1. 31 Jul, 2024 2 commits
    • Linus Torvalds's avatar
      Merge tag 'for-6.11-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · e4fc196f
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
      
       - fix regression in extent map rework when handling insertion of
         overlapping compressed extent
      
       - fix unexpected file length when appending to a file using direct io
         and buffer not faulted in
      
       - in zoned mode, fix accounting of unusable space when flipping
         read-only block group back to read-write
      
       - fix page locking when COWing an inline range, assertion failure found
         by syzbot
      
       - fix calculation of space info in debugging print
      
       - tree-checker, add validation of data reference item
      
       - fix a few -Wmaybe-uninitialized build warnings
      
      * tag 'for-6.11-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry()
        btrfs: fix corruption after buffer fault in during direct IO append write
        btrfs: zoned: fix zone_unusable accounting on making block group read-write again
        btrfs: do not subtract delalloc from avail bytes
        btrfs: make cow_file_range_inline() honor locked_page on error
        btrfs: fix corrupt read due to bad offset of a compressed extent map
        btrfs: tree-checker: validate dref root and objectid
      e4fc196f
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v6.11-2024-07-30' of... · e254e0c5
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v6.11-2024-07-30' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools
      
      Pull perf tools fixes from Namhyung Kim:
       "Some more build fixes and a random crash fix:
      
         - Fix cross-build by setting pkg-config env according to the arch
      
         - Fix static build for missing library dependencies
      
         - Fix Segfault when callchain has no symbols"
      
      * tag 'perf-tools-fixes-for-v6.11-2024-07-30' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools:
        perf docs: Document cross compilation
        perf: build: Link lib 'zstd' for static build
        perf: build: Link lib 'lzma' for static build
        perf: build: Only link libebl.a for old libdw
        perf: build: Set Python configuration for cross compilation
        perf: build: Setup PKG_CONFIG_LIBDIR for cross compilation
        perf tool: fix dereferencing NULL al->maps
      e254e0c5
  2. 30 Jul, 2024 4 commits
    • Linus Torvalds's avatar
      Merge tag 'chrome-platform-fixes-for-v6.11-rc2' of... · c91a7dee
      Linus Torvalds authored
      Merge tag 'chrome-platform-fixes-for-v6.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux
      
      Pull chrome-platform fix from Tzung-Bi Shih:
       "Fix a race condition that sends multiple host commands at a time"
      
      * tag 'chrome-platform-fixes-for-v6.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux:
        platform/chrome: cros_ec_proto: Lock device when updating MKBP version
      c91a7dee
    • Linus Torvalds's avatar
      minmax: improve macro expansion and type checking · 22f54687
      Linus Torvalds authored
      This clarifies the rules for min()/max()/clamp() type checking and makes
      them a much more efficient macro expansion.
      
      In particular, we now look at the type and range of the inputs to see
      whether they work together, generating a mask of acceptable comparisons,
      and then just verifying that the inputs have a shared case:
      
       - an expression with a signed type can be used for
          (1) signed comparisons
          (2) unsigned comparisons if it is statically known to have a
              non-negative value
      
       - an expression with an unsigned type can be used for
          (3) unsigned comparison
          (4) signed comparisons if the type is smaller than 'int' and thus
              the C integer promotion rules will make it signed anyway
      
      Here rule (1) and (3) are obvious, and rule (2) is important in order to
      allow obvious trivial constants to be used together with unsigned
      values.
      
      Rule (4) is not necessarily a good idea, but matches what we used to do,
      and we have extant cases of this situation in the kernel.  Notably with
      bcachefs having an expression like
      
      	min(bch2_bucket_sectors_dirty(a), ca->mi.bucket_size)
      
      where bch2_bucket_sectors_dirty() returns an 's64', and
      'ca->mi.bucket_size' is of type 'u16'.
      
      Technically that bcachefs comparison is clearly sensible on a C type
      level, because the 'u16' will go through the normal C integer promotion,
      and become 'int', and then we're comparing two signed values and
      everything looks sane.
      
      However, it's not entirely clear that a 'min(s64,u16)' operation makes a
      lot of conceptual sense, and it's possible that we will remove rule (4).
      After all, the _reason_ we have these complicated type checks is exactly
      that the C type promotion rules are not very intuitive.
      
      But at least for now the rule is in place for backwards compatibility.
      
      Also note that rule (2) existed before, but is hugely relaxed by this
      commit.  It used to be true only for the simplest compile-time
      non-negative integer constants.  The new macro model will allow cases
      where the compiler can trivially see that an expression is non-negative
      even if it isn't necessarily a constant.
      
      For example, the amdgpu driver does
      
      	min_t(size_t, sizeof(fru_info->serial), pia[addr] & 0x3F));
      
      because our old 'min()' macro would see that 'pia[addr] & 0x3F' is of
      type 'int' and clearly not a C constant expression, so doing a 'min()'
      with a 'size_t' is a signedness violation.
      
      Our new 'min()' macro still sees that 'pia[addr] & 0x3F' is of type
      'int', but is smart enough to also see that it is clearly non-negative,
      and thus would allow that case without any complaints.
      
      Cc: Arnd Bergmann <arnd@kernel.org>
      Cc: David Laight <David.Laight@aculab.com>
      Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      22f54687
    • David Sterba's avatar
      btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() · b8e947e9
      David Sterba authored
      Some arch + compiler combinations report a potentially unused variable
      location in btrfs_lookup_dentry(). This is a false alert as the variable
      is passed by value and always valid or there's an error. The compilers
      cannot probably reason about that although btrfs_inode_by_name() is in
      the same file.
      
         >  + /kisskb/src/fs/btrfs/inode.c: error: 'location.objectid' may be used
         +uninitialized in this function [-Werror=maybe-uninitialized]:  => 5603:9
         >  + /kisskb/src/fs/btrfs/inode.c: error: 'location.type' may be used
         +uninitialized in this function [-Werror=maybe-uninitialized]:  => 5674:5
      
         m68k-gcc8/m68k-allmodconfig
         mips-gcc8/mips-allmodconfig
         powerpc-gcc5/powerpc-all{mod,yes}config
         powerpc-gcc5/ppc64_defconfig
      
      Initialize it to zero, this should fix the warnings and won't change the
      behaviour as btrfs_inode_by_name() accepts only a root or inode item
      types, otherwise returns an error.
      Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Tested-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Link: https://lore.kernel.org/linux-btrfs/bd4e9928-17b3-9257-8ba7-6b7f9bbb639a@linux-m68k.org/Reviewed-by: default avatarQu Wenruo <wqu@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      b8e947e9
    • Patryk Duda's avatar
      platform/chrome: cros_ec_proto: Lock device when updating MKBP version · df615907
      Patryk Duda authored
      The cros_ec_get_host_command_version_mask() function requires that the
      caller must have ec_dev->lock mutex before calling it. This requirement
      was not met and as a result it was possible that two commands were sent
      to the device at the same time.
      
      The problem was observed while using UART backend which doesn't use any
      additional locks, unlike SPI backend which locks the controller until
      response is received.
      
