This is the start of the stable review cycle for the 5.10.63 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Wed, 08 Sep 2021 12:54:40 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.63-rc1... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below.
thanks,
greg k-h
------------- Pseudo-Shortlog of commits:
Greg Kroah-Hartman gregkh@linuxfoundation.org Linux 5.10.63-rc1
Pavel Skripkin paskripkin@gmail.com media: stkwebcam: fix memory leak in stk_camera_probe
Amir Goldstein amir73il@gmail.com fuse: fix illegal access to inode with reused nodeid
Al Viro viro@zeniv.linux.org.uk new helper: inode_wrong_type()
Andy Shevchenko andriy.shevchenko@linux.intel.com spi: Switch to signed types for *_native_cs SPI controller fields
Vignesh Raghavendra vigneshr@ti.com serial: 8250: 8250_omap: Fix possible array out of bounds access
Zubin Mithra zsm@chromium.org ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
Takashi Iwai tiwai@suse.de ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17
Johnathon Clark john.clark@cantab.net ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup
Christoph Hellwig hch@lst.de cryptoloop: add a deprecation warning
Kim Phillips kim.phillips@amd.com perf/x86/amd/power: Assign pmu.module
Kim Phillips kim.phillips@amd.com perf/x86/amd/ibs: Work around erratum #1197
Tuo Li islituo@gmail.com ceph: fix possible null-pointer dereference in ceph_mdsmap_decode()
Xiaoyao Li xiaoyao.li@intel.com perf/x86/intel/pt: Fix mask of num_address_ranges
Shai Malin smalin@marvell.com qede: Fix memset corruption
Harini Katakam harini.katakam@xilinx.com net: macb: Add a NULL check on desc_ptp
Shai Malin smalin@marvell.com qed: Fix the VF msix vectors flow
Sai Krishna Potthuri lakshmi.sai.krishna.potthuri@xilinx.com reset: reset-zynqmp: Fixed the argument data type
Krzysztof Hałasa khalasa@piap.pl gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats
Maciej Falkowski maciej.falkowski9@gmail.com ARM: OMAP1: ams-delta: remove unused function ams_delta_camera_power
Randy Dunlap rdunlap@infradead.org xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
Matthieu Baerts matthieu.baerts@tessares.net static_call: Fix unused variable warn w/o MODULE
Greg Kroah-Hartman gregkh@linuxfoundation.org Revert "Add a reference to ucounts for each cred"
Greg Kroah-Hartman gregkh@linuxfoundation.org Revert "cred: add missing return error code when set_cred_ucounts() failed"
Greg Kroah-Hartman gregkh@linuxfoundation.org Revert "ucounts: Increase ucounts reference counter before the security hook"
Eric Biggers ebiggers@google.com ubifs: report correct st_size for encrypted symlinks
Eric Biggers ebiggers@google.com f2fs: report correct st_size for encrypted symlinks
Eric Biggers ebiggers@google.com ext4: report correct st_size for encrypted symlinks
Eric Biggers ebiggers@google.com fscrypt: add fscrypt_symlink_getattr() for computing st_size
Theodore Ts'o tytso@mit.edu ext4: fix race writing to an inline_data file while its xattrs are changing
-------------
Diffstat:
Makefile | 4 +-- arch/arm/mach-omap1/board-ams-delta.c | 14 --------- arch/x86/events/amd/ibs.c | 8 +++++ arch/x86/events/amd/power.c | 1 + arch/x86/events/intel/pt.c | 2 +- arch/xtensa/Kconfig | 2 +- drivers/block/Kconfig | 4 +-- drivers/block/cryptoloop.c | 2 ++ drivers/gpu/ipu-v3/ipu-cpmem.c | 30 +++++++++---------- drivers/media/usb/stkwebcam/stk-webcam.c | 6 ++-- drivers/net/ethernet/cadence/macb_ptp.c | 11 ++++++- drivers/net/ethernet/qlogic/qed/qed_main.c | 7 ++++- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- drivers/reset/reset-zynqmp.c | 3 +- drivers/tty/serial/8250/8250_omap.c | 1 + fs/9p/vfs_inode.c | 4 +-- fs/9p/vfs_inode_dotl.c | 4 +-- fs/ceph/mdsmap.c | 8 +++-- fs/cifs/inode.c | 5 ++-- fs/crypto/hooks.c | 44 ++++++++++++++++++++++++++++ fs/exec.c | 4 --- fs/ext4/inline.c | 6 ++++ fs/ext4/symlink.c | 11 ++++++- fs/f2fs/namei.c | 11 ++++++- fs/fuse/dir.c | 6 ++-- fs/fuse/fuse_i.h | 7 +++++ fs/fuse/inode.c | 4 +-- fs/fuse/readdir.c | 7 +++-- fs/nfs/inode.c | 6 ++-- fs/nfsd/nfsproc.c | 2 +- fs/overlayfs/namei.c | 4 +-- fs/ubifs/file.c | 12 +++++++- include/linux/cred.h | 2 -- include/linux/fs.h | 5 ++++ include/linux/fscrypt.h | 7 +++++ include/linux/spi/spi.h | 4 +-- include/linux/user_namespace.h | 4 --- kernel/cred.c | 41 -------------------------- kernel/fork.c | 6 ---- kernel/static_call.c | 4 +-- kernel/sys.c | 12 -------- kernel/ucount.c | 40 ++----------------------- kernel/user_namespace.c | 3 -- sound/core/pcm_lib.c | 2 +- sound/pci/hda/patch_realtek.c | 11 +++++++ 45 files changed, 202 insertions(+), 181 deletions(-)
From: Theodore Ts'o tytso@mit.edu
commit a54c4613dac1500b40e4ab55199f7c51f028e848 upstream.
The location of the system.data extended attribute can change whenever xattr_sem is not taken. So we need to recalculate the i_inline_off field since it mgiht have changed between ext4_write_begin() and ext4_write_end().
This means that caching i_inline_off is probably not helpful, so in the long run we should probably get rid of it and shrink the in-memory ext4 inode slightly, but let's fix the race the simple way for now.
Cc: stable@kernel.org Fixes: f19d5870cbf72 ("ext4: add normal write support for inline data") Reported-by: syzbot+13146364637c7363a7de@syzkaller.appspotmail.com Signed-off-by: Theodore Ts'o tytso@mit.edu Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/ext4/inline.c | 6 ++++++ 1 file changed, 6 insertions(+)
--- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -750,6 +750,12 @@ int ext4_write_inline_data_end(struct in ext4_write_lock_xattr(inode, &no_expand); BUG_ON(!ext4_has_inline_data(inode));
+ /* + * ei->i_inline_off may have changed since ext4_write_begin() + * called ext4_try_to_write_inline_data() + */ + (void) ext4_find_inline_data_nolock(inode); + kaddr = kmap_atomic(page); ext4_write_inline_data(inode, &iloc, kaddr, pos, len); kunmap_atomic(kaddr);
From: Eric Biggers ebiggers@google.com
commit d18760560593e5af921f51a8c9b64b6109d634c2 upstream.
Add a helper function fscrypt_symlink_getattr() which will be called from the various filesystems' ->getattr() methods to read and decrypt the target of encrypted symlinks in order to report the correct st_size.
Detailed explanation:
As required by POSIX and as documented in various man pages, st_size for a symlink is supposed to be the length of the symlink target. Unfortunately, st_size has always been wrong for encrypted symlinks because st_size is populated from i_size from disk, which intentionally contains the length of the encrypted symlink target. That's slightly greater than the length of the decrypted symlink target (which is the symlink target that userspace usually sees), and usually won't match the length of the no-key encoded symlink target either.
This hadn't been fixed yet because reporting the correct st_size would require reading the symlink target from disk and decrypting or encoding it, which historically has been considered too heavyweight to do in ->getattr(). Also historically, the wrong st_size had only broken a test (LTP lstat03) and there were no known complaints from real users. (This is probably because the st_size of symlinks isn't used too often, and when it is, typically it's for a hint for what buffer size to pass to readlink() -- which a slightly-too-large size still works for.)
However, a couple things have changed now. First, there have recently been complaints about the current behavior from real users:
- Breakage in rpmbuild: https://github.com/rpm-software-management/rpm/issues/1682 https://github.com/google/fscrypt/issues/305
- Breakage in toybox cpio: https://www.mail-archive.com/toybox@lists.landley.net/msg07193.html
- Breakage in libgit2: https://issuetracker.google.com/issues/189629152 (on Android public issue tracker, requires login)
Second, we now cache decrypted symlink targets in ->i_link. Therefore, taking the performance hit of reading and decrypting the symlink target in ->getattr() wouldn't be as big a deal as it used to be, since usually it will just save having to do the same thing later.
Also note that eCryptfs ended up having to read and decrypt symlink targets in ->getattr() as well, to fix this same issue; see commit 3a60a1686f0d ("eCryptfs: Decrypt symlink target for stat size").
So, let's just bite the bullet, and read and decrypt the symlink target in ->getattr() in order to report the correct st_size. Add a function fscrypt_symlink_getattr() which the filesystems will call to do this.
(Alternatively, we could store the decrypted size of symlinks on-disk. But there isn't a great place to do so, and encryption is meant to hide the original size to some extent; that property would be lost.)
Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210702065350.209646-2-ebiggers@kernel.org Signed-off-by: Eric Biggers ebiggers@google.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/crypto/hooks.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ include/linux/fscrypt.h | 7 +++++++ 2 files changed, 51 insertions(+)
--- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c @@ -379,3 +379,47 @@ err_kfree: return ERR_PTR(err); } EXPORT_SYMBOL_GPL(fscrypt_get_symlink); + +/** + * fscrypt_symlink_getattr() - set the correct st_size for encrypted symlinks + * @path: the path for the encrypted symlink being queried + * @stat: the struct being filled with the symlink's attributes + * + * Override st_size of encrypted symlinks to be the length of the decrypted + * symlink target (or the no-key encoded symlink target, if the key is + * unavailable) rather than the length of the encrypted symlink target. This is + * necessary for st_size to match the symlink target that userspace actually + * sees. POSIX requires this, and some userspace programs depend on it. + * + * This requires reading the symlink target from disk if needed, setting up the + * inode's encryption key if possible, and then decrypting or encoding the + * symlink target. This makes lstat() more heavyweight than is normally the + * case. However, decrypted symlink targets will be cached in ->i_link, so + * usually the symlink won't have to be read and decrypted again later if/when + * it is actually followed, readlink() is called, or lstat() is called again. + * + * Return: 0 on success, -errno on failure + */ +int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat) +{ + struct dentry *dentry = path->dentry; + struct inode *inode = d_inode(dentry); + const char *link; + DEFINE_DELAYED_CALL(done); + + /* + * To get the symlink target that userspace will see (whether it's the + * decrypted target or the no-key encoded target), we can just get it in + * the same way the VFS does during path resolution and readlink(). + */ + link = READ_ONCE(inode->i_link); + if (!link) { + link = inode->i_op->get_link(dentry, inode, &done); + if (IS_ERR(link)) + return PTR_ERR(link); + } + stat->size = strlen(link); + do_delayed_call(&done); + return 0; +} +EXPORT_SYMBOL_GPL(fscrypt_symlink_getattr); --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -252,6 +252,7 @@ int __fscrypt_encrypt_symlink(struct ino const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, unsigned int max_size, struct delayed_call *done); +int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat); static inline void fscrypt_set_ops(struct super_block *sb, const struct fscrypt_operations *s_cop) { @@ -575,6 +576,12 @@ static inline const char *fscrypt_get_sy return ERR_PTR(-EOPNOTSUPP); }
+static inline int fscrypt_symlink_getattr(const struct path *path, + struct kstat *stat) +{ + return -EOPNOTSUPP; +} + static inline void fscrypt_set_ops(struct super_block *sb, const struct fscrypt_operations *s_cop) {
From: Eric Biggers ebiggers@google.com
commit 8c4bca10ceafc43b1ca0a9fab5fa27e13cbce99e upstream.
The stat() family of syscalls report the wrong size for encrypted symlinks, which has caused breakage in several userspace programs.
Fix this by calling fscrypt_symlink_getattr() after ext4_getattr() for encrypted symlinks. This function computes the correct size by reading and decrypting the symlink target (if it's not already cached).
For more details, see the commit which added fscrypt_symlink_getattr().
Fixes: f348c252320b ("ext4 crypto: add symlink encryption") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210702065350.209646-3-ebiggers@kernel.org Signed-off-by: Eric Biggers ebiggers@google.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/ext4/symlink.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
--- a/fs/ext4/symlink.c +++ b/fs/ext4/symlink.c @@ -52,10 +52,19 @@ static const char *ext4_encrypted_get_li return paddr; }
+static int ext4_encrypted_symlink_getattr(const struct path *path, + struct kstat *stat, u32 request_mask, + unsigned int query_flags) +{ + ext4_getattr(path, stat, request_mask, query_flags); + + return fscrypt_symlink_getattr(path, stat); +} + const struct inode_operations ext4_encrypted_symlink_inode_operations = { .get_link = ext4_encrypted_get_link, .setattr = ext4_setattr, - .getattr = ext4_getattr, + .getattr = ext4_encrypted_symlink_getattr, .listxattr = ext4_listxattr, };
From: Eric Biggers ebiggers@google.com
commit 461b43a8f92e68e96c4424b31e15f2b35f1bbfa9 upstream.
The stat() family of syscalls report the wrong size for encrypted symlinks, which has caused breakage in several userspace programs.
Fix this by calling fscrypt_symlink_getattr() after f2fs_getattr() for encrypted symlinks. This function computes the correct size by reading and decrypting the symlink target (if it's not already cached).
For more details, see the commit which added fscrypt_symlink_getattr().
Fixes: cbaf042a3cc6 ("f2fs crypto: add symlink encryption") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210702065350.209646-4-ebiggers@kernel.org Signed-off-by: Eric Biggers ebiggers@google.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/f2fs/namei.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
--- a/fs/f2fs/namei.c +++ b/fs/f2fs/namei.c @@ -1307,9 +1307,18 @@ static const char *f2fs_encrypted_get_li return target; }
+static int f2fs_encrypted_symlink_getattr(const struct path *path, + struct kstat *stat, u32 request_mask, + unsigned int query_flags) +{ + f2fs_getattr(path, stat, request_mask, query_flags); + + return fscrypt_symlink_getattr(path, stat); +} + const struct inode_operations f2fs_encrypted_symlink_inode_operations = { .get_link = f2fs_encrypted_get_link, - .getattr = f2fs_getattr, + .getattr = f2fs_encrypted_symlink_getattr, .setattr = f2fs_setattr, .listxattr = f2fs_listxattr, };
From: Eric Biggers ebiggers@google.com
commit 064c734986011390b4d111f1a99372b7f26c3850 upstream.
The stat() family of syscalls report the wrong size for encrypted symlinks, which has caused breakage in several userspace programs.
Fix this by calling fscrypt_symlink_getattr() after ubifs_getattr() for encrypted symlinks. This function computes the correct size by reading and decrypting the symlink target (if it's not already cached).
For more details, see the commit which added fscrypt_symlink_getattr().
Fixes: ca7f85be8d6c ("ubifs: Add support for encrypted symlinks") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210702065350.209646-5-ebiggers@kernel.org Signed-off-by: Eric Biggers ebiggers@google.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/ubifs/file.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-)
--- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1629,6 +1629,16 @@ static const char *ubifs_get_link(struct return fscrypt_get_symlink(inode, ui->data, ui->data_len, done); }
+static int ubifs_symlink_getattr(const struct path *path, struct kstat *stat, + u32 request_mask, unsigned int query_flags) +{ + ubifs_getattr(path, stat, request_mask, query_flags); + + if (IS_ENCRYPTED(d_inode(path->dentry))) + return fscrypt_symlink_getattr(path, stat); + return 0; +} + const struct address_space_operations ubifs_file_address_operations = { .readpage = ubifs_readpage, .writepage = ubifs_writepage, @@ -1654,7 +1664,7 @@ const struct inode_operations ubifs_file const struct inode_operations ubifs_symlink_inode_operations = { .get_link = ubifs_get_link, .setattr = ubifs_setattr, - .getattr = ubifs_getattr, + .getattr = ubifs_symlink_getattr, #ifdef CONFIG_UBIFS_FS_XATTR .listxattr = ubifs_listxattr, #endif
From: Greg Kroah-Hartman gregkh@linuxfoundation.org
This reverts commit b493af3a66e067f93e5e03465507866ddeabff9e which is commit bbb6d0f3e1feb43d663af089c7dedb23be6a04fb upstream.
The "original" commit 905ae01c4ae2 ("Add a reference to ucounts for each cred"), should not have been applied to the 5.10.y tree, so revert it, and the follow-on fixup patches as well.
Reported-by: "Eric W. Biederman" ebiederm@xmission.com Link: https://lore.kernel.org/r/87v93k4bl6.fsf@disp2133 Cc: Alexey Gladkov legion@kernel.org Cc: Sasha Levin sashal@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- kernel/cred.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
--- a/kernel/cred.c +++ b/kernel/cred.c @@ -286,11 +286,11 @@ struct cred *prepare_creds(void) new->security = NULL; #endif
- new->ucounts = get_ucounts(new->ucounts); - if (!new->ucounts) + if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0) goto error;
- if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0) + new->ucounts = get_ucounts(new->ucounts); + if (!new->ucounts) goto error;
validate_creds(new); @@ -753,11 +753,11 @@ struct cred *prepare_kernel_cred(struct #ifdef CONFIG_SECURITY new->security = NULL; #endif - new->ucounts = get_ucounts(new->ucounts); - if (!new->ucounts) + if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0) goto error;
- if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0) + new->ucounts = get_ucounts(new->ucounts); + if (!new->ucounts) goto error;
put_cred(old);
From: Greg Kroah-Hartman gregkh@linuxfoundation.org
This reverts commit 0855952ed4f1a6861fbb0e5d684efd447d7347c9 which is commit 5e6b8a50a7cec5686ee2c4bda1d49899c79a7eae upstream.
The "original" commit 905ae01c4ae2 ("Add a reference to ucounts for each cred"), should not have been applied to the 5.10.y tree, so revert it, and the follow-on fixup patches as well.
Reported-by: "Eric W. Biederman" ebiederm@xmission.com Link: https://lore.kernel.org/r/87v93k4bl6.fsf@disp2133 Cc: Yang Yingliang yangyingliang@huawei.com Cc: Alexey Gladkov legion@kernel.org Cc: Sasha Levin sashal@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- kernel/cred.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
--- a/kernel/cred.c +++ b/kernel/cred.c @@ -372,8 +372,7 @@ int copy_creds(struct task_struct *p, un ret = create_user_ns(new); if (ret < 0) goto error_put; - ret = set_cred_ucounts(new); - if (ret < 0) + if (set_cred_ucounts(new) < 0) goto error_put; }
From: Greg Kroah-Hartman gregkh@linuxfoundation.org
This reverts commit b2c4d9a33cc2dec7466f97eba2c4dd571ad798a5 which is commit 905ae01c4ae2ae3df05bb141801b1db4b7d83c61 upstream.
This commit should not have been applied to the 5.10.y stable tree, so revert it.
