There are regression reports of soft-reset issue due to the recent changes.
Revert them as they are incomplete/incorrect fix [*].
[*] https://lore.kernel.org/linux-usb/ZW8sJoTEKVmDdk5Y@xhacker/
Thinh Nguyen (2):
Revert "usb: dwc3: Soft reset phy on probe for host"
Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only"
drivers/usb/dwc3/core.c | 39 +--------------------------------------
1 file changed, 1 insertion(+), 38 deletions(-)
base-commit: ab241a0ab5abd70036c3d959146e534a02447d17
--
2.28.0
From: Huang Ying <ying.huang(a)intel.com>
The decoder_populate_targets() helper walks all of the targets in a port
and makes sure they can be looked up in @target_map. Where @target_map
is a lookup table from target position to target id (corresponding to a
cxl_dport instance). However @target_map is only responsible for
conveying the active dport instances as conveyed by interleave_ways.
When nr_targets > interleave_ways it results in
decoder_populate_targets() walking off the end of the valid entries in
@target_map. Given target_map is initialized to 0 it results in the
dport lookup failing if position 0 is not mapped to a dport with an id
of 0:
cxl_port port3: Failed to populate active decoder targets
cxl_port port3: Failed to add decoder
cxl_port port3: Failed to add decoder3.0
cxl_bus_probe: cxl_port port3: probe: -6
This bug also highlights that when the decoder's ->targets[] array is
written in cxl_port_setup_targets() it is missing a hold of the
targets_lock to synchronize against sysfs readers of the target list. A
fix for that is saved for a later patch.
Fixes: a5c258021689 ("cxl/bus: Populate the target list at decoder create")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: "Huang, Ying" <ying.huang(a)intel.com>
[djbw: rewrite the changelog, find the Fixes: tag]
Co-developed-by: Dan Williams <dan.j.williams(a)intel.com>
Signed-off-by: Dan Williams <dan.j.williams(a)intel.com>
---
drivers/cxl/core/port.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cxl/core/port.c b/drivers/cxl/core/port.c
index b7c93bb18f6e..57495cdc181f 100644
--- a/drivers/cxl/core/port.c
+++ b/drivers/cxl/core/port.c
@@ -1644,7 +1644,7 @@ static int decoder_populate_targets(struct cxl_switch_decoder *cxlsd,
return -EINVAL;
write_seqlock(&cxlsd->target_lock);
- for (i = 0; i < cxlsd->nr_targets; i++) {
+ for (i = 0; i < cxlsd->cxld.interleave_ways; i++) {
struct cxl_dport *dport = find_dport(port, target_map[i]);
if (!dport) {
In sniff_min_interval_set():
if (val == 0 || val % 2 || val > hdev->sniff_max_interval)
return -EINVAL;
hci_dev_lock(hdev);
hdev->sniff_min_interval = val;
hci_dev_unlock(hdev);
In sniff_max_interval_set():
if (val == 0 || val % 2 || val < hdev->sniff_min_interval)
return -EINVAL;
hci_dev_lock(hdev);
hdev->sniff_max_interval = val;
hci_dev_unlock(hdev);
The atomicity violation occurs due to concurrent execution of set_min and
set_max funcs. Consider a scenario where setmin writes a new, valid 'min'
value, and concurrently, setmax writes a value that is greater than the
old 'min' but smaller than the new 'min'. In this case, setmax might check
against the old 'min' value (before acquiring the lock) but write its
value after the 'min' has been updated by setmin. This leads to a
situation where the 'max' value ends up being smaller than the 'min'
value, which is an inconsistency.
This possible bug is found by an experimental static analysis tool
developed by our team, BassCheck[1]. This tool analyzes the locking APIs
to extract function pairs that can be concurrently executed, and then
analyzes the instructions in the paired functions to identify possible
concurrency bugs including data races and atomicity violations. The above
possible bug is reported when our tool analyzes the source code of
Linux 5.17.
To resolve this issue, it is suggested to encompass the validity checks
within the locked sections in both set_min and set_max funcs. The
modification ensures that the validation of 'val' against the
current min/max values is atomic, thus maintaining the integrity of the
settings. With this patch applied, our tool no longer reports the bug,
with the kernel configuration allyesconfig for x86_64. Due to the lack of
associated hardware, we cannot test the patch in runtime testing, and just
verify it according to the code logic.
[1] https://sites.google.com/view/basscheck/
Fixes: 71c3b60ec6d2 ("Bluetooth: Move BR/EDR debugfs file creation ...")
