December 2023 - Linux-stable-mirror

[for-linus][PATCH 2/3] eventfs: Have event files and directories default to parent uid and gid

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Dongliang reported: I found that in the latest version, the nodes of tracefs have been changed to dynamically created. This has caused me to encounter a problem where the gid I specified in the mounting parameters cannot apply to all files, as in the following situation: /data/tmp/events # mount | grep tracefs tracefs on /data/tmp type tracefs (rw,seclabel,relatime,gid=3012) gid 3012 = readtracefs /data/tmp # ls -lh total 0 -r--r----- 1 root readtracefs 0 1970-01-01 08:00 README -r--r----- 1 root readtracefs 0 1970-01-01 08:00 available_events ums9621_1h10:/data/tmp/events # ls -lh total 0 drwxr-xr-x 2 root root 0 2023-12-19 00:56 alarmtimer drwxr-xr-x 2 root root 0 2023-12-19 00:56 asoc It will prevent certain applications from accessing tracefs properly, I try to avoid this issue by making the following modifications. To fix this, have the files created default to taking the ownership of the parent dentry unless the ownership was previously set by the user. Link: https://lore.kernel.org/linux-trace-kernel/1703063706-30539-1-git-send-emai… Link: https://lore.kernel.org/linux-trace-kernel/20231220105017.1489d790@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Hongyu Jin <hongyu.jin(a)unisoc.com> Fixes: 28e12c09f5aa0 ("eventfs: Save ownership and mode") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reported-by: Dongliang Cui <cuidongliang390(a)gmail.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 43e237864a42..2ccc849a5bda 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -148,7 +148,8 @@ static const struct file_operations eventfs_file_operations = { .release = eventfs_release, }; -static void update_inode_attr(struct inode *inode, struct eventfs_attr *attr, umode_t mode) +static void update_inode_attr(struct dentry *dentry, struct inode *inode, + struct eventfs_attr *attr, umode_t mode) { if (!attr) { inode->i_mode = mode; @@ -162,9 +163,13 @@ static void update_inode_attr(struct inode *inode, struct eventfs_attr *attr, um if (attr->mode & EVENTFS_SAVE_UID) inode->i_uid = attr->uid; + else + inode->i_uid = d_inode(dentry->d_parent)->i_uid; if (attr->mode & EVENTFS_SAVE_GID) inode->i_gid = attr->gid; + else + inode->i_gid = d_inode(dentry->d_parent)->i_gid; } /** @@ -206,7 +211,7 @@ static struct dentry *create_file(const char *name, umode_t mode, return eventfs_failed_creating(dentry); /* If the user updated the directory's attributes, use them */ - update_inode_attr(inode, attr, mode); + update_inode_attr(dentry, inode, attr, mode); inode->i_op = &eventfs_file_inode_operations; inode->i_fop = fop; @@ -242,7 +247,8 @@ static struct dentry *create_dir(struct eventfs_inode *ei, struct dentry *parent return eventfs_failed_creating(dentry); /* If the user updated the directory's attributes, use them */ - update_inode_attr(inode, &ei->attr, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); + update_inode_attr(dentry, inode, &ei->attr, + S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); inode->i_op = &eventfs_root_dir_inode_operations; inode->i_fop = &eventfs_file_operations; -- 2.42.0

1 year, 12 months

1
0
0 0

stable-rc/queue/6.1 baseline: 86 runs, 4 regressions (v6.1.68-109-g72c91a6aec84e)

