- 20 Jun, 2022 1 commit
-
-
Greg Kroah-Hartman authored
Merge tag 'iio-fixes-for-5.19a' of https://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into char-misc-next Jonathan writes: 1st set of IIO fixes for the 5.19 cycle. Most of these have been in next for a long time. Unfortunately there was one stray patch in the branch (wasn't a fix), so I've just rebased to remove that. * testing - Fix a missing MODULE_LICENSE() warning by restricting possible build configs. * Various drivers - Fix ordering of iio_get_trigger() being called before iio_trigger_register() * adi,admv1014 - Fix dubious x & !y warning. * adi,axi-adc - Fix missing of_node_put() in error and normal paths. * aspeed,adc - Add missing of_node_put() * fsl,mma8452 - Fix broken probing from device tree. - Drop check on return value of i2c write to device to cause reset as ACK will be missing (device reset before sending it). * fsl,vf610 - Fix documentation of in_conversion_mode ABI. * iio-trig-sysfs - Ensure irq work has finished before freeing the trigger. * invensense,mpu3050 - Disable regulators in error path. * invensense,icm42600 - Fix collision of enum value of 0 with error path where 0 is no match. * renesas,rzg2l_Adc - Add missing fwnode_handle_put() in error path. * rescale - Fix a boolean logic bug for detection of raw + scale affecting an obscure corner case. * semtech,sx9324 - Check return value of read of pin_defs * st,stm32-adc: - Fix interaction across ADC instances for some supported devices. - Drop false spurious IRQ messages. - Fix calibration value handling. If we can't calibrate don't expose the vref_int channel. - Fix maximum clock rate for stm32pm15x * ti,ads131e08 - Add missing fwnode_handle_put() in error paths. * xilinx,ams - Fix variable checked for error from platform_get_irq() * x-powers,axp288 - Overide TS_PIN bias current for boards where it is not correctly initialized. * yamaha,yas530 - Fix inverted check on calibration data being all zeros. * tag 'iio-fixes-for-5.19a' of https://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio: (26 commits) iio:proximity:sx9324: Check ret value of device_property_read_u32_array() iio: accel: mma8452: ignore the return value of reset operation iio: adc: stm32: fix maximum clock rate for stm32mp15x iio: adc: stm32: fix vrefint wrong calibration value handling iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) iio: adc: vf610: fix conversion mode sysfs node name iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client iio: test: fix missing MODULE_LICENSE for IIO_RESCALE=m iio:humidity:hts221: rearrange iio trigger get and register iio:chemical:ccs811: rearrange iio trigger get and register iio:accel:mxc4005: rearrange iio trigger get and register iio:accel:kxcjk-1013: rearrange iio trigger get and register iio:accel:bma180: rearrange iio trigger get and register iio: afe: rescale: Fix boolean logic bug iio: adc: aspeed: Fix refcount leak in aspeed_adc_set_trim_data iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message iio: adc: stm32: Fix ADCs iteration in irq handler iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() iio: trigger: sysfs: fix use-after-free on remove ...
