lineage-22.0
301 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
9100d24dfd |
This is the 5.10.215 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmYaZdgACgkQONu9yGCS
aT4oMxAA0pATFAq8RN5f9CmYlMg5HqHgzZ8lJv8P0/reOINhUa+F5sJb1n+x+Ch4
WQbmiFeZRzfsKZ2qKhIdNR0Lg+9JOr/DtYXdSBZ6InfSWrTAIrQ9fjl5Warkmcgg
O4WbgF5BVgU3vGFATgxLvnUZwhR1D7WK93oMDunzrT7+OqyncU3f1Uj53ZAu9030
z18UNqnTxDLYH/CMGwAeRkaZqBev9gZ1HdgQWA27SVLqWQwZq0al81Cmlo+ECVmk
5dF6V2pid4qfKGJjDDfx1NS0PVnoP68iK4By1SXyoFV9VBiSwp77nUUyDr7YsHsT
u8GpZHr9jZvSO5/xtKv20NPLejTPCRKc06CbkwpikDRtGOocBL8em0GuVqlf8hMs
KwDb6ZEzYhXZGPJHbJM+aRD1tq/KHw9X7TrldOszMQPr6lubBtscPbg1FCg3OlcC
HUrtub0i275x7TH0dJeRTD8TRE9jRmF+tl7KQytEJM3JRrquFjLyhDj+/VJnZkiB
lzj3FRf4zshzgz4+CAeqXO/8Lu8b3fGYmcW1acCmk7emjDcXUKojPj/Aig6T4l7P
oCWDY3+w1E6eiyE8BazxY1KUa/41ld0VJnlW5JWGRaDFTJwrk0h6/rvf9qImSckw
IGx24UezRyp6NS1op3Qm2iwHLr41pFRfKxNm9ppgH9iBPzOhe38=
=pkLL
-----END PGP SIGNATURE-----
Merge 5.10.215 into android12-5.10-lts
Changes in 5.10.215
amdkfd: use calloc instead of kzalloc to avoid integer overflow
Documentation/hw-vuln: Update spectre doc
x86/cpu: Support AMD Automatic IBRS
x86/bugs: Use sysfs_emit()
timers: Update kernel-doc for various functions
timers: Use del_timer_sync() even on UP
timers: Rename del_timer_sync() to timer_delete_sync()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
drm/vmwgfx: stop using ttm_bo_create v2
drm/vmwgfx: switch over to the new pin interface v2
drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret'
drm/vmwgfx: Fix some static checker warnings
drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
serial: max310x: fix NULL pointer dereference in I2C instantiation
media: xc4000: Fix atomicity violation in xc4000_get_frequency
KVM: Always flush async #PF workqueue when vCPU is being destroyed
sparc64: NMI watchdog: fix return value of __setup handler
sparc: vDSO: fix return value of __setup handler
crypto: qat - fix double free during reset
crypto: qat - resolve race condition during AER recovery
selftests/mqueue: Set timeout to 180 seconds
ext4: correct best extent lstart adjustment logic
block: introduce zone_write_granularity limit
block: Clear zone limits for a non-zoned stacked queue
bounds: support non-power-of-two CONFIG_NR_CPUS
fat: fix uninitialized field in nostale filehandles
ubifs: Set page uptodate in the correct place
ubi: Check for too small LEB size in VTBL code
ubi: correct the calculation of fastmap size
mtd: rawnand: meson: fix scrambling mode value in command macro
parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
parisc: Fix ip_fast_csum
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
PM: suspend: Set mem_sleep_current during kernel command line setup
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
powerpc/fsl: Fix mfpmr build errors with newer binutils
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
USB: serial: add device ID for VeriFone adapter
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: option: add MeiG Smart SLM320 product
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
PM: sleep: wakeirq: fix wake irq warning in system suspend
mmc: tmio: avoid concurrent runs of mmc_request_done()
fuse: fix root lookup with nonzero generation
fuse: don't unhash root
usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
printk/console: Split out code that enables default console
serial: Lock console when calling into driver before registration
btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
PCI: Drop pci_device_remove() test of pci_dev->driver
PCI/PM: Drain runtime-idle callbacks before driver removal
PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()
PCI: Cache PCIe Device Capabilities register
PCI: Work around Intel I210 ROM BAR overlap defect
PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
PCI/DPC: Quirk PIO log size for certain Intel Root Ports
PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
dm-raid: fix lockdep waring in "pers->hot_add_disk"
mac802154: fix llsec key resources release in mac802154_llsec_key_del
mm: swap: fix race between free_swap_and_cache() and swapoff()
mmc: core: Fix switch on gp3 partition
drm/etnaviv: Restore some id values
hwmon: (amc6821) add of_match table
ext4: fix corruption during on-line resize
nvmem: meson-efuse: fix function pointer type mismatch
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
phy: tegra: xusb: Add API to retrieve the port number of phy
usb: gadget: tegra-xudc: Use dev_err_probe()
usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
speakup: Fix 8bit characters from direct synth
PCI/ERR: Clear AER status only when we control AER
PCI/AER: Block runtime suspend when handling errors
nfs: fix UAF in direct writes
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
PCI: dwc: endpoint: Fix advertised resizable BAR size
vfio/platform: Disable virqfds on cleanup
ring-buffer: Fix waking up ring buffer readers
ring-buffer: Do not set shortest_full when full target is hit
ring-buffer: Fix resetting of shortest_full
ring-buffer: Fix full_waiters_pending in poll
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Use raw spinlock for cgr_lock
s390/zcrypt: fix reference counting on zcrypt card objects
drm/panel: do not return negative error codes from drm_panel_get_modes()
drm/exynos: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/vc4: hdmi: do not return negative values from .get_modes()
memtest: use {READ,WRITE}_ONCE in memory scanning
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
nilfs2: prevent kernel bug at submit_bh_wbc()
cpufreq: dt: always allocate zeroed cpumask
x86/CPU/AMD: Update the Zenbleed microcode revisions
net: hns3: tracing: fix hclgevf trace event strings
wireguard: netlink: check for dangling peer via is_dead instead of empty list
wireguard: netlink: access device through ctx instead of peer
ahci: asm1064: correct count of reported ports
ahci: asm1064: asm1166: don't limit reported ports
drm/amd/display: Return the correct HDCP error code
drm/amd/display: Fix noise issue on HDMI AV mute
dm snapshot: fix lockup in dm_exception_table_exit
vxge: remove unnecessary cast in kfree()
x86/stackprotector/32: Make the canary into a regular percpu variable
x86/pm: Work around false positive kmemleak report in msr_build_context()
scripts: kernel-doc: Fix syntax error due to undeclared args variable
comedi: comedi_test: Prevent timers rescheduling during deletion
cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value"
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: reject constant set with timeout
Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
usb: gadget: ncm: Fix handling of zero block length packets
usb: port: Don't try to peer unused USB ports based on location
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
mei: me: add arrow lake point S DID
mei: me: add arrow lake point H DID
vt: fix unicode buffer corruption when deleting characters
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
tee: optee: Fix kernel panic caused by incorrect error handling
xen/events: close evtchn after mapping cleanup
printk: Update @console_may_schedule in console_trylock_spinning()
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
x86/bugs: Add asm helpers for executing VERW
x86/entry_64: Add VERW just before userspace transition
x86/entry_32: Add VERW just before userspace transition
x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
KVM/VMX: Move VERW closer to VMentry for MDS mitigation
x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
Documentation/hw-vuln: Add documentation for RFDS
x86/rfds: Mitigate Register File Data Sampling (RFDS)
KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
perf/core: Fix reentry problem in perf_output_read_group()
efivarfs: Request at most 512 bytes for variable names
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
mm/memory-failure: fix an incorrect use of tail pages
mm/migrate: set swap entry values of THP tail pages properly.
init: open /initrd.image with O_LARGEFILE
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
hexagon: vmlinux.lds.S: handle attributes section
mmc: core: Initialize mmc_blk_ioc_data
mmc: core: Avoid negative index with array access
net: ll_temac: platform_get_resource replaced by wrong function
usb: cdc-wdm: close race between read and workqueue
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
scsi: core: Fix unremoved procfs host directory regression
staging: vc04_services: changen strncpy() to strscpy_pad()
staging: vc04_services: fix information leak in create_component()
USB: core: Add hub_get() and hub_put() routines
usb: dwc2: host: Fix remote wakeup from hibernation
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: gadget: LPM flow fix
usb: udc: remove warning when queue disabled ep
usb: typec: ucsi: Ack unsupported commands
usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
scsi: qla2xxx: Split FCE|EFT trace control
scsi: qla2xxx: Fix command flush on cable pull
scsi: qla2xxx: Delay I/O Abort on PCI error
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
scsi: lpfc: Correct size for wqe for memset()
USB: core: Fix deadlock in usb_deauthorize_interface()
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
tcp: properly terminate timers for kernel sockets
ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields()
bpf: Protect against int overflow for stack access size
Octeontx2-af: fix pause frame configuration in GMP mode
dm integrity: fix out-of-range warning
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
x86/cpufeatures: Add new word for scattered features
Bluetooth: hci_event: set the conn encrypted before conn establishes
Bluetooth: Fix TOCTOU in HCI debugfs implementation
netfilter: nf_tables: disallow timeout for anonymous sets
net/rds: fix possible cp null dereference
vfio/pci: Disable auto-enable of exclusive INTx IRQ
vfio/pci: Lock external INTx masking ops
vfio: Introduce interface to flush virqfd inject workqueue
vfio/pci: Create persistent INTx handler
vfio/platform: Create persistent IRQ handlers
vfio/fsl-mc: Block calling interrupt handler without trigger
io_uring: ensure '0' is returned on file registration success
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
x86/srso: Add SRSO mitigation for Hygon processors
block: add check that partition length needs to be aligned with block size
netfilter: nf_tables: reject new basechain after table flag update
netfilter: nf_tables: flush pending destroy work before exit_net release
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
netfilter: validate user input for expected length
vboxsf: Avoid an spurious warning if load_nls_xxx() fails
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
net/sched: act_skbmod: prevent kernel-infoleak
net: stmmac: fix rx queue priority assignment
erspan: make sure erspan_base_hdr is present in skb->head
selftests: reuseaddr_conflict: add missing new line at the end of the output
ipv6: Fix infinite recursion in fib6_dump_done().
