1. 09 Oct, 2024 8 commits
    • David Hildenbrand's avatar
      mm/huge_memory: check pmd_special() only after pmd_present() · 47fa3011
      David Hildenbrand authored
      We should only check for pmd_special() after we made sure that we have a
      present PMD.  For example, if we have a migration PMD, pmd_special() might
      indicate that we have a special PMD although we really don't.
      
      This fixes confusing migration entries as PFN mappings, and not doing what
      we are supposed to do in the "is_swap_pmd()" case further down in the
      function -- including messing up COW, page table handling and accounting.
      
      Link: https://lkml.kernel.org/r/20240926154234.2247217-1-david@redhat.com
      Fixes: bc02afbd ("mm/fork: accept huge pfnmap entries")
      Signed-off-by: default avatarDavid Hildenbrand <david@redhat.com>
      Reported-by: syzbot+bf2c35fa302ebe3c7471@syzkaller.appspotmail.com
      Closes: https://lore.kernel.org/lkml/66f15c8d.050a0220.c23dd.000f.GAE@google.com/Reviewed-by: default avatarPeter Xu <peterx@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      47fa3011
    • Huang Ying's avatar
      resource, kunit: fix user-after-free in resource_test_region_intersects() · 0665d7a3
      Huang Ying authored
      In resource_test_insert_resource(), the pointer is used in error message
      after kfree().  This is user-after-free.  To fix this, we need to call
      kunit_add_action_or_reset() to schedule memory freeing after usage.  But
      kunit_add_action_or_reset() itself may fail and free the memory.  So, its
      return value should be checked and abort the test for failure.  Then, we
      found that other usage of kunit_add_action_or_reset() in
      resource_test_region_intersects() needs to be fixed too.  We fix all these
      user-after-free bugs in this patch.
      
      Link: https://lkml.kernel.org/r/20240930070611.353338-1-ying.huang@intel.com
      Fixes: 99185c10 ("resource, kunit: add test case for region_intersects()")
      Signed-off-by: default avatar"Huang, Ying" <ying.huang@intel.com>
      Reported-by: default avatarKees Bakker <kees@ijzerbout.nl>
      Closes: https://lore.kernel.org/lkml/87ldzaotcg.fsf@yhuang6-desk2.ccr.corp.intel.com/
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Bjorn Helgaas <bhelgaas@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      0665d7a3
    • Alexander Gordeev's avatar
      fs/proc/kcore.c: allow translation of physical memory addresses · 3d5854d7
      Alexander Gordeev authored
      When /proc/kcore is read an attempt to read the first two pages results in
      HW-specific page swap on s390 and another (so called prefix) pages are
      accessed instead.  That leads to a wrong read.
      
      Allow architecture-specific translation of memory addresses using
      kc_xlate_dev_mem_ptr() and kc_unxlate_dev_mem_ptr() callbacks similarily
      to /dev/mem xlate_dev_mem_ptr() and unxlate_dev_mem_ptr() callbacks.  That
      way an architecture can deal with specific physical memory ranges.
      
      Re-use the existing /dev/mem callback implementation on s390, which
      handles the described prefix pages swapping correctly.
      
      For other architectures the default callback is basically NOP.  It is
      expected the condition (vaddr == __va(__pa(vaddr))) always holds true for
      KCORE_RAM memory type.
      
      Link: https://lkml.kernel.org/r/20240930122119.1651546-1-agordeev@linux.ibm.comSigned-off-by: default avatarAlexander Gordeev <agordeev@linux.ibm.com>
      Suggested-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      3d5854d7
    • Donet Tom's avatar
      selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test · 76503e1f
      Donet Tom authored
      The hmm2 double_map test was failing due to an incorrect buffer->mirror
      size.  The buffer->mirror size was 6, while buffer->ptr size was 6 *
      PAGE_SIZE.  The test failed because the kernel's copy_to_user function was
      attempting to copy a 6 * PAGE_SIZE buffer to buffer->mirror.  Since the
      size of buffer->mirror was incorrect, copy_to_user failed.
      
