1. 28 Aug, 2024 4 commits
  2. 27 Aug, 2024 6 commits
    • Linus Torvalds's avatar
      Merge tag 'livepatching-for-6.11-rc6' of... · 3ec3f5fc
      Linus Torvalds authored
      Merge tag 'livepatching-for-6.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching
      
      Pull livepatching fix from Petr Mladek:
       "Selftest regression fix"
      
      * tag 'livepatching-for-6.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching:
        selftests/livepatch: wait for atomic replace to occur
      3ec3f5fc
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v6.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · 41594663
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
      
       - Fix the hwirq map and pin offsets in the Qualcomm X1E80100 driver
      
       - Fix the pin range handling in the AT91 driver so it works again
      
       - Fix a NULL-dereference risk in pinctrl single
      
       - Fix a serious biasing bug in the Mediatek driver
      
       - Fix the level trigged IRQ in the StarFive JH7110
      
       - Fix the iomux width in the Rockchip GPIO2-B pin handling
      
      * tag 'pinctrl-v6.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins
        pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register
        pinctrl: qcom: x1e80100: Fix special pin offsets
        pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE
        pinctrl: single: fix potential NULL dereference in pcs_get_function()
        pinctrl: at91: make it work with current gpiolib
        pinctrl: qcom: x1e80100: Update PDC hwirq map
      41594663
    • Linus Torvalds's avatar
      Merge tag 'sound-6.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 6ace1c7e
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "It became a bit larger collection of fixes than wished at this time,
        but all changes are small and mostly device-specific fixes that should
        be fairly safe to apply.
      
        Majority of fixes are about ASoC for AMD SOF, Cirrus codecs, lpass,
        etc, in addition to the usual HD-audio quirks / fixes"
      
      * tag 'sound-6.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (22 commits)
        ALSA: hda: hda_component: Fix mutex crash if nothing ever binds
        ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED
        ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra
        ASoC: cs-amp-lib: Ignore empty UEFI calibration entries
        ASoC: cs-amp-lib-test: Force test calibration blob entries to be valid
        ALSA: hda/realtek - FIxed ALC285 headphone no sound
        ALSA: hda/realtek - Fixed ALC256 headphone no sound
        ASoC: allow module autoloading for table board_ids
        ASoC: allow module autoloading for table db1200_pids
        ALSA: hda: cs35l56: Don't use the device index as a calibration index
        ALSA: seq: Skip event type filtering for UMP events
        ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx
        ASoC: SOF: amd: Fix for acp init sequence
        ASoC: amd: acp: fix module autoloading
        ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile
        ASoC: codecs: wcd937x: Fix missing de-assert of reset GPIO
        ASoC: SOF: mediatek: Add missing board compatible
        ASoC: MAINTAINERS: Drop Banajit Goswami from Qualcomm sound drivers
        ASoC: SOF: amd: Fix for incorrect acp error register offsets
        ASoC: SOF: amd: move iram-dram fence register programming sequence
        ...
      6ace1c7e
    • Stefan Berger's avatar
      tpm: ibmvtpm: Call tpm2_sessions_init() to initialize session support · 08d08e2e
      Stefan Berger authored
      Commit d2add27c ("tpm: Add NULL primary creation") introduced
      CONFIG_TCG_TPM2_HMAC. When this option is enabled on ppc64 then the
      following message appears in the kernel log due to a missing call to
      tpm2_sessions_init().
      
      [    2.654549] tpm tpm0: auth session is not active
      
      Add the missing call to tpm2_session_init() to the ibmvtpm driver to
      resolve this issue.
      
      Cc: stable@vger.kernel.org # v6.10+
      Fixes: d2add27c ("tpm: Add NULL primary creation")
      Signed-off-by: default avatarStefan Berger <stefanb@linux.ibm.com>
      Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      08d08e2e
    • Filipe Manana's avatar
      btrfs: fix uninitialized return value from btrfs_reclaim_sweep() · ecb54277
      Filipe Manana authored
      The return variable 'ret' at btrfs_reclaim_sweep() is never assigned if
      none of the space infos is reclaimable (for example if periodic reclaim
      is disabled, which is the default), so we return an undefined value.
      