-
- 19 Jun, 2022 33 commits
-
-
Linus Torvalds authored
-
Aashish Sharma authored
0-day reports: drivers/iio/proximity/sx9324.c:868:3: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores] Put an if condition to break out of switch if ret is non-zero. Signed-off-by:
Aashish Sharma <shraash@google.com> Fixes: a8ee3b32 ("iio:proximity:sx9324: Add dt_binding support") Reported-by:
kernel test robot <lkp@intel.com> [swboyd@chromium.org: Reword commit subject, add fixes tag] Signed-off-by:
Stephen Boyd <swboyd@chromium.org> Reviewed-by:
Gwendal Grignou <gwendal@chromium.org> Link: https://lore.kernel.org/r/20220613232224.2466278-1-swboyd@chromium.org Cc: <Stable@vger.kernel.org> Signed-off-by:
Jonathan Cameron <Jonathan.Cameron@huawei.com>
-
Haibo Chen authored
On fxls8471, after set the reset bit, the device will reset immediately, will not give ACK. So ignore the return value of this reset operation, let the following code logic to check whether the reset operation works. Signed-off-by:
Haibo Chen <haibo.chen@nxp.com> Fixes: ecabae71 ("iio: mma8452: Initialise before activating") Reviewed-by:
Hans de Goede <hdegoede@redhat.com> Link: https://lore.kernel.org/r/1655292718-14287-1-git-send-email-haibo.chen@nxp.com Cc: <Stable@vger.kernel.org> Signed-off-by:
-
Olivier Moysan authored
Change maximum STM32 ADC input clock rate to 36MHz, as specified in STM32MP15x datasheets. Fixes: d58c67d1 ("iio: adc: stm32-adc: add support for STM32MP1") Signed-off-by:
Olivier Moysan <olivier.moysan@foss.st.com> Reviewed-by:
Fabrice Gasnier <fabrice.gasnier@foss.st.com> Link: https://lore.kernel.org/r/20220609095234.375925-1-olivier.moysan@foss.st.com Cc: <Stable@vger.kernel.org> Signed-off-by:
-
Olivier Moysan authored
If the vrefint calibration is zero, the vrefint channel output value cannot be computed. Currently, in such case, the raw conversion value is returned, which is not relevant. Do not expose the vrefint channel when the output value cannot be computed, instead. Fixes: 0e346b2c ("iio: adc: stm32-adc: add vrefint calibration support") Signed-off-by:
-
Jean-Baptiste Maneyrol authored
The 0 value used for INV_CHIP_ICM42600 was not working since the match in i2c/spi was checking against NULL value. To keep this check, add a first INV_CHIP_INVALID 0 value as safe guard. Fixes: 31c24c1e ("iio: imu: inv_icm42600: add core of new inv_icm42600 driver") Signed-off-by:
Jean-Baptiste Maneyrol <jean-baptiste.maneyrol@tdk.com> Link: https://lore.kernel.org/r/20220609102301.4794-1-jmaneyrol@invensense.com Cc: <Stable@vger.kernel.org> Signed-off-by:
-
Baruch Siach authored
The documentation missed the "in_" prefix for this IIO_SHARED_BY_DIR entry. Fixes: bf04c1a3 ("iio: adc: vf610: implement configurable conversion modes") Signed-off-by:
Baruch Siach <baruch@tkos.co.il> Acked-by:
-
Miaoqian Lin authored
of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. Fixes: ef040706 ("iio: adc: adi-axi-adc: add support for AXI ADC IP core") Signed-off-by:
Miaoqian Lin <linmq006@gmail.com> Link: https://lore.kernel.org/r/20220524074517.45268-1-linmq006@gmail.com Cc: <Stable@vger.kernel.org> Signed-off-by:
-
Liam Beguin authored
When IIO_RESCALE_KUNIT_TEST=y and IIO_RESCALE=m, drivers/iio/afe/iio-rescale.o is built twice causing the MODULE_LICENSE() to be lost, as shown by: ERROR: modpost: missing MODULE_LICENSE() in drivers/iio/afe/iio-rescale.o Rework the build configuration to have the dependency specified in the Kconfig. Reported-by:
Randy Dunlap <rdunlap@infradead.org> Fixes: 8e74a48d ("iio: test: add basic tests for the iio-rescale driver") Signed-off-by:
Liam Beguin <liambeguin@gmail.com> Acked-by:
Masahiro Yamada <masahiroy@kernel.org> Link: https://lore.kernel.org/r/20220601142138.3331278-1-liambeguin@gmail.com Cc: <Stable@vger.kernel.org> Signed-off-by:
-
Dmitry Rokosov authored
IIO trigger interface function iio_trigger_get() should be called after iio_trigger_register() (or its devm analogue) strictly, because of iio_trigger_get() acquires module refcnt based on the trigger->owner pointer, which is initialized inside iio_trigger_register() to THIS_MODULE. If this call order is wrong, the next iio_trigger_put() (from sysfs callback or "delete module" path) will dereference "default" module refcnt, which is incorrect behaviour. Fixes: e4a70e3e ("iio: humidity: add support to hts221 rh/temp combo device") Signed-off-by:
Dmitry Rokosov <ddrokosov@sberdevices.ru> Reviewed-by:
Andy Shevchenko <andy.shevchenko@gmail.com> Link: https://lore.kernel.org/r/20220524181150.9240-6-ddrokosov@sberdevices.ru Cc: <Stable@vger.kernel.org> Signed-off-by:
-
Dmitry Rokosov authored
IIO trigger interface function iio_trigger_get() should be called after iio_trigger_register() (or its devm analogue) strictly, because of iio_trigger_get() acquires module refcnt based on the trigger->owner pointer, which is initialized inside iio_trigger_register() to THIS_MODULE. If this call order is wrong, the next iio_trigger_put() (from sysfs callback or "delete module" path) will dereference "default" module refcnt, which is incorrect behaviour. Fixes: f1f065d7 ("iio: chemical: ccs811: Add support for data ready trigger") Signed-off-by:
-
Dmitry Rokosov authored
IIO trigger interface function iio_trigger_get() should be called after iio_trigger_register() (or its devm analogue) strictly, because of iio_trigger_get() acquires module refcnt based on the trigger->owner pointer, which is initialized inside iio_trigger_register() to THIS_MODULE. If this call order is wrong, the next iio_trigger_put() (from sysfs callback or "delete module" path) will dereference "default" module refcnt, which is incorrect behaviour. Fixes: 47196620 ("iio: mxc4005: add data ready trigger for mxc4005") Signed-off-by:
-
Dmitry Rokosov authored
IIO trigger interface function iio_trigger_get() should be called after iio_trigger_register() (or its devm analogue) strictly, because of iio_trigger_get() acquires module refcnt based on the trigger->owner pointer, which is initialized inside iio_trigger_register() to THIS_MODULE. If this call order is wrong, the next iio_trigger_put() (from sysfs callback or "delete module" path) will dereference "default" module refcnt, which is incorrect behaviour. Fixes: c1288b83 ("iio: accel: kxcjk-1013: Increment ref counter for indio_dev->trig") Signed-off-by:
-
Dmitry Rokosov authored
IIO trigger interface function iio_trigger_get() should be called after iio_trigger_register() (or its devm analogue) strictly, because of iio_trigger_get() acquires module refcnt based on the trigger->owner pointer, which is initialized inside iio_trigger_register() to THIS_MODULE. If this call order is wrong, the next iio_trigger_put() (from sysfs callback or "delete module" path) will dereference "default" module refcnt, which is incorrect behaviour. Fixes: 0668a4e4 ("iio: accel: bma180: Fix indio_dev->trig assignment") Signed-off-by:
-
Linus Walleij authored
When introducing support for processed channels I needed to invert the expression: if (!iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) || !iio_channel_has_info(schan, IIO_CHAN_INFO_SCALE)) dev_err(dev, "source channel does not support raw/scale\n"); To the inverse, meaning detect when we can usse raw+scale rather than when we can not. This was the result: if (iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) || iio_channel_has_info(schan, IIO_CHAN_INFO_SCALE)) dev_info(dev, "using raw+scale source channel\n"); Ooops. Spot the error. Yep old George Boole came up and bit me. That should be an &&. The current code "mostly works" because we have not run into systems supporting only raw but not scale or only scale but not raw, and I doubt there are few using the rescaler on anything such, but let's fix the logic. Cc: Liam Beguin <liambeguin@gmail.com> Cc: stable@vger.kernel.org Fixes: 53ebee94 ("iio: afe: iio-rescale: Support processed channels") Signed-off-by:Linus Walleij <linus.walleij@linaro.org> Reviewed-by:
Peter Rosin <peda@axentia.se> Link: https://lore.kernel.org/r/20220524075448.140238-1-linus.walleij@linaro.orgSigned-off-by:
-
Miaoqian Lin authored
of_find_node_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. Fixes: d0a4c17b ("iio: adc: aspeed: Get and set trimming data.") Signed-off-by:
-
Yannick Brosseau authored
