This is the start of the stable review cycle for the 6.10.1 release. There are 9 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Thu, 25 Jul 2024 11:40:39 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.1-rc1.... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below.
thanks,
greg k-h
------------- Pseudo-Shortlog of commits:
Greg Kroah-Hartman gregkh@linuxfoundation.org Linux 6.10.1-rc1
Richard Fitzgerald rf@opensource.cirrus.com ASoC: cs35l56: Limit Speaker Volume to +12dB maximum
Richard Fitzgerald rf@opensource.cirrus.com ASoC: cs35l56: Use header defines for Speaker Volume control definition
Hao Ge gehao@kylinos.cn tpm: Use auth only after NULL check in tpm_buf_check_hmac_response()
David Howells dhowells@redhat.com cifs: Fix setting of zero_point after DIO write
David Howells dhowells@redhat.com cifs: Fix server re-repick on subrequest retry
Steve French stfrench@microsoft.com cifs: fix noisy message on copy_file_range
David Howells dhowells@redhat.com cifs: Fix missing fscache invalidation
David Howells dhowells@redhat.com cifs: Fix missing error code set
Kees Cook kees@kernel.org ext4: use memtostr_pad() for s_volume_name
-------------
Diffstat:
Makefile | 4 ++-- drivers/char/tpm/tpm2-sessions.c | 5 +++-- fs/ext4/ext4.h | 2 +- fs/ext4/ioctl.c | 2 +- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/file.c | 21 +++++++++++++++++---- fs/smb/client/smb2pdu.c | 3 --- include/sound/cs35l56.h | 2 +- sound/soc/codecs/cs35l56.c | 6 +++++- 9 files changed, 31 insertions(+), 16 deletions(-)
6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kees Cook keescook@chromium.org
commit be27cd64461c45a6088a91a04eba5cd44e1767ef upstream.
As with the other strings in struct ext4_super_block, s_volume_name is not NUL terminated. The other strings were marked in commit 072ebb3bffe6 ("ext4: add nonstring annotations to ext4.h"). Using strscpy() isn't the right replacement for strncpy(); it should use memtostr_pad() instead.
Reported-by: syzbot+50835f73143cc2905b9e@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/00000000000019f4c00619192c05@google.com/ Fixes: 744a56389f73 ("ext4: replace deprecated strncpy with alternatives") Signed-off-by: Kees Cook keescook@chromium.org Link: https://patch.msgid.link/20240523225408.work.904-kees@kernel.org Signed-off-by: Theodore Ts'o tytso@mit.edu Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/ext4/ext4.h | 2 +- fs/ext4/ioctl.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
--- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1347,7 +1347,7 @@ struct ext4_super_block { /*60*/ __le32 s_feature_incompat; /* incompatible feature set */ __le32 s_feature_ro_compat; /* readonly-compatible feature set */ /*68*/ __u8 s_uuid[16]; /* 128-bit uuid for volume */ -/*78*/ char s_volume_name[EXT4_LABEL_MAX]; /* volume name */ +/*78*/ char s_volume_name[EXT4_LABEL_MAX] __nonstring; /* volume name */ /*88*/ char s_last_mounted[64] __nonstring; /* directory where last mounted */ /*C8*/ __le32 s_algorithm_usage_bitmap; /* For compression */ /* --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -1151,7 +1151,7 @@ static int ext4_ioctl_getlabel(struct ex BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX);
lock_buffer(sbi->s_sbh); - strscpy_pad(label, sbi->s_es->s_volume_name); + memtostr_pad(label, sbi->s_es->s_volume_name); unlock_buffer(sbi->s_sbh);
if (copy_to_user(user_label, label, sizeof(label)))
6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells dhowells@redhat.com
commit d2c5eb57b6da10f335c30356f9696bd667601e6a upstream.
In cifs_strict_readv(), the default rc (-EACCES) is accidentally cleared by a successful return from netfs_start_io_direct(), such that if cifs_find_lock_conflict() fails, we don't return an error.
Fix this by resetting the default error code.
