afc997898e
9586 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
afc997898e |
This is the 5.10.85 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmG4cugACgkQONu9yGCS
aT4+uxAAiLJvOIA6ElsmMq2c3pNu9UDPh58j1FlmhggAxr7baIvR1UuEZURTSLW9
pnu+r9bHkhJGBOpANfPJAQZqv+JtCi3crMhw0mwHJ0Mls3TNSmclzB1+jGM4w93E
cT+5hoDeQqwZwpKYvWI7u9UGEE0BXluVTRCvmuncaJ8wGbxnDgV0AEXe32XDlFxB
kSLAXO1FFn8Z1yMg9BMVURU9IAszdwCIhqbcNWnPunOPowdHDWBJdF7eSZUqmJfq
TMyFgm6c6ENbBrwYt+9qf+1oS/D9r6TEjwaFoRJ4ApWSAD4iKV7U6dA0rxm9mrMl
nSAxNXuSXXYszoYjrxPPRGhCY/URahs1Vmju1WK//4vz3brxk5N88T+2nN7PMYKn
bIHGTl9SadlrHvi/OBqOvbsNMHX+ln/V/y7ct0fsxXeNBHYXdXCtimRDvtsj9kmp
HO9OLXVsF6DUM22ODW28Vxt7HGN3XQzs0y2jwfzdMV81p3oEqP9wWQITwG2LVVAE
WdkvQ/3ugdkR9F15Vp0cjkbJQLN4UbYUJW5K7SZTW013TgsYyIHQrP5qj9xvfwNt
KdILXVMH2JqPXAkRqmFqIeNIUX2oevWwpgV/SwqIj3T5ytmXPluZsaMlGg5xZ401
Xuhp0LPU6rl+wcCt1bInZvn8nrTVDADpao7xTbSyoel5TAunVrk=
=u1Am
-----END PGP SIGNATURE-----
Merge 5.10.85 into android12-5.10-lts
Changes in 5.10.85
usb: gadget: uvc: fix multiple opens
gcc-plugins: simplify GCC plugin-dev capability test
gcc-plugins: fix gcc 11 indigestion with plugins...
HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
HID: google: add eel USB id
HID: add hid_is_usb() function to make it simpler for USB detection
HID: add USB_HID dependancy to hid-prodikeys
HID: add USB_HID dependancy to hid-chicony
HID: add USB_HID dependancy on some USB HID drivers
HID: bigbenff: prevent null pointer dereference
HID: wacom: fix problems when device is not a valid USB device
HID: check for valid USB device for many HID drivers
nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups
IB/hfi1: Insure use of smp_processor_id() is preempt disabled
IB/hfi1: Fix early init panic
IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr
can: kvaser_usb: get CAN clock frequency from device
can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter
can: sja1000: fix use after free in ems_pcmcia_add_card()
x86/sme: Explicitly map new EFI memmap table as encrypted
drm/amd/amdkfd: adjust dummy functions' placement
drm/amdkfd: separate kfd_iommu_resume from kfd_resume
drm/amdgpu: add amdgpu_amdkfd_resume_iommu
drm/amdgpu: move iommu_resume before ip init/resume
drm/amdgpu: init iommu after amdkfd device init
drm/amdkfd: fix boot failure when iommu is disabled in Picasso.
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
selftests: netfilter: add a vrf+conntrack testcase
vrf: don't run conntrack on vrf with !dflt qdisc
bpf, x86: Fix "no previous prototype" warning
bpf: Fix the off-by-two error in range markings
ice: ignore dropped packets during init
bonding: make tx_rebalance_counter an atomic
nfp: Fix memory leak in nfp_cpp_area_cache_add()
seg6: fix the iif in the IPv6 socket control block
udp: using datalen to cap max gso segments
netfilter: conntrack: annotate data-races around ct->timeout
iavf: restore MSI state on reset
iavf: Fix reporting when setting descriptor count
IB/hfi1: Correct guard on eager buffer deallocation
devlink: fix netns refcount leak in devlink_nl_cmd_reload()
net/sched: fq_pie: prevent dismantle issue
KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall
mm: bdi: initialize bdi_min_ratio when bdi is unregistered
ALSA: ctl: Fix copy of updated id with element read/write
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1
ALSA: pcm: oss: Fix negative period/buffer sizes
ALSA: pcm: oss: Limit the period size to 16MB
ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
scsi: qla2xxx: Format log strings only if needed
btrfs: clear extent buffer uptodate when we fail to write it
btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling
md: fix update super 1.0 on rdev size change
nfsd: fix use-after-free due to delegation race
nfsd: Fix nsfd startup race (again)
tracefs: Have new files inherit the ownership of their parent
mmc: renesas_sdhi: initialize variable properly when tuning
clk: qcom: regmap-mux: fix parent clock lookup
drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence.
can: pch_can: pch_can_rx_normal: fix use after free
can: m_can: Disable and ignore ELO interrupt
libata: add horkage for ASMedia 1092
wait: add wake_up_pollfree()
binder: use wake_up_pollfree()
signalfd: use wake_up_pollfree()
aio: keep poll requests on waitqueue until completed
aio: fix use-after-free due to missing POLLFREE handling
net: mvpp2: fix XDP rx queues registering
tracefs: Set all files to the same group ownership as the mount option
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
scsi: scsi_debug: Fix buffer size of REPORT ZONES command
qede: validate non LSO skb length
PM: runtime: Fix pm_runtime_active() kerneldoc comment
ASoC: rt5682: Fix crash due to out of scope stack vars
ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer
ASoC: codecs: wsa881x: fix return values from kcontrol put
ASoC: codecs: wcd934x: handle channel mappping list correctly
ASoC: codecs: wcd934x: return correct value from mixer put
RDMA/hns: Do not halt commands during reset until later
RDMA/hns: Do not destroy QP resources in the hw resetting phase
clk: imx: use module_platform_driver
i40e: Fix failed opcode appearing if handling messages from VF
i40e: Fix pre-set max number of queues for VF
mtd: rawnand: fsmc: Take instruction delay into account
mtd: rawnand: fsmc: Fix timing computation
i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge"
perf tools: Fix SMT detection fast read path
Documentation/locking/locktypes: Update migrate_disable() bits.
dt-bindings: net: Reintroduce PHY no lane swap binding
tools build: Remove needless libpython-version feature check that breaks test-all fast path
net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
net: altera: set a couple error code in probe()
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
net, neigh: clear whole pneigh_entry at alloc time
net/qla3xxx: fix an error code in ql_adapter_up()
selftests/fib_tests: Rework fib_rp_filter_test()
USB: gadget: detect too-big endpoint 0 requests
USB: gadget: zero allocate endpoint 0 buffers
usb: core: config: fix validation of wMaxPacketValue entries
xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending
usb: core: config: using bit mask instead of individual bits
xhci: avoid race between disable slot command and host runtime suspend
iio: gyro: adxrs290: fix data signedness
iio: trigger: Fix reference counting
iio: trigger: stm32-timer: fix MODULE_ALIAS
iio: stk3310: Don't return error code in interrupt handler
iio: mma8452: Fix trigger reference couting
iio: ltr501: Don't return error code in trigger handler
iio: kxsd9: Don't return error code in trigger handler
iio: itg3200: Call iio_trigger_notify_done() on error
iio: dln2-adc: Fix lockdep complaint
iio: dln2: Check return value of devm_iio_trigger_register()
iio: at91-sama5d2: Fix incorrect sign extension
iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda
iio: adc: axp20x_adc: fix charging current reporting on AXP22x
iio: ad7768-1: Call iio_trigger_notify_done() on error
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
csky: fix typo of fpu config macro
irqchip/aspeed-scu: Replace update_bits with write_bits.
irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
irqchip: nvic: Fix offset for Interrupt Priority Offsets
misc: fastrpc: fix improper packet size calculation
bpf: Add selftests to cover packet access corner cases
kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc
doc: gcc-plugins: update gcc-plugins.rst
MAINTAINERS: adjust GCC PLUGINS after gcc-plugin.sh removal
Documentation/Kbuild: Remove references to gcc-plugin.sh
Linux 5.10.85
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I351da1b00f30a370b021125180a48b1c1ecb97ce
|
||
Qu Wenruo
|
caf9b352dc |
btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling
commit 8289ed9f93bef2762f9184e136d994734b16d997 upstream. I hit the BUG_ON() with generic/475 test case, and to my surprise, all callers of btrfs_del_root_ref() are already aborting transaction, thus there is not need for such BUG_ON(), just go to @out label and caller will properly handle the error. CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Josef Bacik
|
41b3cc57d6 |
btrfs: clear extent buffer uptodate when we fail to write it
commit c2e39305299f0118298c2201f6d6cc7d3485f29e upstream. I got dmesg errors on generic/281 on our overnight fstests. Looking at the history this happens occasionally, with errors like this WARNING: CPU: 0 PID: 673217 at fs/btrfs/extent_io.c:6848 assert_eb_page_uptodate+0x3f/0x50 CPU: 0 PID: 673217 Comm: kworker/u4:13 Tainted: G W 5.16.0-rc2+ #469 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 Workqueue: btrfs-cache btrfs_work_helper RIP: 0010:assert_eb_page_uptodate+0x3f/0x50 RSP: 0018:ffffae598230bc60 EFLAGS: 00010246 RAX: 0017ffffc0002112 RBX: ffffebaec4100900 RCX: 0000000000001000 RDX: ffffebaec45733c7 RSI: ffffebaec4100900 RDI: ffff9fd98919f340 RBP: 0000000000000d56 R08: ffff9fd98e300000 R09: 0000000000000000 R10: 0001207370a91c50 R11: 0000000000000000 R12: 00000000000007b0 R13: ffff9fd98919f340 R14: 0000000001500000 R15: 0000000001cb0000 FS: 0000000000000000(0000) GS:ffff9fd9fbc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f549fcf8940 CR3: 0000000114908004 CR4: 0000000000370ef0 Call Trace: extent_buffer_test_bit+0x3f/0x70 free_space_test_bit+0xa6/0xc0 load_free_space_tree+0x1d6/0x430 caching_thread+0x454/0x630 ? rcu_read_lock_sched_held+0x12/0x60 ? rcu_read_lock_sched_held+0x12/0x60 ? rcu_read_lock_sched_held+0x12/0x60 ? lock_release+0x1f0/0x2d0 btrfs_work_helper+0xf2/0x3e0 ? lock_release+0x1f0/0x2d0 ? finish_task_switch.isra.0+0xf9/0x3a0 process_one_work+0x270/0x5a0 worker_thread+0x55/0x3c0 ? process_one_work+0x5a0/0x5a0 kthread+0x174/0x1a0 ? set_kthread_struct+0x40/0x40 ret_from_fork+0x1f/0x30 This happens because we're trying to read from a extent buffer page that is !PageUptodate. This happens because we will clear the page uptodate when we have an IO error, but we don't clear the extent buffer uptodate. If we do a read later and find this extent buffer we'll think its valid and not return an error, and then trip over this warning. Fix this by also clearing uptodate on the extent buffer when this happens, so that we get an error when we do a btrfs_search_slot() and find this block later. CC: stable@vger.kernel.org # 5.4+ Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
1b71a028a2 |
This is the 5.10.84 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmGwZtwACgkQONu9yGCS aT7dQhAAjnlFKkXb+omHKQNkSHbD0ynEkxwtQfNFt1kcWcpJy5Df9xyNXQBohnqr Y0KUowpVF8gkXOelbdMrK5P6k28SpT2k+UMnUtZLNR6qMNlOY371BDasfi/dqWWR 1JdLtQe6JVvwxo+6INRqEO27Ocyc1PbLZSo7i3Ik2+7mIRjN7+k1apFG0HOLEHIP 3oMWDgnyQp3gTBvTFG0Vrd4f9AwrHq4JoVrhruNLqIYajlQ8dPPjuJ9alTifRddD eWY10Z21jAFib4WHgy6wXBVv3L5Np19liYMzv02o5pzFV1nLJCnKDA79jV7a2i2H lVmVpcWG0Yagyu8MW0hmOewqPXpAJH/C8g75mXeja546vCnvccNx1OXNOR4ux5Es IpEFAV+DnjSYgu88Cw6kF8j/B9x1n90sgywCWbRwAMJ1zX9/tvvLWSe8HpfZ2jvo Iuw6XDTL84DDuHY4yiK2fofxZvXp+Hk+c0Betu6GoQvoGaDRD8IWIceDWgiqy+V7 fOrLitl8lbk1yjD7bDZMpEIgzQaaxJu6d+YWzy+PibZxQzOKHPC5gqEmajJd7ZWm OJ48SrNxyfjRZP/3NBgXOxje3lz3WkCdiPQrSQOQxoe+kdW5ZFuXDapWSO4dZfSe 6XPOD/d+KVLNDQby3WnVB2MMlufHFnCs4wPgb13jfyiEbxifp+A= =D40k -----END PGP SIGNATURE----- Merge 5.10.84 into android12-5.10-lts Changes in 5.10.84 NFSv42: Fix pagecache invalidation after COPY/CLONE can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM ovl: simplify file splice ovl: fix deadlock in splice write gfs2: release iopen glock early in evict gfs2: Fix length of holes reported at end-of-file powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY mac80211: do not access the IV when it was stripped net/smc: Transfer remaining wait queue entries during fallback atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait net: return correct error code platform/x86: thinkpad_acpi: Add support for dual fan control platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep s390/setup: avoid using memblock_enforce_memory_limit btrfs: check-integrity: fix a warning on write caching disabled disk thermal: core: Reset previous low and high trip during thermal zone init scsi: iscsi: Unblock session then wake up error handler drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again drm/amd/amdgpu: fix potential memleak ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() ipv6: check return value of ipv6_skip_exthdr net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() perf inject: Fix ARM SPE handling perf hist: Fix memory leak of a perf_hpp_fmt perf report: Fix memory leaks around perf_tip() net/smc: Avoid warning of possible recursive locking ACPI: Add stubs for wakeup handler functions vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit kprobes: Limit max data_size of the kretprobe instances rt2x00: do not mark device gone on EPROTO errors during start ipmi: Move remove_work to dedicated workqueue cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink() s390/pci: move pseudo-MMIO to prevent MIO overlap fget: check that the fd still exists after getting a ref to it sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl ipv6: fix memory leak in fib6_rule_suppress drm/amd/display: Allow DSC on supported MST branch devices KVM: Disallow user memslot with size that exceeds "unsigned long" KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST KVM: x86: Use a stable condition around all VT-d PI paths KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 to 1 KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() tracing/histograms: String compares should not care about signed values wireguard: selftests: increase default dmesg log size wireguard: allowedips: add missing __rcu annotation to satisfy sparse wireguard: selftests: actually test for routing loops wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST wireguard: device: reset peer src endpoint when netns exits wireguard: receive: use ring buffer for incoming handshakes wireguard: receive: drop handshakes if queue lock is contended wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() i2c: stm32f7: flush TX FIFO upon transfer errors i2c: stm32f7: recover the bus on access timeout i2c: stm32f7: stop dma transfer in case of NACK i2c: cbus-gpio: set atomic transfer callback natsemi: xtensa: fix section mismatch warnings tcp: fix page frag corruption on page fault net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() net: mpls: Fix notifications when deleting a device siphash: use _unaligned version by default arm64: ftrace: add missing BTIs net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() selftests: net: Correct case name mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode ASoC: tegra: Fix wrong value type in ADMAIF ASoC: tegra: Fix wrong value type in I2S ASoC: tegra: Fix wrong value type in DMIC ASoC: tegra: Fix wrong value type in DSPK ASoC: tegra: Fix kcontrol put callback in ADMAIF ASoC: tegra: Fix kcontrol put callback in I2S ASoC: tegra: Fix kcontrol put callback in DMIC ASoC: tegra: Fix kcontrol put callback in DSPK ASoC: tegra: Fix kcontrol put callback in AHUB rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() ALSA: intel-dsp-config: add quirk for CML devices based on ES8336 codec net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available net: marvell: mvpp2: Fix the computation of shared CPUs dpaa2-eth: destroy workqueue at the end of remove function net: annotate data-races on txq->xmit_lock_owner ipv4: convert fib_num_tclassid_users to atomic_t net/smc: fix wrong list_del in smc_lgr_cleanup_early net/rds: correct socket tunable error in rds_tcp_tune() net/smc: Keep smc_close_final rc during active close drm/msm/a6xx: Allocate enough space for GMU registers drm/msm: Do hw_init() before capturing GPU state atlantic: Increase delay for fw transactions atlatnic: enable Nbase-t speeds with base-t atlantic: Fix to display FW bundle version instead of FW mac version. atlantic: Add missing DIDs and fix 115c. Remove Half duplex mode speed capabilities. atlantic: Fix statistics logic for production hardware atlantic: Remove warn trace message. KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register KVM: VMX: Set failure code in prepare_vmcs02() x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword x86/entry: Use the correct fence macro after swapgs in kernel CR3 x86/xen: Add xenpv_restore_regs_and_return_to_usermode() sched/uclamp: Fix rq->uclamp_max not set on first enqueue x86/pv: Switch SWAPGS to ALTERNATIVE x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() parisc: Fix KBUILD_IMAGE for self-extracting kernel parisc: Fix "make install" on newer debian releases vgacon: Propagate console boot parameters before calling `vc_resize' xhci: Fix commad ring abort, write all 64 bits to CRCR register. USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect x86/tsc: Add a timer to make sure TSC_adjust is always checked x86/tsc: Disable clocksource watchdog for TSC on qualified platorms x86/64/mm: Map all kernel memory into trampoline_pgd tty: serial: msm_serial: Deactivate RX DMA for polling support serial: pl011: Add ACPI SBSA UART match id serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 serial: core: fix transmit-buffer reset and memleak serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array serial: 8250_pci: rewrite pericom_do_set_divisor() serial: 8250: Fix RTS modem control while in rs485 mode iwlwifi: mvm: retry init flow if failed parisc: Mark cr16 CPU clocksource unstable on all SMP machines net/tls: Fix authentication failure in CCM mode ipmi: msghandler: Make symbol 'remove_work_wq' static Linux 5.10.84 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Iad592da28c6425dea7dca35b229d14c44edb412d |
||
Wang Yugui
|
8e4d2ac434 |
btrfs: check-integrity: fix a warning on write caching disabled disk
[ Upstream commit a91cf0ffbc244792e0b3ecf7d0fddb2f344b461f ] When a disk has write caching disabled, we skip submission of a bio with flush and sync requests before writing the superblock, since it's not needed. However when the integrity checker is enabled, this results in reports that there are metadata blocks referred by a superblock that were not properly flushed. So don't skip the bio submission only when the integrity checker is enabled for the sake of simplicity, since this is a debug tool and not meant for use in non-debug builds. fstests/btrfs/220 trigger a check-integrity warning like the following when CONFIG_BTRFS_FS_CHECK_INTEGRITY=y and the disk with WCE=0. btrfs: attempt to write superblock which references block M @5242880 (sdb2/5242880/0) which is not flushed out of disk's write cache (block flush_gen=1, dev->flush_gen=0)! ------------[ cut here ]------------ WARNING: CPU: 28 PID: 843680 at fs/btrfs/check-integrity.c:2196 btrfsic_process_written_superblock+0x22a/0x2a0 [btrfs] CPU: 28 PID: 843680 Comm: umount Not tainted 5.15.0-0.rc5.39.el8.x86_64 #1 Hardware name: Dell Inc. Precision T7610/0NK70N, BIOS A18 09/11/2019 RIP: 0010:btrfsic_process_written_superblock+0x22a/0x2a0 [btrfs] RSP: 0018:ffffb642afb47940 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000 RDX: 00000000ffffffff RSI: ffff8b722fc97d00 RDI: ffff8b722fc97d00 RBP: ffff8b5601c00000 R08: 0000000000000000 R09: c0000000ffff7fff R10: 0000000000000001 R11: ffffb642afb476f8 R12: ffffffffffffffff R13: ffffb642afb47974 R14: ffff8b5499254c00 R15: 0000000000000003 FS: 00007f00a06d4080(0000) GS:ffff8b722fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff5cff5ff0 CR3: 00000001c0c2a006 CR4: 00000000001706e0 Call Trace: btrfsic_process_written_block+0x2f7/0x850 [btrfs] __btrfsic_submit_bio.part.19+0x310/0x330 [btrfs] ? bio_associate_blkg_from_css+0xa4/0x2c0 btrfsic_submit_bio+0x18/0x30 [btrfs] write_dev_supers+0x81/0x2a0 [btrfs] ? find_get_pages_range_tag+0x219/0x280 ? pagevec_lookup_range_tag+0x24/0x30 ? __filemap_fdatawait_range+0x6d/0xf0 ? __raw_callee_save___native_queued_spin_unlock+0x11/0x1e ? find_first_extent_bit+0x9b/0x160 [btrfs] ? __raw_callee_save___native_queued_spin_unlock+0x11/0x1e write_all_supers+0x1b3/0xa70 [btrfs] ? __raw_callee_save___native_queued_spin_unlock+0x11/0x1e btrfs_commit_transaction+0x59d/0xac0 [btrfs] close_ctree+0x11d/0x339 [btrfs] generic_shutdown_super+0x71/0x110 kill_anon_super+0x14/0x30 btrfs_kill_super+0x12/0x20 [btrfs] deactivate_locked_super+0x31/0x70 cleanup_mnt+0xb8/0x140 task_work_run+0x6d/0xb0 exit_to_user_mode_prepare+0x1f0/0x200 syscall_exit_to_user_mode+0x12/0x30 do_syscall_64+0x46/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f009f711dfb RSP: 002b:00007fff5cff7928 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 000055b68c6c9970 RCX: 00007f009f711dfb RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000055b68c6c9b50 RBP: 0000000000000000 R08: 000055b68c6ca900 R09: 00007f009f795580 R10: 0000000000000000 R11: 0000000000000246 R12: 000055b68c6c9b50 R13: 00007f00a04bf184 R14: 0000000000000000 R15: 00000000ffffffff ---[ end trace 2c4b82abcef9eec4 ]--- S-65536(sdb2/65536/1) --> M-1064960(sdb2/1064960/1) Reviewed-by: Filipe Manana <fdmanana@gmail.com> Signed-off-by: Wang Yugui <wangyugui@e16-tech.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
8d21bcc704 |
This is the 5.10.82 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmGgq10ACgkQONu9yGCS
aT6KDA/+N9ysKF4cH2zdUMhDAkjCKB3YqTEsJxSfGBkJu2wuncAEEtrKy9jxC+lv
fz6BE1tduit/IQIhGTCXJlfe9NIxwU87f2v5JlHnYeXg4dz72c+Ei236l7ZvkSNE
ii8/ikHGvbbhKv+BTgcRg7jVUMMy6eEpS6iJwMNLB/sHROjZXPogFoiYjbO+Jzc5
0jTciMZv6r4yNhrdHBjhWHe6ZhB94H//Jy8MVYk37NGc5EbJmrMN83GM5ceSmhOZ
PgxxyrVTv+SdGm0XViyK+94HXWGQHLXQF+Nsu3YEZfnNI+HNSPQKTqBLPM1hV7Ak
h+IYW6VHPmcBmQzEdSA67uMKJayKtEwpkqO6aLRcj/NIThRiZoznbrtZOoGSXaU1
0MzQRPum76GA5/SVGgtB8FrE6kcFm74eq82mXvUD+rgCp0HTbIpYQK9ZKSmbFOkv
fYjcpWHZ8PEmffMbtIlVKSffVxcUILoNuQwnr21NGiRUrd54DhNPgVahmCKnvUTb
847bGU/wQJPIF/2SO1rdpaA9MrPqZ/9sMEX3nSdx7xS8D+h2wfJqAJkLq0KBYt7R
sbsXbfqbri893VHBo2YUqby3+7x3uNr118SjyiA8zpHHJpTBrVVImxSnW1z626HT
KNJU4MSulLs+settJKAw1PHGRIGuW5TGSGF94p5LcsZDM2uIabU=
=Wg4d
-----END PGP SIGNATURE-----
Merge 5.10.82 into android12-5.10-lts
Changes in 5.10.82
arm64: zynqmp: Do not duplicate flash partition label property
arm64: zynqmp: Fix serial compatible string
ARM: dts: sunxi: Fix OPPs node name
arm64: dts: allwinner: h5: Fix GPU thermal zone node name
arm64: dts: allwinner: a100: Fix thermal zone node name
staging: wfx: ensure IRQ is ready before enabling it
ARM: dts: NSP: Fix mpcore, mmc node names
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
arm64: dts: rockchip: Disable CDN DP on Pinebook Pro
arm64: dts: hisilicon: fix arm,sp805 compatible string
RDMA/bnxt_re: Check if the vlan is valid before reporting
bus: ti-sysc: Add quirk handling for reinit on context lost
bus: ti-sysc: Use context lost quirk for otg
usb: musb: tusb6010: check return value after calling platform_get_resource()
usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
ARM: dts: ux500: Skomer regulator fixes
staging: rtl8723bs: remove possible deadlock when disconnect (v2)
ARM: BCM53016: Specify switch ports for Meraki MR32
arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
arm64: dts: qcom: ipq6018: Fix qcom,controlled-remotely property
arm64: dts: freescale: fix arm,sp805 compatible string
ASoC: SOF: Intel: hda-dai: fix potential locking issue
clk: imx: imx6ul: Move csi_sel mux to correct base register
ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
scsi: advansys: Fix kernel pointer leak
ALSA: intel-dsp-config: add quirk for APL/GLK/TGL devices based on ES8336 codec
firmware_loader: fix pre-allocated buf built-in firmware use
ARM: dts: omap: fix gpmc,mux-add-data type
usb: host: ohci-tmio: check return value after calling platform_get_resource()
ARM: dts: ls1021a: move thermal-zones node out of soc/
ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
ALSA: ISA: not for M68K
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
MIPS: sni: Fix the build
scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
scsi: target: Fix ordered tag handling
scsi: target: Fix alua_tg_pt_gps_count tracking
iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
powerpc/5200: dts: fix memory node unit name
ARM: dts: qcom: fix memory and mdio nodes naming for RB3011
ALSA: gus: fix null pointer dereference on pointer block
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
powerpc/8xx: Fix Oops with STRICT_KERNEL_RWX without DEBUG_RODATA_TEST
sh: check return code of request_irq
maple: fix wrong return value of maple_bus_init().