      This can be fixed my making btrfs_reclaim_sweep() not return any value
      as well as do_reclaim_sweep() because:
      
      1) do_reclaim_sweep() always returns 0, so we can make it return void;
      
      2) The only caller of btrfs_reclaim_sweep() (btrfs_reclaim_bgs()) doesn't
         care about its return value, and in its context there's nothing to do
         about any errors anyway.
      
      Therefore remove the return value from btrfs_reclaim_sweep() and
      do_reclaim_sweep().
      
      Fixes: e4ca3932 ("btrfs: periodic block_group reclaim")
      Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      ecb54277
    • Linus Torvalds's avatar
      Merge tag 'vfs-6.11-rc6.fixes' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs · 3e9bff3b
      Linus Torvalds authored
      Pull vfs fixes from Christian Brauner:
       "VFS:
      
         - Ensure that backing files uses file->f_ops->splice_write() for
           splice
      
        netfs:
      
         - Revert the removal of PG_private_2 from netfs_release_folio() as
           cephfs still relies on this
      
         - When AS_RELEASE_ALWAYS is set on a mapping the folio needs to
           always be invalidated during truncation
      
         - Fix losing untruncated data in a folio by making letting
           netfs_release_folio() return false if the folio is dirty
      
         - Fix trimming of streaming-write folios in netfs_inval_folio()
      
         - Reset iterator before retrying a short read
      
         - Fix interaction of streaming writes with zero-point tracker
      
        afs:
      
         - During truncation afs currently calls truncate_setsize() which sets
           i_size, expands the pagecache and truncates it. The first two
           operations aren't needed because they will have already been done.
           So call truncate_pagecache() instead and skip the redundant parts
      
        overlayfs:
      
         - Fix checking of the number of allowed lower layers so 500 layers
           can actually be used instead of just 499
      
         - Add missing '\n' to pr_err() output
      
         - Pass string to ovl_parse_layer() and thus allow it to be used for
           Opt_lowerdir as well
      
        pidfd:
      
         - Revert blocking the creation of pidfds for kthread as apparently
           userspace relies on this. Specifically, it breaks systemd during
           shutdown
      
        romfs:
      
         - Fix romfs_read_folio() to use the correct offset with
           folio_zero_tail()"
      
      * tag 'vfs-6.11-rc6.fixes' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs:
        netfs: Fix interaction of streaming writes with zero-point tracker
        netfs: Fix missing iterator reset on retry of short read
        netfs: Fix trimming of streaming-write folios in netfs_inval_folio()
        netfs: Fix netfs_release_folio() to say no if folio dirty
        afs: Fix post-setattr file edit to do truncation correctly
        mm: Fix missing folio invalidation calls during truncation
        ovl: ovl_parse_param_lowerdir: Add missed '\n' for pr_err
        ovl: fix wrong lowerdir number check for parameter Opt_lowerdir
        ovl: pass string to ovl_parse_layer()
        backing-file: convert to using fops->splice_write
        Revert "pidfd: prevent creation of pidfds for kthreads"
        romfs: fix romfs_read_folio()
        netfs, ceph: Partially revert "netfs: Replace PG_fscache by setting folio->private and marking dirty"
      3e9bff3b
  3. 26 Aug, 2024 9 commits
    • Qu Wenruo's avatar
      btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() · 10d9d8c3
      Qu Wenruo authored
      [BUG]
      There is an internal report that KASAN is reporting use-after-free, with
      the following backtrace:
      
        BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]
        Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45
        CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76
        Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
        Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]
        Call Trace:
         dump_stack_lvl+0x61/0x80
         print_address_description.constprop.0+0x5e/0x2f0
         print_report+0x118/0x216
         kasan_report+0x11d/0x1f0
         btrfs_check_read_bio+0xa68/0xb70 [btrfs]
         process_one_work+0xce0/0x12a0
         worker_thread+0x717/0x1250
         kthread+0x2e3/0x3c0
         ret_from_fork+0x2d/0x70
         ret_from_fork_asm+0x11/0x20
      