Fixes: 14b1cd25346b ("cifs: Fix locking in cifs_strict_readv()") Cc: stable@vger.kernel.org Signed-off-by: David Howells dhowells@redhat.com Reviewed-by: Paulo Alcantara (Red Hat) pc@manguebit.com cc: Jeff Layton jlayton@kernel.org cc: linux-cifs@vger.kernel.org cc: netfs@lists.linux.dev cc: linux-fsdevel@vger.kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/smb/client/file.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 1374635e89fa..6178c6d8097d 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2877,6 +2877,7 @@ cifs_strict_readv(struct kiocb *iocb, struct iov_iter *to) rc = netfs_start_io_direct(inode); if (rc < 0) goto out; + rc = -EACCES; down_read(&cinode->lock_sem); if (!cifs_find_lock_conflict( cfile, iocb->ki_pos, iov_iter_count(to), @@ -2889,6 +2890,7 @@ cifs_strict_readv(struct kiocb *iocb, struct iov_iter *to) rc = netfs_start_io_read(inode); if (rc < 0) goto out; + rc = -EACCES; down_read(&cinode->lock_sem); if (!cifs_find_lock_conflict( cfile, iocb->ki_pos, iov_iter_count(to),
6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells dhowells@redhat.com
commit a07d38afd15281c42613943a9a715c3ba07c21e6 upstream.
A network filesystem needs to implement a netfslib hook to invalidate fscache if it's to be able to use the cache.
Fix cifs to implement the cache invalidation hook.
Signed-off-by: David Howells dhowells@redhat.com Reviewed-by: Paulo Alcantara (Red Hat) pc@manguebit.com cc: Jeff Layton jlayton@kernel.org cc: linux-cifs@vger.kernel.org cc: netfs@lists.linux.dev cc: linux-fsdevel@vger.kernel.org Cc: stable@vger.kernel.org Fixes: 3ee1a1fc3981 ("cifs: Cut over to using netfslib") Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/smb/client/file.c | 6 ++++++ 1 file changed, 6 insertions(+)
--- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -123,6 +123,11 @@ fail: goto out; }
+static void cifs_netfs_invalidate_cache(struct netfs_io_request *wreq) +{ + cifs_invalidate_cache(wreq->inode, 0); +} + /* * Split the read up according to how many credits we can get for each piece. * It's okay to sleep here if we need to wait for more credit to become @@ -307,6 +312,7 @@ const struct netfs_request_ops cifs_req_ .begin_writeback = cifs_begin_writeback, .prepare_write = cifs_prepare_write, .issue_write = cifs_issue_write, + .invalidate_cache = cifs_netfs_invalidate_cache, };
/*
6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve French stfrench@microsoft.com
commit ae4ccca47195332c69176b8615c5ee17efd30c46 upstream.
There are common cases where copy_file_range can noisily log "source and target of copy not on same server" e.g. the mv command across mounts to two different server's shares. Change this to informational rather than logging as an error.
A followon patch will add dynamic trace points e.g. for cifs_file_copychunk_range
Cc: stable@vger.kernel.org Reviewed-by: Shyam Prasad N sprasad@microsoft.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/smb/client/cifsfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/smb/client/cifsfs.c +++ b/fs/smb/client/cifsfs.c @@ -1359,7 +1359,7 @@ ssize_t cifs_file_copychunk_range(unsign target_tcon = tlink_tcon(smb_file_target->tlink);
if (src_tcon->ses != target_tcon->ses) { - cifs_dbg(VFS, "source and target of copy not on same server\n"); + cifs_dbg(FYI, "source and target of copy not on same server\n"); goto out; }
6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells dhowells@redhat.com
commit de40579b903883274fe203865f29d66b168b7236 upstream.
When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op before renegotiating credits; it then calls cifs_issue_write() which invokes smb2_async_writev() - which re-repicks the server.
If a different server is then selected, this causes the increment of server->in_flight to happen against one record and the decrement to happen against another, leading to misaccounting.
Fix this by just removing the repick code in smb2_async_writev(). As this is only called from netfslib-driven code, cifs_prepare_write() should always have been called first, and so server should never be NULL and the preparatory step is repeated in the event that we do a retry.