The check for spurious IRQs introduced in 695e2f5c assumed that the bits in the control and status registers are aligned. This is true for the H7 and MP1 version, but not the F4. The interrupt was then never handled on the F4. Instead of increasing the complexity of the comparison and check each bit specifically, we remove this check completely and rely on the generic handler for spurious IRQs. Fixes: 695e2f5c ("iio: adc: stm32-adc: fix a regression when using dma and irq") Signed-off-by:
Yannick Brosseau <yannick.brosseau@gmail.com> Reviewed-by:
-
Yannick Brosseau authored
The irq handler was only checking the mask for the first ADCs in the case of the F4 and H7 generation, since it was iterating up to the num_irq value. This patch add the maximum number of ADC in the common register, which map to the number of entries of eoc_msk and ovr_msk in stm32_adc_common_regs. This allow the handler to check all ADCs in that module. Tested on a STM32F429NIH6. Fixes: 695e2f5c ("iio: adc: stm32-adc: fix a regression when using dma and irq") Signed-off-by:
-
Jialin Zhang authored
fwnode_handle_put() should be used when terminating device_for_each_child_node() iteration with break or return to prevent stale device node references from being left behind. Fixes: d935eddd ("iio: adc: Add driver for Texas Instruments ADS131E0x ADC family") Reported-by:
Hulk Robot <hulkci@huawei.com> Signed-off-by:
Jialin Zhang <zhangjialin11@huawei.com> Link: https://lore.kernel.org/r/20220517033020.2033324-1-zhangjialin11@huawei.com Cc: <Stable@vger.kernel.org> Signed-off-by:
-
Jialin Zhang authored
fwnode_handle_put() should be used when terminating device_for_each_child_node() iteration with break or return to prevent stale device node references from being left behind. Fixes: d484c21b ("iio: adc: Add driver for Renesas RZ/G2L A/D converter") Reported-by:
Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> Reviewed-by:
Geert Uytterhoeven <geert+renesas@glider.be> Link: https://lore.kernel.org/r/20220517033526.2035735-1-zhangjialin11@huawei.com Cc: <Stable@vger.kernel.org> Signed-off-by:
-
Vincent Whitchurch authored
Ensure that the irq_work has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irq_work_run_list Read of size 8 at addr 0000000064702248 by task python3/25 Call Trace: irq_work_run_list irq_work_tick update_process_times tick_sched_handle tick_sched_timer __hrtimer_run_queues hrtimer_interrupt Allocated by task 25: kmem_cache_alloc_trace iio_sysfs_trig_add dev_attr_store sysfs_kf_write kernfs_fop_write_iter new_sync_write vfs_write ksys_write sys_write Freed by task 25: kfree iio_sysfs_trig_remove dev_attr_store sysfs_kf_write kernfs_fop_write_iter new_sync_write vfs_write ksys_write sys_write ================================================================== Fixes: f38bc926 ("staging:iio:sysfs-trigger: Use irq_work to properly active trigger") Signed-off-by:
Vincent Whitchurch <vincent.whitchurch@axis.com> Reviewed-by:
Lars-Peter Clausen <lars@metafoo.de> Link: https://lore.kernel.org/r/20220519091925.1053897-1-vincent.whitchurch@axis.com Cc: <Stable@vger.kernel.org> Signed-off-by:
-
Zheyu Ma authored
The driver should disable regulators when fails at regmap_update_bits(). Signed-off-by:
Zheyu Ma <zheyuma97@gmail.com> Reviewed-by:
-
Antoniu Miclaus authored
The warning comes from __BF_FIELD_CHECK() specifically BUILD_BUG_ON_MSG(__builtin_constant_p(_val) ? \ ~((_mask) >> __bf_shf(_mask)) & (_val) : 0, \ _pfx "value too large for the field"); \ The code was using !(enum value) which is not particularly easy to follow so replace that with explicit matching and use of ? 0 : 1; or ? 1 : 0; to improve readability. Signed-off-by:
Antoniu Miclaus <antoniu.miclaus@analog.com> Link: https://lore.kernel.org/r/20220511090006.90502-1-antoniu.miclaus@analog.comSigned-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 fixes from Thomas Gleixner: - Make RESERVE_BRK() work again with older binutils. The recent 'simplification' broke that. - Make early #VE handling increment RIP when successful. - Make the #VE code consistent vs. the RIP adjustments and add comments. - Handle load_unaligned_zeropad() across page boundaries correctly in #VE when the second page is shared. * tag 'x86-urgent-2022-06-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/tdx: Handle load_unaligned_zeropad() page-cross to a shared page x86/tdx: Clarify RIP adjustments in #VE handler x86/tdx: Fix early #VE handling x86/mm: Fix RESERVE_BRK() for older binutils