      This patch corrects the buffer->mirror size to 6 * PAGE_SIZE.
      
      Test Result without this patch
      ==============================
       #  RUN           hmm2.hmm2_device_private.double_map ...
       # hmm-tests.c:1680:double_map:Expected ret (-14) == 0 (0)
       # double_map: Test terminated by assertion
       #          FAIL  hmm2.hmm2_device_private.double_map
       not ok 53 hmm2.hmm2_device_private.double_map
      
      Test Result with this patch
      ===========================
       #  RUN           hmm2.hmm2_device_private.double_map ...
       #            OK  hmm2.hmm2_device_private.double_map
       ok 53 hmm2.hmm2_device_private.double_map
      
      Link: https://lkml.kernel.org/r/20240927050752.51066-1-donettom@linux.ibm.com
      Fixes: fee9f6d1 ("mm/hmm/test: add selftests for HMM")
      Signed-off-by: default avatarDonet Tom <donettom@linux.ibm.com>
      Reviewed-by: default avatarMuhammad Usama Anjum <usama.anjum@collabora.com>
      Cc: Jérôme Glisse <jglisse@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Mark Brown <broonie@kernel.org>
      Cc: Przemek Kitszel <przemyslaw.kitszel@intel.com>
      Cc: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Ralph Campbell <rcampbell@nvidia.com>
      Cc: Jason Gunthorpe <jgg@mellanox.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      76503e1f
    • Kun(llfl)'s avatar
      device-dax: correct pgoff align in dax_set_mapping() · 7fcbd978
      Kun(llfl) authored
      pgoff should be aligned using ALIGN_DOWN() instead of ALIGN().  Otherwise,
      vmf->address not aligned to fault_size will be aligned to the next
      alignment, that can result in memory failure getting the wrong address.
      
      It's a subtle situation that only can be observed in
      page_mapped_in_vma() after the page is page fault handled by
      dev_dax_huge_fault.  Generally, there is little chance to perform
      page_mapped_in_vma in dev-dax's page unless in specific error injection
      to the dax device to trigger an MCE - memory-failure.  In that case,
      page_mapped_in_vma() will be triggered to determine which task is
      accessing the failure address and kill that task in the end.
      
      
      We used self-developed dax device (which is 2M aligned mapping) , to
      perform error injection to random address.  It turned out that error
      injected to non-2M-aligned address was causing endless MCE until panic.
      Because page_mapped_in_vma() kept resulting wrong address and the task
      accessing the failure address was never killed properly:
      
      
      [ 3783.719419] Memory failure: 0x200c9742: recovery action for dax page: 
      Recovered
      [ 3784.049006] mce: Uncorrected hardware memory error in user-access at 
      200c9742380
      [ 3784.049190] Memory failure: 0x200c9742: recovery action for dax page: 
      Recovered
      [ 3784.448042] mce: Uncorrected hardware memory error in user-access at 
      200c9742380
      [ 3784.448186] Memory failure: 0x200c9742: recovery action for dax page: 
      Recovered
      [ 3784.792026] mce: Uncorrected hardware memory error in user-access at 
      200c9742380
      [ 3784.792179] Memory failure: 0x200c9742: recovery action for dax page: 
      Recovered
      [ 3785.162502] mce: Uncorrected hardware memory error in user-access at 
      200c9742380
      [ 3785.162633] Memory failure: 0x200c9742: recovery action for dax page: 
      Recovered
      [ 3785.461116] mce: Uncorrected hardware memory error in user-access at 
      200c9742380
      [ 3785.461247] Memory failure: 0x200c9742: recovery action for dax page: 
      Recovered
      [ 3785.764730] mce: Uncorrected hardware memory error in user-access at 
      200c9742380
      [ 3785.764859] Memory failure: 0x200c9742: recovery action for dax page: 
      Recovered
      [ 3786.042128] mce: Uncorrected hardware memory error in user-access at 
      200c9742380
      [ 3786.042259] Memory failure: 0x200c9742: recovery action for dax page: 
      Recovered
      [ 3786.464293] mce: Uncorrected hardware memory error in user-access at 
      200c9742380
      [ 3786.464423] Memory failure: 0x200c9742: recovery action for dax page: 
      Recovered
      [ 3786.818090] mce: Uncorrected hardware memory error in user-access at 
      200c9742380
      [ 3786.818217] Memory failure: 0x200c9742: recovery action for dax page: 
      Recovered
      [ 3787.085297] mce: Uncorrected hardware memory error in user-access at 
      200c9742380
      [ 3787.085424] Memory failure: 0x200c9742: recovery action for dax page: 
      Recovered
      