        Allocated by task 20917:
         kasan_save_stack+0x37/0x60
         kasan_save_track+0x10/0x30
         __kasan_slab_alloc+0x7d/0x80
         kmem_cache_alloc_noprof+0x16e/0x3e0
         mempool_alloc_noprof+0x12e/0x310
         bio_alloc_bioset+0x3f0/0x7a0
         btrfs_bio_alloc+0x2e/0x50 [btrfs]
         submit_extent_page+0x4d1/0xdb0 [btrfs]
         btrfs_do_readpage+0x8b4/0x12a0 [btrfs]
         btrfs_readahead+0x29a/0x430 [btrfs]
         read_pages+0x1a7/0xc60
         page_cache_ra_unbounded+0x2ad/0x560
         filemap_get_pages+0x629/0xa20
         filemap_read+0x335/0xbf0
         vfs_read+0x790/0xcb0
         ksys_read+0xfd/0x1d0
         do_syscall_64+0x6d/0x140
         entry_SYSCALL_64_after_hwframe+0x4b/0x53
      
        Freed by task 20917:
         kasan_save_stack+0x37/0x60
         kasan_save_track+0x10/0x30
         kasan_save_free_info+0x37/0x50
         __kasan_slab_free+0x4b/0x60
         kmem_cache_free+0x214/0x5d0
         bio_free+0xed/0x180
         end_bbio_data_read+0x1cc/0x580 [btrfs]
         btrfs_submit_chunk+0x98d/0x1880 [btrfs]
         btrfs_submit_bio+0x33/0x70 [btrfs]
         submit_one_bio+0xd4/0x130 [btrfs]
         submit_extent_page+0x3ea/0xdb0 [btrfs]
         btrfs_do_readpage+0x8b4/0x12a0 [btrfs]
         btrfs_readahead+0x29a/0x430 [btrfs]
         read_pages+0x1a7/0xc60
         page_cache_ra_unbounded+0x2ad/0x560
         filemap_get_pages+0x629/0xa20
         filemap_read+0x335/0xbf0
         vfs_read+0x790/0xcb0
         ksys_read+0xfd/0x1d0
         do_syscall_64+0x6d/0x140
         entry_SYSCALL_64_after_hwframe+0x4b/0x53
      
      [CAUSE]
      Although I cannot reproduce the error, the report itself is good enough
      to pin down the cause.
      
      The call trace is the regular endio workqueue context, but the
      free-by-task trace is showing that during btrfs_submit_chunk() we
      already hit a critical error, and is calling btrfs_bio_end_io() to error
      out.  And the original endio function called bio_put() to free the whole
      bio.
      
      This means a double freeing thus causing use-after-free, e.g.:
      
      1. Enter btrfs_submit_bio() with a read bio
         The read bio length is 128K, crossing two 64K stripes.
      
      2. The first run of btrfs_submit_chunk()
      
      2.1 Call btrfs_map_block(), which returns 64K
      2.2 Call btrfs_split_bio()
          Now there are two bios, one referring to the first 64K, the other
          referring to the second 64K.
      2.3 The first half is submitted.
      
      3. The second run of btrfs_submit_chunk()
      
      3.1 Call btrfs_map_block(), which by somehow failed
          Now we call btrfs_bio_end_io() to handle the error
      
      3.2 btrfs_bio_end_io() calls the original endio function
          Which is end_bbio_data_read(), and it calls bio_put() for the
          original bio.
      
          Now the original bio is freed.
      
      4. The submitted first 64K bio finished
         Now we call into btrfs_check_read_bio() and tries to advance the bio
         iter.
         But since the original bio (thus its iter) is already freed, we
         trigger the above use-after free.
      
         And even if the memory is not poisoned/corrupted, we will later call
         the original endio function, causing a double freeing.
      