udp: do not transition UDP GRO fraglist partial checksums to unnecessary
octeontx2-pf: check negative error code in otx2_open()
i40e: fix i40e_count_filters() to count only active/new filters
i40e: fix vf may be used uninitialized in this function warning
scsi: qla2xxx: Update manufacturer details
scsi: qla2xxx: Update manufacturer detail
Revert "usb: phy: generic: Get the vbus supply"
udp: do not accept non-tunnel GSO skbs landing in a tunnel
net: ravb: Always process TX descriptor ring
arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor
arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
scsi: mylex: Fix sysfs buffer lengths
ata: sata_mv: Fix PCI device ID table declaration compilation warning
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
driver core: Introduce device_link_wait_removal()
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
s390/entry: align system call table on 8 bytes
riscv: Fix spurious errors from __get/put_kernel_nofault
x86/bugs: Fix the SRSO mitigation on Zen3/4
x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO
mptcp: don't account accept() of non-MPC client as fallback to TCP
x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
objtool: Add asm version of STACK_FRAME_NON_STANDARD
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
panic: Flush kernel log buffer at the end
arm64: dts: rockchip: fix rk3328 hdmi ports node
arm64: dts: rockchip: fix rk3399 hdmi ports node
ionic: set adminq irq affinity
pstore/zone: Add a null pointer check to the psz_kmsg_read
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
sysv: don't call sb_bread() with pointers_lock held
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
isofs: handle CDs with bad root inode but good Joliet root directory
media: sta2x11: fix irq handler cast
ext4: add a hint for block bitmap corrupt state in mb_groups
ext4: forbid commit inconsistent quota data when errors=remount-ro
drm/amd/display: Fix nanosec stat overflow
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
libperf evlist: Avoid out-of-bounds access
block: prevent division by zero in blk_rq_stat_sum()
RDMA/cm: add timeout to cm_destroy_id wait
Input: allocate keycode for Display refresh rate toggle
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
ktest: force $buildonly = 1 for 'make_warnings_file' test type
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
tools: iio: replace seekdir() in iio_generic_buffer
usb: typec: tcpci: add generic tcpci fallback compatible
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
drivers/nvme: Add quirks for device 126f:2262
fbmon: prevent division by zero in fb_videomode_from_videomode()
netfilter: nf_tables: release batch on table validation from abort path
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
netfilter: nf_tables: discard table flag update with pending basechain deletion
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
virtio: reenable config if freezing device failed
x86/mm/pat: fix VM_PAT handling in COW mappings
drm/i915/gt: Reset queue_priority_hint on parking
Bluetooth: btintel: Fixe build regression
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
kbuild: dummy-tools: adjust to stricter stackprotector check
scsi: sd: Fix wrong zone_write_granularity value during revalidate
x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
x86/head/64: Re-enable stack protection
Linux 5.10.215
Change-Id: I45a0a9c4a0683ff5ef97315690f1f884f666e1b5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Miklos Szeredi
|
c71ac0596e |
fuse: don't unhash root
[ Upstream commit b1fe686a765e6c0d71811d825b5a1585a202b777 ]
The root inode is assumed to be always hashed. Do not unhash the root
inode even if it is marked BAD.
Fixes: 5d069dbe8aaf ("fuse: fix bad inode")
Cc: <stable@vger.kernel.org> # v5.11
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
4c20c2c837 |
This is the 5.10.179 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRI7pUACgkQONu9yGCS aT4cCRAA0YwtiFA5PDxWdBVW2f/6ad7NL4cCUATt7yd68j22SKifIxmsI4J3WnmT K8p7yvc7WstuvCyoRT+9LpR969jDa/ao5jQQDky+9nFn39RK2pUQ1S4tQhRr0QWP /QrVbecT4X3rn126JhEMauR97Ma5yp0XMj9lOVIac40irf0UyRrvNHciGLfL37Zy 2Q7AOOJGrA9IREpj+uaG4r8QWZtvVYMCZkIgqZDdnEgfjZew+2w8j+4boL6anxpM 0f+6ZFT5OHUabwuBsw+4ee6eRE0K3iaAzde8pIZ2y1/ihYgQ+VlMwcLRncuE/34X dUG1aQyfbcMdukzWO2fay0on/7NF/U2ljS8WTFjWeCGWXzKRxxbmgXD/WRpBba6V NZQB/LroXv+8HVAzlfnZoHD9ojRg8b3exxjy70hUvgAING2CXMqX7KILalFKQvBz Ish5e5cxUBP2khMo1caPCU04dy3t/CF68UBrx4s8+RJFvGBmTykhfUx+DhS8usmu y0GrvyBfCXb1CW56ZZaip2jLv5IiOUL9KzKpPli1PV9K+He6aa2mTtvKzVBUalZf qVzMTifW6JskpxW58I0xKqiaHY5pZVfv0EX65Gs0gVYskSpSLu5MINMvBl5F1sDf DdrJ+ZivMUNU5eGUf99IQgXuYFPWigEzsXQRfwHr78kFP4wIPxg= =Ubp5 -----END PGP SIGNATURE----- Merge 5.10.179 into android12-5.10-lts Changes in 5.10.179 ARM: dts: rockchip: fix a typo error for rk3288 spdif node arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node arm64: dts: meson-g12-common: specify full DMC range arm64: dts: imx8mm-evk: correct pmic clock source netfilter: br_netfilter: fix recent physdev match breakage regulator: fan53555: Explicitly include bits header net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg virtio_net: bugfix overflow inside xdp_linearize_page() sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP. sfc: Fix use-after-free due to selftest_work netfilter: nf_tables: fix ifdef to also consider nf_tables=m i40e: fix accessing vsi->active_filters without holding lock i40e: fix i40e_setup_misc_vector() error handling mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() net: rpl: fix rpl header size calculation mlxsw: pci: Fix possible crash during initialization bpf: Fix incorrect verifier pruning due to missing register precision taints e1000e: Disable TSO on i219-LM card to increase speed f2fs: Fix f2fs_truncate_partial_nodes ftrace event Input: i8042 - add quirk for Fujitsu Lifebook A574/H selftests: sigaltstack: fix -Wuninitialized scsi: megaraid_sas: Fix fw_crash_buffer_show() scsi: core: Improve scsi_vpd_inquiry() checks net: dsa: b53: mmap: add phy ops s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling nvme-tcp: fix a possible UAF when failing to allocate an io queue xen/netback: use same error messages for same errors powerpc/doc: Fix htmldocs errors xfs: drop submit side trans alloc for append ioends iio: light: tsl2772: fix reading proximity-diodes from device tree nilfs2: initialize unused bytes in segment summary blocks memstick: fix memory leak if card device is never registered kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 mm/khugepaged: check again on anon uffd-wp during isolation sched/uclamp: Make task_fits_capacity() use util_fits_cpu() sched/uclamp: Fix fits_capacity() check in feec() sched/uclamp: Make select_idle_capacity() use util_fits_cpu() sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() sched/uclamp: Make cpu_overutilized() use util_fits_cpu() sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit condition sched/fair: Detect capacity inversion sched/fair: Consider capacity inversion in util_fits_cpu() sched/uclamp: Fix a uninitialized variable warnings sched/fair: Fixes for capacity inversion detection MIPS: Define RUNTIME_DISCARD_EXIT in LD script docs: futex: Fix kernel-doc references after code split-up preparation purgatory: fix disabling debug info virtiofs: clean up error handling in virtio_fs_get_tree() virtiofs: split requests that exceed virtqueue size fuse: check s_root when destroying sb fuse: fix attr version comparison in fuse_read_update_size() fuse: always revalidate rename target dentry fuse: fix deadlock between atomic O_TRUNC and page invalidation Revert "ext4: fix use-after-free in ext4_xattr_set_entry" ext4: remove duplicate definition of ext4_xattr_ibody_inline_set() ext4: fix use-after-free in ext4_xattr_set_entry udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). dccp: Call inet6_destroy_sock() via sk->sk_destruct(). sctp: Call inet6_destroy_sock() via sk->sk_destruct(). pwm: meson: Explicitly set .polarity in .get_state() pwm: iqs620a: Explicitly set .polarity in .get_state() pwm: hibvt: Explicitly set .polarity in .get_state() iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() ASoC: fsl_asrc_dma: fix potential null-ptr-deref ASN.1: Fix check for strdup() success Linux 5.10.179 Change-Id: I54e476aa9b199a4711a091c77583739ed82af5ad Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Connor Kuehl
|
6d0d67b05f |
virtiofs: split requests that exceed virtqueue size
commit a7f0d7aab0b4f3f0780b1f77356e2fe7202ac0cb upstream. If an incoming FUSE request can't fit on the virtqueue, the request is placed onto a workqueue so a worker can try to resubmit it later where there will (hopefully) be space for it next time. This is fine for requests that aren't larger than a virtqueue's maximum capacity. However, if a request's size exceeds the maximum capacity of the virtqueue (even if the virtqueue is empty), it will be doomed to a life of being placed on the workqueue, removed, discovered it won't fit, and placed on the workqueue yet again. Furthermore, from section 2.6.5.3.1 (Driver Requirements: Indirect Descriptors) of the virtio spec: "A driver MUST NOT create a descriptor chain longer than the Queue Size of the device." To fix this, limit the number of pages FUSE will use for an overall request. This way, each request can realistically fit on the virtqueue when it is decomposed into a scattergather list and avoid violating section 2.6.5.3.1 of the virtio spec. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Yang Bo <yb203166@antfin.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Pradeep P V K
|
05a8f2c4d2 |
FROMLIST: fuse: give wakeup hints to the scheduler
The synchronous wakeup interface is available only for the interruptible wakeup. Add it for normal wakeup and use this synchronous wakeup interface to wakeup the userspace daemon. Scheduler can make use of this hint to find a better CPU for the waker task. With this change the performance numbers for compress, decompress and copy use-cases on /sdcard path has improved by ~30%. Use-case details: 1. copy 10000 files of each 4k size into /sdcard path 2. use any File explorer application that has compress/decompress support 3. start compress/decompress and capture the time. ------------------------------------------------- | Default | wakeup support | Improvement/Diff | ------------------------------------------------- | 13.8 sec | 9.9 sec | 3.9 sec (28.26%) | ------------------------------------------------- Co-developed-by: Pavankumar Kondeti <quic_pkondeti@quicinc.com> Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com> Bug: 216261533 Link: https://lore.kernel.org/lkml/1638780405-38026-1-git-send-email-quic_pragalla@quicinc.com/ Change-Id: I9ac89064e34b1e0605064bf4d2d3a310679cb605 Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com> Signed-off-by: Alessio Balsini <balsini@google.com> (cherry picked from commit 30d72758dbe0e7fa9992f5d21ee8d23eec27934a) |
||
|
Miklos Szeredi
|
24d464d38b |
BACKPORT: fuse: fix pipe buffer lifetime for direct_io
commit 0c4bcfdecb1ac0967619ee7ff44871d93c08c909 upstream.