      It took us several weeks to pinpoint this problem,  but we eventually
      used bpftrace to trace the page fault and mce address and successfully
      identified the issue.
      
      
      Joao added:
      
      ; Likely we never reproduce in production because we always pin
      : device-dax regions in the region align they provide (Qemu does
      : similarly with prealloc in hugetlb/file backed memory).  I think this
      : bug requires that we touch *unpinned* device-dax regions unaligned to
      : the device-dax selected alignment (page size i.e.  4K/2M/1G)
      
      Link: https://lkml.kernel.org/r/23c02a03e8d666fef11bbe13e85c69c8b4ca0624.1727421694.git.llfl@linux.alibaba.com
      Fixes: b9b5777f ("device-dax: use ALIGN() for determining pgoff")
      Signed-off-by: default avatarKun(llfl) <llfl@linux.alibaba.com>
      Tested-by: default avatarJianXiong Zhao <zhaojianxiong.zjx@alibaba-inc.com>
      Reviewed-by: default avatarJoao Martins <joao.m.martins@oracle.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      7fcbd978
    • Frederic Weisbecker's avatar
      kthread: unpark only parked kthread · 214e01ad
      Frederic Weisbecker authored
      Calling into kthread unparking unconditionally is mostly harmless when
      the kthread is already unparked. The wake up is then simply ignored
      because the target is not in TASK_PARKED state.
      
      However if the kthread is per CPU, the wake up is preceded by a call
      to kthread_bind() which expects the task to be inactive and in
      TASK_PARKED state, which obviously isn't the case if it is unparked.
      
      As a result, calling kthread_stop() on an unparked per-cpu kthread
      triggers such a warning:
      
      	WARNING: CPU: 0 PID: 11 at kernel/kthread.c:525 __kthread_bind_mask kernel/kthread.c:525
      	 <TASK>
      	 kthread_stop+0x17a/0x630 kernel/kthread.c:707
      	 destroy_workqueue+0x136/0xc40 kernel/workqueue.c:5810
      	 wg_destruct+0x1e2/0x2e0 drivers/net/wireguard/device.c:257
      	 netdev_run_todo+0xe1a/0x1000 net/core/dev.c:10693
      	 default_device_exit_batch+0xa14/0xa90 net/core/dev.c:11769
      	 ops_exit_list net/core/net_namespace.c:178 [inline]
      	 cleanup_net+0x89d/0xcc0 net/core/net_namespace.c:640
      	 process_one_work kernel/workqueue.c:3231 [inline]
      	 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
      	 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393
      	 kthread+0x2f0/0x390 kernel/kthread.c:389
      	 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
      	 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
      	 </TASK>
      
      Fix this with skipping unecessary unparking while stopping a kthread.
      