      [FIX]
      Instead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),
      which has the extra check on split bios and do the proper refcounting
      for cloned bios.
      
      Furthermore there is already one extra btrfs_cleanup_bio() call, but
      that is duplicated to btrfs_orig_bbio_end_io() call, so remove that
      label completely.
      Reported-by: default avatarDavid Sterba <dsterba@suse.com>
      Fixes: 852eee62 ("btrfs: allow btrfs_submit_bio to split bios")
      CC: stable@vger.kernel.org # 6.6+
      Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarQu Wenruo <wqu@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      10d9d8c3
    • Jeff Layton's avatar
      fs/nfsd: fix update of inode attrs in CB_GETATTR · 7e8ae848
      Jeff Layton authored
      Currently, we copy the mtime and ctime to the in-core inode and then
      mark the inode dirty. This is fine for certain types of filesystems, but
      not all. Some require a real setattr to properly change these values
      (e.g. ceph or reexported NFS).
      
      Fix this code to call notify_change() instead, which is the proper way
      to effect a setattr. There is one problem though:
      
      In this case, the client is holding a write delegation and has sent us
      attributes to update our cache. We don't want to break the delegation
      for this since that would defeat the purpose. Add a new ATTR_DELEG flag
      that makes notify_change bypass the try_break_deleg call.
      
      Fixes: c5967721 ("NFSD: handle GETATTR conflict with write delegation")
      Reviewed-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      7e8ae848
    • Jeff Layton's avatar
      nfsd: fix potential UAF in nfsd4_cb_getattr_release · 1116e0e3
      Jeff Layton authored
      Once we drop the delegation reference, the fields embedded in it are no
      longer safe to access. Do that last.
      
      Fixes: c5967721 ("NFSD: handle GETATTR conflict with write delegation")
      Signed-off-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      1116e0e3
    • Jeff Layton's avatar
      nfsd: hold reference to delegation when updating it for cb_getattr · da05ba23
      Jeff Layton authored
      Once we've dropped the flc_lock, there is nothing that ensures that the
      delegation that was found will still be around later. Take a reference
      to it while holding the lock and then drop it when we've finished with
      the delegation.
      
      Fixes: c5967721 ("NFSD: handle GETATTR conflict with write delegation")
      Signed-off-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      da05ba23
    • Chuck Lever's avatar
      f25d1b5f
    • David Sterba's avatar
      btrfs: initialize last_extent_end to fix -Wmaybe-uninitialized warning in extent_fiemap() · 33f58a04
      David Sterba authored
      There's a warning (probably on some older compiler version):
      
      fs/btrfs/fiemap.c: warning: 'last_extent_end' may be used uninitialized in this function [-Wmaybe-uninitialized]:  => 822:19
      
      Initialize the variable to 0 although it's not necessary as it's either
      properly set or not used after an error. The called function is in the
      same file so this is a false alert but we want to fix all
      -Wmaybe-uninitialized reports.
      
      Link: https://lore.kernel.org/all/20240819070639.2558629-1-geert@linux-m68k.org/Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      33f58a04
    • Ryan Sullivan's avatar
      selftests/livepatch: wait for atomic replace to occur · 052f3951
      Ryan Sullivan authored
      On some machines with a large number of CPUs there is a sizable delay
      between an atomic replace occurring and when sysfs updates accordingly.
      This fix uses 'loop_until' to wait for the atomic replace to unload all
      previous livepatches.
      Reported-by: default avatarCKI Project <cki-project@redhat.com>
      Closes: https://datawarehouse.cki-project.org/kcidb/tests/redhat:1413102084-x86_64-kernel_upt_28Signed-off-by: default avatarRyan Sullivan <rysulliv@redhat.com>
      Reviewed-by: default avatarPetr Mladek <pmladek@suse.com>
      Acked-by: default avatarJoe Lawrence <joe.lawrence@redhat.com>
      Link: https://lore.kernel.org/r/20240822173122.14760-1-rysulliv@redhat.comSigned-off-by: default avatarPetr Mladek <pmladek@suse.com>
      052f3951
    • Richard Fitzgerald's avatar
      ALSA: hda: hda_component: Fix mutex crash if nothing ever binds · 28b329f4
      Richard Fitzgerald authored
      Move the initialization of parent->mutex into
      hda_component_manager_init() so that it is always valid.
      