Reported-by: "Eric W. Biederman" ebiederm@xmission.com Link: https://lore.kernel.org/r/87v93k4bl6.fsf@disp2133 Cc: Alexey Gladkov legion@kernel.org Cc: Sasha Levin sashal@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/exec.c | 4 ---- include/linux/cred.h | 2 -- include/linux/user_namespace.h | 4 ---- kernel/cred.c | 40 ---------------------------------------- kernel/fork.c | 6 ------ kernel/sys.c | 12 ------------ kernel/ucount.c | 40 +++------------------------------------- kernel/user_namespace.c | 3 --- 8 files changed, 3 insertions(+), 108 deletions(-)
--- a/fs/exec.c +++ b/fs/exec.c @@ -1347,10 +1347,6 @@ int begin_new_exec(struct linux_binprm * WRITE_ONCE(me->self_exec_id, me->self_exec_id + 1); flush_signal_handlers(me, 0);
- retval = set_cred_ucounts(bprm->cred); - if (retval < 0) - goto out_unlock; - /* * install the new credentials for this executable */ --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -144,7 +144,6 @@ struct cred { #endif struct user_struct *user; /* real user ID subscription */ struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */ - struct ucounts *ucounts; struct group_info *group_info; /* supplementary groups for euid/fsgid */ /* RCU deletion */ union { @@ -171,7 +170,6 @@ extern int set_security_override_from_ct extern int set_create_files_as(struct cred *, struct inode *); extern int cred_fscmp(const struct cred *, const struct cred *); extern void __init cred_init(void); -extern int set_cred_ucounts(struct cred *);
/* * check for validity of credentials --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -101,15 +101,11 @@ struct ucounts { };
extern struct user_namespace init_user_ns; -extern struct ucounts init_ucounts;
bool setup_userns_sysctls(struct user_namespace *ns); void retire_userns_sysctls(struct user_namespace *ns); struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid, enum ucount_type type); void dec_ucount(struct ucounts *ucounts, enum ucount_type type); -struct ucounts *alloc_ucounts(struct user_namespace *ns, kuid_t uid); -struct ucounts *get_ucounts(struct ucounts *ucounts); -void put_ucounts(struct ucounts *ucounts);
#ifdef CONFIG_USER_NS
--- a/kernel/cred.c +++ b/kernel/cred.c @@ -60,7 +60,6 @@ struct cred init_cred = { .user = INIT_USER, .user_ns = &init_user_ns, .group_info = &init_groups, - .ucounts = &init_ucounts, };
static inline void set_cred_subscribers(struct cred *cred, int n) @@ -120,8 +119,6 @@ static void put_cred_rcu(struct rcu_head if (cred->group_info) put_group_info(cred->group_info); free_uid(cred->user); - if (cred->ucounts) - put_ucounts(cred->ucounts); put_user_ns(cred->user_ns); kmem_cache_free(cred_jar, cred); } @@ -225,7 +222,6 @@ struct cred *cred_alloc_blank(void) #ifdef CONFIG_DEBUG_CREDENTIALS new->magic = CRED_MAGIC; #endif - new->ucounts = get_ucounts(&init_ucounts);
if (security_cred_alloc_blank(new, GFP_KERNEL_ACCOUNT) < 0) goto error; @@ -288,11 +284,6 @@ struct cred *prepare_creds(void)
if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0) goto error; - - new->ucounts = get_ucounts(new->ucounts); - if (!new->ucounts) - goto error; - validate_creds(new); return new;
@@ -372,8 +363,6 @@ int copy_creds(struct task_struct *p, un ret = create_user_ns(new); if (ret < 0) goto error_put; - if (set_cred_ucounts(new) < 0) - goto error_put; }
#ifdef CONFIG_KEYS @@ -664,31 +653,6 @@ int cred_fscmp(const struct cred *a, con } EXPORT_SYMBOL(cred_fscmp);
-int set_cred_ucounts(struct cred *new) -{ - struct task_struct *task = current; - const struct cred *old = task->real_cred; - struct ucounts *old_ucounts = new->ucounts; - - if (new->user == old->user && new->user_ns == old->user_ns) - return 0; - - /* - * This optimization is needed because alloc_ucounts() uses locks - * for table lookups. - */ - if (old_ucounts && old_ucounts->ns == new->user_ns && uid_eq(old_ucounts->uid, new->euid)) - return 0; - - if (!(new->ucounts = alloc_ucounts(new->user_ns, new->euid))) - return -EAGAIN; - - if (old_ucounts) - put_ucounts(old_ucounts); - - return 0; -} - /* * initialise the credentials stuff */ @@ -755,10 +719,6 @@ struct cred *prepare_kernel_cred(struct if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0) goto error;
- new->ucounts = get_ucounts(new->ucounts); - if (!new->ucounts) - goto error; - put_cred(old); validate_creds(new); return new; --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2960,12 +2960,6 @@ int ksys_unshare(unsigned long unshare_f if (err) goto bad_unshare_cleanup_cred;
- if (new_cred) { - err = set_cred_ucounts(new_cred); - if (err) - goto bad_unshare_cleanup_cred; - } - if (new_fs || new_fd || do_sysvsem || new_cred || new_nsproxy) { if (do_sysvsem) { /* --- a/kernel/sys.c +++ b/kernel/sys.c @@ -552,10 +552,6 @@ long __sys_setreuid(uid_t ruid, uid_t eu if (retval < 0) goto error;
- retval = set_cred_ucounts(new); - if (retval < 0) - goto error; - return commit_creds(new);
error: @@ -614,10 +610,6 @@ long __sys_setuid(uid_t uid) if (retval < 0) goto error;
- retval = set_cred_ucounts(new); - if (retval < 0) - goto error; - return commit_creds(new);
error: @@ -693,10 +685,6 @@ long __sys_setresuid(uid_t ruid, uid_t e if (retval < 0) goto error;
- retval = set_cred_ucounts(new); - if (retval < 0) - goto error; - return commit_creds(new);
error: --- a/kernel/ucount.c +++ b/kernel/ucount.c @@ -8,12 +8,6 @@ #include <linux/kmemleak.h> #include <linux/user_namespace.h>
-struct ucounts init_ucounts = { - .ns = &init_user_ns, - .uid = GLOBAL_ROOT_UID, - .count = 1, -}; - #define UCOUNTS_HASHTABLE_BITS 10 static struct hlist_head ucounts_hashtable[(1 << UCOUNTS_HASHTABLE_BITS)]; static DEFINE_SPINLOCK(ucounts_lock); @@ -131,15 +125,7 @@ static struct ucounts *find_ucounts(stru return NULL; }
-static void hlist_add_ucounts(struct ucounts *ucounts) -{ - struct hlist_head *hashent = ucounts_hashentry(ucounts->ns, ucounts->uid); - spin_lock_irq(&ucounts_lock); - hlist_add_head(&ucounts->node, hashent); - spin_unlock_irq(&ucounts_lock); -} - -struct ucounts *alloc_ucounts(struct user_namespace *ns, kuid_t uid) +static struct ucounts *get_ucounts(struct user_namespace *ns, kuid_t uid) { struct hlist_head *hashent = ucounts_hashentry(ns, uid); struct ucounts *ucounts, *new; @@ -174,26 +160,7 @@ struct ucounts *alloc_ucounts(struct use return ucounts; }
-struct ucounts *get_ucounts(struct ucounts *ucounts) -{ - unsigned long flags; - - if (!ucounts) - return NULL; - - spin_lock_irqsave(&ucounts_lock, flags); - if (ucounts->count == INT_MAX) { - WARN_ONCE(1, "ucounts: counter has reached its maximum value"); - ucounts = NULL; - } else { - ucounts->count += 1; - } - spin_unlock_irqrestore(&ucounts_lock, flags); - - return ucounts; -} - -void put_ucounts(struct ucounts *ucounts) +static void put_ucounts(struct ucounts *ucounts) { unsigned long flags;
@@ -227,7 +194,7 @@ struct ucounts *inc_ucount(struct user_n { struct ucounts *ucounts, *iter, *bad; struct user_namespace *tns; - ucounts = alloc_ucounts(ns, uid); + ucounts = get_ucounts(ns, uid); for (iter = ucounts; iter; iter = tns->ucounts) { int max; tns = iter->ns; @@ -270,7 +237,6 @@ static __init int user_namespace_sysctl_ BUG_ON(!user_header); BUG_ON(!setup_userns_sysctls(&init_user_ns)); #endif - hlist_add_ucounts(&init_ucounts); return 0; } subsys_initcall(user_namespace_sysctl_init); --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -1340,9 +1340,6 @@ static int userns_install(struct nsset * put_user_ns(cred->user_ns); set_cred_user_ns(cred, get_user_ns(user_ns));
- if (set_cred_ucounts(cred) < 0) - return -EINVAL; - return 0; }
From: Matthieu Baerts matthieu.baerts@tessares.net
commit 7d95f22798ecea513f37b792b39fec4bcf20fec3 upstream.
Here is the warning converted as error and reported by GCC:
kernel/static_call.c: In function ‘__static_call_update’: kernel/static_call.c:153:18: error: unused variable ‘mod’ [-Werror=unused-variable] 153 | struct module *mod = site_mod->mod; | ^~~ cc1: all warnings being treated as errors make[1]: *** [scripts/Makefile.build:271: kernel/static_call.o] Error 1
This is simply because since recently, we no longer use 'mod' variable elsewhere if MODULE is unset.
When using 'make tinyconfig' to generate the default kconfig, MODULE is unset.
There are different ways to fix this warning. Here I tried to minimised the number of modified lines and not add more #ifdef. We could also move the declaration of the 'mod' variable inside the if-statement or directly use site_mod->mod.
Fixes: 698bacefe993 ("static_call: Align static_call_is_init() patching condition") Signed-off-by: Matthieu Baerts matthieu.baerts@tessares.net Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Link: https://lkml.kernel.org/r/20210326105023.2058860-1-matthieu.baerts@tessares.... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- kernel/static_call.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/static_call.c +++ b/kernel/static_call.c @@ -165,13 +165,13 @@ void __static_call_update(struct static_
stop = __stop_static_call_sites;
-#ifdef CONFIG_MODULES if (mod) { +#ifdef CONFIG_MODULES stop = mod->static_call_sites + mod->num_static_call_sites; init = mod->state == MODULE_STATE_COMING; - } #endif + }
for (site = site_mod->sites; site < stop && static_call_key(site) == key; site++) {
From: Randy Dunlap rdunlap@infradead.org
commit ed5aacc81cd41efc4d561e14af408d1003f7b855 upstream.
XTENSA should only select HAVE_FUTEX_CMPXCHG when FUTEX is set/enabled. This prevents a kconfig warning.