by kernelci.org bot

stable-rc/queue/6.1 baseline: 86 runs, 4 regressions (v6.1.68-109-g72c91a6aec84e) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+-----------+------------ r8a77960-ulcb | arm64 | lab-collabora | gcc-10 | defconfig | 1 r8a779m1-ulcb | arm64 | lab-collabora | gcc-10 | defconfig | 1 sun50i-h6-pine-h64 | arm64 | lab-clabbe | gcc-10 | defconfig | 1 sun50i-h6-pine-h64 | arm64 | lab-collabora | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F6.1/kernel/v6.1.68-1… Test: baseline Tree: stable-rc Branch: queue/6.1 Describe: v6.1.68-109-g72c91a6aec84e URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 72c91a6aec84e00beb4efae0f0c87057a8702425 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+-----------+------------ r8a77960-ulcb | arm64 | lab-collabora | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/65841b53ac4358b64ee134a7 Results: 4 PASS, 2 FAIL, 1 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… HTML log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/65841b53ac4358b64ee134ac failing since 28 days (last pass: v6.1.31-26-gef50524405c2, first fail: v6.1.63-176-gecc0fed1ffa4) 2023-12-21T11:09:52.707914 / # # 2023-12-21T11:09:52.809849 export SHELL=/bin/sh 2023-12-21T11:09:52.810508 # 2023-12-21T11:09:52.911771 / # export SHELL=/bin/sh. /lava-12339173/environment 2023-12-21T11:09:52.912653 2023-12-21T11:09:53.013977 / # . /lava-12339173/environment/lava-12339173/bin/lava-test-runner /lava-12339173/1 2023-12-21T11:09:53.014951 2023-12-21T11:09:53.056792 / # /lava-12339173/bin/lava-test-runner /lava-12339173/1 2023-12-21T11:09:53.080466 + export 'TESTRUN_ID=1_bootrr' 2023-12-21T11:09:53.080982 + cd /lav<8>[ 19.062659] <LAVA_SIGNAL_STARTRUN 1_bootrr 12339173_1.5.2.4.5> ... (28 line(s) more) platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+-----------+------------ r8a779m1-ulcb | arm64 | lab-collabora | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/65841b53f31978d4bfe13491 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… HTML log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/65841b53f31978d4bfe13492 new failure (last pass: v6.1.68-108-g5ec595eb8752d) platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+-----------+------------ sun50i-h6-pine-h64 | arm64 | lab-clabbe | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/65841b219cf275b1efe134a2 Results: 5 PASS, 1 FAIL, 1 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… HTML log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/65841b219cf275b1efe134a7 failing since 28 days (last pass: v6.1.22-372-g971903477e72, first fail: v6.1.63-176-gecc0fed1ffa4) 2023-12-21T11:01:46.371232 <8>[ 18.155576] <LAVA_SIGNAL_ENDRUN 0_dmesg 449286_1.5.2.4.1> 2023-12-21T11:01:46.476281 / # # 2023-12-21T11:01:46.577834 export SHELL=/bin/sh 2023-12-21T11:01:46.578370 # 2023-12-21T11:01:46.679355 / # export SHELL=/bin/sh. /lava-449286/environment 2023-12-21T11:01:46.679923 2023-12-21T11:01:46.780923 / # . /lava-449286/environment/lava-449286/bin/lava-test-runner /lava-449286/1 2023-12-21T11:01:46.781789 2023-12-21T11:01:46.786586 / # /lava-449286/bin/lava-test-runner /lava-449286/1 2023-12-21T11:01:46.859605 + export 'TESTRUN_ID=1_bootrr' ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+-----------+------------ sun50i-h6-pine-h64 | arm64 | lab-collabora | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/65841b54ac4358b64ee134b2 Results: 5 PASS, 1 FAIL, 1 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… HTML log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/65841b54ac4358b64ee134b7 failing since 28 days (last pass: v6.1.22-372-g971903477e72, first fail: v6.1.63-176-gecc0fed1ffa4) 2023-12-21T11:10:04.855506 / # # 2023-12-21T11:10:04.957554 export SHELL=/bin/sh 2023-12-21T11:10:04.957802 # 2023-12-21T11:10:05.058505 / # export SHELL=/bin/sh. /lava-12339200/environment 2023-12-21T11:10:05.059171 2023-12-21T11:10:05.160491 / # . /lava-12339200/environment/lava-12339200/bin/lava-test-runner /lava-12339200/1 2023-12-21T11:10:05.161550 2023-12-21T11:10:05.163681 / # /lava-12339200/bin/lava-test-runner /lava-12339200/1 2023-12-21T11:10:05.243935 + export 'TESTRUN_ID=1_bootrr' 2023-12-21T11:10:05.244475 + cd /lava-1233920<8>[ 19.116040] <LAVA_SIGNAL_STARTRUN 1_bootrr 12339200_1.5.2.4.5> ... (11 line(s) more)