      In hda_component_manager_bind() do not clear the parent information.
      Only zero-fill the per-component data ready for it to be filled in
      by the components as they bind.
      
      Previously parent->mutex was being initialized only in
      hda_component_manager_bind(). This meant that it was only
      initialized if all components appeared and there was a bind callback.
      If there wasn't a bind the mutex object was not valid when the
      Realtek driver called any of the other functions.
      Signed-off-by: default avatarRichard Fitzgerald <rf@opensource.cirrus.com>
      Fixes: 047b9cbb ("ALSA: hda: hda_component: Protect shared data with a mutex")
      Link: https://patch.msgid.link/20240826094940.45563-1-rf@opensource.cirrus.comSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      28b329f4
    • Hendrik Borghorst's avatar
      ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED · 2dc43c5e
      Hendrik Borghorst authored
      This patch adds the HP Pavilion Aero 13 (13-bg0xxx) (year 2024) to list of
      quirks for keyboard LED mute indication.
      
      The laptop has two LEDs (one for speaker and one for mic mute). The
      pre-existing quirk ALC245_FIXUP_HP_X360_MUTE_LEDS chains both the quirk for
      mic and speaker mute.
      
      Tested on 6.11.0-rc4 with the aforementioned laptop.
      Signed-off-by: default avatarHendrik Borghorst <hendrikborghorst@gmail.com>
      Cc: <stable@vger.kernel.org>
      Link: https://patch.msgid.link/20240825174351.5687-1-hendrikborghorst@gmail.comSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      2dc43c5e
  4. 25 Aug, 2024 11 commits
    • Josef Bacik's avatar
      btrfs: run delayed iputs when flushing delalloc · 2d344726
      Josef Bacik authored
      We have transient failures with btrfs/301, specifically in the part
      where we do
      
        for i in $(seq 0 10); do
      	  write 50m to file
      	  rm -f file
        done
      
      Sometimes this will result in a transient quota error, and it's because
      sometimes we start writeback on the file which results in a delayed
      iput, and thus the rm doesn't actually clean the file up.  When we're
      flushing the quota space we need to run the delayed iputs to make sure
      all the unlinks that we think have completed have actually completed.
      This removes the small window where we could fail to find enough space
      in our quota.
      
      CC: stable@vger.kernel.org # 5.15+
      Reviewed-by: default avatarQu Wenruo <wqu@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      2d344726
    • YOUNGJIN JOO's avatar
      ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra · 44ceabde
      YOUNGJIN JOO authored
      144d:c1cc requires the same workaround to enable the speaker amp
      as other Samsung models with the ALC298 codec.
      Signed-off-by: default avatarYOUNGJIN JOO <neoelec@gmail.com>
      Cc: <stable@vger.kernel.org>
      Link: https://patch.msgid.link/20240825092515.28728-1-neoelec@gmail.comSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      44ceabde
    • David Howells's avatar
      cifs: Fix FALLOC_FL_PUNCH_HOLE support · 416871f4
      David Howells authored
      The cifs filesystem doesn't quite emulate FALLOC_FL_PUNCH_HOLE correctly
      (note that due to lack of protocol support, it can't actually implement it
      directly).  Whilst it will (partially) invalidate dirty folios in the
      pagecache, it doesn't write them back first, and so the EOF marker on the
      server may be lower than inode->i_size.
      
      This presents a problem, however, as if the punched hole invalidates the
      tail of the locally cached dirty data, writeback won't know it needs to
      move the EOF over to account for the hole punch (which isn't supposed to
      move the EOF).  We could just write zeroes over the punched out region of
      the pagecache and write that back - but this is supposed to be a
      deallocatory operation.
      