WARNING: unmet direct dependencies detected for HAVE_FUTEX_CMPXCHG Depends on [n]: FUTEX [=n] Selected by [y]: - XTENSA [=y] && !MMU [=n]
Fixes: d951ba21b959 ("xtensa: nommu: select HAVE_FUTEX_CMPXCHG") Signed-off-by: Randy Dunlap rdunlap@infradead.org Cc: Max Filippov jcmvbkbc@gmail.com Cc: Chris Zankel chris@zankel.net Cc: linux-xtensa@linux-xtensa.org Message-Id: 20210526070337.28130-1-rdunlap@infradead.org Signed-off-by: Max Filippov jcmvbkbc@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- arch/xtensa/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/xtensa/Kconfig +++ b/arch/xtensa/Kconfig @@ -30,7 +30,7 @@ config XTENSA select HAVE_DMA_CONTIGUOUS select HAVE_EXIT_THREAD select HAVE_FUNCTION_TRACER - select HAVE_FUTEX_CMPXCHG if !MMU + select HAVE_FUTEX_CMPXCHG if !MMU && FUTEX select HAVE_HW_BREAKPOINT if PERF_EVENTS select HAVE_IRQ_TIME_ACCOUNTING select HAVE_OPROFILE
From: Maciej Falkowski maciej.falkowski9@gmail.com
commit bae989c4bc53f861cc1b706aab0194703e9907a8 upstream.
The ams_delta_camera_power() function is unused as reports Clang compilation with omap1_defconfig on linux-next:
arch/arm/mach-omap1/board-ams-delta.c:462:12: warning: unused function 'ams_delta_camera_power' [-Wunused-function] static int ams_delta_camera_power(struct device *dev, int power) ^ 1 warning generated.
The soc_camera support was dropped without removing ams_delta_camera_power() function, making it unused.
Fixes: ce548396a433 ("media: mach-omap1: board-ams-delta.c: remove soc_camera dependencies") Signed-off-by: Maciej Falkowski maciej.falkowski9@gmail.com Reviewed-by: Nathan Chancellor nathan@kernel.org Reviewed-by: Nick Desaulniers ndesaulniers@google.com Signed-off-by: Tony Lindgren tony@atomide.com Link: https://github.com/ClangBuiltLinux/linux/issues/1326 Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- arch/arm/mach-omap1/board-ams-delta.c | 14 -------------- 1 file changed, 14 deletions(-)
--- a/arch/arm/mach-omap1/board-ams-delta.c +++ b/arch/arm/mach-omap1/board-ams-delta.c @@ -458,20 +458,6 @@ static struct gpiod_lookup_table leds_gp
#ifdef CONFIG_LEDS_TRIGGERS DEFINE_LED_TRIGGER(ams_delta_camera_led_trigger); - -static int ams_delta_camera_power(struct device *dev, int power) -{ - /* - * turn on camera LED - */ - if (power) - led_trigger_event(ams_delta_camera_led_trigger, LED_FULL); - else - led_trigger_event(ams_delta_camera_led_trigger, LED_OFF); - return 0; -} -#else -#define ams_delta_camera_power NULL #endif
static struct platform_device ams_delta_audio_device = {
From: Krzysztof Hałasa khalasa@piap.pl
[ Upstream commit 7cca7c8096e2c8a4149405438329b5035d0744f0 ]
Video captured in 1400x1050 resolution (bytesperline aka stride = 1408 bytes) is invalid. Fix it.
Signed-off-by: Krzysztof Halasa khalasa@piap.pl Link: https://lore.kernel.org/r/m3y2bmq7a4.fsf@t19.piap.pl [p.zabel@pengutronix.de: added "gpu: ipu-v3:" prefix to commit description] Signed-off-by: Philipp Zabel p.zabel@pengutronix.de Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/gpu/ipu-v3/ipu-cpmem.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/drivers/gpu/ipu-v3/ipu-cpmem.c b/drivers/gpu/ipu-v3/ipu-cpmem.c index a1c85d1521f5..82b244cb313e 100644 --- a/drivers/gpu/ipu-v3/ipu-cpmem.c +++ b/drivers/gpu/ipu-v3/ipu-cpmem.c @@ -585,21 +585,21 @@ static const struct ipu_rgb def_bgra_16 = { .bits_per_pixel = 16, };
-#define Y_OFFSET(pix, x, y) ((x) + pix->width * (y)) -#define U_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * ((y) / 2) / 2) + (x) / 2) -#define V_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * pix->height / 4) + \ - (pix->width * ((y) / 2) / 2) + (x) / 2) -#define U2_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * (y) / 2) + (x) / 2) -#define V2_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * pix->height / 2) + \ - (pix->width * (y) / 2) + (x) / 2) -#define UV_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * ((y) / 2)) + (x)) -#define UV2_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * y) + (x)) +#define Y_OFFSET(pix, x, y) ((x) + pix->bytesperline * (y)) +#define U_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * ((y) / 2) / 2) + (x) / 2) +#define V_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * pix->height / 4) + \ + (pix->bytesperline * ((y) / 2) / 2) + (x) / 2) +#define U2_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * (y) / 2) + (x) / 2) +#define V2_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * pix->height / 2) + \ + (pix->bytesperline * (y) / 2) + (x) / 2) +#define UV_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * ((y) / 2)) + (x)) +#define UV2_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * y) + (x))
#define NUM_ALPHA_CHANNELS 7
From: Sai Krishna Potthuri lakshmi.sai.krishna.potthuri@xilinx.com
[ Upstream commit ed104ca4bd9c405b41e968ad4ece51f6462e90b6 ]
This patch changes the data type of the variable 'val' from int to u32.
Addresses-Coverity: argument of type "int *" is incompatible with parameter of type "u32 *" Signed-off-by: Sai Krishna Potthuri lakshmi.sai.krishna.potthuri@xilinx.com Signed-off-by: Michal Simek michal.simek@xilinx.com Link: https://lore.kernel.org/r/925cebbe4eb73c7d0a536da204748d33c7100d8c.162444877... Signed-off-by: Philipp Zabel p.zabel@pengutronix.de Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/reset/reset-zynqmp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/reset/reset-zynqmp.c b/drivers/reset/reset-zynqmp.c index ebd433fa09dd..8c51768e9a72 100644 --- a/drivers/reset/reset-zynqmp.c +++ b/drivers/reset/reset-zynqmp.c @@ -53,7 +53,8 @@ static int zynqmp_reset_status(struct reset_controller_dev *rcdev, unsigned long id) { struct zynqmp_reset_data *priv = to_zynqmp_reset_data(rcdev); - int val, err; + int err; + u32 val;
err = zynqmp_pm_reset_get_status(priv->data->reset_id + id, &val); if (err)
From: Shai Malin smalin@marvell.com
[ Upstream commit b0cd08537db8d2fbb227cdb2e5835209db295a24 ]
For VFs we should return with an error in case we didn't get the exact number of msix vectors as we requested. Not doing that will lead to a crash when starting queues for this VF.
Signed-off-by: Prabhakar Kushwaha pkushwaha@marvell.com Signed-off-by: Ariel Elior aelior@marvell.com Signed-off-by: Shai Malin smalin@marvell.com Signed-off-by: David S. Miller davem@davemloft.net Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/net/ethernet/qlogic/qed/qed_main.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/qlogic/qed/qed_main.c b/drivers/net/ethernet/qlogic/qed/qed_main.c index 5bd58c65e163..6bb9ec98a12b 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_main.c +++ b/drivers/net/ethernet/qlogic/qed/qed_main.c @@ -616,7 +616,12 @@ static int qed_enable_msix(struct qed_dev *cdev, rc = cnt; }
- if (rc > 0) { + /* For VFs, we should return with an error in case we didn't get the + * exact number of msix vectors as we requested. + * Not doing that will lead to a crash when starting queues for + * this VF. + */ + if ((IS_PF(cdev) && rc > 0) || (IS_VF(cdev) && rc == cnt)) { /* MSI-x configuration was achieved */ int_params->out.int_mode = QED_INT_MODE_MSIX; int_params->out.num_vectors = rc;
From: Harini Katakam harini.katakam@xilinx.com
[ Upstream commit 85520079afce885b80647fbd0d13d8f03d057167 ]
macb_ptp_desc will not return NULL under most circumstances with correct Kconfig and IP design config register. But for the sake of the extreme corner case, check for NULL when using the helper. In case of rx_tstamp, no action is necessary except to return (similar to timestamp disabled) and warn. In case of TX, return -EINVAL to let the skb be free. Perform this check before marking skb in progress. Fixes coverity warning: (4) Event dereference: Dereferencing a null pointer "desc_ptp"
Signed-off-by: Harini Katakam harini.katakam@xilinx.com Reviewed-by: Radhey Shyam Pandey radhey.shyam.pandey@xilinx.com Signed-off-by: Michal Simek michal.simek@xilinx.com Signed-off-by: David S. Miller davem@davemloft.net Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/net/ethernet/cadence/macb_ptp.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/cadence/macb_ptp.c b/drivers/net/ethernet/cadence/macb_ptp.c index 283918aeb741..09d64a29f56e 100644 --- a/drivers/net/ethernet/cadence/macb_ptp.c +++ b/drivers/net/ethernet/cadence/macb_ptp.c @@ -275,6 +275,12 @@ void gem_ptp_rxstamp(struct macb *bp, struct sk_buff *skb,
if (GEM_BFEXT(DMA_RXVALID, desc->addr)) { desc_ptp = macb_ptp_desc(bp, desc); + /* Unlikely but check */ + if (!desc_ptp) { + dev_warn_ratelimited(&bp->pdev->dev, + "Timestamp not supported in BD\n"); + return; + } gem_hw_timestamp(bp, desc_ptp->ts_1, desc_ptp->ts_2, &ts); memset(shhwtstamps, 0, sizeof(struct skb_shared_hwtstamps)); shhwtstamps->hwtstamp = ktime_set(ts.tv_sec, ts.tv_nsec); @@ -307,8 +313,11 @@ int gem_ptp_txstamp(struct macb_queue *queue, struct sk_buff *skb, if (CIRC_SPACE(head, tail, PTP_TS_BUFFER_SIZE) == 0) return -ENOMEM;
- skb_shinfo(skb)->tx_flags |= SKBTX_IN_PROGRESS; desc_ptp = macb_ptp_desc(queue->bp, desc); + /* Unlikely but check */ + if (!desc_ptp) + return -EINVAL; + skb_shinfo(skb)->tx_flags |= SKBTX_IN_PROGRESS; tx_timestamp = &queue->tx_timestamps[head]; tx_timestamp->skb = skb; /* ensure ts_1/ts_2 is loaded after ctrl (TX_USED check) */
From: Shai Malin smalin@marvell.com
[ Upstream commit e543468869e2532f5d7926e8f417782b48eca3dc ]
Thanks to Kees Cook who detected the problem of memset that starting from not the first member, but sized for the whole struct. The better change will be to remove the redundant memset and to clear only the msix_cnt member.
