller-00205-gc96618275234 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106
 print_address_description+0x74/0x340 mm/kasan/report.c:306
 print_report+0x107/0x1f0 mm/kasan/report.c:417
 kasan_report+0xcd/0x100 mm/kasan/report.c:517
 crc16+0x206/0x280 lib/crc16.c:58
 ext4_group_desc_csum+0x81b/0xb20 fs/ext4/super.c:3187
 ext4_group_desc_csum_set+0x195/0x230 fs/ext4/super.c:3210
 ext4_mb_clear_bb fs/ext4/mballoc.c:6027 [inline]
 ext4_free_blocks+0x191a/0x2810 fs/ext4/mballoc.c:6173
 ext4_remove_blocks fs/ext4/extents.c:2527 [inline]
 ext4_ext_rm_leaf fs/ext4/extents.c:2710 [inline]
 ext4_ext_remove_space+0x24ef/0x46a0 fs/ext4/extents.c:2958
 ext4_ext_truncate+0x177/0x220 fs/ext4/extents.c:4416
 ext4_truncate+0xa6a/0xea0 fs/ext4/inode.c:4342
 ext4_setattr+0x10c8/0x1930 fs/ext4/inode.c:5622
 notify_change+0xe50/0x1100 fs/attr.c:482
 do_truncate+0x200/0x2f0 fs/open.c:65
 handle_truncate fs/namei.c:3216 [inline]
 do_open fs/namei.c:3561 [inline]
 path_openat+0x272b/0x2dd0 fs/namei.c:3714
 do_filp_open+0x264/0x4f0 fs/namei.c:3741
 do_sys_openat2+0x124/0x4e0 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_sys_creat fs/open.c:1402 [inline]
 __se_sys_creat fs/open.c:1396 [inline]
 __x64_sys_creat+0x11f/0x160 fs/open.c:1396
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f72f8a8c0c9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f72f97e3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f72f8bac050 RCX: 00007f72f8a8c0c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000280
RBP: 00007f72f8ae7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd165348bf R14: 00007f72f97e3300 R15: 0000000000022000

Replace
	le16_to_cpu(sbi->s_es->s_desc_size)
with
	sbi->s_desc_size

It reduces ext4's compiled text size, and makes the code more efficient
(we remove an extra indirect reference and a potential byte
swap on big endian systems), and there is no downside. It also avoids the
potential KASAN / syzkaller failure, as a bonus.

Reported-by: syzbot+fc51227e7100c9294894@syzkaller.appspotmail.com
Reported-by: syzbot+8785e41224a3afd04321@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?id=70d28d11ab14bd7938f3e088365252aa923cff42
Link: https://syzkaller.appspot.com/bug?id=b85721b38583ecc6b5e72ff524c67302abbc30f3
Link: https://lore.kernel.org/all/000000000000ece18705f3b20934@google.com/
Fixes: 717d50e4971b ("Ext4: Uninitialized Block Groups")
Cc: stable@vger.kernel.org
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Link: https://lore.kernel.org/r/20230504121525.3275886-1-tudor.ambarus@linaro.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 269155298
Bug: 270466805
Change-Id: Id14192ab0905c36e154d07d461afb56af7b61488
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
2023-05-24 06:38:08 +00:00
dbc72667a2 UPSTREAM: ext4: fix invalid free tracking in ext4_xattr_move_to_block()
commit b87c7cdf2bed4928b899e1ce91ef0d147017ba45 upstream.

In ext4_xattr_move_to_block(), the value of the extended attribute
which we need to move to an external block may be allocated by
kvmalloc() if the value is stored in an external inode.  So at the end
of the function the code tried to check if this was the case by
testing entry->e_value_inum.

However, at this point, the pointer to the xattr entry is no longer
valid, because it was removed from the original location where it had
been stored.  So we could end up calling kvfree() on a pointer which
was not allocated by kvmalloc(); or we could also potentially leak
memory by not freeing the buffer when it should be freed.  Fix this by
storing whether it should be freed in a separate variable.

Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20230430160426.581366-1-tytso@mit.edu
Link: https://syzkaller.appspot.com/bug?id=5c2aee8256e30b55ccf57312c16d88417adbd5e1
Link: https://syzkaller.appspot.com/bug?id=41a6b5d4917c0412eb3b3c3c604965bed7d7420b
Reported-by: syzbot+64b645917ce07d89bde5@syzkaller.appspotmail.com
Reported-by: syzbot+0d042627c4f2ad332195@syzkaller.appspotmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 281332515
Bug: 281333738
Change-Id: Id1fbcc337821d66df53c2826bf3158963f8b0673
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
2023-05-18 21:46:56 +00:00
630b104caa FROMGIT: f2fs: fix the wrong condition to determine atomic context
Should use !in_task for irq context.

Bug: 281085599
Cc: stable@vger.kernel.org
Fixes: 1aa161e43106 ("f2fs: fix scheduling while atomic in decompression path")
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(cherry picked from commit f063fa43995667dbdf5b46406774a0ad58310dae
 https://git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git dev)
Change-Id: I5ce9286cc380309ee5e294f54ec357a4bfa47d6f
2023-05-18 02:41:06 +00:00
dec77ff4b5 Merge b1644a0031cf ("drm/rockchip: vop2: Use regcache_sync() to fix suspend/resume") into android14-6.1
Steps on the way to 6.1.26

Change-Id: I76647cf6aaf4db218b2013de08a01cd9d11b0bb3
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2023-05-16 14:19:59 +00:00
c4cafbd0d4 Merge a3a93b46833f ("memstick: fix memory leak if card device is never registered") into android14-6.1
Steps on the way to 6.1.26

Change-Id: I068fdd73b1a29b954bef6931c144aa707d446482
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2023-05-16 12:06:36 +00:00
d31ed3d059 Merge 55fba69fbfd0 ("rust: kernel: Mark rust_fmt_argument as extern "C"") into android14-6.1
Steps on the way to 6.1.26