Cc: stable(a)vger.kernel.org
Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com>
---
v2:
* Adjust the format to pass the CI.
---
net/bluetooth/hci_debugfs.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/net/bluetooth/hci_debugfs.c b/net/bluetooth/hci_debugfs.c
index 6b7741f6e95b..f032fdf8f481 100644
--- a/net/bluetooth/hci_debugfs.c
+++ b/net/bluetooth/hci_debugfs.c
@@ -566,11 +566,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(idle_timeout_fops, idle_timeout_get,
static int sniff_min_interval_set(void *data, u64 val)
{
struct hci_dev *hdev = data;
-
- if (val == 0 || val % 2 || val > hdev->sniff_max_interval)
+
+ hci_dev_lock(hdev);
+ if (val == 0 || val % 2 || val > hdev->sniff_max_interval) {
+ hci_dev_unlock(hdev);
return -EINVAL;
+ }
- hci_dev_lock(hdev);
hdev->sniff_min_interval = val;
hci_dev_unlock(hdev);
@@ -594,11 +596,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(sniff_min_interval_fops, sniff_min_interval_get,
static int sniff_max_interval_set(void *data, u64 val)
{
struct hci_dev *hdev = data;
-
- if (val == 0 || val % 2 || val < hdev->sniff_min_interval)
+
+ hci_dev_lock(hdev);
+ if (val == 0 || val % 2 || val < hdev->sniff_min_interval) {
+ hci_dev_unlock(hdev);
return -EINVAL;
+ }
- hci_dev_lock(hdev);
hdev->sniff_max_interval = val;
hci_dev_unlock(hdev);
--
2.34.1
In conn_info_min_age_set():
if (val == 0 || val > hdev->conn_info_max_age)
return -EINVAL;
hci_dev_lock(hdev);
hdev->conn_info_min_age = val;
hci_dev_unlock(hdev);
In conn_info_max_age_set():
if (val == 0 || val < hdev->conn_info_min_age)
return -EINVAL;
hci_dev_lock(hdev);
hdev->conn_info_max_age = val;
hci_dev_unlock(hdev);
The atomicity violation occurs due to concurrent execution of set_min and
set_max funcs.Consider a scenario where setmin writes a new, valid 'min'
value, and concurrently, setmax writes a value that is greater than the
old 'min' but smaller than the new 'min'. In this case, setmax might check
against the old 'min' value (before acquiring the lock) but write its
value after the 'min' has been updated by setmin. This leads to a
situation where the 'max' value ends up being smaller than the 'min'
value, which is an inconsistency.
This possible bug is found by an experimental static analysis tool
developed by our team, BassCheck[1]. This tool analyzes the locking APIs
to extract function pairs that can be concurrently executed, and then
analyzes the instructions in the paired functions to identify possible
concurrency bugs including data races and atomicity violations. The above
possible bug is reported when our tool analyzes the source code of
Linux 5.17.
To resolve this issue, it is suggested to encompass the validity checks
within the locked sections in both set_min and set_max funcs. The
modification ensures that the validation of 'val' against the
current min/max values is atomic, thus maintaining the integrity of the
settings. With this patch applied, our tool no longer reports the bug,
with the kernel configuration allyesconfig for x86_64. Due to the lack of
associated hardware, we cannot test the patch in runtime testing, and just
verify it according to the code logic.
[1] https://sites.google.com/view/basscheck/
Fixes: 40ce72b1951c ("Bluetooth: Move common debugfs file creation ...")
Cc: stable(a)vger.kernel.org
Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com>
---
v2:
* Adjust the format to pass the CI.