      Fix this by manually moving the EOF over on the server after the operation
      if the hole punched would corrupt it.
      
      Note that the FSCTL_SET_ZERO_DATA RPC and the setting of the EOF should
      probably be compounded to stop a third party interfering (or, at least,
      massively reduce the chance).
      
      This was reproducible occasionally by using fsx with the following script:
      
      	truncate 0x0 0x375e2 0x0
      	punch_hole 0x2f6d3 0x6ab5 0x375e2
      	truncate 0x0 0x3a71f 0x375e2
      	mapread 0xee05 0xcf12 0x3a71f
      	write 0x2078e 0x5604 0x3a71f
      	write 0x3ebdf 0x1421 0x3a71f *
      	punch_hole 0x379d0 0x8630 0x40000 *
      	mapread 0x2aaa2 0x85b 0x40000
      	fallocate 0x1b401 0x9ada 0x40000
      	read 0x15f2 0x7d32 0x40000
      	read 0x32f37 0x7a3b 0x40000 *
      
      The second "write" should extend the EOF to 0x40000, and the "punch_hole"
      should operate inside of that - but that depends on whether the VM gets in
      and writes back the data first.  If it doesn't, the file ends up 0x3a71f in
      size, not 0x40000.
      
      Fixes: 31742c5a ("enable fallocate punch hole ("fallocate -p") for SMB3")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Steve French <sfrench@samba.org>
      cc: Paulo Alcantara <pc@manguebit.com>
      cc: Shyam Prasad N <nspmangalore@gmail.com>
      cc: Jeff Layton <jlayton@kernel.org>
      cc: linux-cifs@vger.kernel.org
      cc: netfs@lists.linux.dev
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      416871f4
    • Stefan Metzmacher's avatar
      smb/client: fix rdma usage in smb2_async_writev() · 017d1701
      Stefan Metzmacher authored
      rqst.rq_iter needs to be truncated otherwise we'll
      also send the bytes into the stream socket...
      
      This is the logic behind rqst.rq_npages = 0, which was removed in
      "cifs: Change the I/O paths to use an iterator rather than a page list"
      (d08089f6).
      
      Cc: stable@vger.kernel.org
      Fixes: d08089f6 ("cifs: Change the I/O paths to use an iterator rather than a page list")
      Reviewed-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarStefan Metzmacher <metze@samba.org>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      017d1701
    • Stefan Metzmacher's avatar
      smb/client: remove unused rq_iter_size from struct smb_rqst · b608e2c3
      Stefan Metzmacher authored
      Reviewed-by: default avatarDavid Howells <dhowells@redhat.com>
      Fixes: d08089f6 ("cifs: Change the I/O paths to use an iterator rather than a page list")
      Signed-off-by: default avatarStefan Metzmacher <metze@samba.org>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      b608e2c3
    • Stefan Metzmacher's avatar
      smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() · c724b2ab
      Stefan Metzmacher authored
      This happens when called from SMB2_read() while using rdma
      and reaching the rdma_readwrite_threshold.
      
      Cc: stable@vger.kernel.org
      Fixes: a6559cc1 ("cifs: split out smb3_use_rdma_offload() helper")
      Reviewed-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarStefan Metzmacher <metze@samba.org>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      c724b2ab
    • Linus Torvalds's avatar
      Linux 6.11-rc5 · 5be63fc1
      Linus Torvalds authored
      5be63fc1
    • Linus Torvalds's avatar
      Merge tag 'bcachefs-2024-08-24' of git://evilpiepirate.org/bcachefs · 72bea05c
      Linus Torvalds authored
      Pull bcachefs fixes from Kent Overstreet:
      
       - assorted syzbot fixes
      
       - some upgrade fixes for old (pre 1.0) filesystems
      
       - fix for moving data off a device that was switched to durability=0
         after data had been written to it.
      