f2fs: fix up f2fs_lookup tracepoints
f2fs: fix to use WHINT_MODE
sh: fix kconfig unmet dependency warning for FRAME_POINTER
sh: math-emu: drop unused functions
sh: define __BIG_ENDIAN for math-emu
f2fs: compress: disallow disabling compress on non-empty compressed file
f2fs: fix incorrect return value in f2fs_sanity_check_ckpt()
clk: ingenic: Fix bugs with divided dividers
clk/ast2600: Fix soc revision for AHB
clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
perf/x86/vlbr: Add c->flags to vlbr event constraints
blkcg: Remove extra blkcg_bio_issue_init
tracing/histogram: Do not copy the fixed-size char array field over the field size
perf bpf: Avoid memory leak from perf_env__insert_btf()
perf bench futex: Fix memory leak of perf_cpu_map__new()
perf tests: Remove bash construct from record+zstd_comp_decomp.sh
drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
net-zerocopy: Copy straggler unaligned data for TCP Rx. zerocopy.
net-zerocopy: Refactor skb frag fast-forward op.
tcp: Fix uninitialized access in skb frags array for Rx 0cp.
tracing: Add length protection to histogram string copies
net: ipa: disable HOLB drop when updating timer
net: bnx2x: fix variable dereferenced before check
bnxt_en: reject indirect blk offload when hw-tc-offload is off
tipc: only accept encrypted MSG_CRYPTO msgs
net: reduce indentation level in sk_clone_lock()
sock: fix /proc/net/sockstat underflow in sk_clone_lock()
net/smc: Make sure the link_id is unique
iavf: Fix return of set the new channel count
iavf: check for null in iavf_fix_features
iavf: free q_vectors before queues in iavf_disable_vf
iavf: Fix failure to exit out from last all-multicast mode
iavf: prevent accidental free of filter structure
iavf: validate pointers
iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
iavf: Fix for setting queues to 0
MIPS: generic/yamon-dt: fix uninitialized variable error
mips: bcm63xx: add support for clk_get_parent()
mips: lantiq: add support for clk_get_parent()
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
net/mlx5: Lag, update tracker when state change event received
net/mlx5: E-Switch, Change mode lock from mutex to rw semaphore
net/mlx5: E-Switch, return error if encap isn't supported
scsi: core: sysfs: Fix hang when device state is set via sysfs
net: sched: act_mirred: drop dst for the direction from egress to ingress
net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
net: virtio_net_hdr_to_skb: count transport header in UFO
i40e: Fix correct max_pkt_size on VF RX queue
i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix changing previously set num_queue_pairs for PFs
i40e: Fix ping is lost after configuring ADq on VF
i40e: Fix warning message and call stack during rmmod i40e driver
i40e: Fix creation of first queue by omitting it if is not power of two
i40e: Fix display error code in dmesg
NFC: reorganize the functions in nci_request
NFC: reorder the logic in nfc_{un,}register_device
net: nfc: nci: Change the NCI close sequence
NFC: add NCI_UNREG flag to eliminate the race
e100: fix device suspend/resume
KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
pinctrl: qcom: sdm845: Enable dual edge errata
perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
s390/kexec: fix return code handling
net: stmmac: dwmac-rk: Fix ethernet on rk3399 based devices
arm64: vdso32: suppress error message for 'make mrproper'
tun: fix bonding active backup with arp monitoring
hexagon: export raw I/O routines for modules
hexagon: clean up timer-regs.h
tipc: check for null after calling kmemdup
ipc: WARN if trying to remove ipc object which is absent
mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
powerpc/8xx: Fix pinned TLBs with CONFIG_STRICT_KERNEL_RWX
scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id()
s390/kexec: fix memory leak of ipl report buffer
block: Check ADMIN before NICE for IOPRIO_CLASS_RT
KVM: nVMX: don't use vcpu->arch.efer when checking host state on nested state load
udf: Fix crash after seekdir
net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform
btrfs: fix memory ordering between normal and ordered work functions
parisc/sticon: fix reverse colors
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
drm/amd/display: Update swizzle mode enums
drm/udl: fix control-message timeout
drm/nouveau: Add a dedicated mutex for the clients list
drm/nouveau: use drm_dev_unplug() during device removal
drm/nouveau: clean up all clients on device removal
drm/i915/dp: Ensure sink rate values are always valid
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
scsi: ufs: core: Fix task management completion
scsi: ufs: core: Fix task management completion timeout race
hugetlbfs: flush TLBs correctly after huge_pmd_unshare
RDMA/netlink: Add __maybe_unused to static inline in C file
selinux: fix NULL-pointer dereference when hashtab allocation fails
ASoC: DAPM: Cover regression by kctl change notification fix
usb: max-3421: Use driver data instead of maintaining a list of bound devices
ice: Delete always true check of PF pointer
fs: export an inode_update_time helper
btrfs: update device path inode time instead of bd_inode
x86/Kconfig: Fix an unused variable error in dell-smm-hwmon
ALSA: hda: hdac_ext_stream: fix potential locking issues
ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign()
Revert "perf: Rework perf_event_exit_event()"
Linux 5.10.82
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I56e067875dafc27c2e86fc3b8c47abb3296c6a18
|
||
|
Josef Bacik
|
2ec78af152 |
btrfs: update device path inode time instead of bd_inode
commit 54fde91f52f515e0b1514f0f0fa146e87a672227 upstream.
Christoph pointed out that I'm updating bdev->bd_inode for the device
time when we remove block devices from a btrfs file system, however this
isn't actually exposed to anything. The inode we want to update is the
one that's associated with the path to the device, usually on devtmpfs,
so that blkid notices the difference.
We still don't want to do the blkdev_open, so use kern_path() to get the
path to the given device and do the update time on that inode.
Fixes: 8f96a5bfa150 ("btrfs: update the bdev time directly when closing")
Reported-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Nikolay Borisov
|
6adbc07ebc |
btrfs: fix memory ordering between normal and ordered work functions
commit 45da9c1767ac31857df572f0a909fbe88fd5a7e9 upstream.
Ordered work functions aren't guaranteed to be handled by the same thread
which executed the normal work functions. The only way execution between
normal/ordered functions is synchronized is via the WORK_DONE_BIT,
unfortunately the used bitops don't guarantee any ordering whatsoever.
This manifested as seemingly inexplicable crashes on ARM64, where
async_chunk::inode is seen as non-null in async_cow_submit which causes
submit_compressed_extents to be called and crash occurs because
async_chunk::inode suddenly became NULL. The call trace was similar to:
pc : submit_compressed_extents+0x38/0x3d0
lr : async_cow_submit+0x50/0xd0
sp : ffff800015d4bc20
<registers omitted for brevity>
Call trace:
submit_compressed_extents+0x38/0x3d0
async_cow_submit+0x50/0xd0
run_ordered_work+0xc8/0x280
btrfs_work_helper+0x98/0x250
process_one_work+0x1f0/0x4ac
worker_thread+0x188/0x504
kthread+0x110/0x114
ret_from_fork+0x10/0x18
Fix this by adding respective barrier calls which ensure that all
accesses preceding setting of WORK_DONE_BIT are strictly ordered before
setting the flag. At the same time add a read barrier after reading of
WORK_DONE_BIT in run_ordered_work which ensures all subsequent loads
would be strictly ordered after reading the bit. This in turn ensures
are all accesses before WORK_DONE_BIT are going to be strictly ordered
before any access that can occur in ordered_func.
Reported-by: Chris Murphy <lists@colorremedies.com>
Fixes:
|
||
|
Greg Kroah-Hartman
|
c553d9a246 |
This is the 5.10.80 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmGWT+QACgkQONu9yGCS
aT5mYw//ZXKzugaeJjuIaFqr7tcM7x8EefbKd2H4oMr8SW3IFElJIbNPJGMJAG/C
tLZVWZvIum7QzZoxTL+JCCKpDzBERNTo4e5u7UwzAdVqiEX69YkNU0FBOzb4qXJ7
gOZMBhy4UMIKdKD12CSXXf7ZspocsNXfzdmulRQ7CQcPoPrIMKpc4vuagN1Fy/Dz
JgXYvRUAkLxtFHoQ/TeXvR4Gv9+w2ToMdb02mI48QBO+YYrFaGt+Rza2eHTv75H+
Lydz37Nv1Pk32tA1q2jWxCzz16+Kzn+AviKiCfQK0Fb9IqnJksUIWLHSiODlVIcf
kQHejanPn/p1BnBl8puPk1KFtDW45p2GwYhXG7hjGh08DGlR7QLHBS5Aa3xPYfdd
uOy4ctygSVTx5nLjPH5vr3OE0wk/TuSSf/eyk2fmcUCspwAgBOnSYSmnJOem7LTK
VqIgXFdCRplsqN415D35ddruP2BLCKqBu4KjwJ1LGIwgsx/Pmz4hlc5YcpLm8uRg
XMqGTdcieQFOGmZJjJ2q3ecaCjfb0nmTrOylP5b55/74TFwFo042YR1ua0fEtpD4
euoHLfYv3BY1dCp34TOUFGX0l+J1kAtf//vfD/JgJx/nX+ksdFBHhYwdbSi2oQG/
9CceXYJ5duEnG+JmDOWJvcZ3T49K5XaIDNfY2zGpcSu1VZKubWg=
=tQ0m
-----END PGP SIGNATURE-----
Merge 5.10.80 into android12-5.10-lts
Changes in 5.10.80
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform
binder: use euid from cred instead of using task
binder: use cred instead of task for selinux checks
binder: use cred instead of task for getsecid
Input: iforce - fix control-message timeout
Input: elantench - fix misreporting trackpoint coordinates
Input: i8042 - Add quirk for Fujitsu Lifebook T725
libata: fix read log timeout value
ocfs2: fix data corruption on truncate
scsi: core: Remove command size deduction from scsi_setup_scsi_cmnd()
scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
scsi: qla2xxx: Fix use after free in eh_abort path
mmc: mtk-sd: Add wait dma stop done flow
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
exfat: fix incorrect loading of i_blocks for large files
parisc: Fix set_fixmap() on PA1.x CPUs
parisc: Fix ptrace check on syscall return
tpm: Check for integer overflow in tpm2_map_response_body()
firmware/psci: fix application of sizeof to pointer
crypto: s5p-sss - Add error handling in s5p_aes_probe()
media: rkvdec: Do not override sizeimage for output format
media: ite-cir: IR receiver stop working after receive overflow
media: rkvdec: Support dynamic resolution changes
media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
media: v4l2-ioctl: Fix check_ext_ctrls
ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14
ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED
ALSA: hda/realtek: Add quirk for Clevo PC70HS
ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ
ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
ALSA: hda/realtek: Add quirk for ASUS UX550VE
ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
ALSA: ua101: fix division by zero at probe
ALSA: 6fire: fix control and bulk message timeouts
ALSA: line6: fix control and interrupt message timeouts
ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk
ALSA: usb-audio: Add registration quirk for JBL Quantum 400
ALSA: hda: Free card instance properly at probe errors
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: timer: Fix use-after-free problem
ALSA: timer: Unconditionally unlink slave instances, too
ext4: fix lazy initialization next schedule time computation in more granular unit
ext4: ensure enough credits in ext4_ext_shift_path_extents
ext4: refresh the ext4_ext_path struct after dropping i_data_sem.
fuse: fix page stealing
x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
x86/irq: Ensure PI wakeup handler is unregistered before module unload
ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked()
ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers
cavium: Return negative value when pci_alloc_irq_vectors() fails
scsi: qla2xxx: Return -ENOMEM if kzalloc() fails
scsi: qla2xxx: Fix unmap of already freed sgl
mISDN: Fix return values of the probe function
cavium: Fix return values of the probe function
sfc: Export fibre-specific supported link modes
sfc: Don't use netif_info before net_device setup
hyperv/vmbus: include linux/bitops.h
ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode
reset: socfpga: add empty driver allowing consumers to probe
mmc: winbond: don't build on M68K
drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
fcnal-test: kill hanging ping/nettest binaries on cleanup
bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT
bpf: Prevent increasing bpf_jit_limit above max
gpio: mlxbf2.c: Add check for bgpio_init failure
xen/netfront: stop tx queues during live migration
nvmet-tcp: fix a memory leak when releasing a queue
spi: spl022: fix Microwire full duplex mode
net: multicast: calculate csum of looped-back and forwarded packets
watchdog: Fix OMAP watchdog early handling
drm: panel-orientation-quirks: Add quirk for GPD Win3
block: schedule queue restart after BLK_STS_ZONE_RESOURCE
nvmet-tcp: fix header digest verification
r8169: Add device 10ec:8162 to driver r8169
vmxnet3: do not stop tx queues after netif_device_detach()
nfp: bpf: relax prog rejection for mtu check through max_pkt_offset
net/smc: Fix smc_link->llc_testlink_time overflow
net/smc: Correct spelling mistake to TCPF_SYN_RECV
rds: stop using dmapool
btrfs: clear MISSING device status bit in btrfs_close_one_device
btrfs: fix lost error handling when replaying directory deletes
btrfs: call btrfs_check_rw_degradable only if there is a missing device
KVM: VMX: Unregister posted interrupt wakeup handler on hardware unsetup
ia64: kprobes: Fix to pass correct trampoline address to the handler
selinux: fix race condition when computing ocontext SIDs
hwmon: (pmbus/lm25066) Add offset coefficients
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
mwifiex: fix division by zero in fw download path
ath6kl: fix division by zero in send path
ath6kl: fix control-message timeout
ath10k: fix control-message timeout
ath10k: fix division by zero in send path
PCI: Mark Atheros QCA6174 to avoid bus reset
rtl8187: fix control-message timeouts
evm: mark evm_fixmode as __ro_after_init
ifb: Depend on netfilter alternatively to tc
wcn36xx: Fix HT40 capability for 2Ghz band
wcn36xx: Fix tx_status mechanism
wcn36xx: Fix (QoS) null data frame bitrate/modulation
PM: sleep: Do not let "syscore" devices runtime-suspend during system transitions
mwifiex: Read a PCI register after writing the TX ring write pointer
mwifiex: Try waking the firmware until we get an interrupt
libata: fix checking of DMA state
wcn36xx: handle connection loss indication
rsi: fix occasional initialisation failure with BT coex
rsi: fix key enabled check causing unwanted encryption for vap_id > 0
rsi: fix rate mask set leading to P2P failure
rsi: Fix module dev_oper_mode parameter description
perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server
perf/x86/intel/uncore: Fix Intel ICX IIO event constraints
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
signal: Remove the bogus sigkill_pending in ptrace_stop
memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id
soc: fsl: dpio: use the combined functions to protect critical zone
mtd: rawnand: socrates: Keep the driver compatible with on-die ECC engines
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
power: supply: max17042_battery: use VFSOC for capacity when no rsns
KVM: arm64: Extract ESR_ELx.EC only
KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport
can: j1939: j1939_can_recv(): ignore messages with invalid source address
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
ring-buffer: Protect ring_buffer_reset() from reentrancy
serial: core: Fix initializing and restoring termios speed
ifb: fix building without CONFIG_NET_CLS_ACT
ALSA: mixer: oss: Fix racy access to slots
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
xen/balloon: add late_initcall_sync() for initial ballooning done
ovl: fix use after free in struct ovl_aio_req
PCI: pci-bridge-emul: Fix emulation of W1C bits
PCI: cadence: Add cdns_plat_pcie_probe() missing return
PCI: aardvark: Do not clear status bits of masked interrupts
PCI: aardvark: Fix checking for link up via LTSSM state
PCI: aardvark: Do not unmask unused interrupts
PCI: aardvark: Fix reporting Data Link Layer Link Active
PCI: aardvark: Fix configuring Reference clock
PCI: aardvark: Fix return value of MSI domain .alloc() method
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge
PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge
PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge
quota: check block number when reading the block in quota file
quota: correct error number in free_dqentry()
pinctrl: core: fix possible memory leak in pinctrl_enable()
coresight: cti: Correct the parameter for pm_runtime_put
iio: dac: ad5446: Fix ad5622_write() return value
iio: ad5770r: make devicetree property reading consistent
USB: serial: keyspan: fix memleak on probe errors
serial: 8250: fix racy uartclk update
most: fix control-message timeouts
USB: iowarrior: fix control-message timeouts
USB: chipidea: fix interrupt deadlock
power: supply: max17042_battery: Clear status bits in interrupt handler
dma-buf: WARN on dmabuf release with pending attachments
drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2)
drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
Bluetooth: fix use-after-free error in lock_sock_nested()
drm/panel-orientation-quirks: add Valve Steam Deck
rcutorture: Avoid problematic critical section nesting on PREEMPT_RT
platform/x86: wmi: do not fail if disabling fails
MIPS: lantiq: dma: add small delay after reset
MIPS: lantiq: dma: reset correct number of channel
locking/lockdep: Avoid RCU-induced noinstr fail
net: sched: update default qdisc visibility after Tx queue cnt changes
rcu-tasks: Move RTGS_WAIT_CBS to beginning of rcu_tasks_kthread() loop
smackfs: Fix use-after-free in netlbl_catmap_walk()
ath11k: Align bss_chan_info structure with firmware
x86: Increase exception stack sizes
mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
mwifiex: Properly initialize private structure on interface type changes
fscrypt: allow 256-bit master keys with AES-256-XTS
drm/amdgpu: Fix MMIO access page fault
ath11k: Avoid reg rules update during firmware recovery
ath11k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED
ath11k: Change DMA_FROM_DEVICE to DMA_TO_DEVICE when map reinjected packets
ath10k: high latency fixes for beacon buffer
media: mt9p031: Fix corrupted frame after restarting stream
media: netup_unidvb: handle interrupt properly according to the firmware
media: atomisp: Fix error handling in probe
media: stm32: Potential NULL pointer dereference in dcmi_irq_thread()
media: uvcvideo: Set capability in s_param
media: uvcvideo: Return -EIO for control errors
media: uvcvideo: Set unique vdev name based in type
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: s5p-mfc: Add checking to s5p_mfc_probe().
media: imx: set a media_device bus_info string
media: mceusb: return without resubmitting URB in case of -EPROTO error.
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
rtw88: fix RX clock gate setting while fifo dump
brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
media: rcar-csi2: Add checking to rcsi2_start_receiver()
ipmi: Disable some operations during a panic
fs/proc/uptime.c: Fix idle time reporting in /proc/uptime
ACPICA: Avoid evaluating methods too early during system resume
media: ipu3-imgu: imgu_fmt: Handle properly try
media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
net-sysfs: try not to restart the syscall if it will fail eventually
tracefs: Have tracefs directories not set OTH permission bits by default
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
mmc: moxart: Fix reference count leaks in moxart_probe
iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value
ACPI: battery: Accept charges over the design capacity as full
drm/amdkfd: fix resume error when iommu disabled in Picasso
net: phy: micrel: make *-skew-ps check more lenient
leaking_addresses: Always print a trailing newline
drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture()
block: bump max plugged deferred size from 16 to 32
md: update superblock after changing rdev flags in state_store
memstick: r592: Fix a UAF bug when removing the driver
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
lib/xz: Validate the value before assigning it to an enum variable
workqueue: make sysfs of unbound kworker cpumask more clever
tracing/cfi: Fix cmp_entries_* functions signature mismatch
mt76: mt7915: fix an off-by-one bound check
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
block: remove inaccurate requeue check
media: allegro: ignore interrupt if mailbox is not initialized
nvmet: fix use-after-free when a port is removed
nvmet-rdma: fix use-after-free when a port is removed
nvmet-tcp: fix use-after-free when a port is removed
nvme: drop scan_lock and always kick requeue list when removing namespaces
PM: hibernate: Get block device exclusively in swsusp_check()
selftests: kvm: fix mismatched fclose() after popen()
selftests/bpf: Fix perf_buffer test on system with offline cpus
iwlwifi: mvm: disable RX-diversity in powersave
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
ARM: clang: Do not rely on lr register for stacktrace
gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE
gfs2: Cancel remote delete work asynchronously
gfs2: Fix glock_hash_walk bugs
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
vrf: run conntrack only in context of lower/physdev for locally generated packets
net: annotate data-race in neigh_output()
ACPI: AC: Quirk GK45 to skip reading _PSR
btrfs: reflink: initialize return value to 0 in btrfs_extent_same()
btrfs: do not take the uuid_mutex in btrfs_rm_device
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
wcn36xx: Correct band/freq reporting on RX
x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled
selftests/core: fix conflicting types compile error for close_range()
parisc: fix warning in flush_tlb_all
task_stack: Fix end_of_stack() for architectures with upwards-growing stack
erofs: don't trigger WARN() when decompression fails
parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state
selftests/bpf: Fix strobemeta selftest regression
Bluetooth: fix init and cleanup of sco_conn.timeout_work
rcu: Fix existing exp request check in sync_sched_exp_online_cleanup()
MIPS: lantiq: dma: fix burst length for DEU
objtool: Add xen_start_kernel() to noreturn list
x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
objtool: Fix static_call list generation
drm/v3d: fix wait for TMU write combiner flush
virtio-gpu: fix possible memory allocation failure
lockdep: Let lock_is_held_type() detect recursive read as read
net: net_namespace: Fix undefined member in key_remove_domain()
cgroup: Make rebind_subsystems() disable v2 controllers all at once
wcn36xx: Fix Antenna Diversity Switching
wilc1000: fix possible memory leak in cfg_scan_result()
Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
crypto: caam - disable pkc for non-E SoCs
rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies()
net: dsa: rtl8366rb: Fix off-by-one bug
ath11k: fix some sleeping in atomic bugs
ath11k: Avoid race during regd updates
ath11k: fix packet drops due to incorrect 6 GHz freq value in rx status
ath11k: Fix memory leak in ath11k_qmi_driver_event_work
ath10k: Fix missing frame timestamp for beacon/probe-resp
ath10k: sdio: Add missing BH locking around napi_schdule()
drm/ttm: stop calling tt_swapin in vm_access
arm64: mm: update max_pfn after memory hotplug
drm/amdgpu: fix warning for overflow check
media: em28xx: add missing em28xx_close_extension
media: cxd2880-spi: Fix a null pointer dereference on error handling path
media: dvb-usb: fix ununit-value in az6027_rc_query
media: v4l2-ioctl: S_CTRL output the right value
media: TDA1997x: handle short reads of hdmi info frame.
