1. 13 Jun, 2023 1 commit
    • Darrick J. Wong's avatar
      xfs: don't deplete the reserve pool when trying to shrink the fs · 06f3ef6e
      Darrick J. Wong authored
      Every now and then, xfs/168 fails with this logged in dmesg:
      
      Reserve blocks depleted! Consider increasing reserve pool size.
      EXPERIMENTAL online shrink feature in use. Use at your own risk!
      Per-AG reservation for AG 1 failed.  Filesystem may run out of space.
      Per-AG reservation for AG 1 failed.  Filesystem may run out of space.
      Error -28 reserving per-AG metadata reserve pool.
      Corruption of in-memory data (0x8) detected at xfs_ag_shrink_space+0x23c/0x3b0 [xfs] (fs/xfs/libxfs/xfs_ag.c:1007).  Shutting down filesystem.
      
      It's silly to deplete the reserved blocks pool just to shrink the
      filesystem, particularly since the fs goes down after that.
      
      Fixes: fb2fc172 ("xfs: support shrinking unused space in the last AG")
      Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
      06f3ef6e
  2. 11 Jun, 2023 3 commits
    • Linus Torvalds's avatar
      Linux 6.4-rc6 · 858fd168
      Linus Torvalds authored
      858fd168
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v6.4_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 4c605260
      Linus Torvalds authored
      Pull x86 fix from Borislav Petkov:
      
       - Set up the kernel CS earlier in the boot process in case EFI boots
         the kernel after bypassing the decompressor and the CS descriptor
         used ends up being the EFI one which is not mapped in the identity
         page table, leading to early SEV/SNP guest communication exceptions
         resulting in the guest crashing
      
      * tag 'x86_urgent_for_v6.4_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed
      4c605260
    • Linus Torvalds's avatar
      Merge tag '6.4-rc5-smb3-server-fixes' of git://git.samba.org/ksmbd · 65d7ca59
      Linus Torvalds authored
      Pull smb server fixes from Steve French:
       "Five smb3 server fixes, all also for stable:
      
         - Fix four slab out of bounds warnings: improve checks for protocol
           id, and for small packet length, and for create context parsing,
           and for negotiate context parsing
      
         - Fix for incorrect dereferencing POSIX ACLs"
      
      * tag '6.4-rc5-smb3-server-fixes' of git://git.samba.org/ksmbd:
        ksmbd: validate smb request protocol id
        ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
        ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()
        ksmbd: fix out-of-bound read in parse_lease_state()
        ksmbd: fix out-of-bound read in deassemble_neg_contexts()
      65d7ca59
  3. 10 Jun, 2023 3 commits
    • Linus Torvalds's avatar
      Merge tag 'i2c-for-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 022ce886
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "Biggest news is that Andi Shyti steps in for maintaining the
        controller drivers. Thank you very much!
      
        Other than that, one new driver maintainer and the rest is usual
        driver bugfixes. at24 has a Kconfig dependecy fix"
      
      * tag 'i2c-for-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        MAINTAINERS: Add entries for Renesas RZ/V2M I2C driver
        eeprom: at24: also select REGMAP
        i2c: sprd: Delete i2c adapter in .remove's error path
        i2c: mv64xxx: Fix reading invalid status value in atomic mode
        i2c: designware: fix idx_write_cnt in read loop
        i2c: mchp-pci1xxxx: Avoid cast to incompatible function type
        i2c: img-scb: Fix spelling mistake "innacurate" -> "inaccurate"
        MAINTAINERS: Add myself as I2C host drivers maintainer
      022ce886
    • Linus Torvalds's avatar
      Merge tag 'soundwire-6.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire · 6be5e47b
      Linus Torvalds authored
      Pull soundwire fixes from Vinod Koul:
       "Core fix for missing flag clear, error patch handling in qcom driver
        and BIOS quirk for HP Spectre x360:
      
         - HP Spectre x360 soundwire DMI quirk
      
         - Error path handling for qcom driver
      
         - Core fix for missing clear of alloc_slave_rt"
      
      * tag 'soundwire-6.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire:
        soundwire: stream: Add missing clear of alloc_slave_rt
        soundwire: qcom: add proper error paths in qcom_swrm_startup()
        soundwire: dmi-quirks: add new mapping for HP Spectre x360
      6be5e47b
    • Linus Torvalds's avatar
      Merge tag 'arm-fixes-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 859c7459
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "Most of the changes this time are for the Qualcomm Snapdragon
        platforms.
      