In FOPEN_DIRECT_IO mode, fuse_file_write_iter() calls
fuse_direct_write_iter(), which normally calls fuse_direct_io(), which then
imports the write buffer with fuse_get_user_pages(), which uses
iov_iter_get_pages() to grab references to userspace pages instead of
actually copying memory.
On the filesystem device side, these pages can then either be read to
userspace (via fuse_dev_read()), or splice()d over into a pipe using
fuse_dev_splice_read() as pipe buffers with &nosteal_pipe_buf_ops.
This is wrong because after fuse_dev_do_read() unlocks the FUSE request,
the userspace filesystem can mark the request as completed, causing write()
to return. At that point, the userspace filesystem should no longer have
access to the pipe buffer.
Fix by copying pages coming from the user address space to new pipe
buffers.
Bug: 226679409
Reported-by: Jann Horn <jannh@google.com>
Fixes:
|
||
|
Miklos Szeredi
|
ab5595b45f |
fuse: fix pipe buffer lifetime for direct_io
commit 0c4bcfdecb1ac0967619ee7ff44871d93c08c909 upstream.
In FOPEN_DIRECT_IO mode, fuse_file_write_iter() calls
fuse_direct_write_iter(), which normally calls fuse_direct_io(), which then
imports the write buffer with fuse_get_user_pages(), which uses
iov_iter_get_pages() to grab references to userspace pages instead of
actually copying memory.
On the filesystem device side, these pages can then either be read to
userspace (via fuse_dev_read()), or splice()d over into a pipe using
fuse_dev_splice_read() as pipe buffers with &nosteal_pipe_buf_ops.
This is wrong because after fuse_dev_do_read() unlocks the FUSE request,
the userspace filesystem can mark the request as completed, causing write()
to return. At that point, the userspace filesystem should no longer have
access to the pipe buffer.
Fix by copying pages coming from the user address space to new pipe
buffers.
Reported-by: Jann Horn <jannh@google.com>
Fixes:
|
||
|
Greg Kroah-Hartman
|
c4d08791d9 |
This is the 5.10.87 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmG8WHUACgkQONu9yGCS aT524A/9GF91x8mh19+Ctbw+/wt+bfVLBzapAnqucOkoXmMR7Vd68DidaYud/Dgb 851d5HSjCjpFPgXp0iXMuT3sj7zfBh6a1UZ7YyH9BP3COoR8QTUh2pV6SB0bjSfn 0zPSNFKvh6HtASQZUqUvX1bAucKXBo8gKafQCHNdd0SRIXVeAIhM0IP3RMPET90M 9Z/kRFccX2iNLLNQbN4XtRrfkhyfEA0FpvKQRSngaN4DoJIqMHxH+WVhwbpxkKWA H+EABClIs74GIPa/x6UXXA5+dwKLkE0BtdDtwmnHq/ONw5BtH1zf4MEIbFS/gpy+ lcJMYLvDd8n4ebHB9yyZN76owOf2SzNu9jrZpU/kIveF0sV2NspAyolv+U+ExBDG K+2WGkM7dkD2IK8lqqYGLYBlyjmlVioaUitn0nnwcUVq5zZOOxXxnz0vIMJL2k/l tYvqTB2Uv48F3Jzsl8cnJIEJDcQSXI7IPsS4yvsMFYdCvSiDcClPbsiMZEOfS0vE CPgF+HM2g24Cdy2FTe7jQOQAB3UjwQiGwlWaQl+IUWsi69wIG8JkmjckPXWHamoc 2J4gccQnGf73FS31n96NimXppPgoL1kHdZD+jUa0ZOaJmJrItz+ItHvlKHs+MJ4f W9Ryg1PiRU6WrtIqsmRx/h01U+joBfcbevpQT8FvAOtPHQtop3Q= =36vv -----END PGP SIGNATURE----- Merge 5.10.87 into android12-5.10-lts Changes in 5.10.87 nfc: fix segfault in nfc_genl_dump_devices_done drm/msm/dsi: set default num_data_lanes KVM: arm64: Save PSTATE early on exit s390/test_unwind: use raw opcode instead of invalid instruction Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" net/mlx4_en: Update reported link modes for 1/10G ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid ALSA: hda/hdmi: fix HDA codec entry table order for ADL-P parisc/agp: Annotate parisc agp init functions with __init i2c: rk3x: Handle a spurious start completion interrupt flag net: netlink: af_netlink: Prevent empty skb by adding a check on len. drm/amd/display: Fix for the no Audio bug with Tiled Displays drm/amd/display: add connector type check for CRC source set tracing: Fix a kmemleak false positive in tracing_map KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req staging: most: dim2: use device release method bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc fuse: make sure reclaim doesn't write the inode hwmon: (dell-smm) Fix warning on /proc/i8k creation error ethtool: do not perform operations on net devices being unregistered perf inject: Fix itrace space allowed for new attributes perf intel-pt: Fix some PGE (packet generation enable/control flow packets) usage perf intel-pt: Fix sync state when a PSB (synchronization) packet is found perf intel-pt: Fix intel_pt_fup_event() assumptions about setting state type perf intel-pt: Fix state setting when receiving overflow (OVF) packet perf intel-pt: Fix next 'err' value, walking trace perf intel-pt: Fix missing 'instruction' events with 'q' option perf intel-pt: Fix error timestamp setting on the decoder error path memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER memblock: align freed memory map on pageblock boundaries with SPARSEMEM memblock: ensure there is no overflow in memblock_overlaps_region() arm: extend pfn_valid to take into account freed memory map alignment arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM Linux 5.10.87 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I56719d03237a8607e6cc0bc357421d0b4a479084 |
||
|
Miklos Szeredi
|
c31470a30c |
fuse: make sure reclaim doesn't write the inode
commit 5c791fe1e2a4f401f819065ea4fc0450849f1818 upstream. In writeback cache mode mtime/ctime updates are cached, and flushed to the server using the ->write_inode() callback. Closing the file will result in a dirty inode being immediately written, but in other cases the inode can remain dirty after all references are dropped. This result in the inode being written back from reclaim, which can deadlock on a regular allocation while the request is being served. The usual mechanisms (GFP_NOFS/PF_MEMALLOC*) don't work for FUSE, because serving a request involves unrelated userspace process(es). Instead do the same as for dirty pages: make sure the inode is written before the last reference is gone. - fallocate(2)/copy_file_range(2): these call file_update_time() or file_modified(), so flush the inode before returning from the call - unlink(2), link(2) and rename(2): these call fuse_update_ctime(), so flush the ctime directly from this helper Reported-by: chenguanyou <chenguanyou@xiaomi.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Cc: Ed Tsai <ed.tsai@mediatek.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
77b971b479 |
This is the 5.10.63 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmE4XPEACgkQONu9yGCS aT7h3xAAm2VWUt7gt5QUxJWfooEZAlnzYBYiS6bDRuOgVm9KylI7afB+lIfUjMI8 JeOGqlB1rvwDXNwWMh88omWK95KQw2CgF57npuavR070fhZ7bGJ/f7KENYI6BDlg 7affMvHu7iH8Knm3nANTqfcOSdW5T+p8vKRc66ocO8qdB8is6cUP71cK/1Kq86/Q EWJizvRWv+Rz+j+r6rcjwyObSkgilnqXUllzqGxmh2ZBmN8ayH+0jDY765FI8wmO AjFXKr9YuaTDnKEwmfH036dVyNpkpV+YlNK1UhBTVm/uVGxmbBn2HZ5Z2/V89xVY Y+1B4mvXyuhpe5zWPpjiJQPna3wC++WjhpJu5mT6HMMD2wb5aooc5Fh9ruoPrnPP fKTy4ju2N3IZ0gN6OePKViXWTWEG+xy53xqnO3vtD6brJXF9PRiILLlj5qkrTWTR F9xbdHzakhbsx/CfmbD4FZa5rI7wGlR4QYznDIb7E9hb4mkqFC0U7V8zJgqnLDwH ljSElISxG7AL3RhnOiTi4ZAhsNAlBhhS1RqXl6yLuQ0QpwJiC8/wcGsJSqI931lP Gj6WjwJz7H31g3NYF7vbklaEkw6Y66NrtQgIcNxqSccVev0SCGzdIx75/3TygBuv AC2PeQLk3TGeJKKHPRlg8Ui96nSgyFlT9xQkZL7Jelux8qlZo0E= =u0UQ -----END PGP SIGNATURE----- Merge 5.10.63 into android12-5.10-lts Changes in 5.10.63 ext4: fix race writing to an inline_data file while its xattrs are changing fscrypt: add fscrypt_symlink_getattr() for computing st_size ext4: report correct st_size for encrypted symlinks f2fs: report correct st_size for encrypted symlinks ubifs: report correct st_size for encrypted symlinks Revert "ucounts: Increase ucounts reference counter before the security hook" Revert "cred: add missing return error code when set_cred_ucounts() failed" Revert "Add a reference to ucounts for each cred" static_call: Fix unused variable warn w/o MODULE xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG ARM: OMAP1: ams-delta: remove unused function ams_delta_camera_power gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats reset: reset-zynqmp: Fixed the argument data type qed: Fix the VF msix vectors flow net: macb: Add a NULL check on desc_ptp qede: Fix memset corruption perf/x86/intel/pt: Fix mask of num_address_ranges ceph: fix possible null-pointer dereference in ceph_mdsmap_decode() perf/x86/amd/ibs: Work around erratum #1197 perf/x86/amd/power: Assign pmu.module cryptoloop: add a deprecation warning ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 ALSA: pcm: fix divide error in snd_pcm_lib_ioctl serial: 8250: 8250_omap: Fix possible array out of bounds access spi: Switch to signed types for *_native_cs SPI controller fields new helper: inode_wrong_type() fuse: fix illegal access to inode with reused nodeid media: stkwebcam: fix memory leak in stk_camera_probe Linux 5.10.63 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5d461fa0b4dd5ba2457663bd20da1001936feaca |