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: radio-wl1273: Avoid card name truncation
media: si470x: Avoid card name truncation
media: tm6000: Avoid card name truncation
media: cx23885: Fix snd_card_free call on null card pointer
kprobes: Do not use local variable when creating debugfs file
crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency
cpuidle: Fix kobject memory leaks in error paths
media: em28xx: Don't use ops->suspend if it is NULL
ath9k: Fix potential interrupt storm on queue reset
PM: EM: Fix inefficient states detection
EDAC/amd64: Handle three rank interleaving mode
rcu: Always inline rcu_dynticks_task*_{enter,exit}()
netfilter: nft_dynset: relax superfluous check on set updates
media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
crypto: qat - detect PFVF collision after ACK
crypto: qat - disregard spurious PFVF interrupts
hwrng: mtk - Force runtime pm ops for sleep ops
b43legacy: fix a lower bounds test
b43: fix a lower bounds test
gve: Recover from queue stall due to missed IRQ
mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
mmc: sdhci-omap: Fix context restore
memstick: avoid out-of-range warning
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE
hwmon: Fix possible memleak in __hwmon_device_register()
hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff
ath10k: fix max antenna gain unit
kernel/sched: Fix sched_fork() access an invalid sched_task_group
tcp: switch orphan_count to bare per-cpu counters
drm/msm: potential error pointer dereference in init()
drm/msm: uninitialized variable in msm_gem_import()
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
media: ir_toy: assignment to be16 should be of correct type
mmc: mxs-mmc: disable regulator on error and in the remove function
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi
mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
mt76: mt7915: fix possible infinite loop release semaphore
mt76: mt7915: fix sta_rec_wtbl tag len
mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req()
rsi: stop thread firstly in rsi_91x_init() error handling
mwifiex: Send DELBA requests according to spec
net: enetc: unmap DMA in enetc_send_cmd()
phy: micrel: ksz8041nl: do not use power down mode
nvme-rdma: fix error code in nvme_rdma_setup_ctrl
PM: hibernate: fix sparse warnings
clocksource/drivers/timer-ti-dm: Select TIMER_OF
x86/sev: Fix stack type check in vc_switch_off_ist()
drm/msm: Fix potential NULL dereference in DPU SSPP
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
KVM: selftests: Add operand to vmsave/vmload/vmrun in svm.c
KVM: selftests: Fix nested SVM tests when built with clang
bpftool: Avoid leaking the JSON writer prepared for program metadata
libbpf: Fix BTF data layout checks and allow empty BTF
libbpf: Allow loading empty BTFs
libbpf: Fix overflow in BTF sanity checks
libbpf: Fix BTF header parsing checks
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
KVM: s390: pv: avoid double free of sida page
KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm
irq: mips: avoid nested irq_enter()
tpm: fix Atmel TPM crash caused by too frequent queries
tpm_tis_spi: Add missing SPI ID
libbpf: Fix endianness detection in BPF_CORE_READ_BITFIELD_PROBED()
tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
spi: spi-rpc-if: Check return value of rpcif_sw_init()
samples/kretprobes: Fix return value if register_kretprobe() failed
KVM: s390: Fix handle_sske page fault handling
libertas_tf: Fix possible memory leak in probe and disconnect
libertas: Fix possible memory leak in probe and disconnect
wcn36xx: add proper DMA memory barriers in rx path
wcn36xx: Fix discarded frames due to wrong sequence number
drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits
selftests: bpf: Convert sk_lookup ctx access tests to PROG_TEST_RUN
selftests/bpf: Fix fd cleanup in sk_lookup test
net: amd-xgbe: Toggle PLL settings during rate change
net: phylink: avoid mvneta warning when setting pause parameters
crypto: pcrypt - Delay write to padata->info
selftests/bpf: Fix fclose/pclose mismatch in test_progs
udp6: allow SO_MARK ctrl msg to affect routing
ibmvnic: don't stop queue in xmit
ibmvnic: Process crqs after enabling interrupts
cgroup: Fix rootcg cpu.stat guest double counting
bpf: Fix propagation of bounds from 64-bit min/max into 32-bit and var_off.
bpf: Fix propagation of signed bounds from 64-bit min/max into 32-bit.
of: unittest: fix EXPECT text for gpio hog errors
iio: st_sensors: Call st_sensors_power_enable() from bus drivers
iio: st_sensors: disable regulators after device unregistration
RDMA/rxe: Fix wrong port_cap_flags
ARM: dts: BCM5301X: Fix memory nodes names
clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
arm64: dts: rockchip: Fix GPU register width for RK3328
ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY
RDMA/bnxt_re: Fix query SRQ failure
arm64: dts: ti: k3-j721e-main: Fix "max-virtual-functions" in PCIe EP nodes
arm64: dts: ti: k3-j721e-main: Fix "bus-range" upto 256 bus number for PCIe
arm64: dts: meson-g12a: Fix the pwm regulator supply properties
arm64: dts: meson-g12b: Fix the pwm regulator supply properties
bus: ti-sysc: Fix timekeeping_suspended warning on resume
ARM: dts: at91: tse850: the emac<->phy interface is rmii
scsi: dc395: Fix error case unwinding
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
JFS: fix memleak in jfs_mount
arm64: dts: qcom: msm8916: Fix Secondary MI2S bit clock
arm64: dts: renesas: beacon: Fix Ethernet PHY mode
arm64: dts: qcom: pm8916: Remove wrong reg-names for rtc@6000
ALSA: hda: Reduce udelay() at SKL+ position reporting
ALSA: hda: Release controller display power during shutdown/reboot
ALSA: hda: Fix hang during shutdown due to link reset
ALSA: hda: Use position buffer for SKL+ again
soundwire: debugfs: use controller id and link_id for debugfs
scsi: pm80xx: Fix misleading log statement in pm8001_mpi_get_nvmd_resp()
driver core: Fix possible memory leak in device_link_add()
arm: dts: omap3-gta04a4: accelerometer irq fix
ASoC: SOF: topology: do not power down primary core during topology removal
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
clk: at91: check pmc node status before registering syscore ops
video: fbdev: chipsfb: use memset_io() instead of memset()
powerpc: Refactor is_kvm_guest() declaration to new header
powerpc: Rename is_kvm_guest() to check_kvm_guest()
powerpc: Reintroduce is_kvm_guest() as a fast-path check
powerpc: Fix is_kvm_guest() / kvm_para_available()
powerpc: fix unbalanced node refcount in check_kvm_guest()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
usb: gadget: hid: fix error code in do_config()
power: supply: rt5033_battery: Change voltage values to µV
power: supply: max17040: fix null-ptr-deref in max17040_probe()
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
RDMA/mlx4: Return missed an error if device doesn't support steering
usb: musb: select GENERIC_PHY instead of depending on it
staging: most: dim2: do not double-register the same device
staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
pinctrl: renesas: checker: Fix off-by-one bug in drive register check
ARM: dts: stm32: Reduce DHCOR SPI NOR frequency to 50 MHz
ARM: dts: stm32: fix SAI sub nodes register range
ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15
ASoC: cs42l42: Correct some register default values
ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
soc: qcom: rpmhpd: Provide some missing struct member descriptions
soc: qcom: rpmhpd: Make power_on actually enable the domain
usb: typec: STUSB160X should select REGMAP_I2C
iio: adis: do not disabe IRQs in 'adis_init()'
scsi: ufs: Refactor ufshcd_setup_clocks() to remove skip_ref_clk
scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer
serial: imx: fix detach/attach of serial console
usb: dwc2: drd: fix dwc2_force_mode call in dwc2_ovr_init
usb: dwc2: drd: fix dwc2_drd_role_sw_set when clock could be disabled
usb: dwc2: drd: reset current session before setting the new one
firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available()
soc: qcom: apr: Add of_node_put() before return
pinctrl: equilibrium: Fix function addition in multiple groups
phy: qcom-qusb2: Fix a memory leak on probe
phy: ti: gmii-sel: check of_get_address() for failure
phy: qcom-snps: Correct the FSEL_MASK
serial: xilinx_uartps: Fix race condition causing stuck TX
clk: at91: sam9x60-pll: use DIV_ROUND_CLOSEST_ULL
HID: u2fzero: clarify error check and length calculations
HID: u2fzero: properly handle timeouts in usb_submit_urb
powerpc/44x/fsp2: add missing of_node_put
ASoC: cs42l42: Disable regulators if probe fails
ASoC: cs42l42: Use device_property API instead of of_property
ASoC: cs42l42: Correct configuring of switch inversion from ts-inv
virtio_ring: check desc == NULL when using indirect with packed
mips: cm: Convert to bitfield API to fix out-of-bounds access
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
apparmor: fix error check
rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
nfsd: don't alloc under spinlock in rpc_parse_scope_id
i2c: mediatek: fixing the incorrect register offset
NFS: Fix dentry verifier races
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
drm/plane-helper: fix uninitialized variable reference
PCI: aardvark: Don't spam about PIO Response Status
PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge
opp: Fix return in _opp_add_static_v2()
NFS: Fix deadlocks in nfs_scan_commit_list()
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation
mtd: core: don't remove debugfs directory if device is in use
remoteproc: Fix a memory leak in an error handling path in 'rproc_handle_vdev()'
rtc: rv3032: fix error handling in rv3032_clkout_set_rate()
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
NFS: Fix up commit deadlocks
NFS: Fix an Oops in pnfs_mark_request_commit()
Fix user namespace leak
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
auxdisplay: ht16k33: Connect backlight to fbdev
auxdisplay: ht16k33: Fix frame buffer device blanking
soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL)
m68k: set a default value for MEMORY_RESERVE
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
ar7: fix kernel builds for compiler test
scsi: qla2xxx: Changes to support FCP2 Target
scsi: qla2xxx: Relogin during fabric disturbance
scsi: qla2xxx: Fix gnl list corruption
scsi: qla2xxx: Turn off target reset during issue_lip
NFSv4: Fix a regression in nfs_set_open_stateid_locked()
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
xen-pciback: Fix return in pm_ctrl_init()
net: davinci_emac: Fix interrupt pacing disable
ethtool: fix ethtool msg len calculation for pause stats
openrisc: fix SMP tlb flush NULL pointer dereference
net: vlan: fix a UAF in vlan_dev_real_dev()
ice: Fix replacing VF hardware MAC to existing MAC filter
ice: Fix not stopping Tx queues for VFs
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
drm/nouveau/svm: Fix refcount leak bug and missing check against null bug
net: phy: fix duplex out of sync problem while changing settings
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
mfd: core: Add missing of_node_put for loop iteration
can: mcp251xfd: mcp251xfd_chip_start(): fix error handling for mcp251xfd_chip_rx_int_enable()
mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
zram: off by one in read_block_state()
perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
llc: fix out-of-bound array index in llc_sk_dev_hash()
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
bpf, sockmap: Remove unhash handler for BPF sockmap usage
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
gve: Fix off by one in gve_tx_timeout()
seq_file: fix passing wrong private data
net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any
net: hns3: fix kernel crash when unload VF while it is being reset
net: hns3: allow configure ETS bandwidth of all TCs
net: stmmac: allow a tc-taprio base-time of zero
vsock: prevent unnecessary refcnt inc for nonblocking connect
net/smc: fix sk_refcnt underflow on linkdown and fallback
cxgb4: fix eeprom len when diagnostics not implemented
selftests/net: udpgso_bench_rx: fix port argument
ARM: 9155/1: fix early early_iounmap()
ARM: 9156/1: drop cc-option fallbacks for architecture selection
parisc: Fix backtrace to always include init funtion names
MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL
x86/mce: Add errata workaround for Skylake SKX37
posix-cpu-timers: Clear task::posix_cputimers_work in copy_process()
irqchip/sifive-plic: Fixup EOI failed when masked
f2fs: should use GFP_NOFS for directory inodes
net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE
9p/net: fix missing error check in p9_check_errors
memcg: prohibit unconditional exceeding the limit of dying tasks
powerpc/lib: Add helper to check if offset is within conditional branch range
powerpc/bpf: Validate branch ranges
powerpc/security: Add a helper to query stf_barrier type
powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
mm, oom: do not trigger out_of_memory from the #PF
mfd: dln2: Add cell for initializing DLN2 ADC
video: backlight: Drop maximum brightness override for brightness zero
s390/cio: check the subchannel validity for dev_busid
s390/tape: fix timer initialization in tape_std_assign()
s390/ap: Fix hanging ioctl caused by orphaned replies
s390/cio: make ccw_device_dma_* more robust
mtd: rawnand: ams-delta: Keep the driver compatible with on-die ECC engines
mtd: rawnand: xway: Keep the driver compatible with on-die ECC engines
mtd: rawnand: mpc5121: Keep the driver compatible with on-die ECC engines
mtd: rawnand: gpio: Keep the driver compatible with on-die ECC engines
mtd: rawnand: pasemi: Keep the driver compatible with on-die ECC engines
mtd: rawnand: orion: Keep the driver compatible with on-die ECC engines
mtd: rawnand: plat_nand: Keep the driver compatible with on-die ECC engines
mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines
powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload
powerpc/85xx: fix timebase sync issue when CONFIG_HOTPLUG_CPU=n
drm/sun4i: Fix macros in sun8i_csc.h
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
PCI: aardvark: Fix PCIe Max Payload Size setting
SUNRPC: Partial revert of commit
|
||
|
Josef Bacik
|
b917f9b946 |
btrfs: do not take the uuid_mutex in btrfs_rm_device
[ Upstream commit 8ef9dc0f14ba6124c62547a4fdc59b163d8b864e ]
We got the following lockdep splat while running fstests (specifically
btrfs/003 and btrfs/020 in a row) with the new rc. This was uncovered
by 87579e9b7d8d ("loop: use worker per cgroup instead of kworker") which
converted loop to using workqueues, which comes with lockdep
annotations that don't exist with kworkers. The lockdep splat is as
follows:
WARNING: possible circular locking dependency detected
5.14.0-rc2-custom+ #34 Not tainted
------------------------------------------------------
losetup/156417 is trying to acquire lock:
ffff9c7645b02d38 ((wq_completion)loop0){+.+.}-{0:0}, at: flush_workqueue+0x84/0x600
but task is already holding lock:
ffff9c7647395468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0x41/0x650 [loop]
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #5 (&lo->lo_mutex){+.+.}-{3:3}:
__mutex_lock+0xba/0x7c0
lo_open+0x28/0x60 [loop]
blkdev_get_whole+0x28/0xf0
blkdev_get_by_dev.part.0+0x168/0x3c0
blkdev_open+0xd2/0xe0
do_dentry_open+0x163/0x3a0
path_openat+0x74d/0xa40
do_filp_open+0x9c/0x140
do_sys_openat2+0xb1/0x170
__x64_sys_openat+0x54/0x90
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #4 (&disk->open_mutex){+.+.}-{3:3}:
__mutex_lock+0xba/0x7c0
blkdev_get_by_dev.part.0+0xd1/0x3c0
blkdev_get_by_path+0xc0/0xd0
btrfs_scan_one_device+0x52/0x1f0 [btrfs]
btrfs_control_ioctl+0xac/0x170 [btrfs]
__x64_sys_ioctl+0x83/0xb0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #3 (uuid_mutex){+.+.}-{3:3}:
__mutex_lock+0xba/0x7c0
btrfs_rm_device+0x48/0x6a0 [btrfs]
btrfs_ioctl+0x2d1c/0x3110 [btrfs]
__x64_sys_ioctl+0x83/0xb0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #2 (sb_writers#11){.+.+}-{0:0}:
lo_write_bvec+0x112/0x290 [loop]
loop_process_work+0x25f/0xcb0 [loop]
process_one_work+0x28f/0x5d0
worker_thread+0x55/0x3c0
kthread+0x140/0x170
ret_from_fork+0x22/0x30
-> #1 ((work_completion)(&lo->rootcg_work)){+.+.}-{0:0}:
process_one_work+0x266/0x5d0
worker_thread+0x55/0x3c0
kthread+0x140/0x170
ret_from_fork+0x22/0x30
-> #0 ((wq_completion)loop0){+.+.}-{0:0}:
__lock_acquire+0x1130/0x1dc0
lock_acquire+0xf5/0x320
flush_workqueue+0xae/0x600
drain_workqueue+0xa0/0x110
destroy_workqueue+0x36/0x250
__loop_clr_fd+0x9a/0x650 [loop]
lo_ioctl+0x29d/0x780 [loop]
block_ioctl+0x3f/0x50
__x64_sys_ioctl+0x83/0xb0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
other info that might help us debug this:
Chain exists of:
(wq_completion)loop0 --> &disk->open_mutex --> &lo->lo_mutex
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&lo->lo_mutex);
lock(&disk->open_mutex);
lock(&lo->lo_mutex);
lock((wq_completion)loop0);
*** DEADLOCK ***
1 lock held by losetup/156417:
#0: ffff9c7647395468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0x41/0x650 [loop]
stack backtrace:
CPU: 8 PID: 156417 Comm: losetup Not tainted 5.14.0-rc2-custom+ #34
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
Call Trace:
dump_stack_lvl+0x57/0x72
check_noncircular+0x10a/0x120
__lock_acquire+0x1130/0x1dc0
lock_acquire+0xf5/0x320
? flush_workqueue+0x84/0x600
flush_workqueue+0xae/0x600
? flush_workqueue+0x84/0x600
drain_workqueue+0xa0/0x110
destroy_workqueue+0x36/0x250
__loop_clr_fd+0x9a/0x650 [loop]
lo_ioctl+0x29d/0x780 [loop]
? __lock_acquire+0x3a0/0x1dc0
? update_dl_rq_load_avg+0x152/0x360
? lock_is_held_type+0xa5/0x120
? find_held_lock.constprop.0+0x2b/0x80
block_ioctl+0x3f/0x50
__x64_sys_ioctl+0x83/0xb0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f645884de6b
Usually the uuid_mutex exists to protect the fs_devices that map
together all of the devices that match a specific uuid. In rm_device
we're messing with the uuid of a device, so it makes sense to protect
that here.
However in doing that it pulls in a whole host of lockdep dependencies,
as we call mnt_may_write() on the sb before we grab the uuid_mutex, thus
we end up with the dependency chain under the uuid_mutex being added
under the normal sb write dependency chain, which causes problems with
loop devices.
We don't need the uuid mutex here however. If we call
btrfs_scan_one_device() before we scratch the super block we will find
the fs_devices and not find the device itself and return EBUSY because
the fs_devices is open. If we call it after the scratch happens it will
not appear to be a valid btrfs file system.
We do not need to worry about other fs_devices modifying operations here
because we're protected by the exclusive operations locking.
So drop the uuid_mutex here in order to fix the lockdep splat.
A more detailed explanation from the discussion:
We are worried about rm and scan racing with each other, before this
change we'll zero the device out under the UUID mutex so when scan does
run it'll make sure that it can go through the whole device scan thing
without rm messing with us.
We aren't worried if the scratch happens first, because the result is we
don't think this is a btrfs device and we bail out.
The only case we are concerned with is we scratch _after_ scan is able
to read the superblock and gets a seemingly valid super block, so lets
consider this case.
Scan will call device_list_add() with the device we're removing. We'll
call find_fsid_with_metadata_uuid() and get our fs_devices for this
UUID. At this point we lock the fs_devices->device_list_mutex. This is
what protects us in this case, but we have two cases here.
1. We aren't to the device removal part of the RM. We found our device,
and device name matches our path, we go down and we set total_devices
to our super number of devices, which doesn't affect anything because
we haven't done the remove yet.
2. We are past the device removal part, which is protected by the
device_list_mutex. Scan doesn't find the device, it goes down and
does the
if (fs_devices->opened)
return -EBUSY;
check and we bail out.
Nothing about this situation is ideal, but the lockdep splat is real,
and the fix is safe, tho admittedly a bit scary looking.
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ copy more from the discussion ]
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Sidong Yang
|
428bb3d71e |
btrfs: reflink: initialize return value to 0 in btrfs_extent_same()
[ Upstream commit 44bee215f72f13874c0e734a0712c2e3264c0108 ] Fix a warning reported by smatch that ret could be returned without initialized. The dedupe operations are supposed to to return 0 for a 0 length range but the caller does not pass olen == 0. To keep this behaviour and also fix the warning initialize ret to 0. Reviewed-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: Sidong Yang <realwakka@gmail.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Anand Jain
|
b4a4c9dc44 |
btrfs: call btrfs_check_rw_degradable only if there is a missing device
commit 5c78a5e7aa835c4f08a7c90fe02d19f95a776f29 upstream.
In open_ctree() in btrfs_check_rw_degradable() [1], we check each block
group individually if at least the minimum number of devices is available
for that profile. If all the devices are available, then we don't have to
check degradable.
[1]
open_ctree()
::
3559 if (!sb_rdonly(sb) && !btrfs_check_rw_degradable(fs_info, NULL)) {
Also before calling btrfs_check_rw_degradable() in open_ctee() at the
line number shown below [2] we call btrfs_read_chunk_tree() and down to
add_missing_dev() to record number of missing devices.
[2]
open_ctree()
::
3454 ret = btrfs_read_chunk_tree(fs_info);
btrfs_read_chunk_tree()
read_one_chunk() / read_one_dev()
add_missing_dev()
So, check if there is any missing device before btrfs_check_rw_degradable()
in open_ctree().
Also, with this the mount command could save ~16ms.[3] in the most
common case, that is no device is missing.
