1. 18 Jun, 2022 4 commits
    • Baokun Li's avatar
      ext4: fix bug_on ext4_mb_use_inode_pa · a08f789d
      Baokun Li authored
      Hulk Robot reported a BUG_ON:
      ==================================================================
      kernel BUG at fs/ext4/mballoc.c:3211!
      [...]
      RIP: 0010:ext4_mb_mark_diskspace_used.cold+0x85/0x136f
      [...]
      Call Trace:
       ext4_mb_new_blocks+0x9df/0x5d30
       ext4_ext_map_blocks+0x1803/0x4d80
       ext4_map_blocks+0x3a4/0x1a10
       ext4_writepages+0x126d/0x2c30
       do_writepages+0x7f/0x1b0
       __filemap_fdatawrite_range+0x285/0x3b0
       file_write_and_wait_range+0xb1/0x140
       ext4_sync_file+0x1aa/0xca0
       vfs_fsync_range+0xfb/0x260
       do_fsync+0x48/0xa0
      [...]
      ==================================================================
      
      Above issue may happen as follows:
      -------------------------------------
      do_fsync
       vfs_fsync_range
        ext4_sync_file
         file_write_and_wait_range
          __filemap_fdatawrite_range
           do_writepages
            ext4_writepages
             mpage_map_and_submit_extent
              mpage_map_one_extent
               ext4_map_blocks
                ext4_mb_new_blocks
                 ext4_mb_normalize_request
                  >>> start + size <= ac->ac_o_ex.fe_logical
                 ext4_mb_regular_allocator
                  ext4_mb_simple_scan_group
                   ext4_mb_use_best_found
                    ext4_mb_new_preallocation
                     ext4_mb_new_inode_pa
                      ext4_mb_use_inode_pa
                       >>> set ac->ac_b_ex.fe_len <= 0
                 ext4_mb_mark_diskspace_used
                  >>> BUG_ON(ac->ac_b_ex.fe_len <= 0);
      
      we can easily reproduce this problem with the following commands:
      	`fallocate -l100M disk`
      	`mkfs.ext4 -b 1024 -g 256 disk`
      	`mount disk /mnt`
      	`fsstress -d /mnt -l 0 -n 1000 -p 1`
      
      The size must be smaller than or equal to EXT4_BLOCKS_PER_GROUP.
      Therefore, "start + size <= ac->ac_o_ex.fe_logical" may occur
      when the size is truncated. So start should be the start position of
      the group where ac_o_ex.fe_logical is located after alignment.
      In addition, when the value of fe_logical or EXT4_BLOCKS_PER_GROUP
      is very large, the value calculated by start_off is more accurate.
      
      Cc: stable@kernel.org
      Fixes: cd648b8a ("ext4: trim allocation requests to group size")
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarBaokun Li <libaokun1@huawei.com>
      Reviewed-by: default avatarRitesh Harjani <ritesh.list@gmail.com>
      Link: https://lore.kernel.org/r/20220528110017.354175-2-libaokun1@huawei.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      a08f789d
    • Eric Biggers's avatar
      ext4: fix up test_dummy_encryption handling for new mount API · 85456054
      Eric Biggers authored
      Since ext4 was converted to the new mount API, the test_dummy_encryption
      mount option isn't being handled entirely correctly, because the needed
      fscrypt_set_test_dummy_encryption() helper function combines
      parsing/checking/applying into one function.  That doesn't work well
      with the new mount API, which split these into separate steps.
      
      This was sort of okay anyway, due to the parsing logic that was copied
      from fscrypt_set_test_dummy_encryption() into ext4_parse_param(),
      combined with an additional check in ext4_check_test_dummy_encryption().
      However, these overlooked the case of changing the value of
      test_dummy_encryption on remount, which isn't allowed but ext4 wasn't
      detecting until ext4_apply_options() when it's too late to fail.
      Another bug is that if test_dummy_encryption was specified multiple
      times with an argument, memory was leaked.
      
      Fix this up properly by using the new helper functions that allow
      splitting up the parse/check/apply steps for test_dummy_encryption.
      
      Fixes: cebe85d5 ("ext4: switch to the new mount api")
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Link: https://lore.kernel.org/r/20220526040412.173025-1-ebiggers@kernel.orgSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      85456054
    • Shuqi Zhang's avatar
    • Ye Bin's avatar
      ext4: fix super block checksum incorrect after mount · 9b6641dd
      Ye Bin authored
      We got issue as follows:
      [home]# mount  /dev/sda  test
      EXT4-fs (sda): warning: mounting fs with errors, running e2fsck is recommended
      [home]# dmesg
      EXT4-fs (sda): warning: mounting fs with errors, running e2fsck is recommended
      EXT4-fs (sda): Errors on filesystem, clearing orphan list.
      EXT4-fs (sda): recovery complete
      EXT4-fs (sda): mounted filesystem with ordered data mode. Quota mode: none.
      [home]# debugfs /dev/sda
      debugfs 1.46.5 (30-Dec-2021)
      Checksum errors in superblock!  Retrying...
      