---
net/bluetooth/hci_debugfs.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/net/bluetooth/hci_debugfs.c b/net/bluetooth/hci_debugfs.c
index 6b7741f6e95b..d4ce2769c939 100644
--- a/net/bluetooth/hci_debugfs.c
+++ b/net/bluetooth/hci_debugfs.c
@@ -217,11 +217,13 @@ DEFINE_SHOW_ATTRIBUTE(remote_oob);
static int conn_info_min_age_set(void *data, u64 val)
{
struct hci_dev *hdev = data;
-
- if (val == 0 || val > hdev->conn_info_max_age)
+
+ hci_dev_lock(hdev);
+ if (val == 0 || val > hdev->conn_info_max_age) {
+ hci_dev_unlock(hdev);
return -EINVAL;
+ }
- hci_dev_lock(hdev);
hdev->conn_info_min_age = val;
hci_dev_unlock(hdev);
@@ -245,11 +247,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(conn_info_min_age_fops, conn_info_min_age_get,
static int conn_info_max_age_set(void *data, u64 val)
{
struct hci_dev *hdev = data;
-
- if (val == 0 || val < hdev->conn_info_min_age)
+
+ hci_dev_lock(hdev);
+ if (val == 0 || val < hdev->conn_info_min_age) {
+ hci_dev_unlock(hdev);
return -EINVAL;
+ }
- hci_dev_lock(hdev);
hdev->conn_info_max_age = val;
hci_dev_unlock(hdev);
--
2.34.1
In {conn,adv}_min_interval_set():
if (val < ... || val > ... || val > hdev->le_{conn,adv}_max_interval)
return -EINVAL;
hci_dev_lock(hdev);
hdev->le_{conn,adv}_min_interval = val;
hci_dev_unlock(hdev);
In {conn,adv}_max_interval_set():
if (val < ... || val > ... || val < hdev->le_{conn,adv}_min_interval)
return -EINVAL;
hci_dev_lock(hdev);
hdev->le_{conn,adv}_max_interval
hci_dev_unlock(hdev);
The atomicity violation occurs due to concurrent execution of set_min and
set_max funcs. Consider a scenario where setmin writes a new, valid 'min'
value, and concurrently, setmax writes a value that is greater than the
old 'min' but smaller than the new 'min'. In this case, setmax might check
against the old 'min' value (before acquiring the lock) but write its
value after the 'min' has been updated by setmin. This leads to a
situation where the 'max' value ends up being smaller than the 'min'
value, which is an inconsistency.
This possible bug is found by an experimental static analysis tool
developed by our team, BassCheck[1]. This tool analyzes the locking APIs
to extract function pairs that can be concurrently executed, and then
analyzes the instructions in the paired functions to identify possible
concurrency bugs including data races and atomicity violations. The above
possible bug is reported when our tool analyzes the source code of
Linux 5.17.
To resolve this issue, it is suggested to encompass the validity checks
within the locked sections in both set_min and set_max funcs. The
modification ensures that the validation of 'val' against the
current min/max values is atomic, thus maintaining the integrity of the
settings. With this patch applied, our tool no longer reports the bug,
with the kernel configuration allyesconfig for x86_64. Due to the lack of
associated hardware, we cannot test the patch in runtime testing, and just
verify it according to the code logic.
[1] https://sites.google.com/view/basscheck/
Fixes: 3a5c82b78fd2 ("Bluetooth: Move LE debugfs file creation into ...")
Cc: stable(a)vger.kernel.org
Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com>
---
v2:
* Adjust the format to pass the CI.
---
net/bluetooth/hci_debugfs.c | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/net/bluetooth/hci_debugfs.c b/net/bluetooth/hci_debugfs.c
index 6b7741f6e95b..6fdda807f2cf 100644
--- a/net/bluetooth/hci_debugfs.c
+++ b/net/bluetooth/hci_debugfs.c
@@ -849,11 +849,13 @@ DEFINE_SHOW_ATTRIBUTE(long_term_keys);
static int conn_min_interval_set(void *data, u64 val)
{
struct hci_dev *hdev = data;
-
- if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval)
+
+ hci_dev_lock(hdev);
+ if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval) {
+ hci_dev_unlock(hdev);
return -EINVAL;
+ }
- hci_dev_lock(hdev);
hdev->le_conn_min_interval = val;
hci_dev_unlock(hdev);
@@ -877,11 +879,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(conn_min_interval_fops, conn_min_interval_get,
static int conn_max_interval_set(void *data, u64 val)
{
struct hci_dev *hdev = data;
-
- if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval)
+
+ hci_dev_lock(hdev);
+ if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval) {
+ hci_dev_unlock(hdev);
return -EINVAL;
+ }
- hci_dev_lock(hdev);
hdev->le_conn_max_interval = val;
hci_dev_unlock(hdev);
@@ -989,11 +993,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get,
static int adv_min_interval_set(void *data, u64 val)
{
struct hci_dev *hdev = data;
-
- if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval)
+
+ hci_dev_lock(hdev);
+ if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval) {
+ hci_dev_unlock(hdev);
return -EINVAL;
+ }
- hci_dev_lock(hdev);
hdev->le_adv_min_interval = val;
hci_dev_unlock(hdev);
@@ -1018,10 +1024,12 @@ static int adv_max_interval_set(void *data, u64 val)
{
struct hci_dev *hdev = data;
- if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval)
+ hci_dev_lock(hdev);
+ if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval) {
+ hci_dev_unlock(hdev);
return -EINVAL;
+ }
- hci_dev_lock(hdev);
hdev->le_adv_max_interval = val;
hci_dev_unlock(hdev);
--
2.34.1
This is the start of the stable review cycle for the 5.15.145 release.