[3]
1) * 16934.96 us | btrfs_check_rw_degradable [btrfs]();
CC: stable@vger.kernel.org # 4.19+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Filipe Manana
|
b406439afe |
btrfs: fix lost error handling when replaying directory deletes
commit 10adb1152d957a4d570ad630f93a88bb961616c1 upstream. At replay_dir_deletes(), if find_dir_range() returns an error we break out of the main while loop and then assign a value of 0 (success) to the 'ret' variable, resulting in completely ignoring that an error happened. Fix that by jumping to the 'out' label when find_dir_range() returns an error (negative value). CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Li Zhang
|
8992aab294 |
btrfs: clear MISSING device status bit in btrfs_close_one_device
commit 5d03dbebba2594d2e6fbf3b5dd9060c5a835de3b upstream. Reported bug: https://github.com/kdave/btrfs-progs/issues/389 There's a problem with scrub reporting aborted status but returning error code 0, on a filesystem with missing and readded device. Roughly these steps: - mkfs -d raid1 dev1 dev2 - fill with data - unmount - make dev1 disappear - mount -o degraded - copy more data - make dev1 appear again Running scrub afterwards reports that the command was aborted, but the system log message says the exit code was 0. It seems that the cause of the error is decrementing fs_devices->missing_devices but not clearing device->dev_state. Every time we umount filesystem, it would call close_ctree, And it would eventually involve btrfs_close_one_device to close the device, but it only decrements fs_devices->missing_devices but does not clear the device BTRFS_DEV_STATE_MISSING bit. Worse, this bug will cause Integer Overflow, because every time umount, fs_devices->missing_devices will decrease. If fs_devices->missing_devices value hit 0, it would overflow. With added debugging: loop1: detected capacity change from 0 to 20971520 BTRFS: device fsid 56ad51f1-5523-463b-8547-c19486c51ebb devid 1 transid 21 /dev/loop1 scanned by systemd-udevd (2311) loop2: detected capacity change from 0 to 20971520 BTRFS: device fsid 56ad51f1-5523-463b-8547-c19486c51ebb devid 2 transid 17 /dev/loop2 scanned by systemd-udevd (2313) BTRFS info (device loop1): flagging fs with big metadata feature BTRFS info (device loop1): allowing degraded mounts BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents BTRFS info (device loop1): before clear_missing.00000000f706684d /dev/loop1 0 BTRFS warning (device loop1): devid 2 uuid 6635ac31-56dd-4852-873b-c60f5e2d53d2 is missing BTRFS info (device loop1): before clear_missing.0000000000000000 /dev/loop2 1 BTRFS info (device loop1): flagging fs with big metadata feature BTRFS info (device loop1): allowing degraded mounts BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents BTRFS info (device loop1): before clear_missing.00000000f706684d /dev/loop1 0 BTRFS warning (device loop1): devid 2 uuid 6635ac31-56dd-4852-873b-c60f5e2d53d2 is missing BTRFS info (device loop1): before clear_missing.0000000000000000 /dev/loop2 0 BTRFS info (device loop1): flagging fs with big metadata feature BTRFS info (device loop1): allowing degraded mounts BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents BTRFS info (device loop1): before clear_missing.00000000f706684d /dev/loop1 18446744073709551615 BTRFS warning (device loop1): devid 2 uuid 6635ac31-56dd-4852-873b-c60f5e2d53d2 is missing BTRFS info (device loop1): before clear_missing.0000000000000000 /dev/loop2 18446744073709551615 If fs_devices->missing_devices is 0, next time it would be 18446744073709551615 After apply this patch, the fs_devices->missing_devices seems to be right: $ truncate -s 10g test1 $ truncate -s 10g test2 $ losetup /dev/loop1 test1 $ losetup /dev/loop2 test2 $ mkfs.btrfs -draid1 -mraid1 /dev/loop1 /dev/loop2 -f $ losetup -d /dev/loop2 $ mount -o degraded /dev/loop1 /mnt/1 $ umount /mnt/1 $ mount -o degraded /dev/loop1 /mnt/1 $ umount /mnt/1 $ mount -o degraded /dev/loop1 /mnt/1 $ umount /mnt/1 $ dmesg loop1: detected capacity change from 0 to 20971520 loop2: detected capacity change from 0 to 20971520 BTRFS: device fsid 15aa1203-98d3-4a66-bcae-ca82f629c2cd devid 1 transid 5 /dev/loop1 scanned by mkfs.btrfs (1863) BTRFS: device fsid 15aa1203-98d3-4a66-bcae-ca82f629c2cd devid 2 transid 5 /dev/loop2 scanned by mkfs.btrfs (1863) BTRFS info (device loop1): flagging fs with big metadata feature BTRFS info (device loop1): allowing degraded mounts BTRFS info (device loop1): disk space caching is enabled BTRFS info (device loop1): has skinny extents BTRFS info (device loop1): before clear_missing.00000000975bd577 /dev/loop1 0 BTRFS warning (device loop1): devid 2 uuid 8b333791-0b3f-4f57-b449-1c1ab6b51f38 is missing BTRFS info (device loop1): before clear_missing.0000000000000000 /dev/loop2 1 BTRFS info (device loop1): checking UUID tree BTRFS info (device loop1): flagging fs with big metadata feature BTRFS info (device loop1): allowing degraded mounts BTRFS info (device loop1): disk space caching is enabled BTRFS info (device loop1): has skinny extents BTRFS info (device loop1): before clear_missing.00000000975bd577 /dev/loop1 0 BTRFS warning (device loop1): devid 2 uuid 8b333791-0b3f-4f57-b449-1c1ab6b51f38 is missing BTRFS info (device loop1): before clear_missing.0000000000000000 /dev/loop2 1 BTRFS info (device loop1): flagging fs with big metadata feature BTRFS info (device loop1): allowing degraded mounts BTRFS info (device loop1): disk space caching is enabled BTRFS info (device loop1): has skinny extents BTRFS info (device loop1): before clear_missing.00000000975bd577 /dev/loop1 0 BTRFS warning (device loop1): devid 2 uuid 8b333791-0b3f-4f57-b449-1c1ab6b51f38 is missing BTRFS info (device loop1): before clear_missing.0000000000000000 /dev/loop2 1 CC: stable@vger.kernel.org # 4.19+ Signed-off-by: Li Zhang <zhanglikernel@gmail.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
4944ec82eb |
This is the 5.10.76 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmF5BlMACgkQONu9yGCS
aT4OIQ/+PY9YFEKTRlW/TDDqnc3KxpTsSDgpyEHzDwW/zqzTu9ja36suqz0SGu+S
SyY9tp3g7A+Ty7m7Xd6UKFcrfb6+fWN3+YqglXqgQ/VH1rGOhZiVfOZ+yBsF1D3O
hQZRhnxYn1IJRpvKdTiw57RvjwuZO82QlXpd2SCt0crfclN/HeTvUpTxq6bllE+H
X5TANiN0NVJgVBQvoztXQS7I6oXcAeGCoXsQ4m7S28apKBgax2EXHewFIOrjq3ub
SVFeD1oWcHjGPcln/kv8HNGAZXZivsARl+ag8BBWmtC59dZjH/niFEcq1qVmwjBj
d3YcBUP1nfsY2PhyXjxaUQ7gdEfFieL8wM9mYBmGyWempVWSfGAPe/td0IR7NsR9
hwmHs4VNFLhtzEZW8OSpCV1f7dNo1WZZshCrRotSZ9QEZP/TZ84oXFFLl72C0tUI
4Jfx5Ll3xqBjBQdDthWb99Rg0ZBQVPox/jnZMBCxk3NXtLhREmjwP4Sx8Wf635xE
kfCGb0HkgjrQiQX0A+AyPwFAOTTrTe3WDZ5aYB4r2FwFzhySQw5ol8SmOEsZt2om
aAEPjmut8HoM+Ch2Q9NGZghZGyePiqyxNTh9dL7G3U+Wss2xpBzpm1loCpm8OHr3
KxwqhQCdKNxfVuPjK49N6QDAgmuhqtOx6S1z0WcMUuaZ7EZkac8=
=zASi
-----END PGP SIGNATURE-----
Merge 5.10.76 into android12-5.10-lts
Changes in 5.10.76
parisc: math-emu: Fix fall-through warnings
xhci: add quirk for host controllers that don't update endpoint DCS
io_uring: fix splice_fd_in checks backport typo
arm: dts: vexpress-v2p-ca9: Fix the SMB unit-address
ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
block: decode QUEUE_FLAG_HCTX_ACTIVE in debugfs output
xen/x86: prevent PVH type from getting clobbered
drm/amdgpu/display: fix dependencies for DRM_AMD_DC_SI
xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
xtensa: xtfpga: Try software restart before simulating CPU reset
NFSD: Keep existing listeners on portlist error
netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value
dma-debug: fix sg checks in debug_dma_map_sg()
ASoC: wm8960: Fix clock configuration on slave mode
ice: fix getting UDP tunnel entry
netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6
netfilter: ipvs: make global sysctl readonly in non-init netns
lan78xx: select CRC32
tcp: md5: Fix overlap between vrf and non-vrf keys
ipv6: When forwarding count rx stats on the orig netdev
net: dsa: lantiq_gswip: fix register definition
NIOS2: irqflags: rename a redefined register name
powerpc/smp: do not decrement idle task preempt count in CPU offline
net: hns3: reset DWRR of unused tc to zero
net: hns3: add limit ets dwrr bandwidth cannot be 0
net: hns3: schedule the polling again when allocation fails
net: hns3: fix vf reset workqueue cannot exit
net: hns3: disable sriov before unload hclge layer
net: stmmac: Fix E2E delay mechanism
e1000e: Fix packet loss on Tiger Lake and later
ice: Add missing E810 device ids
drm/panel: ilitek-ili9881c: Fix sync for Feixin K101-IM2BYL02 panel
net: enetc: fix ethtool counter name for PM0_TERR
can: rcar_can: fix suspend/resume
can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification
can: peak_pci: peak_pci_remove(): fix UAF
can: isotp: isotp_sendmsg(): fix return error on FC timeout on TX path
can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()
can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer
can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length
can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes
ceph: skip existing superblocks that are blocklisted or shut down when mounting
ceph: fix handling of "meta" errors
ocfs2: fix data corruption after conversion from inline format
ocfs2: mount fails with buffer overflow in strlen
userfaultfd: fix a race between writeprotect and exit_mmap()
elfcore: correct reference to CONFIG_UML
vfs: check fd has read access in kernel_read_file_from_fd()
ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
ALSA: hda/realtek: Add quirk for Clevo PC50HS
ASoC: DAPM: Fix missing kctl change notifications
audit: fix possible null-pointer dereference in audit_filter_rules
net: dsa: mt7530: correct ds->num_ports
powerpc64/idle: Fix SP offsets when saving GPRs
KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()
KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
powerpc/idle: Don't corrupt back chain when going idle
mm, slub: fix mismatch between reconstructed freelist depth and cnt
mm, slub: fix potential memoryleak in kmem_cache_open()
mm, slub: fix incorrect memcg slab count for bulk free
KVM: nVMX: promptly process interrupts delivered while in guest mode
nfc: nci: fix the UAF of rf_conn_info object
isdn: cpai: check ctr->cnr to avoid array index out of bound
netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
selftests: netfilter: remove stray bash debug line
net: bridge: mcast: use multicast_membership_interval for IGMPv3
drm: mxsfb: Fix NULL pointer dereference crash on unload
net: hns3: fix the max tx size according to user manual
gcc-plugins/structleak: add makefile var for disabling structleak
ALSA: hda: intel: Allow repeatedly probing on codec configuration errors
btrfs: deal with errors when checking if a dir entry exists during log replay
net: stmmac: add support for dwmac 3.40a
ARM: dts: spear3xx: Fix gmac node
isdn: mISDN: Fix sleeping function called from invalid context
platform/x86: intel_scu_ipc: Update timeout value in comment
ALSA: hda: avoid write to STATESTS if controller is in reset
libperf tests: Fix test_stat_cpu
perf/x86/msr: Add Sapphire Rapids CPU support
Input: snvs_pwrkey - add clk handling
scsi: iscsi: Fix set_param() handling
scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()
sched/scs: Reset the shadow stack when idle_task_exit
net: hns3: fix for miscalculation of rx unused desc
scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg()
s390/pci: fix zpci_zdev_put() on reserve
bpf, test, cgroup: Use sk_{alloc,free} for test cases
net: mdiobus: Fix memory leak in __mdiobus_register
tracing: Have all levels of checks prevent recursion
e1000e: Separate TGP board type from SPT
selftests: bpf: fix backported ASSERT_FALSE
ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume()
Linux 5.10.76
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia2eae7445f275464721daabb414beadf1e244c56
|
||
|
Filipe Manana
|
f9d16a4284 |
btrfs: deal with errors when checking if a dir entry exists during log replay
[ Upstream commit 77a5b9e3d14cbce49ceed2766b2003c034c066dc ] Currently inode_in_dir() ignores errors returned from btrfs_lookup_dir_index_item() and from btrfs_lookup_dir_item(), treating any errors as if the directory entry does not exists in the fs/subvolume tree, which is obviously not correct, as we can get errors such as -EIO when reading extent buffers while searching the fs/subvolume's tree. Fix that by making inode_in_dir() return the errors and making its only caller, add_inode_ref(), deal with returned errors as well. Signed-off-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
221975092a |
This is the 5.10.75 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmFv5S8ACgkQONu9yGCS aT7IjQ/8CFAU/7DKwb6LMl8OOzui8yStdO2Dta2P0XfsfLVBcyFp0AZg9ODKRnzi 6JbUtmDxak/hobVPGEl8zaF8438+vXX85evqj0Ufq8fV8HFiHHmrC6CETz4fHY18 GJ6IaWkMx8dhIW5cmgVyPdBZ3dEOSyuJd74tq8GajyAYN7kdHTNxtWx8platQ2N7 q8hcfAmwBEhaZIKUU6mBLZodIFg1+guqPliXrNEnO+1YTTcBSMaG3plYH7C+7x/r vSimoSGDj2o2P0eFOpGrl9mXcXuXuvdCjeonp/O881Kjkbib3gYeTq32WcKa5e2R cQJKDEk5DCzbXxm+FuFdczId36n0c36pb2E6XCxPbq9+S+U0T3uUoNxSU8Qjgpt1 0B8z5QhEahzEJkvM0h4Ph5NVCZ8nIzWxnCAC6KbjMerQQ/4JtrAjY7BSPcN9TCfH EzfjpUyEjBey5gP48/a7nRHXlX968XkN2qpEeG77OilSHNp1V7ZSkHkq9rUOBFJl MF3EM9kHwtbmDl9X1fdd6qWSItFBZsAuZZl17wMsZhacSZooNlsL1dEz+wmQkUeT 1k0rn1ZJ0EECrFgbXfPHHwYBrEx/F2QF0iCiDBq4RwWlFgwche8UqJDFNn97alz2 Gyy80hf62YaDYnQgRLPOQjlwFnfAXth0c0biTETmIWTbkwof2fw= =mAv1 -----END PGP SIGNATURE----- Merge 5.10.75 into android12-5.10-lts Changes in 5.10.75 ALSA: usb-audio: Add quirk for VF0770 ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl ALSA: seq: Fix a potential UAF by wrong private_free call order ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 ALSA: hda/realtek: Complete partial device name to avoid ambiguity ALSA: hda/realtek: Add quirk for Clevo X170KM-G ALSA: hda/realtek - ALC236 headset MIC recording issue ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^' s390: fix strrchr() implementation clk: socfpga: agilex: fix duplicate s2f_user0_clk csky: don't let sigreturn play with priveleged bits of status register csky: Fixup regs.sr broken in ptrace arm64/hugetlb: fix CMA gigantic page order for non-4K PAGE_SIZE drm/msm: Avoid potential overflow in timeout_to_jiffies() btrfs: unlock newly allocated extent buffer after error btrfs: deal with errors when replaying dir entry during log replay btrfs: deal with errors when adding inode reference during log replay btrfs: check for error when looking up inode during dir entry replay btrfs: update refs for any root except tree log roots btrfs: fix abort logic in btrfs_replace_file_extents x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails mei: me: add Ice Lake-N device id. USB: xhci: dbc: fix tty registration race xhci: guard accesses to ep_state in xhci_endpoint_reset() xhci: Fix command ring pointer corruption while aborting a command xhci: Enable trust tx length quirk for Fresco FL11 USB controller cb710: avoid NULL pointer subtraction efi/cper: use stack buffer for error record decoding efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() usb: musb: dsps: Fix the probe error path Input: xpad - add support for another USB ID of Nacon GC-100 USB: serial: qcserial: add EM9191 QDL support USB: serial: option: add Quectel EC200S-CN module support USB: serial: option: add Telit LE910Cx composition 0x1204 USB: serial: option: add prod. id for Quectel EG91 misc: fastrpc: Add missing lock before accessing find_vma() virtio: write back F_VERSION_1 before validate EDAC/armada-xp: Fix output of uncorrectable error counter nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically powerpc/xive: Discard disabled interrupts in get_irqchip_state() iio: adc: aspeed: set driver data when adc probe. drivers: bus: simple-pm-bus: Add support for probing simple bus only devices driver core: Reject pointless SYNC_STATE_ONLY device links iio: adc: ad7192: Add IRQ flag iio: adc: ad7780: Fix IRQ flag iio: adc: ad7793: Fix IRQ flag iio: adc128s052: Fix the error handling path of 'adc128_probe()' iio: adc: max1027: Fix wrong shift with 12-bit devices iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED iio: light: opt3001: Fixed timeout error when 0 lux iio: adc: max1027: Fix the number of max1X31 channels iio: ssp_sensors: add more range checking in ssp_parse_dataframe() iio: ssp_sensors: fix error code in ssp_print_mcu_debug() iio: dac: ti-dac5571: fix an error code in probe() tee: optee: Fix missing devices unregister during optee_remove ARM: dts: bcm2711-rpi-4-b: Fix usb's unit address ARM: dts: bcm2711: fix MDIO #address- and #size-cells ARM: dts: bcm2711-rpi-4-b: fix sd_io_1v8_reg regulator states ARM: dts: bcm2711-rpi-4-b: Fix pcie0's unit address formatting nvme-pci: Fix abort command id sctp: account stream padding length for reconf chunk gpio: pca953x: Improve bias setting net: arc: select CRC32 net: korina: select CRC32 net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp net: stmmac: fix get_hw_feature() on old hardware net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work net: encx24j600: check error in devm_regmap_init_encx24j600 ethernet: s2io: fix setting mac address during resume vhost-vdpa: Fix the wrong input in config_cb nfc: fix error handling of nfc_proto_register() NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() NFC: digital: fix possible memory leak in digital_in_send_sdd_req() pata_legacy: fix a couple uninitialized variable bugs ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() mlxsw: thermal: Fix out-of-bounds memory accesses platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes spi: bcm-qspi: clear MSPI spifie interrupt during probe drm/panel: olimex-lcd-olinuxino: select CRC32 drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read drm/msm: Fix null pointer dereference on pointer edp drm/msm/mdp5: fix cursor-related warnings drm/msm/a6xx: Track current ctx by seqno drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling acpi/arm64: fix next_platform_timer() section mismatch error platform/x86: intel_scu_ipc: Fix busy loop expiry time mqprio: Correct stats in mqprio_dump_class_stats(). qed: Fix missing error code in qed_slowpath_start() r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 nfp: flow_offload: move flow_indr_dev_register from app init to app start net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb ionic: don't remove netdev->dev_addr when syncing uc list net: dsa: mv88e6xxx: don't use PHY_DETECT on internal PHY's Linux 5.10.75 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I0c71baf6e376f0983e4a34d950c2bba7e226b564 |
||
|
Josef Bacik
|
0e32a2b85c |
btrfs: fix abort logic in btrfs_replace_file_extents
commit 4afb912f439c4bc4e6a4f3e7547f2e69e354108f upstream. Error injection testing uncovered a case where we'd end up with a corrupt file system with a missing extent in the middle of a file. This occurs because the if statement to decide if we should abort is wrong. The only way we would abort in this case is if we got a ret != -EOPNOTSUPP and we called from the file clone code. However the prealloc code uses this path too. Instead we need to abort if there is an error, and the only error we _don't_ abort on is -EOPNOTSUPP and only if we came from the clone file code. CC: stable@vger.kernel.org # 5.10+ Reviewed-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Josef Bacik
|
52924879ed |
btrfs: update refs for any root except tree log roots
commit d175209be04d7d263fa1a54cde7608c706c9d0d7 upstream. I hit a stuck relocation on btrfs/061 during my overnight testing. This turned out to be because we had left over extent entries in our extent root for a data reloc inode that no longer existed. This happened because in btrfs_drop_extents() we only update refs if we have SHAREABLE set or we are the tree_root. This regression was introduced by |
||
|
Filipe Manana
|
352349aa49 |
btrfs: check for error when looking up inode during dir entry replay
commit cfd312695b71df04c3a2597859ff12c470d1e2e4 upstream. At replay_one_name(), we are treating any error from btrfs_lookup_inode() as if the inode does not exists. Fix this by checking for an error and returning it to the caller. CC: stable@vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Filipe Manana
|
4ed68471bc |
btrfs: deal with errors when adding inode reference during log replay
commit 52db77791fe24538c8aa2a183248399715f6b380 upstream. At __inode_add_ref(), we treating any error returned from btrfs_lookup_dir_item() or from btrfs_lookup_dir_index_item() as meaning that there is no existing directory entry in the fs/subvolume tree. This is not correct since we can get errors such as, for example, -EIO when reading extent buffers while searching the fs/subvolume's btree. So fix that and return the error to the caller when it is not -ENOENT. CC: stable@vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Filipe Manana
|
95d3aba5fe |
btrfs: deal with errors when replaying dir entry during log replay
commit e15ac6413745e3def00e663de00aea5a717311c1 upstream. At replay_one_one(), we are treating any error returned from btrfs_lookup_dir_item() or from btrfs_lookup_dir_index_item() as meaning that there is no existing directory entry in the fs/subvolume tree. This is not correct since we can get errors such as, for example, -EIO when reading extent buffers while searching the fs/subvolume's btree. So fix that and return the error to the caller when it is not -ENOENT. CC: stable@vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Qu Wenruo
|
206868a5b6 |
btrfs: unlock newly allocated extent buffer after error
commit 19ea40dddf1833db868533958ca066f368862211 upstream. [BUG] There is a bug report that injected ENOMEM error could leave a tree block locked while we return to user-space: BTRFS info (device loop0): enabling ssd optimizations FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 7579 Comm: syz-executor Not tainted 5.15.0-rc1 #16 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8d/0xcf lib/dump_stack.c:106 fail_dump lib/fault-inject.c:52 [inline] should_fail+0x13c/0x160 lib/fault-inject.c:146 should_failslab+0x5/0x10 mm/slab_common.c:1328 slab_pre_alloc_hook.constprop.99+0x4e/0xc0 mm/slab.h:494 slab_alloc_node mm/slub.c:3120 [inline] slab_alloc mm/slub.c:3214 [inline] kmem_cache_alloc+0x44/0x280 mm/slub.c:3219 btrfs_alloc_delayed_extent_op fs/btrfs/delayed-ref.h:299 [inline] btrfs_alloc_tree_block+0x38c/0x670 fs/btrfs/extent-tree.c:4833 __btrfs_cow_block+0x16f/0x7d0 fs/btrfs/ctree.c:415 btrfs_cow_block+0x12a/0x300 fs/btrfs/ctree.c:570 btrfs_search_slot+0x6b0/0xee0 fs/btrfs/ctree.c:1768 btrfs_insert_empty_items+0x80/0xf0 fs/btrfs/ctree.c:3905 btrfs_new_inode+0x311/0xa60 fs/btrfs/inode.c:6530 btrfs_create+0x12b/0x270 fs/btrfs/inode.c:6783 lookup_open+0x660/0x780 fs/namei.c:3282 open_last_lookups fs/namei.c:3352 [inline] path_openat+0x465/0xe20 fs/namei.c:3557 do_filp_open+0xe3/0x170 fs/namei.c:3588 do_sys_openat2+0x357/0x4a0 fs/open.c:1200 do_sys_open+0x87/0xd0 fs/open.c:1216 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x34/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x46ae99 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f46711b9c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 RAX: ffffffffffffffda RBX: 000000000078c0a0 RCX: 000000000046ae99 RDX: 0000000000000000 RSI: 00000000000000a1 RDI: 0000000020005800 RBP: 00007f46711b9c80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 R13: 0000000000000000 R14: 000000000078c0a0 R15: 00007ffc129da6e0 ================================================ WARNING: lock held when returning to user space! 5.15.0-rc1 #16 Not tainted ------------------------------------------------ syz-executor/7579 is leaving the kernel with locks still held! 1 lock held by syz-executor/7579: #0: ffff888104b73da8 (btrfs-tree-01/1){+.+.}-{3:3}, at: __btrfs_tree_lock+0x2e/0x1a0 fs/btrfs/locking.c:112 [CAUSE] In btrfs_alloc_tree_block(), after btrfs_init_new_buffer(), the new extent buffer @buf is locked, but if later operations like adding delayed tree ref fail, we just free @buf without unlocking it, resulting above warning. [FIX] Unlock @buf in out_free_buf: label. Reported-by: Hao Sun <sunhao.th@gmail.com> Link: https://lore.kernel.org/linux-btrfs/CACkBjsZ9O6Zr0KK1yGn=1rQi6Crh1yeCRdTSBxx9R99L4xdn-Q@mail.gmail.com/ CC: stable@vger.kernel.org # 5.4+ Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