1 year, 12 months

1
0
0 0

stable-rc/queue/6.6 baseline: 87 runs, 1 regressions (v6.6.7-168-g611edaf5fedea)

by kernelci.org bot

stable-rc/queue/6.6 baseline: 87 runs, 1 regressions (v6.6.7-168-g611edaf5fedea) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+-------------+----------+-----------+------------ kontron-pitx-imx8m | arm64 | lab-kontron | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F6.6/kernel/v6.6.7-16… Test: baseline Tree: stable-rc Branch: queue/6.6 Describe: v6.6.7-168-g611edaf5fedea URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 611edaf5fedea04df15f13c80a8d88ab76c9f6e9 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+-------------+----------+-----------+------------ kontron-pitx-imx8m | arm64 | lab-kontron | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/65841d385b9a1133c0e13495 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-6.6/v6.6.7-168-g611edaf5fedea… HTML log: https://storage.kernelci.org//stable-rc/queue-6.6/v6.6.7-168-g611edaf5fedea… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/65841d385b9a1133c0e13496 new failure (last pass: v6.6.7-166-g4a769d77505ba)

1 year, 12 months

1
0
0 0

[PATCH v2] wifi: mwifiex: fix uninitialized firmware_stat

by David Lin

Variable firmware_stat is possible to be used without initialization. Signed-off-by: David Lin <yu-hao.lin(a)nxp.com> Fixes: 1c5d463c0770 ("wifi: mwifiex: add extra delay for firmware ready") Cc: stable(a)vger.kernel.org Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Dan Carpenter <error27(a)gmail.com> Closes: https://lore.kernel.org/r/202312192236.ZflaWYCw-lkp@intel.com/ --- v2: - corrected spelling error: possilbe -> possible. --- drivers/net/wireless/marvell/mwifiex/sdio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/marvell/mwifiex/sdio.c b/drivers/net/wireless/marvell/mwifiex/sdio.c index ef3e68d1059c..75f53c2f1e1f 100644 --- a/drivers/net/wireless/marvell/mwifiex/sdio.c +++ b/drivers/net/wireless/marvell/mwifiex/sdio.c @@ -779,7 +779,7 @@ static int mwifiex_check_fw_status(struct mwifiex_adapter *adapter, { struct sdio_mmc_card *card = adapter->card; int ret = 0; - u16 firmware_stat; + u16 firmware_stat = 0; u32 tries; for (tries = 0; tries < poll_num; tries++) { base-commit: 783004b6dbda2cfe9a552a4cc9c1d168a2068f6c prerequisite-patch-id: ee10b03f813ab1e72d05c59aef4e07a26afdf678 -- 2.25.1