There are 159 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 22 Dec 2023 16:08:59 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.145-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.15.145-rc1
Arnd Bergmann <arnd(a)arndb.de>
kasan: disable kasan_non_canonical_hook() for HW tags
Francis Laniel <flaniel(a)linux.microsoft.com>
tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
Amit Pundir <amit.pundir(a)linaro.org>
Revert "drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers"
Amit Pundir <amit.pundir(a)linaro.org>
Revert "drm/bridge: lt9611uxc: Register and attach our DSI device at probe"
Amit Pundir <amit.pundir(a)linaro.org>
Revert "drm/bridge: lt9611uxc: fix the race in the error path"
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: release interim response after sending status pending response
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: move oplock handling after unlock parent dir
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: separately allocate ci per dentry
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix possible deadlock in smb2_open
Zongmin Zhou <zhouzongmin(a)kylinos.cn>
ksmbd: prevent memory leak on error return
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: handle malformed smb1 message
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: no need to wait for binded connection termination at logoff
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: add support for surrogate pair conversion
Kangjing Huang <huangkangjing(a)gmail.com>
ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev()
Marios Makassikis <mmakassikis(a)freebox.fr>
ksmbd: fix recursive locking in vfs helpers
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: reorganize ksmbd_iov_pin_rsp()
Cheng-Han Wu <hank20010209(a)gmail.com>
ksmbd: Remove unused field in ksmbd_user struct
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix potential double free on smb2_read_pipe() error path
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix Null pointer dereferences in ksmbd_update_fstate()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix wrong error response status by using set_smb2_rsp_status()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix race condition between tree conn lookup and disconnect
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix race condition from parallel smb2 lock requests
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix race condition from parallel smb2 logoff requests
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix race condition with fp
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix race condition between session lookup and expire
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: check iov vector index in ksmbd_conn_write()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: return invalid parameter error response if smb2 request is invalid
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix passing freed memory 'aux_payload_buf'
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: remove unneeded mark_inode_dirty in set_info_sec()
Steve French <stfrench(a)microsoft.com>
ksmbd: remove experimental warning
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: add missing calling smb2_set_err_rsp() on error
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
Yang Li <yang.lee(a)linux.alibaba.com>
ksmbd: Fix one kernel-doc comment
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: reduce descriptor size if remaining bytes is less than request size
Atte Heikkilä <atteh.mailbox(a)gmail.com>
ksmbd: fix `force create mode' and `force directory mode'
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix wrong interim response on compound
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: add support for read compound
Yang Yingliang <yangyingliang(a)huawei.com>
ksmbd: switch to use kmemdup_nul() helper
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix out of bounds in init_smb2_rsp_hdr()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: validate session id and tree id in compound request
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: check if a mount point is crossed during path lookup
Wang Ming <machel(a)vivo.com>
ksmbd: Fix unsigned expression compared with zero
Gustavo A. R. Silva <gustavoars(a)kernel.org>
ksmbd: Replace one-element array with flexible-array member
Gustavo A. R. Silva <gustavoars(a)kernel.org>
ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: add missing compound request handing in some commands
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix out of bounds read in smb2_sess_setup
Lu Hongfei <luhongfei(a)vivo.com>
ksmbd: Replace the ternary conditional operator with min()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: use kvzalloc instead of kvmalloc
Lu Hongfei <luhongfei(a)vivo.com>
ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: use kzalloc() instead of __GFP_ZERO
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: remove unused ksmbd_tree_conn_share function
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: add mnt_want_write to ksmbd vfs functions
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: validate smb request protocol id
