1. 02 Apr, 2021 1 commit
    • Christian Brauner's avatar
      file: fix close_range() for unshare+cloexec · 9b5b8722
      Christian Brauner authored
      syzbot reported a bug when putting the last reference to a tasks file
      descriptor table. Debugging this showed we didn't recalculate the
      current maximum fd number for CLOSE_RANGE_UNSHARE | CLOSE_RANGE_CLOEXEC
      after we unshared the file descriptors table. So max_fd could exceed the
      current fdtable maximum causing us to set excessive bits. As a concrete
      example, let's say the user requested everything from fd 4 to ~0UL to be
      closed and their current fdtable size is 256 with their highest open fd
      being 4. With CLOSE_RANGE_UNSHARE the caller will end up with a new
      fdtable which has room for 64 file descriptors since that is the lowest
      fdtable size we accept. But now max_fd will still point to 255 and needs
      to be adjusted. Fix this by retrieving the correct maximum fd value in
      __range_cloexec().
      
      Reported-by: syzbot+283ce5a46486d6acdbaf@syzkaller.appspotmail.com
      Fixes: 582f1fb6 ("fs, close_range: add flag CLOSE_RANGE_CLOEXEC")
      Fixes: fec8a6a6 ("close_range: unshare all fds for CLOSE_RANGE_UNSHARE | CLOSE_RANGE_CLOEXEC")
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Giuseppe Scrivano <gscrivan@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: linux-fsdevel@vger.kernel.org
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
      9b5b8722
  2. 21 Mar, 2021 23 commits
  3. 20 Mar, 2021 7 commits
    • Thomas Gleixner's avatar
      genirq: Disable interrupts for force threaded handlers · 81e2073c
      Thomas Gleixner authored
      With interrupt force threading all device interrupt handlers are invoked
      from kernel threads. Contrary to hard interrupt context the invocation only
      disables bottom halfs, but not interrupts. This was an oversight back then
      because any code like this will have an issue:
      
      thread(irq_A)
        irq_handler(A)
          spin_lock(&foo->lock);
      
      interrupt(irq_B)
        irq_handler(B)
          spin_lock(&foo->lock);
      
      This has been triggered with networking (NAPI vs. hrtimers) and console
      drivers where printk() happens from an interrupt which interrupted the
      force threaded handler.
      
      Now people noticed and started to change the spin_lock() in the handler to
      spin_lock_irqsave() which affects performance or add IRQF_NOTHREAD to the
      interrupt request which in turn breaks RT.
      
      Fix the root cause and not the symptom and disable interrupts before
      invoking the force threaded handler which preserves the regular semantics
      and the usefulness of the interrupt force threading as a general debugging
      tool.
      
      For not RT this is not changing much, except that during the execution of
      the threaded handler interrupts are delayed until the handler
      returns. Vs. scheduling and softirq processing there is no difference.
      
      For RT kernels there is no issue.
      
      Fixes: 8d32a307 ("genirq: Provide forced interrupt threading")
      Reported-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: default avatarJohan Hovold <johan@kernel.org>
      Acked-by: default avatarSebastian Andrzej Siewior <bigeasy@linutronix.de>
      Link: https://lore.kernel.org/r/20210317143859.513307808@linutronix.de
      81e2073c
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 812da4d3
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
       "A handful of fixes for 5.12:
      
         - fix the SBI remote fence numbers for hypervisor fences, which had
           been transcribed in the wrong order in Linux. These fences are only
           used with the KVM patches applied.
      
         - fix a whole host of build warnings, these should have no functional
           change.
      
         - fix init_resources() to prevent an off-by-one error from causing an
           out-of-bounds array reference. This was manifesting during boot on
           vexriscv.
      
         - ensure the KASAN mappings are visible before proceeding to use
           them"
      
