August 2023 - Linux-stable-mirror

[withdrawn] mm-add-lockdep-annotation-to-pgdat_init_all_done_comp-completer.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: add lockdep annotation to pgdat_init_all_done_comp completer has been removed from the -mm tree. Its filename was mm-add-lockdep-annotation-to-pgdat_init_all_done_comp-completer.patch This patch was dropped because it was withdrawn ------------------------------------------------------ From: Helge Deller <deller(a)gmx.de> Subject: mm: add lockdep annotation to pgdat_init_all_done_comp completer Date: Fri, 11 Aug 2023 18:06:19 +0200 Add the missing lockdep annotation to avoid this kernel warning: smp: Brought up 1 node, 1 CPU INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use?' turning off the locking correctness validator. CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.5.0-rc5+ #683 Hardware name: 9000/785/C3700 Backtrace: [<000000004030bcd0>] show_stack+0x74/0xb0 [<000000004146c63c>] dump_stack_lvl+0x104/0x180 [<000000004146c6ec>] dump_stack+0x34/0x48 [<000000004040e5b4>] register_lock_class+0xd24/0xd30 [<000000004040c21c>] __lock_acquire.isra.0+0xb4/0xac8 [<000000004040cd60>] lock_acquire+0x130/0x298 [<000000004147095c>] _raw_spin_lock_irq+0x60/0xb8 [<0000000041474a4c>] wait_for_completion+0xa0/0x2d0 [<000000004012bf04>] page_alloc_init_late+0xf8/0x2b0 [<0000000040102b20>] kernel_init_freeable+0x464/0x7f0 [<000000004146df68>] kernel_init+0x64/0x3a8 [<0000000040302020>] ret_from_kernel_thread+0x20/0x28 Link: https://lkml.kernel.org/r/ZNZce1KGxP1dxpTN@p100 Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mm_init.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/mm_init.c~mm-add-lockdep-annotation-to-pgdat_init_all_done_comp-completer +++ a/mm/mm_init.c @@ -2377,6 +2377,7 @@ void __init page_alloc_init_late(void) int nid; #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT + init_completion(&pgdat_init_all_done_comp); /* There will be num_node_state(N_MEMORY) threads */ atomic_set(&pgdat_init_n_undone, num_node_state(N_MEMORY)); _ Patches currently in -mm which might be from deller(a)gmx.de are init-add-lockdep-annotation-to-kthreadd_done-completer.patch watchdog-fix-lockdep-warning.patch