       - nocow deadlock fix
      
       - fix for new rebalance_work accounting
      
      * tag 'bcachefs-2024-08-24' of git://evilpiepirate.org/bcachefs: (28 commits)
        bcachefs: Fix rebalance_work accounting
        bcachefs: Fix failure to flush moves before sleeping in copygc
        bcachefs: don't use rht_bucket() in btree_key_cache_scan()
        bcachefs: add missing inode_walker_exit()
        bcachefs: clear path->should_be_locked in bch2_btree_key_cache_drop()
        bcachefs: Fix double assignment in check_dirent_to_subvol()
        bcachefs: Fix refcounting in discard path
        bcachefs: Fix compat issue with old alloc_v4 keys
        bcachefs: Fix warning in bch2_fs_journal_stop()
        fs/super.c: improve get_tree() error message
        bcachefs: Fix missing validation in bch2_sb_journal_v2_validate()
        bcachefs: Fix replay_now_at() assert
        bcachefs: Fix locking in bch2_ioc_setlabel()
        bcachefs: fix failure to relock in btree_node_fill()
        bcachefs: fix failure to relock in bch2_btree_node_mem_alloc()
        bcachefs: unlock_long() before resort in journal replay
        bcachefs: fix missing bch2_err_str()
        bcachefs: fix time_stats_to_text()
        bcachefs: Fix bch2_bucket_gens_init()
        bcachefs: Fix bch2_trigger_alloc assert
        ...
      72bea05c
    • Linus Torvalds's avatar
      Merge tag '6.11-rc5-server-fixes' of git://git.samba.org/ksmbd · 780bdc1b
      Linus Torvalds authored
      Pull smb server fixes from Steve French:
      
       - query directory flex array fix
      
       - fix potential null ptr reference in open
      
       - fix error message in some open cases
      
       - two minor cleanups
      
      * tag '6.11-rc5-server-fixes' of git://git.samba.org/ksmbd:
        smb/server: update misguided comment of smb2_allocate_rsp_buf()
        smb/server: remove useless assignment of 'file_present' in smb2_open()
        smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
        smb/server: fix return value of smb2_open()
        ksmbd: the buffer of smb2 query dir response has at least 1 byte
      780bdc1b
    • Linus Torvalds's avatar
      Merge tag 's390-6.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 48fb4b3d
      Linus Torvalds authored
      Pull s390 fixes from Vasily Gorbik:
      
       - Fix KASLR base offset to account for symbol offsets in the vmlinux
         ELF file, preventing tool breakages like the drgn debugger
      
       - Fix potential memory corruption of physmem_info during kernel
         physical address randomization
      
       - Fix potential memory corruption due to overlap between the relocated
         lowcore and identity mapping by correctly reserving lowcore memory
      
       - Fix performance regression and avoid randomizing identity mapping
         base by default
      
       - Fix unnecessary delay of AP bus binding complete uevent to prevent
         startup lag in KVM guests using AP
      
      * tag 's390-6.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/boot: Fix KASLR base offset off by __START_KERNEL bytes
        s390/boot: Avoid possible physmem_info segment corruption
        s390/ap: Refine AP bus bindings complete processing
        s390/mm: Pin identity mapping base to zero
        s390/mm: Prevent lowcore vs identity mapping overlap
      48fb4b3d
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 891e811a
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "The important core fix is another tweak to our discard discovery
        issues. The off by 512 in logical block count seems bad, but in fact
        the inline was only ever used in debug prints, which is why no-one
        noticed"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: sd: Do not attempt to configure discard unless LBPME is set
        scsi: MAINTAINERS: Add header files to SCSI SUBSYSTEM
        scsi: ufs: qcom: Add UFSHCD_QUIRK_BROKEN_LSDBS_CAP for SM8550 SoC
        scsi: ufs: core: Add a quirk for handling broken LSDBS field in controller capabilities register
        scsi: core: Fix the return value of scsi_logical_block_count()
        scsi: MAINTAINERS: Update HiSilicon SAS controller driver maintainer
      891e811a
  5. 24 Aug, 2024 10 commits