      Reason is ext4_orphan_cleanup will reset ‘s_last_orphan’ but not update
      super block checksum.
      
      To solve above issue, defer update super block checksum after
      ext4_orphan_cleanup.
      Signed-off-by: default avatarYe Bin <yebin10@huawei.com>
      Cc: stable@kernel.org
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Reviewed-by: default avatarRitesh Harjani <ritesh.list@gmail.com>
      Link: https://lore.kernel.org/r/20220525012904.1604737-1-yebin10@huawei.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      9b6641dd
  2. 16 Jun, 2022 5 commits
  3. 12 Jun, 2022 10 commits
  4. 11 Jun, 2022 9 commits
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v5.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · 7a68065e
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
       "A set of fixes. Most address the new warning we emit at build time
        when irq chips are not immutable with some additional tweaks to
        gpio-crystalcove from Andy and a small tweak to gpio-dwapd.
      
         - make irq_chip structs immutable in several Diolan and intel drivers
           to get rid of the new warning we emit when fiddling with irq chips
      
         - don't print error messages on probe deferral in gpio-dwapb"
      
      * tag 'gpio-fixes-for-v5.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: dwapb: Don't print error on -EPROBE_DEFER
        gpio: dln2: make irq_chip immutable
        gpio: sch: make irq_chip immutable
        gpio: merrifield: make irq_chip immutable
        gpio: wcove: make irq_chip immutable
        gpio: crystalcove: Join function declarations and long lines
        gpio: crystalcove: Use specific type and API for IRQ number
        gpio: crystalcove: make irq_chip immutable
      7a68065e
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · cecb3540
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Driver fixes and and one core patch.
      
        Nine of the driver patches are minor fixes and reworks to lpfc and the
        rest are trivial and minor fixes elsewhere"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: pmcraid: Fix missing resource cleanup in error case
        scsi: ipr: Fix missing/incorrect resource cleanup in error case
        scsi: mpt3sas: Fix out-of-bounds compiler warning
        scsi: lpfc: Update lpfc version to 14.2.0.4
        scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion
        scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds
        scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
        scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted
        scsi: lpfc: Address NULL pointer dereference after starget_to_rport()
        scsi: lpfc: Resolve some cleanup issues following SLI path refactoring
        scsi: lpfc: Resolve some cleanup issues following abort path refactoring
        scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event()
        scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
        scsi: sd: Fix interpretation of VPD B9h length
      cecb3540
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · abe71eb3
      Linus Torvalds authored
      Pull virtio fixes from Michael Tsirkin:
       "Fixes all over the place, most notably fixes for latent bugs in
        drivers that got exposed by suppressing interrupts before DRIVER_OK,
        which in turn has been done by 8b4ec69d ("virtio: harden vring
        IRQ")"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        um: virt-pci: set device ready in probe()
        vdpa: make get_vq_group and set_group_asid optional
        virtio: Fix all occurences of the "the the" typo
        vduse: Fix NULL pointer dereference on sysfs access
        vringh: Fix loop descriptors check in the indirect cases
        vdpa/mlx5: clean up indenting in handle_ctrl_vlan()
        vdpa/mlx5: fix error code for deleting vlan
        virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
        vdpa/mlx5: Fix syntax errors in comments
        virtio-rng: make device ready before making request
      abe71eb3
    • Linus Torvalds's avatar
      Merge tag 'loongarch-fixes-5.19-1' of... · 0678afa6
      Linus Torvalds authored
      Merge tag 'loongarch-fixes-5.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
      
      Pull LoongArch fixes from Huacai Chen.
       "Fix build errors and a stale comment"
      
      * tag 'loongarch-fixes-5.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson:
        LoongArch: Remove MIPS comment about cycle counter
        LoongArch: Fix copy_thread() build errors
        LoongArch: Fix the !CONFIG_SMP build
      0678afa6
    • Linus Torvalds's avatar
      iov_iter: fix build issue due to possible type mis-match · 1c27f1fc
      Linus Torvalds authored
      Commit 6c776766 ("iov_iter: Fix iter_xarray_get_pages{,_alloc}()")
      introduced a problem on some 32-bit architectures (at least arm, xtensa,
      csky,sparc and mips), that have a 'size_t' that is 'unsigned int'.
      
      The reason is that we now do
      
          min(nr * PAGE_SIZE - offset, maxsize);
      
      where 'nr' and 'offset' and both 'unsigned int', and PAGE_SIZE is
      'unsigned long'.  As a result, the normal C type rules means that the
      first argument to 'min()' ends up being 'unsigned long'.
      