Change-Id: Idedac255abf3273edfdc8e1c3a88cc97c7af1f41
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2023-05-09 03:32:41 +00:00
a90747aabd Merge remote-tracking branch 'aosp/upstream-f2fs-stable-linux-6.1.y' into android14-6.1
* aosp/upstream-f2fs-stable-linux-6.1.y:
  fscrypt: destroy keyring after security_sb_delete()
  fscrypt: optimize fscrypt_initialize()
  fscrypt: use WARN_ON_ONCE instead of WARN_ON
  fscrypt: new helper function - fscrypt_prepare_lookup_partial()
  fscrypt: check for NULL keyring in fscrypt_put_master_key_activeref()
  fscrypt: improve fscrypt_destroy_keyring() documentation

Bug: 273795759
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Change-Id: I32f5ac5bae203c62f8b1e00dd66c21046ab55014
2023-05-04 16:50:47 -07:00
ed1265d585 fscrypt: destroy keyring after security_sb_delete()
fscrypt_destroy_keyring() must be called after all potentially-encrypted
inodes were evicted; otherwise it cannot safely destroy the keyring.
Since inodes that are in-use by the Landlock LSM don't get evicted until
security_sb_delete(), this means that fscrypt_destroy_keyring() must be
called *after* security_sb_delete().

This fixes a WARN_ON followed by a NULL dereference, only possible if
Landlock was being used on encrypted files.

Fixes: d7e7b9af104c ("fscrypt: stop using keyrings subsystem for fscrypt_master_key")
Cc: stable@vger.kernel.org
Reported-by: syzbot+93e495f6a4f748827c88@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/00000000000044651705f6ca1e30@google.com
Reviewed-by: Christian Brauner <brauner@kernel.org>
Link: https://lore.kernel.org/r/20230313221231.272498-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2023-05-04 10:49:24 -07:00
bb9c6d4116 ANDROID: fuse-bpf: Simplify and fix setting bpf program
Fix case when an existing bpf prog is being removed
Tidy up code

Bug: 279363668
Test: Boots, can copy file to /sdcardfs/Android/data, fuse_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:64366661e8a9a6d691e5ab6499872d495aed5266)
Merged-In: If0e682f43cbeb62764a7a2be543b90cb974b0aa0
Change-Id: If0e682f43cbeb62764a7a2be543b90cb974b0aa0
2023-05-01 16:07:26 +00:00
8ad55edd66 fscrypt: optimize fscrypt_initialize()
fscrypt_initialize() is a "one-time init" function that is called
whenever the key is set up for any inode on any filesystem.  Make it
implement "one-time init" more efficiently by not taking a global mutex
in the "already initialized case" and doing fewer pointer dereferences.

Link: https://lore.kernel.org/r/20230406181245.36091-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2023-04-27 13:18:55 -07:00
fea2e54241 fscrypt: use WARN_ON_ONCE instead of WARN_ON
As per Linus's suggestion
(https://lore.kernel.org/r/CAHk-=whefxRGyNGzCzG6BVeM=5vnvgb-XhSeFJVxJyAxAF8XRA@mail.gmail.com),
use WARN_ON_ONCE instead of WARN_ON.  This barely adds any extra
overhead, and it makes it so that if any of these ever becomes reachable
(they shouldn't, but that's the point), the logs can't be flooded.

Link: https://lore.kernel.org/r/20230320233943.73600-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2023-04-27 13:18:54 -07:00
b2a951ceb6 fscrypt: new helper function - fscrypt_prepare_lookup_partial()
This patch introduces a new helper function which can be used both in
lookups and in atomic_open operations by filesystems that want to handle
filename encryption and no-key dentries themselves.

The reason for this function to be used in atomic open is that this
operation can act as a lookup if handed a dentry that is negative.  And in
this case we may need to set DCACHE_NOKEY_NAME.

Signed-off-by: Luís Henriques <lhenriques@suse.de>
Tested-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
[ebiggers: improved the function comment, and moved the function to just
           below __fscrypt_prepare_lookup()]
Link: https://lore.kernel.org/r/20230320220149.21863-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2023-04-27 13:18:54 -07:00
8d038b99ae fscrypt: check for NULL keyring in fscrypt_put_master_key_activeref()
It is a bug for fscrypt_put_master_key_activeref() to see a NULL
keyring.  But it used to be possible due to the bug, now fixed, where
fscrypt_destroy_keyring() was called before security_sb_delete().  To be
consistent with how fscrypt_destroy_keyring() uses WARN_ON for the same
issue, WARN and leak the fscrypt_master_key if the keyring is NULL
instead of dereferencing the NULL pointer.

This is a robustness improvement, not a fix.

Link: https://lore.kernel.org/r/20230313221231.272498-4-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2023-04-27 09:12:18 -07:00
16866ef2e9 fscrypt: improve fscrypt_destroy_keyring() documentation
Document that fscrypt_destroy_keyring() must be called after all
potentially-encrypted inodes have been evicted.