1 year, 4 months

1
0
0 0

+ memfd-replace-ratcheting-feature-from-vmmemfd_noexec-with-hierarchy.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: memfd: replace ratcheting feature from vm.memfd_noexec with hierarchy has been added to the -mm mm-unstable branch. Its filename is memfd-replace-ratcheting-feature-from-vmmemfd_noexec-with-hierarchy.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Aleksa Sarai <cyphar(a)cyphar.com> Subject: memfd: replace ratcheting feature from vm.memfd_noexec with hierarchy Date: Mon, 14 Aug 2023 18:41:00 +1000 This sysctl has the very unusual behaviour of not allowing any user (even CAP_SYS_ADMIN) to reduce the restriction setting, meaning that if you were to set this sysctl to a more restrictive option in the host pidns you would need to reboot your machine in order to reset it. The justification given in [1] is that this is a security feature and thus it should not be possible to disable. Aside from the fact that we have plenty of security-related sysctls that can be disabled after being enabled (fs.protected_symlinks for instance), the protection provided by the sysctl is to stop users from being able to create a binary and then execute it. A user with CAP_SYS_ADMIN can trivially do this without memfd_create(2): % cat mount-memfd.c #include <fcntl.h> #include <string.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <linux/mount.h> #define SHELLCODE "#!/bin/echo this file was executed from this totally private tmpfs:" int main(void) { int fsfd = fsopen("tmpfs", FSOPEN_CLOEXEC); assert(fsfd >= 0); assert(!fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 2)); int dfd = fsmount(fsfd, FSMOUNT_CLOEXEC, 0); assert(dfd >= 0); int execfd = openat(dfd, "exe", O_CREAT | O_RDWR | O_CLOEXEC, 0782); assert(execfd >= 0); assert(write(execfd, SHELLCODE, strlen(SHELLCODE)) == strlen(SHELLCODE)); assert(!close(execfd)); char *execpath = NULL; char *argv[] = { "bad-exe", NULL }, *envp[] = { NULL }; execfd = openat(dfd, "exe", O_PATH | O_CLOEXEC); assert(execfd >= 0); assert(asprintf(&execpath, "/proc/self/fd/%d", execfd) > 0); assert(!execve(execpath, argv, envp)); } % ./mount-memfd this file was executed from this totally private tmpfs: /proc/self/fd/5 % Given that it is possible for CAP_SYS_ADMIN users to create executable binaries without memfd_create(2) and without touching the host filesystem (not to mention the many other things a CAP_SYS_ADMIN process would be able to do that would be equivalent or worse), it seems strange to cause a fair amount of headache to admins when there doesn't appear to be an actual security benefit to blocking this. There appear to be concerns about confused-deputy-esque attacks[2] but a confused deputy that can write to arbitrary sysctls is a bigger security issue than executable memfds. /* New API */ The primary requirement from the original author appears to be more based on the need to be able to restrict an entire system in a hierarchical manner[3], such that child namespaces cannot re-enable executable memfds. So, implement that behaviour explicitly -- the vm.memfd_noexec scope is evaluated up the pidns tree to &init_pid_ns and you have the most restrictive value applied to you. The new lower limit you can set vm.memfd_noexec is whatever limit applies to your parent. Note that a pidns will inherit a copy of the parent pidns's effective vm.memfd_noexec setting at unshare() time. This matches the existing behaviour, and it also ensures that a pidns will never have its vm.memfd_noexec setting *lowered* behind its back (but it will be raised if the parent raises theirs). /* Backwards Compatibility */ As the previous version of the sysctl didn't allow you to lower the setting at all, there are no backwards compatibility issues with this aspect of the change. However it should be noted that now that the setting is completely hierarchical. Previously, a cloned pidns would just copy the current pidns setting, meaning that if the parent's vm.memfd_noexec was changed it wouldn't propoagate to existing pid namespaces. Now, the restriction applies recursively. This is a uAPI change, however: * The sysctl is very new, having been merged in 6.3. * Several aspects of the sysctl were broken up until this patchset and the other patchset by Jeff Xu last month. And thus it seems incredibly unlikely that any real users would run into this issue. In the worst case, if this causes userspace isues we could make it so that modifying the setting follows the hierarchical rules but the restriction checking uses the cached copy. [1]: https://lore.kernel.org/CABi2SkWnAgHK1i6iqSqPMYuNEhtHBkO8jUuCvmG3RmUB5TKHJw… [2]: https://lore.kernel.org/CALmYWFs_dNCzw_pW1yRAo4bGCPEtykroEQaowNULp7svwMLjOg… [3]: https://lore.kernel.org/CALmYWFuahdUF7cT4cm7_TGLqPanuHXJ-hVSfZt7vpTnc18DPrw… Link: https://lkml.kernel.org/r/20230814-memfd-vm-noexec-uapi-fixes-v2-4-7ff9e3e1… Fixes: 105ff5339f49 ("mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC") Signed-off-by: Aleksa Sarai <cyphar(a)cyphar.com> Cc: Dominique Martinet <asmadeus(a)codewreck.org> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Daniel Verkamp <dverkamp(a)chromium.org> Cc: Jeff Xu <jeffxu(a)google.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/pid_namespace.h | 23 ++++++++++++++++++++++- kernel/pid.c | 3 +++ kernel/pid_namespace.c | 6 +++--- kernel/pid_sysctl.h | 30 +++++++++++++----------------- mm/memfd.c | 3 ++- 5 files changed, 43 insertions(+), 22 deletions(-) --- a/include/linux/pid_namespace.h~memfd-replace-ratcheting-feature-from-vmmemfd_noexec-with-hierarchy +++ a/include/linux/pid_namespace.h @@ -39,7 +39,6 @@ struct pid_namespace { int reboot; /* group exit code if this pidns was rebooted */ struct ns_common ns; #if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) - /* sysctl for vm.memfd_noexec */ int memfd_noexec_scope; #endif } __randomize_layout; @@ -56,6 +55,23 @@ static inline struct pid_namespace *get_ return ns; } +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) +static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns) +{ + int scope = MEMFD_NOEXEC_SCOPE_EXEC; + + for (; ns; ns = ns->parent) + scope = max(scope, READ_ONCE(ns->memfd_noexec_scope)); + + return scope; +} +#else +static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns) +{ + return 0; +} +#endif + extern struct pid_namespace *copy_pid_ns(unsigned long flags, struct user_namespace *user_ns, struct pid_namespace *ns); extern void zap_pid_ns_processes(struct pid_namespace *pid_ns); @@ -70,6 +86,11 @@ static inline struct pid_namespace *get_ return ns; } +static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns) +{ + return 0; +} + static inline struct pid_namespace *copy_pid_ns(unsigned long flags, struct user_namespace *user_ns, struct pid_namespace *ns) { --- a/kernel/pid.c~memfd-replace-ratcheting-feature-from-vmmemfd_noexec-with-hierarchy +++ a/kernel/pid.c @@ -83,6 +83,9 @@ struct pid_namespace init_pid_ns = { #ifdef CONFIG_PID_NS .ns.ops = &pidns_operations, #endif +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) + .memfd_noexec_scope = MEMFD_NOEXEC_SCOPE_EXEC, +#endif }; EXPORT_SYMBOL_GPL(init_pid_ns); --- a/kernel/pid_namespace.c~memfd-replace-ratcheting-feature-from-vmmemfd_noexec-with-hierarchy +++ a/kernel/pid_namespace.c @@ -110,9 +110,9 @@ static struct pid_namespace *create_pid_ ns->user_ns = get_user_ns(user_ns); ns->ucounts = ucounts; ns->pid_allocated = PIDNS_ADDING; - - initialize_memfd_noexec_scope(ns); - +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) + ns->memfd_noexec_scope = pidns_memfd_noexec_scope(parent_pid_ns); +#endif return ns; out_free_idr: --- a/kernel/pid_sysctl.h~memfd-replace-ratcheting-feature-from-vmmemfd_noexec-with-hierarchy +++ a/kernel/pid_sysctl.h @@ -5,33 +5,30 @@ #include <linux/pid_namespace.h> #if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) -static inline void initialize_memfd_noexec_scope(struct pid_namespace *ns) -{ - ns->memfd_noexec_scope = - task_active_pid_ns(current)->memfd_noexec_scope; -} - static int pid_mfd_noexec_dointvec_minmax(struct ctl_table *table, int write, void *buf, size_t *lenp, loff_t *ppos) { struct pid_namespace *ns = task_active_pid_ns(current); struct ctl_table table_copy; + int err, scope, parent_scope; if (write && !ns_capable(ns->user_ns, CAP_SYS_ADMIN)) return -EPERM; table_copy = *table; - if (ns != &init_pid_ns) - table_copy.data = &ns->memfd_noexec_scope; - - /* - * set minimum to current value, the effect is only bigger - * value is accepted. - */ - if (*(int *)table_copy.data > *(int *)table_copy.extra1) - table_copy.extra1 = table_copy.data; - return proc_dointvec_minmax(&table_copy, write, buf, lenp, ppos); + /* You cannot set a lower enforcement value than your parent. */ + parent_scope = pidns_memfd_noexec_scope(ns->parent); + /* Equivalent to pidns_memfd_noexec_scope(ns). */ + scope = max(READ_ONCE(ns->memfd_noexec_scope), parent_scope); + + table_copy.data = &scope; + table_copy.extra1 = &parent_scope; + + err = proc_dointvec_minmax(&table_copy, write, buf, lenp, ppos); + if (!err && write) + WRITE_ONCE(ns->memfd_noexec_scope, scope); + return err; } static struct ctl_table pid_ns_ctl_table_vm[] = { @@ -51,7 +48,6 @@ static inline void register_pid_ns_sysct register_sysctl("vm", pid_ns_ctl_table_vm); } #else -static inline void initialize_memfd_noexec_scope(struct pid_namespace *ns) {} static inline void register_pid_ns_sysctl_table_vm(void) {} #endif --- a/mm/memfd.c~memfd-replace-ratcheting-feature-from-vmmemfd_noexec-with-hierarchy +++ a/mm/memfd.c @@ -271,7 +271,8 @@ long memfd_fcntl(struct file *file, unsi static int check_sysctl_memfd_noexec(unsigned int *flags) { #ifdef CONFIG_SYSCTL - int sysctl = task_active_pid_ns(current)->memfd_noexec_scope; + struct pid_namespace *ns = task_active_pid_ns(current); + int sysctl = pidns_memfd_noexec_scope(ns); if (!(*flags & (MFD_EXEC | MFD_NOEXEC_SEAL))) { if (sysctl >= MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL) _ Patches currently in -mm which might be from cyphar(a)cyphar.com are selftests-memfd-error-out-test-process-when-child-test-fails.patch memfd-do-not-eacces-old-memfd_create-users-with-vmmemfd_noexec=2.patch memfd-improve-userspace-warnings-for-missing-exec-related-flags.patch memfd-replace-ratcheting-feature-from-vmmemfd_noexec-with-hierarchy.patch selftests-improve-vmmemfd_noexec-sysctl-tests.patch

