Forum | Documentation | Website | Blog

Skip to content
Snippets Groups Projects
  1. Apr 23, 2022
  2. Apr 22, 2022
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · c00c5e1d
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "Fix some syzbot-detected bugs, as well as other bugs found by I/O
        injection testing.
      
        Change ext4's fallocate to consistently drop set[ug]id bits when an
        fallocate operation might possibly change the user-visible contents of
        a file.
      
        Also, improve handling of potentially invalid values in the the
        s_overhead_cluster superblock field to avoid ext4 returning a negative
        number of free blocks"
      
      * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        jbd2: fix a potential race while discarding reserved buffers after an abort
        ext4: update the cached overhead value in the superblock
        ext4: force overhead calculation if the s_overhead_cluster makes no sense
        ext4: fix overhead calculation to account for the reserved gdt blocks
        ext4, doc: fix incorrect h_reserved size
        ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
        ext4: fix use-after-free in ext4_search_dir
        ext4: fix bug_on in start_this_handle during umount filesystem
        ext4: fix symlink file size not match to file content
        ext4: fix fallocate to use file_modified to update permissions consistently
      c00c5e1d
    • Linus Torvalds's avatar
      Merge tag 'ata-5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata · 2e5991fa
      Linus Torvalds authored
      Pull ATA fix from Damien Le Moal:
       "A single fix to avoid a NULL pointer dereference in the pata_marvell
        driver with adapters not supporting DMA, from Zheyu"
      
      * tag 'ata-5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata:
        ata: pata_marvell: Check the 'bmdma_addr' beforing reading
      2e5991fa
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · bb4ce2c6
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "The main and larger change here is a workaround for AMD's lack of
        cache coherency for encrypted-memory guests.
      
        I have another patch pending, but it's waiting for review from the
        architecture maintainers.
      
        RISC-V:
      
         - Remove 's' & 'u' as valid ISA extension
      
         - Do not allow disabling the base extensions 'i'/'m'/'a'/'c'
      
        x86:
      
         - Fix NMI watchdog in guests on AMD
      
         - Fix for SEV cache incoherency issues
      
         - Don't re-acquire SRCU lock in complete_emulated_io()
      
         - Avoid NULL pointer deref if VM creation fails
      
         - Fix race conditions between APICv disabling and vCPU creation
      
         - Bugfixes for disabling of APICv
      
         - Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
      
        selftests:
      
         - Do not use bitfields larger than 32-bits, they differ between GCC
           and clang"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: selftests: introduce and use more page size-related constants
        kvm: selftests: do not use bitfields larger than 32-bits for PTEs
        KVM: SEV: add cache flush to solve SEV cache incoherency issues
        KVM: SVM: Flush when freeing encrypted pages even on SME_COHERENT CPUs
        KVM: SVM: Simplify and harden helper to flush SEV guest page(s)
        KVM: selftests: Silence compiler warning in the kvm_page_table_test
        KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog
        x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
        KVM: SPDX style and spelling fixes
        KVM: x86: Skip KVM_GUESTDBG_BLOCKIRQ APICv update if APICv is disabled
        KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race
        KVM: nVMX: Defer APICv updates while L2 is active until L1 is active
        KVM: x86: Tag APICv DISABLE inhibit, not ABSENT, if APICv is disabled
        KVM: Initialize debugfs_dentry when a VM is created to avoid NULL deref
        KVM: Add helpers to wrap vcpu->srcu_idx and yell if it's abused
        KVM: RISC-V: Use kvm_vcpu.srcu_idx, drop RISC-V's unnecessary copy
        KVM: x86: Don't re-acquire SRCU lock in complete_emulated_io()
        RISC-V: KVM: Restrict the extensions that can be disabled
        RISC-V: KVM: Remove 's' & 'u' as valid ISA extension
      bb4ce2c6
    • Mario Limonciello's avatar
      gpio: Request interrupts after IRQ is initialized · 06fb4ecf
      Mario Limonciello authored
      Commit 5467801f ("gpio: Restrict usage of GPIO chip irq members
      before initialization") attempted to fix a race condition that lead to a
      NULL pointer, but in the process caused a regression for _AEI/_EVT
      declared GPIOs.
      
      This manifests in messages showing deferred probing while trying to
      allocate IRQs like so:
      
        amd_gpio AMDI0030:00: Failed to translate GPIO pin 0x0000 to IRQ, err -517
        amd_gpio AMDI0030:00: Failed to translate GPIO pin 0x002C to IRQ, err -517
        amd_gpio AMDI0030:00: Failed to translate GPIO pin 0x003D to IRQ, err -517
        [ .. more of the same .. ]
      
      The code for walking _AEI doesn't handle deferred probing and so this
      leads to non-functional GPIO interrupts.
      
      Fix this issue by moving the call to `acpi_gpiochip_request_interrupts`
      to occur after gc->irc.initialized is set.
      
      Fixes: 5467801f ("gpio: Restrict usage of GPIO chip irq members before initialization")
      Link: https://lore.kernel.org/linux-gpio/BL1PR12MB51577A77F000A008AA694675E2EF9@BL1PR12MB5157.namprd12.prod.outlook.com/
      Link: https://bugzilla.suse.com/show_bug.cgi?id=1198697
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=215850
      Link: https://gitlab.freedesktop.org/drm/amd/-/issues/1979
      Link: https://gitlab.freedesktop.org/drm/amd/-/issues/1976
      
      
      Reported-by: default avatarMario Limonciello <mario.limonciello@amd.com>
      Signed-off-by: default avatarMario Limonciello <mario.limonciello@amd.com>
      Reviewed-by: default avatarShreeya Patel <shreeya.patel@collabora.com>
      Tested-By: default avatarSamuel Čavoj <samuel@cavoj.net>
      Tested-By: lukeluk498@gmail.com Link:
      Reviewed-by: default avatarAndy Shevchenko <andy.shevchenko@gmail.com>
      Acked-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Reviewed-and-tested-by: default avatarTakashi Iwai <tiwai@suse.de>
      Cc: Shreeya Patel <shreeya.patel@collabora.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      06fb4ecf
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 4e339e5e
      Linus Torvalds authored
      Pull RISC-V fixes Palmer Dabbelt:
      
       - A pair of build fixes for the recent cpuidle driver
      
       - A fix for systems without sv57 that manifests as a crash
         early in boot
      
      * tag 'riscv-for-linus-5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        RISC-V: cpuidle: fix Kconfig select for RISCV_SBI_CPUIDLE
        RISC-V: mm: Fix set_satp_mode() for platform not having Sv57
        cpuidle: riscv: support non-SMP config
      4e339e5e
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 7200095f
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "There's no real pattern to the fixes, but the main one fixes our
        pmd_leaf() definition to resolve a NULL dereference on the migration
        path.
      
         - Fix PMU event validation in the absence of any event counters
      
         - Fix allmodconfig build using clang in conjunction with binutils
      
         - Fix definitions of pXd_leaf() to handle PROT_NONE entries
      
         - More typo fixes"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: mm: fix p?d_leaf()
        arm64: fix typos in comments
        arm64: Improve HAVE_DYNAMIC_FTRACE_WITH_REGS selection for clang
        arm_pmu: Validate single/group leader events
      7200095f
    • Linus Torvalds's avatar
      Merge tag 'xarray-5.18a' of git://git.infradead.org/users/willy/xarray · 22f19f67
      Linus Torvalds authored
      Pull xarray fixes from Matthew Wilcox:
       "Syzbot found a nasty race between large page splitting and page
        lookup. Details in the commit log, but fortunately it has a reliable
        reproducer. I thought it better to send this one to you straight away.
      
        Also fix the test suite build for kmem_cache_alloc_lru()"
      
      * tag 'xarray-5.18a' of git://git.infradead.org/users/willy/xarray:
        XArray: Disallow sibling entries of nodes
        tools: Add kmem_cache_alloc_lru()
      22f19f67
    • Linus Torvalds's avatar
      Merge tag '5.18-rc3-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 88c5060d
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Four fixes, two of them for stable:
      
         - fcollapse fix
      
         - reconnect lock fix
      
         - DFS oops fix
      
         - minor cleanup patch"
      
      * tag '5.18-rc3-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: destage any unwritten data to the server before calling copychunk_write
        cifs: use correct lock type in cifs_reconnect()
        cifs: fix NULL ptr dereference in refresh_mounts()
        cifs: Use kzalloc instead of kmalloc/memset
      88c5060d
    • Linus Torvalds's avatar
      Merge tag 'fs.fixes.v5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux · 279b83c6
      Linus Torvalds authored
      Pull mount_setattr fix from Christian Brauner:
       "The recent cleanup in e257039f ("mount_setattr(): clean the
        control flow and calling conventions") switched the mount attribute
        codepaths from do-while to for loops as they are more idiomatic when
        walking mounts.
      
        However, we did originally choose do-while constructs because if we
        request a mount or mount tree to be made read-only we need to hold
        writers in the following way: The mount attribute code will grab
        lock_mount_hash() and then call mnt_hold_writers() which will
        _unconditionally_ set MNT_WRITE_HOLD on the mount.
      
        Any callers that need write access have to call mnt_want_write(). They
        will immediately see that MNT_WRITE_HOLD is set on the mount and the
        caller will then either spin (on non-preempt-rt) or wait on
        lock_mount_hash() (on preempt-rt).
      
        The fact that MNT_WRITE_HOLD is set unconditionally means that once
        mnt_hold_writers() returns we need to _always_ pair it with
        mnt_unhold_writers() in both the failure and success paths.
      
        The do-while constructs did take care of this. But Al's change to a
        for loop in the failure path stops on the first mount we failed to
        change mount attributes _without_ going into the loop to call
        mnt_unhold_writers().
      
        This in turn means that once we failed to make a mount read-only via
        mount_setattr() - i.e. there are already writers on that mount - we
        will block any writers indefinitely. Fix this by ensuring that the for
        loop always unsets MNT_WRITE_HOLD including the first mount we failed
        to change to read-only. Also sprinkle a few comments into the cleanup
        code to remind people about what is happening including myself. After
        all, I didn't catch it during review.
      
        This is only relevant on mainline and was reported by syzbot. Details
        about the syzbot reports are all in the commit message"
      
      * tag 'fs.fixes.v5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
        fs: unset MNT_WRITE_HOLD on failure
      279b83c6
    • Linus Torvalds's avatar
      Merge tag 'sound-5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 2d230968
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "At this time, the majority of changes are for pending ASoC fixes while
        a few usual HD-audio and USB-audio quirks are found.
      
        Almost all patches are small device-specific fixes, and nothing
        worrisome stands out, so far"
      
      * tag 'sound-5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (37 commits)
        ALSA: hda/realtek: Add quirk for Clevo NP70PNP
        ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs
        ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9
        ALSA: usb-audio: Clear MIDI port active flag after draining
        ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX.
        ALSA: hda/i915: Fix one too many pci_dev_put()
        ALSA: hda/hdmi: add HDMI codec VID for Raptorlake-P
        ALSA: hda/hdmi: fix warning about PCM count when used with SOF
        sound/oss/dmasound: fix 'dmasound_setup' defined but not used
        firmware: cs_dsp: Fix overrun of unterminated control name string
        ASoC: codecs: Fix an error handling path in (rx|tx|va)_macro_probe()
        ASoC: Intel: sof_es8336: Add a quirk for Huawei Matebook D15
        ASoC: Intel: sof_es8336: add a quirk for headset at mic1 port
        ASoC: Intel: sof_es8336: support a separate gpio to control headphone
        ASoC: Intel: sof_es8336: simplify speaker gpio naming
        ASoC: wm8731: Disable the regulator when probing fails
        ASoC: Intel: soc-acpi: correct device endpoints for max98373
        ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use
        ASoC: SOF: topology: Fix memory leak in sof_control_load()
        ASoC: SOF: topology: cleanup dailinks on widget unload
        ...
      2d230968
    • Matthew Wilcox (Oracle)'s avatar
      XArray: Disallow sibling entries of nodes · 63b1898f
      Matthew Wilcox (Oracle) authored
      There is a race between xas_split() and xas_load() which can result in
      the wrong page being returned, and thus data corruption.  Fortunately,
      it's hard to hit (syzbot took three months to find it) and often guarded
      with VM_BUG_ON().
      
      The anatomy of this race is:
      
      thread A			thread B
      order-9 page is stored at index 0x200
      				lookup of page at index 0x274
      page split starts
      				load of sibling entry at offset 9
      stores nodes at offsets 8-15
      				load of entry at offset 8
      
      The entry at offset 8 turns out to be a node, and so we descend into it,
      and load the page at index 0x234 instead of 0x274.  This is hard to fix
      on the split side; we could replace the entire node that contains the
      order-9 page instead of replacing the eight entries.  Fixing it on
      the lookup side is easier; just disallow sibling entries that point
      to nodes.  This cannot ever be a useful thing as the descent would not
      know the correct offset to use within the new node.
      
      The test suite continues to pass...
      63b1898f
    • Matthew Wilcox (Oracle)'s avatar
      tools: Add kmem_cache_alloc_lru() · b9663a6f
      Matthew Wilcox (Oracle) authored
      Turn kmem_cache_alloc() into a wrapper around kmem_cache_alloc_lru().
      
      Fixes: 9bbdc0f3
      
       ("xarray: use kmem_cache_alloc_lru to allocate xa_node")
      Signed-off-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Reported-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Reported-by: default avatarLi Wang <liwang@redhat.com>
      b9663a6f
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · 281b9d9a
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "13 patches.
      
        Subsystems affected by this patch series: mm (memory-failure, memcg,
        userfaultfd, hugetlbfs, mremap, oom-kill, kasan, hmm), and kcov"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
        kcov: don't generate a warning on vm_insert_page()'s failure
        MAINTAINERS: add Vincenzo Frascino to KASAN reviewers
        oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup
        selftest/vm: add skip support to mremap_test
        selftest/vm: support xfail in mremap_test
        selftest/vm: verify remap destination address in mremap_test
        selftest/vm: verify mmap addr in mremap_test
        mm, hugetlb: allow for "high" userspace addresses
        userfaultfd: mark uffd_wp regardless of VM_WRITE flag
        memcg: sync flush only if periodic flush is delayed
        mm/memory-failure.c: skip huge_zero_page in memory_failure()
        mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb()
      281b9d9a
    • Nicholas Piggin's avatar
      mm/vmalloc: huge vmalloc backing pages should be split rather than compound · 3b8000ae
      Nicholas Piggin authored
      Huge vmalloc higher-order backing pages were allocated with __GFP_COMP
      in order to allow the sub-pages to be refcounted by callers such as
      "remap_vmalloc_page [sic]" (remap_vmalloc_range).
      
      However a similar problem exists for other struct page fields callers
      use, for example fb_deferred_io_fault() takes a vmalloc'ed page and
      not only refcounts it but uses ->lru, ->mapping, ->index.
      
      This is not compatible with compound sub-pages, and can cause bad page
      state issues like
      
        BUG: Bad page state in process swapper/0  pfn:00743
        page:(____ptrval____) refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x743
        flags: 0x7ffff000000000(node=0|zone=0|lastcpupid=0x7ffff)
        raw: 007ffff000000000 c00c00000001d0c8 c00c00000001d0c8 0000000000000000
        raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
        page dumped because: corrupted mapping in tail page
        Modules linked in:
        CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.18.0-rc3-00082-gfc6fff4a7ce1-dirty #2810
        Call Trace:
          dump_stack_lvl+0x74/0xa8 (unreliable)
          bad_page+0x12c/0x170
          free_tail_pages_check+0xe8/0x190
          free_pcp_prepare+0x31c/0x4e0
          free_unref_page+0x40/0x1b0
          __vunmap+0x1d8/0x420
          ...
      
      The correct approach is to use split high-order pages for the huge
      vmalloc backing. These allow callers to treat them in exactly the same
      way as individually-allocated order-0 pages.
      
      Link: https://lore.kernel.org/all/14444103-d51b-0fb3-ee63-c3f182f0b546@molgen.mpg.de/
      
      
      Signed-off-by: default avatarNicholas Piggin <npiggin@gmail.com>
      Cc: Paul Menzel <pmenzel@molgen.mpg.de>
      Cc: Song Liu <songliubraving@fb.com>
      Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3b8000ae
    • Muchun Song's avatar
      arm64: mm: fix p?d_leaf() · 23bc8f69
      Muchun Song authored
      The pmd_leaf() is used to test a leaf mapped PMD, however, it misses
      the PROT_NONE mapped PMD on arm64.  Fix it.  A real world issue [1]
      caused by this was reported by Qian Cai. Also fix pud_leaf().
      
      Link: https://patchwork.kernel.org/comment/24798260/ [1]
      Fixes: 8aa82df3
      
       ("arm64: mm: add p?d_leaf() definitions")
      Reported-by: default avatarQian Cai <quic_qiancai@quicinc.com>
      Signed-off-by: default avatarMuchun Song <songmuchun@bytedance.com>
      Link: https://lore.kernel.org/r/20220422060033.48711-1-songmuchun@bytedance.com
      
      
      Signed-off-by: default avatarWill Deacon <will@kernel.org>
      23bc8f69
  3. Apr 21, 2022