Link: https://lore.kernel.org/r/20230313221231.272498-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2023-04-27 09:12:14 -07:00
8db3d6ac04 Merge remote-tracking branch 'aosp/upstream-f2fs-stable-linux-6.1.y' into android14-6.1
* aosp/upstream-f2fs-stable-linux-6.1.y:
  f2fs: remove unnessary comment in __may_age_extent_tree
  f2fs: allocate node blocks for atomic write block replacement
  f2fs: use cow inode data when updating atomic write
  f2fs: remove power-of-two limitation of zoned device
  f2fs: allocate trace path buffer from names_cache
  f2fs: add has_enough_free_secs()
  f2fs: relax sanity check if checkpoint is corrupted
  f2fs: refactor f2fs_gc to call checkpoint in urgent condition
  f2fs: remove folio_detach_private() in .invalidate_folio and .release_folio
  f2fs: remove bulk remove_proc_entry() and unnecessary kobject_del()
  f2fs: support iopoll method
  f2fs: remove batched_trim_sections node description
  f2fs: fix to check return value of inc_valid_block_count()
  f2fs: fix to check return value of f2fs_do_truncate_blocks()
  f2fs: fix passing relative address when discard zones
  f2fs: fix potential corruption when moving a directory
  f2fs: add radix_tree_preload_end in error case
  f2fs: fix to recover quota data correctly
  f2fs: fix to check readonly condition correctly
  docs: f2fs: Correct instruction to disable checkpoint
  f2fs: fix to keep consistent i_gc_rwsem lock order
  f2fs: fix to drop all dirty pages during umount() if cp_error is set
  f2fs: fix to avoid use-after-free for cached IPU bio
  f2fs: remove unneeded in-memory i_crtime copy
  f2fs: use f2fs_hw_is_readonly() instead of bdev_read_only()
  f2fs: use common implementation of file type
  f2fs: merge lz4hc_compress_pages() to lz4_compress_pages()
  f2fs: convert to use sysfs_emit
  f2fs: set default compress option only when sb_has_compression
  f2fs: Fix system crash due to lack of free space in LFS
  f2fs: remove struct victim_selection default_v_ops
  f2fs: fix null pointer panic in tracepoint in __replace_atomic_write_block
  f2fs: fix iostat lock protection
  f2fs: fix align check for npo2
  f2fs: add compression feature check for all compress mount opt
  f2fs: convert is_extension_exist() to return bool type
  f2fs: fix scheduling while atomic in decompression path
  f2fs: preserve direct write semantics when buffering is forced
  f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
  f2fs: remove else in f2fs_write_cache_pages()
  f2fs: apply zone capacity to all zone type
  f2fs: fix to handle filemap_fdatawrite() error in f2fs_ioc_decompress_file/f2fs_ioc_compress_file
  f2fs: convert to MAX_SBI_FLAG instead of 32 in stat_show()
  f2fs: Fix discard bug on zoned block devices with 2MiB zone size
  f2fs: remove entire rb_entry sharing
  f2fs: factor out discard_cmd usage from general rb_tree use
  f2fs: factor out victim_entry usage from general rb_tree use
  f2fs: fix uninitialized skipped_gc_rwsem
  f2fs: handle dqget error in f2fs_transfer_project_quota()
  f2fs: convert to use bitmap API
  f2fs: export compress_percent and compress_watermark entries
  f2fs: make f2fs_sync_inode_meta() static
  f2fs: Fix f2fs_truncate_partial_nodes ftrace event

Bug: 273795759
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I260f4009b3bb6a0ffca20488d0ad0e41e92fb9d2
2023-04-26 17:04:43 -07:00
71c7092b68 ANDROID: Revert "mm: remove cleancache"
This reverts commit 0a4ee518185e902758191d968600399f3bc2be31.

Conflicts:
	Documentation/mm/cleancache.rst
	Documentation/vm/index.rst
	arch/arm/configs/bcm2835_defconfig
	arch/arm/configs/qcom_defconfig
	arch/m68k/configs/amiga_defconfig
	arch/m68k/configs/apollo_defconfig
	arch/m68k/configs/atari_defconfig
	arch/m68k/configs/bvme6000_defconfig
	arch/m68k/configs/hp300_defconfig
	arch/m68k/configs/mac_defconfig
	arch/m68k/configs/multi_defconfig
	arch/m68k/configs/mvme147_defconfig
	arch/m68k/configs/mvme16x_defconfig
	arch/m68k/configs/q40_defconfig
	arch/m68k/configs/sun3_defconfig
	arch/m68k/configs/sun3x_defconfig
	arch/s390/configs/debug_defconfig
	arch/s390/configs/defconfig
	fs/f2fs/data.c
	fs/mpage.c

1. Skip documentation which was refactored.
2. Skip defconfigs unused in Android.
3. Replaced deprecated __submit_bio() with f2fs_submit_read_bio()
4. Replaced PageUptodate() with folio_test_uptodate()
5. Replaced SetPageUptodate() with folio_mark_uptodate()
6. Changed cleancache_get_page() call to use folio->page

Bug: 271544708
Change-Id: I93359509f7799de72f31b002a2539565d1bda9d6
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2023-04-26 17:01:50 +00:00
55e4f0c551 This is the 6.1.25 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRBFW0ACgkQONu9yGCS
 aT7Jew//Ytw9+JQ71LT1TuJnQ1GayJOL1BW5hgxoYgnBFasWDwsGA9rzHs6KHqHb
 0Vjk7MX7VZB+6zWakOxY5CFVM33J4fS7wY8WE2bj8X3QQhD/J0HQDMdELvSBi3qF
 7xI6sghEQEwOuwAj2+CBqm/q7rA5FTnO1QgJuk/AKJ6PHGRiQeZ7q1zGpFvSaj7S
 cyKvY99RsjnUN+PYk4LE2+u/6DVCqiWYVDQrdjalb9zsrXg4+nmPH6ZJzZX8+bbM
 eM0xAR675V8TXqDi+8bj7tWmiS52XyjYF3Q/bu9BmU67DqslH9FFyVQxhgTHUZpN
 qWXkojEU2djIc3qt7T/bpZS/vD8Kg3Px1CgyIRN8Y5SlZfhZyqVdTZ4AQCtJuLQJ
 wDIdQCLlGzzDNFvbD+LdfJSjZt7Ig1sM/HwtPZhUA9yF0FN1XV3dcESzCOeI0/S7
 ohRh8cs1sidnxrbvVwiVNENSqbJD7G9/9vVjIfyfcnt57q+fs6xCBhpOyNoVOp74
 I5i6ALMcVZoAB50vDjnoGZsSRe9W2AmOV6UMIkVCvRCWYFqBpgVftMTAACNyljni
 UlXmO7aDQj+nbHD/auclFtU02oHQbk62FSrwoWMFS090zWztQqUhgRY7Qnl13yCM
 poEvrKlskXhvunsNtdVmI5O3N2GANWKgGwkyFIiXvgxKkw1qpUo=
 =zeN9
 -----END PGP SIGNATURE-----

