1. 07 Mar, 2024 2 commits
  2. 27 Feb, 2024 2 commits
    • Mickaël Salaün's avatar
      landlock: Add support for KUnit tests · b4007fd2
      Mickaël Salaün authored
      Add the SECURITY_LANDLOCK_KUNIT_TEST option to enable KUnit tests for
      Landlock.  The minimal required configuration is listed in the
      security/landlock/.kunitconfig file.
      
      Add an initial landlock_fs KUnit test suite with 7 test cases for
      filesystem helpers.  These are related to the LANDLOCK_ACCESS_FS_REFER
      right.
      
      There is one KUnit test case per:
      * mutated state (e.g. test_scope_to_request_*) or,
      * shared state between tests (e.g. test_is_eaccess_*).
      
      Add macros to improve readability of tests (i.e. one per line).  Test
      cases are collocated with the tested functions to help maintenance and
      improve documentation.  This is why SECURITY_LANDLOCK_KUNIT_TEST cannot
      be set as module.
      
      This is a nice complement to Landlock's user space kselftests.  We
      expect new Landlock features to come with KUnit tests as well.
      
      Thanks to UML support, we can run all KUnit tests for Landlock with:
      ./tools/testing/kunit/kunit.py run --kunitconfig security/landlock
      
      [00:00:00] ======================= landlock_fs  =======================
      [00:00:00] [PASSED] test_no_more_access
      [00:00:00] [PASSED] test_scope_to_request_with_exec_none
      [00:00:00] [PASSED] test_scope_to_request_with_exec_some
      [00:00:00] [PASSED] test_scope_to_request_without_access
      [00:00:00] [PASSED] test_is_eacces_with_none
      [00:00:00] [PASSED] test_is_eacces_with_refer
      [00:00:00] [PASSED] test_is_eacces_with_write
      [00:00:00] =================== [PASSED] landlock_fs ===================
      [00:00:00] ============================================================
      [00:00:00] Testing complete. Ran 7 tests: passed: 7
      
      Cc: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
      Reviewed-by: default avatarGünther Noack <gnoack@google.com>
      Link: https://lore.kernel.org/r/20240118113632.1948478-1-mic@digikod.netSigned-off-by: default avatarMickaël Salaün <mic@digikod.net>
      b4007fd2
    • Mickaël Salaün's avatar
      selftests/landlock: Clean up error logs related to capabilities · a3f16298
      Mickaël Salaün authored
      It doesn't help to call TH_LOG() for every cap_*() error. Let's only
      log errors returned by the kernel, not by libcap specificities.
      
      Link: https://lore.kernel.org/r/20240125153230.3817165-3-mic@digikod.netSigned-off-by: default avatarMickaël Salaün <mic@digikod.net>
      a3f16298
  3. 26 Feb, 2024 1 commit
    • Mickaël Salaün's avatar
      landlock: Fix asymmetric private inodes referring · d9818b3e
      Mickaël Salaün authored
      When linking or renaming a file, if only one of the source or
      destination directory is backed by an S_PRIVATE inode, then the related
      set of layer masks would be used as uninitialized by
      is_access_to_paths_allowed().  This would result to indeterministic
      access for one side instead of always being allowed.
      
      This bug could only be triggered with a mounted filesystem containing
      both S_PRIVATE and !S_PRIVATE inodes, which doesn't seem possible.
      
      The collect_domain_accesses() calls return early if
      is_nouser_or_private() returns false, which means that the directory's
      superblock has SB_NOUSER or its inode has S_PRIVATE.  Because rename or
      link actions are only allowed on the same mounted filesystem, the
      superblock is always the same for both source and destination
      directories.  However, it might be possible in theory to have an
      S_PRIVATE parent source inode with an !S_PRIVATE parent destination
      inode, or vice versa.
      
      To make sure this case is not an issue, explicitly initialized both set
      of layer masks to 0, which means to allow all actions on the related
      side.  If at least on side has !S_PRIVATE, then
      collect_domain_accesses() and is_access_to_paths_allowed() check for the
      required access rights.
      