      * tag 'riscv-for-linus-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: Correct SPARSEMEM configuration
        RISC-V: kasan: Declare kasan_shallow_populate() static
        riscv: Ensure page table writes are flushed when initializing KASAN vmalloc
        RISC-V: Fix out-of-bounds accesses in init_resources()
        riscv: Fix compilation error with Canaan SoC
        ftrace: Fix spelling mistake "disabed" -> "disabled"
        riscv: fix bugon.cocci warnings
        riscv: process: Fix no prototype for arch_dup_task_struct
        riscv: ftrace: Use ftrace_get_regs helper
        riscv: process: Fix no prototype for show_regs
        riscv: syscall_table: Reduce W=1 compilation warnings noise
        riscv: time: Fix no prototype for time_init
        riscv: ptrace: Fix no prototype warnings
        riscv: sbi: Fix comment of __sbi_set_timer_v01
        riscv: irq: Fix no prototype warning
        riscv: traps: Fix no prototype warnings
        RISC-V: correct enum sbi_ext_rfence_fid
      812da4d3
    • Linus Torvalds's avatar
      Merge tag '5.12-rc3-smb3' of git://git.samba.org/sfrench/cifs-2.6 · bfdc4aa9
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Five cifs/smb3 fixes - three for stable, including an important ACL
        fix and security signature fix"
      
      * tag '5.12-rc3-smb3' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: fix allocation size on newly created files
        cifs: warn and fail if trying to use rootfs without the config option
        fs/cifs/: fix misspellings using codespell tool
        cifs: Fix preauth hash corruption
        cifs: update new ACE pointer after populate_new_aces.
      bfdc4aa9
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · af97713d
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Eight fixes, all in drivers, all fairly minor either being fixes in
        error legs, memory leaks on teardown, context errors or semantic
        problems"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: mpt3sas: Do not use GFP_KERNEL in atomic context
        scsi: ufs: ufs-mediatek: Correct operator & -> &&
        scsi: sd_zbc: Update write pointer offset cache
        scsi: lpfc: Fix some error codes in debugfs
        scsi: qla2xxx: Fix broken #endif placement
        scsi: st: Fix a use after free in st_open()
        scsi: myrs: Fix a double free in myrs_cleanup()
        scsi: ibmvfc: Free channel_setup_buf during device tear down
      af97713d
    • Linus Torvalds's avatar
      Merge tag 'zonefs-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs · 1c273e10
      Linus Torvalds authored
      Pull zonefs fixes from Damien Le Moal:
      
       - fix inode write open reference count (Chao)
      
       - Fix wrong write offset for asynchronous O_APPEND writes (me)
      
       - Prevent use of sequential zone file as swap files (me)
      
      * tag 'zonefs-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs:
        zonefs: fix to update .i_wr_refcnt correctly in zonefs_open_zone()
        zonefs: Fix O_APPEND async write handling
        zonefs: prevent use of seq files as swap file
      1c273e10
    • Linus Torvalds's avatar
      Merge tag 'block-5.12-2021-03-19' of git://git.kernel.dk/linux-block · d626c692
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "Just an NVMe pull request this week:
      
         - fix tag allocation for keep alive
      
         - fix a unit mismatch for the Write Zeroes limits
      
         - various TCP transport fixes (Sagi Grimberg, Elad Grupi)
      
         - fix iosqes and iocqes validation for discovery controllers (Sagi Grimberg)"
      
      * tag 'block-5.12-2021-03-19' of git://git.kernel.dk/linux-block:
        nvmet-tcp: fix kmap leak when data digest in use
        nvmet: don't check iosqes,iocqes for discovery controllers
        nvme-rdma: fix possible hang when failing to set io queues
        nvme-tcp: fix possible hang when failing to set io queues
        nvme-tcp: fix misuse of __smp_processor_id with preemption enabled
        nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU
        nvme: fix Write Zeroes limitations
        nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT
        nvme: merge nvme_keep_alive into nvme_keep_alive_work
        nvme-fabrics: only reserve a single tag
      d626c692
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.12-2021-03-19' of git://git.kernel.dk/linux-block · 0ada2dad
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "Quieter week this time, which was both expected and desired. About
        half of the below is fixes for this release, the other half are just
        fixes in general. In detail:
      
         - Fix the freezing of IO threads, by making the freezer not send them
           fake signals. Make them freezable by default.
      
         - Like we did for personalities, move the buffer IDR to xarray. Kills
           some code and avoids a use-after-free on teardown.
      