d306ef529c |
This is the 5.10.72 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmFhkHIACgkQONu9yGCS aT71tg/9H5raC+vzSNbv+IqXb7NDvNBTAKIYqZGfqlVzkPO53UJ5lCsjNkA8nV2J zeYsF20Cmc5labconbe2i4AkBegGvPhYYOvB5hN/8kOdy/4cFDtYKCh5MtK4LjJp kx/7u5hvJThbF3k5l3aNJtgP9osMH9oVAegtcDiaRXBLcpbW+h3Y/u05mcFWkyRC ixiQDZBeuiwLfLr8kiNpQj8SlO+/yZKBp6hnPQ8I3uxA2V/rJQKpiHUj0jIa/XDA KzeAoRuKSao1AIttgolNBVGPscoqDAHgJplfDkbqK0XZpZG7cQP3tcKA7LbD26ge QGehpekyyeMTsUELB4msY02CxUIdmhGiRdRvhXiDjsbcrOr1fDmYV2kbdZIGIvec 7BQuqUXlcSVfLDDFe6rbqPgcY8lIoer0jKe1ocGlaPwOGNRbQreFR6ZxhteW/MQk fv5cfye1GpB83xcvvSpTu58IxxiP/SvhlqApkBMIE4Q5l+yixud8YEUpZmWE/Ppk uxE2BEFZ+qKhUw1mmK3YHoM1BEw/QvL2rKuxg9Vv90UJHBHatwsVOM4EKeNfrCe7 uiIrReDwiNJgdFv8E178uFZuzkxJEnrs6TMzeNTRAtyFBE17VpIXCxm2sJLPr4U0 Ixfj+3A5tboBI90zOFLJeVmgzBDKB5JN2B1ADxBjxXgqJ09qHTs= =t0Zc -----END PGP SIGNATURE----- Merge 5.10.72 into android12-5.10-lts Changes in 5.10.72 spi: rockchip: handle zero length transfers without timing out platform/x86: touchscreen_dmi: Add info for the Chuwi HiBook (CWI514) tablet platform/x86: touchscreen_dmi: Update info for the Chuwi Hi10 Plus (CWI527) tablet nfsd: back channel stuck in SEQ4_STATUS_CB_PATH_DOWN btrfs: replace BUG_ON() in btrfs_csum_one_bio() with proper error handling btrfs: fix mount failure due to past and transient device flush error net: mdio: introduce a shutdown method to mdio device drivers xen-netback: correct success/error reporting for the SKB-with-fraglist case sparc64: fix pci_iounmap() when CONFIG_PCI is not set ext2: fix sleeping in atomic bugs on error scsi: sd: Free scsi_disk device via put_device() usb: testusb: Fix for showing the connection speed usb: dwc2: check return value after calling platform_get_resource() habanalabs/gaudi: fix LBW RR configuration selftests: be sure to make khdr before other targets selftests:kvm: fix get_warnings_count() ignoring fscanf() return warn nvme-fc: update hardware queues before using them nvme-fc: avoid race between time out and tear down thermal/drivers/tsens: Fix wrong check for tzd in irq handlers scsi: ses: Retry failed Send/Receive Diagnostic commands irqchip/gic: Work around broken Renesas integration smb3: correct smb3 ACL security descriptor tools/vm/page-types: remove dependency on opt_file for idle page tracking selftests: KVM: Align SMCCC call with the spec in steal_time KVM: do not shrink halt_poll_ns below grow_start kvm: x86: Add AMD PMU MSRs to msrs_to_save_all[] KVM: x86: nSVM: restore int_vector in svm_clear_vintr perf/x86: Reset destroy callback on event init failure libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. Linux 5.10.72 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I9358a2f80cce03b61fd003405e1c78433644015c |
||
|
Filipe Manana
|
63c89930d4 |
btrfs: fix mount failure due to past and transient device flush error
[ Upstream commit 6b225baababf1e3d41a4250e802cbd193e1343fb ] When we get an error flushing one device, during a super block commit, we record the error in the device structure, in the field 'last_flush_error'. This is used to later check if we should error out the super block commit, depending on whether the number of flush errors is greater than or equals to the maximum tolerated device failures for a raid profile. However if we get a transient device flush error, unmount the filesystem and later try to mount it, we can fail the mount because we treat that past error as critical and consider the device is missing. Even if it's very likely that the error will happen again, as it's probably due to a hardware related problem, there may be cases where the error might not happen again. One example is during testing, and a test case like the new generic/648 from fstests always triggers this. The test cases generic/019 and generic/475 also trigger this scenario, but very sporadically. When this happens we get an error like this: $ mount /dev/sdc /mnt mount: /mnt wrong fs type, bad option, bad superblock on /dev/sdc, missing codepage or helper program, or other error. $ dmesg (...) [12918.886926] BTRFS warning (device sdc): chunk 13631488 missing 1 devices, max tolerance is 0 for writable mount [12918.888293] BTRFS warning (device sdc): writable mount is not allowed due to too many missing devices [12918.890853] BTRFS error (device sdc): open_ctree failed The failure happens because when btrfs_check_rw_degradable() is called at mount time, or at remount from RO to RW time, is sees a non zero value in a device's ->last_flush_error attribute, and therefore considers that the device is 'missing'. Fix this by setting a device's ->last_flush_error to zero when we close a device, making sure the error is not seen on the next mount attempt. We only need to track flush errors during the current mount, so that we never commit a super block if such errors happened. Signed-off-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Qu Wenruo
|
50628b06e6 |
btrfs: replace BUG_ON() in btrfs_csum_one_bio() with proper error handling
[ Upstream commit bbc9a6eb5eec03dcafee266b19f56295e3b2aa8f ] There is a BUG_ON() in btrfs_csum_one_bio() to catch code logic error. It has indeed caught several bugs during subpage development. But the BUG_ON() itself will bring down the whole system which is an overkill. Replace it with a WARN() and exit gracefully, so that it won't crash the whole system while we can still catch the code logic error. Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
dcf0824c26 |
Revert "treewide: Change list_sort to use const pointers"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
d69751309b |
This is the 5.10.70 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmFVcUcACgkQONu9yGCS aT4/Mw//b3IUn6Vy0r8Jc6MsU16U+UY0Rb6o8X6J5V7PXMI2RuHIf6+AXm4CDLPZ jpsgaPB3nSYUz63+b699kB6IZiUTbij8r0O/Yjy1p2/Z6HoDgSOX8WvU25kTO697 MWxZT25Nj8sZzigPuXw1zy1ioZCdeGlRGXrDAoeZt8OL8TMd78eSLISYNQYv38L6 Sg3TbtumEwjfZe3FeyzPA82Qc1jlsZ2ViKJ+E/BC74TJ9DBS5K+uMUzDwDyJEIaB MwswdjvQIbK5cN+uux6Ok3v4/6/bIKeouYkpLnQvnNtIrn8hk8FXO6OamU6XwTGl oI26Hu5mjL2WecHvpQJCcn6h8L0w/dMfQPg2b/m1gJ5l58NJobFS3Uy1bMaGlJic L1K2ZFPHQd+CR9Lvz/umiXqaBgL2K4QKKi28TrWxMgKatrMeip3Lo8krxNuxm0/Z VpJIsOajWkgf3n5HuQ/zfFGl+YUcjtBUqxO+WR3ocTLlN3kcG6ZjEMxHPK8VYmIr Yp4s+WyU7uRlGhSy6UpWI78AHcijx5WKS5n25ZI56VJRi38Qxgb3Q+EZ6vlpJuvh yTCgvjwi4FzLWXeYRR/RXpwzvwS8t5TKJT355ufjqZaAtQk/vE27deFdQs6B7Hqy 17KvN8UjycbWKUXX/zM1CcU6ikXgj/h+q3+kAe99kldpEphjpMs= =vyz1 -----END PGP SIGNATURE----- Merge 5.10.70 into android12-5.10-lts Changes in 5.10.70 PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response ocfs2: drop acl cache for directories too mm: fix uninitialized use in overcommit_policy_handler usb: gadget: r8a66597: fix a loop in set_feature() usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() cifs: fix incorrect check for null pointer in header_assemble xen/x86: fix PV trap handling on secondary processors usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter USB: cdc-acm: fix minor-number release Revert "USB: bcma: Add a check for devm_gpiod_get" binder: make sure fd closes complete staging: greybus: uart: fix tty use after free Re-enable UAS for LaCie Rugged USB3-FW with fk quirk usb: dwc3: core: balance phy init and exit usb: core: hcd: Add support for deferring roothub registration USB: serial: mos7840: remove duplicated 0xac24 device ID USB: serial: option: add Telit LN920 compositions USB: serial: option: remove duplicate USB device ID USB: serial: option: add device id for Foxconn T99W265 mcb: fix error handling in mcb_alloc_bus() erofs: fix up erofs_lookup tracepoint btrfs: prevent __btrfs_dump_space_info() to underflow its free space xhci: Set HCD flag to defer primary roothub registration serial: 8250: 8250_omap: Fix RX_LVL register offset serial: mvebu-uart: fix driver's tx_empty callback scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE drm/amd/pm: Update intermediate power state for SI net: hso: fix muxed tty registration comedi: Fix memory leak in compat_insnlist() afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation afs: Fix updating of i_blocks on file/dir extension platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR() enetc: Fix illegal access when reading affinity_hint enetc: Fix uninitialized struct dim_sample field usage bnxt_en: Fix TX timeout when TX ring size is set to the smallest net: hns3: fix change RSS 'hfunc' ineffective issue net: hns3: check queue id range before using net/smc: add missing error check in smc_clc_prfx_set() net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work net: dsa: don't allocate the slave_mii_bus using devres net: dsa: realtek: register the MDIO bus under devres kselftest/arm64: signal: Add SVE to the set of features we can check for kselftest/arm64: signal: Skip tests if required features are missing s390/qeth: fix NULL deref in qeth_clear_working_pool_list() gpio: uniphier: Fix void functions to remove return value qed: rdma - don't wait for resources under hw error recovery flow net/mlx4_en: Don't allow aRFS for encapsulated packets atlantic: Fix issue in the pm resume flow. scsi: iscsi: Adjust iface sysfs attr detection scsi: target: Fix the pgr/alua_support_store functions tty: synclink_gt, drop unneeded forward declarations tty: synclink_gt: rename a conflicting function name fpga: machxo2-spi: Return an error on failure fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() nvme-tcp: fix incorrect h2cdata pdu offset accounting treewide: Change list_sort to use const pointers nvme: keep ctrl->namespaces ordered thermal/core: Potential buffer overflow in thermal_build_list_of_policies() cifs: fix a sign extension bug scsi: qla2xxx: Restore initiator in dual mode scsi: lpfc: Use correct scnprintf() limit irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build irqchip/gic-v3-its: Fix potential VPE leak on error md: fix a lock order reversal in md_alloc x86/asm: Add a missing __iomem annotation in enqcmds() x86/asm: Fix SETZ size enqcmds() build failure io_uring: put provided buffer meta data under memcg accounting blktrace: Fix uaf in blk_trace access after removing by sysfs net: phylink: Update SFP selected interface on advertising changes net: macb: fix use after free on rmmod net: stmmac: allow CSR clock of 300MHz blk-mq: avoid to iterate over stale request m68k: Double cast io functions to unsigned long ipv6: delay fib6_sernum increase in fib6_add cpufreq: intel_pstate: Override parameters if HWP forced by BIOS bpf: Add oversize check before call kvcalloc() xen/balloon: use a kernel thread instead a workqueue nvme-multipath: fix ANA state updates when a namespace is not present nvme-rdma: destroy cm id before destroy qp to avoid use after free sparc32: page align size in arch_dma_alloc amd/display: downgrade validation failure log level block: check if a profile is actually registered in blk_integrity_unregister block: flush the integrity workqueue in blk_integrity_unregister blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd compiler.h: Introduce absolute_pointer macro net: i825xx: Use absolute_pointer for memcpy from fixed memory location sparc: avoid stringop-overread errors qnx4: avoid stringop-overread errors parisc: Use absolute_pointer() to define PAGE0 arm64: Mark __stack_chk_guard as __ro_after_init alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile net: 6pack: Fix tx timeout and slot time spi: Fix tegra20 build with CONFIG_PM=n EDAC/synopsys: Fix wrong value type assignment for edac_mode EDAC/dmc520: Assign the proper type to dimm->edac_mode thermal/drivers/int340x: Do not set a wrong tcc offset on resume USB: serial: cp210x: fix dropped characters with CP2102 xen/balloon: fix balloon kthread freezing qnx4: work around gcc false positive warning bug Linux 5.10.70 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I0be3ab08ab5dd724a79c5c5ff8e49c18d2666193 |
||
|
Greg Kroah-Hartman
|
33740c9227 |
This is the 5.10.69 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmFQYu4ACgkQONu9yGCS aT6vFQ//VgOxH4RGBJ8cVUgCR7t2XiShhs2xqPJRaYe2nnl318aNvuTJFOXKa5gg gD6jhdnInBpO1iD4An/WJLZ+EO8+CDEYezsMBV7SaORR2NlOxprxig/VZKmlBHSq b2h2itA4yfa0BtPbFF2SzA6V7PtKygquCFloUQtJbgwiinNlVx4oS+8jDPgd9R9S z0AffSTnxBLXh6rc+Hn7CsFap6Ob9CiX/ZMJPxK7c5cn+/aGweL1DYVxWiBmYpC9 ynzw6blR2wjvhLkKEc3y/pZqxG1XmF9yG0kYkIK2Oajw7hfjVLIT2O6edugmmufU LbsOfL7BOJrmdd1M8B1pZcGt8qaCfD0RS5LiSxf/aNLOklpS5CpeiMdRqiPEqvqN PZV4MUjG1ra59DMBHTr3OmugRwZBBc156dahccDEecVE0yYqYeHmYfsYoo06EqTA kpOGGRAjA46xmQLqPbyxBtdaIryiHHM2E72zhKgK9JA9EtOSrOCYXc6ltsBzPB69 9LIvrfevvrbsQGXKZ4Zw5DcYaA0VGVutO3ixEiPH4TJGco9rFW4NeHQK8wk1NE0D ilFUcf0MRaI1XkjjlgEua3oC8o6rKDd8GhooukWx/ItWMytw+5JUMpYHBa9aA2yU ev31m/YEscrveY4Nml2sDhzH3R+vRrLdTOYh7RwIb3UvqkYLb4Y= =d1XJ -----END PGP SIGNATURE----- Merge 5.10.69 into android12-5.10-lts Changes in 5.10.69 PCI: pci-bridge-emul: Add PCIe Root Capabilities Register PCI: aardvark: Fix reporting CRS value console: consume APC, DM, DCS s390/pci_mmio: fully validate the VMA before calling follow_pte() ARM: Qualify enabling of swiotlb_init() ARM: 9077/1: PLT: Move struct plt_entries definition to header ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() ARM: 9079/1: ftrace: Add MODULE_PLTS support ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE Revert "net/mlx5: Register to devlink ingress VLAN filter trap" sctp: validate chunk size in __rcv_asconf_lookup sctp: add param size validation for SCTP_PARAM_SET_PRIMARY staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() coredump: fix memleak in dump_vma_snapshot() um: virtio_uml: fix memory leak on init failures dmaengine: acpi: Avoid comparison GSI with Linux vIRQ perf test: Fix bpf test sample mismatch reporting tools lib: Adopt memchr_inv() from kernel perf tools: Allow build-id with trailing zeros thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() 9p/trans_virtio: Remove sysfs file on probe failure prctl: allow to setup brk for et_dyn executables nilfs2: use refcount_dec_and_lock() to fix potential UAF profiling: fix shift-out-of-bounds bugs PM: sleep: core: Avoid setting power.must_resume to false pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered pwm: mxs: Don't modify HW state in .probe() after the PWM chip was registered dmaengine: idxd: fix wq slot allocation index check platform/chrome: sensorhub: Add trace events for sample platform/chrome: cros_ec_trace: Fix format warnings ceph: allow ceph_put_mds_session to take NULL or ERR_PTR ceph: cancel delayed work instead of flushing on mdsc teardown Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH tools/bootconfig: Fix tracing_on option checking in ftrace2bconf.sh thermal/core: Fix thermal_cooling_device_register() prototype drm/amdgpu: Disable PCIE_DPM on Intel RKL Platform drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER parisc: Move pci_dev_is_behind_card_dino to where it is used iommu/amd: Relocate GAMSup check to early_enable_iommus dmaengine: idxd: depends on !UML dmaengine: sprd: Add missing MODULE_DEVICE_TABLE dmaengine: ioat: depends on !UML dmaengine: xilinx_dma: Set DMA mask for coherent APIs ceph: request Fw caps before updating the mtime in ceph_write_iter ceph: remove the capsnaps when removing caps ceph: lockdep annotations for try_nonblocking_invalidate btrfs: update the bdev time directly when closing btrfs: fix lockdep warning while mounting sprout fs nilfs2: fix memory leak in nilfs_sysfs_create_device_group nilfs2: fix NULL pointer in nilfs_##name##_attr_release nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group habanalabs: add validity check for event ID received from F/W pwm: img: Don't modify HW state in .remove() callback pwm: rockchip: Don't modify HW state in .remove() callback pwm: stm32-lp: Don't modify HW state in .remove() callback blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() blk-mq: allow 4x BLK_MAX_REQUEST_COUNT at blk_plug for multiple_queues rtc: rx8010: select REGMAP_I2C sched/idle: Make the idle timer expire in hard interrupt context drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV Linux 5.10.69 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I982349e3a65b83e92e9b808154bf8c84d094f1d6 |
||
|
Greg Kroah-Hartman
|
beafee90ec |
This is the 5.10.68 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmFLB58ACgkQONu9yGCS
aT7uAhAAraX1qVdfkq3g4w9jaURkiR/Z1LbPqjMswIojApmcXV3e0mUtEWxBBEJT
o/uId9KUr/OrfAN++DO+9iLmPIjZHW+49I+CeHcDS95PdeWSKxZ3HBPUqK8uX8tU
QdPjh2PVL7Kkzbgi65RWeTOERHLlEj6qo21xu4W9QuwmZZojEB8xVP9BB/U6p84Q
KYPX+zyGUo9NgsaVTwOXxZzyT8JgcfEUKg0F4nHeNJxEh106dN2XgZpq+GvB7Hq7
koDy/dg2I4hS++Ds/Fjz9wQrgcvw3WSo3pUZzyTS2zfrcefLjqDVWzSY/1Ttd4b9
B7Lw7WiEgbX75EFXX8RgCrmNSsNW8pnFyR2URoOfFD6ckJNj/XCPVV+tfiSfAnH5
vlOQOicjtr/yFeOfhre8U4pTBWXk9BYscJyzNp/wScaExHXXkI+HYi92cbbTWKCU
/ig1RmIqTATdFAXjukHUqt6QzI1iqPtTQCGd99AhaBGq0Hb8OK2HponzBOpQvAHb
xaEMSL9YsJhoAux+n+R95FQKCk2KrjgX8Bczyuj2OAL5jeST10fWrYe6DflSta5K
9fNWmyjegpQEcmtDidQ7HH81Fy793S/34R8FQ4y1zPEi1A0yH//FO2lA8dS4Rdvo
ho7l7W+Hd/Ut67P0b7OFz2znw0T4OqMF6Il30q88pOfcis2TfNs=
=2XgB
-----END PGP SIGNATURE-----
Merge 5.10.68 into android12-5.10-lts
Changes in 5.10.68
drm/bridge: lt9611: Fix handling of 4k panels
btrfs: fix upper limit for max_inline for page size 64K
io_uring: ensure symmetry in handling iter types in loop_rw_iter()
xen: reset legacy rtc flag for PV domU
bnx2x: Fix enabling network interfaces without VFs
arm64/sve: Use correct size when reinitialising SVE state
PM: base: power: don't try to use non-existing RTC for storing data
PCI: Add AMD GPU multi-function power dependencies
drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10
drm/etnaviv: return context from etnaviv_iommu_context_get
drm/etnaviv: put submit prev MMU context when it exists
drm/etnaviv: stop abusing mmu_context as FE running marker
drm/etnaviv: keep MMU context across runtime suspend/resume
drm/etnaviv: exec and MMU state is lost when resetting the GPU
drm/etnaviv: fix MMU context leak on GPU reset
drm/etnaviv: reference MMU context when setting up hardware state
drm/etnaviv: add missing MMU context put when reaping MMU mapping
s390/sclp: fix Secure-IPL facility detection
x86/pat: Pass valid address to sanitize_phys()
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
tipc: fix an use-after-free issue in tipc_recvmsg
ethtool: Fix rxnfc copy to user buffer overflow
net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert
net-caif: avoid user-triggerable WARN_ON(1)
ptp: dp83640: don't define PAGE0
dccp: don't duplicate ccid when cloning dccp sock
net/l2tp: Fix reference count leak in l2tp_udp_recv_core
r6040: Restore MDIO clock frequency after MAC reset
tipc: increase timeout in tipc_sk_enqueue()
drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused
perf machine: Initialize srcline string member in add_location struct
net/mlx5: FWTrace, cancel work on alloc pd error flow
net/mlx5: Fix potential sleeping in atomic context
nvme-tcp: fix io_work priority inversion
events: Reuse value read using READ_ONCE instead of re-reading it
net: ipa: initialize all filter table slots
gen_compile_commands: fix missing 'sys' package
vhost_net: fix OoB on sendmsg() failure.
net/af_unix: fix a data-race in unix_dgram_poll
net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup
x86/uaccess: Fix 32-bit __get_user_asm_u64() when CC_HAS_ASM_GOTO_OUTPUT=y
tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
selftest: net: fix typo in altname test
qed: Handle management FW error
udp_tunnel: Fix udp_tunnel_nic work-queue type
dt-bindings: arm: Fix Toradex compatible typo
ibmvnic: check failover_pending in login response
KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers
bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem()
net: hns3: pad the short tunnel frame before sending to hardware
net: hns3: change affinity_mask to numa node range
net: hns3: disable mac in flr process
net: hns3: fix the timing issue of VF clearing interrupt sources
mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
mfd: db8500-prcmu: Adjust map to reality
PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
fuse: fix use after free in fuse_read_interrupt()
PCI: tegra194: Fix handling BME_CHGED event
PCI: tegra194: Fix MSI-X programming
PCI: tegra: Fix OF node reference leak
mfd: Don't use irq_create_mapping() to resolve a mapping
PCI: rcar: Fix runtime PM imbalance in rcar_pcie_ep_probe()
tracing/probes: Reject events which have the same name of existing one
PCI: cadence: Use bitfield for *quirk_retrain_flag* instead of bool
PCI: cadence: Add quirk flag to set minimum delay in LTSSM Detect.Quiet state
PCI: j721e: Add PCIe support for J7200
PCI: j721e: Add PCIe support for AM64
PCI: Add ACS quirks for Cavium multi-function devices
watchdog: Start watchdog in watchdog_set_last_hw_keepalive only if appropriate
octeontx2-af: Add additional register check to rvu_poll_reg()
Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6
net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
block, bfq: honor already-setup queue merges
PCI: ibmphp: Fix double unmap of io_mem
ethtool: Fix an error code in cxgb2.c
NTB: Fix an error code in ntb_msit_probe()
NTB: perf: Fix an error code in perf_setup_inbuf()
s390/bpf: Fix optimizing out zero-extensions
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
s390/bpf: Fix branch shortening during codegen pass
mfd: axp20x: Update AXP288 volatile ranges
backlight: ktd253: Stabilize backlight
PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing 'ranges'
PCI: iproc: Fix BCMA probe resource handling
netfilter: Fix fall-through warnings for Clang
netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex
KVM: arm64: Restrict IPA size to maximum 48 bits on 4K and 16K page size
PCI: Fix pci_dev_str_match_path() alloc while atomic bug
mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
tracing/boot: Fix a hist trigger dependency for boot time tracing
mtd: mtdconcat: Judge callback existence based on the master
mtd: mtdconcat: Check _read, _write callbacks existence before assignment
KVM: arm64: Fix read-side race on updates to vcpu reset state
KVM: arm64: Handle PSCI resets before userspace touches vCPU state
PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
ARC: export clear_user_page() for modules
perf unwind: Do not overwrite FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64}
perf bench inject-buildid: Handle writen() errors
gpio: mpc8xxx: Fix a resources leak in the error handling path of 'mpc8xxx_probe()'
gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak
net: dsa: tag_rtl4_a: Fix egress tags
selftests: mptcp: clean tmp files in simult_flows
net: hso: add failure handler for add_net_device
net: dsa: b53: Fix calculating number of switch ports
net: dsa: b53: Set correct number of ports in the DSA struct
netfilter: socket: icmp6: fix use-after-scope
fq_codel: reject silly quantum parameters
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
ip_gre: validate csum_start only on pull
net: dsa: b53: Fix IMP port setup on BCM5301x
bnxt_en: fix stored FW_PSID version masks
bnxt_en: Fix asic.rev in devlink dev info command
bnxt_en: log firmware debug notifications
bnxt_en: Consolidate firmware reset event logging.
bnxt_en: Convert to use netif_level() helpers.
bnxt_en: Improve logging of error recovery settings information.