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Günther Noack <gnoack@google.com>
      Cc: Jann Horn <jannh@google.com>
      Cc: Shervin Oloumi <enlightened@chromium.org>
      Cc: stable@vger.kernel.org
      Fixes: b91c3e4e ("landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER")
      Link: https://lore.kernel.org/r/20240219190345.2928627-1-mic@digikod.netSigned-off-by: default avatarMickaël Salaün <mic@digikod.net>
      d9818b3e
  4. 25 Feb, 2024 31 commits
    • Linus Torvalds's avatar
      Linux 6.8-rc6 · d206a76d
      Linus Torvalds authored
      d206a76d
    • Linus Torvalds's avatar
      Merge tag 'bcachefs-2024-02-25' of https://evilpiepirate.org/git/bcachefs · e231dbd4
      Linus Torvalds authored
      Pull bcachefs fixes from Kent Overstreet:
       "Some more mostly boring fixes, but some not
      
        User reported ones:
      
         - the BTREE_ITER_FILTER_SNAPSHOTS one fixes a really nasty
           performance bug; user reported an untar initially taking two
           seconds and then ~2 minutes
      
         - kill a __GFP_NOFAIL in the buffered read path; this was a leftover
           from the trickier fix to kill __GFP_NOFAIL in readahead, where we
           can't return errors (and have to silently truncate the read
           ourselves).
      
           bcachefs can't use GFP_NOFAIL for folio state unlike iomap based
           filesystems because our folio state is just barely too big, 2MB
           hugepages cause us to exceed the 2 page threshhold for GFP_NOFAIL.
      
           additionally, the flags argument was just buggy, we weren't
           supplying GFP_KERNEL previously (!)"
      
      * tag 'bcachefs-2024-02-25' of https://evilpiepirate.org/git/bcachefs:
        bcachefs: fix bch2_save_backtrace()
        bcachefs: Fix check_snapshot() memcpy
        bcachefs: Fix bch2_journal_flush_device_pins()
        bcachefs: fix iov_iter count underflow on sub-block dio read
        bcachefs: Fix BTREE_ITER_FILTER_SNAPSHOTS on inodes btree
        bcachefs: Kill __GFP_NOFAIL in buffered read path
        bcachefs: fix backpointer_to_text() when dev does not exist
      e231dbd4
    • Kent Overstreet's avatar
      bcachefs: fix bch2_save_backtrace() · 5197728f
      Kent Overstreet authored
      Missed a call in the previous fix.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      5197728f
    • Linus Torvalds's avatar
      Merge tag 'docs-6.8-fixes3' of git://git.lwn.net/linux · 70ff1fe6
      Linus Torvalds authored
      Pull two documentation build fixes from Jonathan Corbet:
      
       - The XFS online fsck documentation uses incredibly deeply nested
         subsection and list nesting; that broke the PDF docs build. Tweak a
         parameter to tell LaTeX to allow the deeper nesting.
      
       - Fix a 6.8 PDF-build regression
      
      * tag 'docs-6.8-fixes3' of git://git.lwn.net/linux:
        docs: translations: use attribute to store current language
        docs: Instruct LaTeX to cope with deeper nesting
      70ff1fe6
    • Linus Torvalds's avatar
      Merge tag 'usb-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · c46ac50e
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some small USB fixes for 6.8-rc6 to resolve some reported
        problems. These include:
      
         - regression fixes with typec tpcm code as reported by many
      
         - cdnsp and cdns3 driver fixes
      
         - usb role setting code bugfixes
      
         - build fix for uhci driver
      
         - ncm gadget driver bugfix
      
         - MAINTAINERS entry update
      
        All of these have been in linux-next all week with no reported issues
        and there is at least one fix in here that is in Thorsten's regression
        list that is being tracked"
      
      * tag 'usb-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: typec: tpcm: Fix issues with power being removed during reset
        MAINTAINERS: Drop myself as maintainer of TYPEC port controller drivers
        usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
        Revert "usb: typec: tcpm: reset counter when enter into unattached state after try role"
        usb: gadget: omap_udc: fix USB gadget regression on Palm TE
        usb: dwc3: gadget: Don't disconnect if not started
        usb: cdns3: fix memory double free when handle zero packet
        usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
        usb: roles: don't get/set_role() when usb_role_switch is unregistered
        usb: roles: fix NULL pointer issue when put module's reference
        usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers
        usb: cdnsp: blocked some cdns3 specific code
        usb: uhci-grlib: Explicitly include linux/platform_device.h
      c46ac50e
    • Linus Torvalds's avatar
      Merge tag 'tty-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 1e592e95
      Linus Torvalds authored
      Pull tty/serial driver fixes from Greg KH:
       "Here are three small serial/tty driver fixes for 6.8-rc6 that resolve
        the following reported errors:
      