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix out-of-bound read in parse_lease_state()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix out-of-bound read in deassemble_neg_contexts()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: call putname after using the last component
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix UAF issue from opinfo->conn
Kuan-Ting Chen <h3xrabbit(a)gmail.com>
ksmbd: fix multiple out-of-bounds read during context decoding
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix uninitialized pointer read in smb2_create_link()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix racy issue under cocurrent smb2 tree disconnect
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix racy issue from smb2 close and logoff with multichannel
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: block asynchronous requests when making a delay on session setup
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: destroy expired sessions
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix racy issue from session setup and logoff
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix racy issue from using ->d_parent and ->d_name
Al Viro <viro(a)zeniv.linux.org.uk>
fs: introduce lock_rename_child() helper
David Disseldorp <ddiss(a)suse.de>
ksmbd: remove unused compression negotiate ctx packing
David Disseldorp <ddiss(a)suse.de>
ksmbd: avoid duplicate negotiate ctx offset increments
David Disseldorp <ddiss(a)suse.de>
ksmbd: set NegotiateContextCount once instead of every inc
David Disseldorp <ddiss(a)suse.de>
ksmbd: avoid out of bounds access in decode_preauth_ctxt()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: delete asynchronous work from list
Tom Rix <trix(a)redhat.com>
ksmbd: remove unused is_char_allowed function
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix wrong signingkey creation when encryption is AES256
Hangyu Hua <hbh25y(a)gmail.com>
ksmbd: fix possible memory leak in smb2_lock()
Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com>
ksmbd: Fix parameter name and comment mismatch
Colin Ian King <colin.i.king(a)gmail.com>
ksmbd: Fix spelling mistake "excceed" -> "exceeded"
Steve French <stfrench(a)microsoft.com>
ksmbd: update Kconfig to note Kerberos support and fix indentation
Dawei Li <set_pte_at(a)outlook.com>
ksmbd: Remove duplicated codes
Dawei Li <set_pte_at(a)outlook.com>
ksmbd: fix typo, syncronous->synchronous
Dawei Li <set_pte_at(a)outlook.com>
ksmbd: Implements sess->rpc_handle_list as xarray
Dawei Li <set_pte_at(a)outlook.com>
ksmbd: Implements sess->ksmbd_chann_list as xarray
Marios Makassikis <mmakassikis(a)freebox.fr>
ksmbd: send proper error response in smb2_tree_connect()
ye xingchen <ye.xingchen(a)zte.com.cn>
ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs
Marios Makassikis <mmakassikis(a)freebox.fr>
ksmbd: Fix resource leak in smb2_lock()
Jeff Layton <jlayton(a)kernel.org>
ksmbd: use F_SETLK when unlocking a file
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share
Gustavo A. R. Silva <gustavoars(a)kernel.org>
ksmbd: replace one-element arrays with flexible-array members
Atte Heikkilä <atteh.mailbox(a)gmail.com>
ksmbd: validate share name from share config response
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: call ib_drain_qp when disconnected
Atte Heikkilä <atteh.mailbox(a)gmail.com>
ksmbd: make utf-8 file name comparison work in __caseless_lookup()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: hide socket error message when ipv6 config is disable
Tom Talpey <tom(a)talpey.com>
ksmbd: reduce server smbdirect max send/receive segment sizes
Tom Talpey <tom(a)talpey.com>
ksmbd: decrease the number of SMB3 smbdirect server SGEs
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix encryption failure issue for session logoff response
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: set file permission mode to match Samba server posix extension behavior
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: change security id to the one samba used for posix extension
Atte Heikkilä <atteh.mailbox(a)gmail.com>
ksmbd: casefold utf-8 share names and fix ascii lowercase conversion
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: remove generic_fillattr use in smb2_open()
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: constify struct path
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: don't open-code %pD
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: don't open-code file_path()
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: remove unnecessary generic_fillattr in smb2_open
Atte Heikkilä <atteh.mailbox(a)gmail.com>
ksmbd: request update to stale share config
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: use wait_event instead of schedule_timeout()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: remove unused ksmbd_share_configs_cleanup function
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: remove duplicate flag set in smb2_write
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is already used
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: relax the count of sges required