bnxt_en: Fix possible unintended driver initiated error recovery
mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000"
mfd: lpc_sch: Rename GPIOBASE to prevent build error
net: renesas: sh_eth: Fix freeing wrong tx descriptor
x86/mce: Avoid infinite loop for copy from user recovery
bnxt_en: Fix error recovery regression
net: dsa: bcm_sf2: Fix array overrun in bcm_sf2_num_active_ports()
Linux 5.10.68
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I542f48f8de516dcabce91d3d399583483aba0da7
|
||
|
Greg Kroah-Hartman
|
08ed4cb090 |
Merge 5.10.67 into android12-5.10-lts
Changes in 5.10.67
rtc: tps65910: Correct driver module alias
io_uring: limit fixed table size by RLIMIT_NOFILE
io_uring: place fixed tables under memcg limits
io_uring: add ->splice_fd_in checks
io_uring: fail links of cancelled timeouts
io-wq: fix wakeup race when adding new work
btrfs: wake up async_delalloc_pages waiters after submit
btrfs: reset replace target device to allocation state on close
blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
PCI/MSI: Skip masking MSI-X on Xen PV
powerpc/perf/hv-gpci: Fix counter value parsing
xen: fix setting of max_pfn in shared_info
9p/xen: Fix end of loop tests for list_for_each_entry
ceph: fix dereference of null pointer cf
selftests/ftrace: Fix requirement check of README file
tools/thermal/tmon: Add cross compiling support
clk: socfpga: agilex: fix the parents of the psi_ref_clk
clk: socfpga: agilex: fix up s2f_user0_clk representation
clk: socfpga: agilex: add the bypass register for s2f_usr0 clock
pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
pinctrl: ingenic: Fix incorrect pull up/down info
soc: qcom: aoss: Fix the out of bound usage of cooling_devs
soc: aspeed: lpc-ctrl: Fix boundary check for mmap
soc: aspeed: p2a-ctrl: Fix boundary check for mmap
arm64: mm: Fix TLBI vs ASID rollover
arm64: head: avoid over-mapping in map_memory
iio: ltc2983: fix device probe
wcn36xx: Ensure finish scan is not requested before start scan
crypto: public_key: fix overflow during implicit conversion
block: bfq: fix bfq_set_next_ioprio_data()
power: supply: max17042: handle fails of reading status register
dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
crypto: ccp - shutdown SEV firmware on kexec
VMCI: fix NULL pointer dereference when unmapping queue pair
media: uvc: don't do DMA on stack
media: rc-loopback: return number of emitters rather than error
s390/qdio: fix roll-back after timeout on ESTABLISH ccw
s390/qdio: cancel the ESTABLISH ccw after timeout
Revert "dmaengine: imx-sdma: refine to load context only once"
dmaengine: imx-sdma: remove duplicated sdma_load_context
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
ARM: 9105/1: atags_to_fdt: don't warn about stack size
f2fs: fix to do sanity check for sb/cp fields correctly
PCI/portdrv: Enable Bandwidth Notification only if port supports it
PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
PCI: xilinx-nwl: Enable the clock through CCF
PCI: aardvark: Configure PCIe resources from 'ranges' DT property
PCI: Export pci_pio_to_address() for module use
PCI: aardvark: Fix checking for PIO status
PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
HID: input: do not report stylus battery state as "full"
f2fs: quota: fix potential deadlock
pinctrl: remove empty lines in pinctrl subsystem
pinctrl: armada-37xx: Correct PWM pins definitions
scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
clk: rockchip: drop GRF dependency for rk3328/rk3036 pll types
IB/hfi1: Adjust pkey entry in index 0
RDMA/iwcm: Release resources if iw_cm module initialization fails
docs: Fix infiniband uverbs minor number
scsi: BusLogic: Use %X for u32 sized integer rather than %lX
pinctrl: samsung: Fix pinctrl bank pin count
vfio: Use config not menuconfig for VFIO_NOIOMMU
scsi: ufs: Fix memory corruption by ufshcd_read_desc_param()
cpuidle: pseries: Fixup CEDE0 latency only for POWER10 onwards
powerpc/stacktrace: Include linux/delay.h
RDMA/efa: Remove double QP type assignment
RDMA/mlx5: Delete not-available udata check
cpuidle: pseries: Mark pseries_idle_proble() as __init
f2fs: reduce the scope of setting fsck tag when de->name_len is zero
openrisc: don't printk() unconditionally
dma-debug: fix debugfs initialization order
NFSv4/pNFS: Fix a layoutget livelock loop
NFSv4/pNFS: Always allow update of a zero valued layout barrier
NFSv4/pnfs: The layout barrier indicate a minimal value for the seqid
SUNRPC: Fix potential memory corruption
SUNRPC/xprtrdma: Fix reconnection locking
SUNRPC query transport's source port
sunrpc: Fix return value of get_srcport()
scsi: fdomain: Fix error return code in fdomain_probe()
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
powerpc/numa: Consider the max NUMA node for migratable LPAR
scsi: smartpqi: Fix an error code in pqi_get_raid_map()
scsi: qedi: Fix error codes in qedi_alloc_global_queues()
scsi: qedf: Fix error codes in qedf_alloc_global_queues()
powerpc/config: Renable MTD_PHYSMAP_OF
iommu/vt-d: Update the virtual command related registers
HID: i2c-hid: Fix Elan touchpad regression
clk: imx8m: fix clock tree update of TF-A managed clocks
KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines
scsi: ufs: ufs-exynos: Fix static checker warning
KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live
platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call
powerpc/smp: Update cpu_core_map on all PowerPc systems
RDMA/hns: Fix QP's resp incomplete assignment
fscache: Fix cookie key hashing
clk: at91: clk-generated: Limit the requested rate to our range
KVM: PPC: Fix clearing never mapped TCEs in realmode
soc: mediatek: cmdq: add address shift in jump
f2fs: fix to account missing .skipped_gc_rwsem
f2fs: fix unexpected ENOENT comes from f2fs_map_blocks()
f2fs: fix to unmap pages from userspace process in punch_hole()
f2fs: deallocate compressed pages when error happens
f2fs: should put a page beyond EOF when preparing a write
MIPS: Malta: fix alignment of the devicetree buffer
kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y
userfaultfd: prevent concurrent API initialization
drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET
drm/amdgpu: Fix amdgpu_ras_eeprom_init()
ASoC: atmel: ATMEL drivers don't need HAS_DMA
media: dib8000: rewrite the init prbs logic
libbpf: Fix reuse of pinned map on older kernel
x86/hyperv: fix for unwanted manipulation of sched_clock when TSC marked unstable
crypto: mxs-dcp - Use sg_mapping_iter to copy data
PCI: Use pci_update_current_state() in pci_enable_device_flags()
tipc: keep the skb in rcv queue until the whole data is read
net: phy: Fix data type in DP83822 dp8382x_disable_wol()
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
iavf: do not override the adapter state in the watchdog task
iavf: fix locking of critical sections
ARM: dts: qcom: apq8064: correct clock names
video: fbdev: kyro: fix a DoS bug by restricting user input
netlink: Deal with ESRCH error in nlmsg_notify()
Smack: Fix wrong semantics in smk_access_entry()
drm: avoid blocking in drm_clients_info's rcu section
drm: serialize drm_file.master with a new spinlock
drm: protect drm_master pointers in drm_lease.c
rcu: Fix macro name CONFIG_TASKS_RCU_TRACE
igc: Check if num of q_vectors is smaller than max before array access
usb: host: fotg210: fix the endpoint's transactional opportunities calculation
usb: host: fotg210: fix the actual_length of an iso packet
usb: gadget: u_ether: fix a potential null pointer dereference
USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
usb: gadget: composite: Allow bMaxPower=0 if self-powered
staging: board: Fix uninitialized spinlock when attaching genpd
tty: serial: jsm: hold port lock when reporting modem line changes
bus: fsl-mc: fix mmio base address for child DPRCs
selftests: firmware: Fix ignored return val of asprintf() warn
drm/amd/display: Fix timer_per_pixel unit error
media: hantro: vp8: Move noisy WARN_ON to vpu_debug
media: platform: stm32: unprepare clocks at handling errors in probe
media: atomisp: Fix runtime PM imbalance in atomisp_pci_probe
media: atomisp: pci: fix error return code in atomisp_pci_probe()
nfp: fix return statement in nfp_net_parse_meta()
ethtool: improve compat ioctl handling
drm/amdgpu: Fix a printing message
drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
bpf/tests: Fix copy-and-paste error in double word test
bpf/tests: Do not PASS tests without actually testing the result
drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit
arm64: dts: allwinner: h6: tanix-tx6: Fix regulator node names
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: riva: Error out if 'pixclock' equals zero
ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
flow_dissector: Fix out-of-bounds warnings
s390/jump_label: print real address in a case of a jump label bug
s390: make PCI mio support a machine flag
serial: 8250: Define RX trigger levels for OxSemi 950 devices
xtensa: ISS: don't panic in rs_init
hvsi: don't panic on tty_register_driver failure
serial: 8250_pci: make setup_port() parameters explicitly unsigned
staging: ks7010: Fix the initialization of the 'sleep_status' structure
samples: bpf: Fix tracex7 error raised on the missing argument
libbpf: Fix race when pinning maps in parallel
ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
Bluetooth: skip invalid hci_sync_conn_complete_evt
workqueue: Fix possible memory leaks in wq_numa_init()
ARM: dts: stm32: Set {bitclock,frame}-master phandles on DHCOM SoM
ARM: dts: stm32: Set {bitclock,frame}-master phandles on ST DKx
ARM: dts: stm32: Update AV96 adv7513 node per dtbs_check
bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler()
ARM: dts: at91: use the right property for shutdown controller
arm64: tegra: Fix Tegra194 PCIe EP compatible string
ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output
ASoC: Intel: update sof_pcm512x quirks
media: imx258: Rectify mismatch of VTS value
media: imx258: Limit the max analogue gain to 480
media: v4l2-dv-timings.c: fix wrong condition in two for-loops
media: TDA1997x: fix tda1997x_query_dv_timings() return value
media: tegra-cec: Handle errors of clk_prepare_enable()
gfs2: Fix glock recursion in freeze_go_xmote_bh
arm64: dts: qcom: sdm630: Rewrite memory map
arm64: dts: qcom: sdm630: Fix TLMM node and pinctrl configuration
serial: 8250_omap: Handle optional overrun-throttle-ms property
ARM: dts: imx53-ppd: Fix ACHC entry
arm64: dts: qcom: ipq8074: fix pci node reg property
arm64: dts: qcom: sdm660: use reg value for memory node
arm64: dts: qcom: ipq6018: drop '0x' from unit address
arm64: dts: qcom: sdm630: don't use underscore in node name
arm64: dts: qcom: msm8994: don't use underscore in node name
arm64: dts: qcom: msm8996: don't use underscore in node name
arm64: dts: qcom: sm8250: Fix epss_l3 unit address
nvmem: qfprom: Fix up qfprom_disable_fuse_blowing() ordering
net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
drm/msm: mdp4: drop vblank get/put from prepare/complete_commit
drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660
drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock
drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers
thunderbolt: Fix port linking by checking all adapters
drm/amd/display: fix missing writeback disablement if plane is removed
drm/amd/display: fix incorrect CM/TF programming sequence in dwb
selftests/bpf: Fix xdp_tx.c prog section name
drm/vmwgfx: fix potential UAF in vmwgfx_surface.c
Bluetooth: schedule SCO timeouts with delayed_work
Bluetooth: avoid circular locks in sco_sock_connect
drm/msm/dp: return correct edid checksum after corrupted edid checksum read
net/mlx5: Fix variable type to match 64bit
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
drm/display: fix possible null-pointer dereference in dcn10_set_clock()
mac80211: Fix monitor MTU limit so that A-MSDUs get through
ARM: tegra: acer-a500: Remove bogus USB VBUS regulators
ARM: tegra: tamonten: Fix UART pad setting
arm64: tegra: Fix compatible string for Tegra132 CPUs
arm64: dts: ls1046a: fix eeprom entries
nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
nvme: code command_id with a genctr for use-after-free validation
Bluetooth: Fix handling of LE Enhanced Connection Complete
opp: Don't print an error if required-opps is missing
serial: sh-sci: fix break handling for sysrq
iomap: pass writeback errors to the mapping
tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD
rpc: fix gss_svc_init cleanup on failure
selftests/bpf: Fix flaky send_signal test
hwmon: (pmbus/ibm-cffps) Fix write bits for LED control
staging: rts5208: Fix get_ms_information() heap buffer size
net: Fix offloading indirect devices dependency on qdisc order creation
kselftest/arm64: mte: Fix misleading output when skipping tests
kselftest/arm64: pac: Fix skipping of tests on systems without PAC
gfs2: Don't call dlm after protocol is unmounted
usb: chipidea: host: fix port index underflow and UBSAN complains
lockd: lockd server-side shouldn't set fl_ops
drm/exynos: Always initialize mapping in exynos_drm_register_dma()
rtl8xxxu: Fix the handling of TX A-MPDU aggregation
rtw88: use read_poll_timeout instead of fixed sleep
rtw88: wow: build wow function only if CONFIG_PM is on
rtw88: wow: fix size access error of probe request
octeontx2-pf: Fix NIX1_RX interface backpressure
m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch
btrfs: tree-log: check btrfs_lookup_data_extent return value
soundwire: intel: fix potential race condition during power down
ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
ASoC: Intel: Skylake: Fix passing loadable flag for module
of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS
mmc: sdhci-of-arasan: Modified SD default speed to 19MHz for ZynqMP
mmc: sdhci-of-arasan: Check return value of non-void funtions
mmc: rtsx_pci: Fix long reads when clock is prescaled
selftests/bpf: Enlarge select() timeout for test_maps
mmc: core: Return correct emmc response in case of ioctl error
cifs: fix wrong release in sess_alloc_buffer() failed path
Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
usb: musb: musb_dsps: request_irq() after initializing musb
usbip: give back URBs for unsent unlink requests during cleanup
usbip:vhci_hcd USB port can get stuck in the disabled state
ASoC: rockchip: i2s: Fix regmap_ops hang
ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
drm/amdkfd: Account for SH/SE count when setting up cu masks.
nfsd: fix crash on LOCKT on reexported NFSv3
iwlwifi: pcie: free RBs during configure
iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
iwlwifi: mvm: avoid static queue number aliasing
iwlwifi: mvm: fix access to BSS elements
iwlwifi: fw: correctly limit to monitor dump
iwlwifi: mvm: Fix scan channel flags settings
net/mlx5: DR, fix a potential use-after-free bug
net/mlx5: DR, Enable QP retransmission
parport: remove non-zero check on count
selftests/bpf: Fix potential unreleased lock
wcn36xx: Fix missing frame timestamp for beacon/probe-resp
ath9k: fix OOB read ar9300_eeprom_restore_internal
ath9k: fix sleeping in atomic context
net: fix NULL pointer reference in cipso_v4_doi_free
fix array-index-out-of-bounds in taprio_change
net: w5100: check return value after calling platform_get_resource()
net: hns3: clean up a type mismatch warning
fs/io_uring Don't use the return value from import_iovec().
io_uring: remove duplicated io_size from rw
parisc: fix crash with signals and alloca
ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup()
scsi: BusLogic: Fix missing pr_cont() use
scsi: qla2xxx: Changes to support kdump kernel
scsi: qla2xxx: Sync queue idx with queue_pair_map idx
cpufreq: powernv: Fix init_chip_info initialization in numa=off
s390/pv: fix the forcing of the swiotlb
hugetlb: fix hugetlb cgroup refcounting during vma split
mm/hmm: bypass devmap pte when all pfn requested flags are fulfilled
mm/hugetlb: initialize hugetlb_usage in mm_init
mm,vmscan: fix divide by zero in get_scan_count
memcg: enable accounting for pids in nested pid namespaces
libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind
platform/chrome: cros_ec_proto: Send command again when timeout occurs
lib/test_stackinit: Fix static initializer test
net: dsa: lantiq_gswip: fix maximum frame length
drm/mgag200: Select clock in PLL update functions
drm/msi/mdp4: populate priv->kms in mdp4_kms_init
drm/dp_mst: Fix return code on sideband message failure
drm/panfrost: Make sure MMU context lifetime is not bound to panfrost_priv
drm/amdgpu: Fix BUG_ON assert
drm/amd/display: Update number of DCN3 clock states
drm/amd/display: Update bounding box states (v2)
drm/panfrost: Simplify lock_region calculation
drm/panfrost: Use u64 for size in lock_region
drm/panfrost: Clamp lock region to Bifrost minimum
fanotify: limit number of event merge attempts
Linux 5.10.67
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic8df59518265d0cdf724e93e8922cde48fc85ce9
|
||
Sami Tolvanen
|
55e6f8b3c0 |
treewide: Change list_sort to use const pointers
[ Upstream commit 4f0f586bf0c898233d8f316f471a21db2abd522d ] list_sort() internally casts the comparison function passed to it to a different type with constant struct list_head pointers, and uses this pointer to call the functions, which trips indirect call Control-Flow Integrity (CFI) checking. Instead of removing the consts, this change defines the list_cmp_func_t type and changes the comparison function types of all list_sort() callers to use const pointers, thus avoiding type mismatches. Suggested-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Nick Desaulniers <ndesaulniers@google.com> Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210408182843.1754385-10-samitolvanen@google.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Qu Wenruo
|
80af86c122 |
btrfs: prevent __btrfs_dump_space_info() to underflow its free space
commit 0619b7901473c380abc05d45cf9c70bee0707db3 upstream. It's not uncommon where __btrfs_dump_space_info() gets called under over-commit situations. In that case free space would underflow as total allocated space is not enough to handle all the over-committed space. Such underflow values can sometimes cause confusion for users enabled enospc_debug mount option, and takes some seconds for developers to convert the underflow value to signed result. Just output the free space as s64 to avoid such problem. Reported-by: Eli V <eliventer@gmail.com> Link: https://lore.kernel.org/linux-btrfs/CAJtFHUSy4zgyhf-4d9T+KdJp9w=UgzC2A0V=VtmaeEpcGgm1-Q@mail.gmail.com/ CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Anand Jain <anand.jain@oracle.com> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Anand Jain
|
aa1af89a66 |
btrfs: fix lockdep warning while mounting sprout fs
[ Upstream commit c124706900c20dee70f921bb3a90492431561a0a ] Following test case reproduces lockdep warning. Test case: $ mkfs.btrfs -f <dev1> $ btrfstune -S 1 <dev1> $ mount <dev1> <mnt> $ btrfs device add <dev2> <mnt> -f $ umount <mnt> $ mount <dev2> <mnt> $ umount <mnt> The warning claims a possible ABBA deadlock between the threads initiated by [#1] btrfs device add and [#0] the mount. [ 540.743122] WARNING: possible circular locking dependency detected [ 540.743129] 5.11.0-rc7+ #5 Not tainted [ 540.743135] ------------------------------------------------------ [ 540.743142] mount/2515 is trying to acquire lock: [ 540.743149] ffffa0c5544c2ce0 (&fs_devs->device_list_mutex){+.+.}-{4:4}, at: clone_fs_devices+0x6d/0x210 [btrfs] [ 540.743458] but task is already holding lock: [ 540.743461] ffffa0c54a7932b8 (btrfs-chunk-00){++++}-{4:4}, at: __btrfs_tree_read_lock+0x32/0x200 [btrfs] [ 540.743541] which lock already depends on the new lock. [ 540.743543] the existing dependency chain (in reverse order) is: [ 540.743546] -> #1 (btrfs-chunk-00){++++}-{4:4}: [ 540.743566] down_read_nested+0x48/0x2b0 [ 540.743585] __btrfs_tree_read_lock+0x32/0x200 [btrfs] [ 540.743650] btrfs_read_lock_root_node+0x70/0x200 [btrfs] [ 540.743733] btrfs_search_slot+0x6c6/0xe00 [btrfs] [ 540.743785] btrfs_update_device+0x83/0x260 [btrfs] [ 540.743849] btrfs_finish_chunk_alloc+0x13f/0x660 [btrfs] <--- device_list_mutex [ 540.743911] btrfs_create_pending_block_groups+0x18d/0x3f0 [btrfs] [ 540.743982] btrfs_commit_transaction+0x86/0x1260 [btrfs] [ 540.744037] btrfs_init_new_device+0x1600/0x1dd0 [btrfs] [ 540.744101] btrfs_ioctl+0x1c77/0x24c0 [btrfs] [ 540.744166] __x64_sys_ioctl+0xe4/0x140 [ 540.744170] do_syscall_64+0x4b/0x80 [ 540.744174] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.744180] -> #0 (&fs_devs->device_list_mutex){+.+.}-{4:4}: [ 540.744184] __lock_acquire+0x155f/0x2360 [ 540.744188] lock_acquire+0x10b/0x5c0 [ 540.744190] __mutex_lock+0xb1/0xf80 [ 540.744193] mutex_lock_nested+0x27/0x30 [ 540.744196] clone_fs_devices+0x6d/0x210 [btrfs] [ 540.744270] btrfs_read_chunk_tree+0x3c7/0xbb0 [btrfs] [ 540.744336] open_ctree+0xf6e/0x2074 [btrfs] [ 540.744406] btrfs_mount_root.cold.72+0x16/0x127 [btrfs] [ 540.744472] legacy_get_tree+0x38/0x90 [ 540.744475] vfs_get_tree+0x30/0x140 [ 540.744478] fc_mount+0x16/0x60 [ 540.744482] vfs_kern_mount+0x91/0x100 [ 540.744484] btrfs_mount+0x1e6/0x670 [btrfs] [ 540.744536] legacy_get_tree+0x38/0x90 [ 540.744537] vfs_get_tree+0x30/0x140 [ 540.744539] path_mount+0x8d8/0x1070 [ 540.744541] do_mount+0x8d/0xc0 [ 540.744543] __x64_sys_mount+0x125/0x160 [ 540.744545] do_syscall_64+0x4b/0x80 [ 540.744547] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.744551] other info that might help us debug this: [ 540.744552] Possible unsafe locking scenario: [ 540.744553] CPU0 CPU1 [ 540.744554] ---- ---- [ 540.744555] lock(btrfs-chunk-00); [ 540.744557] lock(&fs_devs->device_list_mutex); [ 540.744560] lock(btrfs-chunk-00); [ 540.744562] lock(&fs_devs->device_list_mutex); [ 540.744564] *** DEADLOCK *** [ 540.744565] 3 locks held by mount/2515: [ 540.744567] #0: ffffa0c56bf7a0e0 (&type->s_umount_key#42/1){+.+.}-{4:4}, at: alloc_super.isra.16+0xdf/0x450 [ 540.744574] #1: ffffffffc05a9628 (uuid_mutex){+.+.}-{4:4}, at: btrfs_read_chunk_tree+0x63/0xbb0 [btrfs] [ 540.744640] #2: ffffa0c54a7932b8 (btrfs-chunk-00){++++}-{4:4}, at: __btrfs_tree_read_lock+0x32/0x200 [btrfs] [ 540.744708] stack backtrace: [ 540.744712] CPU: 2 PID: 2515 Comm: mount Not tainted 5.11.0-rc7+ #5 But the device_list_mutex in clone_fs_devices() is redundant, as explained below. Two threads [1] and [2] (below) could lead to clone_fs_device(). [1] open_ctree <== mount sprout fs btrfs_read_chunk_tree() mutex_lock(&uuid_mutex) <== global lock read_one_dev() open_seed_devices() clone_fs_devices() <== seed fs_devices mutex_lock(&orig->device_list_mutex) <== seed fs_devices [2] btrfs_init_new_device() <== sprouting mutex_lock(&uuid_mutex); <== global lock btrfs_prepare_sprout() lockdep_assert_held(&uuid_mutex) clone_fs_devices(seed_fs_device) <== seed fs_devices Both of these threads hold uuid_mutex which is sufficient to protect getting the seed device(s) freed while we are trying to clone it for sprouting [2] or mounting a sprout [1] (as above). A mounted seed device can not free/write/replace because it is read-only. An unmounted seed device can be freed by btrfs_free_stale_devices(), but it needs uuid_mutex. So this patch removes the unnecessary device_list_mutex in clone_fs_devices(). And adds a lockdep_assert_held(&uuid_mutex) in clone_fs_devices(). Reported-by: Su Yue <l@damenly.su> Tested-by: Su Yue <l@damenly.su> Signed-off-by: Anand Jain <anand.jain@oracle.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Josef Bacik
|
c43803c1aa |
btrfs: update the bdev time directly when closing
