November 2024 - Linux-stable-mirror

[PATCH 0/1] disable __counted_by for clang < 19.1.3

by Jan Hendrik Farr

Hi Kees, Bill's PR to disable __counted_by for "whole struct" __bdos cases has now been merged into 19.1.3 [1], so here's the patch to disable __counted_by for clang versions < 19.1.3 in the kernel. Hopefully in the near future __counted_by for whole struct __bdos can be enabled once again in coordination between the kernel, gcc, and clang. There has been recent progress on this in [2] thanks to Tavian. Also see previous discussion on the mailing list [3] Thanks to everyone for moving this issue along. In particular, Bill for his PR to clang/llvm, Kees and Thorsten for reproducers of the two issues, Nathan for Kconfig-ifying this patch, and Miguel for reviewing. Info for the stable team: This patch should be backported to kernels >= 6.6 to make sure that those build correctly with the effected clang versions. This patch cherry-picks cleanly onto linux-6.11.y. For linux-6.6.y three prerequiste commits are neded: 16c31dd7fdf6: Compiler Attributes: counted_by: bump min gcc version 2993eb7a8d34: Compiler Attributes: counted_by: fixup clang URL 231dc3f0c936: lkdtm/bugs: Improve warning message for compilers without counted_by support There are still two merge conflicts even with those prerequistes. Here's the correct resolution: 1. include/linux/compiler_types.h: use the incoming change until before (but not including) the "Apply __counted_by() when the Endianness matches to increase test coverage." comment 2. lib/overflow_kunit.c: HEAD is correct [1] https://github.com/llvm/llvm-project/pull/112786 [2] https://github.com/llvm/llvm-project/pull/112636 [3] https://lore.kernel.org/lkml/3E304FB2-799D-478F-889A-CDFC1A52DCD8@toblux.co… Best Regards Jan Jan Hendrik Farr (1): Compiler Attributes: disable __counted_by for clang < 19.1.3 drivers/misc/lkdtm/bugs.c | 2 +- include/linux/compiler_attributes.h | 13 ------------- include/linux/compiler_types.h | 19 +++++++++++++++++++ init/Kconfig | 9 +++++++++ lib/overflow_kunit.c | 2 +- 5 files changed, 30 insertions(+), 15 deletions(-) -- 2.47.0

1 month, 3 weeks

3
3
0 0

[PATCH] ublk: fix error code for unsupported command

by Ming Lei

ENOTSUPP is for kernel use only, and shouldn't be sent to userspace. Fix it by replacing it with EOPNOTSUPP. Cc: stable(a)vger.kernel.org Fixes: bfbcef036396 ("ublk_drv: move ublk_get_device_from_id into ublk_ctrl_uring_cmd") Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- drivers/block/ublk_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index c6d18cd8af44..d4aed12dd436 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -3041,7 +3041,7 @@ static int ublk_ctrl_uring_cmd(struct io_uring_cmd *cmd, ret = ublk_ctrl_end_recovery(ub, cmd); break; default: - ret = -ENOTSUPP; + ret = -EOPNOTSUPP; break; } -- 2.44.0

1 month, 3 weeks

2
1
0 0

[PATCH v2] usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe()

by Joe Hattori

The refcounts of the OF nodes obtained in by of_get_child_by_name() calls in anx7411_typec_switch_probe() are not decremented, so add fwnode_handle_put() calls to anx7411_unregister_switch() and anx7411_unregister_mux(). Fixes: e45d7337dc0e ("usb: typec: anx7411: Use of_get_child_by_name() instead of of_find_node_by_name()") Cc: stable(a)vger.kernel.org Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> --- Changed in v2: - Add the Cc: stable(a)vger.kernel.org tag. --- drivers/usb/typec/anx7411.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/typec/anx7411.c b/drivers/usb/typec/anx7411.c index cdb7e8273823..d3c5d8f410ca 100644 --- a/drivers/usb/typec/anx7411.c +++ b/drivers/usb/typec/anx7411.c @@ -29,6 +29,8 @@ #include <linux/workqueue.h> #include <linux/power_supply.h> +#include "mux.h" + #define TCPC_ADDRESS1 0x58 #define TCPC_ADDRESS2 0x56 #define TCPC_ADDRESS3 0x54 @@ -1094,6 +1096,7 @@ static void anx7411_unregister_mux(struct anx7411_data *ctx) { if (ctx->typec.typec_mux) { typec_mux_unregister(ctx->typec.typec_mux); + fwnode_handle_put(ctx->typec.typec_mux->dev.fwnode); ctx->typec.typec_mux = NULL; } } @@ -1102,6 +1105,7 @@ static void anx7411_unregister_switch(struct anx7411_data *ctx) { if (ctx->typec.typec_switch) { typec_switch_unregister(ctx->typec.typec_switch); + fwnode_handle_put(ctx->typec.typec_switch->dev.fwnode); ctx->typec.typec_switch = NULL; } } -- 2.34.1

