1. 03 Feb, 2022 3 commits
  2. 02 Feb, 2022 5 commits
    • Song Liu's avatar
      md: fix NULL pointer deref with nowait but no mddev->queue · 0f9650bd
      Song Liu authored
      Leon reported NULL pointer deref with nowait support:
      
      [   15.123761] device-mapper: raid: Loading target version 1.15.1
      [   15.124185] device-mapper: raid: Ignoring chunk size parameter for RAID 1
      [   15.124192] device-mapper: raid: Choosing default region size of 4MiB
      [   15.129524] BUG: kernel NULL pointer dereference, address: 0000000000000060
      [   15.129530] #PF: supervisor write access in kernel mode
      [   15.129533] #PF: error_code(0x0002) - not-present page
      [   15.129535] PGD 0 P4D 0
      [   15.129538] Oops: 0002 [#1] PREEMPT SMP NOPTI
      [   15.129541] CPU: 5 PID: 494 Comm: ldmtool Not tainted 5.17.0-rc2-1-mainline #1 9fe89d43dfcb215d2731e6f8851740520778615e
      [   15.129546] Hardware name: Gigabyte Technology Co., Ltd. X570 AORUS ELITE/X570 AORUS ELITE, BIOS F36e 10/14/2021
      [   15.129549] RIP: 0010:blk_queue_flag_set+0x7/0x20
      [   15.129555] Code: 00 00 00 0f 1f 44 00 00 48 8b 35 e4 e0 04 02 48 8d 57 28 bf 40 01 \
             00 00 e9 16 c1 be ff 66 0f 1f 44 00 00 0f 1f 44 00 00 89 ff <f0> 48 0f ab 7e 60 \
             31 f6 89 f7 c3 66 66 2e 0f 1f 84 00 00 00 00 00
      [   15.129559] RSP: 0018:ffff966b81987a88 EFLAGS: 00010202
      [   15.129562] RAX: ffff8b11c363a0d0 RBX: ffff8b11e294b070 RCX: 0000000000000000
      [   15.129564] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001d
      [   15.129566] RBP: ffff8b11e294b058 R08: 0000000000000000 R09: 0000000000000000
      [   15.129568] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b11e294b070
      [   15.129570] R13: 0000000000000000 R14: ffff8b11e294b000 R15: 0000000000000001
      [   15.129572] FS:  00007fa96e826780(0000) GS:ffff8b18deb40000(0000) knlGS:0000000000000000
      [   15.129575] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   15.129577] CR2: 0000000000000060 CR3: 000000010b8ce000 CR4: 00000000003506e0
      [   15.129580] Call Trace:
      [   15.129582]  <TASK>
      [   15.129584]  md_run+0x67c/0xc70 [md_mod 1e470c1b6bcf1114198109f42682f5a2740e9531]
      [   15.129597]  raid_ctr+0x134a/0x28ea [dm_raid 6a645dd7519e72834bd7e98c23497eeade14cd63]
      [   15.129604]  ? dm_split_args+0x63/0x150 [dm_mod 0d7b0bc3414340a79c4553bae5ca97294b78336e]
      [   15.129615]  dm_table_add_target+0x188/0x380 [dm_mod 0d7b0bc3414340a79c4553bae5ca97294b78336e]
      [   15.129625]  table_load+0x13b/0x370 [dm_mod 0d7b0bc3414340a79c4553bae5ca97294b78336e]
      [   15.129635]  ? dev_suspend+0x2d0/0x2d0 [dm_mod 0d7b0bc3414340a79c4553bae5ca97294b78336e]
      [   15.129644]  ctl_ioctl+0x1bd/0x460 [dm_mod 0d7b0bc3414340a79c4553bae5ca97294b78336e]
      [   15.129655]  dm_ctl_ioctl+0xa/0x20 [dm_mod 0d7b0bc3414340a79c4553bae5ca97294b78336e]
      [   15.129663]  __x64_sys_ioctl+0x8e/0xd0
      [   15.129667]  do_syscall_64+0x5c/0x90
      [   15.129672]  ? syscall_exit_to_user_mode+0x23/0x50
      [   15.129675]  ? do_syscall_64+0x69/0x90
      [   15.129677]  ? do_syscall_64+0x69/0x90
      [   15.129679]  ? syscall_exit_to_user_mode+0x23/0x50
      [   15.129682]  ? do_syscall_64+0x69/0x90
      [   15.129684]  ? do_syscall_64+0x69/0x90
      [   15.129686]  entry_SYSCALL_64_after_hwframe+0x44/0xae
      [   15.129689] RIP: 0033:0x7fa96ecd559b
      [   15.129692] Code: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c \
          c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff \
          ff 73 01 c3 48 8b 0d a5 a8 0c 00 f7 d8 64 89 01 48
      [   15.129696] RSP: 002b:00007ffcaf85c258 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
      [   15.129699] RAX: ffffffffffffffda RBX: 00007fa96f1b48f0 RCX: 00007fa96ecd559b
      [   15.129701] RDX: 00007fa97017e610 RSI: 00000000c138fd09 RDI: 0000000000000003
      [   15.129702] RBP: 00007fa96ebab583 R08: 00007fa97017c9e0 R09: 00007ffcaf85bf27
      [   15.129704] R10: 0000000000000001 R11: 0000000000000206 R12: 00007fa97017e610
      [   15.129706] R13: 00007fa97017e640 R14: 00007fa97017e6c0 R15: 00007fa97017e530
      [   15.129709]  </TASK>
      