         - SQPOLL cleanups and fixes (Pavel)
      
         - Fix linked timeout race (Pavel)
      
         - Fix potential completion post use-after-free (Pavel)
      
         - Cleanup and move internal structures outside of general kernel view
           (Stefan)
      
         - Use MSG_SIGNAL for send/recv from io_uring (Stefan)"
      
      * tag 'io_uring-5.12-2021-03-19' of git://git.kernel.dk/linux-block:
        io_uring: don't leak creds on SQO attach error
        io_uring: use typesafe pointers in io_uring_task
        io_uring: remove structures from include/linux/io_uring.h
        io_uring: imply MSG_NOSIGNAL for send[msg]()/recv[msg]() calls
        io_uring: fix sqpoll cancellation via task_work
        io_uring: add generic callback_head helpers
        io_uring: fix concurrent parking
        io_uring: halt SQO submission on ctx exit
        io_uring: replace sqd rw_semaphore with mutex
        io_uring: fix complete_post use ctx after free
        io_uring: fix ->flags races by linked timeouts
        io_uring: convert io_buffer_idr to XArray
        io_uring: allow IO worker threads to be frozen
        kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing
      0ada2dad
  4. 19 Mar, 2021 9 commits
    • Johan Hovold's avatar
      x86/apic/of: Fix CPU devicetree-node lookups · dd926880
      Johan Hovold authored
      Architectures that describe the CPU topology in devicetree and do not have
      an identity mapping between physical and logical CPU ids must override the
      default implementation of arch_match_cpu_phys_id().
      
      Failing to do so breaks CPU devicetree-node lookups using of_get_cpu_node()
      and of_cpu_device_node_get() which several drivers rely on. It also causes
      the CPU struct devices exported through sysfs to point to the wrong
      devicetree nodes.
      
      On x86, CPUs are described in devicetree using their APIC ids and those
      do not generally coincide with the logical ids, even if CPU0 typically
      uses APIC id 0.
      
      Add the missing implementation of arch_match_cpu_phys_id() so that CPU-node
      lookups work also with SMP.
      
      Apart from fixing the broken sysfs devicetree-node links this likely does
      not affect current users of mainline kernels on x86.
      
      Fixes: 4e07db9c ("x86/devicetree: Use CPU description from Device Tree")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Link: https://lore.kernel.org/r/20210312092033.26317-1-johan@kernel.org
      dd926880
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · ecd8ee7f
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "Fixes for kvm on x86:
      
         - new selftests
      
         - fixes for migration with HyperV re-enlightenment enabled
      
         - fix RCU/SRCU usage
      
         - fixes for local_irq_restore misuse false positive"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        documentation/kvm: additional explanations on KVM_SET_BOOT_CPU_ID
        x86/kvm: Fix broken irq restoration in kvm_wait
        KVM: X86: Fix missing local pCPU when executing wbinvd on all dirty pCPUs
        KVM: x86: Protect userspace MSR filter with SRCU, and set atomically-ish
        selftests: kvm: add set_boot_cpu_id test
        selftests: kvm: add _vm_ioctl
        selftests: kvm: add get_msr_index_features
        selftests: kvm: Add basic Hyper-V clocksources tests
        KVM: x86: hyper-v: Don't touch TSC page values when guest opted for re-enlightenment
        KVM: x86: hyper-v: Track Hyper-V TSC page status
        KVM: x86: hyper-v: Prevent using not-yet-updated TSC page by secondary CPUs
        KVM: x86: hyper-v: Limit guest to writing zero to HV_X64_MSR_TSC_EMULATION_STATUS
        KVM: x86/mmu: Store the address space ID in the TDP iterator
        KVM: x86/mmu: Factor out tdp_iter_return_to_root
        KVM: x86/mmu: Fix RCU usage when atomically zapping SPTEs
        KVM: x86/mmu: Fix RCU usage in handle_removed_tdp_mmu_page
      ecd8ee7f
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · 3149860d
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
       "Two fixes for the GPIO subsystem. Both address issues in the core GPIO
        code:
      
         - fix the return value in error path in gpiolib_dev_init()
      
         - fix the 'gpio-line-names' property handling correctly this time"
      
      * tag 'gpio-fixes-for-v5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpiolib: Assign fwnode to parent's if no primary one provided
        gpiolib: Fix error return code in gpiolib_dev_init()
      3149860d
    • Linus Torvalds's avatar
      Merge tag 's390-5.12-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 6bfea141
      Linus Torvalds authored
      Pull s390 updates from Heiko Carstens:
      
       - disable preemption when accessing local per-cpu variables in the new
         counter set driver
      
       - fix by a factor of four increased steal time due to missing
         cputime_to_nsecs() conversion
      
       - fix PCI device structure leak
      
      * tag 's390-5.12-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/pci: fix leak of PCI device structure
        s390/vtime: fix increased steal time accounting
        s390/cpumf: disable preemption when accessing per-cpu variable
      6bfea141
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 278924cb
      Linus Torvalds authored
      Pull workqueue tracing fix from Steven Rostedt:
       "Fix workqueue trace event unsafe string reference
      
        After adding a verifier to test all strings printed in trace events to
        make sure they either point to a string on the ring buffer, or to read
        only core kernel memory, it triggered on a workqueue trace event. The
        trace event workqueue_queue_work references the allocated name of the
        workqueue in the output. If the workqueue is freed before the trace is
        read, then the trace will dereference freed memory.
      