1 month, 3 weeks

2
1
0 0

[PATCH 6.6.y 0/6] mptcp: fix recent failed backports

by Matthieu Baerts (NGI0)

Greg recently reported 3 patches that could not be applied without conflict in v6.6: - e0266319413d ("mptcp: update local address flags when setting it") - f642c5c4d528 ("mptcp: hold pm lock when deleting entry") - db3eab8110bc ("mptcp: pm: use _rcu variant under rcu_read_lock") Conflicts, if any, have been resolved, and documented in each patch. Note that there are 3 extra patches added to avoid some conflicts: - 14cb0e0bf39b ("mptcp: define more local variables sk") - 06afe09091ee ("mptcp: add userspace_pm_lookup_addr_by_id helper") - af250c27ea1c ("mptcp: drop lookup_by_id in lookup_addr") The Stable-dep-of tags have been added to these patches. Geliang Tang (5): mptcp: define more local variables sk mptcp: add userspace_pm_lookup_addr_by_id helper mptcp: update local address flags when setting it mptcp: hold pm lock when deleting entry mptcp: drop lookup_by_id in lookup_addr Matthieu Baerts (NGI0) (1): mptcp: pm: use _rcu variant under rcu_read_lock net/mptcp/pm_netlink.c | 15 ++++---- net/mptcp/pm_userspace.c | 77 ++++++++++++++++++++++++++-------------- 2 files changed, 58 insertions(+), 34 deletions(-) -- 2.45.2

1 month, 3 weeks

3
8
0 0

[PATCH 6.1 0/5] Address CVE-2024-49974

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> Backport the set of upstream patches that cap the number of concurrent background NFSv4.2 COPY operations. Chuck Lever (4): NFSD: Async COPY result needs to return a write verifier NFSD: Limit the number of concurrent async COPY operations NFSD: Initialize struct nfsd4_copy earlier NFSD: Never decrement pending_async_copies on error Dai Ngo (1): NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point fs/nfsd/netns.h | 1 + fs/nfsd/nfs4proc.c | 36 +++++++++++++++++------------------- fs/nfsd/nfs4state.c | 1 + fs/nfsd/xdr4.h | 1 + 4 files changed, 20 insertions(+), 19 deletions(-) -- 2.47.0

1 month, 3 weeks

5
9
0 0

Fix build ID parsing logic in stable trees

by Jiri Olsa

hi, sending fix for buildid parsing that affects only stable trees after merging upstream fix [1]. Upstream then factored out the whole buildid parsing code, so it does not have the problem. I'm sending the fix for affected longterm trees 5.15 6.1 6.6 6.11. thanks, jirka [1] 905415ff3ffb ("lib/buildid: harden build ID parsing logic")

1 month, 3 weeks

5
17
0 0

[PATCH 6.1.y v2 0/4] fix error handling in mmap_region() and refactor (hotfixes)

by Lorenzo Stoakes

Critical fixes for mmap_region(), backported to 6.1.y. Some notes on differences from upstream: * We do NOT take commit 0fb4a7ad270b ("mm: refactor map_deny_write_exec()"), as this refactors code only introduced in 6.2. * We make reference in "mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling" to parisc, but the referenced functionality does not exist in this kernel. * In this kernel is_shared_maywrite() does not exist and the code uses VM_SHARED to determine whether mapping_map_writable() / mapping_unmap_writable() should be invoked. This backport therefore follows suit. * The vma_dummy_vm_ops static global doesn't exist in this kernel, so we use a local static variable in mmap_file() and vma_close(). * Each version of these series is confronted by a slightly different mmap_region(), so we must adapt the change for each stable version. The approach remains the same throughout, however, and we correctly avoid closing the VMA part way through any __mmap_region() operation. * This version of the kernel uses mas_preallocate() rather than the vma_iter_prealloc() wrapper and mas_destroy() rather than the vma_iter_free() wrapper, however the logic of rearranging the positioning of these remains the same, as well as avoiding the iterator leak we previously had on some error paths. v2: * Fix 6.1-specific memory leak if second attempt at merge succeeds. v1: https://lore.kernel.org/all/4cb9b846f0c4efcc4a2b21453eea4e4d0136efc8.173167… Lorenzo Stoakes (4): mm: avoid unsafe VMA hook invocation when error arises on mmap hook mm: unconditionally close VMAs on error mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling mm: resolve faulty mmap_region() error path behaviour arch/arm64/include/asm/mman.h | 10 ++- include/linux/mman.h | 7 +- mm/internal.h | 19 ++++++ mm/mmap.c | 120 ++++++++++++++++++---------------- mm/nommu.c | 9 ++- mm/shmem.c | 3 - mm/util.c | 33 ++++++++++ 7 files changed, 130 insertions(+), 71 deletions(-) -- 2.47.0