Signed-off-by: Prabhakar Kushwaha pkushwaha@marvell.com Signed-off-by: Ariel Elior aelior@marvell.com Signed-off-by: Shai Malin smalin@marvell.com Reported-by: Kees Cook keescook@chromium.org Reviewed-by: Kees Cook keescook@chromium.org Signed-off-by: David S. Miller davem@davemloft.net Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c index d9a3c811ac8b..e93f06e4a172 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_main.c +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c @@ -1869,6 +1869,7 @@ static void qede_sync_free_irqs(struct qede_dev *edev) }
edev->int_info.used_cnt = 0; + edev->int_info.msix_cnt = 0; }
static int qede_req_msix_irqs(struct qede_dev *edev) @@ -2409,7 +2410,6 @@ static int qede_load(struct qede_dev *edev, enum qede_load_mode mode, goto out; err4: qede_sync_free_irqs(edev); - memset(&edev->int_info.msix_cnt, 0, sizeof(struct qed_int_info)); err3: qede_napi_disable_remove(edev); err2:
From: Xiaoyao Li xiaoyao.li@intel.com
[ Upstream commit c53c6b7409f4cd9e542991b53d597fbe2751d7db ]
Per SDM, bit 2:0 of CPUID(0x14,1).EAX[2:0] reports the number of configurable address ranges for filtering, not bit 1:0.
Signed-off-by: Xiaoyao Li xiaoyao.li@intel.com Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Acked-by: Alexander Shishkin alexander.shishkin@linux.intel.com Link: https://lkml.kernel.org/r/20210824040622.4081502-1-xiaoyao.li@intel.com Signed-off-by: Sasha Levin sashal@kernel.org --- arch/x86/events/intel/pt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c index e94af4a54d0d..37129b76135a 100644 --- a/arch/x86/events/intel/pt.c +++ b/arch/x86/events/intel/pt.c @@ -62,7 +62,7 @@ static struct pt_cap_desc { PT_CAP(single_range_output, 0, CPUID_ECX, BIT(2)), PT_CAP(output_subsys, 0, CPUID_ECX, BIT(3)), PT_CAP(payloads_lip, 0, CPUID_ECX, BIT(31)), - PT_CAP(num_address_ranges, 1, CPUID_EAX, 0x3), + PT_CAP(num_address_ranges, 1, CPUID_EAX, 0x7), PT_CAP(mtc_periods, 1, CPUID_EAX, 0xffff0000), PT_CAP(cycle_thresholds, 1, CPUID_EBX, 0xffff), PT_CAP(psb_periods, 1, CPUID_EBX, 0xffff0000),
From: Tuo Li islituo@gmail.com
[ Upstream commit a9e6ffbc5b7324b6639ee89028908b1e91ceed51 ]
kcalloc() is called to allocate memory for m->m_info, and if it fails, ceph_mdsmap_destroy() behind the label out_err will be called: ceph_mdsmap_destroy(m);
In ceph_mdsmap_destroy(), m->m_info is dereferenced through: kfree(m->m_info[i].export_targets);
To fix this possible null-pointer dereference, check m->m_info before the for loop to free m->m_info[i].export_targets.
[ jlayton: fix up whitespace damage only kfree(m->m_info) if it's non-NULL ]
Reported-by: TOTE Robot oslab@tsinghua.edu.cn Signed-off-by: Tuo Li islituo@gmail.com Signed-off-by: Jeff Layton jlayton@kernel.org Signed-off-by: Ilya Dryomov idryomov@gmail.com Signed-off-by: Sasha Levin sashal@kernel.org --- fs/ceph/mdsmap.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/fs/ceph/mdsmap.c b/fs/ceph/mdsmap.c index 1096d1d3a84c..47f2903bacb9 100644 --- a/fs/ceph/mdsmap.c +++ b/fs/ceph/mdsmap.c @@ -393,9 +393,11 @@ void ceph_mdsmap_destroy(struct ceph_mdsmap *m) { int i;
- for (i = 0; i < m->possible_max_rank; i++) - kfree(m->m_info[i].export_targets); - kfree(m->m_info); + if (m->m_info) { + for (i = 0; i < m->possible_max_rank; i++) + kfree(m->m_info[i].export_targets); + kfree(m->m_info); + } kfree(m->m_data_pg_pools); kfree(m); }
From: Kim Phillips kim.phillips@amd.com
[ Upstream commit 26db2e0c51fe83e1dd852c1321407835b481806e ]
Erratum #1197 "IBS (Instruction Based Sampling) Register State May be Incorrect After Restore From CC6" is published in a document:
"Revision Guide for AMD Family 19h Models 00h-0Fh Processors" 56683 Rev. 1.04 July 2021
https://bugzilla.kernel.org/show_bug.cgi?id=206537
Implement the erratum's suggested workaround and ignore IBS samples if MSRC001_1031 == 0.
Signed-off-by: Kim Phillips kim.phillips@amd.com Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Signed-off-by: Ingo Molnar mingo@kernel.org Link: https://lore.kernel.org/r/20210817221048.88063-3-kim.phillips@amd.com Signed-off-by: Sasha Levin sashal@kernel.org --- arch/x86/events/amd/ibs.c | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/arch/x86/events/amd/ibs.c b/arch/x86/events/amd/ibs.c index 40669eac9d6d..921f47b9bb24 100644 --- a/arch/x86/events/amd/ibs.c +++ b/arch/x86/events/amd/ibs.c @@ -90,6 +90,7 @@ struct perf_ibs { unsigned long offset_mask[1]; int offset_max; unsigned int fetch_count_reset_broken : 1; + unsigned int fetch_ignore_if_zero_rip : 1; struct cpu_perf_ibs __percpu *pcpu;
struct attribute **format_attrs; @@ -672,6 +673,10 @@ fail: if (check_rip && (ibs_data.regs[2] & IBS_RIP_INVALID)) { regs.flags &= ~PERF_EFLAGS_EXACT; } else { + /* Workaround for erratum #1197 */ + if (perf_ibs->fetch_ignore_if_zero_rip && !(ibs_data.regs[1])) + goto out; + set_linear_ip(®s, ibs_data.regs[1]); regs.flags |= PERF_EFLAGS_EXACT; } @@ -769,6 +774,9 @@ static __init void perf_event_ibs_init(void) if (boot_cpu_data.x86 >= 0x16 && boot_cpu_data.x86 <= 0x18) perf_ibs_fetch.fetch_count_reset_broken = 1;
+ if (boot_cpu_data.x86 == 0x19 && boot_cpu_data.x86_model < 0x10) + perf_ibs_fetch.fetch_ignore_if_zero_rip = 1; + perf_ibs_pmu_init(&perf_ibs_fetch, "ibs_fetch");
if (ibs_caps & IBS_CAPS_OPCNT) {
From: Kim Phillips kim.phillips@amd.com
[ Upstream commit ccf26483416a339c114409f6e7cd02abdeaf8052 ]
Assign pmu.module so the driver can't be unloaded whilst in use.
Signed-off-by: Kim Phillips kim.phillips@amd.com Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Signed-off-by: Ingo Molnar mingo@kernel.org Link: https://lore.kernel.org/r/20210817221048.88063-4-kim.phillips@amd.com Signed-off-by: Sasha Levin sashal@kernel.org --- arch/x86/events/amd/power.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/arch/x86/events/amd/power.c b/arch/x86/events/amd/power.c index 16a2369c586e..37d5b380516e 100644 --- a/arch/x86/events/amd/power.c +++ b/arch/x86/events/amd/power.c @@ -213,6 +213,7 @@ static struct pmu pmu_class = { .stop = pmu_event_stop, .read = pmu_event_read, .capabilities = PERF_PMU_CAP_NO_EXCLUDE, + .module = THIS_MODULE, };
static int power_cpu_exit(unsigned int cpu)
From: Christoph Hellwig hch@lst.de
[ Upstream commit 222013f9ac30b9cec44301daa8dbd0aae38abffb ]
Support for cryptoloop has been officially marked broken and deprecated in favor of dm-crypt (which supports the same broken algorithms if needed) in Linux 2.6.4 (released in March 2004), and support for it has been entirely removed from losetup in util-linux 2.23 (released in April 2013). Add a warning and a deprecation schedule.
Signed-off-by: Christoph Hellwig hch@lst.de Link: https://lore.kernel.org/r/20210827163250.255325-1-hch@lst.de Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/block/Kconfig | 4 ++-- drivers/block/cryptoloop.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/block/Kconfig b/drivers/block/Kconfig index f40ebe9f5047..f2548049aa0e 100644 --- a/drivers/block/Kconfig +++ b/drivers/block/Kconfig @@ -230,7 +230,7 @@ config BLK_DEV_LOOP_MIN_COUNT dynamically allocated with the /dev/loop-control interface.
config BLK_DEV_CRYPTOLOOP - tristate "Cryptoloop Support" + tristate "Cryptoloop Support (DEPRECATED)" select CRYPTO select CRYPTO_CBC depends on BLK_DEV_LOOP @@ -242,7 +242,7 @@ config BLK_DEV_CRYPTOLOOP WARNING: This device is not safe for journaled file systems like ext3 or Reiserfs. Please use the Device Mapper crypto module instead, which can be configured to be on-disk compatible with the - cryptoloop device. + cryptoloop device. cryptoloop support will be removed in Linux 5.16.
source "drivers/block/drbd/Kconfig"
diff --git a/drivers/block/cryptoloop.c b/drivers/block/cryptoloop.c index 3cabc335ae74..f0a91faa43a8 100644 --- a/drivers/block/cryptoloop.c +++ b/drivers/block/cryptoloop.c @@ -189,6 +189,8 @@ init_cryptoloop(void)
if (rc) printk(KERN_ERR "cryptoloop: loop_register_transfer failed\n"); + else + pr_warn("the cryptoloop driver has been deprecated and will be removed in in Linux 5.16\n"); return rc; }
From: Johnathon Clark john.clark@cantab.net
commit 93ab3eafb0b3551c54175cb38afed3b82356a047 upstream.