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: fix connection dropped issue
Yang Li <yang.lee(a)linux.alibaba.com>
ksmbd: Fix some kernel-doc comments
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix wrong smbd max read/write size check
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: handle multiple Buffer descriptors
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: change the return value of get_sg_list
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: simplify tracking pending packets
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: introduce read/write credits for RDMA read/write
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: change prototypes of RDMA read/write related functions
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: validate length in smb2_write()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: remove filename in ksmbd_file
Steve French <stfrench(a)microsoft.com>
smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common
Jakob Koschel <jakobkoschel(a)gmail.com>
ksmbd: replace usage of found with dedicated list iterator variable
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
ksmbd: Remove a redundant zeroing of memory
Steve French <stfrench(a)microsoft.com>
ksmbd: shorten experimental warning on loading the module
Paulo Alcantara (SUSE) <pc(a)cjr.nz>
ksmbd: store fids as opaque u64 integers
Tobias Klauser <tklauser(a)distanz.ch>
ksmbd: use netif_is_bridge_port
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: add support for key exchange
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: validate buffer descriptor structures
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: fix missing client's memory region invalidation
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: add smb-direct shutdown
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: change the default maximum read/write, receive size
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: create MR pool
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: smbd: call rdma_accept() under CM handler
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: set 445 port to smbdirect port by default
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: register ksmbd ib client with ib_register_client()
Yang Li <yang.lee(a)linux.alibaba.com>
ksmbd: Fix smb2_get_name() kernel-doc comment
Yang Li <yang.lee(a)linux.alibaba.com>
ksmbd: Delete an invalid argument description in smb2_populate_readdir_entry()
Yang Li <yang.lee(a)linux.alibaba.com>
ksmbd: Fix smb2_set_info_file() kernel-doc comment
Yang Li <yang.lee(a)linux.alibaba.com>
ksmbd: Fix buffer_check_err() kernel-doc comment
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO
Marios Makassikis <mmakassikis(a)freebox.fr>
ksmbd: Remove unused fields from ksmbd_file struct definition
Marios Makassikis <mmakassikis(a)freebox.fr>
ksmbd: Remove unused parameter from smb2_get_name()
Hyunchul Lee <hyc.lee(a)gmail.com>
ksmbd: use oid registry functions to decode OIDs
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: change LeaseKey data type to u8 array
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: remove smb2_buf_length in smb2_transform_hdr
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: remove smb2_buf_length in smb2_hdr
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: remove md4 leftovers
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
ksmbd: Remove redundant 'flush_workqueue()' calls
Ralph Boehme <slow(a)samba.org>
ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()
Ralph Boehme <slow(a)samba.org>
ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message()
-------------
Diffstat:
Makefile | 4 +-
drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 75 +-
fs/ksmbd/Kconfig | 11 +-
fs/ksmbd/asn1.c | 173 +--
fs/ksmbd/auth.c | 72 +-
fs/ksmbd/auth.h | 3 +-
fs/ksmbd/connection.c | 169 +--
fs/ksmbd/connection.h | 92 +-
fs/ksmbd/ksmbd_netlink.h | 7 +-
fs/ksmbd/ksmbd_work.c | 101 +-
fs/ksmbd/ksmbd_work.h | 40 +-
fs/ksmbd/mgmt/share_config.c | 56 +-
fs/ksmbd/mgmt/share_config.h | 36 +-
fs/ksmbd/mgmt/tree_connect.c | 78 +-
fs/ksmbd/mgmt/tree_connect.h | 15 +-
fs/ksmbd/mgmt/user_config.h | 1 -
fs/ksmbd/mgmt/user_session.c | 180 +--
fs/ksmbd/mgmt/user_session.h | 8 +-
fs/ksmbd/misc.c | 94 +-
fs/ksmbd/misc.h | 6 +-
fs/ksmbd/oplock.c | 256 ++--
fs/ksmbd/oplock.h | 4 -
fs/ksmbd/server.c | 54 +-
fs/ksmbd/smb2misc.c | 4 +-
fs/ksmbd/smb2ops.c | 10 +-
fs/ksmbd/smb2pdu.c | 2047 ++++++++++++++--------------
fs/ksmbd/smb2pdu.h | 83 +-
fs/ksmbd/smb_common.c | 176 ++-
fs/ksmbd/smb_common.h | 20 +-
fs/ksmbd/smbacl.c | 26 +-
fs/ksmbd/smbacl.h | 8 +-
fs/ksmbd/transport_ipc.c | 4 +-
fs/ksmbd/transport_rdma.c | 648 ++++++---
fs/ksmbd/transport_rdma.h | 6 +-
fs/ksmbd/transport_tcp.c | 9 +-
fs/ksmbd/unicode.c | 191 ++-
fs/ksmbd/unicode.h | 3 +-
fs/ksmbd/vfs.c | 677 ++++-----
fs/ksmbd/vfs.h | 56 +-
fs/ksmbd/vfs_cache.c | 72 +-
fs/ksmbd/vfs_cache.h | 26 +-
fs/namei.c | 125 +-
include/linux/kasan.h | 6 +-
include/linux/namei.h | 7 +
kernel/trace/trace_kprobe.c | 74 +
kernel/trace/trace_probe.h | 1 +
mm/kasan/report.c | 4 +-
47 files changed, 3279 insertions(+), 2539 deletions(-)