Merge 6.1.25 into android14-6.1

Changes in 6.1.25
	Revert "pinctrl: amd: Disable and mask interrupts on resume"
	drm/amd/display: Pass the right info to drm_dp_remove_payload
	ALSA: emu10k1: fix capture interrupt handler unlinking
	ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
	ALSA: i2c/cs8427: fix iec958 mixer control deactivation
	ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
	ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
	ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex()
	ALSA: emu10k1: don't create old pass-through playback device on Audigy
	ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
	ALSA: hda/hdmi: disable KAE for Intel DG2
	Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
	Bluetooth: Fix race condition in hidp_session_thread
	bluetooth: btbcm: Fix logic error in forming the board name.
	Bluetooth: Free potentially unfreed SCO connection
	Bluetooth: hci_conn: Fix possible UAF
	btrfs: restore the thread_pool= behavior in remount for the end I/O workqueues
	btrfs: fix fast csum implementation detection
	fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
	mtdblock: tolerate corrected bit-flips
	mtd: rawnand: meson: fix bitmask for length in command word
	mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
	mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min
	KVM: arm64: PMU: Restore the guest's EL0 event counting after migration
	fbcon: Fix error paths in set_con2fb_map
	fbcon: set_con2fb_map needs to set con2fb_map!
	drm/i915/dsi: fix DSS CTL register offsets for TGL+
	clk: sprd: set max_register according to mapping range
	RDMA/irdma: Do not generate SW completions for NOPs
	RDMA/irdma: Fix memory leak of PBLE objects
	RDMA/irdma: Increase iWARP CM default rexmit count
	RDMA/irdma: Add ipv4 check to irdma_find_listener()
	IB/mlx5: Add support for 400G_8X lane speed
	RDMA/erdma: Update default EQ depth to 4096 and max_send_wr to 8192
	RDMA/erdma: Inline mtt entries into WQE if supported
	RDMA/erdma: Defer probing if netdevice can not be found
	clk: rs9: Fix suspend/resume
	RDMA/cma: Allow UD qp_type to join multicast only
	bpf: tcp: Use sock_gen_put instead of sock_put in bpf_iter_tcp
	LoongArch, bpf: Fix jit to skip speculation barrier opcode
	dmaengine: apple-admac: Handle 'global' interrupt flags
	dmaengine: apple-admac: Set src_addr_widths capability
	dmaengine: apple-admac: Fix 'current_tx' not getting freed
	9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
	bpf, arm64: Fixed a BTI error on returning to patched function
	KVM: arm64: Initialise hypervisor copies of host symbols unconditionally
	KVM: arm64: Advertise ID_AA64PFR0_EL1.CSV2/3 to protected VMs
	niu: Fix missing unwind goto in niu_alloc_channels()
	tcp: restrict net.ipv4.tcp_app_win
	bonding: fix ns validation on backup slaves
	iavf: refactor VLAN filter states
	iavf: remove active_cvlans and active_svlans bitmaps
	net: openvswitch: fix race on port output
	Bluetooth: hci_conn: Fix not cleaning up on LE Connection failure
	Bluetooth: Fix printing errors if LE Connection times out
	Bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt
	Bluetooth: Set ISO Data Path on broadcast sink
	drm/armada: Fix a potential double free in an error handling path
	qlcnic: check pci_reset_function result
	net: wwan: iosm: Fix error handling path in ipc_pcie_probe()
	cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex
	net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
	sctp: fix a potential overflow in sctp_ifwdtsn_skip
	RDMA/core: Fix GID entry ref leak when create_ah fails
	selftests: openvswitch: adjust datapath NL message declaration
	udp6: fix potential access to stale information
	net: macb: fix a memory corruption in extended buffer descriptor mode
	skbuff: Fix a race between coalescing and releasing SKBs
	libbpf: Fix single-line struct definition output in btf_dump
	ARM: 9290/1: uaccess: Fix KASAN false-positives
	ARM: dts: qcom: apq8026-lg-lenok: add missing reserved memory
	power: supply: rk817: Fix unsigned comparison with less than zero
	power: supply: cros_usbpd: reclassify "default case!" as debug
	power: supply: axp288_fuel_gauge: Added check for negative values
	selftests/bpf: Fix progs/find_vma_fail1.c build error.
	wifi: mwifiex: mark OF related data as maybe unused
	i2c: imx-lpi2c: clean rx/tx buffers upon new message
	i2c: hisi: Avoid redundant interrupts
	efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
	block: ublk_drv: mark device as LIVE before adding disk
	ACPI: video: Add backlight=native DMI quirk for Acer Aspire 3830TG
	drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
	hwmon: (peci/cputemp) Fix miscalculated DTS for SKX
	hwmon: (xgene) Fix ioremap and memremap leak
	verify_pefile: relax wrapper length check
	asymmetric_keys: log on fatal failures in PE/pkcs7
	nvme: send Identify with CNS 06h only to I/O controllers
	wifi: iwlwifi: mvm: fix mvmtxq->stopped handling
	wifi: iwlwifi: mvm: protect TXQ list manipulation
	drm/amdgpu: add mes resume when do gfx post soft reset
	drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs
	drm/amdgpu/gfx: set cg flags to enter/exit safe mode
	ACPI: resource: Add Medion S17413 to IRQ override quirk
	x86/hyperv: Move VMCB enlightenment definitions to hyperv-tlfs.h
	KVM: selftests: Move "struct hv_enlightenments" to x86_64/svm.h
	KVM: SVM: Add a proper field for Hyper-V VMCB enlightenments
	x86/hyperv: KVM: Rename "hv_enlightenments" to "hv_vmcb_enlightenments"
	KVM: SVM: Flush Hyper-V TLB when required
	tracing: Add trace_array_puts() to write into instance
	tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance
	maple_tree: fix write memory barrier of nodes once dead for RCU mode
	ksmbd: avoid out of bounds access in decode_preauth_ctxt()
	riscv: add icache flush for nommu sigreturn trampoline
	HID: intel-ish-hid: Fix kernel panic during warm reset
	net: sfp: initialize sfp->i2c_block_size at sfp allocation
	net: phy: nxp-c45-tja11xx: add remove callback
	net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow
	scsi: ses: Handle enclosure with just a primary component gracefully
	x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
	cgroup: fix display of forceidle time at root
	cgroup/cpuset: Fix partition root's cpuset.cpus update bug
	cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
	drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings
	drm/amd/pm: correct SMU13.0.7 max shader clock reporting
	mptcp: use mptcp_schedule_work instead of open-coding it
	mptcp: stricter state check in mptcp_worker
	ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
	ubi: Fix deadlock caused by recursively holding work_sem
	i2c: mchp-pci1xxxx: Update Timing registers
	powerpc/papr_scm: Update the NUMA distance table for the target node
	sched/fair: Fix imbalance overflow
	x86/rtc: Remove __init for runtime functions
	i2c: ocores: generate stop condition after timeout in polling mode
	cifs: fix negotiate context parsing
	nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN
	nvme-pci: add NVME_QUIRK_BOGUS_NID for T-FORCE Z330 SSD
	cgroup/cpuset: Skip spread flags update on v2
	cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
	cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
	Linux 6.1.25