This patch extends support for the HP Spectre x360 14 amp enable quirk to support a model of the device with an additional subdevice ID.
Signed-off-by: Johnathon Clark john.clark@cantab.net Link: https://lore.kernel.org/r/20210823162110.8870-1-john.clark@cantab.net Cc: stable@vger.kernel.org Signed-off-by: Takashi Iwai tiwai@suse.de Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -8364,6 +8364,7 @@ static const struct snd_pci_quirk alc269 SND_PCI_QUIRK(0x103c, 0x87f2, "HP ProBook 640 G8 Notebook PC", ALC236_FIXUP_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x87f4, "HP", ALC287_FIXUP_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x87f5, "HP", ALC287_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x87f6, "HP Spectre x360 14", ALC245_FIXUP_HP_X360_AMP), SND_PCI_QUIRK(0x103c, 0x87f7, "HP Spectre x360 14", ALC245_FIXUP_HP_X360_AMP), SND_PCI_QUIRK(0x103c, 0x8805, "HP ProBook 650 G8 Notebook PC", ALC236_FIXUP_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x880d, "HP EliteBook 830 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED),
From: Takashi Iwai tiwai@suse.de
commit 13d9c6b998aaa76fd098133277a28a21f2cc2264 upstream.
ASUS ROG Strix G17 has the very same PCI and codec SSID (1043:103f) as ASUS TX300, and unfortunately, the existing quirk for TX300 is broken on ASUS ROG. Actually the device works without the quirk, so we'll need to clear the quirk before applying for this device. Since ASUS ROG has a different codec (ALC294 - while TX300 has ALC282), this patch adds a workaround for the device, just clearing the codec->fixup_id by checking the codec vendor_id.
It's a bit ugly to add such a workaround there, but it seems to be the simplest way.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=214101 Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210820143214.3654-1-tiwai@suse.de Signed-off-by: Takashi Iwai tiwai@suse.de Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- sound/pci/hda/patch_realtek.c | 10 ++++++++++ 1 file changed, 10 insertions(+)
--- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -9441,6 +9441,16 @@ static int patch_alc269(struct hda_codec
snd_hda_pick_fixup(codec, alc269_fixup_models, alc269_fixup_tbl, alc269_fixups); + /* FIXME: both TX300 and ROG Strix G17 have the same SSID, and + * the quirk breaks the latter (bko#214101). + * Clear the wrong entry. + */ + if (codec->fixup_id == ALC282_FIXUP_ASUS_TX300 && + codec->core.vendor_id == 0x10ec0294) { + codec_dbg(codec, "Clear wrong fixup for ASUS ROG Strix G17\n"); + codec->fixup_id = HDA_FIXUP_ID_NOT_SET; + } + snd_hda_pick_pin_fixup(codec, alc269_pin_fixup_tbl, alc269_fixups, true); snd_hda_pick_pin_fixup(codec, alc269_fallback_pin_fixup_tbl, alc269_fixups, false); snd_hda_pick_fixup(codec, NULL, alc269_fixup_vendor_tbl,
From: Zubin Mithra zsm@chromium.org
commit f3eef46f0518a2b32ca1244015820c35a22cfe4a upstream.
Syzkaller reported a divide error in snd_pcm_lib_ioctl. fifo_size is of type snd_pcm_uframes_t(unsigned long). If frame_size is 0x100000000, the error occurs.
Fixes: a9960e6a293e ("ALSA: pcm: fix fifo_size frame calculation") Signed-off-by: Zubin Mithra zsm@chromium.org Reviewed-by: Guenter Roeck groeck@chromium.org Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210827153735.789452-1-zsm@chromium.org Signed-off-by: Takashi Iwai tiwai@suse.de Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- sound/core/pcm_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/core/pcm_lib.c +++ b/sound/core/pcm_lib.c @@ -1746,7 +1746,7 @@ static int snd_pcm_lib_ioctl_fifo_size(s channels = params_channels(params); frame_size = snd_pcm_format_size(format, channels); if (frame_size > 0) - params->fifo_size /= (unsigned)frame_size; + params->fifo_size /= frame_size; } return 0; }
From: Vignesh Raghavendra vigneshr@ti.com
commit d4548b14dd7e5c698f81ce23ce7b69a896373b45 upstream.
k3_soc_devices array is missing a sentinel entry which may result in out of bounds access as reported by kernel KASAN.
Fix this by adding a sentinel entry.
Fixes: 439c7183e5b9 ("serial: 8250: 8250_omap: Disable RX interrupt after DMA enable") Reported-by: Naresh Kamboju naresh.kamboju@linaro.org Signed-off-by: Vignesh Raghavendra vigneshr@ti.com Link: https://lore.kernel.org/r/20201111112653.2710-1-vigneshr@ti.com Signed-off-by: Nobuhiro Iwamatsu (CIP) nobuhiro1.iwamatsu@toshiba.co.jp Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/tty/serial/8250/8250_omap.c | 1 + 1 file changed, 1 insertion(+)
--- a/drivers/tty/serial/8250/8250_omap.c +++ b/drivers/tty/serial/8250/8250_omap.c @@ -1211,6 +1211,7 @@ static int omap8250_no_handle_irq(struct static const struct soc_device_attribute k3_soc_devices[] = { { .family = "AM65X", }, { .family = "J721E", .revision = "SR1.0" }, + { /* sentinel */ } };
static struct omap8250_dma_params am654_dma = {
From: Andy Shevchenko andriy.shevchenko@linux.intel.com
commit 35f3f8504c3b60a1ae5576e178b27fc0ddd6157d upstream.
While fixing undefined behaviour the commit f60d7270c8a3 ("spi: Avoid undefined behaviour when counting unused native CSs") missed the case when all CSs are GPIOs and thus unused_native_cs will be evaluated to -1 in unsigned representation. This will falsely trigger a condition in the spi_get_gpio_descs().
Switch to signed types for *_native_cs SPI controller fields to fix above.
Fixes: f60d7270c8a3 ("spi: Avoid undefined behaviour when counting unused native CSs") Signed-off-by: Andy Shevchenko andriy.shevchenko@linux.intel.com Link: https://lore.kernel.org/r/20210510131242.49455-1-andriy.shevchenko@linux.int... Signed-off-by: Mark Brown broonie@kernel.org Signed-off-by: Nobuhiro Iwamatsu (CIP) nobuhiro1.iwamatsu@toshiba.co.jp Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- include/linux/spi/spi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
--- a/include/linux/spi/spi.h +++ b/include/linux/spi/spi.h @@ -646,8 +646,8 @@ struct spi_controller { int *cs_gpios; struct gpio_desc **cs_gpiods; bool use_gpio_descriptors; - u8 unused_native_cs; - u8 max_native_cs; + s8 unused_native_cs; + s8 max_native_cs;
/* statistics */ struct spi_statistics statistics;
From: Al Viro viro@zeniv.linux.org.uk
commit 6e3e2c4362e41a2f18e3f7a5ad81bd2f49a47b85 upstream.
inode_wrong_type(inode, mode) returns true if setting inode->i_mode to given value would've changed the inode type. We have enough of those checks open-coded to make a helper worthwhile.