        There are bug fixes for error handling in Qualcomm icc-bwmon,
        rpmh-rsc, ramp_controller and rmtfs driver as well as the AMD tee
        firmware driver and a missing initialization in the Arm ff-a firmware
        driver. The Qualcomm RPMh and EDAC drivers need some rework to work
        correctly on all supported chips.
      
        The DT fixes include:
      
         - i.MX8 fixes for gpio, pinmux and clock settings
      
         - ADS touchscreen gpio polarity settings in several machines
      
         - Address dtb warnings for caches, panel and input-enable properties
           on Qualcomm platforms
      
         - Incorrect data on qualcomm platforms fir SA8155P power domains,
           SM8550 LLCC, SC7180-lite SDRAM frequencies and SM8550 soundwire
      
         - Remoteproc firmware paths are corrected for Sony Xperia 10 IV"
      
      * tag 'arm-fixes-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (36 commits)
        firmware: arm_ffa: Set handle field to zero in memory descriptor
        ARM: dts: Fix erroneous ADS touchscreen polarities
        arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
        arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
        arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
        EDAC/qcom: Get rid of hardcoded register offsets
        EDAC/qcom: Remove superfluous return variable assignment in qcom_llcc_core_setup()
        arm64: dts: qcom: sm8550: Use the correct LLCC register scheme
        dt-bindings: cache: qcom,llcc: Fix SM8550 description
        arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards
        arm64: dts: qcom: sm8550: use uint16 for Soundwire interval
        soc: qcom: rpmhpd: Add SA8155P power domains
        arm64: dts: qcom: Split out SA8155P and use correct RPMh power domains
        dt-bindings: power: qcom,rpmpd: Add SA8155P
        soc: qcom: Rename ice to qcom_ice to avoid module name conflict
        soc: qcom: rmtfs: Fix error code in probe()
        soc: qcom: ramp_controller: Fix an error handling path in qcom_ramp_controller_probe()
        ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
        ARM: at91: pm: fix imbalanced reference counter for ethernet devices
        arm64: dts: qcom: sm6375-pdx225: Fix remoteproc firmware paths
        ...
      859c7459
  4. 09 Jun, 2023 23 commits
  5. 08 Jun, 2023 10 commits
    • Dave Airlie's avatar
      Merge tag 'amd-drm-fixes-6.4-2023-06-07' of... · b1913ff4
      Dave Airlie authored
      Merge tag 'amd-drm-fixes-6.4-2023-06-07' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
      
      amd-drm-fixes-6.4-2023-06-07:
      
      amdgpu:
      - S0ix fixes
      - GPU reset fixes
      - SMU13 fixes
      - SMU11 fixes
      - Misc Display fixes
      - Revert RV/RV2/PCO clock counter changes
      - Fix Stoney xclk value
      - Fix reserved vram debug info
      
      radeon:
      - Fix a potential use after free
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Alex Deucher <alexander.deucher@amd.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20230607213740.7723-1-alexander.deucher@amd.com
      b1913ff4
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 8d15d5e1
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "Two tiny arm64 fixes for -rc6.
      
        One fixes a build breakage when MAX_ORDER can be nonsensical if
        CONFIG_EXPERT=y and the other fixes the address masking for perf's
        page fault software events so that it is consistent amongst them:
      
         - Fix build breakage due to bogus MAX_ORDER definitions on !4k pages
      
         - Avoid masking fault address for perf software events"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: mm: pass original fault address to handle_mm_fault() in PER_VMA_LOCK block
        arm64: Remove the ARCH_FORCE_MAX_ORDER config input prompt
      8d15d5e1
    • Mike Christie's avatar
      vhost: Fix worker hangs due to missed wake up calls · 4b13cbef
      Mike Christie authored
      We can race where we have added work to the work_list, but
      vhost_task_fn has passed that check but not yet set us into
      TASK_INTERRUPTIBLE. wake_up_process will see us in TASK_RUNNING and
      just return.
      