        Update the trace event to use the __string(), __assign_str(), and
        __get_str() helpers to handle such cases"
      
      * tag 'trace-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        workqueue/tracing: Copy workqueue name to buffer in trace event
      278924cb
    • Linus Torvalds's avatar
      Merge tag 'pm-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · ec857209
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "Revert two problematic commits.
      
        Specifics:
      
         - Revert ACPI PM commit that attempted to improve reboot handling on
           some systems, but it caused other systems to panic() during reboot
           (Josef Bacik)
      
         - Revert PM-runtime commit that attempted to improve the handling of
           suppliers during PM-runtime suspend of a consumer device, but it
           introduced a race condition potentially leading to unexpected
           behavior (Rafael Wysocki)"
      
      * tag 'pm-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        Revert "PM: runtime: Update device status before letting suppliers suspend"
        Revert "PM: ACPI: reboot: Use S5 for reboot"
      ec857209
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 65a10374
      Linus Torvalds authored
      Pull iommu fixes from Joerg Roedel:
      
       - Three AMD IOMMU patches to fix a boot crash on AMD Stoney systems and
         every other AMD IOMMU system booted with 'amd_iommu=off'.
      
         This is a v5.11 regression.
      
       - A Fix for the Tegra IOMMU driver to make sure it detects all IOMMUs
      
      * tag 'iommu-fixes-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/tegra-smmu: Make tegra_smmu_probe_device() to handle all IOMMU phandles
        iommu/amd: Keep track of amd_iommu_irq_remap state
        iommu/amd: Don't call early_amd_iommu_init() when AMD IOMMU is disabled
        iommu/amd: Move Stoney Ridge check to detect_ivrs()
      65a10374
    • Linus Torvalds's avatar
      Merge tag 'sound-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 769e155c
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "The majority of changes are various ASoC device/platform-specific
        small fixes (including a removal of stale file) while the only common
        change is a clk management fix in ASoC simple-card driver.
      
        The rest are the usual HD-audio quirks"
      
      * tag 'sound-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (44 commits)
        ALSA: usb-audio: Fix unintentional sign extension issue
        ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8
        ASoC: dt-bindings: fsl_spdif: Add compatible string for new platforms
        ASoC: rt711: add snd_soc_component remove callback
        ASoC: rt5659: Update MCLK rate in set_sysclk()
        ASoC: simple-card-utils: Do not handle device clock
        ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8
        ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8
        ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro
        ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air
        ASoC: mediatek: mt8192: fix tdm out data is valid on rising edge
        ALSA: dice: fix null pointer dereference when node is disconnected
        ALSA: hda: generic: Fix the micmute led init state
        ASoC: qcom: lpass-cpu: Fix lpass dai ids parse
        spi: cadence: set cqspi to the driver_data field of struct device
        ASoC: SOF: intel: fix wrong poll bits in dsp power down
        ASoC: codecs: wcd934x: add a sanity check in set channel map
        ASoC: qcom: sdm845: Fix array out of range on rx slim channels
        ASoC: qcom: sdm845: Fix array out of bounds access
        ASoC: remove remnants of sirf prima/atlas audio codec
        ...
      769e155c
    • Steve French's avatar
      cifs: fix allocation size on newly created files · 65af8f01
      Steve French authored
      Applications that create and extend and write to a file do not
      expect to see 0 allocation size.  When file is extended,
      set its allocation size to a plausible value until we have a
      chance to query the server for it.  When the file is cached
      this will prevent showing an impossible number of allocated
      blocks (like 0).  This fixes e.g. xfstests 614 which does
      
          1) create a file and set its size to 64K
          2) mmap write 64K to the file
          3) stat -c %b for the file (to query the number of allocated blocks)
      
      It was failing because we returned 0 blocks.  Even though we would
      return the correct cached file size, we returned an impossible
      allocation size.
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      CC: <stable@vger.kernel.org>
      Reviewed-by: default avatarAurelien Aptel <aaptel@suse.com>
      65af8f01