1 year, 4 months

1
0
0 0

+ memfd-improve-userspace-warnings-for-missing-exec-related-flags.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: memfd: improve userspace warnings for missing exec-related flags has been added to the -mm mm-unstable branch. Its filename is memfd-improve-userspace-warnings-for-missing-exec-related-flags.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Aleksa Sarai <cyphar(a)cyphar.com> Subject: memfd: improve userspace warnings for missing exec-related flags Date: Mon, 14 Aug 2023 18:40:59 +1000 In order to incentivise userspace to switch to passing MFD_EXEC and MFD_NOEXEC_SEAL, we need to provide a warning on each attempt to call memfd_create() without the new flags. pr_warn_once() is not useful because on most systems the one warning is burned up during the boot process (on my system, systemd does this within the first second of boot) and thus userspace will in practice never see the warnings to push them to switch to the new flags. The original patchset[1] used pr_warn_ratelimited(), however there were concerns about the degree of spam in the kernel log[2,3]. The resulting inability to detect every case was flagged as an issue at the time[4]. While we could come up with an alternative rate-limiting scheme such as only outputting the message if vm.memfd_noexec has been modified, or only outputting the message once for a given task, these alternatives have downsides that don't make sense given how low-stakes a single kernel warning message is. Switching to pr_info_ratelimited() instead should be fine -- it's possible some monitoring tool will be unhappy with a stream of warning-level messages but there's already plenty of info-level message spam in dmesg. [1]: https://lore.kernel.org/20221215001205.51969-4-jeffxu@google.com/ [2]: https://lore.kernel.org/202212161233.85C9783FB@keescook/ [3]: https://lore.kernel.org/Y5yS8wCnuYGLHMj4@x1n/ [4]: https://lore.kernel.org/f185bb42-b29c-977e-312e-3349eea15383@linuxfoundatio… Link: https://lkml.kernel.org/r/20230814-memfd-vm-noexec-uapi-fixes-v2-3-7ff9e3e1… Fixes: 105ff5339f49 ("mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC") Signed-off-by: Aleksa Sarai <cyphar(a)cyphar.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Daniel Verkamp <dverkamp(a)chromium.org> Cc: Dominique Martinet <asmadeus(a)codewreck.org> Cc: Kees Cook <keescook(a)chromium.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memfd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/memfd.c~memfd-improve-userspace-warnings-for-missing-exec-related-flags +++ a/mm/memfd.c @@ -315,7 +315,7 @@ SYSCALL_DEFINE2(memfd_create, return -EINVAL; if (!(flags & (MFD_EXEC | MFD_NOEXEC_SEAL))) { - pr_warn_once( + pr_info_ratelimited( "%s[%d]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set\n", current->comm, task_pid_nr(current)); } _ Patches currently in -mm which might be from cyphar(a)cyphar.com are selftests-memfd-error-out-test-process-when-child-test-fails.patch memfd-do-not-eacces-old-memfd_create-users-with-vmmemfd_noexec=2.patch memfd-improve-userspace-warnings-for-missing-exec-related-flags.patch memfd-replace-ratcheting-feature-from-vmmemfd_noexec-with-hierarchy.patch selftests-improve-vmmemfd_noexec-sysctl-tests.patch

1 year, 4 months

1
0
0 0

+ memfd-do-not-eacces-old-memfd_create-users-with-vmmemfd_noexec=2.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: memfd: do not -EACCES old memfd_create() users with vm.memfd_noexec=2 has been added to the -mm mm-unstable branch. Its filename is memfd-do-not-eacces-old-memfd_create-users-with-vmmemfd_noexec=2.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Aleksa Sarai <cyphar(a)cyphar.com> Subject: memfd: do not -EACCES old memfd_create() users with vm.memfd_noexec=2 Date: Mon, 14 Aug 2023 18:40:58 +1000 Given the difficulty of auditing all of userspace to figure out whether every memfd_create() user has switched to passing MFD_EXEC and MFD_NOEXEC_SEAL flags, it seems far less distruptive to make it possible for older programs that don't make use of executable memfds to run under vm.memfd_noexec=2. Otherwise, a small dependency change can result in spurious errors. For programs that don't use executable memfds, passing MFD_NOEXEC_SEAL is functionally a no-op and thus having the same In addition, every failure under vm.memfd_noexec=2 needs to print to the kernel log so that userspace can figure out where the error came from. The concerns about pr_warn_ratelimited() spam that caused the switch to pr_warn_once()[1,2] do not apply to the vm.memfd_noexec=2 case. This is a user-visible API change, but as it allows programs to do something that would be blocked before, and the sysctl itself was broken and recently released, it seems unlikely this will cause any issues. [1]: https://lore.kernel.org/Y5yS8wCnuYGLHMj4@x1n/ [2]: https://lore.kernel.org/202212161233.85C9783FB@keescook/ Link: https://lkml.kernel.org/r/20230814-memfd-vm-noexec-uapi-fixes-v2-2-7ff9e3e1… Fixes: 105ff5339f49 ("mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC") Signed-off-by: Aleksa Sarai <cyphar(a)cyphar.com> Cc: Dominique Martinet <asmadeus(a)codewreck.org> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Daniel Verkamp <dverkamp(a)chromium.org> Cc: Jeff Xu <jeffxu(a)google.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/pid_namespace.h | 16 ++-------- mm/memfd.c | 30 ++++++------------- tools/testing/selftests/memfd/memfd_test.c | 22 ++++++++++--- 3 files changed, 32 insertions(+), 36 deletions(-) --- a/include/linux/pid_namespace.h~memfd-do-not-eacces-old-memfd_create-users-with-vmmemfd_noexec=2 +++ a/include/linux/pid_namespace.h @@ -17,18 +17,10 @@ struct fs_pin; #if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) -/* - * sysctl for vm.memfd_noexec - * 0: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL - * acts like MFD_EXEC was set. - * 1: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL - * acts like MFD_NOEXEC_SEAL was set. - * 2: memfd_create() without MFD_NOEXEC_SEAL will be - * rejected. - */ -#define MEMFD_NOEXEC_SCOPE_EXEC 0 -#define MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL 1 -#define MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED 2 +/* modes for vm.memfd_noexec sysctl */ +#define MEMFD_NOEXEC_SCOPE_EXEC 0 /* MFD_EXEC implied if unset */ +#define MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL 1 /* MFD_NOEXEC_SEAL implied if unset */ +#define MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED 2 /* same as 1, except MFD_EXEC rejected */ #endif struct pid_namespace { --- a/mm/memfd.c~memfd-do-not-eacces-old-memfd_create-users-with-vmmemfd_noexec=2 +++ a/mm/memfd.c @@ -271,30 +271,22 @@ long memfd_fcntl(struct file *file, unsi static int check_sysctl_memfd_noexec(unsigned int *flags) { #ifdef CONFIG_SYSCTL - char comm[TASK_COMM_LEN]; - int sysctl = MEMFD_NOEXEC_SCOPE_EXEC; - struct pid_namespace *ns; - - ns = task_active_pid_ns(current); - if (ns) - sysctl = ns->memfd_noexec_scope; + int sysctl = task_active_pid_ns(current)->memfd_noexec_scope; if (!(*flags & (MFD_EXEC | MFD_NOEXEC_SEAL))) { - if (sysctl == MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL) + if (sysctl >= MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL) *flags |= MFD_NOEXEC_SEAL; else *flags |= MFD_EXEC; } - if (*flags & MFD_EXEC && sysctl >= MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED) { - pr_warn_once( - "memfd_create(): MFD_NOEXEC_SEAL is enforced, pid=%d '%s'\n", - task_pid_nr(current), get_task_comm(comm, current)); - + if (!(*flags & MFD_NOEXEC_SEAL) && sysctl >= MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED) { + pr_err_ratelimited( + "%s[%d]: memfd_create() requires MFD_NOEXEC_SEAL with vm.memfd_noexec=%d\n", + current->comm, task_pid_nr(current), sysctl); return -EACCES; } #endif - return 0; } @@ -302,7 +294,6 @@ SYSCALL_DEFINE2(memfd_create, const char __user *, uname, unsigned int, flags) { - char comm[TASK_COMM_LEN]; unsigned int *file_seals; struct file *file; int fd, error; @@ -325,12 +316,13 @@ SYSCALL_DEFINE2(memfd_create, if (!(flags & (MFD_EXEC | MFD_NOEXEC_SEAL))) { pr_warn_once( - "memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=%d '%s'\n", - task_pid_nr(current), get_task_comm(comm, current)); + "%s[%d]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set\n", + current->comm, task_pid_nr(current)); } - if (check_sysctl_memfd_noexec(&flags) < 0) - return -EACCES; + error = check_sysctl_memfd_noexec(&flags); + if (error < 0) + return error; /* length includes terminating zero */ len = strnlen_user(uname, MFD_NAME_MAX_LEN + 1); --- a/tools/testing/selftests/memfd/memfd_test.c~memfd-do-not-eacces-old-memfd_create-users-with-vmmemfd_noexec=2 +++ a/tools/testing/selftests/memfd/memfd_test.c @@ -1145,11 +1145,23 @@ static void test_sysctl_child(void) printf("%s sysctl 2\n", memfd_str); sysctl_assert_write("2"); - mfd_fail_new("kern_memfd_sysctl_2", - MFD_CLOEXEC | MFD_ALLOW_SEALING); - mfd_fail_new("kern_memfd_sysctl_2_MFD_EXEC", - MFD_CLOEXEC | MFD_EXEC); - fd = mfd_assert_new("", 0, MFD_NOEXEC_SEAL); + mfd_fail_new("kern_memfd_sysctl_2_exec", + MFD_EXEC | MFD_CLOEXEC | MFD_ALLOW_SEALING); + + fd = mfd_assert_new("kern_memfd_sysctl_2_dfl", + mfd_def_size, + MFD_CLOEXEC | MFD_ALLOW_SEALING); + mfd_assert_mode(fd, 0666); + mfd_assert_has_seals(fd, F_SEAL_EXEC); + mfd_fail_chmod(fd, 0777); + close(fd); + + fd = mfd_assert_new("kern_memfd_sysctl_2_noexec_seal", + mfd_def_size, + MFD_NOEXEC_SEAL | MFD_CLOEXEC | MFD_ALLOW_SEALING); + mfd_assert_mode(fd, 0666); + mfd_assert_has_seals(fd, F_SEAL_EXEC); + mfd_fail_chmod(fd, 0777); close(fd); sysctl_fail_write("0"); _ Patches currently in -mm which might be from cyphar(a)cyphar.com are selftests-memfd-error-out-test-process-when-child-test-fails.patch memfd-do-not-eacces-old-memfd_create-users-with-vmmemfd_noexec=2.patch memfd-improve-userspace-warnings-for-missing-exec-related-flags.patch memfd-replace-ratcheting-feature-from-vmmemfd_noexec-with-hierarchy.patch selftests-improve-vmmemfd_noexec-sysctl-tests.patch