         - riscv hvc console driver fix that was reported by many
      
         - amba-pl011 serial driver fix for RS485 mode
      
         - stm32 serial driver fix for RS485 mode
      
        All of these have been in linux-next all week with no reported
        problems"
      
      * tag 'tty-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        serial: amba-pl011: Fix DMA transmission in RS485 mode
        serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled
        tty: hvc: Don't enable the RISC-V SBI console by default
      1e592e95
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v6.8_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1eee4ef3
      Linus Torvalds authored
      Pull x86 fixes from Borislav Petkov:
      
       - Make sure clearing CPU buffers using VERW happens at the latest
         possible point in the return-to-userspace path, otherwise memory
         accesses after the VERW execution could cause data to land in CPU
         buffers again
      
      * tag 'x86_urgent_for_v6.8_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        KVM/VMX: Move VERW closer to VMentry for MDS mitigation
        KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
        x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
        x86/entry_32: Add VERW just before userspace transition
        x86/entry_64: Add VERW just before userspace transition
        x86/bugs: Add asm helpers for executing VERW
      1eee4ef3
    • Linus Torvalds's avatar
      Merge tag 'irq_urgent_for_v6.8_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 8c46ed37
      Linus Torvalds authored
      Pull irq fixes from Borislav Petkov:
      
       - Make sure GICv4 always gets initialized to prevent a kexec-ed kernel
         from silently failing to set it up
      
       - Do not call bus_get_dev_root() for the mbigen irqchip as it always
         returns NULL - use NULL directly
      
       - Fix hardware interrupt number truncation when assigning MSI
         interrupts
      
       - Correct sending end-of-interrupt messages to disabled interrupts
         lines on RISC-V PLIC
      
      * tag 'irq_urgent_for_v6.8_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/gic-v3-its: Do not assume vPE tables are preallocated
        irqchip/mbigen: Don't use bus_get_dev_root() to find the parent
        PCI/MSI: Prevent MSI hardware interrupt number truncation
        irqchip/sifive-plic: Enable interrupt if needed before EOI
      8c46ed37
    • Linus Torvalds's avatar
      Merge tag 'erofs-for-6.8-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs · 4ca0d989
      Linus Torvalds authored
      Pull erofs fix from Gao Xiang:
      
       - Fix page refcount leak when looking up specific inodes
         introduced by metabuf reworking
      
      * tag 'erofs-for-6.8-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs:
        erofs: fix refcount on the metabuf used for inode lookup
      4ca0d989
    • Linus Torvalds's avatar
      Merge tag 'pull-fixes.pathwalk-rcu-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 66a97c2e
      Linus Torvalds authored
      Pull RCU pathwalk fixes from Al Viro:
       "We still have some races in filesystem methods when exposed to RCU
        pathwalk. This series is a result of code audit (the second round of
        it) and it should deal with most of that stuff.
      
        Still pending: ntfs3 ->d_hash()/->d_compare() and ceph_d_revalidate().
        Up to maintainers (a note for NTFS folks - when documentation says
        that a method may not block, it *does* imply that blocking allocations
        are to be avoided. Really)"
      
      [ More explanations for people who aren't familiar with the vagaries of
        RCU path walking: most of it is hidden from filesystems, but if a
        filesystem actively participates in the low-level path walking it
        needs to make sure the fields involved in that walk are RCU-safe.
      
        That "actively participate in low-level path walking" includes things
        like having its own ->d_hash()/->d_compare() routines, or by having
        its own directory permission function that doesn't just use the common
        helpers.  Having a ->d_revalidate() function will also have this issue.
      
        Note that instead of making everything RCU safe you can also choose to
        abort the RCU pathwalk if your operation cannot be done safely under
        RCU, but that obviously comes with a performance penalty. One common
        pattern is to allow the simple cases under RCU, and abort only if you
        need to do something more complicated.
      