      Fixes: f74c7557 ("platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPatryk Duda <patrykd@google.com>
      Link: https://lore.kernel.org/r/20240730104425.607083-1-patrykd@google.comSigned-off-by: default avatarTzung-Bi Shih <tzungbi@kernel.org>
      df615907
  3. 29 Jul, 2024 15 commits
    • Linus Torvalds's avatar
      profiling: remove stale percpu flip buffer variables · 94ede2a3
      Linus Torvalds authored
      For some reason I didn't see this issue on my arm64 or x86-64 builds,
      but Stephen Rothwell reports that commit 2accfdb7 ("profiling:
      attempt to remove per-cpu profile flip buffer") left these static
      variables around, and the powerpc build is unhappy about them:
      
        kernel/profile.c:52:28: warning: 'cpu_profile_flip' defined but not used [-Wunused-variable]
           52 | static DEFINE_PER_CPU(int, cpu_profile_flip);
              |                            ^~~~~~~~~~~~~~~~
        ..
      
      So remove these stale left-over remnants too.
      
      Fixes: 2accfdb7 ("profiling: attempt to remove per-cpu profile flip buffer")
      Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      94ede2a3
    • Linus Torvalds's avatar
      Merge tag 'for-linus-2024072901' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid · 6b5faec9
      Linus Torvalds authored
      Pull HID fixes from Benjamin Tissoires:
      
       - fixes for HID-BPF after the merge with the bpf tree (Arnd Bergmann
         and Benjamin Tissoires)
      
       - some tool type fix for the Wacom driver (Tatsunosuke Tobita)
      
       - a reorder of the sensor discovery to ensure the HID AMD SFH is
         removed when no sensors are available (Basavaraj Natikar)
      
      * tag 'for-linus-2024072901' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
        selftests/hid: add test for attaching multiple time the same struct_ops
        HID: bpf: prevent the same struct_ops to be attached more than once
        selftests/hid: disable struct_ops auto-attach
        selftests/hid: fix bpf_wq new API
        HID: amd_sfh: Move sensor discovery before HID device initialization
        hid: bpf: add BPF_JIT dependency
        HID: wacom: more appropriate tool type categorization
        HID: wacom: Modify pen IDs
      6b5faec9
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 10826505
      Linus Torvalds authored
      Pull virtio fixes from Michael Tsirkin:
       "The biggest thing here is the adminq change - but it looks like the
        only way to avoid headq blocking causing indefinite stalls.
      
        This fixes three issues:
      
         - Prevent admin commands on one VF blocking another.
      
           This prevents a bad VF from blocking a good one, as well as fixing
           a scalability issue with large # of VFs
      
         - Correctly return error on command failure on octeon. We used to
           treat failed commands as a success.
      
         - Fix modpost warning when building virtio_dma_buf. Harmless, but the
           fix is trivial"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        virtio_pci_modern: remove admin queue serialization lock
        virtio_pci_modern: use completion instead of busy loop to wait on admin cmd result
        virtio_pci_modern: pass cmd as an identification token
        virtio_pci_modern: create admin queue of queried size
        virtio: create admin queues alongside other virtqueues
        virtio_pci: pass vq info as an argument to vp_setup_vq()
        virtio: push out code to vp_avq_index()
        virtio_pci_modern: treat vp_dev->admin_vq.info.vq pointer as static
        virtio_pci: introduce vector allocation fallback for slow path virtqueues
        virtio_pci: pass vector policy enum to vp_find_one_vq_msix()
        virtio_pci: pass vector policy enum to vp_find_vqs_msix()
        virtio_pci: simplify vp_request_msix_vectors() call a bit
        virtio_pci: push out single vq find code to vp_find_one_vq_msix()
        vdpa/octeon_ep: Fix error code in octep_process_mbox()
        virtio: add missing MODULE_DESCRIPTION() macro
      10826505
    • Linus Torvalds's avatar
      task_work: make TWA_NMI_CURRENT handling conditional on IRQ_WORK · cec6937d
      Linus Torvalds authored
      The TWA_NMI_CURRENT handling very much depends on IRQ_WORK, but that
      isn't universally enabled everywhere.
      
      Maybe the IRQ_WORK infrastructure should just be unconditional - x86
      ends up indirectly enabling it through unconditionally enabling
      PERF_EVENTS, for example.  But it also gets enabled by having SMP
      support, or even if you just have PRINTK enabled.
      
      But in the meantime TWA_NMI_CURRENT causes tons of build failures on
      various odd minimal configs.  Which did show up in linux-next, but
      despite that nobody bothered to fix it or even inform me until -rc1 was
      out.
      
      Fixes: 466e4d80 ("task_work: Add TWA_NMI_CURRENT as an additional notify mode")
      Reported-by: default avatarNaresh Kamboju <naresh.kamboju@linaro.org>
      Reported-by: default avatarkernelci.org bot <bot@kernelci.org>
      Reported-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cec6937d
    • Linus Torvalds's avatar
      profiling: attempt to remove per-cpu profile flip buffer · 2accfdb7
      Linus Torvalds authored
      This is the really old legacy kernel profiling code, which has long
      since been obviated by "real profiling" (ie 'prof' and company), and
      mainly remains as a source of syzbot reports.
      
      There are anecdotal reports that people still use it for boot-time
      profiling, but it's unlikely that such use would care about the old NUMA
      optimizations in this code from 2004 (commit ad02973d: "profile: 512x
      Altix timer interrupt livelock fix" in the BK import archive at [1])
      
      So in order to head off future syzbot reports, let's try to simplify
      this code and get rid of the per-cpu profile buffers that are quite a
      large portion of the complexity footprint of this thing (including CPU
      hotplug callbacks etc).
      
      It's unlikely anybody will actually notice, or possibly, as Thomas put
      it: "Only people who indulge in nostalgia will notice :)".
      
      That said, if it turns out that this code is actually actively used by
      somebody, we can always revert this removal.  Thus the "attempt" in the
      summary line.
      
      [ Note: in a small nod to "the profiling code can cause NUMA problems",
        this also removes the "increment the last entry in the profiling array
        on any unknown hits" logic. That would account any program counter in
        a module to that single counter location, and might exacerbate any
        NUMA cacheline bouncing issues ]
      
      Link: https://lore.kernel.org/all/CAHk-=wgs52BxT4Zjmjz8aNvHWKxf5_ThBY4bYL1Y6CTaNL2dTw@mail.gmail.com/
      Link:  https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git [1]
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      2accfdb7
    • Tetsuo Handa's avatar
      profiling: remove prof_cpu_mask · 7c51f7bb
      Tetsuo Handa authored
      syzbot is reporting uninit-value at profile_hits(), for there is a race
      window between
      
        if (!alloc_cpumask_var(&prof_cpu_mask, GFP_KERNEL))
          return -ENOMEM;
        cpumask_copy(prof_cpu_mask, cpu_possible_mask);
      
      in profile_init() and
      
        cpumask_available(prof_cpu_mask) &&
        cpumask_test_cpu(smp_processor_id(), prof_cpu_mask))
      
      in profile_tick(); prof_cpu_mask remains uninitialzed until cpumask_copy()
      completes while cpumask_available(prof_cpu_mask) returns true as soon as
      alloc_cpumask_var(&prof_cpu_mask) completes.
      
      We could replace alloc_cpumask_var() with zalloc_cpumask_var() and
      call cpumask_copy() from create_proc_profile() on only UP kernels, for
      profile_online_cpu() calls cpumask_set_cpu() as needed via
      cpuhp_setup_state(CPUHP_AP_ONLINE_DYN) on SMP kernels. But this patch
      removes prof_cpu_mask because it seems unnecessary.
      