The problem manifests as a warning looking something like:
WARNING: CPU: 4 PID: 72896 at fs/smb/client/smb2ops.c:97 smb2_add_credits+0x3f0/0x9e0 [cifs] ... RIP: 0010:smb2_add_credits+0x3f0/0x9e0 [cifs] ... smb2_writev_callback+0x334/0x560 [cifs] cifs_demultiplex_thread+0x77a/0x11b0 [cifs] kthread+0x187/0x1d0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30
Which may be triggered by a number of different xfstests running against an Azure server in multichannel mode. generic/249 seems the most repeatable, but generic/215, generic/249 and generic/308 may also show it.
Fixes: 3ee1a1fc3981 ("cifs: Cut over to using netfslib") Cc: stable@vger.kernel.org Reported-by: Steve French smfrench@gmail.com Reviewed-by: Paulo Alcantara (Red Hat) pc@manguebit.com Acked-by: Tom Talpey tom@talpey.com Signed-off-by: David Howells dhowells@redhat.com cc: Jeff Layton jlayton@kernel.org cc: Aurelien Aptel aaptel@suse.com cc: linux-cifs@vger.kernel.org cc: netfs@lists.linux.dev cc: linux-fsdevel@vger.kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/smb/client/smb2pdu.c | 3 --- 1 file changed, 3 deletions(-)
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c index 2ae2dbb6202b..bb84a89e5905 100644 --- a/fs/smb/client/smb2pdu.c +++ b/fs/smb/client/smb2pdu.c @@ -4859,9 +4859,6 @@ smb2_async_writev(struct cifs_io_subrequest *wdata) struct cifs_io_parms *io_parms = NULL; int credit_request;
- if (!wdata->server || test_bit(NETFS_SREQ_RETRYING, &wdata->subreq.flags)) - server = wdata->server = cifs_pick_channel(tcon->ses); - /* * in future we may get cifs_io_parms passed in from the caller, * but for now we construct it here...
6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells dhowells@redhat.com
commit 61ea6b3a3104fcd66364282391dd2152bc4c129a upstream.
At the moment, at the end of a DIO write, cifs calls netfs_resize_file() to adjust the size of the file if it needs it. This will reduce the zero_point (the point above which we assume a read will just return zeros) if it's more than the new i_size, but won't increase it.
With DIO writes, however, we definitely want to increase it as we have clobbered the local pagecache and then written some data that's not available locally.
Fix cifs to make the zero_point above the end of a DIO or unbuffered write.
This fixes corruption seen occasionally with the generic/708 xfs-test. In that case, the read-back of some of the written data is being short-circuited and replaced with zeroes.
Fixes: 3ee1a1fc3981 ("cifs: Cut over to using netfslib") Cc: stable@vger.kernel.org Reported-by: Steve French sfrench@samba.org Signed-off-by: David Howells dhowells@redhat.com Reviewed-by: Paulo Alcantara (Red Hat) pc@manguebit.com cc: Jeff Layton jlayton@kernel.org cc: linux-cifs@vger.kernel.org cc: netfs@lists.linux.dev cc: linux-fsdevel@vger.kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/smb/client/file.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)
--- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2364,13 +2364,18 @@ void cifs_write_subrequest_terminated(st bool was_async) { struct netfs_io_request *wreq = wdata->rreq; - loff_t new_server_eof; + struct netfs_inode *ictx = netfs_inode(wreq->inode); + loff_t wrend;
if (result > 0) { - new_server_eof = wdata->subreq.start + wdata->subreq.transferred + result; + wrend = wdata->subreq.start + wdata->subreq.transferred + result;
- if (new_server_eof > netfs_inode(wreq->inode)->remote_i_size) - netfs_resize_file(netfs_inode(wreq->inode), new_server_eof, true); + if (wrend > ictx->zero_point && + (wdata->rreq->origin == NETFS_UNBUFFERED_WRITE || + wdata->rreq->origin == NETFS_DIO_WRITE)) + ictx->zero_point = wrend; + if (wrend > ictx->remote_i_size) + netfs_resize_file(ictx, wrend, true); }
netfs_write_subrequest_terminated(&wdata->subreq, result, was_async);
6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hao Ge gehao@kylinos.cn
commit 7dc357d343f134bf59815ff6098b93503ec8a23b upstream.