||
Amir Goldstein
|
ad5e13f15d |
fuse: fix illegal access to inode with reused nodeid
commit 15db16837a35d8007cb8563358787412213db25e upstream. Server responds to LOOKUP and other ops (READDIRPLUS/CREATE/MKNOD/...) with ourarg containing nodeid and generation. If a fuse inode is found in inode cache with the same nodeid but different generation, the existing fuse inode should be unhashed and marked "bad" and a new inode with the new generation should be hashed instead. This can happen, for example, with passhrough fuse filesystem that returns the real filesystem ino/generation on lookup and where real inode numbers can get recycled due to real files being unlinked not via the fuse passthrough filesystem. With current code, this situation will not be detected and an old fuse dentry that used to point to an older generation real inode, can be used to access a completely new inode, which should be accessed only via the new dentry. Note that because the FORGET message carries the nodeid w/o generation, the server should wait to get FORGET counts for the nlookup counts of the old and reused inodes combined, before it can free the resources associated to that nodeid. Stable backport notes: * This is not a regression. The bug has been in fuse forever, but only a certain class of low level fuse filesystems can trigger this bug * Because there is no way to check if this fix is applied in runtime, libfuse test_examples.py tests this fix with hardcoded check for kernel version >= 5.14 * After backport to stable kernel(s), the libfuse test can be updated to also check minimal stable kernel version(s) * Depends on "fuse: fix bad inode" which is already applied to stable kernels v5.4.y and v5.10.y * Required backporting helper inode_wrong_type() Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/linux-fsdevel/CAOQ4uxi8DymG=JO_sAU+wS8akFdzh+PuXwW3Ebgahd2Nwnh7zA@mail.gmail.com/ Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Alessio Balsini
|
5e424f8596 |
ANDROID: fuse/passthrough: API V2 with __u32 open argument
The initial FUSE passthrough interface has the issue of introducing an ioctl which receives as a parameter a data structure containing a pointer. What happens is that, depending on the architecture, the size of this struct might change, and especially for 32-bit userspace running on 64-bit kernel, the size mismatch results into different a single ioctl the behavior of which depends on the data that is passed (e.g., with an enum). This is just a poor ioctl design as mentioned by Arnd Bergmann [1]. Introduce the new FUSE_PASSTHROUGH_OPEN ioctl which only gets the fd of the lower file system, which is a fixed-size __u32, dropping the confusing fuse_passthrough_out data structure. [1] https://lore.kernel.org/lkml/CAK8P3a2K2FzPvqBYL9W=Yut58SFXyetXwU4Fz50G5O3TsS0pPQ@mail.gmail.com/ Bug: 175195837 Signed-off-by: Alessio Balsini <balsini@google.com> Change-Id: I486d71cbe20f3c0c87544fa75da4e2704fe57c7c |
||
|
Greg Kroah-Hartman
|
a1ac3f3093 |
Merge 5.10.36 into android12-5.10
Changes in 5.10.36
bus: mhi: core: Fix check for syserr at power_up
bus: mhi: core: Clear configuration from channel context during reset
bus: mhi: core: Sanity check values from remote device before use
nitro_enclaves: Fix stale file descriptors on failed usercopy
dyndbg: fix parsing file query without a line-range suffix
s390/disassembler: increase ebpf disasm buffer size
s390/zcrypt: fix zcard and zqueue hot-unplug memleak
vhost-vdpa: fix vm_flags for virtqueue doorbell mapping
tpm: acpi: Check eventlog signature before using it
ACPI: custom_method: fix potential use-after-free issue
ACPI: custom_method: fix a possible memory leak
ftrace: Handle commands when closing set_ftrace_filter file
ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld
arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node
arm64: dts: mt8173: fix property typo of 'phys' in dsi node
ecryptfs: fix kernel panic with null dev_name
fs/epoll: restore waking from ep_done_scan()
mtd: spi-nor: core: Fix an issue of releasing resources during read/write
Revert "mtd: spi-nor: macronix: Add support for mx25l51245g"
mtd: spinand: core: add missing MODULE_DEVICE_TABLE()
mtd: rawnand: atmel: Update ecc_stats.corrected counter
mtd: physmap: physmap-bt1-rom: Fix unintentional stack access
erofs: add unsupported inode i_format check
spi: stm32-qspi: fix pm_runtime usage_count counter
spi: spi-ti-qspi: Free DMA resources
scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
scsi: mpt3sas: Block PCI config access from userspace during reset
mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe()
mmc: uniphier-sd: Fix a resource leak in the remove function
mmc: sdhci: Check for reset prior to DMA address unmap
mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers
mmc: sdhci-tegra: Add required callbacks to set/clear CQE_EN bit
mmc: block: Update ext_csd.cache_ctrl if it was written
mmc: block: Issue a cache flush only when it's enabled
mmc: core: Do a power cycle when the CMD11 fails
mmc: core: Set read only for SD cards with permanent write protect bit
mmc: core: Fix hanging on I/O during system suspend for removable cards
irqchip/gic-v3: Do not enable irqs when handling spurious interrups
cifs: Return correct error code from smb2_get_enc_key
cifs: fix out-of-bound memory access when calling smb3_notify() at mount point
cifs: detect dead connections only when echoes are enabled.
smb2: fix use-after-free in smb2_ioctl_query_info()
btrfs: handle remount to no compress during compression
x86/build: Disable HIGHMEM64G selection for M486SX
btrfs: fix metadata extent leak after failure to create subvolume
intel_th: pci: Add Rocket Lake CPU support
btrfs: fix race between transaction aborts and fsyncs leading to use-after-free
posix-timers: Preserve return value in clock_adjtime32()
fbdev: zero-fill colormap in fbcmap.c
cpuidle: tegra: Fix C7 idling state on Tegra114
bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first
staging: wimax/i2400m: fix byte-order issue
spi: ath79: always call chipselect function
spi: ath79: remove spi-master setup and cleanup assignment
bus: mhi: core: Destroy SBL devices when moving to mission mode
crypto: api - check for ERR pointers in crypto_destroy_tfm()
crypto: qat - fix unmap invalid dma address
usb: gadget: uvc: add bInterval checking for HS mode
usb: webcam: Invalid size of Processing Unit Descriptor
x86/sev: Do not require Hypervisor CPUID bit for SEV guests
crypto: hisilicon/sec - fixes a printing error
genirq/matrix: Prevent allocation counter corruption
usb: gadget: f_uac2: validate input parameters
usb: gadget: f_uac1: validate input parameters
usb: dwc3: gadget: Ignore EP queue requests during bus reset
usb: xhci: Fix port minor revision
kselftest/arm64: mte: Fix compilation with native compiler
ARM: tegra: acer-a500: Rename avdd to vdda of touchscreen node
PCI: PM: Do not read power state in pci_enable_device_flags()
kselftest/arm64: mte: Fix MTE feature detection
ARM: dts: BCM5301X: fix "reg" formatting in /memory node
ARM: dts: ux500: Fix up TVK R3 sensors
x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
x86/boot: Add $(CLANG_FLAGS) to compressed KBUILD_CFLAGS
efi/libstub: Add $(CLANG_FLAGS) to x86 flags
soc/tegra: pmc: Fix completion of power-gate toggling
arm64: dts: imx8mq-librem5-r3: Mark buck3 as always on
tee: optee: do not check memref size on return from Secure World
soundwire: cadence: only prepare attached devices on clock stop
perf/arm_pmu_platform: Use dev_err_probe() for IRQ errors
perf/arm_pmu_platform: Fix error handling
random: initialize ChaCha20 constants with correct endianness
usb: xhci-mtk: support quirk to disable usb2 lpm
fpga: dfl: pci: add DID for D5005 PAC cards
xhci: check port array allocation was successful before dereferencing it
xhci: check control context is valid before dereferencing it.