      This is caused by missing mddev->queue check for setting QUEUE_FLAG_NOWAIT
      Fix this by moving the QUEUE_FLAG_NOWAIT logic to under mddev->queue check.
      
      Fixes: f51d46d0 ("md: add support for REQ_NOWAIT")
      Reported-by: default avatarLeon Möller <jkhsjdhjs@totally.rip>
      Tested-by: default avatarLeon Möller <jkhsjdhjs@totally.rip>
      Cc: Vishal Verma <vverma@digitalocean.com>
      Signed-off-by: default avatarSong Liu <song@kernel.org>
      0f9650bd
    • Ilya Dryomov's avatar
      block: fix DIO handling regressions in blkdev_read_iter() · 3e1f941d
      Ilya Dryomov authored
      Commit ceaa7625 ("block: move direct_IO into our own read_iter
      handler") introduced several regressions for bdev DIO:
      
      1. read spanning EOF always returns 0 instead of the number of bytes
         read.  This is because "count" is assigned early and isn't updated
         when the iterator is truncated:
      
           $ lsblk -o name,size /dev/vdb
           NAME SIZE
           vdb    1G
           $ xfs_io -d -c 'pread -b 4M 1021M 4M' /dev/vdb
           read 0/4194304 bytes at offset 1070596096
           0.000000 bytes, 0 ops; 0.0007 sec (0.000000 bytes/sec and 0.0000 ops/sec)
      
           instead of
      
           $ xfs_io -d -c 'pread -b 4M 1021M 4M' /dev/vdb
           read 3145728/4194304 bytes at offset 1070596096
           3 MiB, 1 ops; 0.0007 sec (3.865 GiB/sec and 1319.2612 ops/sec)
      
      2. truncated iterator isn't reexpanded
      3. iterator isn't reverted on blkdev_direct_IO() error
      4. zero size read no longer skips atime update
      
      Fixes: ceaa7625 ("block: move direct_IO into our own read_iter handler")
      Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Link: https://lore.kernel.org/r/20220201100420.25875-1-idryomov@gmail.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      3e1f941d
    • Sagi Grimberg's avatar
      nvme-rdma: fix possible use-after-free in transport error_recovery work · b6bb1722
      Sagi Grimberg authored
      While nvme_rdma_submit_async_event_work is checking the ctrl and queue
      state before preparing the AER command and scheduling io_work, in order
      to fully prevent a race where this check is not reliable the error
      recovery work must flush async_event_work before continuing to destroy
      the admin queue after setting the ctrl state to RESETTING such that
      there is no race .submit_async_event and the error recovery handler
      itself changing the ctrl state.
      Signed-off-by: default avatarSagi Grimberg <sagi@grimberg.me>
      b6bb1722
    • Sagi Grimberg's avatar
      nvme-tcp: fix possible use-after-free in transport error_recovery work · ff9fc7eb
      Sagi Grimberg authored
      While nvme_tcp_submit_async_event_work is checking the ctrl and queue
      state before preparing the AER command and scheduling io_work, in order
      to fully prevent a race where this check is not reliable the error
      recovery work must flush async_event_work before continuing to destroy
      the admin queue after setting the ctrl state to RESETTING such that
      there is no race .submit_async_event and the error recovery handler
      itself changing the ctrl state.
      Tested-by: default avatarChris Leech <cleech@redhat.com>
      Signed-off-by: default avatarSagi Grimberg <sagi@grimberg.me>
      ff9fc7eb
    • Sagi Grimberg's avatar
      nvme: fix a possible use-after-free in controller reset during load · 0fa0f99f
      Sagi Grimberg authored
      Unlike .queue_rq, in .submit_async_event drivers may not check the ctrl
      readiness for AER submission. This may lead to a use-after-free
      condition that was observed with nvme-tcp.
      