      The cpumask_test_cpu(smp_processor_id(), prof_cpu_mask) test
      in profile_tick() is likely always true due to
      
        a CPU cannot call profile_tick() if that CPU is offline
      
      and
      
        cpumask_set_cpu(cpu, prof_cpu_mask) is called when that CPU becomes
        online and cpumask_clear_cpu(cpu, prof_cpu_mask) is called when that
        CPU becomes offline
      
      . This test could be false during transition between online and offline.
      
      But according to include/linux/cpuhotplug.h , CPUHP_PROFILE_PREPARE
      belongs to PREPARE section, which means that the CPU subjected to
      profile_dead_cpu() cannot be inside profile_tick() (i.e. no risk of
      use-after-free bug) because interrupt for that CPU is disabled during
      PREPARE section. Therefore, this test is guaranteed to be true, and
      can be removed. (Since profile_hits() checks prof_buffer != NULL, we
      don't need to check prof_buffer != NULL here unless get_irq_regs() or
      user_mode() is such slow that we want to avoid when prof_buffer == NULL).
      
      do_profile_hits() is called from profile_tick() from timer interrupt
      only if cpumask_test_cpu(smp_processor_id(), prof_cpu_mask) is true and
      prof_buffer is not NULL. But syzbot is also reporting that sometimes
      do_profile_hits() is called while current thread is still doing vzalloc(),
      where prof_buffer must be NULL at this moment. This indicates that multiple
      threads concurrently tried to write to /sys/kernel/profiling interface,
      which caused that somebody else try to re-allocate prof_buffer despite
      somebody has already allocated prof_buffer. Fix this by using
      serialization.
      Reported-by: default avatarsyzbot <syzbot+b1a83ab2a9eb9321fbdd@syzkaller.appspotmail.com>
      Closes: https://syzkaller.appspot.com/bug?extid=b1a83ab2a9eb9321fbddSigned-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Tested-by: default avatarsyzbot <syzbot+b1a83ab2a9eb9321fbdd@syzkaller.appspotmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7c51f7bb
    • Tetsuo Handa's avatar
      Input: MT - limit max slots · 99d3bf5f
      Tetsuo Handa authored
      syzbot is reporting too large allocation at input_mt_init_slots(), for
      num_slots is supplied from userspace using ioctl(UI_DEV_CREATE).
      
      Since nobody knows possible max slots, this patch chose 1024.
      Reported-by: default avatarsyzbot <syzbot+0122fa359a69694395d5@syzkaller.appspotmail.com>
      Closes: https://syzkaller.appspot.com/bug?extid=0122fa359a69694395d5Suggested-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      99d3bf5f
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rmk/linux · 3894840a
      Linus Torvalds authored
      Pull ARM updates from Russell King:
      
       - ftrace: don't assume stack frames are contiguous in memory
      
       - remove unused mod_inwind_map structure
      
       - spelling fixes
      
       - allow use of LD dead code/data elimination
      
       - fix callchain_trace() return value
      
       - add support for stackleak gcc plugin
      
       - correct some reset asm function prototypes for CFI
      
      [ Missed the merge window because Russell forgot to push out ]
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rmk/linux:
        ARM: 9408/1: mm: CFI: Fix some erroneous reset prototypes
        ARM: 9407/1: Add support for STACKLEAK gcc plugin
        ARM: 9406/1: Fix callchain_trace() return value
        ARM: 9404/1: arm32: enable HAVE_LD_DEAD_CODE_DATA_ELIMINATION
        ARM: 9403/1: Alpine: Spelling s/initialiing/initializing/
        ARM: 9402/1: Kconfig: Spelling s/Cortex A-/Cortex-A/
        ARM: 9400/1: Remove unused struct 'mod_unwind_map'
      3894840a
    • Filipe Manana's avatar
      btrfs: fix corruption after buffer fault in during direct IO append write · 939b656b
      Filipe Manana authored
      During an append (O_APPEND write flag) direct IO write if the input buffer
      was not previously faulted in, we can corrupt the file in a way that the
      final size is unexpected and it includes an unexpected hole.
      
      The problem happens like this:
      
      1) We have an empty file, with size 0, for example;
      
      2) We do an O_APPEND direct IO with a length of 4096 bytes and the input
         buffer is not currently faulted in;
      
      3) We enter btrfs_direct_write(), lock the inode and call
         generic_write_checks(), which calls generic_write_checks_count(), and
         that function sets the iocb position to 0 with the following code:
      
      	if (iocb->ki_flags & IOCB_APPEND)
      		iocb->ki_pos = i_size_read(inode);
      
      4) We call btrfs_dio_write() and enter into iomap, which will end up
         calling btrfs_dio_iomap_begin() and that calls
         btrfs_get_blocks_direct_write(), where we update the i_size of the
         inode to 4096 bytes;
      
      5) After btrfs_dio_iomap_begin() returns, iomap will attempt to access
         the page of the write input buffer (at iomap_dio_bio_iter(), with a
         call to bio_iov_iter_get_pages()) and fail with -EFAULT, which gets
         returned to btrfs at btrfs_direct_write() via btrfs_dio_write();
      
      6) At btrfs_direct_write() we get the -EFAULT error, unlock the inode,
         fault in the write buffer and then goto to the label 'relock';
      
      7) We lock again the inode, do all the necessary checks again and call
         again generic_write_checks(), which calls generic_write_checks_count()
         again, and there we set the iocb's position to 4K, which is the current
         i_size of the inode, with the following code pointed above:
      
              if (iocb->ki_flags & IOCB_APPEND)
                      iocb->ki_pos = i_size_read(inode);
      
      8) Then we go again to btrfs_dio_write() and enter iomap and the write
         succeeds, but it wrote to the file range [4K, 8K), leaving a hole in
         the [0, 4K) range and an i_size of 8K, which goes against the
         expectations of having the data written to the range [0, 4K) and get an
         i_size of 4K.
      
      Fix this by not unlocking the inode before faulting in the input buffer,
      in case we get -EFAULT or an incomplete write, and not jumping to the
      'relock' label after faulting in the buffer - instead jump to a location
      immediately before calling iomap, skipping all the write checks and
      relocking. This solves this problem and it's fine even in case the input
      buffer is memory mapped to the same file range, since only holding the
      range locked in the inode's io tree can cause a deadlock, it's safe to
      keep the inode lock (VFS lock), as was fixed and described in commit
      51bd9563 ("btrfs: fix deadlock due to page faults during direct IO
      reads and writes").
      