xhci: fix potential array out of bounds with several interrupters
bus: mhi: core: Clear context for stopped channels from remove()
ARM: dts: at91: change the key code of the gpio key
tools/power/x86/intel-speed-select: Increase string size
platform/x86: ISST: Account for increased timeout in some cases
spi: dln2: Fix reference leak to master
spi: omap-100k: Fix reference leak to master
spi: qup: fix PM reference leak in spi_qup_remove()
usb: gadget: tegra-xudc: Fix possible use-after-free in tegra_xudc_remove()
usb: musb: fix PM reference leak in musb_irq_work()
usb: core: hub: Fix PM reference leak in usb_port_resume()
usb: dwc3: gadget: Check for disabled LPM quirk
tty: n_gsm: check error while registering tty devices
intel_th: Consistency and off-by-one fix
phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
crypto: sun8i-ss - Fix PM reference leak when pm_runtime_get_sync() fails
crypto: sun8i-ce - Fix PM reference leak in sun8i_ce_probe()
crypto: stm32/hash - Fix PM reference leak on stm32-hash.c
crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c
crypto: sa2ul - Fix PM reference leak in sa_ul_probe()
crypto: omap-aes - Fix PM reference leak on omap-aes.c
platform/x86: intel_pmc_core: Don't use global pmcdev in quirks
spi: sync up initial chipselect state
btrfs: do proper error handling in create_reloc_root
btrfs: do proper error handling in btrfs_update_reloc_root
btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
drm: Added orientation quirk for OneGX1 Pro
drm/qxl: do not run release if qxl failed to init
drm/qxl: release shadow on shutdown
drm/ast: Fix invalid usage of AST_MAX_HWC_WIDTH in cursor atomic_check
drm/amd/display: changing sr exit latency
drm/ast: fix memory leak when unload the driver
drm/amd/display: Check for DSC support instead of ASIC revision
drm/amd/display: Don't optimize bandwidth before disabling planes
drm/amdgpu/display: buffer INTERRUPT_LOW_IRQ_CONTEXT interrupt work
drm/amd/display/dc/dce/dce_aux: Remove duplicate line causing 'field overwritten' issue
scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
scsi: lpfc: Fix pt2pt connection does not recover after LOGO
drm/amdgpu: Fix some unload driver issues
sched/pelt: Fix task util_est update filtering
kvfree_rcu: Use same set of GFP flags as does single-argument
scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
media: ite-cir: check for receive overflow
media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB
media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt()
atomisp: don't let it go past pipes array
power: supply: bq27xxx: fix power_avg for newer ICs
extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged
extcon: arizona: Fix various races on driver unbind
media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
media: gspca/sq905.c: fix uninitialized variable
power: supply: Use IRQF_ONESHOT
backlight: qcom-wled: Use sink_addr for sync toggle
backlight: qcom-wled: Fix FSC update issue for WLED5
drm/amdgpu: mask the xgmi number of hops reported from psp to kfd
drm/amdkfd: Fix UBSAN shift-out-of-bounds warning
drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
drm/amd/pm: fix workload mismatch on vega10
drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool'
drm/amd/display: DCHUB underflow counter increasing in some scenarios
drm/amd/display: fix dml prefetch validation
scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats()
drm/vkms: fix misuse of WARN_ON
scsi: qla2xxx: Fix use after free in bsg
mmc: sdhci-esdhc-imx: validate pinctrl before use it
mmc: sdhci-pci: Add PCI IDs for Intel LKF
mmc: sdhci-brcmstb: Remove CQE quirk
ata: ahci: Disable SXS for Hisilicon Kunpeng920
drm/komeda: Fix bit check to import to value of proper type
nvmet: return proper error code from discovery ctrl
selftests/resctrl: Enable gcc checks to detect buffer overflows
selftests/resctrl: Fix compilation issues for global variables
selftests/resctrl: Fix compilation issues for other global variables
selftests/resctrl: Clean up resctrl features check
selftests/resctrl: Fix missing options "-n" and "-p"
selftests/resctrl: Use resctrl/info for feature detection
selftests/resctrl: Fix incorrect parsing of iMC counters
selftests/resctrl: Fix checking for < 0 for unsigned values
power: supply: cpcap-charger: Add usleep to cpcap charger to avoid usb plug bounce
scsi: smartpqi: Use host-wide tag space
scsi: smartpqi: Correct request leakage during reset operations
scsi: smartpqi: Add new PCI IDs
scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
media: em28xx: fix memory leak
media: vivid: update EDID
drm/msm/dp: Fix incorrect NULL check kbot warnings in DP driver
clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
power: supply: generic-adc-battery: fix possible use-after-free in gab_remove()
power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove()
media: tc358743: fix possible use-after-free in tc358743_remove()
media: adv7604: fix possible use-after-free in adv76xx_remove()
media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove()
media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
media: platform: sti: Fix runtime PM imbalance in regs_show
media: sun8i-di: Fix runtime PM imbalance in deinterlace_start_streaming
media: dvb-usb: fix memory leak in dvb_usb_adapter_init
media: gscpa/stv06xx: fix memory leak
sched/fair: Ignore percpu threads for imbalance pulls
drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
drm/msm/mdp5: Do not multiply vclk line count by 100
drm/amdgpu/ttm: Fix memory leak userptr pages
drm/radeon/ttm: Fix memory leak userptr pages
drm/amd/display: Fix debugfs link_settings entry
drm/amd/display: Fix UBSAN: shift-out-of-bounds warning
drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug
amdgpu: avoid incorrect %hu format string
drm/amd/display: Try YCbCr420 color when YCbCr444 fails
drm/amdgpu: fix NULL pointer dereference
scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response
scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode
scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
mfd: intel-m10-bmc: Fix the register access range
mfd: da9063: Support SMBus and I2C mode
mfd: arizona: Fix rumtime PM imbalance on error
scsi: libfc: Fix a format specifier
perf: Rework perf_event_exit_event()
sched,fair: Alternative sched_slice()
block/rnbd-clt: Fix missing a memory free when unloading the module
s390/archrandom: add parameter check for s390_arch_random_generate
sched,psi: Handle potential task count underflow bugs more gracefully
power: supply: cpcap-battery: fix invalid usage of list cursor
ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
ALSA: hda/conexant: Re-order CX5066 quirk table entries
ALSA: sb: Fix two use after free in snd_sb_qsound_build
ALSA: usb-audio: Explicitly set up the clock selector
ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8
ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G7
ALSA: hda/realtek: GA503 use same quirks as GA401
ALSA: hda/realtek: fix mic boost on Intel NUC 8
ALSA: hda/realtek - Headset Mic issue on HP platform
ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops
ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx
tools/power/turbostat: Fix turbostat for AMD Zen CPUs
btrfs: fix race when picking most recent mod log operation for an old root
arm64/vdso: Discard .note.gnu.property sections in vDSO
Makefile: Move -Wno-unused-but-set-variable out of GCC only block
fs: fix reporting supported extra file attributes for statx()
virtiofs: fix memory leak in virtio_fs_probe()
kcsan, debugfs: Move debugfs file creation out of early init
ubifs: Only check replay with inode type to judge if inode linked
f2fs: fix error handling in f2fs_end_enable_verity()
f2fs: fix to avoid out-of-bounds memory access
mlxsw: spectrum_mr: Update egress RIF list before route's action
openvswitch: fix stack OOB read while fragmenting IPv4 packets
ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds
NFS: Don't discard pNFS layout segments that are marked for return
NFSv4: Don't discard segments marked for return in _pnfs_return_layout()
Input: ili210x - add missing negation for touch indication on ili210x
jffs2: Fix kasan slab-out-of-bounds problem
jffs2: Hook up splice_write callback
powerpc/powernv: Enable HAIL (HV AIL) for ISA v3.1 processors
powerpc/eeh: Fix EEH handling for hugepages in ioremap space.
powerpc/kexec_file: Use current CPU info while setting up FDT
powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR
powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
intel_th: pci: Add Alder Lake-M support
tpm: efi: Use local variable for calculating final log size
tpm: vtpm_proxy: Avoid reading host log when using a virtual device
crypto: arm/curve25519 - Move '.fpu' after '.arch'
crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS
md/raid1: properly indicate failure when ending a failed write request
dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences
fuse: fix write deadlock
exfat: fix erroneous discard when clear cluster bit
sfc: farch: fix TX queue lookup in TX flush done handling
sfc: farch: fix TX queue lookup in TX event handling
security: commoncap: fix -Wstringop-overread warning
Fix misc new gcc warnings
jffs2: check the validity of dstlen in jffs2_zlib_compress()
smb3: when mounting with multichannel include it in requested capabilities
smb3: do not attempt multichannel to server which does not support it
Revert
|
||
Vivek Goyal
|
1c525c2656 |
fuse: fix write deadlock
commit 4f06dd92b5d0a6f8eec6a34b8d6ef3e1f4ac1e10 upstream.
There are two modes for write(2) and friends in fuse:
a) write through (update page cache, send sync WRITE request to userspace)
b) buffered write (update page cache, async writeout later)
The write through method kept all the page cache pages locked that were
used for the request. Keeping more than one page locked is deadlock prone
and Qian Cai demonstrated this with trinity fuzzing.
The reason for keeping the pages locked is that concurrent mapped reads
shouldn't try to pull possibly stale data into the page cache.
For full page writes, the easy way to fix this is to make the cached page
be the authoritative source by marking the page PG_uptodate immediately.
After this the page can be safely unlocked, since mapped/cached reads will
take the written data from the cache.
Concurrent mapped writes will now cause data in the original WRITE request
to be updated; this however doesn't cause any data inconsistency and this
scenario should be exceedingly rare anyway.
If the WRITE request returns with an error in the above case, currently the
page is not marked uptodate; this means that a concurrent read will always
read consistent data. After this patch the page is uptodate between
writing to the cache and receiving the error: there's window where a cached
read will read the wrong data. While theoretically this could be a
regression, it is unlikely to be one in practice, since this is normal for
buffered writes.
In case of a partial page write to an already uptodate page the locking is
also unnecessary, with the above caveats.
Partial write of a not uptodate page still needs to be handled. One way
would be to read the complete page before doing the write. This is not
possible, since it might break filesystems that don't expect any READ
requests when the file was opened O_WRONLY.
The other solution is to serialize the synchronous write with reads from
the partial pages. The easiest way to do this is to keep the partial pages
locked. The problem is that a write() may involve two such pages (one head
and one tail). This patch fixes it by only locking the partial tail page.
If there's a partial head page as well, then split that off as a separate
WRITE request.