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull build tooling updates from Thomas Gleixner: - Remove obsolete CONFIG_X86_SMAP reference from objtool - Fix overlapping text section failures in faddr2line for real - Remove OBJECT_FILES_NON_STANDARD usage from x86 ftrace and replace it with finegrained annotations so objtool can validate that code correctly. * tag 'objtool-urgent-2022-06-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/ftrace: Remove OBJECT_FILES_NON_STANDARD usage faddr2line: Fix overlapping text section failures, the sequel objtool: Fix obsolete reference to CONFIG_X86_SMAP
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull scheduler fix from Thomas Gleixner: "A single scheduler fix plugging a race between sched_setscheduler() and balance_push(). sched_setscheduler() spliced the balance callbacks accross a lock break which makes it possible for an interleaving schedule() to observe an empty list" * tag 'sched-urgent-2022-06-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched: Fix balance_push() vs __sched_setscheduler()
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull lockdep fix from Thomas Gleixner: "A RT fix for lockdep. lockdep invokes prandom_u32() to create cookies. This worked until prandom_u32() was switched to the real random generator, which takes a spinlock for extraction, which does not work on RT when invoked from atomic contexts. lockdep has no requirement for real random numbers and it turns out sched_clock() is good enough to create the cookie. That works everywhere and is faster" * tag 'locking-urgent-2022-06-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/lockdep: Use sched_clock() for random numbers
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull irq fixes from Thomas Gleixner: "A set of interrupt subsystem updates: Core: - Ensure runtime power management for chained interrupts Drivers: - A collection of OF node refcount fixes - Unbreak MIPS uniprocessor builds - Fix xilinx interrupt controller Kconfig dependencies - Add a missing compatible string to the Uniphier driver" * tag 'irq-urgent-2022-06-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/loongson-liointc: Use architecture register to get coreid irqchip/uniphier-aidet: Add compatible string for NX1 SoC dt-bindings: interrupt-controller/uniphier-aidet: Add bindings for NX1 SoC irqchip/realtek-rtl: Fix refcount leak in map_interrupts irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions irqchip/apple-aic: Fix refcount leak in aic_of_ic_init irqchip/apple-aic: Fix refcount leak in build_fiq_affinity irqchip/gic/realview: Fix refcount leak in realview_gic_of_init irqchip/xilinx: Remove microblaze+zynq dependency genirq: PM: Use runtime PM for chained interrupts
-
Linus Torvalds authored
Merge tag 'char-misc-5.19-rc3-take2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fixes for real from Greg KH: "Let's tag the proper branch this time... Here are some small char/misc driver fixes for 5.19-rc3 that resolve some reported issues. They include: - mei driver fixes - comedi driver fix - rtsx build warning fix - fsl-mc-bus driver fix All of these have been in linux-next for a while with no reported issues" This is what the merge in commit f0ec9c65 _should_ have merged, but Greg fat-fingered the pull request and I got some small changes from linux-next instead there. Credit to Nathan Chancellor for eagle-eyes. Link: https://lore.kernel.org/all/Yqywy+Md2AfGDu8v@dev-arch.thelio-3990X/ * tag 'char-misc-5.19-rc3-take2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() mei: me: add raptor lake point S DID mei: hbm: drop capability response on early shutdown mei: me: set internal pg flag to off on hardware reset misc: rtsx: Fix clang -Wsometimes-uninitialized in rts5261_init_from_hw() comedi: vmk80xx: fix expression for tx buffer size
-
git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linuxLinus Torvalds authored