        So not everything needs to be RCU-safe, and things like the inode etc
        that the VFS itself maintains obviously already are. But these fixes
        tend to be about properly RCU-delaying things like ->s_fs_info that
        are maintained by the filesystem and that got potentially released too
        early.   - Linus ]
      
      * tag 'pull-fixes.pathwalk-rcu-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        ext4_get_link(): fix breakage in RCU mode
        cifs_get_link(): bail out in unsafe case
        fuse: fix UAF in rcu pathwalks
        procfs: make freeing proc_fs_info rcu-delayed
        procfs: move dropping pde and pid from ->evict_inode() to ->free_inode()
        nfs: fix UAF on pathwalk running into umount
        nfs: make nfs_set_verifier() safe for use in RCU pathwalk
        afs: fix __afs_break_callback() / afs_drop_open_mmap() race
        hfsplus: switch to rcu-delayed unloading of nls and freeing ->s_fs_info
        exfat: move freeing sbi, upcase table and dropping nls into rcu-delayed helper
        affs: free affs_sb_info with kfree_rcu()
        rcu pathwalk: prevent bogus hard errors from may_lookup()
        fs/super.c: don't drop ->s_user_ns until we free struct super_block itself
      66a97c2e
    • Linus Torvalds's avatar
      Merge tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 9b243492
      Linus Torvalds authored
      Pull vfs fixes from Al Viro:
       "A couple of fixes - revert of regression from this cycle and a fix for
        erofs failure exit breakage (had been there since way back)"
      
      * tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        erofs: fix handling kern_mount() failure
        Revert "get rid of DCACHE_GENOCIDE"
      9b243492
    • Al Viro's avatar
      ext4_get_link(): fix breakage in RCU mode · 9fa8e282
      Al Viro authored
      1) errors from ext4_getblk() should not be propagated to caller
      unless we are really sure that we would've gotten the same error
      in non-RCU pathwalk.
      2) we leak buffer_heads if ext4_getblk() is successful, but bh is
      not uptodate.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      9fa8e282
    • Al Viro's avatar
      cifs_get_link(): bail out in unsafe case · 0511fdb4
      Al Viro authored
      ->d_revalidate() bails out there, anyway.  It's not enough
      to prevent getting into ->get_link() in RCU mode, but that
      could happen only in a very contrieved setup.  Not worth
      trying to do anything fancy here unless ->d_revalidate()
      stops kicking out of RCU mode at least in some cases.
      Reviewed-by: default avatarChristian Brauner <brauner@kernel.org>
      Acked-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      0511fdb4
    • Al Viro's avatar
      fuse: fix UAF in rcu pathwalks · 053fc4f7
      Al Viro authored
      ->permission(), ->get_link() and ->inode_get_acl() might dereference
      ->s_fs_info (and, in case of ->permission(), ->s_fs_info->fc->user_ns
      as well) when called from rcu pathwalk.
      
      Freeing ->s_fs_info->fc is rcu-delayed; we need to make freeing ->s_fs_info
      and dropping ->user_ns rcu-delayed too.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      053fc4f7
    • Al Viro's avatar
      procfs: make freeing proc_fs_info rcu-delayed · e31f0a57
      Al Viro authored
      makes proc_pid_ns() safe from rcu pathwalk (put_pid_ns()
      is still synchronous, but that's not a problem - it does
      rcu-delay everything that needs to be)
      Reviewed-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      e31f0a57
    • Al Viro's avatar
      procfs: move dropping pde and pid from ->evict_inode() to ->free_inode() · 47458802
      Al Viro authored
      that keeps both around until struct inode is freed, making access
      to them safe from rcu-pathwalk
      Acked-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      47458802
    • Al Viro's avatar
      nfs: fix UAF on pathwalk running into umount · c1b967d0
      Al Viro authored
      NFS ->d_revalidate(), ->permission() and ->get_link() need to access
      some parts of nfs_server when called in RCU mode:
      	server->flags
      	server->caps
      	*(server->io_stats)
      and, worst of all, call
      	server->nfs_client->rpc_ops->have_delegation
      (the last one - as NFS_PROTO(inode)->have_delegation()).  We really
      don't want to RCU-delay the entire nfs_free_server() (it would have
      to be done with schedule_work() from RCU callback, since it can't
      be made to run from interrupt context), but actual freeing of
      nfs_server and ->io_stats can be done via call_rcu() just fine.
      nfs_client part is handled simply by making nfs_free_client() use
      kfree_rcu().
      Acked-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      c1b967d0
    • Al Viro's avatar
      nfs: make nfs_set_verifier() safe for use in RCU pathwalk · 10a973fc
      Al Viro authored
      nfs_set_verifier() relies upon dentry being pinned; if that's
      the case, grabbing ->d_lock stabilizes ->d_parent and guarantees
      that ->d_parent points to a positive dentry.  For something
      we'd run into in RCU mode that is *not* true - dentry might've
      been through dentry_kill() just as we grabbed ->d_lock, with
      its parent going through the same just as we get to into
      nfs_set_verifier_locked().  It might get to detaching inode
      (and zeroing ->d_inode) before nfs_set_verifier_locked() gets
      to fetching that; we get an oops as the result.
      