Reported-by: Qian Cai <cai@lca.pw>
Link: https://lore.kernel.org/linux-fsdevel/4794a3fa3742a5e84fb0f934944204b55730829b.camel@lca.pw/
Fixes:
|
||
|
Greg Kroah-Hartman
|
061e6e09f0 |
This is the 5.10.25 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmBVw+cACgkQONu9yGCS aT4BtQ/+OeqUYFERtd0OdP2UezLl8gOFeRsI3K8aIoWh+kR/gluR93y12CNszbzY i3R3BNf+zUpljqFG6LPwy0PHOpi6AnlbS6RzBzOliFGbagDQWlq2kg+xN9/UMgCS vXZZPjWnUwj303S1qrDCfAl1VM+KYmDMxV3XOvrzYeKztR2TW29oBE617LpFx24H itAxSIxjxf5zzBBmbXoNe692WJgYRssIvL0hLFHpMc5sjXJfRyZJ9YmQIed8RA0u R1JSxlH3iDiqzbGkt8wK6Dy97cBl4qt5Djucdt14u0qa3DAqoGgm861p2P8yNTiv E3akZWzsTlRd57xog52rI4z08Pi88rGsW31SWflwQnXiZNjasOR2mc2IL/ixRwIW D6YZPmFEtlVk4EeprUe7yovK76om+fbuW5hEaGFr6oWxR9dsg8lbAVt2FJvNUemE HJWVY/bgGPyNukuy/Sk0tRkE4CMG208pxtQTGEhDDdiFKHWidh6KDj1dZjUrigmd 1bUy2dV58rwa+HpIvyoBRM83Rd8Cy1ojH3kKCgrwxPxwhIKzrRVC2JaIu3k/BCBe UfBE5DcmFxrYXHIeVk2ydDzEzdbROrtwjru2oGylckVPiIjb6OdtOgaCB/M3oF9N M8Q8euPQsNRHn8oD/tDGIG0Fn9FLDjTxO+3d30ancYmENiWeNsk= =qWNl -----END PGP SIGNATURE----- Merge 5.10.25 into android12-5.10-lts Changes in 5.10.25 crypto: aesni - Use TEST %reg,%reg instead of CMP $0,%reg crypto: x86/aes-ni-xts - use direct calls to and 4-way stride bpf: Prohibit alu ops for pointer types not defining ptr_limit bpf: Fix off-by-one for area size in creating mask to left bpf: Simplify alu_limit masking for pointer arithmetic bpf: Add sanity check for upper ptr_limit bpf, selftests: Fix up some test_verifier cases for unprivileged RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes fuse: fix live lock in fuse_iget() Revert "nfsd4: remove check_conflicting_opens warning" Revert "nfsd4: a client's own opens needn't prevent delegations" ALSA: usb-audio: Don't avoid stopping the stream at disconnection net: dsa: b53: Support setting learning on port Linux 5.10.25 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I0a19cd5f8dda58a2fa8fdfbe7cbabd2c32cb57bd |
||
|
Amir Goldstein
|
d955f13ea2 |
fuse: fix live lock in fuse_iget()
commit 775c5033a0d164622d9d10dd0f0a5531639ed3ed upstream.
Commit 5d069dbe8aaf ("fuse: fix bad inode") replaced make_bad_inode()
in fuse_iget() with a private implementation fuse_make_bad().
The private implementation fails to remove the bad inode from inode
cache, so the retry loop with iget5_locked() finds the same bad inode
and marks it bad forever.
kmsg snip:
[ ] rcu: INFO: rcu_sched self-detected stall on CPU
...
[ ] ? bit_wait_io+0x50/0x50
[ ] ? fuse_init_file_inode+0x70/0x70
[ ] ? find_inode.isra.32+0x60/0xb0
[ ] ? fuse_init_file_inode+0x70/0x70
[ ] ilookup5_nowait+0x65/0x90
[ ] ? fuse_init_file_inode+0x70/0x70
[ ] ilookup5.part.36+0x2e/0x80
[ ] ? fuse_init_file_inode+0x70/0x70
[ ] ? fuse_inode_eq+0x20/0x20
[ ] iget5_locked+0x21/0x80
[ ] ? fuse_inode_eq+0x20/0x20
[ ] fuse_iget+0x96/0x1b0
Fixes: 5d069dbe8aaf ("fuse: fix bad inode")
Cc: stable@vger.kernel.org # 5.10+
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Alessio Balsini
|
32c13ae5ff |
FROMLIST: fuse: Introduce passthrough for mmap
Enabling FUSE passthrough for mmap-ed operations not only affects performance, but has also been shown as mandatory for the correct functioning of FUSE passthrough. yanwu noticed [1] that a FUSE file with passthrough enabled may suffer data inconsistencies if the same file is also accessed with mmap. What happens is that read/write operations are directly applied to the lower file system (and its cache), while mmap-ed operations are affecting the FUSE cache. Extend the FUSE passthrough implementation to also handle memory-mapped FUSE file, to both fix the cache inconsistencies and extend the passthrough performance benefits to mmap-ed operations. [1] https://lore.kernel.org/lkml/20210119110654.11817-1-wu-yan@tcl.com/ Bug: 168023149 Link: https://lore.kernel.org/lkml/20210125153057.3623715-9-balsini@android.com/ Signed-off-by: Alessio Balsini <balsini@android.com> Change-Id: Ifad4698b0380f6e004c487940ac6907b9a9f2964 Signed-off-by: Alessio Balsini <balsini@google.com> |
||
|
Alessio Balsini
|
aa29f32988 |
FROMLIST: fuse: Use daemon creds in passthrough mode
When using FUSE passthrough, read/write operations are directly forwarded to the lower file system file through VFS, but there is no guarantee that the process that is triggering the request has the right permissions to access the lower file system. This would cause the read/write access to fail. In passthrough file systems, where the FUSE daemon is responsible for the enforcement of the lower file system access policies, often happens that the process dealing with the FUSE file system doesn't have access to the lower file system. Being the FUSE daemon in charge of implementing the FUSE file operations, that in the case of read/write operations usually simply results in the copy of memory buffers from/to the lower file system respectively, these operations are executed with the FUSE daemon privileges. This patch adds a reference to the FUSE daemon credentials, referenced at FUSE_DEV_IOC_PASSTHROUGH_OPEN ioctl() time so that they can be used to temporarily raise the user credentials when accessing lower file system files in passthrough. The process accessing the FUSE file with passthrough enabled temporarily receives the privileges of the FUSE daemon while performing read/write operations. Similar behavior is implemented in overlayfs. These privileges will be reverted as soon as the IO operation completes. This feature does not provide any higher security privileges to those processes accessing the FUSE file system with passthrough enabled. This is because it is still the FUSE daemon responsible for enabling or not the passthrough feature at file open time, and should enable the feature only after appropriate access policy checks. Bug: 168023149 Link: https://lore.kernel.org/lkml/20210125153057.3623715-8-balsini@android.com/ Signed-off-by: Alessio Balsini <balsini@android.com> Change-Id: Idb4f03a2ce7c536691e5eaf8fadadfcf002e1677 Signed-off-by: Alessio Balsini <balsini@google.com> |
||
|
Alessio Balsini
|
b10e3c9c24 |
FROMLIST: fuse: Introduce synchronous read and write for passthrough
All the read and write operations performed on fuse_files which have the passthrough feature enabled are forwarded to the associated lower file system file via VFS. Sending the request directly to the lower file system avoids the userspace round-trip that, because of possible context switches and additional operations might reduce the overall performance, especially in those cases where caching doesn't help, for example in reads at random offsets. Verifying if a fuse_file has a lower file system file associated with can be done by checking the validity of its passthrough_filp pointer. This pointer is not NULL only if passthrough has been successfully enabled via the appropriate ioctl(). When a read/write operation is requested for a FUSE file with passthrough enabled, a new equivalent VFS request is generated, which instead targets the lower file system file. The VFS layer performs additional checks that allow for safer operations but may cause the operation to fail if the process accessing the FUSE file system does not have access to the lower file system. This change only implements synchronous requests in passthrough, returning an error in the case of asynchronous operations, yet covering the majority of the use cases. Bug: 168023149 Link: https://lore.kernel.org/lkml/20210125153057.3623715-6-balsini@android.com/ Signed-off-by: Alessio Balsini <balsini@android.com> Change-Id: Ifbe6a247fe7338f87d078fde923f0252eeaeb668 Signed-off-by: Alessio Balsini <balsini@google.com> |
||
|
Alessio Balsini
|
9634f0e4e2 |
FROMLIST: fuse: Definitions and ioctl for passthrough
Expose the FUSE_PASSTHROUGH interface to user space and declare all the basic data structures and functions as the skeleton on top of which the FUSE passthrough functionality will be built. As part of this, introduce the new FUSE passthrough ioctl, which allows the FUSE daemon to specify a direct connection between a FUSE file and a lower file system file. Such ioctl requires user space to pass the file descriptor of one of its opened files through the fuse_passthrough_out data structure introduced in this patch. This structure includes extra fields for possible future extensions. Also, add the passthrough functions for the set-up and tear-down of the data structures and locks that will be used both when fuse_conns and fuse_files are created/deleted. Bug: 168023149 Link: https://lore.kernel.org/lkml/20210125153057.3623715-4-balsini@android.com/ Signed-off-by: Alessio Balsini <balsini@android.com> Change-Id: I732532581348adadda5b5048a9346c2b0868d539 Signed-off-by: Alessio Balsini <balsini@google.com> |
||
|
Alessio Balsini
|
95209e20ae |
Revert "FROMLIST: fuse: Definitions and ioctl() for passthrough"
This reverts commit
|
||
|
Alessio Balsini
|
fc4ac7f0c4 |
Revert "FROMLIST: fuse: Introduce synchronous read and write for passthrough"
This reverts commit
|
||
|
Alessio Balsini
|
6ee117d8c1 |
Revert "FROMLIST: fuse: Use daemon creds in passthrough mode"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
0290a41d05 |
Merge 5.10.6 into android12-5.10
Changes in 5.10.6 Revert "drm/amd/display: Fix memory leaks in S3 resume" Revert "mtd: spinand: Fix OOB read" rtc: pcf2127: move watchdog initialisation to a separate function rtc: pcf2127: only use watchdog when explicitly available dt-bindings: rtc: add reset-source property kdev_t: always inline major/minor helper functions Bluetooth: Fix attempting to set RPA timeout when unsupported ALSA: hda/realtek - Modify Dell platform name ALSA: hda/hdmi: Fix incorrect mutex unlock in silent_stream_disable() drm/i915/tgl: Fix Combo PHY DPLL fractional divider for 38.4MHz ref clock scsi: ufs: Allow an error return value from ->device_reset() scsi: ufs: Re-enable WriteBooster after device reset RDMA/core: remove use of dma_virt_ops RDMA/siw,rxe: Make emulated devices virtual in the device tree fuse: fix bad inode perf: Break deadlock involving exec_update_mutex rwsem: Implement down_read_killable_nested rwsem: Implement down_read_interruptible exec: Transform exec_update_mutex into a rw_semaphore mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start Linux 5.10.6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Id4c57a151a1e8f2162163d2337b6055f04edbe9b |
||
|
Miklos Szeredi
|
36cf9ae54b |
fuse: fix bad inode
[ Upstream commit 5d069dbe8aaf2a197142558b6fb2978189ba3454 ]
Jan Kara's analysis of the syzbot report (edited):
The reproducer opens a directory on FUSE filesystem, it then attaches
dnotify mark to the open directory. After that a fuse_do_getattr() call
finds that attributes returned by the server are inconsistent, and calls
make_bad_inode() which, among other things does:
inode->i_mode = S_IFREG;
This then confuses dnotify which doesn't tear down its structures
properly and eventually crashes.