      A sample reproducer provided by a reporter is the following:
      
         $ cat test.c
         #ifndef _GNU_SOURCE
         #define _GNU_SOURCE
         #endif
      
         #include <fcntl.h>
         #include <stdio.h>
         #include <sys/mman.h>
         #include <sys/stat.h>
         #include <unistd.h>
      
         int main(int argc, char *argv[])
         {
             if (argc < 2) {
                 fprintf(stderr, "Usage: %s <test file>\n", argv[0]);
                 return 1;
             }
      
             int fd = open(argv[1], O_WRONLY | O_CREAT | O_TRUNC | O_DIRECT |
                           O_APPEND, 0644);
             if (fd < 0) {
                 perror("creating test file");
                 return 1;
             }
      
             char *buf = mmap(NULL, 4096, PROT_READ,
                              MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
             ssize_t ret = write(fd, buf, 4096);
             if (ret < 0) {
                 perror("pwritev2");
                 return 1;
             }
      
             struct stat stbuf;
             ret = fstat(fd, &stbuf);
             if (ret < 0) {
                 perror("stat");
                 return 1;
             }
      
             printf("size: %llu\n", (unsigned long long)stbuf.st_size);
             return stbuf.st_size == 4096 ? 0 : 1;
         }
      
      A test case for fstests will be sent soon.
      Reported-by: default avatarHanna Czenczek <hreitz@redhat.com>
      Link: https://lore.kernel.org/linux-btrfs/0b841d46-12fe-4e64-9abb-871d8d0de271@redhat.com/
      Fixes: 8184620a ("btrfs: fix lost file sync on direct IO write with nowait and dsync iocb")
      CC: stable@vger.kernel.org # 6.1+
      Tested-by: default avatarHanna Czenczek <hreitz@redhat.com>
      Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      939b656b
    • Naohiro Aota's avatar
      btrfs: zoned: fix zone_unusable accounting on making block group read-write again · 8cd44dd1
      Naohiro Aota authored
      When btrfs makes a block group read-only, it adds all free regions in the
      block group to space_info->bytes_readonly. That free space excludes
      reserved and pinned regions. OTOH, when btrfs makes the block group
      read-write again, it moves all the unused regions into the block group's
      zone_unusable. That unused region includes reserved and pinned regions.
      As a result, it counts too much zone_unusable bytes.
      
      Fortunately (or unfortunately), having erroneous zone_unusable does not
      affect the calculation of space_info->bytes_readonly, because free
      space (num_bytes in btrfs_dec_block_group_ro) calculation is done based on
      the erroneous zone_unusable and it reduces the num_bytes just to cancel the
      error.
      
      This behavior can be easily discovered by adding a WARN_ON to check e.g,
      "bg->pinned > 0" in btrfs_dec_block_group_ro(), and running fstests test
      case like btrfs/282.
      
      Fix it by properly considering pinned and reserved in
      btrfs_dec_block_group_ro(). Also, add a WARN_ON and introduce
      btrfs_space_info_update_bytes_zone_unusable() to catch a similar mistake.
      
      Fixes: 169e0da9 ("btrfs: zoned: track unusable bytes for zones")
      CC: stable@vger.kernel.org # 5.15+
      Signed-off-by: default avatarNaohiro Aota <naohiro.aota@wdc.com>
      Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarJohannes Thumshirn <johannes.thumshirn@wdc.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      8cd44dd1
    • Naohiro Aota's avatar
      btrfs: do not subtract delalloc from avail bytes · d89c285d
      Naohiro Aota authored
      The block group's avail bytes printed when dumping a space info subtract
      the delalloc_bytes. However, as shown in btrfs_add_reserved_bytes() and
      btrfs_free_reserved_bytes(), it is added or subtracted along with
      "reserved" for the delalloc case, which means the "delalloc_bytes" is a
      part of the "reserved" bytes. So, excluding it to calculate the avail space
      counts delalloc_bytes twice, which can lead to an invalid result.
      
      Fixes: e50b122b ("btrfs: print available space for a block group when dumping a space info")
      CC: stable@vger.kernel.org # 6.6+
      Signed-off-by: default avatarNaohiro Aota <naohiro.aota@wdc.com>
      Reviewed-by: default avatarBoris Burkov <boris@bur.io>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      d89c285d
    • Boris Burkov's avatar
      btrfs: make cow_file_range_inline() honor locked_page on error · 47857437
      Boris Burkov authored
      The btrfs buffered write path runs through __extent_writepage() which
      has some tricky return value handling for writepage_delalloc().
      Specifically, when that returns 1, we exit, but for other return values
      we continue and end up calling btrfs_folio_end_all_writers(). If the
      folio has been unlocked (note that we check the PageLocked bit at the
      start of __extent_writepage()), this results in an assert panic like
      this one from syzbot:
      
        BTRFS: error (device loop0 state EAL) in free_log_tree:3267: errno=-5 IO failure
        BTRFS warning (device loop0 state EAL): Skipping commit of aborted transaction.
        BTRFS: error (device loop0 state EAL) in cleanup_transaction:2018: errno=-5 IO failure
        assertion failed: folio_test_locked(folio), in fs/btrfs/subpage.c:871
        ------------[ cut here ]------------
        kernel BUG at fs/btrfs/subpage.c:871!
        Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
        CPU: 1 PID: 5090 Comm: syz-executor225 Not tainted
        6.10.0-syzkaller-05505-gb1bc554e #0
        Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
        Google 06/27/2024
        RIP: 0010:btrfs_folio_end_all_writers+0x55b/0x610 fs/btrfs/subpage.c:871
        Code: e9 d3 fb ff ff e8 25 22 c2 fd 48 c7 c7 c0 3c 0e 8c 48 c7 c6 80 3d
        0e 8c 48 c7 c2 60 3c 0e 8c b9 67 03 00 00 e8 66 47 ad 07 90 <0f> 0b e8
        6e 45 b0 07 4c 89 ff be 08 00 00 00 e8 21 12 25 fe 4c 89
        RSP: 0018:ffffc900033d72e0 EFLAGS: 00010246
        RAX: 0000000000000045 RBX: 00fff0000000402c RCX: 663b7a08c50a0a00
        RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
        RBP: ffffc900033d73b0 R08: ffffffff8176b98c R09: 1ffff9200067adfc
        R10: dffffc0000000000 R11: fffff5200067adfd R12: 0000000000000001
        R13: dffffc0000000000 R14: 0000000000000000 R15: ffffea0001cbee80
        FS:  0000000000000000(0000) GS:ffff8880b9500000(0000)
        knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: 00007f5f076012f8 CR3: 000000000e134000 CR4: 00000000003506f0
        DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
        DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
        Call Trace:
        <TASK>
        __extent_writepage fs/btrfs/extent_io.c:1597 [inline]
        extent_write_cache_pages fs/btrfs/extent_io.c:2251 [inline]
        btrfs_writepages+0x14d7/0x2760 fs/btrfs/extent_io.c:2373
        do_writepages+0x359/0x870 mm/page-writeback.c:2656
        filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397
        __filemap_fdatawrite_range mm/filemap.c:430 [inline]
        __filemap_fdatawrite mm/filemap.c:436 [inline]
        filemap_flush+0xdf/0x130 mm/filemap.c:463
        btrfs_release_file+0x117/0x130 fs/btrfs/file.c:1547
        __fput+0x24a/0x8a0 fs/file_table.c:422
        task_work_run+0x24f/0x310 kernel/task_work.c:222
        exit_task_work include/linux/task_work.h:40 [inline]
        do_exit+0xa2f/0x27f0 kernel/exit.c:877
        do_group_exit+0x207/0x2c0 kernel/exit.c:1026
        __do_sys_exit_group kernel/exit.c:1037 [inline]
        __se_sys_exit_group kernel/exit.c:1035 [inline]
        __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1035
        x64_sys_call+0x2634/0x2640
        arch/x86/include/generated/asm/syscalls_64.h:232
        do_syscall_x64 arch/x86/entry/common.c:52 [inline]
        do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
        entry_SYSCALL_64_after_hwframe+0x77/0x7f
        RIP: 0033:0x7f5f075b70c9
        Code: Unable to access opcode bytes at
        0x7f5f075b709f.
      
      I was hitting the same issue by doing hundreds of accelerated runs of
      generic/475, which also hits IO errors by design.
      