      This bug was intoduced in commit f9010dbd ("fork, vhost: Use
      CLONE_THREAD to fix freezer/ps regression") when I moved the setting
      of TASK_INTERRUPTIBLE to simplfy the code and avoid get_signal from
      logging warnings about being in the wrong state. This moves the setting
      of TASK_INTERRUPTIBLE back to before we test if we need to stop the
      task to avoid a possible race there as well. We then have vhost_worker
      set TASK_RUNNING if it finds work similar to before.
      
      Fixes: f9010dbd ("fork, vhost: Use CLONE_THREAD to fix freezer/ps regression")
      Signed-off-by: default avatarMike Christie <michael.christie@oracle.com>
      Message-Id: <20230607192338.6041-3-michael.christie@oracle.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      4b13cbef
    • Mike Christie's avatar
      vhost: Fix crash during early vhost_transport_send_pkt calls · a284f09e
      Mike Christie authored
      If userspace does VHOST_VSOCK_SET_GUEST_CID before VHOST_SET_OWNER we
      can race where:
      1. thread0 calls vhost_transport_send_pkt -> vhost_work_queue
      2. thread1 does VHOST_SET_OWNER which calls vhost_worker_create.
      3. vhost_worker_create will set the dev->worker pointer before setting
      the worker->vtsk pointer.
      4. thread0's vhost_work_queue will see the dev->worker pointer is
      set and try to call vhost_task_wake using not yet set worker->vtsk
      pointer.
      5. We then crash since vtsk is NULL.
      
      Before commit 6e890c5d ("vhost: use vhost_tasks for worker
      threads"), we only had the worker pointer so we could just check it to
      see if VHOST_SET_OWNER has been done. After that commit we have the
      vhost_worker and vhost_task pointer, so we can now hit the bug above.
      
      This patch embeds the vhost_worker in the vhost_dev and moves the work
      list initialization back to vhost_dev_init, so we can just check the
      worker.vtsk pointer to check if VHOST_SET_OWNER has been done like
      before.
      
      Fixes: 6e890c5d ("vhost: use vhost_tasks for worker threads")
      Signed-off-by: default avatarMike Christie <michael.christie@oracle.com>
      Message-Id: <20230607192338.6041-2-michael.christie@oracle.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Reported-by: syzbot+d0d442c22fa8db45ff0e@syzkaller.appspotmail.com
      Reviewed-by: default avatarStefano Garzarella <sgarzare@redhat.com>
      a284f09e
    • Andrey Smetanin's avatar
      vhost_net: revert upend_idx only on retriable error · 1f5d2e3b
      Andrey Smetanin authored
      Fix possible virtqueue used buffers leak and corresponding stuck
      in case of temporary -EIO from sendmsg() which is produced by
      tun driver while backend device is not up.
      
      In case of no-retriable error and zcopy do not revert upend_idx
      to pass packet data (that is update used_idx in corresponding
      vhost_zerocopy_signal_used()) as if packet data has been
      transferred successfully.
      
      v2: set vq->heads[ubuf->desc].len equal to VHOST_DMA_DONE_LEN
      in case of fake successful transmit.
      Signed-off-by: default avatarAndrey Smetanin <asmetanin@yandex-team.ru>
      Message-Id: <20230424204411.24888-1-asmetanin@yandex-team.ru>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarAndrey Smetanin <asmetanin@yandex-team.ru>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      1f5d2e3b
    • Shannon Nelson's avatar
      vhost_vdpa: tell vqs about the negotiated · 376daf31
      Shannon Nelson authored
      As is done in the net, iscsi, and vsock vhost support, let the vdpa vqs
      know about the features that have been negotiated.  This allows vhost
      to more safely make decisions based on the features, such as when using
      PACKED vs split queues.
      Signed-off-by: default avatarShannon Nelson <shannon.nelson@amd.com>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      Message-Id: <20230424225031.18947-2-shannon.nelson@amd.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      376daf31
    • Dragos Tatulea's avatar
      vdpa/mlx5: Fix hang when cvq commands are triggered during device unregister · 73790bdf
      Dragos Tatulea authored
      Currently the vdpa device is unregistered after the workqueue that
      processes vq commands is disabled. However, the device unregister
      process can still send commands to the cvq (a vlan delete for example)
      which leads to a hang because the handing workqueue has been disabled
      and the command never finishes:
      