Avoid calling make_bad_inode() on a live inode: switch to a private flag on
the fuse inode. Also add the test to ops which the bad_inode_ops would
have caught.
This bug goes back to the initial merge of fuse in 2.6.14...
Reported-by: syzbot+f427adf9324b92652ccc@syzkaller.appspotmail.com
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Tested-by: Jan Kara <jack@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Daniel Rosenberg
|
aca265111a |
ANDROID: fuse: Add support for d_canonical_path
Allows FUSE to report to inotify that it is acting as a layered filesystem. The userspace component returns a string representing the location of the underlying file. If the string cannot be resolved into a path, the top level path is returned instead. Bug: 23904372 Bug: 171780975 Test: FileObserverTest and FileObserverTestLegacyPath on cuttlefish Change-Id: Iabdca0bbedfbff59e9c820c58636a68ef9683d9f Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Alessio Balsini <balsini@google.com> |
||
Alessio Balsini
|
9ee350d7ec |
FROMLIST: fuse: Use daemon creds in passthrough mode
When using FUSE passthrough, read/write operations are directly forwarded to the lower file system file through VFS, but there is no guarantee that the process that is triggering the request has the right permissions to access the lower file system. This would cause the read/write access to fail. In passthrough file systems, where the FUSE daemon is responsible for the enforcement of the lower file system access policies, often happens that the process dealing with the FUSE file system doesn't have access to the lower file system. Being the FUSE daemon in charge of implementing the FUSE file operations, that in the case of read/write operations usually simply results in the copy of memory buffers from/to the lower file system respectively, these operations are executed with the FUSE daemon privileges. This patch adds a reference to the FUSE daemon credentials, referenced at FUSE_DEV_IOC_PASSTHROUGH_OPEN ioctl() time so that they can be used to temporarily raise the user credentials when accessing lower file system files in passthrough. The process accessing the FUSE file with passthrough enabled temporarily receives the privileges of the FUSE daemon while performing read/write operations. Similar behavior is implemented in overlayfs. These privileges will be reverted as soon as the IO operation completes. This feature does not provide any higher security privileges to those processes accessing the FUSE file system with passthrough enabled. This is because it is still the FUSE daemon responsible for enabling or not the passthrough feature at file open time, and should enable the feature only after appropriate access policy checks. Bug: 168023149 Link: https://lore.kernel.org/lkml/20201026125016.1905945-6-balsini@android.com/ Signed-off-by: Alessio Balsini <balsini@android.com> Signed-off-by: Alessio Balsini <balsini@google.com> Change-Id: I1123f8113578eb8713f2b777a1b5ec76882bd762 |
||
|
Alessio Balsini
|
f32d3e5eb8 |
FROMLIST: fuse: Introduce synchronous read and write for passthrough
All the read and write operations performed on fuse_files which have the passthrough feature enabled are forwarded to the associated lower file system file via VFS. Sending the request directly to the lower file system avoids the userspace round-trip that, because of possible context switches and additional operations might reduce the overall performance, especially in those cases where caching doesn't help, for example in reads at random offsets. Verifying if a fuse_file has a lower file system file associated with can be done by checking the validity of its passthrough_filp pointer. This pointer is not NULL only if passthrough has been successfully enabled via the appropriate ioctl(). When a read/write operation is requested for a FUSE file with passthrough enabled, a new equivalent VFS request is generated, which instead targets the lower file system file. The VFS layer performs additional checks that allow for safer operations but may cause the operation to fail if the process accessing the FUSE file system does not have access to the lower file system. This change only implements synchronous requests in passthrough, returning an error in the case of asynchronous operations, yet covering the majority of the use cases. Bug: 168023149 Link: https://lore.kernel.org/lkml/20201026125016.1905945-4-balsini@android.com/ Signed-off-by: Alessio Balsini <balsini@android.com> Signed-off-by: Alessio Balsini <balsini@google.com> Change-Id: If76bb8725e1ac567f9dbe3edb79ebb4d43d77dfb |
||
|
Alessio Balsini
|
314603f83d |
FROMLIST: fuse: Definitions and ioctl() for passthrough
Expose the FUSE_PASSTHROUGH interface to userspace and declare all the basic data structures and functions as the skeleton on top of which the FUSE passthrough functionality will be built. As part of this, introduce the new FUSE passthrough ioctl(), which allows the FUSE daemon to specify a direct connection between a FUSE file and a lower file system file. Such ioctl() requires userspace to pass the file descriptor of one of its opened files through the fuse_passthrough_out data structure introduced in this patch. This structure includes extra fields for possible future extensions. Also, add the passthrough functions for the set-up and tear-down of the data structures and locks that will be used both when fuse_conns and fuse_files are created/deleted. Bug: 168023149 Link: https://lore.kernel.org/lkml/20201026125016.1905945-2-balsini@android.com/ Signed-off-by: Alessio Balsini <balsini@android.com> Signed-off-by: Alessio Balsini <balsini@google.com> Change-Id: I6dd150b93607e10ed53f7e7975b35b6090080fa2 |
||
|
Greg Kroah-Hartman
|
caf51e6b49 |
Merge 694565356c ("Merge tag 'fuse-update-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse") into android-mainline
Steps on the way to 5.10-rc1 Resolves conflicts in: fs/fuse/fuse_i.h Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ifa200ce8fae0e3b38c86351006824c62328c00f7 |
||
Max Reitz
|
bf109c6404 |
fuse: implement crossmounts
FUSE servers can indicate crossmount points by setting FUSE_ATTR_SUBMOUNT in fuse_attr.flags. The inode will then be marked as S_AUTOMOUNT, and the .d_automount implementation creates a new submount at that location, so that the submount gets a distinct st_dev value. Note that all submounts get a distinct superblock and a distinct st_dev value, so for virtio-fs, even if the same filesystem is mounted more than once on the host, none of its mount points will have the same st_dev. We need distinct superblocks because the superblock points to the root node, but the different host mounts may show different trees (e.g. due to submounts in some of them, but not in others). Right now, this behavior is only enabled when fuse_conn.auto_submounts is set, which is the case only for virtio-fs. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Max Reitz
|
1866d779d5 |
fuse: Allow fuse_fill_super_common() for submounts
Submounts have their own superblock, which needs to be initialized. However, they do not have a fuse_fs_context associated with them, and the root node's attributes should be taken from the mountpoint's node. Extend fuse_fill_super_common() to work for submounts by making the @ctx parameter optional, and by adding a @submount_finode parameter. (There is a plain "unsigned" in an existing code block that is being indented by this commit. Extend it to "unsigned int" so checkpatch does not complain.) Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Max Reitz
|
fcee216beb |
fuse: split fuse_mount off of fuse_conn
We want to allow submounts for the same fuse_conn, but with different superblocks so that each of the submounts has its own device ID. To do so, we need to split all mount-specific information off of fuse_conn into a new fuse_mount structure, so that multiple mounts can share a single fuse_conn. We need to take care only to perform connection-level actions once (i.e. when the fuse_conn and thus the first fuse_mount are established, or when the last fuse_mount and thus the fuse_conn are destroyed). For example, fuse_sb_destroy() must invoke fuse_send_destroy() until the last superblock is released. To do so, we keep track of which fuse_mount is the root mount and perform all fuse_conn-level actions only when this fuse_mount is involved. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Max Reitz
|
8f622e9497 |
fuse: drop fuse_conn parameter where possible
With the last commit, all functions that handle some existing fuse_req no longer need to be given the associated fuse_conn, because they can get it from the fuse_req object. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Max Reitz
|
24754db272 |
fuse: store fuse_conn in fuse_req
Every fuse_req belongs to a fuse_conn. Right now, we always know which fuse_conn that is based on the respective device, but we want to allow multiple (sub)mounts per single connection, and then the corresponding filesystem is not going to be so trivial to obtain. Storing a pointer to the associated fuse_conn in every fuse_req will allow us to trivially find any request's superblock (and thus filesystem) even then. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Vivek Goyal
|
9a752d18c8 |
virtiofs: add logic to free up a memory range
Add logic to free up a busy memory range. Freed memory range will be returned to free pool. Add a worker which can be started to select and free some busy memory ranges. Process can also steal one of its busy dax ranges if free range is not available. I will refer it to as direct reclaim. If free range is not available and nothing can't be stolen from same inode, caller waits on a waitq for free range to become available. For reclaiming a range, as of now we need to hold following locks in specified order. down_write(&fi->i_mmap_sem); down_write(&fi->dax->sem); We look for a free range in following order. A. Try to get a free range. B. If not, try direct reclaim. C. If not, wait for a memory range to become free Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Vivek Goyal
|
6ae330cad6 |
virtiofs: serialize truncate/punch_hole and dax fault path
Currently in fuse we don't seem have any lock which can serialize fault
path with truncate/punch_hole path. With dax support I need one for
following reasons.