1 year, 4 months

1
0
0 0

+ mm-multi-gen-lru-dont-spin-during-memcg-release.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: multi-gen LRU: don't spin during memcg release has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-multi-gen-lru-dont-spin-during-memcg-release.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "T.J. Mercier" <tjmercier(a)google.com> Subject: mm: multi-gen LRU: don't spin during memcg release Date: Mon, 14 Aug 2023 15:16:36 +0000 When a memcg is in the process of being released mem_cgroup_tryget will fail because its reference count has already reached 0. This can happen during reclaim if the memcg has already been offlined, and we reclaim all remaining pages attributed to the offlined memcg. shrink_many attempts to skip the empty memcg in this case, and continue reclaiming from the remaining memcgs in the old generation. If there is only one memcg remaining, or if all remaining memcgs are in the process of being released then shrink_many will spin until all memcgs have finished being released. The release occurs through a workqueue, so it can take a while before kswapd is able to make any further progress. This fix results in reductions in kswapd activity and direct reclaim in a test where 28 apps (working set size > total memory) are repeatedly launched in a random sequence: A B delta ratio(%) allocstall_movable 5962 3539 -2423 -40.64 allocstall_normal 2661 2417 -244 -9.17 kswapd_high_wmark_hit_quickly 53152 7594 -45558 -85.71 pageoutrun 57365 11750 -45615 -79.52 Link: https://lkml.kernel.org/r/20230814151636.1639123-1-tjmercier@google.com Fixes: e4dde56cd208 ("mm: multi-gen LRU: per-node lru_gen_folio lists") Signed-off-by: T.J. Mercier <tjmercier(a)google.com> Acked-by: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/mm/vmscan.c~mm-multi-gen-lru-dont-spin-during-memcg-release +++ a/mm/vmscan.c @@ -4854,16 +4854,17 @@ void lru_gen_release_memcg(struct mem_cg spin_lock_irq(&pgdat->memcg_lru.lock); - VM_WARN_ON_ONCE(hlist_nulls_unhashed(&lruvec->lrugen.list)); + if (hlist_nulls_unhashed(&lruvec->lrugen.list)) + goto unlock; gen = lruvec->lrugen.gen; - hlist_nulls_del_rcu(&lruvec->lrugen.list); + hlist_nulls_del_init_rcu(&lruvec->lrugen.list); pgdat->memcg_lru.nr_memcgs[gen]--; if (!pgdat->memcg_lru.nr_memcgs[gen] && gen == get_memcg_gen(pgdat->memcg_lru.seq)) WRITE_ONCE(pgdat->memcg_lru.seq, pgdat->memcg_lru.seq + 1); - +unlock: spin_unlock_irq(&pgdat->memcg_lru.lock); } } @@ -5435,8 +5436,10 @@ restart: rcu_read_lock(); hlist_nulls_for_each_entry_rcu(lrugen, pos, &pgdat->memcg_lru.fifo[gen][bin], list) { - if (op) + if (op) { lru_gen_rotate_memcg(lruvec, op); + op = 0; + } mem_cgroup_put(memcg); @@ -5444,7 +5447,7 @@ restart: memcg = lruvec_memcg(lruvec); if (!mem_cgroup_tryget(memcg)) { - op = 0; + lru_gen_release_memcg(memcg); memcg = NULL; continue; } _ Patches currently in -mm which might be from tjmercier(a)google.com are mm-multi-gen-lru-dont-spin-during-memcg-release.patch