[ Upstream commit 8f96a5bfa1503e0a5f3c78d51e993a1794d4aff1 ] We update the ctime/mtime of a block device when we remove it so that blkid knows the device changed. However we do this by re-opening the block device and calling filp_update_time. This is more correct because it'll call the inode->i_op->update_time if it exists, but the block dev inodes do not do this. Instead call generic_update_time() on the bd_inode in order to avoid the blkdev_open path and get rid of the following lockdep splat: ====================================================== WARNING: possible circular locking dependency detected 5.14.0-rc2+ #406 Not tainted ------------------------------------------------------ losetup/11596 is trying to acquire lock: ffff939640d2f538 ((wq_completion)loop0){+.+.}-{0:0}, at: flush_workqueue+0x67/0x5e0 but task is already holding lock: ffff939655510c68 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0x41/0x660 [loop] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (&lo->lo_mutex){+.+.}-{3:3}: __mutex_lock+0x7d/0x750 lo_open+0x28/0x60 [loop] blkdev_get_whole+0x25/0xf0 blkdev_get_by_dev.part.0+0x168/0x3c0 blkdev_open+0xd2/0xe0 do_dentry_open+0x161/0x390 path_openat+0x3cc/0xa20 do_filp_open+0x96/0x120 do_sys_openat2+0x7b/0x130 __x64_sys_openat+0x46/0x70 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #3 (&disk->open_mutex){+.+.}-{3:3}: __mutex_lock+0x7d/0x750 blkdev_get_by_dev.part.0+0x56/0x3c0 blkdev_open+0xd2/0xe0 do_dentry_open+0x161/0x390 path_openat+0x3cc/0xa20 do_filp_open+0x96/0x120 file_open_name+0xc7/0x170 filp_open+0x2c/0x50 btrfs_scratch_superblocks.part.0+0x10f/0x170 btrfs_rm_device.cold+0xe8/0xed btrfs_ioctl+0x2a31/0x2e70 __x64_sys_ioctl+0x80/0xb0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #2 (sb_writers#12){.+.+}-{0:0}: lo_write_bvec+0xc2/0x240 [loop] loop_process_work+0x238/0xd00 [loop] process_one_work+0x26b/0x560 worker_thread+0x55/0x3c0 kthread+0x140/0x160 ret_from_fork+0x1f/0x30 -> #1 ((work_completion)(&lo->rootcg_work)){+.+.}-{0:0}: process_one_work+0x245/0x560 worker_thread+0x55/0x3c0 kthread+0x140/0x160 ret_from_fork+0x1f/0x30 -> #0 ((wq_completion)loop0){+.+.}-{0:0}: __lock_acquire+0x10ea/0x1d90 lock_acquire+0xb5/0x2b0 flush_workqueue+0x91/0x5e0 drain_workqueue+0xa0/0x110 destroy_workqueue+0x36/0x250 __loop_clr_fd+0x9a/0x660 [loop] block_ioctl+0x3f/0x50 __x64_sys_ioctl+0x80/0xb0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae other info that might help us debug this: Chain exists of: (wq_completion)loop0 --> &disk->open_mutex --> &lo->lo_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&lo->lo_mutex); lock(&disk->open_mutex); lock(&lo->lo_mutex); lock((wq_completion)loop0); *** DEADLOCK *** 1 lock held by losetup/11596: #0: ffff939655510c68 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0x41/0x660 [loop] stack backtrace: CPU: 1 PID: 11596 Comm: losetup Not tainted 5.14.0-rc2+ #406 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 Call Trace: dump_stack_lvl+0x57/0x72 check_noncircular+0xcf/0xf0 ? stack_trace_save+0x3b/0x50 __lock_acquire+0x10ea/0x1d90 lock_acquire+0xb5/0x2b0 ? flush_workqueue+0x67/0x5e0 ? lockdep_init_map_type+0x47/0x220 flush_workqueue+0x91/0x5e0 ? flush_workqueue+0x67/0x5e0 ? verify_cpu+0xf0/0x100 drain_workqueue+0xa0/0x110 destroy_workqueue+0x36/0x250 __loop_clr_fd+0x9a/0x660 [loop] ? blkdev_ioctl+0x8d/0x2a0 block_ioctl+0x3f/0x50 __x64_sys_ioctl+0x80/0xb0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Reviewed-by: Anand Jain <anand.jain@oracle.com> Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Anand Jain
|
88f3d951e2 |
btrfs: fix upper limit for max_inline for page size 64K
commit 6f93e834fa7c5faa0372e46828b4b2a966ac61d7 upstream. The mount option max_inline ranges from 0 to the sectorsize (which is now equal to page size). But we parse the mount options too early and before the actual sectorsize is read from the superblock. So the upper limit of max_inline is unaware of the actual sectorsize and is limited by the temporary sectorsize 4096, even on a system where the default sectorsize is 64K. Fix this by reading the superblock sectorsize before the mount option parse. Reported-by: Alexander Tsvetkov <alexander.tsvetkov@oracle.com> CC: stable@vger.kernel.org # 5.4+ Signed-off-by: Anand Jain <anand.jain@oracle.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Anand Jain <anand.jain@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Marcos Paulo de Souza
|
b225eeaf3a |
btrfs: tree-log: check btrfs_lookup_data_extent return value
[ Upstream commit 3736127a3aa805602b7a2ad60ec9cfce68065fbb ] Function btrfs_lookup_data_extent calls btrfs_search_slot to verify if the EXTENT_ITEM exists in the extent tree. btrfs_search_slot can return values bellow zero if an error happened. Function replay_one_extent currently checks if the search found something (0 returned) and increments the reference, and if not, it seems to evaluate as 'not found'. Fix the condition by checking if the value was bellow zero and return early. Reviewed-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Desmond Cheong Zhi Xi
|
c1b249e02a |
btrfs: reset replace target device to allocation state on close
commit 0d977e0eba234e01a60bdde27314dc21374201b3 upstream. This crash was observed with a failed assertion on device close: BTRFS: Transaction aborted (error -28) WARNING: CPU: 1 PID: 3902 at fs/btrfs/extent-tree.c:2150 btrfs_run_delayed_refs+0x1d2/0x1e0 [btrfs] Modules linked in: btrfs blake2b_generic libcrc32c crc32c_intel xor zstd_decompress zstd_compress xxhash lzo_compress lzo_decompress raid6_pq loop CPU: 1 PID: 3902 Comm: kworker/u8:4 Not tainted 5.14.0-rc5-default+ #1532 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014 Workqueue: events_unbound btrfs_async_reclaim_metadata_space [btrfs] RIP: 0010:btrfs_run_delayed_refs+0x1d2/0x1e0 [btrfs] RSP: 0018:ffffb7a5452d7d80 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffffffffabee13c4 RDI: 00000000ffffffff RBP: ffff97834176a378 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000001 R12: ffff97835195d388 R13: 0000000005b08000 R14: ffff978385484000 R15: 000000000000016c FS: 0000000000000000(0000) GS:ffff9783bd800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000056190d003fe8 CR3: 000000002a81e005 CR4: 0000000000170ea0 Call Trace: flush_space+0x197/0x2f0 [btrfs] btrfs_async_reclaim_metadata_space+0x139/0x300 [btrfs] process_one_work+0x262/0x5e0 worker_thread+0x4c/0x320 ? process_one_work+0x5e0/0x5e0 kthread+0x144/0x170 ? set_kthread_struct+0x40/0x40 ret_from_fork+0x1f/0x30 irq event stamp: 19334989 hardirqs last enabled at (19334997): [<ffffffffab0e0c87>] console_unlock+0x2b7/0x400 hardirqs last disabled at (19335006): [<ffffffffab0e0d0d>] console_unlock+0x33d/0x400 softirqs last enabled at (19334900): [<ffffffffaba0030d>] __do_softirq+0x30d/0x574 softirqs last disabled at (19334893): [<ffffffffab0721ec>] irq_exit_rcu+0x12c/0x140 ---[ end trace 45939e308e0dd3c7 ]--- BTRFS: error (device vdd) in btrfs_run_delayed_refs:2150: errno=-28 No space left BTRFS info (device vdd): forced readonly BTRFS warning (device vdd): failed setting block group ro: -30 BTRFS info (device vdd): suspending dev_replace for unmount assertion failed: !test_bit(BTRFS_DEV_STATE_REPLACE_TGT, &device->dev_state), in fs/btrfs/volumes.c:1150 ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.h:3431! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 1 PID: 3982 Comm: umount Tainted: G W 5.14.0-rc5-default+ #1532 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014 RIP: 0010:assertfail.constprop.0+0x18/0x1a [btrfs] RSP: 0018:ffffb7a5454c7db8 EFLAGS: 00010246 RAX: 0000000000000068 RBX: ffff978364b91c00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffabee13c4 RDI: 00000000ffffffff RBP: ffff9783523a4c00 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000001 R12: ffff9783523a4d18 R13: 0000000000000000 R14: 0000000000000004 R15: 0000000000000003 FS: 00007f61c8f42800(0000) GS:ffff9783bd800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000056190cffa810 CR3: 0000000030b96002 CR4: 0000000000170ea0 Call Trace: btrfs_close_one_device.cold+0x11/0x55 [btrfs] close_fs_devices+0x44/0xb0 [btrfs] btrfs_close_devices+0x48/0x160 [btrfs] generic_shutdown_super+0x69/0x100 kill_anon_super+0x14/0x30 btrfs_kill_super+0x12/0x20 [btrfs] deactivate_locked_super+0x2c/0xa0 cleanup_mnt+0x144/0x1b0 task_work_run+0x59/0xa0 exit_to_user_mode_loop+0xe7/0xf0 exit_to_user_mode_prepare+0xaf/0xf0 syscall_exit_to_user_mode+0x19/0x50 do_syscall_64+0x4a/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae This happens when close_ctree is called while a dev_replace hasn't completed. In close_ctree, we suspend the dev_replace, but keep the replace target around so that we can resume the dev_replace procedure when we mount the root again. This is the call trace: close_ctree(): btrfs_dev_replace_suspend_for_unmount(); btrfs_close_devices(): btrfs_close_fs_devices(): btrfs_close_one_device(): ASSERT(!test_bit(BTRFS_DEV_STATE_REPLACE_TGT, &device->dev_state)); However, since the replace target sticks around, there is a device with BTRFS_DEV_STATE_REPLACE_TGT set on close, and we fail the assertion in btrfs_close_one_device. To fix this, if we come across the replace target device when closing, we should properly reset it back to allocation state. This fix also ensures that if a non-target device has a corrupted state and has the BTRFS_DEV_STATE_REPLACE_TGT bit set, the assertion will still catch the error. Reported-by: David Sterba <dsterba@suse.com> Fixes: b2a616676839 ("btrfs: fix rw device counting in __btrfs_free_extra_devids") CC: stable@vger.kernel.org # 4.19+ Reviewed-by: Anand Jain <anand.jain@oracle.com> Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Josef Bacik
|
0901af53da |
btrfs: wake up async_delalloc_pages waiters after submit
commit ac98141d140444fe93e26471d3074c603b70e2ca upstream. We use the async_delalloc_pages mechanism to make sure that we've completed our async work before trying to continue our delalloc flushing. The reason for this is we need to see any ordered extents that were created by our delalloc flushing. However we're waking up before we do the submit work, which is before we create the ordered extents. This is a pretty wide race window where we could potentially think there are no ordered extents and thus exit shrink_delalloc prematurely. Fix this by waking us up after we've done the work to create ordered extents. CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Nikolay Borisov <nborisov@suse.com> Signed-off-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
674d2ac211 |
This is the 5.10.62 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmEx2IsACgkQONu9yGCS aT6bihAA1pqL2x40IIk7nmu3XW/lNJxt4WLRjT7kGehDYE5gNz5VTQDaccb/+PiM 18XjLN0RcSkhiai8410A/SNoHBvPSMWrNvf093NpFcGm0WcvsZVyNUfRgdXfs1N8 FM1DAgA5eVowL+CthZyJIIRX6VllLAg1b3Z61frNO/t1nOUsS26enoxMSeaziqjz BuvajftaRGtJBMA3iNB1iKR3EEHRqfuWMT4swfQGDshdHlzXbdDOs0KV4bTYRo+f 76n1bvftiMH4vRONIR3T+ZeJWeaL6IfW01v7qYx+06hBa6TtkwDc+Ofw5zxWFtj1 7abou5U46gHIp4Ce8ANJzmnvd7iOssFk7+6y8Z7lZgUQCdwHFLP70VX9Jd3bRlsK UIwG0qiIG0jdLgUvjgritDWIcxuSniWIbecLr1xfHIzJAIvVr6bjRNyOz3gXgaa/ h16oHZRhprC3+4baUQPjPiSb54z+y0Xrx8x9ZSvgHe4gQmctjzoKMVr9Fy7NSpQv MVVNi9GvqRI+o+Tu7/N3yxShdXvuRvOOFgeOcyvA7BigrxMb+LvOsPcISFIBva6a 6+vKuRY79TMwEbDJkURnSNqkVyvMuqKhH5OGiKVHkQrp3AkltpDyDuap+6i2oar4 ba20HaVstcSdCfx8iCmiy/l0g16vOyNC8cVVdB4WoX1fU6aiv9Y= =g+cC -----END PGP SIGNATURE----- Merge 5.10.62 into android12-5.10-lts Changes in 5.10.62 net: qrtr: fix another OOB Read in qrtr_endpoint_post bpf: Fix ringbuf helper function compatibility bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper ASoC: rt5682: Adjust headset volume button threshold ASoC: component: Remove misplaced prefix handling in pin control functions ARC: Fix CONFIG_STACKDEPOT netfilter: conntrack: collect all entries in one cycle once: Fix panic when module unload blk-iocost: fix lockdep warning on blkcg->lock ovl: fix uninitialized pointer read in ovl_lookup_real_one() net: mscc: Fix non-GPL export of regmap APIs can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters ceph: correctly handle releasing an embedded cap flush riscv: Ensure the value of FP registers in the core dump file is up to date Revert "btrfs: compression: don't try to compress if we don't have enough pages" drm/amdgpu: Cancel delayed work when GFXOFF is disabled Revert "USB: serial: ch341: fix character loss at high transfer rates" USB: serial: option: add new VID/PID to support Fibocom FG150 usb: renesas-xhci: Prefer firmware loading on unknown ROM state usb: dwc3: gadget: Fix dwc3_calc_trbs_left() usb: dwc3: gadget: Stop EP0 transfers during pullup disable scsi: core: Fix hang of freezing queue between blocking and running device RDMA/bnxt_re: Add missing spin lock initialization IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() ice: do not abort devlink info if board identifier can't be found net: usb: pegasus: fixes of set_register(s) return value evaluation; igc: fix page fault when thunderbolt is unplugged igc: Use num_tx_queues when iterating over tx_ring queue e1000e: Fix the max snoop/no-snoop latency for 10M e1000e: Do not take care about recovery NVM checksum RDMA/efa: Free IRQ vectors on error flow ip_gre: add validation for csum_start xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' net: marvell: fix MVNETA_TX_IN_PRGRS bit number ucounts: Increase ucounts reference counter before the security hook net/sched: ets: fix crash when flipping from 'strict' to 'quantum' ipv6: use siphash in rt6_exception_hash() ipv4: use siphash instead of Jenkins in fnhe_hashfun() cxgb4: dont touch blocked freelist bitmap after free rtnetlink: Return correct error on changing device netns net: hns3: clear hardware resource when loading driver net: hns3: add waiting time before cmdq memory is released net: hns3: fix duplicate node in VLAN list net: hns3: fix get wrong pfc_en when query PFC configuration Revert "mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711" net: stmmac: add mutex lock to protect est parameters net: stmmac: fix kernel panic due to NULL pointer dereference of plat->est drm/i915: Fix syncmap memory leak usb: gadget: u_audio: fix race condition on endpoint stop dt-bindings: sifive-l2-cache: Fix 'select' matching perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32 clk: renesas: rcar-usb2-clock-sel: Fix kernel NULL pointer dereference iwlwifi: pnvm: accept multiple HW-type TLVs opp: remove WARN when no valid OPPs remain cpufreq: blocklist Qualcomm sm8150 in cpufreq-dt-platdev virtio: Improve vq->broken access to avoid any compiler optimization virtio_pci: Support surprise removal of virtio pci device virtio_vdpa: reject invalid vq indices vringh: Use wiov->used to check for read/write desc order tools/virtio: fix build qed: qed ll2 race condition fixes qed: Fix null-pointer dereference in qed_rdma_create_qp() Revert "drm/amd/pm: fix workload mismatch on vega10" drm/amd/pm: change the workload type for some cards blk-mq: don't grab rq's refcount in blk_mq_check_expired() drm: Copy drm_wait_vblank to user before returning drm/nouveau/disp: power down unused DP links during init drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences net/rds: dma_map_sg is entitled to merge entries btrfs: fix race between marking inode needs to be logged and log syncing pipe: avoid unnecessary EPOLLET wakeups under normal loads pipe: do FASYNC notifications for every pipe IO, not just state changes mtd: spinand: Fix incorrect parameters for on-die ECC tipc: call tipc_wait_for_connect only when dlen is not 0 vt_kdsetmode: extend console locking Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS riscv: Fixup wrong ftrace remove cflag riscv: Fixup patch_text panic in ftrace perf env: Fix memory leak of bpf_prog_info_linear member perf symbol-elf: Fix memory leak by freeing sdt_note.args perf record: Fix memory leak in vDSO found using ASAN perf tools: Fix arm64 build error with gcc-11 perf annotate: Fix jump parsing for C++ code. powerpc/perf: Invoke per-CPU variable access with disabled interrupts srcu: Provide internal interface to start a Tree SRCU grace period srcu: Provide polling interfaces for Tree SRCU grace periods srcu: Provide internal interface to start a Tiny SRCU grace period srcu: Make Tiny SRCU use multi-bit grace-period counter srcu: Provide polling interfaces for Tiny SRCU grace periods tracepoint: Use rcu get state and cond sync for static call updates usb: typec: ucsi: acpi: Always decode connector change information usb: typec: ucsi: Work around PPM losing change information usb: typec: ucsi: Clear pending after acking connector change net: dsa: mt7530: fix VLAN traffic leaks again lkdtm: Enable DOUBLE_FAULT on all architectures arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88 btrfs: fix NULL pointer dereference when deleting device by invalid id kthread: Fix PF_KTHREAD vs to_kthread() race Revert "floppy: reintroduce O_NDELAY fix" Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat" net: don't unconditionally copy_from_user a struct ifreq for socket ioctls audit: move put_tree() to avoid trim_trees refcount underflow and UAF bpf: Fix potentially incorrect results with bpf_get_local_storage() Linux 5.10.62 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5a9bf4b2c254ae21a10f838494cae1c3fa016be3 |
||
|
Qu Wenruo
|
c43add24df |
btrfs: fix NULL pointer dereference when deleting device by invalid id
commit e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091 upstream. [BUG] It's easy to trigger NULL pointer dereference, just by removing a non-existing device id: # mkfs.btrfs -f -m single -d single /dev/test/scratch1 \ /dev/test/scratch2 # mount /dev/test/scratch1 /mnt/btrfs # btrfs device remove 3 /mnt/btrfs Then we have the following kernel NULL pointer dereference: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 649 Comm: btrfs Not tainted 5.14.0-rc3-custom+ #35 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:btrfs_rm_device+0x4de/0x6b0 [btrfs] btrfs_ioctl+0x18bb/0x3190 [btrfs] ? lock_is_held_type+0xa5/0x120 ? find_held_lock.constprop.0+0x2b/0x80 ? do_user_addr_fault+0x201/0x6a0 ? lock_release+0xd2/0x2d0 ? __x64_sys_ioctl+0x83/0xb0 __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae [CAUSE] Commit |
||
|
Filipe Manana
|
d845f89d59 |
btrfs: fix race between marking inode needs to be logged and log syncing
commit bc0939fcfab0d7efb2ed12896b1af3d819954a14 upstream.
We have a race between marking that an inode needs to be logged, either
at btrfs_set_inode_last_trans() or at btrfs_page_mkwrite(), and between
btrfs_sync_log(). The following steps describe how the race happens.
1) We are at transaction N;
2) Inode I was previously fsynced in the current transaction so it has:
inode->logged_trans set to N;
3) The inode's root currently has:
root->log_transid set to 1
root->last_log_commit set to 0
Which means only one log transaction was committed to far, log
transaction 0. When a log tree is created we set ->log_transid and
->last_log_commit of its parent root to 0 (at btrfs_add_log_tree());
4) One more range of pages is dirtied in inode I;
5) Some task A starts an fsync against some other inode J (same root), and
so it joins log transaction 1.
Before task A calls btrfs_sync_log()...
6) Task B starts an fsync against inode I, which currently has the full
sync flag set, so it starts delalloc and waits for the ordered extent
to complete before calling btrfs_inode_in_log() at btrfs_sync_file();
7) During ordered extent completion we have btrfs_update_inode() called
against inode I, which in turn calls btrfs_set_inode_last_trans(),
which does the following:
spin_lock(&inode->lock);
inode->last_trans = trans->transaction->transid;
inode->last_sub_trans = inode->root->log_transid;
inode->last_log_commit = inode->root->last_log_commit;
spin_unlock(&inode->lock);
So ->last_trans is set to N and ->last_sub_trans set to 1.
But before setting ->last_log_commit...
8) Task A is at btrfs_sync_log():
- it increments root->log_transid to 2
- starts writeback for all log tree extent buffers
- waits for the writeback to complete
- writes the super blocks
- updates root->last_log_commit to 1
It's a lot of slow steps between updating root->log_transid and
root->last_log_commit;
9) The task doing the ordered extent completion, currently at
btrfs_set_inode_last_trans(), then finally runs:
inode->last_log_commit = inode->root->last_log_commit;
spin_unlock(&inode->lock);
Which results in inode->last_log_commit being set to 1.
The ordered extent completes;
10) Task B is resumed, and it calls btrfs_inode_in_log() which returns
true because we have all the following conditions met:
inode->logged_trans == N which matches fs_info->generation &&
inode->last_subtrans (1) <= inode->last_log_commit (1) &&
inode->last_subtrans (1) <= root->last_log_commit (1) &&
list inode->extent_tree.modified_extents is empty
And as a consequence we return without logging the inode, so the
existing logged version of the inode does not point to the extent
that was written after the previous fsync.
It should be impossible in practice for one task be able to do so much
progress in btrfs_sync_log() while another task is at
btrfs_set_inode_last_trans() right after it reads root->log_transid and
before it reads root->last_log_commit. Even if kernel preemption is enabled
we know the task at btrfs_set_inode_last_trans() can not be preempted
because it is holding the inode's spinlock.
However there is another place where we do the same without holding the
spinlock, which is in the memory mapped write path at:
vm_fault_t btrfs_page_mkwrite(struct vm_fault *vmf)
{
(...)
BTRFS_I(inode)->last_trans = fs_info->generation;
BTRFS_I(inode)->last_sub_trans = BTRFS_I(inode)->root->log_transid;
BTRFS_I(inode)->last_log_commit = BTRFS_I(inode)->root->last_log_commit;
(...)
So with preemption happening after setting ->last_sub_trans and before
setting ->last_log_commit, it is less of a stretch to have another task
do enough progress at btrfs_sync_log() such that the task doing the memory
mapped write ends up with ->last_sub_trans and ->last_log_commit set to
the same value. It is still a big stretch to get there, as the task doing
btrfs_sync_log() has to start writeback, wait for its completion and write
the super blocks.
So fix this in two different ways:
1) For btrfs_set_inode_last_trans(), simply set ->last_log_commit to the
value of ->last_sub_trans minus 1;
2) For btrfs_page_mkwrite() only set the inode's ->last_sub_trans, just
like we do for buffered and direct writes at btrfs_file_write_iter(),
which is all we need to make sure multiple writes and fsyncs to an
inode in the same transaction never result in an fsync missing that
the inode changed and needs to be logged. Turn this into a helper
function and use it both at btrfs_page_mkwrite() and at
btrfs_file_write_iter() - this also fixes the problem that at
btrfs_page_mkwrite() we were setting those fields without the
protection of the inode's spinlock.
This is an extremely unlikely race to happen in practice.
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Qu Wenruo
|
3134292a8e |
Revert "btrfs: compression: don't try to compress if we don't have enough pages"
commit 4e9655763b82a91e4c341835bb504a2b1590f984 upstream.
This reverts commit f2165627319ffd33a6217275e5690b1ab5c45763.
[BUG]
It's no longer possible to create compressed inline extent after commit
f2165627319f ("btrfs: compression: don't try to compress if we don't
have enough pages").
[CAUSE]
For compression code, there are several possible reasons we have a range
that needs to be compressed while it's no more than one page.
- Compressed inline write
The data is always smaller than one sector and the test lacks the
condition to properly recognize a non-inline extent.
- Compressed subpage write
For the incoming subpage compressed write support, we require page
alignment of the delalloc range.
And for 64K page size, we can compress just one page into smaller
sectors.
For those reasons, the requirement for the data to be more than one page
is not correct, and is already causing regression for compressed inline
data writeback. The idea of skipping one page to avoid wasting CPU time
could be revisited in the future.
[FIX]
Fix it by reverting the offending commit.