      I instrumented that reproducer with bpftrace and found that the
      undesirable folio_unlock was coming from the following callstack:
      
        folio_unlock+5
        __process_pages_contig+475
        cow_file_range_inline.constprop.0+230
        cow_file_range+803
        btrfs_run_delalloc_range+566
        writepage_delalloc+332
        __extent_writepage # inlined in my stacktrace, but I added it here
        extent_write_cache_pages+622
      
      Looking at the bisected-to patch in the syzbot report, Josef realized
      that the logic of the cow_file_range_inline error path subtly changing.
      In the past, on error, it jumped to out_unlock in cow_file_range(),
      which honors the locked_page, so when we ultimately call
      folio_end_all_writers(), the folio of interest is still locked. After
      the change, we always unlocked ignoring the locked_page, on both success
      and error. On the success path, this all results in returning 1 to
      __extent_writepage(), which skips the folio_end_all_writers() call,
      which makes it OK to have unlocked.
      
      Fix the bug by wiring the locked_page into cow_file_range_inline() and
      only setting locked_page to NULL on success.
      
      Reported-by: syzbot+a14d8ac9af3a2a4fd0c8@syzkaller.appspotmail.com
      Fixes: 0586d0a8 ("btrfs: move extent bit and page cleanup into cow_file_range_inline")
      CC: stable@vger.kernel.org # 6.10+
      Reviewed-by: default avatarQu Wenruo <wqu@suse.com>
      Signed-off-by: default avatarBoris Burkov <boris@bur.io>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      47857437
    • Linus Torvalds's avatar
      minmax: simplify min()/max()/clamp() implementation · dc1c8034
      Linus Torvalds authored
      Now that we no longer have any C constant expression contexts (ie array
      size declarations or static initializers) that use min() or max(), we
      can simpify the implementation by not having to worry about the result
      staying as a C constant expression.
      
      So now we can unconditionally just use temporary variables of the right
      type, and get rid of the excessive expansion that used to come from the
      use of
      
         __builtin_choose_expr(__is_constexpr(...), ..
      
      to pick the specialized code for constant expressions.
      
      Another expansion simplification is to pass the temporary variables (in
      addition to the original expression) to our __types_ok() macro.  That
      may superficially look like it complicates the macro, but when we only
      want the type of the expression, expanding the temporary variable names
      is much simpler and smaller than expanding the potentially complicated
      original expression.
      
      As a result, on my machine, doing a
      
        $ time make drivers/staging/media/atomisp/pci/isp/kernels/ynr/ynr_1.0/ia_css_ynr.host.i
      
      goes from
      
      	real	0m16.621s
      	user	0m15.360s
      	sys	0m1.221s
      
      to
      
      	real	0m2.532s
      	user	0m2.091s
      	sys	0m0.452s
      
      because the token expansion goes down dramatically.
      
      In particular, the longest line expansion (which was line 71 of that
      'ia_css_ynr.host.c' file) shrinks from 23,338kB (yes, 23MB for one
      single line) to "just" 1,444kB (now "only" 1.4MB).
      
      And yes, that line is still the line from hell, because it's doing
      multiple levels of "min()/max()" expansion thanks to some of them being
      hidden inside the uDIGIT_FITTING() macro.
      
      Lorenzo has a nice cleanup patch that makes that driver use inline
      functions instead of macros for sDIGIT_FITTING() and uDIGIT_FITTING(),
      which will fix that line once and for all, but the 16-fold reduction in
      this case does show why we need to simplify these helpers.
      
      Cc: David Laight <David.Laight@aculab.com>
      Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      dc1c8034
    • Linus Torvalds's avatar
      minmax: don't use max() in situations that want a C constant expression · cb04e8b1
      Linus Torvalds authored
      We only had a couple of array[] declarations, and changing them to just
      use 'MAX()' instead of 'max()' fixes the issue.
      
      This will allow us to simplify our min/max macros enormously, since they
      can now unconditionally use temporary variables to avoid using the
      argument values multiple times.
      
      Cc: David Laight <David.Laight@aculab.com>
      Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cb04e8b1
    • Linus Torvalds's avatar
      minmax: scsi: fix mis-use of 'clamp()' in sr.c · 9f499b8c
      Linus Torvalds authored
      While working on simplifying the minmax functions, and avoiding
      excessive macro expansion, it turns out that the sr.c use of the
      'clamp()' macro has the arguments the wrong way around.
      
      The clamp logic is
      
      	val = clamp(in, low, high);
      
      and it returns the input clamped to the low/high limits. But sr.c ddid
      
      	speed = clamp(0, speed, 0xffff / 177);
      
      which clamps the value '0' to the range '[speed, 0xffff / 177]' and ends
      up being nonsensical.
      
      Happily, I don't think anybody ever cared.
      
      Fixes: 9fad9d56 ("scsi: sr: Fix unintentional arithmetic wraparound")
      Cc: Justin Stitt <justinstitt@google.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Martin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9f499b8c
  4. 28 Jul, 2024 13 commits
    • Linus Torvalds's avatar
      minmax: make generic MIN() and MAX() macros available everywhere · 1a251f52
      Linus Torvalds authored
      This just standardizes the use of MIN() and MAX() macros, with the very
      traditional semantics.  The goal is to use these for C constant
      expressions and for top-level / static initializers, and so be able to
      simplify the min()/max() macros.
      
      These macro names were used by various kernel code - they are very
      traditional, after all - and all such users have been fixed up, with a
      few different approaches:
      
       - trivial duplicated macro definitions have been removed
      
         Note that 'trivial' here means that it's obviously kernel code that
         already included all the major kernel headers, and thus gets the new
         generic MIN/MAX macros automatically.
      
       - non-trivial duplicated macro definitions are guarded with #ifndef
      
         This is the "yes, they define their own versions, but no, the include
         situation is not entirely obvious, and maybe they don't get the
         generic version automatically" case.
      
       - strange use case #1
      
         A couple of drivers decided that the way they want to describe their
         versioning is with
      
      	#define MAJ 1
      	#define MIN 2
      	#define DRV_VERSION __stringify(MAJ) "." __stringify(MIN)
      
         which adds zero value and I just did my Alexander the Great
         impersonation, and rewrote that pointless Gordian knot as
      
      	#define DRV_VERSION "1.2"
      
         instead.
      
       - strange use case #2
      
         A couple of drivers thought that it's a good idea to have a random
         'MIN' or 'MAX' define for a value or index into a table, rather than
         the traditional macro that takes arguments.
      
         These values were re-written as C enum's instead. The new
         function-line macros only expand when followed by an open
         parenthesis, and thus don't clash with enum use.
      
      Happily, there weren't really all that many of these cases, and a lot of
      users already had the pattern of using '#ifndef' guarding (or in one
      case just using '#undef MIN') before defining their own private version
      that does the same thing. I left such cases alone.
      
      Cc: David Laight <David.Laight@aculab.com>
      Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1a251f52
    • Linus Torvalds's avatar
      Linux 6.11-rc1 · 8400291e
      Linus Torvalds authored
      8400291e
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v6.11' of... · a0c04bd5
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - Fix RPM package build error caused by an incorrect locale setup
      
       - Mark modules.weakdep as ghost in RPM package
      
       - Fix the odd combination of -S and -c in stack protector scripts,
         which is an error with the latest Clang
      
      * tag 'kbuild-fixes-v6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kbuild: Fix '-S -c' in x86 stack protector scripts
        kbuild: rpm-pkg: ghost modules.weakdep file
        kbuild: rpm-pkg: Fix C locale setup
      a0c04bd5
    • Linus Torvalds's avatar
      minmax: simplify and clarify min_t()/max_t() implementation · 017fa3e8
      Linus Torvalds authored
      This simplifies the min_t() and max_t() macros by no longer making them
      work in the context of a C constant expression.
      