1 year, 4 months

1
0
0 0

[git:media_stage/master] media: i2c: ccs: Check rules is non-NULL

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: i2c: ccs: Check rules is non-NULL Author: Sakari Ailus <sakari.ailus(a)linux.intel.com> Date: Sat Jul 29 20:59:25 2023 +0200 Fix the following smatch warning: drivers/media/i2c/ccs/ccs-data.c:524 ccs_data_parse_rules() warn: address of NULL pointer 'rules' The CCS static data rule parser does not check an if rule has been obtained before checking for other rule types (which depend on the if rule). In practice this means parsing invalid CCS static data could lead to dereferencing a NULL pointer. Reported-by: Hans Verkuil <hverkuil(a)xs4all.nl> Fixes: a6b396f410b1 ("media: ccs: Add CCS static data parser library") Cc: stable(a)vger.kernel.org # for 5.11 and up Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> drivers/media/i2c/ccs/ccs-data.c | 101 ++++++++++++++++++++++----------------- 1 file changed, 56 insertions(+), 45 deletions(-) --- diff --git a/drivers/media/i2c/ccs/ccs-data.c b/drivers/media/i2c/ccs/ccs-data.c index 45f2b2f55ec5..08400edf77ce 100644 --- a/drivers/media/i2c/ccs/ccs-data.c +++ b/drivers/media/i2c/ccs/ccs-data.c @@ -464,8 +464,7 @@ static int ccs_data_parse_rules(struct bin_container *bin, rule_payload = __rule_type + 1; rule_plen2 = rule_plen - sizeof(*__rule_type); - switch (*__rule_type) { - case CCS_DATA_BLOCK_RULE_ID_IF: { + if (*__rule_type == CCS_DATA_BLOCK_RULE_ID_IF) { const struct __ccs_data_block_rule_if *__if_rules = rule_payload; const size_t __num_if_rules = @@ -514,49 +513,61 @@ static int ccs_data_parse_rules(struct bin_container *bin, rules->if_rules = if_rule; rules->num_if_rules = __num_if_rules; } - break; - } - case CCS_DATA_BLOCK_RULE_ID_READ_ONLY_REGS: - rval = ccs_data_parse_reg_rules(bin, &rules->read_only_regs, - &rules->num_read_only_regs, - rule_payload, - rule_payload + rule_plen2, - dev); - if (rval) - return rval; - break; - case CCS_DATA_BLOCK_RULE_ID_FFD: - rval = ccs_data_parse_ffd(bin, &rules->frame_format, - rule_payload, - rule_payload + rule_plen2, - dev); - if (rval) - return rval; - break; - case CCS_DATA_BLOCK_RULE_ID_MSR: - rval = ccs_data_parse_reg_rules(bin, - &rules->manufacturer_regs, - &rules->num_manufacturer_regs, - rule_payload, - rule_payload + rule_plen2, - dev); - if (rval) - return rval; - break; - case CCS_DATA_BLOCK_RULE_ID_PDAF_READOUT: - rval = ccs_data_parse_pdaf_readout(bin, - &rules->pdaf_readout, - rule_payload, - rule_payload + rule_plen2, - dev); - if (rval) - return rval; - break; - default: - dev_dbg(dev, - "Don't know how to handle rule type %u!\n", - *__rule_type); - return -EINVAL; + } else { + /* Check there was an if rule before any other rules */ + if (bin->base && !rules) + return -EINVAL; + + switch (*__rule_type) { + case CCS_DATA_BLOCK_RULE_ID_READ_ONLY_REGS: + rval = ccs_data_parse_reg_rules(bin, + rules ? + &rules->read_only_regs : NULL, + rules ? + &rules->num_read_only_regs : NULL, + rule_payload, + rule_payload + rule_plen2, + dev); + if (rval) + return rval; + break; + case CCS_DATA_BLOCK_RULE_ID_FFD: + rval = ccs_data_parse_ffd(bin, rules ? + &rules->frame_format : NULL, + rule_payload, + rule_payload + rule_plen2, + dev); + if (rval) + return rval; + break; + case CCS_DATA_BLOCK_RULE_ID_MSR: + rval = ccs_data_parse_reg_rules(bin, + rules ? + &rules->manufacturer_regs : NULL, + rules ? + &rules->num_manufacturer_regs : NULL, + rule_payload, + rule_payload + rule_plen2, + dev); + if (rval) + return rval; + break; + case CCS_DATA_BLOCK_RULE_ID_PDAF_READOUT: + rval = ccs_data_parse_pdaf_readout(bin, + rules ? + &rules->pdaf_readout : NULL, + rule_payload, + rule_payload + rule_plen2, + dev); + if (rval) + return rval; + break; + default: + dev_dbg(dev, + "Don't know how to handle rule type %u!\n", + *__rule_type); + return -EINVAL; + } } __next_rule = __next_rule + rule_hlen + rule_plen; }

1 year, 4 months

1
0
0 0

[PATCH v3] usb: typec: bus: verify partner exists in typec_altmode_attention

by RD Babiera

Some usb hubs will negotiate DisplayPort Alt mode with the device but will then negotiate a data role swap after entering the alt mode. The data role swap causes the device to unregister all alt modes, however the usb hub will still send Attention messages even after failing to reregister the Alt Mode. type_altmode_attention currently does not verify whether or not a device's altmode partner exists, which results in a NULL pointer error when dereferencing the typec_altmode and typec_altmode_ops belonging to the altmode partner. Verify the presence of a device's altmode partner before sending the Attention message to the Alt Mode driver. Fixes: 8a37d87d72f0 ("usb: typec: Bus type for alternate modes") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> --- Changes since v1: * Only assigns pdev if altmode partner exists in typec_altmode_attention * Removed error return in typec_altmode_attention if Alt Mode does not implement Attention messages. * Changed tcpm_log message to indicate that altmode partner does not exist, as it only logs in that case. --- Changes since v2: * Changed tcpm_log message to accurately reflect error * Revised commit message --- drivers/usb/typec/bus.c | 12 ++++++++++-- drivers/usb/typec/tcpm/tcpm.c | 5 ++++- include/linux/usb/typec_altmode.h | 2 +- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/drivers/usb/typec/bus.c b/drivers/usb/typec/bus.c index fe5b9a2e61f5..e95ec7e382bb 100644 --- a/drivers/usb/typec/bus.c +++ b/drivers/usb/typec/bus.c @@ -183,12 +183,20 @@ EXPORT_SYMBOL_GPL(typec_altmode_exit); * * Notifies the partner of @adev about Attention command. */ -void typec_altmode_attention(struct typec_altmode *adev, u32 vdo) +int typec_altmode_attention(struct typec_altmode *adev, u32 vdo) { - struct typec_altmode *pdev = &to_altmode(adev)->partner->adev; + struct altmode *partner = to_altmode(adev)->partner; + struct typec_altmode *pdev; + + if (!partner) + return -ENODEV; + + pdev = &partner->adev; if (pdev->ops && pdev->ops->attention) pdev->ops->attention(pdev, vdo); + + return 0; } EXPORT_SYMBOL_GPL(typec_altmode_attention); diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 5a7d8cc04628..97b7b22e9cf1 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1791,6 +1791,7 @@ static void tcpm_handle_vdm_request(struct tcpm_port *port, u32 p[PD_MAX_PAYLOAD]; u32 response[8] = { }; int i, rlen = 0; + int ret; for (i = 0; i < cnt; i++) p[i] = le32_to_cpu(payload[i]); @@ -1877,7 +1878,9 @@ static void tcpm_handle_vdm_request(struct tcpm_port *port, } break; case ADEV_ATTENTION: - typec_altmode_attention(adev, p[1]); + ret = typec_altmode_attention(adev, p[1]); + if (ret) + tcpm_log(port, "typec_altmode_attention NULL port partner altmode"); break; } } diff --git a/include/linux/usb/typec_altmode.h b/include/linux/usb/typec_altmode.h index 350d49012659..28aeef8f9e7b 100644 --- a/include/linux/usb/typec_altmode.h +++ b/include/linux/usb/typec_altmode.h @@ -67,7 +67,7 @@ struct typec_altmode_ops { int typec_altmode_enter(struct typec_altmode *altmode, u32 *vdo); int typec_altmode_exit(struct typec_altmode *altmode); -void typec_altmode_attention(struct typec_altmode *altmode, u32 vdo); +int typec_altmode_attention(struct typec_altmode *altmode, u32 vdo); int typec_altmode_vdm(struct typec_altmode *altmode, const u32 header, const u32 *vdo, int count); int typec_altmode_notify(struct typec_altmode *altmode, unsigned long conf, base-commit: f176638af476c6d46257cc3303f5c7cf47d5967d -- 2.41.0.640.ga95def55d0-goog