1 year, 12 months

3
3
0 0

Re: [PATCHv4 bpf 1/2] bpf: Fix prog_array_map_poke_run map poke update

by Lee Jones

Dear Stable, > Lee pointed out issue found by syscaller [0] hitting BUG in prog array > map poke update in prog_array_map_poke_run function due to error value > returned from bpf_arch_text_poke function. > > There's race window where bpf_arch_text_poke can fail due to missing > bpf program kallsym symbols, which is accounted for with check for > -EINVAL in that BUG_ON call. > > The problem is that in such case we won't update the tail call jump > and cause imbalance for the next tail call update check which will > fail with -EBUSY in bpf_arch_text_poke. > > I'm hitting following race during the program load: > > CPU 0 CPU 1 > > bpf_prog_load > bpf_check > do_misc_fixups > prog_array_map_poke_track > > map_update_elem > bpf_fd_array_map_update_elem > prog_array_map_poke_run > > bpf_arch_text_poke returns -EINVAL > > bpf_prog_kallsyms_add > > After bpf_arch_text_poke (CPU 1) fails to update the tail call jump, the next > poke update fails on expected jump instruction check in bpf_arch_text_poke > with -EBUSY and triggers the BUG_ON in prog_array_map_poke_run. > > Similar race exists on the program unload. > > Fixing this by moving the update to bpf_arch_poke_desc_update function which > makes sure we call __bpf_arch_text_poke that skips the bpf address check. > > Each architecture has slightly different approach wrt looking up bpf address > in bpf_arch_text_poke, so instead of splitting the function or adding new > 'checkip' argument in previous version, it seems best to move the whole > map_poke_run update as arch specific code. > > [0] https://syzkaller.appspot.com/bug?extid=97a4fe20470e9bc30810 > > Cc: Lee Jones <lee(a)kernel.org> > Cc: Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> > Fixes: ebf7d1f508a7 ("bpf, x64: rework pro/epilogue and tailcall handling in JIT") > Reported-by: syzbot+97a4fe20470e9bc30810(a)syzkaller.appspotmail.com > Acked-by: Yonghong Song <yonghong.song(a)linux.dev> > Signed-off-by: Jiri Olsa <jolsa(a)kernel.org> > --- > arch/x86/net/bpf_jit_comp.c | 46 +++++++++++++++++++++++++++++ > include/linux/bpf.h | 3 ++ > kernel/bpf/arraymap.c | 58 +++++++------------------------------ > 3 files changed, 59 insertions(+), 48 deletions(-) Please could we have this backported? Guided by the Fixes: tag. > diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c > index 8c10d9abc239..e89e415aa743 100644 > --- a/arch/x86/net/bpf_jit_comp.c > +++ b/arch/x86/net/bpf_jit_comp.c > @@ -3025,3 +3025,49 @@ void arch_bpf_stack_walk(bool (*consume_fn)(void *cookie, u64 ip, u64 sp, u64 bp > #endif > WARN(1, "verification of programs using bpf_throw should have failed\n"); > } > + > +void bpf_arch_poke_desc_update(struct bpf_jit_poke_descriptor *poke, > + struct bpf_prog *new, struct bpf_prog *old) > +{ > + u8 *old_addr, *new_addr, *old_bypass_addr; > + int ret; > + > + old_bypass_addr = old ? NULL : poke->bypass_addr; > + old_addr = old ? (u8 *)old->bpf_func + poke->adj_off : NULL; > + new_addr = new ? (u8 *)new->bpf_func + poke->adj_off : NULL; > + > + /* > + * On program loading or teardown, the program's kallsym entry > + * might not be in place, so we use __bpf_arch_text_poke to skip > + * the kallsyms check. > + */ > + if (new) { > + ret = __bpf_arch_text_poke(poke->tailcall_target, > + BPF_MOD_JUMP, > + old_addr, new_addr); > + BUG_ON(ret < 0); > + if (!old) { > + ret = __bpf_arch_text_poke(poke->tailcall_bypass, > + BPF_MOD_JUMP, > + poke->bypass_addr, > + NULL); > + BUG_ON(ret < 0); > + } > + } else { > + ret = __bpf_arch_text_poke(poke->tailcall_bypass, > + BPF_MOD_JUMP, > + old_bypass_addr, > + poke->bypass_addr); > + BUG_ON(ret < 0); > + /* let other CPUs finish the execution of program > + * so that it will not possible to expose them > + * to invalid nop, stack unwind, nop state > + */ > + if (!ret) > + synchronize_rcu(); > + ret = __bpf_arch_text_poke(poke->tailcall_target, > + BPF_MOD_JUMP, > + old_addr, NULL); > + BUG_ON(ret < 0); > + } > +} > diff --git a/include/linux/bpf.h b/include/linux/bpf.h > index 6762dac3ef76..cff5bb08820e 100644 > --- a/include/linux/bpf.h > +++ b/include/linux/bpf.h > @@ -3175,6 +3175,9 @@ enum bpf_text_poke_type { > int bpf_arch_text_poke(void *ip, enum bpf_text_poke_type t, > void *addr1, void *addr2); > > +void bpf_arch_poke_desc_update(struct bpf_jit_poke_descriptor *poke, > + struct bpf_prog *new, struct bpf_prog *old); > + > void *bpf_arch_text_copy(void *dst, void *src, size_t len); > int bpf_arch_text_invalidate(void *dst, size_t len); > > diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c > index 2058e89b5ddd..c85ff9162a5c 100644 > --- a/kernel/bpf/arraymap.c > +++ b/kernel/bpf/arraymap.c > @@ -1012,11 +1012,16 @@ static void prog_array_map_poke_untrack(struct bpf_map *map, > mutex_unlock(&aux->poke_mutex); > } > > +void __weak bpf_arch_poke_desc_update(struct bpf_jit_poke_descriptor *poke, > + struct bpf_prog *new, struct bpf_prog *old) > +{ > + WARN_ON_ONCE(1); > +} > + > static void prog_array_map_poke_run(struct bpf_map *map, u32 key, > struct bpf_prog *old, > struct bpf_prog *new) > { > - u8 *old_addr, *new_addr, *old_bypass_addr; > struct prog_poke_elem *elem; > struct bpf_array_aux *aux; > > @@ -1025,7 +1030,7 @@ static void prog_array_map_poke_run(struct bpf_map *map, u32 key, > > list_for_each_entry(elem, &aux->poke_progs, list) { > struct bpf_jit_poke_descriptor *poke; > - int i, ret; > + int i; > > for (i = 0; i < elem->aux->size_poke_tab; i++) { > poke = &elem->aux->poke_tab[i]; > @@ -1044,21 +1049,10 @@ static void prog_array_map_poke_run(struct bpf_map *map, u32 key, > * activated, so tail call updates can arrive from here > * while JIT is still finishing its final fixup for > * non-activated poke entries. > - * 3) On program teardown, the program's kallsym entry gets > - * removed out of RCU callback, but we can only untrack > - * from sleepable context, therefore bpf_arch_text_poke() > - * might not see that this is in BPF text section and > - * bails out with -EINVAL. As these are unreachable since > - * RCU grace period already passed, we simply skip them. > - * 4) Also programs reaching refcount of zero while patching > + * 3) Also programs reaching refcount of zero while patching > * is in progress is okay since we're protected under > * poke_mutex and untrack the programs before the JIT > - * buffer is freed. When we're still in the middle of > - * patching and suddenly kallsyms entry of the program > - * gets evicted, we just skip the rest which is fine due > - * to point 3). > - * 5) Any other error happening below from bpf_arch_text_poke() > - * is a unexpected bug. > + * buffer is freed. > */ > if (!READ_ONCE(poke->tailcall_target_stable)) > continue; > @@ -1068,39 +1062,7 @@ static void prog_array_map_poke_run(struct bpf_map *map, u32 key, > poke->tail_call.key != key) > continue; > > - old_bypass_addr = old ? NULL : poke->bypass_addr; > - old_addr = old ? (u8 *)old->bpf_func + poke->adj_off : NULL; > - new_addr = new ? (u8 *)new->bpf_func + poke->adj_off : NULL; > - > - if (new) { > - ret = bpf_arch_text_poke(poke->tailcall_target, > - BPF_MOD_JUMP, > - old_addr, new_addr); > - BUG_ON(ret < 0 && ret != -EINVAL); > - if (!old) { > - ret = bpf_arch_text_poke(poke->tailcall_bypass, > - BPF_MOD_JUMP, > - poke->bypass_addr, > - NULL); > - BUG_ON(ret < 0 && ret != -EINVAL); > - } > - } else { > - ret = bpf_arch_text_poke(poke->tailcall_bypass, > - BPF_MOD_JUMP, > - old_bypass_addr, > - poke->bypass_addr); > - BUG_ON(ret < 0 && ret != -EINVAL); > - /* let other CPUs finish the execution of program > - * so that it will not possible to expose them > - * to invalid nop, stack unwind, nop state > - */ > - if (!ret) > - synchronize_rcu(); > - ret = bpf_arch_text_poke(poke->tailcall_target, > - BPF_MOD_JUMP, > - old_addr, NULL); > - BUG_ON(ret < 0 && ret != -EINVAL); > - } > + bpf_arch_poke_desc_update(poke, new, old); > } > } > } > -- > 2.43.0 > -- Lee Jones [李琼斯]