      In contrast, 'maxsize' is of type 'size_t'.
      
      Now, 'size_t' and 'unsigned long' are always the same physical type in
      the kernel, so you'd think this doesn't matter, and from an actual
      arithmetic standpoint it doesn't.
      
      But on 32-bit architectures 'size_t' is commonly 'unsigned int', even if
      it could also be 'unsigned long'.  In that situation, both are unsigned
      32-bit types, but they are not the *same* type.
      
      And as a result 'min()' will complain about the distinct types (ignore
      the "pointer types" part of the error message: that's an artifact of the
      way we have made 'min()' check types for being the same):
      
        lib/iov_iter.c: In function 'iter_xarray_get_pages':
        include/linux/minmax.h:20:35: error: comparison of distinct pointer types lacks a cast [-Werror]
           20 |         (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
              |                                   ^~
        lib/iov_iter.c:1464:16: note: in expansion of macro 'min'
         1464 |         return min(nr * PAGE_SIZE - offset, maxsize);
              |                ^~~
      
      This was not visible on 64-bit architectures (where we always define
      'size_t' to be 'unsigned long').
      
      Force these cases to use 'min_t(size_t, x, y)' to make the type explicit
      and avoid the issue.
      
      [ Nit-picky note: technically 'size_t' doesn't have to match 'unsigned
        long' arithmetically. We've certainly historically seen environments
        with 16-bit address spaces and 32-bit 'unsigned long'.
      
        Similarly, even in 64-bit modern environments, 'size_t' could be its
        own type distinct from 'unsigned long', even if it were arithmetically
        identical.
      
        So the above type commentary is only really descriptive of the kernel
        environment, not some kind of universal truth for the kinds of wild
        and crazy situations that are allowed by the C standard ]
      Reported-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
      Link: https://lore.kernel.org/all/YqRyL2sIqQNDfky2@debian/
      Cc: Jeff Layton <jlayton@kernel.org>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1c27f1fc
    • Jason A. Donenfeld's avatar
      wireguard: selftests: use maximum cpu features and allow rng seeding · 17b0128a
      Jason A. Donenfeld authored
      By forcing the maximum CPU that QEMU has available, we expose additional
      capabilities, such as the RNDR instruction, which increases test
      coverage. This then allows the CI to skip the fake seeding step in some
      cases. Also enable STRICT_KERNEL_RWX to catch issues related to early
      jump labels when the RNG is initialized at boot.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      17b0128a
    • Kuan-Ying Lee's avatar
      scripts/gdb: change kernel config dumping method · 1f7a6cf6
      Kuan-Ying Lee authored
      MAGIC_START("IKCFG_ST") and MAGIC_END("IKCFG_ED") are moved out
      from the kernel_config_data variable.
      
      Thus, we parse kernel_config_data directly instead of considering
      offset of MAGIC_START and MAGIC_END.
      
      Fixes: 13610aa9 ("kernel/configs: use .incbin directive to embed config_data.gz")
      Signed-off-by: default avatarKuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      1f7a6cf6
    • Vincent Whitchurch's avatar
      um: virt-pci: set device ready in probe() · eacea844
      Vincent Whitchurch authored
      Call virtio_device_ready() to make this driver work after commit
      b4ec69d7e09 ("virtio: harden vring IRQ"), since the driver uses the
      virtqueues in the probe function.  (The virtio core sets the device
      ready when probe returns.)
      
      Fixes: 8b4ec69d ("virtio: harden vring IRQ")
      Fixes: 68f5d3f3 ("um: add PCI over virtio emulation driver")
      Signed-off-by: default avatarVincent Whitchurch <vincent.whitchurch@axis.com>
      Message-Id: <20220610151203.3492541-1-vincent.whitchurch@axis.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Tested-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      eacea844
    • Linus Torvalds's avatar
      Merge tag 'nfsd-5.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux · 0885eacd
      Linus Torvalds authored
      Pull nfsd fixes from Chuck Lever:
       "Notable changes:
      
         - There is now a backup maintainer for NFSD
      
        Notable fixes:
      
         - Prevent array overruns in svc_rdma_build_writes()
      
         - Prevent buffer overruns when encoding NFSv3 READDIR results
      
         - Fix a potential UAF in nfsd_file_put()"
      
      * tag 'nfsd-5.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
        SUNRPC: Remove pointer type casts from xdr_get_next_encode_buffer()
        SUNRPC: Clean up xdr_get_next_encode_buffer()
        SUNRPC: Clean up xdr_commit_encode()
        SUNRPC: Optimize xdr_reserve_space()
        SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
        SUNRPC: Trap RDMA segment overflows
        NFSD: Fix potential use-after-free in nfsd_file_put()
        MAINTAINERS: reciprocal co-maintainership for file locking and nfsd
      0885eacd
  5. 10 Jun, 2022 12 commits