1 year, 4 months

3
3
0 0

[PATCH 1/2] tpm/tpm_tis: Disable interrupts for Framework Laptop Intel 12th gen

by Christian Hesse

This device suffer an irq storm, so add it in tpm_tis_dmi_table to force polling. https://bugs.archlinux.org/user/38129 https://bugzilla.kernel.org/show_bug.cgi?id=217631 Fixes: e644b2f498d297a928efcb7ff6f900c27f8b788e Cc: stable(a)vger.kernel.org Reported-by: <roubro1991(a)gmail.com> Signed-off-by: Christian Hesse <mail(a)eworm.de> --- drivers/char/tpm/tpm_tis.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c index 7db3593941ea..2979f8b9aaa0 100644 --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -114,6 +114,14 @@ static int tpm_tis_disable_irq(const struct dmi_system_id *d) } static const struct dmi_system_id tpm_tis_dmi_table[] = { + { + .callback = tpm_tis_disable_irq, + .ident = "Framework Laptop Intel 12th gen", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Framework"), + DMI_MATCH(DMI_PRODUCT_VERSION, "A4"), + }, + }, { .callback = tpm_tis_disable_irq, .ident = "ThinkPad T490s", -- 2.41.0

1 year, 4 months

12
34
0 0

[PATCH 6.1 000/127] 6.1.45-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.45 release. There are 127 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 11 Aug 2023 10:36:10 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.45-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.45-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "drm/i915: Disable DC states for all commits" Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Use apt name for FW reserved region Luben Tuikov <luben.tuikov(a)amd.com> drm/amdgpu: Remove unnecessary domain argument Tong Liu01 <Tong.Liu01(a)amd.com> drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 Mark Brown <broonie(a)kernel.org> arm64/ptrace: Don't enable SVE when setting streaming SVE Namjae Jeon <linkinjeon(a)kernel.org> exfat: check if filename entries exceeds max filename length Chao Yu <chao(a)kernel.org> f2fs: don't reset unchangable mount option in f2fs_remount() Yangtao Li <frank.li(a)vivo.com> f2fs: fix to set flush_merge opt and show noflush_merge Sean Christopherson <seanjc(a)google.com> selftests/rseq: Play nice with binaries statically linked against glibc 2.35+ Peichen Huang <PeiChen.Huang(a)amd.com> drm/amd/display: skip CLEAR_PAYLOAD_ID_TABLE if device mst_en is 0 Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Ensure that planes are in the same order Alexander Stein <alexander.stein(a)ew.tq-group.com> drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/mm/altmap: Fix altmap boundary check Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() Johan Jonker <jbx6244(a)gmail.com> mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts Johan Jonker <jbx6244(a)gmail.com> mtd: rawnand: rockchip: fix oobfree offset and description Roger Quadros <rogerq(a)kernel.org> mtd: rawnand: omap_elm: Fix incorrect type in assignment Pavel Begunkov <asml.silence(a)gmail.com> io_uring: annotate offset timeout races Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on direct node in truncate_dnode() Filipe Manana <fdmanana(a)suse.com> btrfs: remove BUG_ON()'s in add_new_free_space() Jan Kara <jack(a)suse.cz> ext2: Drop fragment support Jan Kara <jack(a)suse.cz> fs: Protect reconfiguration of sb read-write from racing writes Alan Stern <stern(a)rowland.harvard.edu> net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> debugobjects: Recheck debug_objects_enabled before reporting Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb Prince Kumar Maurya <princekumarmaurya06(a)gmail.com> fs/sysv: Null check to prevent null-ptr-deref bug Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list() Roman Gushchin <roman.gushchin(a)linux.dev> mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() Linus Torvalds <torvalds(a)linux-foundation.org> file: reinstate f_pos locking optimization for regular files Hou Tao <houtao1(a)huawei.com> bpf, cpumap: Make sure kthread is running before map update returns Geert Uytterhoeven <geert+renesas(a)glider.be> clk: imx93: Propagate correct error in imx93_clocks_probe() Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Cleanup aux invalidation registers Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915: Fix premature release of request's reusable memory Guchun Chen <guchun.chen(a)amd.com> drm/ttm: check null pointer before accessing when swapping Aleksa Sarai <cyphar(a)cyphar.com> open: make RESOLVE_CACHED correctly test for O_TMPFILE Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Sync FPSIMD state with SVE for SME only systems Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Clear SME state in the target task when setting the VL Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Sync and zero pad FPSIMD state for streaming SVE Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Create a dummy stackframe to fix stack unwind Jiri Olsa <jolsa(a)kernel.org> bpf: Disable preemption in bpf_event_output Ilya Dryomov <idryomov(a)gmail.com> rbd: prevent busy loop when requesting exclusive lock Michael Kelley <mikelley(a)microsoft.com> x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction Paul Fertser <fercerpav(a)gmail.com> wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) Laszlo Ersek <lersek(a)redhat.com> net: tap_open(): set sk_uid from current_fsuid() Laszlo Ersek <lersek(a)redhat.com> net: tun_chr_open(): set sk_uid from current_fsuid() Dinh Nguyen <dinguyen(a)kernel.org> arm64: dts: stratix10: fix incorrect I2C property for SCL signal Jiri Olsa <jolsa(a)kernel.org> bpf: Disable preemption in bpf_perf_event_output Arseniy Krasnov <AVKrasnov(a)sberdevices.ru> mtd: rawnand: meson: fix OOB available bytes for ECC Olivier Maignial <olivier.maignial(a)hotmail.fr> mtd: spinand: toshiba: Fix ecc_get_status Sungjong Seo <sj1557.seo(a)samsung.com> exfat: release s_lock before calling dir_emit() gaoming <gaoming20(a)hihonor.com> exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: arm_scmi: Drop OF node reference in the transport channel setup Xiubo Li <xiubli(a)redhat.com> ceph: defer stopping mdsc delayed_work Ross Maynard <bids.7405(a)bigpond.com> USB: zaurus: Add ID for A-300/B-500/C-700 Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential hang in ceph_osdc_notify() Michael Kelley <mikelley(a)microsoft.com> scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: Defer fc_rport blocking until after ADISC response Boqun Feng <boqun.feng(a)gmail.com> rust: allocator: Prevent mis-aligned allocation Eric Dumazet <edumazet(a)google.com> tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_net Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_vals[] Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_lock Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_stamp Eric Dumazet <edumazet(a)google.com> tcp_metrics: fix addr_same() helper Jonas Gorski <jonas.gorski(a)bisdn.de> prestera: fix fallback to previous version on same major version Jianbo Liu <jianbol(a)nvidia.com> net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio Jianbo Liu <jianbol(a)nvidia.com> net/mlx5: fs_core: Make find_closest_ft more generic Benjamin Poirier <bpoirier(a)nvidia.com> vxlan: Fix nexthop hash size Yue Haibing <yuehaibing(a)huawei.com> ip6mr: Fix skb_under_panic in ip6mr_cache_report() Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Don't call dev_close/dev_open (DOWN/UP) Lin Ma <linma(a)zju.edu.cn> net: dcb: choose correct policy to parse DCB_ATTR_BCN Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix max_mtu setting for multi-buf XDP Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Fix page pool logic for page size >= 64K Mark Brown <broonie(a)kernel.org> net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode Yuanjun Gong <ruc_gongyuanjun(a)163.com> net: korina: handle clk prepare error in korina_probe() Dan Carpenter <dan.carpenter(a)linaro.org> net: ll_temac: fix error checking of irq_of_parse_and_map() Tomas Glozar <tglozar(a)redhat.com> bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire valis <sec(a)valis.email> net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free valis <sec(a)valis.email> net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free valis <sec(a)valis.email> net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Hou Tao <houtao1(a)huawei.com> bpf, cpumap: Handle skb as well when clean up ptr_ring Rafal Rogalski <rafalx.rogalski(a)intel.com> ice: Fix RDMA VSI removal during queue rebuild Kuniyuki Iwashima <kuniyu(a)amazon.com> net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_priority Eric Dumazet <edumazet(a)google.com> net: add missing data-race annotation for sk_ll_usec Eric Dumazet <edumazet(a)google.com> net: add missing data-race annotations around sk->sk_peek_off Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_mark Eric Dumazet <edumazet(a)google.com> net: add missing READ_ONCE(sk->sk_rcvbuf) annotation Eric Dumazet <edumazet(a)google.com> net: add missing READ_ONCE(sk->sk_sndbuf) annotation Eric Dumazet <edumazet(a)google.com> net: add missing READ_ONCE(sk->sk_rcvlowat) annotation Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_max_pacing_rate Eric Dumazet <edumazet(a)google.com> net: annotate data-race around sk->sk_txrehash Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_reserved_mem Konstantin Khorenko <khorenko(a)virtuozzo.com> qed: Fix scheduling in a tasklet while getting stats Chengfeng Ye <dg573847474(a)gmail.com> mISDN: hfcpci: Fix potential deadlock on &hc->lock Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: cls_u32: Fix match key mis-addressing Georg Müller <georgmueller(a)gmx.net> perf test uprobe_from_different_cu: Skip if there is no gcc Yuanjun Gong <ruc_gongyuanjun(a)163.com> net: dsa: fix value check in bcm_sf2_sw_probe() Lin Ma <linma(a)zju.edu.cn> rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length Lin Ma <linma(a)zju.edu.cn> bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Move representor neigh cleanup to profile cleanup_tx Amir Tzin <amirtz(a)nvidia.com> net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set Yuanjun Gong <ruc_gongyuanjun(a)163.com> net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5: fix potential memory leak in mlx5e_init_rep_rx Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix return value in scan logic Gao Xiang <xiang(a)kernel.org> erofs: fix wrong primary bvec selection on deduplicated extents Heiko Carstens <hca(a)linux.ibm.com> KVM: s390: fix sthyi error handling ndesaulniers(a)google.com <ndesaulniers(a)google.com> word-at-a-time: use the same return type for has_zero regardless of endianness Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Fix chan_free cleanup on SMC Yury Norov <yury.norov(a)gmail.com> lib/bitmap: workaround const_eval test build failure Punit Agrawal <punit.agrawal(a)bytedance.com> firmware: smccc: Fix use of uninitialised results structure Benjamin Gaignard <benjamin.gaignard(a)collabora.com> arm64: dts: freescale: Fix VPU G2 clock Hugo Villeneuve <hvilleneuve(a)dimonoff.com> arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux Yashwanth Varakala <y.varakala(a)phytec.de> arm64: dts: phycore-imx8mm: Correction in gpio-line-names Yashwanth Varakala <y.varakala(a)phytec.de> arm64: dts: phycore-imx8mm: Label typo-fix of VPU Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mm-venice-gw7904: disable disp_blk_ctrl Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mm-venice-gw7903: disable disp_blk_ctrl Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Document nesting-related errata Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Add explicit feature for nesting Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Document MMU-700 erratum 2812531 Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 Alex Elder <elder(a)linaro.org> net: ipa: only reset hashed tables when supported Shay Drory <shayd(a)nvidia.com> net/mlx5: Free irqs only on shutdown callback Peter Zijlstra <peterz(a)infradead.org> perf: Fix function pointer case Jens Axboe <axboe(a)kernel.dk> io_uring: gate iowait schedule on having pending requests ------------- Diffstat: Documentation/arm64/silicon-errata.rst | 4 + Makefile | 4 +- .../boot/dts/altera/socfpga_stratix10_socdk.dts | 2 +- .../dts/altera/socfpga_stratix10_socdk_nand.dts | 2 +- .../dts/freescale/imx8mm-phyboard-polis-rdk.dts | 2 +- .../boot/dts/freescale/imx8mm-phycore-som.dtsi | 4 +- .../boot/dts/freescale/imx8mm-venice-gw7903.dts | 4 + .../boot/dts/freescale/imx8mm-venice-gw7904.dts | 4 + arch/arm64/boot/dts/freescale/imx8mn-var-som.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8mq.dtsi | 2 +- arch/arm64/kernel/fpsimd.c | 9 +- arch/arm64/kernel/ptrace.c | 8 +- arch/powerpc/include/asm/word-at-a-time.h | 2 +- arch/powerpc/kernel/trace/ftrace_mprofile.S | 9 +- arch/powerpc/mm/init_64.c | 3 +- arch/s390/kernel/sthyi.c | 6 +- arch/s390/kvm/intercept.c | 9 +- arch/x86/hyperv/hv_init.c | 21 +++++ drivers/block/rbd.c | 28 +++--- drivers/clk/imx/clk-imx93.c | 2 +- drivers/firmware/arm_scmi/mailbox.c | 4 +- drivers/firmware/arm_scmi/smc.c | 21 +++-- drivers/firmware/smccc/soc_id.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 104 +++++++++++++++----- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 89 +++++++++++++---- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 1 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +++ drivers/gpu/drm/amd/display/dc/core/dc_link.c | 5 +- drivers/gpu/drm/amd/include/atomfirmware.h | 63 +++++++++++-- drivers/gpu/drm/i915/display/intel_display.c | 28 +----- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 8 +- drivers/gpu/drm/i915/gt/intel_gt_regs.h | 16 ++-- drivers/gpu/drm/i915/gt/intel_lrc.c | 6 +- drivers/gpu/drm/i915/i915_active.c | 99 +++++++++++++------ drivers/gpu/drm/i915/i915_request.c | 11 +++ drivers/gpu/drm/imx/ipuv3-crtc.c | 2 +- drivers/gpu/drm/ttm/ttm_bo.c | 3 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 50 ++++++++++ drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 8 ++ drivers/isdn/hardware/mISDN/hfcpci.c | 10 +- drivers/mtd/nand/raw/fsl_upm.c | 2 +- drivers/mtd/nand/raw/meson_nand.c | 3 +- drivers/mtd/nand/raw/omap_elm.c | 24 ++--- drivers/mtd/nand/raw/rockchip-nand-controller.c | 45 +++++---- drivers/mtd/nand/spi/toshiba.c | 4 +- drivers/net/dsa/bcm_sf2.c | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 59 +++++++----- drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 6 +- drivers/net/ethernet/intel/ice/ice_main.c | 18 ++++ drivers/net/ethernet/korina.c | 3 +- .../net/ethernet/marvell/prestera/prestera_pci.c | 3 +- .../mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 4 +- .../mellanox/mlx5/core/en_accel/macsec_fs.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 10 ++ drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 20 ++-- drivers/net/ethernet/mellanox/mlx5/core/eq.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 105 ++++++++++++++++----- drivers/net/ethernet/mellanox/mlx5/core/mlx5_irq.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 29 ++++++ .../ethernet/mellanox/mlx5/core/steering/dr_cmd.c | 5 +- drivers/net/ethernet/qlogic/qed/qed_dev_api.h | 16 ++++ drivers/net/ethernet/qlogic/qed/qed_fcoe.c | 19 +++- drivers/net/ethernet/qlogic/qed/qed_fcoe.h | 17 +++- drivers/net/ethernet/qlogic/qed/qed_hw.c | 26 ++++- drivers/net/ethernet/qlogic/qed/qed_iscsi.c | 19 +++- drivers/net/ethernet/qlogic/qed/qed_iscsi.h | 8 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 19 +++- drivers/net/ethernet/qlogic/qed/qed_l2.h | 24 +++++ drivers/net/ethernet/qlogic/qed/qed_main.c | 6 +- drivers/net/ethernet/socionext/netsec.c | 11 +++ drivers/net/ethernet/xilinx/ll_temac_main.c | 12 ++- drivers/net/ipa/ipa_table.c | 26 ++--- drivers/net/tap.c | 2 +- drivers/net/tun.c | 2 +- drivers/net/usb/cdc_ether.c | 21 +++++ drivers/net/usb/usbnet.c | 6 ++ drivers/net/usb/zaurus.c | 21 +++++ drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c | 6 +- drivers/s390/net/qeth_core.h | 1 - drivers/s390/net/qeth_core_main.c | 2 - drivers/s390/net/qeth_l2_main.c | 9 +- drivers/s390/net/qeth_l3_main.c | 8 +- drivers/s390/scsi/zfcp_fc.c | 6 +- drivers/scsi/storvsc_drv.c | 4 + fs/btrfs/block-group.c | 51 ++++++---- fs/btrfs/block-group.h | 4 +- fs/btrfs/free-space-tree.c | 24 +++-- fs/ceph/mds_client.c | 4 +- fs/ceph/mds_client.h | 5 + fs/ceph/super.c | 10 ++ fs/erofs/zdata.c | 7 +- fs/exfat/balloc.c | 6 +- fs/exfat/dir.c | 36 +++---- fs/ext2/ext2.h | 12 --- fs/ext2/super.c | 23 +---- fs/f2fs/f2fs.h | 1 - fs/f2fs/file.c | 5 - fs/f2fs/node.c | 14 ++- fs/f2fs/super.c | 43 ++++++--- fs/file.c | 18 +++- fs/ntfs3/attrlist.c | 4 +- fs/open.c | 2 +- fs/super.c | 11 ++- fs/sysv/itree.c | 4 + include/asm-generic/word-at-a-time.h | 2 +- include/linux/f2fs_fs.h | 1 + include/net/inet_sock.h | 7 +- include/net/ip.h | 2 +- include/net/route.h | 4 +- include/net/vxlan.h | 4 +- io_uring/io_uring.c | 23 +++-- io_uring/timeout.c | 2 +- kernel/bpf/cpumap.c | 35 ++++--- kernel/events/core.c | 8 +- kernel/trace/bpf_trace.c | 17 +++- lib/Makefile | 6 ++ lib/debugobjects.c | 9 ++ lib/test_bitmap.c | 8 +- mm/memcontrol.c | 19 ++-- net/bluetooth/l2cap_sock.c | 2 + net/ceph/osd_client.c | 20 ++-- net/core/bpf_sk_storage.c | 5 +- net/core/rtnetlink.c | 8 +- net/core/sock.c | 45 +++++---- net/core/sock_map.c | 2 - net/dcb/dcbnl.c | 2 +- net/dccp/ipv6.c | 4 +- net/ipv4/inet_diag.c | 4 +- net/ipv4/ip_output.c | 8 +- net/ipv4/ip_sockglue.c | 2 +- net/ipv4/raw.c | 2 +- net/ipv4/route.c | 4 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/tcp_metrics.c | 70 +++++++++----- net/ipv6/ip6mr.c | 2 +- net/ipv6/ping.c | 2 +- net/ipv6/raw.c | 6 +- net/ipv6/route.c | 7 +- net/ipv6/tcp_ipv6.c | 9 +- net/ipv6/udp.c | 4 +- net/l2tp/l2tp_ip6.c | 2 +- net/mptcp/sockopt.c | 2 +- net/netfilter/nft_socket.c | 2 +- net/netfilter/xt_socket.c | 4 +- net/packet/af_packet.c | 12 +-- net/sched/cls_fw.c | 1 - net/sched/cls_route.c | 1 - net/sched/cls_u32.c | 57 +++++++++-- net/sched/sch_taprio.c | 15 ++- net/smc/af_smc.c | 2 +- net/unix/af_unix.c | 2 +- net/wireless/scan.c | 2 +- net/xdp/xsk.c | 2 +- net/xfrm/xfrm_policy.c | 2 +- rust/bindings/bindings_helper.h | 1 + rust/kernel/allocator.rs | 74 ++++++++++++--- .../tests/shell/test_uprobe_from_different_cu.sh | 8 +- tools/testing/selftests/rseq/rseq.c | 28 ++++-- .../tc-testing/tc-tests/qdiscs/taprio.json | 25 +++++ 162 files changed, 1576 insertions(+), 647 deletions(-)

1 year, 4 months

14
148
0 0

[PATCH v4] i2c: gpio: Fix an error check in i2c_gpio_fault_injector_init()

by Minjie Du

debugfs_create_dir() function returns an error value embedded in the pointer (PTR_ERR). Evaluate the return value using IS_ERR rather than checking for NULL. Fixes: 14911c6f48ec ("i2c: gpio: add fault injector") Cc: Wolfram Sang <wsa+renesas(a)sang-engineering.com> Cc: <stable(a)vger.kernel.org> # v4.16+ Signed-off-by: Minjie Du <duminjie(a)vivo.com> Reviewed-by: Andi Shyti <andi.shyti(a)kernel.org> --- v1-v2: Fix judge typo. v2-v3: Add tags. v3-v4: Fix log content. --- drivers/i2c/busses/i2c-gpio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-gpio.c b/drivers/i2c/busses/i2c-gpio.c index e5a5b9e8b..545927b96 100644 --- a/drivers/i2c/busses/i2c-gpio.c +++ b/drivers/i2c/busses/i2c-gpio.c @@ -265,7 +265,7 @@ static void i2c_gpio_fault_injector_init(struct platform_device *pdev) */ if (!i2c_gpio_debug_dir) { i2c_gpio_debug_dir = debugfs_create_dir("i2c-fault-injector", NULL); - if (!i2c_gpio_debug_dir) + if (IS_ERR(i2c_gpio_debug_dir)) return; } -- 2.39.0

1 year, 4 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2023