- 24 Sep, 2022 22 commits
-
-
наб authored
It's part of the EEPROM format Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/5f1dfa09150be7f23fb275d170c9019b5197a79f.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
It's part of the line protocol Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/a8afed8fb4d7df2c8fb95c3fa758240b2e46cdc8.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
commit f4507164 ("nbd: rename the nbd_device variable from lo to nbd") renamed LO_MAGIC to NBD_MAGIC; commit 5ea8d108 ("nbd: separate out the config information") removed the last users of that Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/10a80681c5966fed1a1afc696e3db114f481514c.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
It's a file format identifier Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/1b21808fb399931eb44f0dc26fda20a632ecc196.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
It's an EEPROM checksum, not a magic number per magic-number.rst Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/8881090c8bf1850e1d3597cb352a8dd1757c94f1.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
At least not in the magic-number.rst sense: it's part of a file format Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/f24a428d82713821ca571bf477a099252d06ae14.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
At least not in the magic-number.rst sense: they're used as part of delineating messages dumping dmesg into Chip RAM on the Amiga with debug=ram Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/c0fe3aadb700621eeee736f0ce6d73aa9d2cf856.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
At least not in the sense described in magic-number.rst: it determines whether the Atari VME Lance Ethernet card has a hardware MAC address or not, and is set thereby to indicate this Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/773e5a8fe80201bed0dff5cdb1ce6f4272b0cc92.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
It's used to control a mysterious register on the DEC DE21040, see comment in drivers/net/ethernet/dec/tulip/de2104x.c Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/ff28a15f9154589788277807523aa71c45c24d28.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
At least not in the sense described here: it delineates UFS cylinder groups, is never assigned, and the only macro that incorporates it (ufs_cg_chkmagic; the second one is unused) is used to detect CGs and protect from filesystem corruption Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/a508477cfeb18eca4a24c29836f809fe34f20467.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
English and it magic-number.rsts were updated when these were removed; the zh translations weren't This equalises these lists to be the same across all translations Automated: grep MAGIC Documentation/translations/process/zh_TW/magic-number.rst | while read -r mag _; do git grep -wF "$mag" | grep -vq \ '^Documentation.*magic-number.rst:' || sed -i "/^$mag/d" \ ./Documentation/{,translations/{zh_CN,zh_TW,it_IT}/}process/magic-number.rst ; done Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/5d9fa062178c45822a600a723f6f71fdb92011f3.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
These lines blame back to their first appearance which cites linux-2.6, and IrDA was finally fully removed in 4.17 with commit d64c2a76 ("staging: irda: remove the irda network stack and drivers") Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/d07ce5b1bc173fd02b7e5b708beb81b9432745f8.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
It was added in 2.5.5 and removed in a 2.6.9 "ALSA CVS update", pre-git, which states: Removal and replacement of magic memory allocators and casts (core part) Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/09e56999b0b323fb0add61f7dbd8c9f0a576561a.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
In fs/hfs, the only magic is for delineating on-disk block types, of which HFS_DRVR_DESC_MAGIC HFS_MFS_SUPER_MAGIC are define-only, but they're out of scope for magic-number.rst Magic numbers as described there were all removed, along their defines, in the 2.6.4 "HFS rewrite", pre-git Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/e67cec702a7ab34a8c5f7966d930d793a097a90f.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
The last user was removed in the 2.6.4 "MIPS mega-patch", pre-git Found with grep MAGIC Documentation/process/magic-number.rst | while read -r mag _; do git grep -wF "$mag" | grep -ve '^Documentation.*magic-number.rst:' \ -qe ':#define '"$mag" || git grep -wF "$mag" | while IFS=: read -r f _; do sed -i '/\b'"$mag"'\b/d' "$f"; done ; done Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/c2e7510beebdd698e20d0704712e623fad00fc1c.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
Appeared in its present state in pre-git (2.5.41), never used Found with grep MAGIC Documentation/process/magic-number.rst | while read -r mag _; do git grep -wF "$mag" | grep -ve '^Documentation.*magic-number.rst:' \ -qe ':#define '"$mag" || git grep -wF "$mag" | while IFS=: read -r f _; do sed -i '/\b'"$mag"'\b/d' "$f"; done ; done Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/f6d375201dfd99416ea03b49b3dd40af56c1537e.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
The last user was removed in 5.1 in commit 08300f44 ("a.out: remove core dumping support") but this is part of the UAPI headers, so this may want to either wait until a.out is removed entirely, or be removed from the magic number doc and silently remain in the header A cursory glance on DCS didn't show any user code actually using this value Found with grep MAGIC Documentation/process/magic-number.rst | while read -r mag _; do git grep -wF "$mag" | grep -ve '^Documentation.*magic-number.rst:' \ -qe ':#define '"$mag" || git grep -wF "$mag" | while IFS=: read -r f _; do sed -i '/\b'"$mag"'\b/d' "$f"; done ; done Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/9cbea062df7125ef43e2e0b2a67ede6ad1c5f27e.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
наб authored
The entire file blames back to the start of git (minus whitespace from the RST translation and a typo fix): * there are changelog comments for March 1994 through to Linux 2.5.74 * struct tty_ldisc is two pointers nowadays, so naturally no magic * GDA_MAGIC is defined but unused, and it's been this way since start-of-git * M3_CARD_MAGIC isn't defined, because commit d56b9b9c ("[PATCH] The scheduled removal of some OSS drivers") removed the entire driver in 2006 * CS_CARD_MAGIC likewise since commit b5d425c9 ("more scheduled OSS driver removal") in 2007 * KMALLOC_MAGIC and VMALLOC_MAGIC were removed in commit e38e0cfa ("[ALSA] Remove kmalloc wrappers"), six months after start of git * SLAB_C_MAGIC has never even appeared in git (removed in 2.4.0-test3pre6) magic-number.rst is a low-value historial relic at best and misleading cruft at worst, so start with cleaning out ones that only appear therein Automated: grep MAGIC Documentation/process/magic-number.rst | while read -r mag _; do git grep -wF "$mag" | grep -vq '^Documentation.*magic-number.rst:' || sed -i "/^$mag/d" \ Documentation/{,translations/{zh_CN,zh_TW,it_IT}/}process/magic-number.rst done Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://lore.kernel.org/r/8389a7b85b5c660c6891b1740b5dacc53491a41b.1663280877.git.nabijaczleweli@nabijaczleweli.xyzSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Mukesh Ojha authored
In following scenario(diagram), when one thread X running dev_coredumpm() adds devcd device to the framework which sends uevent notification to userspace and another thread Y reads this uevent and call to devcd_data_write() which eventually try to delete the queued timer that is not initialized/queued yet. So, debug object reports some warning and in the meantime, timer is initialized and queued from X path. and from Y path, it gets reinitialized again and timer->entry.pprev=NULL and try_to_grab_pending() stucks. To fix this, introduce mutex and a boolean flag to serialize the behaviour. cpu0(X) cpu1(Y) dev_coredump() uevent sent to user space device_add() ======================> user space process Y reads the uevents writes to devcd fd which results into writes to devcd_data_write() mod_delayed_work() try_to_grab_pending() del_timer() debug_assert_init() INIT_DELAYED_WORK() schedule_delayed_work() debug_object_fixup() timer_fixup_assert_init() timer_setup() do_init_timer() /* Above call reinitializes the timer to timer->entry.pprev=NULL and this will be checked later in timer_pending() call. */ timer_pending() !hlist_unhashed_lockless(&timer->entry) !h->pprev /* del_timer() checks h->pprev and finds it to be NULL due to which try_to_grab_pending() stucks. */ Link: https://lore.kernel.org/lkml/2e1f81e2-428c-f11f-ce92-eb11048cb271@quicinc.com/Signed-off-by: Mukesh Ojha <quic_mojha@quicinc.com> Link: https://lore.kernel.org/r/1663073424-13663-1-git-send-email-quic_mojha@quicinc.comSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Brian Norris authored
Users may have explicitly configured their debugfs permissions; we shouldn't overwrite those just because a second mount appeared. Only clobber if the options were provided at mount time. Existing behavior: ## Pre-existing status: debugfs is 0755. # chmod 755 /sys/kernel/debug/ # stat -c '%A' /sys/kernel/debug/ drwxr-xr-x ## New mount sets kernel-default permissions: # mount -t debugfs none /mnt/foo # stat -c '%A' /mnt/foo drwx------ ## Unexpected: the original mount changed permissions: # stat -c '%A' /sys/kernel/debug drwx------ New behavior: ## Pre-existing status: debugfs is 0755. # chmod 755 /sys/kernel/debug/ # stat -c '%A' /sys/kernel/debug/ drwxr-xr-x ## New mount inherits existing permissions: # mount -t debugfs none /mnt/foo # stat -c '%A' /mnt/foo drwxr-xr-x ## Expected: old mount is unchanged: # stat -c '%A' /sys/kernel/debug drwxr-xr-x Full test cases are being submitted to LTP. Signed-off-by: Brian Norris <briannorris@chromium.org> Link: https://lore.kernel.org/r/20220912163042.v3.1.Icbd40fce59f55ad74b80e5d435ea233579348a78@changeidSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Christian A. Ehrhardt authored
Syzkaller managed to trigger concurrent calls to kernfs_remove_by_name_ns() for the same file resulting in a KASAN detected use-after-free. The race occurs when the root node is freed during kernfs_drain(). To prevent this acquire an additional reference for the root of the tree that is removed before calling __kernfs_remove(). Found by syzkaller with the following reproducer (slab_nomerge is required): syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x100000, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) close(r0) pipe2(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x408, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_loose}, {@mmap}, {@loose}, {@loose}, {@mmap}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@fsmagic={'fsmagic', 0x3d, 0x10001}}, {@dont_hash}]}}) Sample report: ================================================================== BUG: KASAN: use-after-free in kernfs_type include/linux/kernfs.h:335 [inline] BUG: KASAN: use-after-free in kernfs_leftmost_descendant fs/kernfs/dir.c:1261 [inline] BUG: KASAN: use-after-free in __kernfs_remove.part.0+0x843/0x960 fs/kernfs/dir.c:1369 Read of size 2 at addr ffff8880088807f0 by task syz-executor.2/857 CPU: 0 PID: 857 Comm: syz-executor.2 Not tainted 6.0.0-rc3-00363-g7726d4c3 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x6e/0x91 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:317 [inline] print_report.cold+0x5e/0x5e5 mm/kasan/report.c:433 kasan_report+0xa3/0x130 mm/kasan/report.c:495 kernfs_type include/linux/kernfs.h:335 [inline] kernfs_leftmost_descendant fs/kernfs/dir.c:1261 [inline] __kernfs_remove.part.0+0x843/0x960 fs/kernfs/dir.c:1369 __kernfs_remove fs/kernfs/dir.c:1356 [inline] kernfs_remove_by_name_ns+0x108/0x190 fs/kernfs/dir.c:1589 sysfs_slab_add+0x133/0x1e0 mm/slub.c:5943 __kmem_cache_create+0x3e0/0x550 mm/slub.c:4899 create_cache mm/slab_common.c:229 [inline] kmem_cache_create_usercopy+0x167/0x2a0 mm/slab_common.c:335 p9_client_create+0xd4d/0x1190 net/9p/client.c:993 v9fs_session_init+0x1e6/0x13c0 fs/9p/v9fs.c:408 v9fs_mount+0xb9/0xbd0 fs/9p/vfs_super.c:126 legacy_get_tree+0xf1/0x200 fs/fs_context.c:610 vfs_get_tree+0x85/0x2e0 fs/super.c:1530 do_new_mount fs/namespace.c:3040 [inline] path_mount+0x675/0x1d00 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __x64_sys_mount+0x282/0x300 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f725f983aed Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f725f0f7028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f725faa3f80 RCX: 00007f725f983aed RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 RBP: 00007f725f9f419c R08: 0000000020000280 R09: 0000000000000000 R10: 0000000000000408 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000006 R14: 00007f725faa3f80 R15: 00007f725f0d7000 </TASK> Allocated by task 855: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:437 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:470 kasan_slab_alloc include/linux/kasan.h:224 [inline] slab_post_alloc_hook mm/slab.h:727 [inline] slab_alloc_node mm/slub.c:3243 [inline] slab_alloc mm/slub.c:3251 [inline] __kmem_cache_alloc_lru mm/slub.c:3258 [inline] kmem_cache_alloc+0xbf/0x200 mm/slub.c:3268 kmem_cache_zalloc include/linux/slab.h:723 [inline] __kernfs_new_node+0xd4/0x680 fs/kernfs/dir.c:593 kernfs_new_node fs/kernfs/dir.c:655 [inline] kernfs_create_dir_ns+0x9c/0x220 fs/kernfs/dir.c:1010 sysfs_create_dir_ns+0x127/0x290 fs/sysfs/dir.c:59 create_dir lib/kobject.c:63 [inline] kobject_add_internal+0x24a/0x8d0 lib/kobject.c:223 kobject_add_varg lib/kobject.c:358 [inline] kobject_init_and_add+0x101/0x160 lib/kobject.c:441 sysfs_slab_add+0x156/0x1e0 mm/slub.c:5954 __kmem_cache_create+0x3e0/0x550 mm/slub.c:4899 create_cache mm/slab_common.c:229 [inline] kmem_cache_create_usercopy+0x167/0x2a0 mm/slab_common.c:335 p9_client_create+0xd4d/0x1190 net/9p/client.c:993 v9fs_session_init+0x1e6/0x13c0 fs/9p/v9fs.c:408 v9fs_mount+0xb9/0xbd0 fs/9p/vfs_super.c:126 legacy_get_tree+0xf1/0x200 fs/fs_context.c:610 vfs_get_tree+0x85/0x2e0 fs/super.c:1530 do_new_mount fs/namespace.c:3040 [inline] path_mount+0x675/0x1d00 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __x64_sys_mount+0x282/0x300 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 857: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:367 [inline] ____kasan_slab_free mm/kasan/common.c:329 [inline] __kasan_slab_free+0x108/0x190 mm/kasan/common.c:375 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1754 [inline] slab_free_freelist_hook mm/slub.c:1780 [inline] slab_free mm/slub.c:3534 [inline] kmem_cache_free+0x9c/0x340 mm/slub.c:3551 kernfs_put.part.0+0x2b2/0x520 fs/kernfs/dir.c:547 kernfs_put+0x42/0x50 fs/kernfs/dir.c:521 __kernfs_remove.part.0+0x72d/0x960 fs/kernfs/dir.c:1407 __kernfs_remove fs/kernfs/dir.c:1356 [inline] kernfs_remove_by_name_ns+0x108/0x190 fs/kernfs/dir.c:1589 sysfs_slab_add+0x133/0x1e0 mm/slub.c:5943 __kmem_cache_create+0x3e0/0x550 mm/slub.c:4899 create_cache mm/slab_common.c:229 [inline] kmem_cache_create_usercopy+0x167/0x2a0 mm/slab_common.c:335 p9_client_create+0xd4d/0x1190 net/9p/client.c:993 v9fs_session_init+0x1e6/0x13c0 fs/9p/v9fs.c:408 v9fs_mount+0xb9/0xbd0 fs/9p/vfs_super.c:126 legacy_get_tree+0xf1/0x200 fs/fs_context.c:610 vfs_get_tree+0x85/0x2e0 fs/super.c:1530 do_new_mount fs/namespace.c:3040 [inline] path_mount+0x675/0x1d00 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __x64_sys_mount+0x282/0x300 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd The buggy address belongs to the object at ffff888008880780 which belongs to the cache kernfs_node_cache of size 128 The buggy address is located 112 bytes inside of 128-byte region [ffff888008880780, ffff888008880800) The buggy address belongs to the physical page: page:00000000732833f8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8880 flags: 0x100000000000200(slab|node=0|zone=1) raw: 0100000000000200 0000000000000000 dead000000000122 ffff888001147280 raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888008880680: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb ffff888008880700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc >ffff888008880780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888008880800: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb ffff888008880880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ================================================================== Acked-by: Tejun Heo <tj@kernel.org> Cc: stable <stable@kernel.org> # -rc3 Signed-off-by: Christian A. Ehrhardt <lk@c--e.de> Link: https://lore.kernel.org/r/20220913121723.691454-1-lk@c--e.deSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Greg Kroah-Hartman authored
Merge 1707c39a ("Merge tag 'driver-core-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core") driver-core-next This merges the driver core changes in 6.0-rc7 into driver-core-next as they are needed here as well for testing. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 23 Sep, 2022 12 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-coreLinus Torvalds authored
Pull driver core fixes from Greg KH: "Here are two tiny driver core fixes for 6.0-rc7 that resolve some oft-reported problems. The first is a revert of the "fw_devlink.strict=1" default option that we keep trying to enable, but we keep finding platforms that this just breaks everything on. So again, we need it reverted and hopefully it can be worked on in future releases. The second is a sysfs file-size bugfix that resolves an issue that many people are starting to hit as the fix it is fixing also was backported to stable kernels. The util-linux developers are starting to get bugreports about sysfs files that contain no data because of this problem, and this fix which has been in linux-next in the bitfield tree for a long time, resolves it. I'm submitting it here as it needs to be merged for 6.0-final, not for 6.1-rc1. Both of these have been in linux-next with no reported issues, only reports were that these fixed problems" * tag 'driver-core-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES Revert "driver core: Set fw_devlink.strict=1 by default"
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbLinus Torvalds authored
Pull USB / Thunderbolt driver fixes and ids from Greg KH: "Here are a few small USB and Thunderbolt driver fixes and new device ids for 6.0-rc7. They contain: - new usb-serial driver ids - documentation build warning fix in USB hub code - flexcop-usb long-posted bugfix (the v4l maintainer for this is MIA so I have finally picked this up as it is a fix for a reported problem.) - dwc3 64bit DMA bugfix - new thunderbolt device ids - typec build error fix All of these have been in linux-next with no reported issues" * tag 'usb-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: usb: typec: anx7411: Fix build error without CONFIG_POWER_SUPPLY media: flexcop-usb: fix endpoint type check USB: serial: option: add Quectel RM520N USB: serial: option: add Quectel BG95 0x0203 composition thunderbolt: Add support for Intel Maple Ridge single port controller usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA USB: core: Fix RST error in hub.c
-
git://git.kernel.org/pub/scm/linux/kernel/git/mic/linuxLinus Torvalds authored
Pull landlock fix from Mickaël Salaün: "Fix out-of-tree builds for Landlock tests" * tag 'landlock-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux: selftests/landlock: Fix out-of-tree builds
-
git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linuxLinus Torvalds authored
Pull RISC-V fixes from Palmer Dabbelt: - A handful of build fixes for the T-Head errata, including some functional issues the compilers found - A fix for a nasty sigreturn bug * tag 'riscv-for-linus-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: RISC-V: Avoid coupling the T-Head CMOs and Zicbom riscv: fix a nasty sigreturn bug... riscv: make t-head erratas depend on MMU riscv: fix RISCV_ISA_SVPBMT kconfig dependency warning RISC-V: Clean up the Zicbom block size probing
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
Pull kvm fixes from Paolo Bonzini: "As everyone back came back from conferences, here are the pending patches for Linux 6.0. ARM: - Fix for kmemleak with pKVM s390: - Fixes for VFIO with zPCI - smatch fix x86: - Ensure XSAVE-capable hosts always allow FP and SSE state to be saved and restored via KVM_{GET,SET}_XSAVE - Fix broken max_mmu_rmap_size stat - Fix compile error with old glibc that doesn't have gettid()" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES KVM: x86: Reinstate kvm_vcpu_arch.guest_supported_xcr0 KVM: x86/mmu: add missing update to max_mmu_rmap_size selftests: kvm: Fix a compile error in selftests/kvm/rseq_test.c KVM: s390: pci: register pci hooks without interpretation KVM: s390: pci: fix GAIT physical vs virtual pointers usage KVM: s390: Pass initialized arg even if unused KVM: s390: pci: fix plain integer as NULL pointer warnings KVM: arm64: Use kmemleak_free_part_phys() to unregister hyp_mem_base
-
git://git.kernel.org/pub/scm/linux/kernel/git/xen/tipLinus Torvalds authored
Pull xen fix from Juergen Gross: "A single fix for an issue in the xenbus driver (initialization of multi-page rings for Xen PV devices)" * tag 'for-linus-6.0-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/xenbus: fix xenbus_setup_ring()
-
git://anongit.freedesktop.org/drm/drmLinus Torvalds authored
Pull drm fixes from Dave Airlie: "Regular fixes for the week, i915, mediatek, hisilicon, mgag200 and panel have some small fixes. amdgpu has more stack size fixes for clang build, and fixes for new IPs, but all with low regression chances since they are for stuff new in v6.0. i915: - avoid a general protection failure when using perf/OA - avoid kernel warnings on driver release amdgpu: - SDMA 6.x fix - GPUVM TF fix - DCN 3.2.x fixes - DCN 3.1.x fixes - SMU 13.x fixes - Clang stack size fixes for recently enabled DML code - Fix drm dirty callback change on non-atomic cases - USB4 display fix mediatek: - dsi: Add atomic {destroy,duplicate}_state, reset callbacks - dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() - Fix wrong dither settings hisilicon: - Depend on MMU mgag200: - Fix console on G200ER panel: - Fix innolux_g121i1_l01 bus format" * tag 'drm-fixes-2022-09-23-1' of git://anongit.freedesktop.org/drm/drm: (30 commits) MAINTAINERS: switch graphics to airlied other addresses drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() drm/amd/display: Reduce number of arguments of dml314's CalculateFlipSchedule() drm/amd/display: Reduce number of arguments of dml314's CalculateWatermarksAndDRAMSpeedChangeSupport() drm/amdgpu: don't register a dirty callback for non-atomic drm/amd/pm: drop the pptable related workarounds for SMU 13.0.0 drm/amd/pm: add support for 3794 pptable for SMU13.0.0 drm/amd/display: correct num_dsc based on HW cap drm/amd/display: Disable OTG WA for the plane_state NULL case on DCN314 drm/amd/display: Add shift and mask for ICH_RESET_AT_END_OF_LINE drm/amd/display: increase dcn315 pstate change latency drm/amd/display: Fix DP MST timeslot issue when fallback happened drm/amd/display: Display distortion after hotplug 5K tiled display drm/amd/display: Update dummy P-state search to use DCN32 DML drm/amd/display: skip audio setup when audio stream is enabled drm/amd/display: update gamut remap if plane has changed drm/amd/display: Assume an LTTPR is always present on fixed_vs links drm/amd/display: fix dcn315 memory channel count and width read drm/amd/display: Fix double cursor on non-video RGB MPO drm/amd/display: Only consider pixle rate div policy for DCN32+ ...
-
Paolo Bonzini authored
Merge tag 'kvm-s390-master-6.0-2' of https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD More pci fixes Fix for a code analyser warning
-
Dave Airlie authored
My linux.ie address is in a bad place. also add dri-devel for agpgart. Signed-off-by: Dave Airlie <airlied@redhat.com>
-
git://anongit.freedesktop.org/drm/drm-miscDave Airlie authored
Short summary of fixes pull * drm/hisilicon: Depend on MMU * drm/mgag200: Fix console on G200ER * drm/panel: Fix innolux_g121i1_l01 bus format Signed-off-by: Dave Airlie <airlied@redhat.com> From: Thomas Zimmermann <tzimmermann@suse.de> Link: https://patchwork.freedesktop.org/patch/msgid/YyxtXS588at6S4wg@linux-uq9g
-
Dave Airlie authored
Merge tag 'mediatek-drm-fixes-6.0' of https://git.kernel.org/pub/scm/linux/kernel/git/chunkuang.hu/linux into drm-fixes Mediatek DRM Fixes for Linux 6.0 1. dsi: Add atomic {destroy,duplicate}_state, reset callbacks 2. drm/mediatek: Fix wrong dither settings 3. dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() Signed-off-by: Dave Airlie <airlied@redhat.com> From: Chun-Kuang Hu <chunkuang.hu@kernel.org> Link: https://patchwork.freedesktop.org/patch/msgid/20220921235624.23580-1-chunkuang.hu@kernel.org
-
Dave Airlie authored
Merge tag 'amd-drm-fixes-6.0-2022-09-21' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes amd-drm-fixes-6.0-2022-09-21: amdgpu: - SDMA 6.x fix - GPUVM TF fix - DCN 3.2.x fixes - DCN 3.1.x fixes - SMU 13.x fixes - Clang stack size fixes for recently enabled DML code - Fix drm dirty callback change on non-atomic cases - USB4 display fix Signed-off-by: Dave Airlie <airlied@redhat.com> From: Alex Deucher <alexander.deucher@amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20220921220605.6136-1-alexander.deucher@amd.com
-
- 22 Sep, 2022 6 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsiLinus Torvalds authored
Pull SCSI fixes from James Bottomley: "Three small and pretty obvious fixes, all in drivers" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: mpt3sas: Fix return value check of dma_get_required_mask() scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() scsi: qedf: Fix a UAF bug in __qedf_probe()
-
git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slabLinus Torvalds authored
Pull slab fixes from Vlastimil Babka: - Fix a possible use-after-free in SLUB's kmem_cache removal, introduced in this cycle, by Feng Tang. - WQ_MEM_RECLAIM dependency fix for the workqueue-based cpu slab flushing introduced in 5.15, by Maurizio Lombardi. - Add missing KASAN hooks in two kmalloc entry paths, by Peter Collingbourne. - A BUG_ON() removal in SLUB's kmem_cache creation when allocation fails (too small to possibly happen in practice, syzbot used fault injection), by Chao Yu. * tag 'slab-for-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. mm/slab_common: fix possible double free of kmem_cache kasan: call kasan_malloc() from __kmalloc_*track_caller() mm/slub: fix to return errno if kmalloc() fails
-
Sean Christopherson authored
Inject #UD when emulating XSETBV if CR4.OSXSAVE is not set. This also covers the "XSAVE not supported" check, as setting CR4.OSXSAVE=1 #GPs if XSAVE is not supported (and userspace gets to keep the pieces if it forces incoherent vCPU state). Add a comment to kvm_emulate_xsetbv() to call out that the CPU checks CR4.OSXSAVE before checking for intercepts. AMD'S APM implies that #UD has priority (says that intercepts are checked before #GP exceptions), while Intel's SDM says nothing about interception priority. However, testing on hardware shows that both AMD and Intel CPUs prioritize the #UD over interception. Fixes: 02d4160f ("x86: KVM: add xsetbv to the emulator") Cc: stable@vger.kernel.org Cc: Vitaly Kuznetsov <vkuznets@redhat.com> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20220824033057.3576315-4-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Dr. David Alan Gilbert authored
Allow FP and SSE state to be saved and restored via KVM_{G,SET}_XSAVE on XSAVE-capable hosts even if their bits are not exposed to the guest via XCR0. Failing to allow FP+SSE first showed up as a QEMU live migration failure, where migrating a VM from a pre-XSAVE host, e.g. Nehalem, to an XSAVE host failed due to KVM rejecting KVM_SET_XSAVE. However, the bug also causes problems even when migrating between XSAVE-capable hosts as KVM_GET_SAVE won't set any bits in user_xfeatures if XSAVE isn't exposed to the guest, i.e. KVM will fail to actually migrate FP+SSE. Because KVM_{G,S}ET_XSAVE are designed to allowing migrating between hosts with and without XSAVE, KVM_GET_XSAVE on a non-XSAVE (by way of fpu_copy_guest_fpstate_to_uabi()) always sets the FP+SSE bits in the header so that KVM_SET_XSAVE will work even if the new host supports XSAVE. Fixes: ad856280 ("x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0") bz: https://bugzilla.redhat.com/show_bug.cgi?id=2079311 Cc: stable@vger.kernel.org Cc: Leonardo Bras <leobras@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> [sean: add comment, massage changelog] Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20220824033057.3576315-3-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Sean Christopherson authored
Reinstate the per-vCPU guest_supported_xcr0 by partially reverting commit 988896bb; the implicit assessment that guest_supported_xcr0 is always the same as guest_fpu.fpstate->user_xfeatures was incorrect. kvm_vcpu_after_set_cpuid() isn't the only place that sets user_xfeatures, as user_xfeatures is set to fpu_user_cfg.default_features when guest_fpu is allocated via fpu_alloc_guest_fpstate() => __fpstate_reset(). guest_supported_xcr0 on the other hand is zero-allocated. If userspace never invokes KVM_SET_CPUID2, supported XCR0 will be '0', whereas the allowed user XFEATURES will be non-zero. Practically speaking, the edge case likely doesn't matter as no sane userspace will live migrate a VM without ever doing KVM_SET_CPUID2. The primary motivation is to prepare for KVM intentionally and explicitly setting bits in user_xfeatures that are not set in guest_supported_xcr0. Because KVM_{G,S}ET_XSAVE can be used to svae/restore FP+SSE state even if the host doesn't support XSAVE, KVM needs to set the FP+SSE bits in user_xfeatures even if they're not allowed in XCR0, e.g. because XCR0 isn't exposed to the guest. At that point, the simplest fix is to track the two things separately (allowed save/restore vs. allowed XCR0). Fixes: 988896bb ("x86/kvm/fpu: Remove kvm_vcpu_arch.guest_supported_xcr0") Cc: stable@vger.kernel.org Cc: Leonardo Bras <leobras@redhat.com> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20220824033057.3576315-2-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Miaohe Lin authored
The update to statistic max_mmu_rmap_size is unintentionally removed by commit 4293ddb7 ("KVM: x86/mmu: Remove redundant spte present check in mmu_set_spte"). Add missing update to it or max_mmu_rmap_size will always be nonsensical 0. Fixes: 4293ddb7 ("KVM: x86/mmu: Remove redundant spte present check in mmu_set_spte") Signed-off-by: Miaohe Lin <linmiaohe@huawei.com> Message-Id: <20220907080657.42898-1-linmiaohe@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-