      That can happen in nfs{,4} ->d_revalidate(); the call chain in
      question is nfs_set_verifier_locked() <- nfs_set_verifier() <-
      nfs_lookup_revalidate_delegated() <- nfs{,4}_do_lookup_revalidate().
      We have checked that the parent had been positive, but that's
      done before we get to nfs_set_verifier() and it's possible for
      memory pressure to pick our dentry as eviction candidate by that
      time.  If that happens, back-to-back attempts to kill dentry and
      its parent are quite normal.  Sure, in case of eviction we'll
      fail the ->d_seq check in the caller, but we need to survive
      until we return there...
      Acked-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      10a973fc
    • Al Viro's avatar
      afs: fix __afs_break_callback() / afs_drop_open_mmap() race · 275655d3
      Al Viro authored
      In __afs_break_callback() we might check ->cb_nr_mmap and if it's non-zero
      do queue_work(&vnode->cb_work).  In afs_drop_open_mmap() we decrement
      ->cb_nr_mmap and do flush_work(&vnode->cb_work) if it reaches zero.
      
      The trouble is, there's nothing to prevent __afs_break_callback() from
      seeing ->cb_nr_mmap before the decrement and do queue_work() after both
      the decrement and flush_work().  If that happens, we might be in trouble -
      vnode might get freed before the queued work runs.
      
      __afs_break_callback() is always done under ->cb_lock, so let's make
      sure that ->cb_nr_mmap can change from non-zero to zero while holding
      ->cb_lock (the spinlock component of it - it's a seqlock and we don't
      need to mess with the counter).
      Acked-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      275655d3
    • Al Viro's avatar
      hfsplus: switch to rcu-delayed unloading of nls and freeing ->s_fs_info · af072cf6
      Al Viro authored
      ->d_hash() and ->d_compare() use those, so we need to delay freeing
      them.
      Reviewed-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      af072cf6
    • Al Viro's avatar
      exfat: move freeing sbi, upcase table and dropping nls into rcu-delayed helper · a13d1a4d
      Al Viro authored
      That stuff can be accessed by ->d_hash()/->d_compare(); as it is, we have
      a hard-to-hit UAF if rcu pathwalk manages to get into ->d_hash() on a filesystem
      that is in process of getting shut down.
      
      Besides, having nls and upcase table cleanup moved from ->put_super() towards
      the place where sbi is freed makes for simpler failure exits.
      Acked-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      a13d1a4d
    • Al Viro's avatar
      affs: free affs_sb_info with kfree_rcu() · 529f89a9
      Al Viro authored
      one of the flags in it is used by ->d_hash()/->d_compare()
      Reviewed-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      529f89a9
    • Al Viro's avatar
      rcu pathwalk: prevent bogus hard errors from may_lookup() · cdb67fde
      Al Viro authored
      If lazy call of ->permission() returns a hard error, check that
      try_to_unlazy() succeeds before returning it.  That both makes
      life easier for ->permission() instances and closes the race
      in ENOTDIR handling - it is possible that positive d_can_lookup()
      seen in link_path_walk() applies to the state *after* unlink() +
      mkdir(), while nd->inode matches the state prior to that.
      