Signed-off-by: Al Viro viro@zeniv.linux.org.uk Signed-off-by: Amir Goldstein amir73il@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/9p/vfs_inode.c | 4 ++-- fs/9p/vfs_inode_dotl.c | 4 ++-- fs/cifs/inode.c | 5 ++--- fs/fuse/dir.c | 6 +++--- fs/fuse/inode.c | 2 +- fs/fuse/readdir.c | 2 +- fs/nfs/inode.c | 6 +++--- fs/nfsd/nfsproc.c | 2 +- fs/overlayfs/namei.c | 4 ++-- include/linux/fs.h | 5 +++++ 10 files changed, 22 insertions(+), 18 deletions(-)
--- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c @@ -398,7 +398,7 @@ static int v9fs_test_inode(struct inode
umode = p9mode2unixmode(v9ses, st, &rdev); /* don't match inode of different type */ - if ((inode->i_mode & S_IFMT) != (umode & S_IFMT)) + if (inode_wrong_type(inode, umode)) return 0;
/* compare qid details */ @@ -1360,7 +1360,7 @@ int v9fs_refresh_inode(struct p9_fid *fi * Don't update inode if the file type is different */ umode = p9mode2unixmode(v9ses, st, &rdev); - if ((inode->i_mode & S_IFMT) != (umode & S_IFMT)) + if (inode_wrong_type(inode, umode)) goto out;
/* --- a/fs/9p/vfs_inode_dotl.c +++ b/fs/9p/vfs_inode_dotl.c @@ -59,7 +59,7 @@ static int v9fs_test_inode_dotl(struct i struct p9_stat_dotl *st = (struct p9_stat_dotl *)data;
/* don't match inode of different type */ - if ((inode->i_mode & S_IFMT) != (st->st_mode & S_IFMT)) + if (inode_wrong_type(inode, st->st_mode)) return 0;
if (inode->i_generation != st->st_gen) @@ -933,7 +933,7 @@ int v9fs_refresh_inode_dotl(struct p9_fi /* * Don't update inode if the file type is different */ - if ((inode->i_mode & S_IFMT) != (st->st_mode & S_IFMT)) + if (inode_wrong_type(inode, st->st_mode)) goto out;
/* --- a/fs/cifs/inode.c +++ b/fs/cifs/inode.c @@ -425,8 +425,7 @@ int cifs_get_inode_info_unix(struct inod }
/* if filetype is different, return error */ - if (unlikely(((*pinode)->i_mode & S_IFMT) != - (fattr.cf_mode & S_IFMT))) { + if (unlikely(inode_wrong_type(*pinode, fattr.cf_mode))) { CIFS_I(*pinode)->time = 0; /* force reval */ rc = -ESTALE; goto cgiiu_exit; @@ -1243,7 +1242,7 @@ cifs_find_inode(struct inode *inode, voi return 0;
/* don't match inode of different type */ - if ((inode->i_mode & S_IFMT) != (fattr->cf_mode & S_IFMT)) + if (inode_wrong_type(inode, fattr->cf_mode)) return 0;
/* if it's not a directory or has no dentries, then flag it */ --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -252,7 +252,7 @@ static int fuse_dentry_revalidate(struct if (ret == -ENOMEM) goto out; if (ret || fuse_invalid_attr(&outarg.attr) || - (outarg.attr.mode ^ inode->i_mode) & S_IFMT) + inode_wrong_type(inode, outarg.attr.mode)) goto invalid;
forget_all_cached_acls(inode); @@ -1062,7 +1062,7 @@ static int fuse_do_getattr(struct inode err = fuse_simple_request(fm, &args); if (!err) { if (fuse_invalid_attr(&outarg.attr) || - (inode->i_mode ^ outarg.attr.mode) & S_IFMT) { + inode_wrong_type(inode, outarg.attr.mode)) { fuse_make_bad(inode); err = -EIO; } else { @@ -1699,7 +1699,7 @@ int fuse_do_setattr(struct dentry *dentr }
if (fuse_invalid_attr(&outarg.attr) || - (inode->i_mode ^ outarg.attr.mode) & S_IFMT) { + inode_wrong_type(inode, outarg.attr.mode)) { fuse_make_bad(inode); err = -EIO; goto error; --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -340,7 +340,7 @@ retry: inode->i_generation = generation; fuse_init_inode(inode, attr); unlock_new_inode(inode); - } else if ((inode->i_mode ^ attr->mode) & S_IFMT) { + } else if (inode_wrong_type(inode, attr->mode)) { /* Inode has changed type, any I/O on the old should fail */ fuse_make_bad(inode); iput(inode); --- a/fs/fuse/readdir.c +++ b/fs/fuse/readdir.c @@ -202,7 +202,7 @@ retry: inode = d_inode(dentry); if (!inode || get_node_id(inode) != o->nodeid || - ((o->attr.mode ^ inode->i_mode) & S_IFMT)) { + inode_wrong_type(inode, o->attr.mode)) { d_invalidate(dentry); dput(dentry); goto retry; --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -322,7 +322,7 @@ nfs_find_actor(struct inode *inode, void
if (NFS_FILEID(inode) != fattr->fileid) return 0; - if ((S_IFMT & inode->i_mode) != (S_IFMT & fattr->mode)) + if (inode_wrong_type(inode, fattr->mode)) return 0; if (nfs_compare_fh(NFS_FH(inode), fh)) return 0; @@ -1446,7 +1446,7 @@ static int nfs_check_inode_attributes(st return 0; return -ESTALE; } - if ((fattr->valid & NFS_ATTR_FATTR_TYPE) && (inode->i_mode & S_IFMT) != (fattr->mode & S_IFMT)) + if ((fattr->valid & NFS_ATTR_FATTR_TYPE) && inode_wrong_type(inode, fattr->mode)) return -ESTALE;
@@ -1861,7 +1861,7 @@ static int nfs_update_inode(struct inode /* * Make sure the inode's type hasn't changed. */ - if ((fattr->valid & NFS_ATTR_FATTR_TYPE) && (inode->i_mode & S_IFMT) != (fattr->mode & S_IFMT)) { + if ((fattr->valid & NFS_ATTR_FATTR_TYPE) && inode_wrong_type(inode, fattr->mode)) { /* * Big trouble! The inode has become a different object. */ --- a/fs/nfsd/nfsproc.c +++ b/fs/nfsd/nfsproc.c @@ -376,7 +376,7 @@ nfsd_proc_create(struct svc_rqst *rqstp)
/* Make sure the type and device matches */ resp->status = nfserr_exist; - if (inode && type != (inode->i_mode & S_IFMT)) + if (inode && inode_wrong_type(inode, type)) goto out_unlock; }
--- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -366,7 +366,7 @@ int ovl_check_origin_fh(struct ovl_fs *o return PTR_ERR(origin);
if (upperdentry && !ovl_is_whiteout(upperdentry) && - ((d_inode(origin)->i_mode ^ d_inode(upperdentry)->i_mode) & S_IFMT)) + inode_wrong_type(d_inode(upperdentry), d_inode(origin)->i_mode)) goto invalid;
if (!*stackp) @@ -724,7 +724,7 @@ struct dentry *ovl_lookup_index(struct o index = ERR_PTR(-ESTALE); goto out; } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) || - ((inode->i_mode ^ d_inode(origin)->i_mode) & S_IFMT)) { + inode_wrong_type(inode, d_inode(origin)->i_mode)) { /* * Index should always be of the same file type as origin * except for the case of a whiteout index. A whiteout --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2768,6 +2768,11 @@ static inline bool execute_ok(struct ino return (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode); }
+static inline bool inode_wrong_type(const struct inode *inode, umode_t mode) +{ + return (inode->i_mode ^ mode) & S_IFMT; +} + static inline void file_start_write(struct file *file) { if (!S_ISREG(file_inode(file)->i_mode))
From: Amir Goldstein amir73il@gmail.com
commit 15db16837a35d8007cb8563358787412213db25e upstream.
Server responds to LOOKUP and other ops (READDIRPLUS/CREATE/MKNOD/...) with ourarg containing nodeid and generation.
If a fuse inode is found in inode cache with the same nodeid but different generation, the existing fuse inode should be unhashed and marked "bad" and a new inode with the new generation should be hashed instead.
This can happen, for example, with passhrough fuse filesystem that returns the real filesystem ino/generation on lookup and where real inode numbers can get recycled due to real files being unlinked not via the fuse passthrough filesystem.
With current code, this situation will not be detected and an old fuse dentry that used to point to an older generation real inode, can be used to access a completely new inode, which should be accessed only via the new dentry.
Note that because the FORGET message carries the nodeid w/o generation, the server should wait to get FORGET counts for the nlookup counts of the old and reused inodes combined, before it can free the resources associated to that nodeid.
Stable backport notes: * This is not a regression. The bug has been in fuse forever, but only a certain class of low level fuse filesystems can trigger this bug * Because there is no way to check if this fix is applied in runtime, libfuse test_examples.py tests this fix with hardcoded check for kernel version >= 5.14 * After backport to stable kernel(s), the libfuse test can be updated to also check minimal stable kernel version(s) * Depends on "fuse: fix bad inode" which is already applied to stable kernels v5.4.y and v5.10.y * Required backporting helper inode_wrong_type()
Signed-off-by: Amir Goldstein amir73il@gmail.com Signed-off-by: Miklos Szeredi mszeredi@redhat.com Cc: stable@vger.kernel.org Link: https://lore.kernel.org/linux-fsdevel/CAOQ4uxi8DymG=JO_sAU+wS8akFdzh+PuXwW3E... Signed-off-by: Amir Goldstein amir73il@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- fs/fuse/dir.c | 2 +- fs/fuse/fuse_i.h | 7 +++++++ fs/fuse/inode.c | 4 ++-- fs/fuse/readdir.c | 7 +++++-- 4 files changed, 15 insertions(+), 5 deletions(-)
--- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -252,7 +252,7 @@ static int fuse_dentry_revalidate(struct if (ret == -ENOMEM) goto out; if (ret || fuse_invalid_attr(&outarg.attr) || - inode_wrong_type(inode, outarg.attr.mode)) + fuse_stale_inode(inode, outarg.generation, &outarg.attr)) goto invalid;
forget_all_cached_acls(inode); --- a/fs/fuse/fuse_i.h +++ b/fs/fuse/fuse_i.h @@ -860,6 +860,13 @@ static inline u64 fuse_get_attr_version( return atomic64_read(&fc->attr_version); }
+static inline bool fuse_stale_inode(const struct inode *inode, int generation, + struct fuse_attr *attr) +{ + return inode->i_generation != generation || + inode_wrong_type(inode, attr->mode); +} + static inline void fuse_make_bad(struct inode *inode) { remove_inode_hash(inode); --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -340,8 +340,8 @@ retry: inode->i_generation = generation; fuse_init_inode(inode, attr); unlock_new_inode(inode); - } else if (inode_wrong_type(inode, attr->mode)) { - /* Inode has changed type, any I/O on the old should fail */ + } else if (fuse_stale_inode(inode, generation, attr)) { + /* nodeid was reused, any I/O on the old inode should fail */ fuse_make_bad(inode); iput(inode); goto retry; --- a/fs/fuse/readdir.c +++ b/fs/fuse/readdir.c @@ -200,9 +200,12 @@ retry: if (!d_in_lookup(dentry)) { struct fuse_inode *fi; inode = d_inode(dentry); + if (inode && get_node_id(inode) != o->nodeid) + inode = NULL; if (!inode || - get_node_id(inode) != o->nodeid || - inode_wrong_type(inode, o->attr.mode)) { + fuse_stale_inode(inode, o->generation, &o->attr)) { + if (inode) + fuse_make_bad(inode); d_invalidate(dentry); dput(dentry); goto retry;
From: Pavel Skripkin paskripkin@gmail.com
commit 514e97674400462cc09c459a1ddfb9bf39017223 upstream.
My local syzbot instance hit memory leak in usb_set_configuration(). The problem was in unputted usb interface. In case of errors after usb_get_intf() the reference should be putted to correclty free memory allocated for this interface.