1 year, 12 months

3
6
0 0

stable-rc/queue/6.1 build: 18 builds: 0 failed, 18 passed, 1 warning (v6.1.68-109-g72c91a6aec84e)

by kernelci.org bot

stable-rc/queue/6.1 build: 18 builds: 0 failed, 18 passed, 1 warning (v6.1.68-109-g72c91a6aec84e) Full Build Summary: https://kernelci.org/build/stable-rc/branch/queue%2F6.1/kernel/v6.1.68-109-… Tree: stable-rc Branch: queue/6.1 Git Describe: v6.1.68-109-g72c91a6aec84e Git Commit: 72c91a6aec84e00beb4efae0f0c87057a8702425 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 7 unique architectures Warnings Detected: arc: arm64: arm: i386: mips: 32r2el_defconfig (gcc-10): 1 warning riscv: x86_64: Warnings summary: 1 arch/mips/boot/dts/img/boston.dts:128.19-178.5: Warning (pci_device_reg): /pci@14000000/pci2_root@0,0,0: PCI unit address format error, expected "0,0" ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- 32r2el_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: arch/mips/boot/dts/img/boston.dts:128.19-178.5: Warning (pci_device_reg): /pci@14000000/pci2_root@0,0,0: PCI unit address format error, expected "0,0" -------------------------------------------------------------------------------- allnoconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- haps_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nommu_k210_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nommu_k210_sdcard_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rv32_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vexpress_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+x86-board (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

1 year, 12 months

1
0
0 0

stable-rc/queue/6.6 build: 19 builds: 0 failed, 19 passed (v6.6.7-168-g611edaf5fedea)

by kernelci.org bot

stable-rc/queue/6.6 build: 19 builds: 0 failed, 19 passed (v6.6.7-168-g611edaf5fedea) Full Build Summary: https://kernelci.org/build/stable-rc/branch/queue%2F6.6/kernel/v6.6.7-168-g… Tree: stable-rc Branch: queue/6.6 Git Describe: v6.6.7-168-g611edaf5fedea Git Commit: 611edaf5fedea04df15f13c80a8d88ab76c9f6e9 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 7 unique architectures ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- 32r2el_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- haps_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nommu_k210_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nommu_k210_sdcard_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omap2plus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rv32_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vexpress_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

1 year, 12 months

1
0
0 0

[PATCH 5.10 0/1] 9p/net: fix possible memory leak in p9_check_errors()

by Alexey Panov

Syzkaller reports "memory leak in p9pdu_readf" in 5.10 stable releases. I've attached reproducers in Bugzilla [1]. The problem has been fixed by the following patch which can be applied to the 5.10 branch. The fix is already present in all stable branches starting from 5.15. [1] https://bugzilla.kernel.org/show_bug.cgi?id=218235 Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

1 year, 12 months

1
1
0 0

[PATCH 3/3] mm/memory-failure: Cast index to loff_t before shifting it

by Matthew Wilcox (Oracle)