      Normally seeing e.g. EACCES from permission check in rcu pathwalk
      means that with some timings non-rcu pathwalk would've run into
      the same; however, running into a non-executable regular file
      in the middle of a pathname would not get to permission check -
      it would fail with ENOTDIR instead.
      Reviewed-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      cdb67fde
    • Al Viro's avatar
      fs/super.c: don't drop ->s_user_ns until we free struct super_block itself · 583340de
      Al Viro authored
      Avoids fun races in RCU pathwalk...  Same goes for freeing LSM shite
      hanging off super_block's arse.
      Reviewed-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      583340de
    • Kent Overstreet's avatar
      bcachefs: Fix check_snapshot() memcpy · c4333eb5
      Kent Overstreet authored
      check_snapshot() copies the bch_snapshot to a temporary to easily handle
      older versions that don't have all the fields of the current version,
      but it lacked a min() to correctly handle keys newer and larger than the
      current version.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      c4333eb5
    • Kent Overstreet's avatar
      bcachefs: Fix bch2_journal_flush_device_pins() · 097471f9
      Kent Overstreet authored
      If a journal write errored, the list of devices it was written to could
      be empty - we're not supposed to mark an empty replicas list.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      097471f9
    • Brian Foster's avatar
      bcachefs: fix iov_iter count underflow on sub-block dio read · b58b1b88
      Brian Foster authored
      bch2_direct_IO_read() checks the request offset and size for sector
      alignment and then falls through to a couple calculations to shrink
      the size of the request based on the inode size. The problem is that
      these checks round up to the fs block size, which runs the risk of
      underflowing iter->count if the block size happens to be large
      enough. This is triggered by fstest generic/361 with a 4k block
      size, which subsequently leads to a crash. To avoid this crash,
      check that the shorten length doesn't exceed the overall length of
      the iter.
      
      Fixes:
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarSu Yue <glass.su@suse.com>
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      b58b1b88
    • Kent Overstreet's avatar
      bcachefs: Fix BTREE_ITER_FILTER_SNAPSHOTS on inodes btree · 204f4514
      Kent Overstreet authored
      If we're in FILTER_SNAPSHOTS mode and we start scanning a range of the
      keyspace where no keys are visible in the current snapshot, we have a
      problem - we'll scan for a very long time before scanning terminates.
      
      Awhile back, this was fixed for most cases with peek_upto() (and
      assertions that enforce that it's being used).
      
      But the fix missed the fact that the inodes btree is different - every
      key offset is in a different snapshot tree, not just the inode field.
      
      Fixes:
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      204f4514
    • Kent Overstreet's avatar
      bcachefs: Kill __GFP_NOFAIL in buffered read path · 04fee68d
      Kent Overstreet authored
      Recently, we fixed our __GFP_NOFAIL usage in the readahead path, but the
      easy one in read_single_folio() (where wa can return an error) was
      missed - oops.
      
      Fixes:
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      04fee68d
    • Kent Overstreet's avatar
    • Linus Torvalds's avatar
      Merge tag 'powerpc-6.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · ab0a97cf
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - Fix a crash when hot adding a PCI device to an LPAR since
         recent changes
      
       - Fix nested KVM level-2 guest reboot failure due to empty
         'arch_compat'
      
      Thanks to Amit Machhiwal, Aneesh Kumar K.V (IBM), Brian King, Gaurav
      Batra, and Vaibhav Jain.
      
      * tag 'powerpc-6.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        KVM: PPC: Book3S HV: Fix L2 guest reboot failure due to empty 'arch_compat'
        powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller
      ab0a97cf
  5. 24 Feb, 2024 4 commits
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 91403d50
      Linus Torvalds authored
      Pull iommu fixes from Joerg Roedel:
      
       - Intel VT-d fixes for nested domain handling:
      
            - Cache invalidation for changes in a parent domain
      
            - Dirty tracking setting for parent and nested domains
      
            - Fix a constant-out-of-range warning
      
       - ARM SMMU fixes:
      
            - Fix CD allocation from atomic context when using SVA with SMMUv3
      
            - Revert the conversion of SMMUv2 to domain_alloc_paging(), as it
              breaks the boot for Qualcomm MSM8996 devices
      
       - Restore SVA handle sharing in core code as it turned out there are
         still drivers relying on it
      
      * tag 'iommu-fixes-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/sva: Restore SVA handle sharing
        iommu/arm-smmu-v3: Do not use GFP_KERNEL under as spinlock
        iommu/vt-d: Fix constant-out-of-range warning
        iommu/vt-d: Set SSADE when attaching to a parent with dirty tracking
        iommu/vt-d: Add missing dirty tracking set for parent domain
        iommu/vt-d: Wrap the dirty tracking loop to be a helper
        iommu/vt-d: Remove domain parameter for intel_pasid_setup_dirty_tracking()
        iommu/vt-d: Add missing device iotlb flush for parent domain
        iommu/vt-d: Update iotlb in nested domain attach
        iommu/vt-d: Add missing iotlb flush for parent domain
        iommu/vt-d: Add __iommu_flush_iotlb_psi()
        iommu/vt-d: Track nested domains in parent
        Revert "iommu/arm-smmu: Convert to domain_alloc_paging()"
      91403d50
    • Linus Torvalds's avatar
      Merge tag 'cxl-fixes-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl · ac389bc0
      Linus Torvalds authored
      Pull cxl fixes from Dan Williams:
       "A collection of significant fixes for the CXL subsystem.
      