Fixes: ec16dae5453e ("V4L/DVB (7019): V4L: add support for Syntek DC1125 webcams") Cc: stable@vger.kernel.org Signed-off-by: Pavel Skripkin paskripkin@gmail.com Signed-off-by: Hans Verkuil hverkuil-cisco@xs4all.nl Signed-off-by: Mauro Carvalho Chehab mchehab+huawei@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/media/usb/stkwebcam/stk-webcam.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/stkwebcam/stk-webcam.c +++ b/drivers/media/usb/stkwebcam/stk-webcam.c @@ -1346,7 +1346,7 @@ static int stk_camera_probe(struct usb_i if (!dev->isoc_ep) { pr_err("Could not find isoc-in endpoint\n"); err = -ENODEV; - goto error; + goto error_put; } dev->vsettings.palette = V4L2_PIX_FMT_RGB565; dev->vsettings.mode = MODE_VGA; @@ -1359,10 +1359,12 @@ static int stk_camera_probe(struct usb_i
err = stk_register_video_device(dev); if (err) - goto error; + goto error_put;
return 0;
+error_put: + usb_put_intf(interface); error: v4l2_ctrl_handler_free(hdl); v4l2_device_unregister(&dev->v4l2_dev);
Hi!
This is the start of the stable review cycle for the 5.10.63 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
CIP testing did not find any problems here:
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-5...
Tested-by: Pavel Machek (CIP) pavel@denx.de
Best regards, Pavel
On Mon, 6 Sep 2021 14:55:15 +0200, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
This is the start of the stable review cycle for the 5.10.63 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Wed, 08 Sep 2021 12:54:40 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.63-rc1... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below.
thanks,
greg k-h
5.10.63-rc1 Successfully Compiled and booted on my Raspberry PI 4b (8g) (bcm2711)
Tested-by: Fox Chen foxhlchen@gmail.com
On Mon, 6 Sept 2021 at 18:27, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
This is the start of the stable review cycle for the 5.10.63 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Wed, 08 Sep 2021 12:54:40 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.63-rc1... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below.
thanks,
greg k-h
Results from Linaro’s test farm. No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing lkft@linaro.org
## Build * kernel: 5.10.63-rc1 * git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc * git branch: linux-5.10.y * git commit: 49a2bcaf11be252cfbbd47ef9d1c3861b0a3ea95 * git describe: v5.10.62-30-g49a2bcaf11be * test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.10.y/build/v5.10....
## No regressions (compared to v5.10.62)
## No fixes (compared to v5.10.62)
## Test result summary total: 88715, pass: 74649, fail: 534, skip: 12601, xfail: 931
## Build Summary * arc: 10 total, 10 passed, 0 failed * arm: 289 total, 289 passed, 0 failed * arm64: 39 total, 39 passed, 0 failed * dragonboard-410c: 1 total, 1 passed, 0 failed * hi6220-hikey: 1 total, 1 passed, 0 failed * i386: 38 total, 38 passed, 0 failed * juno-r2: 1 total, 1 passed, 0 failed * mips: 51 total, 51 passed, 0 failed * parisc: 12 total, 12 passed, 0 failed * powerpc: 36 total, 35 passed, 1 failed * riscv: 30 total, 30 passed, 0 failed * s390: 27 total, 27 passed, 0 failed * sh: 24 total, 24 passed, 0 failed * sparc: 12 total, 12 passed, 0 failed * x15: 1 total, 1 passed, 0 failed * x86: 1 total, 1 passed, 0 failed * x86_64: 39 total, 39 passed, 0 failed
## Test suites summary * fwts * install-android-platform-tools-r2600 * kselftest-android * kselftest-arm64 * kselftest-arm64/arm64.btitest.bti_c_func * kselftest-arm64/arm64.btitest.bti_j_func * kselftest-arm64/arm64.btitest.bti_jc_func * kselftest-arm64/arm64.btitest.bti_none_func * kselftest-arm64/arm64.btitest.nohint_func * kselftest-arm64/arm64.btitest.paciasp_func * kselftest-arm64/arm64.nobtitest.bti_c_func * kselftest-arm64/arm64.nobtitest.bti_j_func * kselftest-arm64/arm64.nobtitest.bti_jc_func * kselftest-arm64/arm64.nobtitest.bti_none_func * kselftest-arm64/arm64.nobtitest.nohint_func * kselftest-arm64/arm64.nobtitest.paciasp_func * kselftest-bpf * kselftest-breakpoints * kselftest-capabilities * kselftest-cgroup * kselftest-clone3 * kselftest-core * kselftest-cpu-hotplug * kselftest-cpufreq * kselftest-drivers * kselftest-efivarfs * kselftest-filesystems * kselftest-firmware * kselftest-fpu * kselftest-futex * kselftest-gpio * kselftest-intel_pstate * kselftest-ipc * kselftest-ir * kselftest-kcmp * kselftest-kexec * kselftest-kvm * kselftest-lib * kselftest-livepatch * kselftest-membarrier * kselftest-memfd * kselftest-memory-hotplug * kselftest-mincore * kselftest-mount * kselftest-mqueue * kselftest-net * kselftest-netfilter * kselftest-nsfs * kselftest-openat2 * kselftest-pid_namespace * kselftest-pidfd * kselftest-proc * kselftest-pstore * kselftest-ptrace * kselftest-rseq * kselftest-rtc * kselftest-seccomp * kselftest-sigaltstack * kselftest-size * kselftest-splice * kselftest-static_keys * kselftest-sync * kselftest-sysctl * kselftest-tc-testing * kselftest-timens * kselftest-timers * kselftest-tmpfs * kselftest-tpm2 * kselftest-user * kselftest-vm * kselftest-x86 * kselftest-zram * kunit * kvm-unit-tests * libgpiod * libhugetlbfs * linux-log-parser * ltp-cap_bounds-tests * ltp-commands-tests * ltp-containers-tests * ltp-controllers-tests * ltp-cpuhotplug-tests * ltp-crypto-tests * ltp-cve-tests * ltp-dio-tests * ltp-fcntl-locktests-tests * ltp-filecaps-tests * ltp-fs-tests * ltp-fs_bind-tests * ltp-fs_perms_simple-tests * ltp-fsx-tests * ltp-hugetlb-tests * ltp-io-tests * ltp-ipc-tests * ltp-math-tests * ltp-mm-tests * ltp-nptl-tests * ltp-open-posix-tests * ltp-pty-tests * ltp-sched-tests * ltp-securebits-tests * ltp-syscalls-tests * ltp-tracing-tests * network-basic-tests * packetdrill * perf * perf/Zstd-perf.data-compression * rcutorture * ssuite * v4l2-compliance
-- Linaro LKFT https://lkft.linaro.org
On 2021/9/6 20:55, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.10.63 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Wed, 08 Sep 2021 12:54:40 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.63-rc1... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below.
thanks,
greg k-h
Tested on arm64 and x86 for 5.10.63-rc1,
Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Branch: linux-5.10.y Version: 5.10.63-rc1 Commit: 49a2bcaf11be252cfbbd47ef9d1c3861b0a3ea95 Compiler: gcc version 7.3.0 (GCC)
arm64: -------------------------------------------------------------------- Testcase Result Summary: total: 8907 passed: 8907 failed: 0 timeout: 0 --------------------------------------------------------------------
x86: -------------------------------------------------------------------- Testcase Result Summary: total: 8907 passed: 8907 failed: 0 timeout: 0 --------------------------------------------------------------------
Tested-by: Hulk Robot hulkrobot@huawei.com
Hi Greg,
On Mon, Sep 06, 2021 at 02:55:15PM +0200, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.10.63 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Wed, 08 Sep 2021 12:54:40 +0000. Anything received after that time might be too late.
Build test: mips (gcc version 11.1.1 20210816): 63 configs -> no new failure arm (gcc version 11.1.1 20210816): 105 configs -> no new failure arm64 (gcc version 11.1.1 20210816): 3 configs -> no failure x86_64 (gcc version 10.2.1 20210110): 4 configs -> no failure
Boot test: x86_64: Booted on my test laptop. No regression. x86_64: Booted on qemu. No regression. [1] arm64: Booted on rpi4b (4GB model). No regression. [2]
[1]. https://openqa.qa.codethink.co.uk/tests/99 [2]. https://openqa.qa.codethink.co.uk/tests/100
Tested-by: Sudip Mukherjee sudip.mukherjee@codethink.co.uk
-- Regards Sudip
On Mon, 06 Sep 2021 14:55:15 +0200, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.10.63 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Wed, 08 Sep 2021 12:54:40 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.63-rc1... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below.
thanks,
greg k-h
All tests passing for Tegra ...
Test results for stable-v5.10: 10 builds: 10 pass, 0 fail 28 boots: 28 pass, 0 fail 75 tests: 75 pass, 0 fail
Linux version: 5.10.63-rc1-g49a2bcaf11be Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000, tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000, tegra20-ventana, tegra210-p2371-2180, tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter jonathanh@nvidia.com
Jon
On 9/6/2021 5:55 AM, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.10.63 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Wed, 08 Sep 2021 12:54:40 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.63-rc1... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below.
thanks,
greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels:
Tested-by: Florian Fainelli f.fainelli@gmail.com
On 9/6/21 6:55 AM, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.10.63 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Wed, 08 Sep 2021 12:54:40 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.63-rc1... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below.
thanks,
greg k-h
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan skhan@linuxfoundation.org
thanks, -- Shuah
On Mon, Sep 06, 2021 at 02:55:15PM +0200, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.10.63 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Wed, 08 Sep 2021 12:54:40 +0000. Anything received after that time might be too late.
Build results: total: 159 pass: 159 fail: 0 Qemu test results: total: 456 pass: 456 fail: 0
Tested-by: Guenter Roeck linux@roeck-us.net
Guenter
linux-stable-mirror@lists.linaro.org
-
Florian Fainelli -
Fox Chen -
Greg Kroah-Hartman -
Guenter Roeck -
Jon Hunter -
Naresh Kamboju -
Pavel Machek -
Samuel Zou -
Shuah Khan -
Sudip Mukherjee