       [ 2263.095764] rcu: INFO: rcu_sched self-detected stall on CPU
       [ 2263.096307] rcu:        9-....: (5250 ticks this GP) idle=dac4/1/0x4000000000000000 softirq=111009/111009 fqs=2544
       [ 2263.097154] rcu:        (t=5251 jiffies g=393549 q=347 ncpus=10)
       [ 2263.097648] CPU: 9 PID: 94300 Comm: kworker/u20:2 Not tainted 6.3.0-rc6_for_upstream_min_debug_2023_04_14_00_02 #1
       [ 2263.098535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
       [ 2263.099481] Workqueue: mlx5_events mlx5_vhca_state_work_handler [mlx5_core]
       [ 2263.100143] RIP: 0010:virtnet_send_command+0x109/0x170
       [ 2263.100621] Code: 1d df f5 ff 85 c0 78 5c 48 8b 7b 08 e8 d0 c5 f5 ff 84 c0 75 11 eb 22 48 8b 7b 08 e8 01 b7 f5 ff 84 c0 75 15 f3 90 48 8b 7b 08 <48> 8d 74 24 04 e8 8d c5 f5 ff 48 85 c0 74 de 48 8b 83 f8 00 00 00
       [ 2263.102148] RSP: 0018:ffff888139cf36e8 EFLAGS: 00000246
       [ 2263.102624] RAX: 0000000000000000 RBX: ffff888166bea940 RCX: 0000000000000001
       [ 2263.103244] RDX: 0000000000000000 RSI: ffff888139cf36ec RDI: ffff888146763800
       [ 2263.103864] RBP: ffff888139cf3710 R08: ffff88810d201000 R09: 0000000000000000
       [ 2263.104473] R10: 0000000000000002 R11: 0000000000000003 R12: 0000000000000002
       [ 2263.105082] R13: 0000000000000002 R14: ffff888114528400 R15: ffff888166bea000
       [ 2263.105689] FS:  0000000000000000(0000) GS:ffff88852cc80000(0000) knlGS:0000000000000000
       [ 2263.106404] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       [ 2263.106925] CR2: 00007f31f394b000 CR3: 000000010615b006 CR4: 0000000000370ea0
       [ 2263.107542] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
       [ 2263.108163] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
       [ 2263.108769] Call Trace:
       [ 2263.109059]  <TASK>
       [ 2263.109320]  ? check_preempt_wakeup+0x11f/0x230
       [ 2263.109750]  virtnet_vlan_rx_kill_vid+0x5a/0xa0
       [ 2263.110180]  vlan_vid_del+0x9c/0x170
       [ 2263.110546]  vlan_device_event+0x351/0x760 [8021q]
       [ 2263.111004]  raw_notifier_call_chain+0x41/0x60
       [ 2263.111426]  dev_close_many+0xcb/0x120
       [ 2263.111808]  unregister_netdevice_many_notify+0x130/0x770
       [ 2263.112297]  ? wq_worker_running+0xa/0x30
       [ 2263.112688]  unregister_netdevice_queue+0x89/0xc0
       [ 2263.113128]  unregister_netdev+0x18/0x20
       [ 2263.113512]  virtnet_remove+0x4f/0x230