      The race condition may happen in the following scenario:
      1. driver executes its reset_ctrl_work
      2. -> nvme_stop_ctrl - flushes ctrl async_event_work
      3. ctrl sends AEN which is received by the host, which in turn
         schedules AEN handling
      4. teardown admin queue (which releases the queue socket)
      5. AEN processed, submits another AER, calling the driver to submit
      6. driver attempts to send the cmd
      ==> use-after-free
      
      In order to fix that, add ctrl state check to validate the ctrl
      is actually able to accept the AER submission.
      
      This addresses the above race in controller resets because the driver
      during teardown should:
      1. change ctrl state to RESETTING
      2. flush async_event_work (as well as other async work elements)
      
      So after 1,2, any other AER command will find the
      ctrl state to be RESETTING and bail out without submitting the AER.
      Signed-off-by: default avatarSagi Grimberg <sagi@grimberg.me>
      0fa0f99f
  3. 28 Jan, 2022 3 commits
  4. 27 Jan, 2022 4 commits
  5. 26 Jan, 2022 1 commit
  6. 23 Jan, 2022 11 commits
    • Miaoqian Lin's avatar
      block: fix memory leak in disk_register_independent_access_ranges · 83114df3
      Miaoqian Lin authored
      kobject_init_and_add() takes reference even when it fails.
      According to the doc of kobject_init_and_add()
      
         If this function returns an error, kobject_put() must be called to
         properly clean up the memory associated with the object.
      
      Fix this issue by adding kobject_put().
      Callback function blk_ia_ranges_sysfs_release() in kobject_put()
      can handle the pointer "iars" properly.
      
      Fixes: a2247f19 ("block: Add independent access ranges support")
      Signed-off-by: default avatarMiaoqian Lin <linmq006@gmail.com>
      Reviewed-by: default avatarDamien Le Moal <damien.lemoal@opensource.wdc.com>
      Link: https://lore.kernel.org/r/20220120101025.22411-1-linmq006@gmail.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      83114df3
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · dd81e1c7
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - A series of bpf fixes, including an oops fix and some codegen fixes.
      
       - Fix a regression in syscall_get_arch() for compat processes.
      
       - Fix boot failure on some 32-bit systems with KASAN enabled.
      
       - A couple of other build/minor fixes.
      
      Thanks to Athira Rajeev, Christophe Leroy, Dmitry V. Levin, Jiri Olsa,
      Johan Almbladh, Maxime Bizon, Naveen N. Rao, and Nicholas Piggin.
      
      * tag 'powerpc-5.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/64s: Mask SRR0 before checking against the masked NIP
        powerpc/perf: Only define power_pmu_wants_prompt_pmi() for CONFIG_PPC64
        powerpc/32s: Fix kasan_init_region() for KASAN
        powerpc/time: Fix build failure due to do_hard_irq_enable() on PPC32
        powerpc/audit: Fix syscall_get_arch()
        powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
        tools/bpf: Rename 'struct event' to avoid naming conflict
        powerpc/bpf: Update ldimm64 instructions during extra pass
        powerpc32/bpf: Fix codegen for bpf-to-bpf calls
        bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
      dd81e1c7
    • Linus Torvalds's avatar
      Merge tag 'irq_urgent_for_v5.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · ac5a9bb6
      Linus Torvalds authored
      Pull irq fix from Borislav Petkov:
       "A single use-after-free fix in the PCI MSI irq domain allocation path"
      