1 month, 3 weeks

3
6
0 0

[PATCH 6.12.y] mm/mmap: fix __mmap_region() error handling in rare merge failure case

by Liam R. Howlett

From: "Liam R. Howlett" <Liam.Howlett(a)Oracle.com> The mmap_region() function tries to install a new vma, which requires a pre-allocation for the maple tree write due to the complex locking scenarios involved. Recent efforts to simplify the error recovery required the relocation of the preallocation of the maple tree nodes (via vma_iter_prealloc() calling mas_preallocate()) higher in the function. The relocation of the preallocation meant that, if there was a file associated with the vma and the driver call (mmap_file()) modified the vma flags, then a new merge of the new vma with existing vmas is attempted. During the attempt to merge the existing vma with the new vma, the vma iterator is used - the same iterator that would be used for the next write attempt to the tree. In the event of needing a further allocation and if the new allocations fails, the vma iterator (and contained maple state) will cleaned up, including freeing all previous allocations and will be reset internally. Upon returning to the __mmap_region() function, the error reason is lost and the function sets the vma iterator limits, and then tries to continue to store the new vma using vma_iter_store() - which expects preallocated nodes. A preallocation should be performed in case the allocations were lost during the failure scenario - there is no risk of over allocating. The range is already set in the vma_iter_store() call below, so it is not necessary. Reported-by: syzbot+bc6bfc25a68b7a020ee1(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/x/log.txt?x=17b0ace8580000 Fixes: 5de195060b2e2 ("mm: resolve faulty mmap_region() error path behaviour") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> --- mm/mmap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/mmap.c b/mm/mmap.c index 79d541f1502b2..5cef9a1981f1b 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1491,7 +1491,10 @@ static unsigned long __mmap_region(struct file *file, unsigned long addr, vm_flags = vma->vm_flags; goto file_expanded; } - vma_iter_config(&vmi, addr, end); + if (vma_iter_prealloc(&vmi, vma)) { + error = -ENOMEM; + goto unmap_and_free_file_vma; + } } vm_flags = vma->vm_flags; -- 2.43.0

