1. 26 Oct, 2021 7 commits
  2. 25 Oct, 2021 14 commits
  3. 24 Oct, 2021 7 commits
    • Zheyu Ma's avatar
      ata: sata_mv: Fix the error handling of mv_chip_id() · a0023bb9
      Zheyu Ma authored
      mv_init_host() propagates the value returned by mv_chip_id() which in turn
      gets propagated by mv_pci_init_one() and hits local_pci_probe().
      
      During the process of driver probing, the probe function should return < 0
      for failure, otherwise, the kernel will treat value > 0 as success.
      
      Since this is a bug rather than a recoverable runtime error we should
      use dev_alert() instead of dev_err().
      Signed-off-by: default avatarZheyu Ma <zheyuma97@gmail.com>
      Signed-off-by: default avatarDamien Le Moal <damien.lemoal@opensource.wdc.com>
      a0023bb9
    • Linus Torvalds's avatar
      Revert "mm/secretmem: use refcount_t instead of atomic_t" · 87066fdd
      Linus Torvalds authored
      This reverts commit 11086054.
      
      Converting the "secretmem_users" counter to a refcount is incorrect,
      because a refcount is special in zero and can't just be incremented (but
      a count of users is not, and "no users" is actually perfectly valid and
      not a sign of a free'd resource).
      
      Reported-by: syzbot+75639e6a0331cd61d3e2@syzkaller.appspotmail.com
      Cc: Jordy Zomer <jordy@pwning.systems>
      Cc: Kees Cook <keescook@chromium.org>,
      Cc: Jordy Zomer <jordy@jordyzomer.github.io>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Mike Rapoport <rppt@kernel.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      87066fdd
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · b20078fd
      Linus Torvalds authored
      Pull autofs fix from Al Viro:
       "Fix for a braino of mine (in getting rid of open-coded
        dentry_path_raw() in autofs a couple of cycles ago).
      
        Mea culpa...  Obvious -stable fodder"
      
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        autofs: fix wait name hash calculation in autofs_wait()
      b20078fd
    • Linus Torvalds's avatar
      Merge tag 'sched_urgent_for_v5.15_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 6c62666d
      Linus Torvalds authored
      Pull scheduler fix from Borislav Petkov:
       "Reset clang's Shadow Call Stack on hotplug to prevent it from
        overflowing"
      
      * tag 'sched_urgent_for_v5.15_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/scs: Reset the shadow stack when idle_task_exit
      6c62666d
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v5.15_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 16bc1776
      Linus Torvalds authored
      Pull x86 fix from Borislav Petkov:
       "A single change adding Dave Hansen to our maintainers team"
      
      * tag 'x86_urgent_for_v5.15_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        MAINTAINERS: Add Dave Hansen to the x86 maintainer team
      16bc1776
    • Linus Torvalds's avatar
      Merge tag '5.15-rc6-ksmbd-fixes' of git://git.samba.org/ksmbd · c460e789
      Linus Torvalds authored
      Pull ksmbd fixes from Steve French:
       "Ten fixes for the ksmbd kernel server, for improved security and
        additional buffer overflow checks:
      
         - a security improvement to session establishment to reduce the
           possibility of dictionary attacks
      
         - fix to ensure that maximum i/o size negotiated in the protocol is
           not less than 64K and not more than 8MB to better match expected
           behavior
      
         - fix for crediting (flow control) important to properly verify that
           sufficient credits are available for the requested operation
      
         - seven additional buffer overflow, buffer validation checks"
      
      * tag '5.15-rc6-ksmbd-fixes' of git://git.samba.org/ksmbd:
        ksmbd: add buffer validation in session setup
        ksmbd: throttle session setup failures to avoid dictionary attacks
        ksmbd: validate OutputBufferLength of QUERY_DIR, QUERY_INFO, IOCTL requests
        ksmbd: validate credit charge after validating SMB2 PDU body size
        ksmbd: add buffer validation for smb direct
        ksmbd: limit read/write/trans buffer size not to exceed 8MB
        ksmbd: validate compound response buffer
        ksmbd: fix potencial 32bit overflow from data area check in smb2_write
        ksmbd: improve credits management
        ksmbd: add validation in smb2_ioctl
      c460e789
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 0f386a60
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Ten fixes, seven of which are in drivers.
      
        The core fixes are one to fix a potential crash on resume, one to sort
        out our reference count releases to avoid releasing in-use modules and
        one to adjust the cmd per lun calculation to avoid an overflow in
        hyper-v"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: ufs: ufs-pci: Force a full restore after suspend-to-disk
        scsi: qla2xxx: Fix unmap of already freed sgl
        scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()
        scsi: qla2xxx: Return -ENOMEM if kzalloc() fails
        scsi: sd: Fix crashes in sd_resume_runtime()
        scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs
        scsi: core: Put LLD module refcnt after SCSI device is released
        scsi: storvsc: Fix validation for unsolicited incoming packets
        scsi: iscsi: Fix set_param() handling
        scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
      0f386a60
  4. 23 Oct, 2021 2 commits
  5. 22 Oct, 2021 10 commits
    • Linus Torvalds's avatar
      Merge tag 'fuse-fixes-5.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse · 5ab2ed0a
      Linus Torvalds authored
      Pull fuse fixes from Miklos Szeredi:
       "Syzbot discovered a race in case of reusing the fuse sb (introduced in
        this cycle).
      
        Fix it by doing the s_fs_info initialization at the proper place"
      
      * tag 'fuse-fixes-5.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
        fuse: clean up error exits in fuse_fill_super()
        fuse: always initialize sb->s_fs_info
        fuse: clean up fuse_mount destruction
        fuse: get rid of fuse_put_super()
        fuse: check s_root when destroying sb
      5ab2ed0a
    • Linus Torvalds's avatar
      Merge tag 'hyperv-fixes-signed-20211022' of... · 477b4e80
      Linus Torvalds authored
      Merge tag 'hyperv-fixes-signed-20211022' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux
      
      Pull hyper-v fix from Wei Liu:
      
       - Fix vmbus ARM64 build (Arnd Bergmann)
      
      * tag 'hyperv-fixes-signed-20211022' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
        hyperv/vmbus: include linux/bitops.h
      477b4e80
    • Arnd Bergmann's avatar
      hyperv/vmbus: include linux/bitops.h · 8017c996
      Arnd Bergmann authored
      On arm64 randconfig builds, hyperv sometimes fails with this
      error:
      
      In file included from drivers/hv/hv_trace.c:3:
      In file included from drivers/hv/hyperv_vmbus.h:16:
      In file included from arch/arm64/include/asm/sync_bitops.h:5:
      arch/arm64/include/asm/bitops.h:11:2: error: only <linux/bitops.h> can be included directly
      In file included from include/asm-generic/bitops/hweight.h:5:
      include/asm-generic/bitops/arch_hweight.h:9:9: error: implicit declaration of function '__sw_hweight32' [-Werror,-Wimplicit-function-declaration]
      include/asm-generic/bitops/atomic.h:17:7: error: implicit declaration of function 'BIT_WORD' [-Werror,-Wimplicit-function-declaration]
      
      Include the correct header first.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Link: https://lore.kernel.org/r/20211018131929.2260087-1-arnd@kernel.orgSigned-off-by: default avatarWei Liu <wei.liu@kernel.org>
      8017c996
    • Linus Torvalds's avatar
      Merge tag 'acpi-5.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 1d4590f5
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These fix two regressions, one related to ACPI power resources
        management and one that broke ACPI tools compilation.
      
        Specifics:
      
         - Stop turning off unused ACPI power resources in an unknown state to
           address a regression introduced during the 5.14 cycle (Rafael
           Wysocki).
      
         - Fix an ACPI tools build issue introduced recently when the minimal
           stdarg.h was added (Miguel Bernal Marin)"
      
      * tag 'acpi-5.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: PM: Do not turn off power resources in unknown state
        ACPI: tools: fix compilation error
      1d4590f5
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · cd82c4a7
      Linus Torvalds authored
      Pull more x86 kvm fixes from Paolo Bonzini:
      
       - Cache coherency fix for SEV live migration
      
       - Fix for instruction emulation with PKU
      
       - fixes for rare delaying of interrupt delivery
      
       - fix for SEV-ES buffer overflow
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed
        KVM: SEV-ES: keep INS functions together
        KVM: x86: remove unnecessary arguments from complete_emulator_pio_in
        KVM: x86: split the two parts of emulator_pio_in
        KVM: SEV-ES: clean up kvm_sev_es_ins/outs
        KVM: x86: leave vcpu->arch.pio.count alone in emulator_pio_in_out
        KVM: SEV-ES: rename guest_ins_data to sev_pio_data
        KVM: SEV: Flush cache on non-coherent systems before RECEIVE_UPDATE_DATA
        KVM: MMU: Reset mmu->pkru_mask to avoid stale data
        KVM: nVMX: promptly process interrupts delivered while in guest mode
        KVM: x86: check for interrupts before deciding whether to exit the fast path
      cd82c4a7
    • Rafael J. Wysocki's avatar
      Merge branch 'acpi-tools' · 7a748900
      Rafael J. Wysocki authored
      Merge a fix for a recent ACPI tools bild regresson.
      
      * acpi-tools:
        ACPI: tools: fix compilation error
      7a748900
    • Paolo Bonzini's avatar
      KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed · 95e16b47
      Paolo Bonzini authored
      The PIO scratch buffer is larger than a single page, and therefore
      it is not possible to copy it in a single step to vcpu->arch/pio_data.
      Bound each call to emulator_pio_in/out to a single page; keep
      track of how many I/O operations are left in vcpu->arch.sev_pio_count,
      so that the operation can be restarted in the complete_userspace_io
      callback.
      
      For OUT, this means that the previous kvm_sev_es_outs implementation
      becomes an iterator of the loop, and we can consume the sev_pio_data
      buffer before leaving to userspace.
      
      For IN, instead, consuming the buffer and decreasing sev_pio_count
      is always done in the complete_userspace_io callback, because that
      is when the memcpy is done into sev_pio_data.
      
      Cc: stable@vger.kernel.org
      Fixes: 7ed9abfe ("KVM: SVM: Support string IO operations for an SEV-ES guest")
      Reported-by: default avatarFelix Wilhelm <fwilhelm@google.com>
      Reviewed-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      95e16b47
    • Paolo Bonzini's avatar
      KVM: SEV-ES: keep INS functions together · 4fa4b38d
      Paolo Bonzini authored
      Make the diff a little nicer when we actually get to fixing
      the bug.  No functional change intended.
      
      Cc: stable@vger.kernel.org
      Fixes: 7ed9abfe ("KVM: SVM: Support string IO operations for an SEV-ES guest")
      Reviewed-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      4fa4b38d
    • Paolo Bonzini's avatar
      KVM: x86: remove unnecessary arguments from complete_emulator_pio_in · 6b5efc93
      Paolo Bonzini authored
      complete_emulator_pio_in can expect that vcpu->arch.pio has been filled in,
      and therefore does not need the size and count arguments.  This makes things
      nicer when the function is called directly from a complete_userspace_io
      callback.
      
      No functional change intended.
      
      Cc: stable@vger.kernel.org
      Fixes: 7ed9abfe ("KVM: SVM: Support string IO operations for an SEV-ES guest")
      Reviewed-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      6b5efc93
    • Paolo Bonzini's avatar
      KVM: x86: split the two parts of emulator_pio_in · 3b27de27
      Paolo Bonzini authored
      emulator_pio_in handles both the case where the data is pending in
      vcpu->arch.pio.count, and the case where I/O has to be done via either
      an in-kernel device or a userspace exit.  For SEV-ES we would like
      to split these, to identify clearly the moment at which the
      sev_pio_data is consumed.  To this end, create two different
      functions: __emulator_pio_in fills in vcpu->arch.pio.count, while
      complete_emulator_pio_in clears it and releases vcpu->arch.pio.data.
      
      Because this patch has to be backported, things are left a bit messy.
      kernel_pio() operates on vcpu->arch.pio, which leads to emulator_pio_in()
      having with two calls to complete_emulator_pio_in().  It will be fixed
      in the next release.
      
      While at it, remove the unused void* val argument of emulator_pio_in_out.
      The function currently hardcodes vcpu->arch.pio_data as the
      source/destination buffer, which sucks but will be fixed after the more
      severe SEV-ES buffer overflow.
      
      No functional change intended.
      
      Cc: stable@vger.kernel.org
      Fixes: 7ed9abfe ("KVM: SVM: Support string IO operations for an SEV-ES guest")
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      3b27de27