       [ 2263.113885]  virtio_dev_remove+0x31/0x70
       [ 2263.114273]  device_release_driver_internal+0x18f/0x1f0
       [ 2263.114746]  bus_remove_device+0xc6/0x130
       [ 2263.115146]  device_del+0x173/0x3c0
       [ 2263.115502]  ? kernfs_find_ns+0x35/0xd0
       [ 2263.115895]  device_unregister+0x1a/0x60
       [ 2263.116279]  unregister_virtio_device+0x11/0x20
       [ 2263.116706]  device_release_driver_internal+0x18f/0x1f0
       [ 2263.117182]  bus_remove_device+0xc6/0x130
       [ 2263.117576]  device_del+0x173/0x3c0
       [ 2263.117929]  ? vdpa_dev_remove+0x20/0x20 [vdpa]
       [ 2263.118364]  device_unregister+0x1a/0x60
       [ 2263.118752]  mlx5_vdpa_dev_del+0x4c/0x80 [mlx5_vdpa]
       [ 2263.119232]  vdpa_match_remove+0x21/0x30 [vdpa]
       [ 2263.119663]  bus_for_each_dev+0x71/0xc0
       [ 2263.120054]  vdpa_mgmtdev_unregister+0x57/0x70 [vdpa]
       [ 2263.120520]  mlx5v_remove+0x12/0x20 [mlx5_vdpa]
       [ 2263.120953]  auxiliary_bus_remove+0x18/0x30
       [ 2263.121356]  device_release_driver_internal+0x18f/0x1f0
       [ 2263.121830]  bus_remove_device+0xc6/0x130
       [ 2263.122223]  device_del+0x173/0x3c0
       [ 2263.122581]  ? devl_param_driverinit_value_get+0x29/0x90
       [ 2263.123070]  mlx5_rescan_drivers_locked+0xc4/0x2d0 [mlx5_core]
       [ 2263.123633]  mlx5_unregister_device+0x54/0x80 [mlx5_core]
       [ 2263.124169]  mlx5_uninit_one+0x54/0x150 [mlx5_core]
       [ 2263.124656]  mlx5_sf_dev_remove+0x45/0x90 [mlx5_core]
       [ 2263.125153]  auxiliary_bus_remove+0x18/0x30
       [ 2263.125560]  device_release_driver_internal+0x18f/0x1f0
       [ 2263.126052]  bus_remove_device+0xc6/0x130
       [ 2263.126451]  device_del+0x173/0x3c0
       [ 2263.126815]  mlx5_sf_dev_remove+0x39/0xf0 [mlx5_core]
       [ 2263.127318]  mlx5_sf_dev_state_change_handler+0x178/0x270 [mlx5_core]
       [ 2263.127920]  blocking_notifier_call_chain+0x5a/0x80
       [ 2263.128379]  mlx5_vhca_state_work_handler+0x151/0x200 [mlx5_core]
       [ 2263.128951]  process_one_work+0x1bb/0x3c0
       [ 2263.129355]  ? process_one_work+0x3c0/0x3c0
       [ 2263.129766]  worker_thread+0x4d/0x3c0
       [ 2263.130140]  ? process_one_work+0x3c0/0x3c0
       [ 2263.130548]  kthread+0xb9/0xe0
       [ 2263.130895]  ? kthread_complete_and_exit+0x20/0x20
       [ 2263.131349]  ret_from_fork+0x1f/0x30
       [ 2263.131717]  </TASK>
      