Change-Id: Ib4d2c49ea9bacb8d8dbdb7b3a4eecce937016427
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2023-04-26 13:13:19 +00:00
3e6bd2653f writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
commit 1ba1199ec5747f475538c0d25a32804e5ba1dfde upstream.

KASAN report null-ptr-deref:
==================================================================
BUG: KASAN: null-ptr-deref in bdi_split_work_to_wbs+0x5c5/0x7b0
Write of size 8 at addr 0000000000000000 by task sync/943
CPU: 5 PID: 943 Comm: sync Tainted: 6.3.0-rc5-next-20230406-dirty #461
Call Trace:
 <TASK>
 dump_stack_lvl+0x7f/0xc0
 print_report+0x2ba/0x340
 kasan_report+0xc4/0x120
 kasan_check_range+0x1b7/0x2e0
 __kasan_check_write+0x24/0x40
 bdi_split_work_to_wbs+0x5c5/0x7b0
 sync_inodes_sb+0x195/0x630
 sync_inodes_one_sb+0x3a/0x50
 iterate_supers+0x106/0x1b0
 ksys_sync+0x98/0x160
[...]
==================================================================

The race that causes the above issue is as follows:

           cpu1                     cpu2
-------------------------|-------------------------
inode_switch_wbs
 INIT_WORK(&isw->work, inode_switch_wbs_work_fn)
 queue_rcu_work(isw_wq, &isw->work)
 // queue_work async
  inode_switch_wbs_work_fn
   wb_put_many(old_wb, nr_switched)
    percpu_ref_put_many
     ref->data->release(ref)
     cgwb_release
      queue_work(cgwb_release_wq, &wb->release_work)
      // queue_work async
       &wb->release_work
       cgwb_release_workfn
                            ksys_sync
                             iterate_supers
                              sync_inodes_one_sb
                               sync_inodes_sb
                                bdi_split_work_to_wbs
                                 kmalloc(sizeof(*work), GFP_ATOMIC)
                                 // alloc memory failed
        percpu_ref_exit
         ref->data = NULL
         kfree(data)
                                 wb_get(wb)
                                  percpu_ref_get(&wb->refcnt)
                                   percpu_ref_get_many(ref, 1)
                                    atomic_long_add(nr, &ref->data->count)
                                     atomic64_add(i, v)
                                     // trigger null-ptr-deref

bdi_split_work_to_wbs() traverses &bdi->wb_list to split work into all
wbs.  If the allocation of new work fails, the on-stack fallback will be
used and the reference count of the current wb is increased afterwards.
If cgroup writeback membership switches occur before getting the reference
count and the current wb is released as old_wd, then calling wb_get() or
wb_put() will trigger the null pointer dereference above.

This issue was introduced in v4.3-rc7 (see fix tag1).  Both
sync_inodes_sb() and __writeback_inodes_sb_nr() calls to
bdi_split_work_to_wbs() can trigger this issue.  For scenarios called via
sync_inodes_sb(), originally commit 7fc5854f8c6e ("writeback: synchronize
sync(2) against cgroup writeback membership switches") reduced the
possibility of the issue by adding wb_switch_rwsem, but in v5.14-rc1 (see
fix tag2) removed the "inode_io_list_del_locked(inode, old_wb)" from
inode_switch_wbs_work_fn() so that wb->state contains WB_has_dirty_io,
thus old_wb is not skipped when traversing wbs in bdi_split_work_to_wbs(),
and the issue becomes easily reproducible again.

To solve this problem, percpu_ref_exit() is called under RCU protection to
avoid race between cgwb_release_workfn() and bdi_split_work_to_wbs().
Moreover, replace wb_get() with wb_tryget() in bdi_split_work_to_wbs(),
and skip the current wb if wb_tryget() fails because the wb has already
been shutdown.

Link: https://lkml.kernel.org/r/20230410130826.1492525-1-libaokun1@huawei.com
Fixes: b817525a4a80 ("writeback: bdi_writeback iteration must not skip dying ones")
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andreas Dilger <adilger.kernel@dilger.ca>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Dennis Zhou <dennis@kernel.org>
Cc: Hou Tao <houtao1@huawei.com>
Cc: yangerkun <yangerkun@huawei.com>
Cc: Zhang Yi <yi.zhang@huawei.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-26 14:28:39 +02:00
a0aa4827f7 nilfs2: initialize unused bytes in segment summary blocks
commit ef832747a82dfbc22a3702219cc716f449b24e4a upstream.

Syzbot still reports uninit-value in nilfs_add_checksums_on_logs() for
KMSAN enabled kernels after applying commit 7397031622e0 ("nilfs2:
initialize "struct nilfs_binfo_dat"->bi_pad field").

This is because the unused bytes at the end of each block in segment
summaries are not initialized.  So this fixes the issue by padding the
unused bytes with null bytes.

Link: https://lkml.kernel.org/r/20230417173513.12598-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+048585f3f4227bb2b49b@syzkaller.appspotmail.com
  Link: https://syzkaller.appspot.com/bug?extid=048585f3f4227bb2b49b
Cc: Alexander Potapenko <glider@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-26 14:28:39 +02:00
e19ebc5f9a btrfs: get the next extent map during fiemap/lseek more efficiently
commit d47704bd1c78c85831561bcf701b90dd66f811b2 upstream.