1. Dax requirement
DAX fault code relies on inode size being stable for the duration of
fault and want to serialize with truncate/punch_hole and they explicitly
mention it.
static vm_fault_t dax_iomap_pmd_fault(struct vm_fault *vmf, pfn_t *pfnp,
const struct iomap_ops *ops)
/*
* Check whether offset isn't beyond end of file now. Caller is
* supposed to hold locks serializing us with truncate / punch hole so
* this is a reliable test.
*/
max_pgoff = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE);
2. Make sure there are no users of pages being truncated/punch_hole
get_user_pages() might take references to page and then do some DMA
to said pages. Filesystem might truncate those pages without knowing
that a DMA is in progress or some I/O is in progress. So use
dax_layout_busy_page() to make sure there are no such references
and I/O is not in progress on said pages before moving ahead with
truncation.
3. Limitation of kvm page fault error reporting
If we are truncating file on host first and then removing mappings in
guest lateter (truncate page cache etc), then this could lead to a
problem with KVM. Say a mapping is in place in guest and truncation
happens on host. Now if guest accesses that mapping, then host will
take a fault and kvm will either exit to qemu or spin infinitely.
IOW, before we do truncation on host, we need to make sure that guest
inode does not have any mapping in that region or whole file.
4. virtiofs memory range reclaim
Soon I will introduce the notion of being able to reclaim dax memory
ranges from a fuse dax inode. There also I need to make sure that
no I/O or fault is going on in the reclaimed range and nobody is using
it so that range can be reclaimed without issues.
Currently if we take inode lock, that serializes read/write. But it does
not do anything for faults. So I add another semaphore fuse_inode->i_mmap_sem
for this purpose. It can be used to serialize with faults.
As of now, I am adding taking this semaphore only in dax fault path and
not regular fault path because existing code does not have one. May
be existing code can benefit from it as well to take care of some
races, but that we can fix later if need be. For now, I am just focussing
only on DAX path which is new path.
Also added logic to take fuse_inode->i_mmap_sem in
truncate/punch_hole/open(O_TRUNC) path to make sure file truncation and
fuse dax fault are mutually exlusive and avoid all the above problems.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Dave Chinner <david@fromorbit.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
||
|
Vivek Goyal
|
c2d0ad00d9 |
virtiofs: implement dax read/write operations
This patch implements basic DAX support. mmap() is not implemented yet and will come in later patches. This patch looks into implemeting read/write. We make use of interval tree to keep track of per inode dax mappings. Do not use dax for file extending writes, instead just send WRITE message to daemon (like we do for direct I/O path). This will keep write and i_size change atomic w.r.t crash. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com> Signed-off-by: Peng Tao <tao.peng@linux.alibaba.com> Cc: Dave Chinner <david@fromorbit.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
Stefan Hajnoczi
|
fd1a1dc6f5 |
virtiofs: implement FUSE_INIT map_alignment field
The device communicates FUSE_SETUPMAPPING/FUSE_REMOVMAPPING alignment constraints via the FUST_INIT map_alignment field. Parse this field and ensure our DAX mappings meet the alignment constraints. We don't actually align anything differently since our mappings are already 2MB aligned. Just check the value when the connection is established. If it becomes necessary to honor arbitrary alignments in the future we'll have to adjust how mappings are sized. The upshot of this commit is that we can be confident that mappings will work even when emulating x86 on Power and similar combinations where the host page sizes are different. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Vivek Goyal
|
1dd539577c |
virtiofs: add a mount option to enable dax
Add a mount option to allow using dax with virtio_fs. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Vivek Goyal
|
f4fd4ae354 |
virtiofs: get rid of no_mount_options
This option was introduced so that for virtio_fs we don't show any mounts options fuse_show_options(). Because we don't offer any of these options to be controlled by mounter. Very soon we are planning to introduce option "dax" which mounter should be able to specify. And no_mount_options does not work anymore. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
Alistair Delva
|
4c090c8696 |
ANDROID: GKI: Don't compact fuse_req when CONFIG_VIRTIO_FS=n
Otherwise we cannot enable VIRTIO_FS downstream. Bug: 161843089 Change-Id: I317b8c425ab96a1bd484b85b41ce3cb036327117 Signed-off-by: Alistair Delva <adelva@google.com> |
||
Maxim Patlasov
|
6b2fb79963 |
fuse: optimize writepages search
Re-work fi->writepages, replacing list with rb-tree. This improves performance because kernel fuse iterates through fi->writepages for each writeback page and typical number of entries is about 800 (for 100MB of fuse writeback). Before patch: 10240+0 records in 10240+0 records out 10737418240 bytes (11 GB) copied, 41.3473 s, 260 MB/s 2 1 0 57445400 40416 6323676 0 0 33 374743 8633 19210 1 8 88 3 0 29.86% [kernel] [k] _raw_spin_lock 26.62% [fuse] [k] fuse_page_is_writeback After patch: 10240+0 records in 10240+0 records out 10737418240 bytes (11 GB) copied, 21.4954 s, 500 MB/s 2 9 0 53676040 31744 10265984 0 0 64 854790 10956 48387 1 6 88 6 0 23.55% [kernel] [k] copy_user_enhanced_fast_string 9.87% [kernel] [k] __memcpy 3.10% [kernel] [k] _raw_spin_lock Signed-off-by: Maxim Patlasov <mpatlasov@virtuozzo.com> Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Vivek Goyal
|
bb737bbe48 |
virtiofs: schedule blocking async replies in separate worker
In virtiofs (unlike in regular fuse) processing of async replies is
serialized. This can result in a deadlock in rare corner cases when
there's a circular dependency between the completion of two or more async
replies.
Such a deadlock can be reproduced with xfstests:generic/503 if TEST_DIR ==
SCRATCH_MNT (which is a misconfiguration):
- Process A is waiting for page lock in worker thread context and blocked
(virtio_fs_requests_done_work()).
- Process B is holding page lock and waiting for pending writes to
finish (fuse_wait_on_page_writeback()).
- Write requests are waiting in virtqueue and can't complete because
worker thread is blocked on page lock (process A).
Fix this by creating a unique work_struct for each async reply that can
block (O_DIRECT read).
Fixes:
|
||
|
Miklos Szeredi
|
3e8cb8b2ea |
fuse: fix stack use after return
Normal, synchronous requests will have their args allocated on the stack.
After the FR_FINISHED bit is set by receiving the reply from the userspace
fuse server, the originating task may return and reuse the stack frame,
resulting in an Oops if the args structure is dereferenced.
Fix by setting a flag in the request itself upon initializing, indicating
whether it has an asynchronous ->end() callback.
Reported-by: Kyle Sanderson <kyle.leet@gmail.com>
Reported-by: Michael Stapelberg <michael+lkml@stapelberg.ch>
Fixes:
|
||
|
Miklos Szeredi
|
eb59bd17d2 |
fuse: verify attributes
If a filesystem returns negative inode sizes, future reads on the file were
causing the cpu to spin on truncate_pagecache.
Create a helper to validate the attributes. This now does two things:
- check the file mode
- check if the file size fits in i_size without overflowing
Reported-by: Arijit Banerjee <arijit@rubrik.com>
Fixes:
|
||
|
Miklos Szeredi
|
3f22c74671 |
virtio-fs: don't show mount options
Virtio-fs does not accept any mount options, so it's confusing and wrong to show any in /proc/mounts. Reported-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Stefan Hajnoczi
|
a62a8ef9d9 |
virtio-fs: add virtiofs filesystem
Add a basic file system module for virtio-fs. This does not yet contain shared data support between host and guest or metadata coherency speedups. However it is already significantly faster than virtio-9p. Design Overview =============== With the goal of designing something with better performance and local file system semantics, a bunch of ideas were proposed. - Use fuse protocol (instead of 9p) for communication between guest and host. Guest kernel will be fuse client and a fuse server will run on host to serve the requests. - For data access inside guest, mmap portion of file in QEMU address space and guest accesses this memory using dax. That way guest page cache is bypassed and there is only one copy of data (on host). This will also enable mmap(MAP_SHARED) between guests. - For metadata coherency, there is a shared memory region which contains version number associated with metadata and any guest changing metadata updates version number and other guests refresh metadata on next access. This is yet to be implemented. How virtio-fs differs from existing approaches ============================================== The unique idea behind virtio-fs is to take advantage of the co-location of the virtual machine and hypervisor to avoid communication (vmexits). DAX allows file contents to be accessed without communication with the hypervisor. The shared memory region for metadata avoids communication in the common case where metadata is unchanged. By replacing expensive communication with cheaper shared memory accesses, we expect to achieve better performance than approaches based on network file system protocols. In addition, this also makes it easier to achieve local file system semantics (coherency). These techniques are not applicable to network file system protocols since the communications channel is bypassed by taking advantage of shared memory on a local machine. This is why we decided to build virtio-fs rather than focus on 9P or NFS. Caching Modes ============= Like virtio-9p, different caching modes are supported which determine the coherency level as well. The “cache=FOO” and “writeback” options control the level of coherence between the guest and host filesystems. - cache=none metadata, data and pathname lookup are not cached in guest. They are always fetched from host and any changes are immediately pushed to host. - cache=always metadata, data and pathname lookup are cached in guest and never expire. - cache=auto metadata and pathname lookup cache expires after a configured amount of time (default is 1 second). Data is cached while the file is open (close to open consistency). - writeback/no_writeback These options control the writeback strategy. If writeback is disabled, then normal writes will immediately be synchronized with the host fs. If writeback is enabled, then writes may be cached in the guest until the file is closed or an fsync(2) performed. This option has no effect on mmap-ed writes or writes going through the DAX mechanism. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Vivek Goyal
|
15c8e72e88 |
fuse: allow skipping control interface and forced unmount
virtio-fs does not support aborting requests which are being processed. That is requests which have been sent to fuse daemon on host. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Miklos Szeredi
|
783863d647 |
fuse: dissociate DESTROY from fuseblk
Allow virtio-fs to also send DESTROY request. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |