1. 15 Jun, 2022 2 commits
  2. 14 Jun, 2022 4 commits
    • Linus Torvalds's avatar
      netfs: fix up netfs_inode_init() docbook comment · 018ab4fa
      Linus Torvalds authored
      Commit e81fb419 ("netfs: Further cleanups after struct netfs_inode
      wrapper introduced") changed the argument types and names, and actually
      updated the comment too (although that was thanks to David Howells, not
      me: my original patch only changed the code).
      
      But the comment fixup didn't go quite far enough, and didn't change the
      argument name in the comment, resulting in
      
        include/linux/netfs.h:314: warning: Function parameter or member 'ctx' not described in 'netfs_inode_init'
        include/linux/netfs.h:314: warning: Excess function parameter 'inode' description in 'netfs_inode_init'
      
      during htmldoc generation.
      
      Fixes: e81fb419 ("netfs: Further cleanups after struct netfs_inode wrapper introduced")
      Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      018ab4fa
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 24625f7d
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "While last week's pull request contained miscellaneous fixes for x86,
        this one covers other architectures, selftests changes, and a bigger
        series for APIC virtualization bugs that were discovered during 5.20
        development. The idea is to base 5.20 development for KVM on top of
        this tag.
      
        ARM64:
      
         - Properly reset the SVE/SME flags on vcpu load
      
         - Fix a vgic-v2 regression regarding accessing the pending state of a
           HW interrupt from userspace (and make the code common with vgic-v3)
      
         - Fix access to the idreg range for protected guests
      
         - Ignore 'kvm-arm.mode=protected' when using VHE
      
         - Return an error from kvm_arch_init_vm() on allocation failure
      
         - A bunch of small cleanups (comments, annotations, indentation)
      
        RISC-V:
      
         - Typo fix in arch/riscv/kvm/vmid.c
      
         - Remove broken reference pattern from MAINTAINERS entry
      
        x86-64:
      
         - Fix error in page tables with MKTME enabled
      
         - Dirty page tracking performance test extended to running a nested
           guest
      
         - Disable APICv/AVIC in cases that it cannot implement correctly"
      
      [ This merge also fixes a misplaced end parenthesis bug introduced in
        commit 3743c2f0 ("KVM: x86: inhibit APICv/AVIC on changes to APIC
        ID or APIC base") pointed out by Sean Christopherson ]
      
      Link: https://lore.kernel.org/all/20220610191813.371682-1-seanjc@google.com/
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (34 commits)
        KVM: selftests: Restrict test region to 48-bit physical addresses when using nested
        KVM: selftests: Add option to run dirty_log_perf_test vCPUs in L2
        KVM: selftests: Clean up LIBKVM files in Makefile
        KVM: selftests: Link selftests directly with lib object files
        KVM: selftests: Drop unnecessary rule for STATIC_LIBS
        KVM: selftests: Add a helper to check EPT/VPID capabilities
        KVM: selftests: Move VMX_EPT_VPID_CAP_AD_BITS to vmx.h
        KVM: selftests: Refactor nested_map() to specify target level
        KVM: selftests: Drop stale function parameter comment for nested_map()
        KVM: selftests: Add option to create 2M and 1G EPT mappings
        KVM: selftests: Replace x86_page_size with PG_LEVEL_XX
        KVM: x86: SVM: fix nested PAUSE filtering when L0 intercepts PAUSE
        KVM: x86: SVM: drop preempt-safe wrappers for avic_vcpu_load/put
        KVM: x86: disable preemption around the call to kvm_arch_vcpu_{un|}blocking
        KVM: x86: disable preemption while updating apicv inhibition
        KVM: x86: SVM: fix avic_kick_target_vcpus_fast
        KVM: x86: SVM: remove avic's broken code that updated APIC ID
        KVM: x86: inhibit APICv/AVIC on changes to APIC ID or APIC base
        KVM: x86: document AVIC/APICv inhibit reasons
        KVM: x86/mmu: Set memory encryption "value", not "mask", in shadow PDPTRs
        ...
      24625f7d
    • Linus Torvalds's avatar
      Merge tag 'x86-bugs-2022-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 8e8afafb
      Linus Torvalds authored
      Pull x86 MMIO stale data fixes from Thomas Gleixner:
       "Yet another hw vulnerability with a software mitigation: Processor
        MMIO Stale Data.
      
        They are a class of MMIO-related weaknesses which can expose stale
        data by propagating it into core fill buffers. Data which can then be
        leaked using the usual speculative execution methods.
      
        Mitigations include this set along with microcode updates and are
        similar to MDS and TAA vulnerabilities: VERW now clears those buffers
        too"
      
      * tag 'x86-bugs-2022-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/speculation/mmio: Print SMT warning
        KVM: x86/speculation: Disable Fill buffer clear within guests
        x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
        x86/speculation/srbds: Update SRBDS mitigation selection
        x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
        x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
        x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
        x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
        x86/speculation: Add a common function for MD_CLEAR mitigation update
        x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
        Documentation: Add documentation for Processor MMIO Stale Data
      8e8afafb
    • Christian Brauner's avatar
      fs: account for group membership · 168f9128
      Christian Brauner authored
      When calling setattr_prepare() to determine the validity of the
      attributes the ia_{g,u}id fields contain the value that will be written
      to inode->i_{g,u}id. This is exactly the same for idmapped and
      non-idmapped mounts and allows callers to pass in the values they want
      to see written to inode->i_{g,u}id.
      
      When group ownership is changed a caller whose fsuid owns the inode can
      change the group of the inode to any group they are a member of. When
      searching through the caller's groups we need to use the gid mapped
      according to the idmapped mount otherwise we will fail to change
      ownership for unprivileged users.
      
      Consider a caller running with fsuid and fsgid 1000 using an idmapped
      mount that maps id 65534 to 1000 and 65535 to 1001. Consequently, a file
      owned by 65534:65535 in the filesystem will be owned by 1000:1001 in the
      idmapped mount.
      
      The caller now requests the gid of the file to be changed to 1000 going
      through the idmapped mount. In the vfs we will immediately map the
      requested gid to the value that will need to be written to inode->i_gid
      and place it in attr->ia_gid. Since this idmapped mount maps 65534 to
      1000 we place 65534 in attr->ia_gid.
      
      When we check whether the caller is allowed to change group ownership we
      first validate that their fsuid matches the inode's uid. The
      inode->i_uid is 65534 which is mapped to uid 1000 in the idmapped mount.
      Since the caller's fsuid is 1000 we pass the check.
      
      We now check whether the caller is allowed to change inode->i_gid to the
      requested gid by calling in_group_p(). This will compare the passed in
      gid to the caller's fsgid and search the caller's additional groups.
      
      Since we're dealing with an idmapped mount we need to pass in the gid
      mapped according to the idmapped mount. This is akin to checking whether
      a caller is privileged over the future group the inode is owned by. And
      that needs to take the idmapped mount into account. Note, all helpers
      are nops without idmapped mounts.
      
      New regression test sent to xfstests.
      
      Link: https://github.com/lxc/lxd/issues/10537
      Link: https://lore.kernel.org/r/20220613111517.2186646-1-brauner@kernel.org
      Fixes: 2f221d6f ("attr: handle idmapped mounts")
      Cc: Seth Forshee <sforshee@digitalocean.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Aleksa Sarai <cyphar@cyphar.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: stable@vger.kernel.org # 5.15+
      CC: linux-fsdevel@vger.kernel.org
      Reviewed-by: default avatarSeth Forshee <sforshee@digitalocean.com>
      Signed-off-by: default avatarChristian Brauner (Microsoft) <brauner@kernel.org>
      168f9128
  3. 12 Jun, 2022 10 commits
  4. 11 Jun, 2022 9 commits
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v5.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · 7a68065e
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
       "A set of fixes. Most address the new warning we emit at build time
        when irq chips are not immutable with some additional tweaks to
        gpio-crystalcove from Andy and a small tweak to gpio-dwapd.
      
         - make irq_chip structs immutable in several Diolan and intel drivers
           to get rid of the new warning we emit when fiddling with irq chips
      
         - don't print error messages on probe deferral in gpio-dwapb"
      
      * tag 'gpio-fixes-for-v5.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: dwapb: Don't print error on -EPROBE_DEFER
        gpio: dln2: make irq_chip immutable
        gpio: sch: make irq_chip immutable
        gpio: merrifield: make irq_chip immutable
        gpio: wcove: make irq_chip immutable
        gpio: crystalcove: Join function declarations and long lines
        gpio: crystalcove: Use specific type and API for IRQ number
        gpio: crystalcove: make irq_chip immutable
      7a68065e
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · cecb3540
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Driver fixes and and one core patch.
      
        Nine of the driver patches are minor fixes and reworks to lpfc and the
        rest are trivial and minor fixes elsewhere"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: pmcraid: Fix missing resource cleanup in error case
        scsi: ipr: Fix missing/incorrect resource cleanup in error case
        scsi: mpt3sas: Fix out-of-bounds compiler warning
        scsi: lpfc: Update lpfc version to 14.2.0.4
        scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion
        scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds
        scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
        scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted
        scsi: lpfc: Address NULL pointer dereference after starget_to_rport()
        scsi: lpfc: Resolve some cleanup issues following SLI path refactoring
        scsi: lpfc: Resolve some cleanup issues following abort path refactoring
        scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event()
        scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
        scsi: sd: Fix interpretation of VPD B9h length
      cecb3540
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · abe71eb3
      Linus Torvalds authored
      Pull virtio fixes from Michael Tsirkin:
       "Fixes all over the place, most notably fixes for latent bugs in
        drivers that got exposed by suppressing interrupts before DRIVER_OK,
        which in turn has been done by 8b4ec69d ("virtio: harden vring
        IRQ")"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        um: virt-pci: set device ready in probe()
        vdpa: make get_vq_group and set_group_asid optional
        virtio: Fix all occurences of the "the the" typo
        vduse: Fix NULL pointer dereference on sysfs access
        vringh: Fix loop descriptors check in the indirect cases
        vdpa/mlx5: clean up indenting in handle_ctrl_vlan()
        vdpa/mlx5: fix error code for deleting vlan
        virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
        vdpa/mlx5: Fix syntax errors in comments
        virtio-rng: make device ready before making request
      abe71eb3
    • Linus Torvalds's avatar
      Merge tag 'loongarch-fixes-5.19-1' of... · 0678afa6
      Linus Torvalds authored
      Merge tag 'loongarch-fixes-5.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
      
      Pull LoongArch fixes from Huacai Chen.
       "Fix build errors and a stale comment"
      
      * tag 'loongarch-fixes-5.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson:
        LoongArch: Remove MIPS comment about cycle counter
        LoongArch: Fix copy_thread() build errors
        LoongArch: Fix the !CONFIG_SMP build
      0678afa6
    • Linus Torvalds's avatar
      iov_iter: fix build issue due to possible type mis-match · 1c27f1fc
      Linus Torvalds authored
      Commit 6c776766 ("iov_iter: Fix iter_xarray_get_pages{,_alloc}()")
      introduced a problem on some 32-bit architectures (at least arm, xtensa,
      csky,sparc and mips), that have a 'size_t' that is 'unsigned int'.
      
      The reason is that we now do
      
          min(nr * PAGE_SIZE - offset, maxsize);
      
      where 'nr' and 'offset' and both 'unsigned int', and PAGE_SIZE is
      'unsigned long'.  As a result, the normal C type rules means that the
      first argument to 'min()' ends up being 'unsigned long'.
      
      In contrast, 'maxsize' is of type 'size_t'.
      
      Now, 'size_t' and 'unsigned long' are always the same physical type in
      the kernel, so you'd think this doesn't matter, and from an actual
      arithmetic standpoint it doesn't.
      
      But on 32-bit architectures 'size_t' is commonly 'unsigned int', even if
      it could also be 'unsigned long'.  In that situation, both are unsigned
      32-bit types, but they are not the *same* type.
      
      And as a result 'min()' will complain about the distinct types (ignore
      the "pointer types" part of the error message: that's an artifact of the
      way we have made 'min()' check types for being the same):
      
        lib/iov_iter.c: In function 'iter_xarray_get_pages':
        include/linux/minmax.h:20:35: error: comparison of distinct pointer types lacks a cast [-Werror]
           20 |         (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
              |                                   ^~
        lib/iov_iter.c:1464:16: note: in expansion of macro 'min'
         1464 |         return min(nr * PAGE_SIZE - offset, maxsize);
              |                ^~~
      
      This was not visible on 64-bit architectures (where we always define
      'size_t' to be 'unsigned long').
      
      Force these cases to use 'min_t(size_t, x, y)' to make the type explicit
      and avoid the issue.
      
      [ Nit-picky note: technically 'size_t' doesn't have to match 'unsigned
        long' arithmetically. We've certainly historically seen environments
        with 16-bit address spaces and 32-bit 'unsigned long'.
      
        Similarly, even in 64-bit modern environments, 'size_t' could be its
        own type distinct from 'unsigned long', even if it were arithmetically
        identical.
      
        So the above type commentary is only really descriptive of the kernel
        environment, not some kind of universal truth for the kinds of wild
        and crazy situations that are allowed by the C standard ]
      Reported-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
      Link: https://lore.kernel.org/all/YqRyL2sIqQNDfky2@debian/
      Cc: Jeff Layton <jlayton@kernel.org>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1c27f1fc
    • Jason A. Donenfeld's avatar
      wireguard: selftests: use maximum cpu features and allow rng seeding · 17b0128a
      Jason A. Donenfeld authored
      By forcing the maximum CPU that QEMU has available, we expose additional
      capabilities, such as the RNDR instruction, which increases test
      coverage. This then allows the CI to skip the fake seeding step in some
      cases. Also enable STRICT_KERNEL_RWX to catch issues related to early
      jump labels when the RNG is initialized at boot.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      17b0128a
    • Kuan-Ying Lee's avatar
      scripts/gdb: change kernel config dumping method · 1f7a6cf6
      Kuan-Ying Lee authored
      MAGIC_START("IKCFG_ST") and MAGIC_END("IKCFG_ED") are moved out
      from the kernel_config_data variable.
      
      Thus, we parse kernel_config_data directly instead of considering
      offset of MAGIC_START and MAGIC_END.
      
      Fixes: 13610aa9 ("kernel/configs: use .incbin directive to embed config_data.gz")
      Signed-off-by: default avatarKuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      1f7a6cf6
    • Vincent Whitchurch's avatar
      um: virt-pci: set device ready in probe() · eacea844
      Vincent Whitchurch authored
      Call virtio_device_ready() to make this driver work after commit
      b4ec69d7e09 ("virtio: harden vring IRQ"), since the driver uses the
      virtqueues in the probe function.  (The virtio core sets the device
      ready when probe returns.)
      
      Fixes: 8b4ec69d ("virtio: harden vring IRQ")
      Fixes: 68f5d3f3 ("um: add PCI over virtio emulation driver")
      Signed-off-by: default avatarVincent Whitchurch <vincent.whitchurch@axis.com>
      Message-Id: <20220610151203.3492541-1-vincent.whitchurch@axis.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Tested-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      eacea844
    • Linus Torvalds's avatar
      Merge tag 'nfsd-5.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux · 0885eacd
      Linus Torvalds authored
      Pull nfsd fixes from Chuck Lever:
       "Notable changes:
      
         - There is now a backup maintainer for NFSD
      
        Notable fixes:
      
         - Prevent array overruns in svc_rdma_build_writes()
      
         - Prevent buffer overruns when encoding NFSv3 READDIR results
      
         - Fix a potential UAF in nfsd_file_put()"
      
      * tag 'nfsd-5.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
        SUNRPC: Remove pointer type casts from xdr_get_next_encode_buffer()
        SUNRPC: Clean up xdr_get_next_encode_buffer()
        SUNRPC: Clean up xdr_commit_encode()
        SUNRPC: Optimize xdr_reserve_space()
        SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
        SUNRPC: Trap RDMA segment overflows
        NFSD: Fix potential use-after-free in nfsd_file_put()
        MAINTAINERS: reciprocal co-maintainership for file locking and nfsd
      0885eacd
  5. 10 Jun, 2022 15 commits