      That means that you can no longer use them for static initializers or
      for array sizes in type definitions, but there were only a couple of
      such uses, and all of them were converted (famous last words) to use
      MIN_T/MAX_T instead.
      
      Cc: David Laight <David.Laight@aculab.com>
      Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      017fa3e8
    • Linus Torvalds's avatar
      minmax: add a few more MIN_T/MAX_T users · 4477b39c
      Linus Torvalds authored
      Commit 3a7e02c0 ("minmax: avoid overly complicated constant
      expressions in VM code") added the simpler MIN_T/MAX_T macros in order
      to avoid some excessive expansion from the rather complicated regular
      min/max macros.
      
      The complexity of those macros stems from two issues:
      
       (a) trying to use them in situations that require a C constant
           expression (in static initializers and for array sizes)
      
       (b) the type sanity checking
      
      and MIN_T/MAX_T avoids both of these issues.
      
      Now, in the whole (long) discussion about all this, it was pointed out
      that the whole type sanity checking is entirely unnecessary for
      min_t/max_t which get a fixed type that the comparison is done in.
      
      But that still leaves min_t/max_t unnecessarily complicated due to
      worries about the C constant expression case.
      
      However, it turns out that there really aren't very many cases that use
      min_t/max_t for this, and we can just force-convert those.
      
      This does exactly that.
      
      Which in turn will then allow for much simpler implementations of
      min_t()/max_t().  All the usual "macros in all upper case will evaluate
      the arguments multiple times" rules apply.
      
      We should do all the same things for the regular min/max() vs MIN/MAX()
      cases, but that has the added complexity of various drivers defining
      their own local versions of MIN/MAX, so that needs another level of
      fixes first.
      
      Link: https://lore.kernel.org/all/b47fad1d0cf8449886ad148f8c013dae@AcuMS.aculab.com/
      Cc: David Laight <David.Laight@aculab.com>
      Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4477b39c
    • Linus Torvalds's avatar
      Merge tag 'ubifs-for-linus-6.11-rc1-take2' of... · 7e2d0ba7
      Linus Torvalds authored
      Merge tag 'ubifs-for-linus-6.11-rc1-take2' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs
      
      Pull UBI and UBIFS updates from Richard Weinberger:
      
       - Many fixes for power-cut issues by Zhihao Cheng
      
       - Another ubiblock error path fix
      
       - ubiblock section mismatch fix
      
       - Misc fixes all over the place
      
      * tag 'ubifs-for-linus-6.11-rc1-take2' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
        ubi: Fix ubi_init() ubiblock_exit() section mismatch
        ubifs: add check for crypto_shash_tfm_digest
        ubifs: Fix inconsistent inode size when powercut happens during appendant writing
        ubi: block: fix null-pointer-dereference in ubiblock_create()
        ubifs: fix kernel-doc warnings
        ubifs: correct UBIFS_DFS_DIR_LEN macro definition and improve code clarity
        mtd: ubi: Restore missing cleanup on ubi_init() failure path
        ubifs: dbg_orphan_check: Fix missed key type checking
        ubifs: Fix unattached inode when powercut happens in creating
        ubifs: Fix space leak when powercut happens in linking tmpfile
        ubifs: Move ui->data initialization after initializing security
        ubifs: Fix adding orphan entry twice for the same inode
        ubifs: Remove insert_dead_orphan from replaying orphan process
        Revert "ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path"
        ubifs: Don't add xattr inode into orphan area
        ubifs: Fix unattached xattr inode if powercut happens after deleting
        mtd: ubi: avoid expensive do_div() on 32-bit machines
        mtd: ubi: make ubi_class constant
        ubi: eba: properly rollback inside self_check_eba
      7e2d0ba7
    • Nathan Chancellor's avatar
      kbuild: Fix '-S -c' in x86 stack protector scripts · 3415b10a
      Nathan Chancellor authored
      After a recent change in clang to stop consuming all instances of '-S'
      and '-c' [1], the stack protector scripts break due to the kernel's use
      of -Werror=unused-command-line-argument to catch cases where flags are
      not being properly consumed by the compiler driver:
      
        $ echo | clang -o - -x c - -S -c -Werror=unused-command-line-argument
        clang: error: argument unused during compilation: '-c' [-Werror,-Wunused-command-line-argument]
      
      This results in CONFIG_STACKPROTECTOR getting disabled because
      CONFIG_CC_HAS_SANE_STACKPROTECTOR is no longer set.
      
      '-c' and '-S' both instruct the compiler to stop at different stages of
      the pipeline ('-S' after compiling, '-c' after assembling), so having
      them present together in the same command makes little sense. In this
      case, the test wants to stop before assembling because it is looking at
      the textual assembly output of the compiler for either '%fs' or '%gs',
      so remove '-c' from the list of arguments to resolve the error.
      
      All versions of GCC continue to work after this change, along with
      versions of clang that do or do not contain the change mentioned above.
      
      Cc: stable@vger.kernel.org
      Fixes: 4f7fd4d7 ("[PATCH] Add the -fstack-protector option to the CFLAGS")
      Fixes: 60a5317f ("x86: implement x86_32 stack protector")
      Link: https://github.com/llvm/llvm-project/commit/6461e537815f7fa68cef06842505353cf5600e9c [1]
      Signed-off-by: default avatarNathan Chancellor <nathan@kernel.org>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      3415b10a
    • Richard Weinberger's avatar
      ubi: Fix ubi_init() ubiblock_exit() section mismatch · 92a286e9
      Richard Weinberger authored
      Since ubiblock_exit() is now called from an init function,
      the __exit section no longer makes sense.
      
      Cc: Ben Hutchings <bwh@kernel.org>
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Closes: https://lore.kernel.org/oe-kbuild-all/202407131403.wZJpd8n2-lkp@intel.com/Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      Reviewed-by: default avatarZhihao Cheng <chengzhihao1@huawei.com>
      92a286e9
    • Linus Torvalds's avatar
      Merge tag 'v6.11-merge' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux · e172f1e9
      Linus Torvalds authored
      Pull turbostat updates from Len Brown:
      
       - Enable turbostat extensions to add both perf and PMT (Intel
         Platform Monitoring Technology) counters via the cmdline
      
       - Demonstrate PMT access with built-in support for Meteor Lake's
         Die C6 counter
      
      * tag 'v6.11-merge' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux:
        tools/power turbostat: version 2024.07.26
        tools/power turbostat: Include umask=%x in perf counter's config
        tools/power turbostat: Document PMT in turbostat.8
        tools/power turbostat: Add MTL's PMT DC6 builtin counter
        tools/power turbostat: Add early support for PMT counters
        tools/power turbostat: Add selftests for added perf counters
        tools/power turbostat: Add selftests for SMI, APERF and MPERF counters
        tools/power turbostat: Move verbose counter messages to level 2
        tools/power turbostat: Move debug prints from stdout to stderr
        tools/power turbostat: Fix typo in turbostat.8
        tools/power turbostat: Add perf added counter example to turbostat.8
        tools/power turbostat: Fix formatting in turbostat.8
        tools/power turbostat: Extend --add option with perf counters
        tools/power turbostat: Group SMI counter with APERF and MPERF
        tools/power turbostat: Add ZERO_ARRAY for zero initializing builtin array
        tools/power turbostat: Replace enum rapl_source and cstate_source with counter_source
        tools/power turbostat: Remove anonymous union from rapl_counter_info_t
        tools/power/turbostat: Switch to new Intel CPU model defines
      e172f1e9
    • Linus Torvalds's avatar
      Merge tag 'cxl-for-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl · e62f81bb
      Linus Torvalds authored
      Pull CXL updates from Dave Jiang:
       "Core:
      
         - A CXL maturity map has been added to the documentation to detail
           the current state of CXL enabling.
      