Reported-by: Zygo Blaxell <ce3g8jdj@umail.furryterror.org>
Link: https://lore.kernel.org/linux-btrfs/afa2742.c084f5d6.17b6b08dffc@tnonline.net
Fixes: f2165627319f ("btrfs: compression: don't try to compress if we don't have enough pages")
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
a6777a7cee |
Linux 5.10.61
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmEnjxwACgkQ3qZv95d3 LNxlaw//VC9rmejl9JwdZQaz3NfhNv2UwamLShlliq2aBmy8d+fGTAMXkCW7UK/M gS27oweL6UV6wT8BKgK8LoKJ7L1rI1KDAePpxMCSZw8Mrd8jre0FMVgkkQz/2mFQ w3aMmVitCX7RIeShoxP/8fmWnGRkugDx7SZ2csoqRP9Txtih7DAamiun2ttTzzra 4dxFRtyzw1LpJBSv/pMJ3/FusPkrbwKzSv2wYIgWmfhIWjPcvmBc0ufJmGUK7Gxo MJGaUWk9RJ3eNSUPUP3pJlKdzeHdOhOQnydiaUA60pWcDoAyQj7qM06af5hVLsCX 0Z9r97bzWOF+LNuEiNIGbodJ74IgFv0VTgjlRdZfeLC+5yLyIo7fXAmAA2Od0fiH 04Ak9+n+FTkl5avUufLrEwHljAAOgcbtJX7W4F/XPW+1P1tZxG9H4ZI+uQN7ZyAB fXGo3O3p5J14fI/m8Zr4mXDIiq34OPxSHLx89YryubriO8kdNv69+tciLn2m5a5W yctpYgVQnRJt44dg5I/aIzCSOW5+FviRY8slAopdXBIAwUZAZZgW9IVGAh2uRiLS tCtbFa3cXUV1JoWsgUdae8BDoOp0dm69yeYrP1f5eVCLe+FHa9P/Z3qxpBLhpPEh QOTI14tg3wu3vwFxAA2rsFmSInkh231ryjgGq788BnoHHad3DnI= =Rtb5 -----END PGP SIGNATURE----- Merge 5.10.61 into android12-5.10-lts Changes in 5.10.61 ath: Use safer key clearing with key cache entries ath9k: Clear key cache explicitly on disabling hardware ath: Export ath_hw_keysetmac() ath: Modify ath_key_delete() to not need full key entry ath9k: Postpone key cache entry deletion for TXQ frames reference it mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards media: zr364xx: propagate errors from zr364xx_start_readpipe() media: zr364xx: fix memory leaks in probe() media: drivers/media/usb: fix memory leak in zr364xx_probe KVM: x86: Factor out x86 instruction emulation with decoding KVM: X86: Fix warning caused by stale emulation context USB: core: Avoid WARNings for 0-length descriptor requests USB: core: Fix incorrect pipe calculation in do_proc_control() dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() spi: spi-mux: Add module info needed for autoloading net: xfrm: Fix end of loop tests for list_for_each_entry ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218 dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available scsi: pm80xx: Fix TMF task completion race condition scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() scsi: core: Avoid printing an error if target_alloc() returns -ENXIO scsi: core: Fix capacity set to zero after offlinining device drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir. qede: fix crash in rmmod qede while automatic debug collection ARM: dts: nomadik: Fix up interrupt controller node names net: usb: pegasus: Check the return value of get_geristers() and friends; net: usb: lan78xx: don't modify phy_device state concurrently drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X drm/amd/display: workaround for hard hang on HPD on native DP Bluetooth: hidp: use correct wait queue when removing ctrl_wait arm64: dts: qcom: c630: fix correct powerdown pin for WSA881x arm64: dts: qcom: msm8992-bullhead: Remove PSCI iommu: Check if group is NULL before remove device cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant dccp: add do-while-0 stubs for dccp_pr_debug macros virtio: Protect vqs list access vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update() bus: ti-sysc: Fix error handling for sysc_check_active_timer() vhost: Fix the calculation in vhost_overflow() vdpa/mlx5: Avoid destroying MR on empty iotlb soc / drm: mediatek: Move DDP component defines into mtk-mmsys.h drm/mediatek: Fix aal size config drm/mediatek: Add AAL output size configuration bpf: Clear zext_dst of dead insns bnxt: don't lock the tx queue from napi poll bnxt: disable napi before canceling DIM bnxt: make sure xmit_more + errors does not miss doorbells bnxt: count Tx drops net: 6pack: fix slab-out-of-bounds in decode_data ptp_pch: Restore dependency on PCI bnxt_en: Disable aRFS if running on 212 firmware bnxt_en: Add missing DMA memory barriers vrf: Reset skb conntrack connection on VRF rcv virtio-net: support XDP when not more queues virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 ixgbe, xsk: clean up the resources in ixgbe_xsk_pool_enable error path sch_cake: fix srchost/dsthost hashing mode net: mdio-mux: Don't ignore memory allocation errors net: mdio-mux: Handle -EPROBE_DEFER correctly ovs: clear skb->tstamp in forwarding path iommu/vt-d: Consolidate duplicate cache invaliation code iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() r8152: fix writing USB_BP2_EN i40e: Fix ATR queue selection iavf: Fix ping is lost after untrusted VF had tried to change MAC Revert "flow_offload: action should not be NULL when it is referenced" mmc: dw_mmc: Fix hang on data CRC error mmc: mmci: stm32: Check when the voltage switch procedure should be done mmc: sdhci-msm: Update the software timeout value for sdhc clk: imx6q: fix uart earlycon unwork clk: qcom: gdsc: Ensure regulator init state matches GDSC state ALSA: hda - fix the 'Capture Switch' value change notifications tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name slimbus: messaging: start transaction ids from 1 instead of zero slimbus: messaging: check for valid transaction id slimbus: ngd: reset dma setup during runtime pm ipack: tpci200: fix many double free issues in tpci200_pci_probe ipack: tpci200: fix memory leak in the tpci200_register ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop mmc: sdhci-iproc: Cap min clock frequency on BCM2711 mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 btrfs: prevent rename2 from exchanging a subvol with a directory from different parents ALSA: hda/via: Apply runtime PM workaround for ASUS B23E s390/pci: fix use after free of zpci_dev PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 ASoC: intel: atom: Fix breakage for PCM buffer address setup mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim fs: warn about impending deprecation of mandatory locks io_uring: fix xa_alloc_cycle() error return value check io_uring: only assign io_uring_enter() SQPOLL error in actual error case Linux 5.10.61 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5b6e2a66b03d1cb01c8310b83dcc2a119c1bd6b3 |
||
NeilBrown
|
67fece6289 |
btrfs: prevent rename2 from exchanging a subvol with a directory from different parents
[ Upstream commit 3f79f6f6247c83f448c8026c3ee16d4636ef8d4f ]
Cross-rename lacks a check when that would prevent exchanging a
directory and subvolume from different parent subvolume. This causes
data inconsistencies and is caught before commit by tree-checker,
turning the filesystem to read-only.
Calling the renameat2 with RENAME_EXCHANGE flags like
renameat2(AT_FDCWD, namesrc, AT_FDCWD, namedest, (1 << 1))
on two paths:
namesrc = dir1/subvol1/dir2
namedest = subvol2/subvol3
will cause key order problem with following write time tree-checker
report:
[1194842.307890] BTRFS critical (device loop1): corrupt leaf: root=5 block=27574272 slot=10 ino=258, invalid previous key objectid, have 257 expect 258
[1194842.322221] BTRFS info (device loop1): leaf 27574272 gen 8 total ptrs 11 free space 15444 owner 5
[1194842.331562] BTRFS info (device loop1): refs 2 lock_owner 0 current 26561
[1194842.338772] item 0 key (256 1 0) itemoff 16123 itemsize 160
[1194842.338793] inode generation 3 size 16 mode 40755
[1194842.338801] item 1 key (256 12 256) itemoff 16111 itemsize 12
[1194842.338809] item 2 key (256 84 2248503653) itemoff 16077 itemsize 34
[1194842.338817] dir oid 258 type 2
[1194842.338823] item 3 key (256 84 2363071922) itemoff 16043 itemsize 34
[1194842.338830] dir oid 257 type 2
[1194842.338836] item 4 key (256 96 2) itemoff 16009 itemsize 34
[1194842.338843] item 5 key (256 96 3) itemoff 15975 itemsize 34
[1194842.338852] item 6 key (257 1 0) itemoff 15815 itemsize 160
[1194842.338863] inode generation 6 size 8 mode 40755
[1194842.338869] item 7 key (257 12 256) itemoff 15801 itemsize 14
[1194842.338876] item 8 key (257 84 2505409169) itemoff 15767 itemsize 34
[1194842.338883] dir oid 256 type 2
[1194842.338888] item 9 key (257 96 2) itemoff 15733 itemsize 34
[1194842.338895] item 10 key (258 12 256) itemoff 15719 itemsize 14
[1194842.339163] BTRFS error (device loop1): block=27574272 write time tree block corruption detected
[1194842.339245] ------------[ cut here ]------------
[1194842.443422] WARNING: CPU: 6 PID: 26561 at fs/btrfs/disk-io.c:449 csum_one_extent_buffer+0xed/0x100 [btrfs]
[1194842.511863] CPU: 6 PID: 26561 Comm: kworker/u17:2 Not tainted 5.14.0-rc3-git+ #793
[1194842.511870] Hardware name: empty empty/S3993, BIOS PAQEX0-3 02/24/2008
[1194842.511876] Workqueue: btrfs-worker-high btrfs_work_helper [btrfs]
[1194842.511976] RIP: 0010:csum_one_extent_buffer+0xed/0x100 [btrfs]
[1194842.512068] RSP: 0018:ffffa2c284d77da0 EFLAGS: 00010282
[1194842.512074] RAX: 0000000000000000 RBX: 0000000000001000 RCX: ffff928867bd9978
[1194842.512078] RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff928867bd9970
[1194842.512081] RBP: ffff92876b958000 R08: 0000000000000001 R09: 00000000000c0003
[1194842.512085] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[1194842.512088] R13: ffff92875f989f98 R14: 0000000000000000 R15: 0000000000000000
[1194842.512092] FS: 0000000000000000(0000) GS:ffff928867a00000(0000) knlGS:0000000000000000
[1194842.512095] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1194842.512099] CR2: 000055f5384da1f0 CR3: 0000000102fe4000 CR4: 00000000000006e0
[1194842.512103] Call Trace:
[1194842.512128] ? run_one_async_free+0x10/0x10 [btrfs]
[1194842.631729] btree_csum_one_bio+0x1ac/0x1d0 [btrfs]
[1194842.631837] run_one_async_start+0x18/0x30 [btrfs]
[1194842.631938] btrfs_work_helper+0xd5/0x1d0 [btrfs]
[1194842.647482] process_one_work+0x262/0x5e0
[1194842.647520] worker_thread+0x4c/0x320
[1194842.655935] ? process_one_work+0x5e0/0x5e0
[1194842.655946] kthread+0x135/0x160
[1194842.655953] ? set_kthread_struct+0x40/0x40
[1194842.655965] ret_from_fork+0x1f/0x30
[1194842.672465] irq event stamp: 1729
[1194842.672469] hardirqs last enabled at (1735): [<ffffffffbd1104f5>] console_trylock_spinning+0x185/0x1a0
[1194842.672477] hardirqs last disabled at (1740): [<ffffffffbd1104cc>] console_trylock_spinning+0x15c/0x1a0
[1194842.672482] softirqs last enabled at (1666): [<ffffffffbdc002e1>] __do_softirq+0x2e1/0x50a
[1194842.672491] softirqs last disabled at (1651): [<ffffffffbd08aab7>] __irq_exit_rcu+0xa7/0xd0
The corrupted data will not be written, and filesystem can be unmounted
and mounted again (all changes since the last commit will be lost).
Add the missing check for new_ino so that all non-subvolumes must reside
under the same parent subvolume. There's an exception allowing to
exchange two subvolumes from any parents as the directory representing a
subvolume is only a logical link and does not have any other structures
related to the parent subvolume, unlike files, directories etc, that
are always in the inode namespace of the parent subvolume.
Fixes:
|
||
|
Greg Kroah-Hartman
|
a15695131a |
This is the 5.10.57 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmEPgjkACgkQONu9yGCS
aT4rgg//V+2igeM1O6aFCZODXLiagKe4k52bWC8N28KfjgDTo8znJSvg9wMlQ1vb
YbUIOFqiTTM3JncZB3V260JRiT+abclyxVXlsXOkUpgZJPaBHGSINm5047Uo/Wwf
/xLDPMmT1Yn/o8VUfRArm1+Q5wGCnb7a++2LAozElOAiCifk4S915940KDKQDs5f
PNewMcAhSsPd8lLg+/AqFfACFFmd0CSsLQoF67Cq0fngOEd/2F0tgQkT40+7KBEM
rd9BSHWFFG3uYE/DnkchmxqY0sJ84hdDdNf1Y3UddIiyXPRLOAenUBeBzbHhAVpb
LelR/F5SX4BW+z2+25dj4kD4fKxwWjdESGiWse1GEijLWXRKLTTbgCfMphQOz/km
5qf7wJ7EAfMXmIwHCtF86wHGr1ax37j9qfGSsi+TucLdqafQVTDuSRRH+0gLXCqX
0ST4kAB/N0EjkAYrYNJSNvKqEFFW7YlWtlk9AO+hHfP52XaeOKzW7z/tgqwiGZOZ
pfJfQyqxLpfIeVGzkANJaMwIdqcwOhge3FWScscBpuoxhIkbcdByvTYCr3s7wSzv
jmqja1ofSXoe/7sGNrmRg6VcgnfBgbaOHWuPKvWw/tQlML6bHBflt2Pq1RkyoAsm
LEF+IuZRfLCV/PoqatzA0PT/W9RDniQ0JEjwooOakDX5C5a91Dw=
=X3WM
-----END PGP SIGNATURE-----
Merge 5.10.57 into android12-5.10-lts
Changes in 5.10.57
drm/i915: Revert "drm/i915/gem: Asynchronous cmdparser"
Revert "drm/i915: Propagate errors on awaiting already signaled fences"
btrfs: fix race causing unnecessary inode logging during link and rename
btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction
regulator: rtmv20: Fix wrong mask for strobe-polarity-high
regulator: rt5033: Fix n_voltages settings for BUCK and LDO
spi: stm32h7: fix full duplex irq handler handling
ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
r8152: Fix potential PM refcount imbalance
qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend
net: Fix zero-copy head len calculation.
ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup
ASoC: ti: j721e-evm: Check for not initialized parent_clk_id
efi/mokvar: Reserve the table only if it is in boot services data
nvme: fix nvme_setup_command metadata trace event
drm/amd/display: Fix comparison error in dcn21 DML
drm/amd/display: Fix max vstartup calculation for modes with borders
ACPI: fix NULL pointer dereference
Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
firmware: arm_scmi: Ensure drivers provide a probe function
firmware: arm_scmi: Add delayed response status check
Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
selftests/bpf: Add a test for ptr_to_map_value on stack for helper access
selftest/bpf: Adjust expected verifier errors
bpf, selftests: Adjust few selftest result_unpriv outcomes
bpf: Update selftests to reflect new error states
bpf, selftests: Adjust few selftest outcomes wrt unreachable code
selftest/bpf: Verifier tests for var-off access
spi: mediatek: Fix fifo transfer
Linux 5.10.57
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic9f65afb3ff8d01e17fa27dff20c3592910280f2
|
||
|
Filipe Manana
|
9e55b9278c |
btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction
[ Upstream commit ecc64fab7d49c678e70bd4c35fe64d2ab3e3d212 ] When checking if we need to log the new name of a renamed inode, we are checking if the inode and its parent inode have been logged before, and if not we don't log the new name. The check however is buggy, as it directly compares the logged_trans field of the inodes versus the ID of the current transaction. The problem is that logged_trans is a transient field, only stored in memory and never persisted in the inode item, so if an inode was logged before, evicted and reloaded, its logged_trans field is set to a value of 0, meaning the check will return false and the new name of the renamed inode is not logged. If the old parent directory was previously fsynced and we deleted the logged directory entries corresponding to the old name, we end up with a log that when replayed will delete the renamed inode. The following example triggers the problem: $ mkfs.btrfs -f /dev/sdc $ mount /dev/sdc /mnt $ mkdir /mnt/A $ mkdir /mnt/B $ echo -n "hello world" > /mnt/A/foo $ sync # Add some new file to A and fsync directory A. $ touch /mnt/A/bar $ xfs_io -c "fsync" /mnt/A # Now trigger inode eviction. We are only interested in triggering # eviction for the inode of directory A. $ echo 2 > /proc/sys/vm/drop_caches # Move foo from directory A to directory B. # This deletes the directory entries for foo in A from the log, and # does not add the new name for foo in directory B to the log, because # logged_trans of A is 0, which is less than the current transaction ID. $ mv /mnt/A/foo /mnt/B/foo # Now make an fsync to anything except A, B or any file inside them, # like for example create a file at the root directory and fsync this # new file. This syncs the log that contains all the changes done by # previous rename operation. $ touch /mnt/baz $ xfs_io -c "fsync" /mnt/baz <power fail> # Mount the filesystem and replay the log. $ mount /dev/sdc /mnt # Check the filesystem content. $ ls -1R /mnt /mnt/: A B baz /mnt/A: bar /mnt/B: $ # File foo is gone, it's neither in A/ nor in B/. Fix this by using the inode_logged() helper at btrfs_log_new_name(), which safely checks if an inode was logged before in the current transaction. A test case for fstests will follow soon. CC: stable@vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Filipe Manana
|
e2419c5709 |
btrfs: fix race causing unnecessary inode logging during link and rename
[ Upstream commit de53d892e5c51dfa0a158e812575a75a6c991f39 ] When we are doing a rename or a link operation for an inode that was logged in the previous transaction and that transaction is still committing, we have a time window where we incorrectly consider that the inode was logged previously in the current transaction and therefore decide to log it to update it in the log. The following steps give an example on how this happens during a link operation: 1) Inode X is logged in transaction 1000, so its logged_trans field is set to 1000; 2) Task A starts to commit transaction 1000; 3) The state of transaction 1000 is changed to TRANS_STATE_UNBLOCKED; 4) Task B starts a link operation for inode X, and as a consequence it starts transaction 1001; 5) Task A is still committing transaction 1000, therefore the value stored at fs_info->last_trans_committed is still 999; 6) Task B calls btrfs_log_new_name(), it reads a value of 999 from fs_info->last_trans_committed and because the logged_trans field of inode X has a value of 1000, the function does not return immediately, instead it proceeds to logging the inode, which should not happen because the inode was logged in the previous transaction (1000) and not in the current one (1001). This is not a functional problem, just wasted time and space logging an inode that does not need to be logged, contributing to higher latency for link and rename operations. So fix this by comparing the inodes' logged_trans field with the generation of the current transaction instead of comparing with the value stored in fs_info->last_trans_committed. This case is often hit when running dbench for a long enough duration, as it does lots of rename operations. This patch belongs to a patch set that is comprised of the following patches: btrfs: fix race causing unnecessary inode logging during link and rename btrfs: fix race that results in logging old extents during a fast fsync btrfs: fix race that causes unnecessary logging of ancestor inodes btrfs: fix race that makes inode logging fallback to transaction commit btrfs: fix race leading to unnecessary transaction commit when logging inode btrfs: do not block inode logging for so long during transaction commit Performance results are mentioned in the change log of the last patch. Signed-off-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
8b444656fa |
This is the 5.10.56 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmEKcCUACgkQONu9yGCS aT7sMw/7BNJDmX9w+p1lgTIJJzSuz8C/eNgbeZgK7CE4DovO+WL9oEm53vqYcDDo j5REnrRhxcBYxwG/GXl1Oniv1wHqw0SplV+5G2NH1RMy23eSFGCw+8G+YOEJnU3P 94hJuEs/43Py7eZV/VtyO2UMdDRnGI6MlNvu18YjnRJcdqIIl2gln1G8wbyySYVb wR1rudvtiEdrmTQr7qGxeIrZNKGwFl0KxEl8j9X/aqxvfe8PRVYKlmtwblf5rybe TElQxz2XGRgk8g2yWQmnNoU6rfFHdZ4lTnCwfpFA1XE6/HBA64/1p22QTJUZvyOU pbQc1MRaoUncGV9UFAMY1j38JFsVar7YHHOcpp9YIJOjoyiAw4aatGDcntdWDCiG X1mCSLs10/xGRPaJJXulp786MH4aTR5qIeoNg8mu3Z3In4ElbBW5xr0wa3N8gs3O lEnK/gT2MHiQ1boa+Qy3W+XZmOjWtL69JgbOyRcOYS6lkHL4DFlGL2Nn5u8qGfL4 hzohJzH36W5SUHDQiYTt1wLNu4iHpAECjxcnk9fCvlcHA5Yu1bqgyQ62i3C9RA6a /aO0B0yraHmvCAboemDsESwylxmpiRB3caqKtzlaZjoiOfPydcBwJM46ZfbzLNPh l+/YKK2tLOXWyRIhEv8183tVeu7mZ02xjsetPtLltZPJqR+SJKE= =8nLw -----END PGP SIGNATURE----- Merge 5.10.56 into android12-5.10-lts Changes in 5.10.56 selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c io_uring: fix null-ptr-deref in io_sq_offload_start() x86/asm: Ensure asm/proto.h can be included stand-alone pipe: make pipe writes always wake up readers btrfs: fix rw device counting in __btrfs_free_extra_devids btrfs: mark compressed range uptodate only if all bio succeed Revert "ACPI: resources: Add checks for ACPI IRQ override" ACPI: DPTF: Fix reading of attributes x86/kvm: fix vcpu-id indexed array sizes KVM: add missing compat KVM_CLEAR_DIRTY_LOG ocfs2: fix zero out valid data ocfs2: issue zeroout to EOF blocks can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between consecutive TP.DT to 750ms can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF can: peak_usb: pcan_usb_handle_bus_evt(): fix reading rxerr/txerr values can: mcba_usb_start(): add missing urb->transfer_dma initialization can: usb_8dev: fix memory leak can: ems_usb: fix memory leak can: esd_usb2: fix memory leak alpha: register early reserved memory in memblock HID: wacom: Re-enable touch by default for Cintiq 24HDT / 27QHDT NIU: fix incorrect error return, missed in previous revert drm/amd/display: ensure dentist display clock update finished in DCN20 drm/amdgpu: Avoid printing of stack contents on firmware load error drm/amdgpu: Fix resource leak on probe error path blk-iocost: fix operation ordering in iocg_wake_fn() nfc: nfcsim: fix use after free during module unload cfg80211: Fix possible memory leak in function cfg80211_bss_update RDMA/bnxt_re: Fix stats counters bpf: Fix OOB read when printing XDP link fdinfo mac80211: fix enabling 4-address mode on a sta vif after assoc netfilter: conntrack: adjust stop timestamp to real expiry value netfilter: nft_nat: allow to specify layer 4 protocol NAT only i40e: Fix logic of disabling queues i40e: Fix firmware LLDP agent related warning i40e: Fix queue-to-TC mapping on Tx i40e: Fix log TC creation failure when max num of queues is exceeded tipc: fix implicit-connect for SYN+ tipc: fix sleeping in tipc accept routine net: Set true network header for ECN decapsulation net: qrtr: fix memory leaks ionic: remove intr coalesce update from napi ionic: fix up dim accounting for tx and rx ionic: count csum_none when offload enabled tipc: do not write skb_shinfo frags when doing decrytion octeontx2-pf: Fix interface down flag on error mlx4: Fix missing error code in mlx4_load_one() KVM: x86: Check the right feature bit for MSR_KVM_ASYNC_PF_ACK access net: llc: fix skb_over_panic drm/msm/dpu: Fix sm8250_mdp register length drm/msm/dp: Initialize the INTF_CONFIG register skmsg: Make sk_psock_destroy() static net/mlx5: Fix flow table chaining net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() sctp: fix return value check in __sctp_rcv_asconf_lookup tulip: windbond-840: Fix missing pci_disable_device() in probe and remove sis900: Fix missing pci_disable_device() in probe and remove can: hi311x: fix a signedness bug in hi3110_cmd() bpf: Introduce BPF nospec instruction for mitigating Spectre v4 bpf: Fix leakage due to insufficient speculative store bypass mitigation bpf: Remove superfluous aux sanitation on subprog rejection bpf: verifier: Allocate idmap scratch in verifier env bpf: Fix pointer arithmetic mask tightening under state pruning SMB3: fix readpage for large swap cache powerpc/pseries: Fix regression while building external modules Revert "perf map: Fix dso->nsinfo refcounting" i40e: Add additional info to PHY type error can: j1939: j1939_session_deactivate(): clarify lifetime of session object Linux 5.10.56 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib3c9244afb7ee5d6ee8d3235efe8956898f486c4 |
||
Goldwyn Rodrigues
|
0a421a2fc5 |
btrfs: mark compressed range uptodate only if all bio succeed
commit 240246f6b913b0c23733cfd2def1d283f8cc9bbe upstream. In compression write endio sequence, the range which the compressed_bio writes is marked as uptodate if the last bio of the compressed (sub)bios is completed successfully. There could be previous bio which may have failed which is recorded in cb->errors. Set the writeback range as uptodate only if cb->errors is zero, as opposed to checking only the last bio's status. Backporting notes: in all versions up to 4.4 the last argument is always replaced by "!cb->errors". CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |