1. 04 Aug, 2023 2 commits
    • David Howells's avatar
      crypto, cifs: fix error handling in extract_iter_to_sg() · f443fd5a
      David Howells authored
      Fix error handling in extract_iter_to_sg().  Pages need to be unpinned, not
      put in extract_user_to_sg() when handling IOVEC/UBUF sources.
      
      The bug may result in a warning like the following:
      
        WARNING: CPU: 1 PID: 20384 at mm/gup.c:229 __lse_atomic_add arch/arm64/include/asm/atomic_lse.h:27 [inline]
        WARNING: CPU: 1 PID: 20384 at mm/gup.c:229 arch_atomic_add arch/arm64/include/asm/atomic.h:28 [inline]
        WARNING: CPU: 1 PID: 20384 at mm/gup.c:229 raw_atomic_add include/linux/atomic/atomic-arch-fallback.h:537 [inline]
        WARNING: CPU: 1 PID: 20384 at mm/gup.c:229 atomic_add include/linux/atomic/atomic-instrumented.h:105 [inline]
        WARNING: CPU: 1 PID: 20384 at mm/gup.c:229 try_grab_page+0x108/0x160 mm/gup.c:252
        ...
        pc : try_grab_page+0x108/0x160 mm/gup.c:229
        lr : follow_page_pte+0x174/0x3e4 mm/gup.c:651
        ...
        Call trace:
         __lse_atomic_add arch/arm64/include/asm/atomic_lse.h:27 [inline]
         arch_atomic_add arch/arm64/include/asm/atomic.h:28 [inline]
         raw_atomic_add include/linux/atomic/atomic-arch-fallback.h:537 [inline]
         atomic_add include/linux/atomic/atomic-instrumented.h:105 [inline]
         try_grab_page+0x108/0x160 mm/gup.c:252
         follow_pmd_mask mm/gup.c:734 [inline]
         follow_pud_mask mm/gup.c:765 [inline]
         follow_p4d_mask mm/gup.c:782 [inline]
         follow_page_mask+0x12c/0x2e4 mm/gup.c:839
         __get_user_pages+0x174/0x30c mm/gup.c:1217
         __get_user_pages_locked mm/gup.c:1448 [inline]
         __gup_longterm_locked+0x94/0x8f4 mm/gup.c:2142
         internal_get_user_pages_fast+0x970/0xb60 mm/gup.c:3140
         pin_user_pages_fast+0x4c/0x60 mm/gup.c:3246
         iov_iter_extract_user_pages lib/iov_iter.c:1768 [inline]
         iov_iter_extract_pages+0xc8/0x54c lib/iov_iter.c:1831
         extract_user_to_sg lib/scatterlist.c:1123 [inline]
         extract_iter_to_sg lib/scatterlist.c:1349 [inline]
         extract_iter_to_sg+0x26c/0x6fc lib/scatterlist.c:1339
         hash_sendmsg+0xc0/0x43c crypto/algif_hash.c:117
         sock_sendmsg_nosec net/socket.c:725 [inline]
         sock_sendmsg+0x54/0x60 net/socket.c:748
         ____sys_sendmsg+0x270/0x2ac net/socket.c:2494
         ___sys_sendmsg+0x80/0xdc net/socket.c:2548
         __sys_sendmsg+0x68/0xc4 net/socket.c:2577
         __do_sys_sendmsg net/socket.c:2586 [inline]
         __se_sys_sendmsg net/socket.c:2584 [inline]
         __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2584
         __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
         invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
         el0_svc_common.constprop.0+0x44/0xe4 arch/arm64/kernel/syscall.c:142
         do_el0_svc+0x38/0xa4 arch/arm64/kernel/syscall.c:191
         el0_svc+0x2c/0xb0 arch/arm64/kernel/entry-common.c:647
         el0t_64_sync_handler+0xc0/0xc4 arch/arm64/kernel/entry-common.c:665
         el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:591
      
      Link: https://lkml.kernel.org/r/20571.1690369076@warthog.procyon.org.uk
      Fixes: 01858469 ("netfs: Add a function to extract an iterator into a scatterlist")
      Reported-by: syzbot+9b82859567f2e50c123e@syzkaller.appspotmail.com
      Link: https://lore.kernel.org/linux-mm/000000000000273d0105ff97bf56@google.com/Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Acked-by: default avatarSteve French <stfrench@microsoft.com>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Jeff Layton <jlayton@kernel.org>
      Cc: Shyam Prasad N <nspmangalore@gmail.com>
      Cc: Rohith Surabattula <rohiths.msft@gmail.com>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Jakub Kicinski <kuba@kernel.org>
      Cc: Paolo Abeni <pabeni@redhat.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      f443fd5a
    • Andrew Yang's avatar
      zsmalloc: fix races between modifications of fullness and isolated · 4b5d1e47
      Andrew Yang authored
      We encountered many kernel exceptions of VM_BUG_ON(zspage->isolated ==
      0) in dec_zspage_isolation() and BUG_ON(!pages[1]) in zs_unmap_object()
      lately.  This issue only occurs when migration and reclamation occur at
      the same time.
      
      With our memory stress test, we can reproduce this issue several times
      a day.  We have no idea why no one else encountered this issue.  BTW,
      we switched to the new kernel version with this defect a few months
      ago.
      
      Since fullness and isolated share the same unsigned int, modifications of
      them should be protected by the same lock.
      
      [andrew.yang@mediatek.com: move comment]
        Link: https://lkml.kernel.org/r/20230727062910.6337-1-andrew.yang@mediatek.com
      Link: https://lkml.kernel.org/r/20230721063705.11455-1-andrew.yang@mediatek.com
      Fixes: c4549b87 ("zsmalloc: remove zspage isolation for migration")
      Signed-off-by: default avatarAndrew Yang <andrew.yang@mediatek.com>
      Reviewed-by: default avatarSergey Senozhatsky <senozhatsky@chromium.org>
      Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
      Cc: Matthias Brugger <matthias.bgg@gmail.com>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      4b5d1e47
  2. 30 Jul, 2023 14 commits
    • Linus Torvalds's avatar
      Linux 6.5-rc4 · 5d0c230f
      Linus Torvalds authored
      5d0c230f
    • Linus Torvalds's avatar
      Merge tag 'spi-fix-v6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · d5bb4b89
      Linus Torvalds authored
      Pull spi fixes from Mark Brown:
       "A bunch of fixes for the Qualcomm QSPI driver, fixing multiple issues
        with the newly added DMA mode - it had a number of issues exposed when
        tested in a wider range of use cases, both race condition style issues
        and issues with different inputs to those that had been used in test"
      
      * tag 'spi-fix-v6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: spi-qcom-qspi: Add mem_ops to avoid PIO for badly sized reads
        spi: spi-qcom-qspi: Fallback to PIO for xfers that aren't multiples of 4 bytes
        spi: spi-qcom-qspi: Add DMA_CHAIN_DONE to ALL_IRQS
        spi: spi-qcom-qspi: Call dma_wmb() after setting up descriptors
        spi: spi-qcom-qspi: Use GFP_ATOMIC flag while allocating for descriptor
        spi: spi-qcom-qspi: Ignore disabled interrupts' status in isr
      d5bb4b89
    • Linus Torvalds's avatar
      Merge tag 'regulator-fix-v6.5-rc3' of... · 3dfe6886
      Linus Torvalds authored
      Merge tag 'regulator-fix-v6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
      
      Pull regulator fixes from Mark Brown:
       "A couple of small fixes for the the mt6358 driver, fixing error
        reporting and a bootstrapping issue"
      
      * tag 'regulator-fix-v6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
        regulator: mt6358: Fix incorrect VCN33 sync error message
        regulator: mt6358: Sync VCN33_* enable status after checking ID
      3dfe6886
    • Linus Torvalds's avatar
      Merge tag 'usb-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 88f66f13
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a set of USB driver fixes for 6.5-rc4. Include in here are:
      
         - new USB serial device ids
      
         - dwc3 driver fixes for reported issues
      
         - typec driver fixes for reported problems
      
         - gadget driver fixes
      
         - reverts of some problematic USB changes that went into -rc1
      
        All of these have been in linux-next with no reported problems"
      
      * tag 'usb-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (24 commits)
        usb: misc: ehset: fix wrong if condition
        usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
        usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config
        usb: gadget: call usb_gadget_check_config() to verify UDC capability
        usb: typec: Use sysfs_emit_at when concatenating the string
        usb: typec: Iterate pds array when showing the pd list
        usb: typec: Set port->pd before adding device for typec_port
        usb: typec: qcom: fix return value check in qcom_pmic_typec_probe()
        Revert "usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()"
        Revert "usb: xhci: tegra: Fix error check"
        USB: gadget: Fix the memory leak in raw_gadget driver
        usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
        Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
        Revert "xhci: add quirk for host controllers that don't update endpoint DCS"
        USB: quirks: add quirk for Focusrite Scarlett
        usb: xhci-mtk: set the dma max_seg_size
        MAINTAINERS: drop invalid usb/cdns3 Reviewer e-mail
        usb: dwc3: don't reset device side if dwc3 was configured as host-only
        usb: typec: ucsi: move typec_set_mode(TYPEC_STATE_SAFE) to ucsi_unregister_partner()
        usb: ohci-at91: Fix the unhandle interrupt when resume
        ...
      88f66f13
    • Linus Torvalds's avatar
      Merge tag 'tty-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · e6d34ced
      Linus Torvalds authored
      Pull tty/serial fixes from Greg KH:
       "Here are some small TTY and serial driver fixes for 6.5-rc4 for some
        reported problems. Included in here is:
      