1 month, 3 weeks

4
6
0 0

[PATCH] usb: typec: anx7411: fix fwnode_handle reference leak

by Joe Hattori

An fwnode_handle is obtained with an incremented refcount in anx7411_typec_port_probe(), however the refcount is not decremented in the error path or in the .remove() function. Therefore call fwnode_handle_put() accordingly. Fixes: fe6d8a9c8e64 ("usb: typec: anx7411: Add Analogix PD ANX7411 support") Cc: stable(a)vger.kernel.org Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> --- drivers/usb/typec/anx7411.c | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/drivers/usb/typec/anx7411.c b/drivers/usb/typec/anx7411.c index 7e61c3ac8777..d3c5d8f410ca 100644 --- a/drivers/usb/typec/anx7411.c +++ b/drivers/usb/typec/anx7411.c @@ -1023,6 +1023,12 @@ static void anx7411_port_unregister_altmodes(struct typec_altmode **adev) } } +static void anx7411_port_unregister(struct typec_params *typecp) +{ + fwnode_handle_put(typecp->caps.fwnode); + anx7411_port_unregister_altmodes(typecp->port_amode); +} + static int anx7411_usb_mux_set(struct typec_mux_dev *mux, struct typec_mux_state *state) { @@ -1158,34 +1164,34 @@ static int anx7411_typec_port_probe(struct anx7411_data *ctx, ret = fwnode_property_read_string(fwnode, "power-role", &buf); if (ret) { dev_err(dev, "power-role not found: %d\n", ret); - return ret; + goto put_fwnode; } ret = typec_find_port_power_role(buf); if (ret < 0) - return ret; + goto put_fwnode; cap->type = ret; ret = fwnode_property_read_string(fwnode, "data-role", &buf); if (ret) { dev_err(dev, "data-role not found: %d\n", ret); - return ret; + goto put_fwnode; } ret = typec_find_port_data_role(buf); if (ret < 0) - return ret; + goto put_fwnode; cap->data = ret; ret = fwnode_property_read_string(fwnode, "try-power-role", &buf); if (ret) { dev_err(dev, "try-power-role not found: %d\n", ret); - return ret; + goto put_fwnode; } ret = typec_find_power_role(buf); if (ret < 0) - return ret; + goto put_fwnode; cap->prefer_role = ret; /* Get source pdos */ @@ -1197,7 +1203,7 @@ static int anx7411_typec_port_probe(struct anx7411_data *ctx, typecp->src_pdo_nr); if (ret < 0) { dev_err(dev, "source cap validate failed: %d\n", ret); - return -EINVAL; + goto put_fwnode; } typecp->caps_flags |= HAS_SOURCE_CAP; @@ -1211,7 +1217,7 @@ static int anx7411_typec_port_probe(struct anx7411_data *ctx, typecp->sink_pdo_nr); if (ret < 0) { dev_err(dev, "sink cap validate failed: %d\n", ret); - return -EINVAL; + goto put_fwnode; } for (i = 0; i < typecp->sink_pdo_nr; i++) { @@ -1255,13 +1261,18 @@ static int anx7411_typec_port_probe(struct anx7411_data *ctx, ret = PTR_ERR(ctx->typec.port); ctx->typec.port = NULL; dev_err(dev, "Failed to register type c port %d\n", ret); - return ret; + goto put_fwnode; } typec_port_register_altmodes(ctx->typec.port, NULL, ctx, ctx->typec.port_amode, MAX_ALTMODE); return 0; + +put_fwnode: + fwnode_handle_put(fwnode); + + return ret; } static int anx7411_typec_check_connection(struct anx7411_data *ctx) @@ -1528,7 +1539,7 @@ static int anx7411_i2c_probe(struct i2c_client *client) free_typec_port: typec_unregister_port(plat->typec.port); - anx7411_port_unregister_altmodes(plat->typec.port_amode); + anx7411_port_unregister(&plat->typec); free_typec_switch: anx7411_unregister_switch(plat); @@ -1562,7 +1573,7 @@ static void anx7411_i2c_remove(struct i2c_client *client) if (plat->typec.port) typec_unregister_port(plat->typec.port); - anx7411_port_unregister_altmodes(plat->typec.port_amode); + anx7411_port_unregister(&plat->typec); } static const struct i2c_device_id anx7411_id[] = { -- 2.34.1

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] mm: revert "mm: shmem: fix data-race in shmem_getattr()"" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d1aa0c04294e29883d65eac6c2f72fe95cc7c049 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024111702-gonad-immobile-513e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1aa0c04294e29883d65eac6c2f72fe95cc7c049 Mon Sep 17 00:00:00 2001 From: Andrew Morton <akpm(a)linux-foundation.org> Date: Fri, 15 Nov 2024 16:57:24 -0800 Subject: [PATCH] mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS. As Hugh commented, "added just to silence a syzbot sanitizer splat: added where there has never been any practical problem". Link: https://lkml.kernel.org/r/ZzdxKF39VEmXSSyN@tissot.1015granger.net [1] Fixes: d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") Acked-by: Hugh Dickins <hughd(a)google.com> Cc: Chuck Lever <chuck.lever(a)oracle.com> Cc: Jeongjun Park <aha310510(a)gmail.com> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/shmem.c b/mm/shmem.c index e87f5d6799a7..568bb290bdce 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -1166,9 +1166,7 @@ static int shmem_getattr(struct mnt_idmap *idmap, stat->attributes_mask |= (STATX_ATTR_APPEND | STATX_ATTR_IMMUTABLE | STATX_ATTR_NODUMP); - inode_lock_shared(inode); generic_fillattr(idmap, request_mask, inode, stat); - inode_unlock_shared(inode); if (shmem_huge_global_enabled(inode, 0, 0, false, NULL, 0)) stat->blksize = HPAGE_PMD_SIZE;

1 month, 3 weeks

4
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2024