At find_delalloc_subrange(), when we need to get the next extent map, we
do a full search on the extent map tree (a red black tree). This is fine
but it's a lot more efficient to simply use rb_next(), which typically
requires iterating over less nodes of the tree and never needs to compare
the ranges of nodes with the one we are looking for.

So add a public helper to extent_map.{h,c} to get the extent map that
immediately follows another extent map, using rb_next(), and use that
helper at find_delalloc_subrange().

Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-26 14:28:38 +02:00
9bdbd00992 Revert "userfaultfd: don't fail on unrecognized features"
commit 2ff559f31a5d50c31a3f9d849f8af90dc36c7105 upstream.

This is a proposal to revert commit 914eedcb9ba0ff53c33808.

I found this when writing a simple UFFDIO_API test to be the first unit
test in this set.  Two things breaks with the commit:

  - UFFDIO_API check was lost and missing.  According to man page, the
  kernel should reject ioctl(UFFDIO_API) if uffdio_api.api != 0xaa.  This
  check is needed if the api version will be extended in the future, or
  user app won't be able to identify which is a new kernel.

  - Feature flags checks were removed, which means UFFDIO_API with a
  feature that does not exist will also succeed.  According to the man
  page, we should (and it makes sense) to reject ioctl(UFFDIO_API) if
  unknown features passed in.

Link: https://lore.kernel.org/r/20220722201513.1624158-1-axelrasmussen@google.com
Link: https://lkml.kernel.org/r/20230412163922.327282-2-peterx@redhat.com
Fixes: 914eedcb9ba0 ("userfaultfd: don't fail on unrecognized features")
Signed-off-by: Peter Xu <peterx@redhat.com>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: Dmitry Safonov <0x7f454c46@gmail.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Mike Rapoport (IBM) <rppt@kernel.org>
Cc: Zach O'Keefe <zokeefe@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-26 14:28:37 +02:00
0fff48d6fe Merge 6.1.24 into android14-6.1
Changes in 6.1.24
	dm cache: Add some documentation to dm-cache-background-tracker.h
	dm integrity: Remove bi_sector that's only used by commented debug code
	dm: change "unsigned" to "unsigned int"
	dm: fix improper splitting for abnormal bios
	KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode
	KVM: arm64: PMU: Distinguish between 64bit counter and 64bit overflow
	KVM: arm64: PMU: Sanitise PMCR_EL0.LP on first vcpu run
	KVM: arm64: PMU: Don't save PMCR_EL0.{C,P} for the vCPU
	gpio: GPIO_REGMAP: select REGMAP instead of depending on it
	Drivers: vmbus: Check for channel allocation before looking up relids
	ASoC: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data()
	pwm: Make .get_state() callback return an error code
	pwm: hibvt: Explicitly set .polarity in .get_state()
	pwm: cros-ec: Explicitly set .polarity in .get_state()
	pwm: iqs620a: Explicitly set .polarity in .get_state()
	pwm: sprd: Explicitly set .polarity in .get_state()
	pwm: meson: Explicitly set .polarity in .get_state()
	ASoC: codecs: lpass: fix the order or clks turn off during suspend
	KVM: s390: pv: fix external interruption loop not always detected
	wifi: mac80211: fix the size calculation of ieee80211_ie_len_eht_cap()
	wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
	net: qrtr: Fix a refcount bug in qrtr_recvmsg()
	net: phylink: add phylink_expects_phy() method
	net: stmmac: check if MAC needs to attach to a PHY
	net: stmmac: remove redundant fixup to support fixed-link mode
	l2tp: generate correct module alias strings
	wifi: brcmfmac: Fix SDIO suspend/resume regression
	NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
	nfsd: call op_release, even when op_func returns an error
	icmp: guard against too small mtu
	ALSA: hda/hdmi: Preserve the previous PCM device upon re-enablement
	net: don't let netpoll invoke NAPI if in xmit context
	net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit
	sctp: check send stream number after wait_for_sndbuf
	net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT
	ipv6: Fix an uninit variable access bug in __ip6_make_skb()
	platform/x86: think-lmi: Fix memory leak when showing current settings
	platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings
	platform/x86: think-lmi: Clean up display of current_value on Thinkstation
	gpio: davinci: Do not clear the bank intr enable bit in save_context
	gpio: davinci: Add irq chip flag to skip set wake
	net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe
	net: stmmac: fix up RX flow hash indirection table when setting channels
	sunrpc: only free unix grouplist after RCU settles
	NFSD: callback request does not use correct credential for AUTH_SYS
	ice: fix wrong fallback logic for FDIR
	ice: Reset FDIR counter in FDIR init stage
	raw: use net_hash_mix() in hash function
	raw: Fix NULL deref in raw_get_next().
	ping: Fix potentail NULL deref for /proc/net/icmp.
	ethtool: reset #lanes when lanes is omitted
	netlink: annotate lockless accesses to nlk->max_recvmsg_len
	gve: Secure enough bytes in the first TX desc for all TCP pkts
	arm64: compat: Work around uninitialized variable warning
	net: stmmac: check fwnode for phy device before scanning for phy
	cxl/pci: Fix CDAT retrieval on big endian
	cxl/pci: Handle truncated CDAT header
	cxl/pci: Handle truncated CDAT entries
	cxl/pci: Handle excessive CDAT length
	PCI/DOE: Silence WARN splat with CONFIG_DEBUG_OBJECTS=y
	PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y
	usb: xhci: tegra: fix sleep in atomic call
	xhci: Free the command allocated for setting LPM if we return early
	xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
	usb: cdnsp: Fixes error: uninitialized symbol 'len'
	usb: dwc3: pci: add support for the Intel Meteor Lake-S
	USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
	usb: typec: altmodes/displayport: Fix configure initial pin assignment
	USB: serial: option: add Telit FE990 compositions
	USB: serial: option: add Quectel RM500U-CN modem
	drivers: iio: adc: ltc2497: fix LSB shift
	iio: adis16480: select CONFIG_CRC32
	iio: adc: qcom-spmi-adc5: Fix the channel name
	iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
	iio: dac: cio-dac: Fix max DAC write value check for 12-bit
	iio: buffer: correctly return bytes written in output buffers
	iio: buffer: make sure O_NONBLOCK is respected
	iio: light: cm32181: Unregister second I2C client if present
	tty: serial: sh-sci: Fix transmit end interrupt handler
	tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
	tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty
	nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
	nilfs2: fix sysfs interface lifetime
	dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
	serial: 8250: Prevent starting up DMA Rx on THRI interrupt
	ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN
	ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
	ALSA: hda/realtek: Add quirk for Clevo X370SNW
	ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
	x86/acpi/boot: Correct acpi_is_processor_usable() check
	x86/ACPI/boot: Use FADT version to check support for online capable
	KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection
	KVM: nVMX: Do not report error code when synthesizing VM-Exit from Real Mode
	mm: kfence: fix PG_slab and memcg_data clearing
	mm: kfence: fix handling discontiguous page
	coresight: etm4x: Do not access TRCIDR1 for identification
	coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
	counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
	counter: 104-quad-8: Fix Synapse action reported for Index signals
	blk-mq: directly poll requests
	iio: adc: ad7791: fix IRQ flags
	io_uring: fix return value when removing provided buffers
	io_uring: fix memory leak when removing provided buffers
	scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
	scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
	nvme: fix discard support without oncs
	cifs: sanitize paths in cifs_update_super_prepath.
	block: ublk: make sure that block size is set correctly
	block: don't set GD_NEED_PART_SCAN if scan partition failed
	perf/core: Fix the same task check in perf_event_set_output
	ftrace: Mark get_lock_parent_ip() __always_inline
	ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
	fs: drop peer group ids under namespace lock
	can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
	can: isotp: fix race between isotp_sendsmg() and isotp_release()
	can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
	can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL infos
	ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type()
	ACPI: video: Make acpi_backlight=video work independent from GPU driver
	ACPI: video: Add acpi_backlight=video quirk for Apple iMac14,1 and iMac14,2
	ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530
	net: stmmac: Add queue reset into stmmac_xdp_open() function
	tracing/synthetic: Fix races on freeing last_cmd
	tracing/timerlat: Notify new max thread latency
	tracing/osnoise: Fix notify new tracing_max_latency
	tracing: Free error logs of tracing instances
	ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()
	tracing/synthetic: Make lastcmd_mutex static
	zsmalloc: document freeable stats
	mm: vmalloc: avoid warn_alloc noise caused by fatal signal
	wifi: mt76: ignore key disable commands
	ublk: read any SQE values upfront
	drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
	drm/nouveau/disp: Support more modes by checking with lower bpc
	drm/i915: Fix context runtime accounting
	drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
	ring-buffer: Fix race while reader and writer are on the same page
	mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
	mm/hugetlb: fix uffd wr-protection for CoW optimization path
	maple_tree: fix get wrong data_end in mtree_lookup_walk()
	maple_tree: fix a potential concurrency bug in RCU mode
	blk-throttle: Fix that bps of child could exceed bps limited in parent
	drm/amd/display: Clear MST topology if it fails to resume
	drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume
	drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset
	drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload()
	drm/i915/dp_mst: Fix payload removal during output disabling
	drm/bridge: lt9611: Fix PLL being unable to lock
	drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR
	drm/i915: Split icl_color_commit_noarm() from skl_color_commit_noarm()
	mm: take a page reference when removing device exclusive entries
	maple_tree: remove GFP_ZERO from kmem_cache_alloc() and kmem_cache_alloc_bulk()
	maple_tree: fix potential rcu issue
	maple_tree: reduce user error potential
	maple_tree: fix handle of invalidated state in mas_wr_store_setup()
	maple_tree: fix mas_prev() and mas_find() state handling
	maple_tree: be more cautious about dead nodes
	maple_tree: refine ma_state init from mas_start()
	maple_tree: detect dead nodes in mas_start()
	maple_tree: fix freeing of nodes in rcu mode
	maple_tree: remove extra smp_wmb() from mas_dead_leaves()
	maple_tree: add smp_rmb() to dead node detection
	maple_tree: add RCU lock checking to rcu callback functions
	mm: enable maple tree RCU mode by default.
	bpftool: Print newline before '}' for struct with padding only fields
	Linux 6.1.24