         - TIOCSTI fix for braille readers
      
         - documentation fix for minor numbers
      
         - MAINTAINERS update for new serial files in -rc1
      
         - minor serial driver fixes for reported problems
      
        All of these have been in linux-next with no reported problems"
      
      * tag 'tty-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        serial: 8250_dw: Preserve original value of DLF register
        tty: serial: sh-sci: Fix sleeping in atomic context
        serial: sifive: Fix sifive_serial_console_setup() section
        Documentation: devices.txt: reconcile serial/ucc_uart minor numers
        MAINTAINERS: Update TTY layer for lists and recently added files
        tty: n_gsm: fix UAF in gsm_cleanup_mux
        TIOCSTI: always enable for CAP_SYS_ADMIN
      e6d34ced
    • Linus Torvalds's avatar
      Merge tag 'staging-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 3d6b77a8
      Linus Torvalds authored
      Pull staging driver fixes from Greg KH:
       "Here are three small staging driver fixes for 6.5-rc4 that resolve
        some reported problems. These fixes are:
      
         - fix for an old bug in the r8712 driver
      
         - fbtft driver fix for a spi device
      
         - potential overflow fix in the ks7010 driver
      
        All of these have been in linux-next with no reported problems"
      
      * tag 'staging-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
        staging: fbtft: ili9341: use macro FBTFT_REGISTER_SPI_DRIVER
        staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
      3d6b77a8
    • Linus Torvalds's avatar
      Merge tag 'char-misc-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · cf270e7b
      Linus Torvalds authored
      Pull char driver and Documentation fixes from Greg KH:
       "Here is a char driver fix and some documentation updates for 6.5-rc4
        that contain the following changes:
      
         - sram/genalloc bugfix for reported problem
      
         - security-bugs.rst update based on recent discussions
      
         - embargoed-hardware-issues minor cleanups and then partial revert
           for the project/company lists
      
        All of these have been in linux-next for a while with no reported
        problems, and the documentation updates have all been reviewed by the
        relevant developers"
      
      * tag 'char-misc-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        misc/genalloc: Name subpools by of_node_full_name()
        Documentation: embargoed-hardware-issues.rst: add AMD to the list
        Documentation: embargoed-hardware-issues.rst: clean out empty and unused entries
        Documentation: security-bugs.rst: clarify CVE handling
        Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
      cf270e7b
    • Linus Torvalds's avatar
      Merge tag 'probes-fixes-v6.5-rc3' of... · b0b9850e
      Linus Torvalds authored
      Merge tag 'probes-fixes-v6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
      
      Pull probe fixes from Masami Hiramatsu:
      
       - probe-events: add NULL check for some BTF API calls which can return
         error code and NULL.
      
       - ftrace selftests: check fprobe and kprobe event correctly. This fixes
         a miss condition of the test command.
      
       - kprobes: do not allow probing functions that start with "__cfi_" or
         "__pfx_" since those are auto generated for kernel CFI and not
         executed.
      
      * tag 'probes-fixes-v6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
        kprobes: Prohibit probing on CFI preamble symbol
        selftests/ftrace: Fix to check fprobe event eneblement
        tracing/probes: Fix to add NULL check for BTF APIs
      b0b9850e
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 98a05fe8
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "x86:
      
         - Do not register IRQ bypass consumer if posted interrupts not
           supported
      
         - Fix missed device interrupt due to non-atomic update of IRR
      
         - Use GFP_KERNEL_ACCOUNT for pid_table in ipiv
      
         - Make VMREAD error path play nice with noinstr
      
         - x86: Acquire SRCU read lock when handling fastpath MSR writes
      
         - Support linking rseq tests statically against glibc 2.35+
      
         - Fix reference count for stats file descriptors
      
         - Detect userspace setting invalid CR0
      
        Non-KVM:
      
         - Remove coccinelle script that has caused multiple confusion
           ("debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE()
           usage", acked by Greg)"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (21 commits)
        KVM: selftests: Expand x86's sregs test to cover illegal CR0 values
        KVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest
        KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid
        Revert "debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE() usage"
        KVM: selftests: Verify stats fd is usable after VM fd has been closed
        KVM: selftests: Verify stats fd can be dup()'d and read
        KVM: selftests: Verify userspace can create "redundant" binary stats files
        KVM: selftests: Explicitly free vcpus array in binary stats test
        KVM: selftests: Clean up stats fd in common stats_test() helper
        KVM: selftests: Use pread() to read binary stats header
        KVM: Grab a reference to KVM for VM and vCPU stats file descriptors
        selftests/rseq: Play nice with binaries statically linked against glibc 2.35+
        Revert "KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid"
        KVM: x86: Acquire SRCU read lock when handling fastpath MSR writes
        KVM: VMX: Use vmread_error() to report VM-Fail in "goto" path
        KVM: VMX: Make VMREAD error path play nice with noinstr
        KVM: x86/irq: Conditionally register IRQ bypass consumer again
        KVM: X86: Use GFP_KERNEL_ACCOUNT for pid_table in ipiv
        KVM: x86: check the kvm_cpu_get_interrupt result before using it
        KVM: x86: VMX: set irr_pending in kvm_apic_update_irr
        ...
      98a05fe8
    • Linus Torvalds's avatar
      Merge tag 'locking_urgent_for_v6.5_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · c959e900
      Linus Torvalds authored
      Pull locking fix from Borislav Petkov:
      
       - Fix a rtmutex race condition resulting from sharing of the sort key
         between the lock waiters and the PI chain tree (->pi_waiters) of a
         task by giving each tree their own sort key
      
      * tag 'locking_urgent_for_v6.5_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/rtmutex: Fix task->pi_waiters integrity
      c959e900
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v6.5_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d410b62e
      Linus Torvalds authored
      Pull x86 fixes from Borislav Petkov:
      
       - AMD's automatic IBRS doesn't enable cross-thread branch target
         injection protection (STIBP) for user processes. Enable STIBP on such
         systems.
      
       - Do not delete (but put the ref instead) of AMD MCE error thresholding
         sysfs kobjects when destroying them in order not to delete the kernfs
         pointer prematurely
      
       - Restore annotation in ret_from_fork_asm() in order to fix kthread
         stack unwinding from being marked as unreliable and thus breaking
         livepatching
      
      * tag 'x86_urgent_for_v6.5_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
        x86/MCE/AMD: Decrement threshold_bank refcount when removing threshold blocks
        x86: Fix kthread unwind
      d410b62e
    • Linus Torvalds's avatar
      Merge tag 'irq_urgent_for_v6.5_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · eb9fe179
      Linus Torvalds authored
      Pull irq fixes from Borislav Petkov:
      
       - Work around an erratum on GIC700, where a race between a CPU handling
         a wake-up interrupt, a change of affinity, and another CPU going to
         sleep can result in a lack of wake-up event on the next interrupt
      
       - Fix the locking required on a VPE for GICv4
      
       - Enable Rockchip 3588001 erratum workaround for RK3588S
      
       - Fix the irq-bcm6345-l1 assumtions of the boot CPU always be the first
         CPU in the system
      
      * tag 'irq_urgent_for_v6.5_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/gic-v3: Workaround for GIC-700 erratum 2941627
        irqchip/gic-v3: Enable Rockchip 3588001 erratum workaround for RK3588S
        irqchip/gic-v4.1: Properly lock VPEs when doing a directLPI invalidation
        irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
      eb9fe179
    • Linus Torvalds's avatar
      Merge tag '6.5-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 · d31e3792
      Linus Torvalds authored
      Pull smb client fixes from Steve French:
       "Four small SMB3 client fixes:
      
         - two reconnect fixes (to address the case where non-default
           iocharset gets incorrectly overridden at reconnect with the
           default charset)
      
         - fix for NTLMSSP_AUTH request setting a flag incorrectly)
      
         - Add missing check for invalid tlink (tree connection) in ioctl"
      
      * tag '6.5-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: add missing return value check for cifs_sb_tlink
        smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request
        cifs: fix charset issue in reconnection
        fs/nls: make load_nls() take a const parameter
      d31e3792
    • Linus Torvalds's avatar
      Merge tag 'trace-v6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace · b88e123c
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
      
       - Fix to /sys/kernel/tracing/per_cpu/cpu*/stats read and entries.
      
         If a resize shrinks the buffer it clears the read count to notify
         readers that they need to reset. But the read count is also used for
         accounting and this causes the numbers to be off. Instead, create a
         separate variable to use to notify readers to reset.
      
       - Fix the ref counts of the "soft disable" mode. The wrong value was
         used for testing if soft disable mode should be enabled or disable,
         but instead, just change the logic to do the enable and disable in
         place when the SOFT_MODE is set or cleared.
      
       - Several kernel-doc fixes
      
       - Removal of unused external declarations
      
      * tag 'trace-v6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
        tracing: Fix warning in trace_buffered_event_disable()
        ftrace: Remove unused extern declarations
        tracing: Fix kernel-doc warnings in trace_seq.c
        tracing: Fix kernel-doc warnings in trace_events_trigger.c
        tracing/synthetic: Fix kernel-doc warnings in trace_events_synth.c
        ring-buffer: Fix kernel-doc warnings in ring_buffer.c
        ring-buffer: Fix wrong stat of cpu_buffer->read
      b88e123c
  3. 29 Jul, 2023 24 commits