        The largest change in this set, that bordered on "new development", is
        the fix for the fact that the location of the new qos_class attribute
        did not match the Documentation. The fix ends up deleting more code
        than it added, and it has a new unit test to backstop basic errors in
        this interface going forward. So the "red-diff" and unit test saved
        the "rip it out and try again" response.
      
        In contrast, the new notification path for firmware reported CXL
        errors (CXL CPER notifications) has a locking context bug that can not
        be fixed with a red-diff. Given where the release cycle stands, it is
        not comfortable to squeeze in that fix in these waning days. So, that
        receives the "back it out and try again later" treatment.
      
        There is a regression fix in the code that establishes memory NUMA
        nodes for platform CXL regions. That has an ack from x86 folks. There
        are a couple more fixups for Linux to understand (reassemble) CXL
        regions instantiated by platform firmware. The policy around platforms
        that do not match host-physical-address with system-physical-address
        (i.e. systems that have an address translation mechanism between the
        address range reported in the ACPI CEDT.CFMWS and endpoint decoders)
        has been softened to abort driver load rather than teardown the memory
        range (can cause system hangs). Lastly, there is a robustness /
        regression fix for cases where the driver would previously continue in
        the face of error, and a fixup for PCI error notification handling.
      
        Summary:
      
         - Fix NUMA initialization from ACPI CEDT.CFMWS
      
         - Fix region assembly failures due to async init order
      
         - Fix / simplify export of qos_class information
      
         - Fix cxl_acpi initialization vs single-window-init failures
      
         - Fix handling of repeated 'pci_channel_io_frozen' notifications
      
         - Workaround platforms that violate host-physical-address ==
           system-physical address assumptions
      
         - Defer CXL CPER notification handling to v6.9"
      
      * tag 'cxl-fixes-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
        cxl/acpi: Fix load failures due to single window creation failure
        acpi/ghes: Remove CXL CPER notifications
        cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window
        cxl/test: Add support for qos_class checking
        cxl: Fix sysfs export of qos_class for memdev
        cxl: Remove unnecessary type cast in cxl_qos_class_verify()
        cxl: Change 'struct cxl_memdev_state' *_perf_list to single 'struct cxl_dpa_perf'
        cxl/region: Allow out of order assembly of autodiscovered regions
        cxl/region: Handle endpoint decoders in cxl_region_find_decoder()
        x86/numa: Fix the sort compare func used in numa_fill_memblks()
        x86/numa: Fix the address overlap check in numa_fill_memblks()
        cxl/pci: Skip to handle RAS errors if CXL.mem device is detached
      ac389bc0
    • Linus Torvalds's avatar
      Merge tag 'for-6.8/dm-fix-3' of... · f2e367d6
      Linus Torvalds authored
      Merge tag 'for-6.8/dm-fix-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fix from Mike Snitzer:
      
       - Fix DM integrity and verity targets to not use excessive stack when
         they recheck in the error path.
      
      * tag 'for-6.8/dm-fix-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm-integrity, dm-verity: reduce stack usage for recheck
      f2e367d6
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 6d20acbf
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Six fixes: the four driver ones are pretty trivial.
      
        The larger two core changes are to try to fix various USB attached
        devices which have somewhat eccentric ways of handling the VPD and
        other mode pages which necessitate multiple revalidates (that were
        removed in the interests of efficiency) and updating the heuristic for
        supported VPD pages"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: jazz_esp: Only build if SCSI core is builtin
        scsi: smartpqi: Fix disable_managed_interrupts
        scsi: ufs: Uninitialized variable in ufshcd_devfreq_target()
        scsi: target: pscsi: Fix bio_put() for error case
        scsi: core: Consult supported VPD page list prior to fetching page
        scsi: sd: usb_storage: uas: Access media prior to querying device properties
      6d20acbf