           It provides the status of the current state of various CXL features
           to inform current and future contributors of where things are and
           which areas need contribution.
      
         - A notifier handler has been added in order for a newly created CXL
           memory region to trigger the abstract distance metrics calculation.
      
           This should bring parity for CXL memory to the same level vs
           hotplugged DRAM for NUMA abstract distance calculation. The
           abstract distance reflects relative performance used for memory
           tiering handling.
      
         - An addition for XOR math has been added to address the CXL DPA to
           SPA translation.
      
           CXL address translation did not support address interleave math
           with XOR prior to this change.
      
        Fixes:
      
         - Fix to address race condition in the CXL memory hotplug notifier
      
         - Add missing MODULE_DESCRIPTION() for CXL modules
      
         - Fix incorrect vendor debug UUID define
      
        Misc:
      
         - A warning has been added to inform users of an unsupported
           configuration when mixing CXL VH and RCH/RCD hierarchies
      
         - The ENXIO error code has been replaced with EBUSY for inject poison
           limit reached via debugfs and cxl-test support
      
         - Moving the PCI config read in cxl_dvsec_rr_decode() to avoid
           unnecessary PCI config reads
      
         - A refactor to a common struct for DRAM and general media CXL
           events"
      
      * tag 'cxl-for-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
        cxl/core/pci: Move reading of control register to immediately before usage
        cxl: Remove defunct code calculating host bridge target positions
        cxl/region: Verify target positions using the ordered target list
        cxl: Restore XOR'd position bits during address translation
        cxl/core: Fold cxl_trace_hpa() into cxl_dpa_to_hpa()
        cxl/test: Replace ENXIO with EBUSY for inject poison limit reached
        cxl/memdev: Replace ENXIO with EBUSY for inject poison limit reached
        cxl/acpi: Warn on mixed CXL VH and RCH/RCD Hierarchy
        cxl/core: Fix incorrect vendor debug UUID define
        Documentation: CXL Maturity Map
        cxl/region: Simplify cxl_region_nid()
        cxl/region: Support to calculate memory tier abstract distance
        cxl/region: Fix a race condition in memory hotplug notifier
        cxl: add missing MODULE_DESCRIPTION() macros
        cxl/events: Use a common struct for DRAM and General Media events
      e62f81bb
    • Linus Torvalds's avatar
      Merge tag 'unicode-next-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/krisman/unicode · 7b5d4818
      Linus Torvalds authored
      Pull unicode update from Gabriel Krisman Bertazi:
       "Two small fixes to silence the compiler and static analyzers tools
        from Ben Dooks and Jeff Johnson"
      
      * tag 'unicode-next-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/krisman/unicode:
        unicode: add MODULE_DESCRIPTION() macros
        unicode: make utf8 test count static
      7b5d4818
    • Jose Ignacio Tornos Martinez's avatar
      kbuild: rpm-pkg: ghost modules.weakdep file · d01c1407
      Jose Ignacio Tornos Martinez authored
      In the same way as for other similar files, mark as ghost the new file
      generated by depmod for configured weak dependencies for modules,
      modules.weakdep, so that although it is not included in the package,
      claim the ownership on it.
      Signed-off-by: default avatarJose Ignacio Tornos Martinez <jtornosm@redhat.com>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      d01c1407
    • Linus Torvalds's avatar
      Merge tag '6.11-rc-smb-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6 · 5437f30d
      Linus Torvalds authored
      Pull more smb client updates from Steve French:
      
       - fix for potential null pointer use in init cifs
      
       - additional dynamic trace points to improve debugging of some common
         scenarios
      
       - two SMB1 fixes (one addressing reconnect with POSIX extensions, one a
         mount parsing error)
      
      * tag '6.11-rc-smb-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: add dynamic trace point for session setup key expired failures
        smb3: add four dynamic tracepoints for copy_file_range and reflink
        smb3: add dynamic tracepoint for reflink errors
        cifs: mount with "unix" mount option for SMB1 incorrectly handled
        cifs: fix reconnect with SMB1 UNIX Extensions
        cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path
      5437f30d
  5. 27 Jul, 2024 6 commits
    • Linus Torvalds's avatar
      Merge tag 'block-6.11-20240726' of git://git.kernel.dk/linux · 6342649c
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - NVMe pull request via Keith:
           - Fix request without payloads cleanup  (Leon)
           - Use new protection information format (Francis)
           - Improved debug message for lost pci link (Bart)
           - Another apst quirk (Wang)
           - Use appropriate sysfs api for printing chars (Markus)
      
       - ublk async device deletion fix (Ming)
      
       - drbd kerneldoc fixups (Simon)
      
       - Fix deadlock between sd removal and release (Yang)
      
      * tag 'block-6.11-20240726' of git://git.kernel.dk/linux:
        nvme-pci: add missing condition check for existence of mapped data
        ublk: fix UBLK_CMD_DEL_DEV_ASYNC handling
        block: fix deadlock between sd_remove & sd_release
        drbd: Add peer_device to Kernel doc
        nvme-core: choose PIF from QPIF if QPIFS supports and PIF is QTYPE
        nvme-pci: Fix the instructions for disabling power management
        nvme: remove redundant bdev local variable
        nvme-fabrics: Use seq_putc() in __nvmf_concat_opt_tokens()
        nvme/pci: Add APST quirk for Lenovo N60z laptop
      6342649c
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.11-20240726' of git://git.kernel.dk/linux · 8c930747
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
      
       - Fix a syzbot issue for the msg ring cache added in this release. No
         ill effects from this one, but it did make KMSAN unhappy (me)
      
       - Sanitize the NAPI timeout handling, by unifying the value handling
         into all ktime_t rather than converting back and forth (Pavel)
      
       - Fail NAPI registration for IOPOLL rings, it's not supported (Pavel)
      
       - Fix a theoretical issue with ring polling and cancelations (Pavel)
      
       - Various little cleanups and fixes (Pavel)
      
      * tag 'io_uring-6.11-20240726' of git://git.kernel.dk/linux:
        io_uring/napi: pass ktime to io_napi_adjust_timeout
        io_uring/napi: use ktime in busy polling
        io_uring/msg_ring: fix uninitialized use of target_req->flags
        io_uring: align iowq and task request error handling
        io_uring: kill REQ_F_CANCEL_SEQ
        io_uring: simplify io_uring_cmd return
        io_uring: fix io_match_task must_hold
        io_uring: don't allow netpolling with SETUP_IOPOLL
        io_uring: tighten task exit cancellations
      8c930747
    • Linus Torvalds's avatar
      Merge tag 'vfs-6.11-rc1.fixes.3' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs · bc4eee85
      Linus Torvalds authored
      Pull vfs fixes from Christian Brauner:
       "This contains two fixes for this merge window:
      
        VFS:
      
         - I noticed that it is possible for a privileged user to mount most
           filesystems with a non-initial user namespace in sb->s_user_ns.
      