      * tag 'irq_urgent_for_v5.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        PCI/MSI: Prevent UAF in error path
      ac5a9bb6
    • Linus Torvalds's avatar
      Merge tag 'sched_urgent_for_v5.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 10c64a0f
      Linus Torvalds authored
      Pull scheduler fixes from Borislav Petkov:
       "A bunch of fixes: forced idle time accounting, utilization values
        propagation in the sched hierarchies and other minor cleanups and
        improvements"
      
      * tag 'sched_urgent_for_v5.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        kernel/sched: Remove dl_boosted flag comment
        sched: Avoid double preemption in __cond_resched_*lock*()
        sched/fair: Fix all kernel-doc warnings
        sched/core: Accounting forceidle time for all tasks except idle task
        sched/pelt: Relax the sync of load_sum with load_avg
        sched/pelt: Relax the sync of runnable_sum with runnable_avg
        sched/pelt: Continue to relax the sync of util_sum with util_avg
        sched/pelt: Relax the sync of util_sum with util_avg
        psi: Fix uaf issue when psi trigger is destroyed while being polled
      10c64a0f
    • Linus Torvalds's avatar
      Merge tag 'perf_urgent_for_v5.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 0f9e0422
      Linus Torvalds authored
      Pull perf fixes from Borislav Petkov:
      
       - Add support for accessing the general purpose counters on Alder Lake
         via MMIO
      
       - Add new LBR format v7 support which is v5 modulo TSX
      
       - Fix counter enumeration on Alder Lake hybrids
      
       - Overhaul how context time updates are done and get rid of
         perf_event::shadow_ctx_time.
      
       - The usual amount of fixes: event mask correction, supported event
         types reporting, etc.
      
      * tag 'perf_urgent_for_v5.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/perf: Avoid warning for Arch LBR without XSAVE
        perf/x86/intel/uncore: Add IMC uncore support for ADL
        perf/x86/intel/lbr: Add static_branch for LBR INFO flags
        perf/x86/intel/lbr: Support LBR format V7
        perf/x86/rapl: fix AMD event handling
        perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
        perf/x86/intel: Add a quirk for the calculation of the number of counters on Alder Lake
        perf: Fix perf_event_read_local() time
      0f9e0422
    • Linus Torvalds's avatar
      Linux 5.17-rc1 · e783362e
      Linus Torvalds authored
      e783362e
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-for-v5.17-2022-01-22' of... · 40c84321
      Linus Torvalds authored
      Merge tag 'perf-tools-for-v5.17-2022-01-22' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull more perf tools updates from Arnaldo Carvalho de Melo:
      
       - Fix printing 'phys_addr' in 'perf script'.
      
       - Fix failure to add events with 'perf probe' in ppc64 due to not
         removing leading dot (ppc64 ABIv1).
      
       - Fix cpu_map__item() python binding building.
      
       - Support event alias in form foo-bar-baz, add pmu-events and
         parse-event tests for it.
      
       - No need to setup affinities when starting a workload or attaching to
         a pid.
      
       - Use path__join() to compose a path instead of ad-hoc snprintf()
         equivalent.
      
       - Override attr->sample_period for non-libpfm4 events.
      
       - Use libperf cpumap APIs instead of accessing the internal state
         directly.
      
       - Sync x86 arch prctl headers and files changed by the new
         set_mempolicy_home_node syscall with the kernel sources.
      
       - Remove duplicate include in cpumap.h.
      
       - Remove redundant err variable.
      
      * tag 'perf-tools-for-v5.17-2022-01-22' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf tools: Remove redundant err variable
        perf test: Add parse-events test for aliases with hyphens
        perf test: Add pmu-events test for aliases with hyphens
        perf parse-events: Support event alias in form foo-bar-baz
        perf evsel: Override attr->sample_period for non-libpfm4 events
        perf cpumap: Remove duplicate include in cpumap.h
        perf cpumap: Migrate to libperf cpumap api
        perf python: Fix cpu_map__item() building
        perf script: Fix printing 'phys_addr' failure issue
        tools headers UAPI: Sync files changed by new set_mempolicy_home_node syscall
        tools headers UAPI: Sync x86 arch prctl headers with the kernel sources
        perf machine: Use path__join() to compose a path instead of snprintf(dir, '/', filename)
        perf evlist: No need to setup affinities when disabling events for pid targets
        perf evlist: No need to setup affinities when enabling events for pid targets
        perf stat: No need to setup affinities when starting a workload
        perf affinity: Allow passing a NULL arg to affinity__cleanup()
        perf probe: Fix ppc64 'perf probe add events failed' case
      40c84321
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 67bfce0e
      Linus Torvalds authored
      Pull ftrace fix from Steven Rostedt:
       "Fix s390 breakage from sorting mcount tables.
      
        The latest merge of the tracing tree sorts the mcount table at build
        time. But s390 appears to do things differently (like always) and
        replaces the sorted table back to the original unsorted one. As the
        ftrace algorithm depends on it being sorted, bad things happen when it
        is not, and s390 experienced those bad things.
      
        Add a new config to tell the boot if the mcount table is sorted or
        not, and allow s390 to opt out of it"
      
      * tag 'trace-v5.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        ftrace: Fix assuming build time sort works for s390
      67bfce0e
    • Steven Rostedt (Google)'s avatar
      ftrace: Fix assuming build time sort works for s390 · 6b9b6413
      Steven Rostedt (Google) authored
      To speed up the boot process, as mcount_loc needs to be sorted for ftrace
      to work properly, sorting it at build time is more efficient than boot up
      and can save milliseconds of time. Unfortunately, this change broke s390
      as it will modify the mcount_loc location after the sorting takes place
      and will put back the unsorted locations. Since the sorting is skipped at
      boot up if it is believed that it was sorted at run time, ftrace can crash
      as its algorithms are dependent on the list being sorted.
      
      Add a new config BUILDTIME_MCOUNT_SORT that is set when
      BUILDTIME_TABLE_SORT but not if S390 is set. Use this config to determine
      if sorting should take place at boot up.
      
      Link: https://lore.kernel.org/all/yt9dee51ctfn.fsf@linux.ibm.com/
      
      Fixes: 72b3942a ("scripts: ftrace - move the sort-processing in ftrace_init")
      Reported-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Tested-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      6b9b6413
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v5.17' of... · 473aec0e
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - Bring include/uapi/linux/nfc.h into the UAPI compile-test coverage
      
       - Revert the workaround of CONFIG_CC_IMPLICIT_FALLTHROUGH
      
       - Fix build errors in certs/Makefile
      
      * tag 'kbuild-fixes-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        certs: Fix build error when CONFIG_MODULE_SIG_KEY is empty
        certs: Fix build error when CONFIG_MODULE_SIG_KEY is PKCS#11 URI
        Revert "Makefile: Do not quote value for CONFIG_CC_IMPLICIT_FALLTHROUGH"
        usr/include/Makefile: add linux/nfc.h to the compile-test coverage
      473aec0e
    • Linus Torvalds's avatar
      Merge tag 'bitmap-5.17-rc1' of git://github.com/norov/linux · 3689f9f8
      Linus Torvalds authored
      Pull bitmap updates from Yury Norov:
      
       - introduce for_each_set_bitrange()
      
       - use find_first_*_bit() instead of find_next_*_bit() where possible
      
       - unify for_each_bit() macros
      
      * tag 'bitmap-5.17-rc1' of git://github.com/norov/linux:
        vsprintf: rework bitmap_list_string
        lib: bitmap: add performance test for bitmap_print_to_pagebuf
        bitmap: unify find_bit operations
        mm/percpu: micro-optimize pcpu_is_populated()
        Replace for_each_*_bit_from() with for_each_*_bit() where appropriate
        find: micro-optimize for_each_{set,clear}_bit()
        include/linux: move for_each_bit() macros from bitops.h to find.h
        cpumask: replace cpumask_next_* with cpumask_first_* where appropriate
        tools: sync tools/bitmap with mother linux
        all: replace find_next{,_zero}_bit with find_first{,_zero}_bit where appropriate
        cpumask: use find_first_and_bit()
        lib: add find_first_and_bit()
        arch: remove GENERIC_FIND_FIRST_BIT entirely
        include: move find.h from asm_generic to linux
        bitops: move find_bit_*_le functions from le.h to find.h
        bitops: protect find_first_{,zero}_bit properly
      3689f9f8
  7. 22 Jan, 2022 13 commits