Change-Id: I475408e1166927565c7788e7095bdf2cb236c4b2
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2023-04-22 08:52:25 +00:00
d7595b4db4 ANDROID: Add filp_open_block() for zram
We currently plan to disallow use of filp_open() from drivers in GKI,
however the ZRAM driver still needs it. Add a new GKI-only variant of
filp_open() which only permits a block device to be opened, which can
be exported instead. This keeps ZRAM working but cuts down on drivers
that attempt to open and write files in kernel mode.

Bug: 179220339
Bug: 205141088
Change-Id: Id696b4aaf204b0499ce0a1b6416648670236e570
Signed-off-by: Alistair Delva <adelva@google.com>
(cherry picked from commit 62d9cb66f6bf79c6dbe7c556184ccd8cc791d719)
2023-04-21 20:05:56 +00:00
f4523cd498 cifs: fix negotiate context parsing
[ Upstream commit 5105a7ffce19160e7062aee67fb6b3b8a1b56d78 ]

smb311_decode_neg_context() doesn't properly check against SMB packet
boundaries prior to accessing individual negotiate context entries. This
is due to the length check omitting the eight byte smb2_neg_context
header, as well as incorrect decrementing of len_of_ctxts.

Fixes: 5100d8a3fe03 ("SMB311: Improve checking of negotiate security contexts")
Reported-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: David Disseldorp <ddiss@suse.de>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-04-20 12:35:14 +02:00
a2f6ded41b ksmbd: avoid out of bounds access in decode_preauth_ctxt()
commit e7067a446264a7514fa1cfaa4052cdb6803bc6a2 upstream.

Confirm that the accessed pneg_ctxt->HashAlgorithms address sits within
the SMB request boundary; deassemble_neg_contexts() only checks that the
eight byte smb2_neg_context header + (client controlled) DataLength are
within the packet boundary, which is insufficient.

Checking for sizeof(struct smb2_preauth_neg_context) is overkill given
that the type currently assumes SMB311_SALT_SIZE bytes of trailing Salt.

Signed-off-by: David Disseldorp <ddiss@suse.de>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-20 12:35:12 +02:00
874cf0b2c0 btrfs: fix fast csum implementation detection
commit 68d99ab0e9221ef54506f827576c5a914680eeaf upstream.

The BTRFS_FS_CSUM_IMPL_FAST flag is currently set whenever a non-generic
crc32c is detected, which is the incorrect check if the file system uses
a different checksumming algorithm.  Refactor the code to only check
this if crc32c is actually used.  Note that in an ideal world the
information if an algorithm is hardware accelerated or not should be
provided by the crypto API instead, but that's left for another day.

CC: stable@vger.kernel.org # 5.4.x: c8a5f8ca9a9c: btrfs: print checksum type and implementation at mount time
CC: stable@vger.kernel.org # 5.4.x
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-20 12:35:06 +02:00
3103c07812 btrfs: restore the thread_pool= behavior in remount for the end I/O workqueues
commit 40fac6472f22a59f5694496e179988ab4a1dfe07 upstream.

Commit d7b9416fe5c5 ("btrfs: remove btrfs_end_io_wq") converted the read
and I/O handling from btrfs_workqueues to Linux workqueues, and as part
of that lost the code to apply the thread_pool= based max_active limit
on remount.  Restore it.

Fixes: d7b9416fe5c5 ("btrfs: remove btrfs_end_io_wq")
CC: stable@vger.kernel.org # 6.0+
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-20 12:35:06 +02:00
5def09cc6f f2fs: remove unnessary comment in __may_age_extent_tree
This comment make no sense and is in the wrong place, so let's
remove it.

Signed-off-by: Qi Han <hanqi@vivo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2023-04-19 13:39:57 -07:00
449ec5b93c f2fs: allocate node blocks for atomic write block replacement
When a node block is missing for atomic write block replacement, we need
to allocate it in advance of the replacement.

Signed-off-by: Daeho Jeong <daehojeong@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2023-04-19 13:39:57 -07:00
4d3ca55950 f2fs: use cow inode data when updating atomic write
Need to use cow inode data content instead of the one in the original
inode, when we try to write the already updated atomic write files.

Signed-off-by: Daeho Jeong <daehojeong@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2023-04-19 13:39:57 -07:00
d2758b3fd8 f2fs: remove power-of-two limitation of zoned device
In f2fs, there's no reason to force po2.

Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2023-04-19 13:39:57 -07:00
fae611f4f0 f2fs: allocate trace path buffer from names_cache
It would be better to use the dedicated slab to store path.

Signed-off-by: Wu Bo <bo.wu@vivo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2023-04-19 13:39:56 -07:00
b6d6531141 f2fs: add has_enough_free_secs()
Replace !has_not_enough_free_secs w/ has_enough_free_secs.
BTW avoid nested 'if' statements in f2fs_balance_fs().

Signed-off-by: Yangtao Li <frank.li@vivo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2023-04-14 13:05:14 -07:00
9e79f3ac67 f2fs: relax sanity check if checkpoint is corrupted
1. extent_cache
 - let's drop the largest extent_cache
2. invalidate_block
 - don't show the warnings

Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2023-04-13 16:40:30 -07:00
3f34372e32 f2fs: refactor f2fs_gc to call checkpoint in urgent condition
The major change is to call checkpoint, if there's not enough space while having
some prefree segments in FG_GC case.

Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2023-04-13 16:40:30 -07:00
8f433ed1fa f2fs: remove folio_detach_private() in .invalidate_folio and .release_folio
We have maintain PagePrivate and page_private and page reference
w/ {set,clear}_page_private_*, it doesn't need to call
folio_detach_private() in the end of .invalidate_folio and
.release_folio, remove it and use f2fs_bug_on instead.

Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2023-04-13 16:39:41 -07:00
3d7abc7d69 f2fs: remove bulk remove_proc_entry() and unnecessary kobject_del()
Convert to use remove_proc_subtree() and kill kobject_del() directly.
kobject_put() actually covers kobject removal automatically, which is
single stage removal.

Signed-off-by: Yangtao Li <frank.li@vivo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2023-04-13 16:39:41 -07:00
5105821d8f f2fs: support iopoll method
Wire up the iopoll method to the common implementation.
As f2fs use common dio infrastructure:
commit a1e09b03e6f5 ("f2fs: use iomap for direct I/O")

Signed-off-by: Wu Bo <bo.wu@vivo.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2023-04-13 16:39:37 -07:00
ddca03d97d fs: drop peer group ids under namespace lock
commit cb2239c198ad9fbd5aced22cf93e45562da781eb upstream.

When cleaning up peer group ids in the failure path we need to make sure
to hold on to the namespace lock. Otherwise another thread might just
turn the mount from a shared into a non-shared mount concurrently.

Link: https://lore.kernel.org/lkml/00000000000088694505f8132d77@google.com
Fixes: 2a1867219c7b ("fs: add mount_setattr()")
Reported-by: syzbot+8ac3859139c685c4f597@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org # 5.12+
Message-Id: <20230330-vfs-mount_setattr-propagation-fix-v1-1-37548d91533b@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-13 16:55:33 +02:00
fb9ec305e7 cifs: sanitize paths in cifs_update_super_prepath.
[ Upstream commit d19342c6609b67f2ba83b9eccca2777e3687f625 ]

After a server reboot, clients are failing to move files with ENOENT.
This is caused by DFS referrals containing multiple separators, which
the server move call doesn't recognize.

v1: Initial patch.
v2: Move prototype to header.

Link: https://bugzilla.redhat.com/show_bug.cgi?id=2182472
Fixes: a31080899d5f ("cifs: sanitize multiple delimiters in prepath")
Actually-Fixes: 24e0a1eff9e2 ("cifs: switch to new mount api")
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Thiago Rafael Becker <tbecker@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-04-13 16:55:32 +02:00