           When fsopen() is called in a non-init namespace the caller's
           namespace is recorded in fs_context->user_ns. If the returned file
           descriptor is then passed to a process privileged in init_user_ns,
           that process can call fsconfig(fd_fs, FSCONFIG_CMD_CREATE*),
           creating a new superblock with sb->s_user_ns set to the namespace
           of the process which called fsopen().
      
           This is problematic as only filesystems that raise FS_USERNS_MOUNT
           are known to be able to support a non-initial s_user_ns. Others may
           suffer security issues, on-disk corruption or outright crash the
           kernel. Prevent that by restricting such delegation to filesystems
           that allow FS_USERNS_MOUNT.
      
           Note, that this delegation requires a privileged process to
           actually create the superblock so either the privileged process is
           cooperaing or someone must have tricked a privileged process into
           operating on a fscontext file descriptor whose origin it doesn't
           know (a stupid idea).
      
           The bug dates back to about 5 years afaict.
      
        Misc:
      
         - Fix hostfs parsing when the mount request comes in via the legacy
           mount api.
      
           In the legacy mount api hostfs allows to specify the host directory
           mount without any key.
      
           Restore that behavior"
      
      * tag 'vfs-6.11-rc1.fixes.3' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
        hostfs: fix the host directory parse when mounting.
        fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
      bc4eee85
    • Linus Torvalds's avatar
      Merge tag 'rust-6.11' of https://github.com/Rust-for-Linux/linux · 910bfc26
      Linus Torvalds authored
      Pull Rust updates from Miguel Ojeda:
       "The highlight is the establishment of a minimum version for the Rust
        toolchain, including 'rustc' (and bundled tools) and 'bindgen'.
      
        The initial minimum will be the pinned version we currently have, i.e.
        we are just widening the allowed versions. That covers three stable
        Rust releases: 1.78.0, 1.79.0, 1.80.0 (getting released tomorrow),
        plus beta, plus nightly.
      
        This should already be enough for kernel developers in distributions
        that provide recent Rust compiler versions routinely, such as Arch
        Linux, Debian Unstable (outside the freeze period), Fedora Linux,
        Gentoo Linux (especially the testing channel), Nix (unstable) and
        openSUSE Slowroll and Tumbleweed.
      
        In addition, the kernel is now being built-tested by Rust's pre-merge
        CI. That is, every change that is attempting to land into the Rust
        compiler is tested against the kernel, and it is merged only if it
        passes. Similarly, the bindgen tool has agreed to build the kernel in
        their CI too.
      
        Thus, with the pre-merge CI in place, both projects hope to avoid
        unintentional changes to Rust that break the kernel. This means that,
        in general, apart from intentional changes on their side (that we will
        need to workaround conditionally on our side), the upcoming Rust
        compiler versions should generally work.
      
        In addition, the Rust project has proposed getting the kernel into
        stable Rust (at least solving the main blockers) as one of its three
        flagship goals for 2024H2 [1].
      
        I would like to thank Niko, Sid, Emilio et al. for their help
        promoting the collaboration between Rust and the kernel.
      
        Toolchain and infrastructure:
      
         - Support several Rust toolchain versions.
      
         - Support several bindgen versions.
      
         - Remove 'cargo' requirement and simplify 'rusttest', thanks to
           'alloc' having been dropped last cycle.
      
         - Provide proper error reporting for the 'rust-analyzer' target.
      
        'kernel' crate:
      
         - Add 'uaccess' module with a safe userspace pointers abstraction.
      
         - Add 'page' module with a 'struct page' abstraction.
      
         - Support more complex generics in workqueue's 'impl_has_work!'
           macro.
      
        'macros' crate:
      
         - Add 'firmware' field support to the 'module!' macro.
      
         - Improve 'module!' macro documentation.
      
        Documentation:
      
         - Provide instructions on what packages should be installed to build
           the kernel in some popular Linux distributions.
      
         - Introduce the new kernel.org LLVM+Rust toolchains.
      
         - Explain '#[no_std]'.
      
        And a few other small bits"
      
      Link: https://rust-lang.github.io/rust-project-goals/2024h2/index.html#flagship-goals [1]
      
      * tag 'rust-6.11' of https://github.com/Rust-for-Linux/linux: (26 commits)
        docs: rust: quick-start: add section on Linux distributions
        rust: warn about `bindgen` versions 0.66.0 and 0.66.1
        rust: start supporting several `bindgen` versions
        rust: work around `bindgen` 0.69.0 issue
        rust: avoid assuming a particular `bindgen` build
        rust: start supporting several compiler versions
        rust: simplify Clippy warning flags set
        rust: relax most deny-level lints to warnings
        rust: allow `dead_code` for never constructed bindings
        rust: init: simplify from `map_err` to `inspect_err`
        rust: macros: indent list item in `paste!`'s docs
        rust: add abstraction for `struct page`
        rust: uaccess: add typed accessors for userspace pointers
        uaccess: always export _copy_[from|to]_user with CONFIG_RUST
        rust: uaccess: add userspace pointers
        kbuild: rust-analyzer: improve comment documentation
        kbuild: rust-analyzer: better error handling
        docs: rust: no_std is used
        rust: alloc: add __GFP_HIGHMEM flag
        rust: alloc: fix typo in docs for GFP_NOWAIT
        ...
      910bfc26
    • Linus Torvalds's avatar
      Merge tag 'apparmor-pr-2024-07-25' of... · ff305644
      Linus Torvalds authored
      Merge tag 'apparmor-pr-2024-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
      
      Pull apparmor updates from John Johansen:
       "Cleanups
         - optimization: try to avoid refing the label in apparmor_file_open
         - remove useless static inline function is_deleted
         - use kvfree_sensitive to free data->data
         - fix typo in kernel doc
      
        Bug fixes:
         - unpack transition table if dfa is not present
         - test: add MODULE_DESCRIPTION()
         - take nosymfollow flag into account
         - fix possible NULL pointer dereference
         - fix null pointer deref when receiving skb during sock creation"
      
      * tag 'apparmor-pr-2024-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
        apparmor: unpack transition table if dfa is not present
        apparmor: try to avoid refing the label in apparmor_file_open
        apparmor: test: add MODULE_DESCRIPTION()
        apparmor: take nosymfollow flag into account
        apparmor: fix possible NULL pointer dereference
        apparmor: fix typo in kernel doc
        apparmor: remove useless static inline function is_deleted
        apparmor: use kvfree_sensitive to free data->data
        apparmor: Fix null pointer deref when receiving skb during sock creation
      ff305644
    • Linus Torvalds's avatar
      Merge tag 'landlock-6.11-rc1-houdini-fix' of... · 86b405ad
      Linus Torvalds authored
      Merge tag 'landlock-6.11-rc1-houdini-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux
      
      Pull landlock fix from Mickaël Salaün:
       "Jann Horn reported a sandbox bypass for Landlock. This includes the
        fix and new tests. This should be backported"
      
      * tag 'landlock-6.11-rc1-houdini-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
        selftests/landlock: Add cred_transfer test
        landlock: Don't lose track of restrictions on cred_transfer
      86b405ad