      The fix is to disable and destroy the workqueue after the device
      unregister. It is expected that vhost will not trigger kicks after
      the unregister. But even if it would, the wq is disabled already by
      setting the pointer to NULL (done so in the referenced commit).
      
      Fixes: ad6dc1da ("vdpa/mlx5: Avoid processing works if workqueue was destroyed")
      Signed-off-by: default avatarDragos Tatulea <dtatulea@nvidia.com>
      Message-Id: <20230516095800.3549932-1-dtatulea@nvidia.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Reviewed-by: default avatarTariq Toukan <tariqt@nvidia.com>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      73790bdf
    • Rong Tao's avatar
      tools/virtio: Add .gitignore for ringtest · c66dbc39
      Rong Tao authored
      Ignore executables for ringtest.
      Signed-off-by: default avatarRong Tao <rongtao@cestc.cn>
      Message-Id: <tencent_C121802C93CB4095C6D7D95113442E830A07@qq.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      c66dbc39
    • Rong Tao's avatar
      tools/virtio: Fix arm64 ringtest compilation error · 57380fd1
      Rong Tao authored
      Add cpu_relax() for arm64 instead of directly assert(), and add assert.h
      header file. Also, add smp_wmb and smp_mb for arm64.
      
      Compilation error as follows, avoid __always_inline undefined.
      
          $ make
          cc -Wall -pthread -O2 -ggdb -flto -fwhole-program -c -o ring.o ring.c
          In file included from ring.c:10:
          main.h: In function ‘busy_wait’:
          main.h:99:21: warning: implicit declaration of function ‘assert’
          [-Wimplicit-function-declaration]
          99 | #define cpu_relax() assert(0)
              |                     ^~~~~~
          main.h:107:17: note: in expansion of macro ‘cpu_relax’
          107 |                 cpu_relax();
              |                 ^~~~~~~~~
          main.h:12:1: note: ‘assert’ is defined in header ‘<assert.h>’; did you
          forget to ‘#include <assert.h>’?
          11 | #include <stdbool.h>
          +++ |+#include <assert.h>
          12 |
          main.h: At top level:
          main.h:143:23: error: expected ‘;’ before ‘void’
          143 | static __always_inline
              |                       ^
              |                       ;
          144 | void __read_once_size(const volatile void *p, void *res, int
          size)
              | ~~~~
          main.h:158:23: error: expected ‘;’ before ‘void’
          158 | static __always_inline void __write_once_size(volatile void *p,
          void *res, int size)
              |                       ^~~~~
              |                       ;
          make: *** [<builtin>: ring.o] Error 1
      Signed-off-by: default avatarRong Tao <rongtao@cestc.cn>
      Message-Id: <tencent_F53E159DD7925174445D830DA19FACF44B07@qq.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      57380fd1
    • Sheng Zhao's avatar
      vduse: avoid empty string for dev name · a90e8608
      Sheng Zhao authored
      Syzkaller hits a kernel WARN when the first character of the dev name
      provided is NULL. Solution is to add a NULL check before calling
      cdev_device_add() in vduse_create_dev().
      
      kobject: (0000000072042169): attempted to be registered with empty name!
      WARNING: CPU: 0 PID: 112695 at lib/kobject.c:236
      Call Trace:
       kobject_add_varg linux/src/lib/kobject.c:390 [inline]
       kobject_add+0xf6/0x150 linux/src/lib/kobject.c:442
       device_add+0x28f/0xc20 linux/src/drivers/base/core.c:2167
       cdev_device_add+0x83/0xc0 linux/src/fs/char_dev.c:546
       vduse_create_dev linux/src/drivers/vdpa/vdpa_user/vduse_dev.c:2254 [inline]
       vduse_ioctl+0x7b5/0xf30 linux/src/drivers/vdpa/vdpa_user/vduse_dev.c:2316
       vfs_ioctl linux/src/fs/ioctl.c:47 [inline]
       file_ioctl linux/src/fs/ioctl.c:510 [inline]
       do_vfs_ioctl+0x14b/0xa80 linux/src/fs/ioctl.c:697
       ksys_ioctl+0x7c/0xa0 linux/src/fs/ioctl.c:714
       __do_sys_ioctl linux/src/fs/ioctl.c:721 [inline]
       __se_sys_ioctl linux/src/fs/ioctl.c:719 [inline]
       __x64_sys_ioctl+0x42/0x50 linux/src/fs/ioctl.c:719
       do_syscall_64+0x94/0x330 linux/src/arch/x86/entry/common.c:291
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Fixes: c8a6153b ("vduse: Introduce VDUSE - vDPA Device in Userspace")
      Cc: "Xie Yongji" <xieyongji@bytedance.com>
      Reported-by: default avatarXianjun Zeng <zengxianjun@bytedance.com>
      Signed-off-by: default avatarSheng Zhao <sheng.zhao@bytedance.com>
      Message-Id: <20230530033626.1266794-1-sheng.zhao@bytedance.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      Reviewed-by: default avatarXie Yongji <xieyongji@bytedance.com>
      Cc: "Michael S. Tsirkin"<mst@redhat.com>, "Jason Wang"<jasowang@redhat.com>,
      Reviewed-by: default avatarXie Yongji <xieyongji@bytedance.com>
      a90e8608