On 32-bit systems, we'll lose the top bits of index because arithmetic will be performed in unsigned long instead of unsigned long long. This affects files over 4GB in size. Fixes: 6100e34b2526 ("mm, memory_failure: Teach memory_failure() about dev_pagemap pages") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> --- mm/memory-failure.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 82e15baabb48..455093f73a70 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1704,7 +1704,7 @@ static void unmap_and_kill(struct list_head *to_kill, unsigned long pfn, * mapping being torn down is communicated in siginfo, see * kill_proc() */ - loff_t start = (index << PAGE_SHIFT) & ~(size - 1); + loff_t start = ((loff_t)index << PAGE_SHIFT) & ~(size - 1); unmap_mapping_range(mapping, start, size, 0); } -- 2.42.0

1 year, 12 months

2
1
0 0

[PATCH 1/3] mm/memory-failure: Pass the folio and the page to collect_procs()

by Matthew Wilcox (Oracle)

Both collect_procs_anon() and collect_procs_file() iterate over the VMA interval trees looking for a single pgoff, so it is wrong to look for the pgoff of the head page as is currently done. However, it is also wrong to look at page->mapping of the precise page as this is invalid for tail pages. Clear up the confusion by passing both the folio and the precise page to collect_procs(). Fixes: 415c64c1453a ("mm/memory-failure: split thp earlier in memory error handling") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> --- mm/memory-failure.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 660c21859118..6953bda11e6e 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -595,10 +595,9 @@ struct task_struct *task_early_kill(struct task_struct *tsk, int force_early) /* * Collect processes when the error hit an anonymous page. */ -static void collect_procs_anon(struct page *page, struct list_head *to_kill, - int force_early) +static void collect_procs_anon(struct folio *folio, struct page *page, + struct list_head *to_kill, int force_early) { - struct folio *folio = page_folio(page); struct vm_area_struct *vma; struct task_struct *tsk; struct anon_vma *av; @@ -633,12 +632,12 @@ static void collect_procs_anon(struct page *page, struct list_head *to_kill, /* * Collect processes when the error hit a file mapped page. */ -static void collect_procs_file(struct page *page, struct list_head *to_kill, - int force_early) +static void collect_procs_file(struct folio *folio, struct page *page, + struct list_head *to_kill, int force_early) { struct vm_area_struct *vma; struct task_struct *tsk; - struct address_space *mapping = page->mapping; + struct address_space *mapping = folio->mapping; pgoff_t pgoff; i_mmap_lock_read(mapping); @@ -704,17 +703,17 @@ static void collect_procs_fsdax(struct page *page, /* * Collect the processes who have the corrupted page mapped to kill. */ -static void collect_procs(struct page *page, struct list_head *tokill, - int force_early) +static void collect_procs(struct folio *folio, struct page *page, + struct list_head *tokill, int force_early) { - if (!page->mapping) + if (!folio->mapping) return; if (unlikely(PageKsm(page))) collect_procs_ksm(page, tokill, force_early); else if (PageAnon(page)) - collect_procs_anon(page, tokill, force_early); + collect_procs_anon(folio, page, tokill, force_early); else - collect_procs_file(page, tokill, force_early); + collect_procs_file(folio, page, tokill, force_early); } struct hwpoison_walk { @@ -1602,7 +1601,7 @@ static bool hwpoison_user_mappings(struct page *p, unsigned long pfn, * mapped in dirty form. This has to be done before try_to_unmap, * because ttu takes the rmap data structures down. */ - collect_procs(hpage, &tokill, flags & MF_ACTION_REQUIRED); + collect_procs(folio, p, &tokill, flags & MF_ACTION_REQUIRED); if (PageHuge(hpage) && !PageAnon(hpage)) { /* @@ -1772,7 +1771,7 @@ static int mf_generic_kill_procs(unsigned long long pfn, int flags, * SIGBUS (i.e. MF_MUST_KILL) */ flags |= MF_ACTION_REQUIRED | MF_MUST_KILL; - collect_procs(&folio->page, &to_kill, true); + collect_procs(folio, &folio->page, &to_kill, true); unmap_and_kill(&to_kill, pfn, folio->mapping, folio->index, flags); unlock: -- 2.42.0

1 year, 12 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2023