Dereference auth after NULL check in tpm_buf_check_hmac_response(). Otherwise, unless tpm2_sessions_init() was called, a call can cause NULL dereference, when TCG_TPM2_HMAC is enabled.
[jarkko: adjusted the commit message.] Cc: stable@vger.kernel.org # v6.10+ Fixes: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_session*()") Signed-off-by: Hao Ge gehao@kylinos.cn Signed-off-by: Jarkko Sakkinen jarkko@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/char/tpm/tpm2-sessions.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 2281d55df545..d3521aadd43e 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -746,15 +746,16 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, struct tpm2_auth *auth = chip->auth; off_t offset_s, offset_p; u8 rphash[SHA256_DIGEST_SIZE]; - u32 attrs; + u32 attrs, cc; struct sha256_state sctx; u16 tag = be16_to_cpu(head->tag); - u32 cc = be32_to_cpu(auth->ordinal); int parm_len, len, i, handles;
if (!auth) return rc;
+ cc = be32_to_cpu(auth->ordinal); + if (auth->session >= TPM_HEADER_SIZE) { WARN(1, "tpm session not filled correctly\n"); goto out;
6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Fitzgerald rf@opensource.cirrus.com
commit c66995ae403073212f5ba60d2079003866c6e130 upstream.
The "Speaker Volume" control was being defined using four hardcoded magic numbers. There are #defines in the cs35l56.h header for these numbers, so change the code to use the defined constants.
Signed-off-by: Richard Fitzgerald rf@opensource.cirrus.com Link: https://patch.msgid.link/20240703095517.208077-2-rf@opensource.cirrus.com Signed-off-by: Mark Brown broonie@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- sound/soc/codecs/cs35l56.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
--- a/sound/soc/codecs/cs35l56.c +++ b/sound/soc/codecs/cs35l56.c @@ -196,7 +196,11 @@ static const struct snd_kcontrol_new cs3 cs35l56_dspwait_get_volsw, cs35l56_dspwait_put_volsw), SOC_SINGLE_S_EXT_TLV("Speaker Volume", CS35L56_MAIN_RENDER_USER_VOLUME, - 6, -400, 400, 9, 0, + CS35L56_MAIN_RENDER_USER_VOLUME_SHIFT, + CS35L56_MAIN_RENDER_USER_VOLUME_MIN, + CS35L56_MAIN_RENDER_USER_VOLUME_MAX, + CS35L56_MAIN_RENDER_USER_VOLUME_SIGNBIT, + 0, cs35l56_dspwait_get_volsw, cs35l56_dspwait_put_volsw, vol_tlv),
6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Fitzgerald rf@opensource.cirrus.com
commit 244389bd42870640c4b5ef672a360da329b579ed upstream.
Change CS35L56_MAIN_RENDER_USER_VOLUME_MAX to 48, to limit the maximum value of the Speaker Volume control to +12dB. The minimum value is unchanged so that the default 0dB has the same integer control value.
The original maximum of 400 (+100dB) was the largest value that can be mathematically handled by the DSP. The actual maximum amplification is +12dB.
Signed-off-by: Richard Fitzgerald rf@opensource.cirrus.com Link: https://patch.msgid.link/20240703095517.208077-3-rf@opensource.cirrus.com Signed-off-by: Mark Brown broonie@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- include/sound/cs35l56.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/sound/cs35l56.h +++ b/include/sound/cs35l56.h @@ -209,7 +209,7 @@
/* CS35L56_MAIN_RENDER_USER_VOLUME */ #define CS35L56_MAIN_RENDER_USER_VOLUME_MIN -400 -#define CS35L56_MAIN_RENDER_USER_VOLUME_MAX 400 +#define CS35L56_MAIN_RENDER_USER_VOLUME_MAX 48 #define CS35L56_MAIN_RENDER_USER_VOLUME_MASK 0x0000FFC0 #define CS35L56_MAIN_RENDER_USER_VOLUME_SHIFT 6 #define CS35L56_MAIN_RENDER_USER_VOLUME_SIGNBIT 9
linux-stable-mirror@lists.linaro.org
-
Greg Kroah-Hartman