Pull i2c fixes from Wolfram Sang: "MAINTAINERS rectifications and a few minor driver fixes" * tag 'i2c-for-5.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: mediatek: Fix an error handling path in mtk_i2c_probe() i2c: designware: Use standard optional ref clock implementation MAINTAINERS: core DT include belongs to core MAINTAINERS: add include/dt-bindings/i2c to I2C SUBSYSTEM HOST DRIVERS i2c: npcm7xx: Add check for platform_driver_register MAINTAINERS: Update Synopsys DesignWare I2C to Supported
-
git://git.kernel.org/pub/scm/fs/xfs/xfs-linuxLinus Torvalds authored
Pull xfs fixes from Darrick Wong: "There's not a whole lot this time around (I'm still on vacation) but here are some important fixes for new features merged in -rc1: - Fix a bug where inode flag changes would accidentally drop nrext64 - Fix a race condition when toggling LARP mode" * tag 'xfs-5.19-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: preserve DIFLAG2_NREXT64 when setting other inode attributes xfs: fix variable state usage xfs: fix TOCTOU race involving the new logged xattrs control knob
-
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4Linus Torvalds authored
Pull ext4 fixes from Ted Ts'o: "Fix a variety of bugs, many of which were found by folks using fuzzing or error injection. Also fix up how test_dummy_encryption mount option is handled for the new mount API. Finally, fix/cleanup a number of comments and ext4 Documentation files" * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: fix a doubled word "need" in a comment ext4: add reserved GDT blocks check ext4: make variable "count" signed ext4: correct the judgment of BUG in ext4_mb_normalize_request ext4: fix bug_on ext4_mb_use_inode_pa ext4: fix up test_dummy_encryption handling for new mount API ext4: use kmemdup() to replace kmalloc + memcpy ext4: fix super block checksum incorrect after mount ext4: improve write performance with disabled delalloc ext4: fix warning when submitting superblock in ext4_commit_super() ext4, doc: remove unnecessary escaping ext4: fix incorrect comment in ext4_bio_write_page() fs: fix jbd2_journal_try_to_free_buffers() kernel-doc comment
-
git://git.samba.org/sfrench/cifs-2.6Linus Torvalds authored
Pull cifs client fixes from Steve French: "Two cifs debugging improvements - one found to deal with debugging a multichannel problem and one for a recent fallocate issue This does include the two larger multichannel reconnect (dynamically adjusting interfaces on reconnect) patches, because we recently found an additional problem with multichannel to one server type that I want to include at the same time" * tag '5.19-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: when a channel is not found for server, log its connection id smb3: add trace point for SMB2_set_eof
-
- 18 Jun, 2022 6 commits
-
-
Xiang wangx authored
Signed-off-by:
Xiang wangx <wangxiang@cdjrlc.com> Link: https://lore.kernel.org/r/20220605091503.12513-1-wangxiang@cdjrlc.comSigned-off-by:
Theodore Ts'o <tytso@mit.edu>
-
Zhang Yi authored
We capture a NULL pointer issue when resizing a corrupt ext4 image which is freshly clear resize_inode feature (not run e2fsck). It could be simply reproduced by following steps. The problem is because of the resize_inode feature was cleared, and it will convert the filesystem to meta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was not reduced to zero, so could we mistakenly call reserve_backup_gdb() and passing an uninitialized resize_inode to it when adding new group descriptors. mkfs.ext4 /dev/sda 3G tune2fs -O ^resize_inode /dev/sda #forget to run requested e2fsck mount /dev/sda /mnt resize2fs /dev/sda 8G ======== BUG: kernel NULL pointer dereference, address: 0000000000000028 CPU: 19 PID: 3243 Comm: resize2fs Not tainted 5.18.0-rc7-00001-gfde086c5ebfd #748 ... RIP: 0010:ext4_flex_group_add+0xe08/0x2570 ... Call Trace: <TASK> ext4_resize_fs+0xbec/0x1660 __ext4_ioctl+0x1749/0x24e0 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xa6/0x110 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f2dd739617b ======== The fix is simple, add a check in ext4_resize_begin() to make sure that the es->s_reserved_gdt_blocks is zero when the resize_inode feature is disabled. Cc: stable@kernel.org Signed-off-by:
Zhang Yi <yi.zhang@huawei.com> Reviewed-by:
Ritesh Harjani <ritesh.list@gmail.com> Reviewed-by:
Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20220601092717.763694-1-yi.zhang@huawei.comSigned-off-by:
-
Ding Xiang authored
Since dx_make_map() may return -EFSCORRUPTED now, so change "count" to be a signed integer so we can correctly check for an error code returned by dx_make_map(). Fixes: 46c116b9 ("ext4: verify dir block before splitting it") Cc: stable@kernel.org Signed-off-by:
Ding Xiang <dingxiang@cmss.chinamobile.com> Link: https://lore.kernel.org/r/20220530100047.537598-1-dingxiang@cmss.chinamobile.comSigned-off-by:
-
Baokun Li authored
ext4_mb_normalize_request() can move logical start of allocated blocks to reduce fragmentation and better utilize preallocation. However logical block requested as a start of allocation (ac->ac_o_ex.fe_logical) should always be covered by allocated blocks so we should check that by modifying and to or in the assertion. Signed-off-by:
Baokun Li <libaokun1@huawei.com> Reviewed-by:
-
Baokun Li authored
Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/mballoc.c:3211! [...] RIP: 0010:ext4_mb_mark_diskspace_used.cold+0x85/0x136f [...] Call Trace: ext4_mb_new_blocks+0x9df/0x5d30 ext4_ext_map_blocks+0x1803/0x4d80 ext4_map_blocks+0x3a4/0x1a10 ext4_writepages+0x126d/0x2c30 do_writepages+0x7f/0x1b0 __filemap_fdatawrite_range+0x285/0x3b0 file_write_and_wait_range+0xb1/0x140 ext4_sync_file+0x1aa/0xca0 vfs_fsync_range+0xfb/0x260 do_fsync+0x48/0xa0 [...] ================================================================== Above issue may happen as follows: ------------------------------------- do_fsync vfs_fsync_range ext4_sync_file file_write_and_wait_range __filemap_fdatawrite_range do_writepages ext4_writepages mpage_map_and_submit_extent mpage_map_one_extent ext4_map_blocks ext4_mb_new_blocks ext4_mb_normalize_request >>> start + size <= ac->ac_o_ex.fe_logical ext4_mb_regular_allocator ext4_mb_simple_scan_group ext4_mb_use_best_found ext4_mb_new_preallocation ext4_mb_new_inode_pa ext4_mb_use_inode_pa >>> set ac->ac_b_ex.fe_len <= 0 ext4_mb_mark_diskspace_used >>> BUG_ON(ac->ac_b_ex.fe_len <= 0); we can easily reproduce this problem with the following commands: `fallocate -l100M disk` `mkfs.ext4 -b 1024 -g 256 disk` `mount disk /mnt` `fsstress -d /mnt -l 0 -n 1000 -p 1` The size must be smaller than or equal to EXT4_BLOCKS_PER_GROUP. Therefore, "start + size <= ac->ac_o_ex.fe_logical" may occur when the size is truncated. So start should be the start position of the group where ac_o_ex.fe_logical is located after alignment. In addition, when the value of fe_logical or EXT4_BLOCKS_PER_GROUP is very large, the value calculated by start_off is more accurate. Cc: stable@kernel.org Fixes: cd648b8a ("ext4: trim allocation requests to group size") Reported-by: -
Eric Biggers authored
Since ext4 was converted to the new mount API, the test_dummy_encryption mount option isn't being handled entirely correctly, because the needed fscrypt_set_test_dummy_encryption() helper function combines parsing/checking/applying into one function. That doesn't work well with the new mount API, which split these into separate steps. This was sort of okay anyway, due to the parsing logic that was copied from fscrypt_set_test_dummy_encryption() into ext4_parse_param(), combined with an additional check in ext4_check_test_dummy_encryption(). However, these overlooked the case of changing the value of test_dummy_encryption on remount, which isn't allowed but ext4 wasn't detecting until ext4_apply_options() when it's too late to fail. Another bug is that if test_dummy_encryption was specified multiple times with an argument, memory was leaked. Fix this up properly by using the new helper functions that allow splitting up the parse/check/apply steps for test_dummy_encryption. Fixes: cebe85d5 ("ext4: switch to the new mount api") Signed-off-by:
Eric Biggers <ebiggers@google.com> Link: https://lore.kernel.org/r/20220526040412.173025-1-ebiggers@kernel.orgSigned-off-by:
-