      Link: https://lkml.kernel.org/r/20240913214634.12557-1-frederic@kernel.org
      Fixes: 5c25b5ff ("workqueue: Tag bound workers with KTHREAD_IS_PER_CPU")
      Signed-off-by: default avatarFrederic Weisbecker <frederic@kernel.org>
      Reported-by: syzbot+943d34fa3cf2191e3068@syzkaller.appspotmail.com
      Tested-by: syzbot+943d34fa3cf2191e3068@syzkaller.appspotmail.com
      Suggested-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Hillf Danton <hdanton@sina.com>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      214e01ad
    • Michal Hocko's avatar
      Revert "mm: introduce PF_MEMALLOC_NORECLAIM, PF_MEMALLOC_NOWARN" · 9a8da05d
      Michal Hocko authored
      This reverts commit eab0af90.
      
      There is no existing user of those flags.  PF_MEMALLOC_NOWARN is dangerous
      because a nested allocation context can use GFP_NOFAIL which could cause
      unexpected failure.  Such a code would be hard to maintain because it
      could be deeper in the call chain.
      
      PF_MEMALLOC_NORECLAIM has been added even when it was pointed out [1] that
      such a allocation contex is inherently unsafe if the context doesn't fully
      control all allocations called from this context.
      
      While PF_MEMALLOC_NOWARN is not dangerous the way PF_MEMALLOC_NORECLAIM is
      it doesn't have any user and as Matthew has pointed out we are running out
      of those flags so better reclaim it without any real users.
      
      [1] https://lore.kernel.org/all/ZcM0xtlKbAOFjv5n@tiehlicka/
      
      Link: https://lkml.kernel.org/r/20240926172940.167084-3-mhocko@kernel.orgSigned-off-by: default avatarMichal Hocko <mhocko@suse.com>
      Reviewed-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: James Morris <jmorris@namei.org>
      Cc: Jan Kara <jack@suse.cz>
      Cc: Kent Overstreet <kent.overstreet@linux.dev>
      Cc: Paul Moore <paul@paul-moore.com>
      Cc: Serge E. Hallyn <serge@hallyn.com>
      Cc: Yafang Shao <laoar.shao@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      9a8da05d
    • Michal Hocko's avatar
      bcachefs: do not use PF_MEMALLOC_NORECLAIM · 9897713f
      Michal Hocko authored
      Patch series "remove PF_MEMALLOC_NORECLAIM" v3.
      
      
      This patch (of 2):
      
      bch2_new_inode relies on PF_MEMALLOC_NORECLAIM to try to allocate a new
      inode to achieve GFP_NOWAIT semantic while holding locks. If this
      allocation fails it will drop locks and use GFP_NOFS allocation context.
      
      We would like to drop PF_MEMALLOC_NORECLAIM because it is really
      dangerous to use if the caller doesn't control the full call chain with
      this flag set. E.g. if any of the function down the chain needed
      GFP_NOFAIL request the PF_MEMALLOC_NORECLAIM would override this and
      cause unexpected failure.
      
      While this is not the case in this particular case using the scoped gfp
      semantic is not really needed bacause we can easily pus the allocation
      context down the chain without too much clutter.
      
      [akpm@linux-foundation.org: fix kerneldoc warnings]
      Link: https://lkml.kernel.org/r/20240926172940.167084-1-mhocko@kernel.org
      Link: https://lkml.kernel.org/r/20240926172940.167084-2-mhocko@kernel.orgSigned-off-by: default avatarMichal Hocko <mhocko@suse.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: Jan Kara <jack@suse.cz> # For vfs changes
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: James Morris <jmorris@namei.org>
      Cc: Kent Overstreet <kent.overstreet@linux.dev>
      Cc: Paul Moore <paul@paul-moore.com>
      Cc: Serge E. Hallyn <serge@hallyn.com>
      Cc: Yafang Shao <laoar.shao@gmail.com>
      Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      9897713f
  2. 06 Oct, 2024 20 commits
  3. 05 Oct, 2024 12 commits
    • Linus Torvalds's avatar
      Merge tag 'bcachefs-2024-10-05' of git://evilpiepirate.org/bcachefs · 8f602276
      Linus Torvalds authored
      Pull bcachefs fixes from Kent Overstreet:
       "A lot of little fixes, bigger ones include:
      
         - bcachefs's __wait_on_freeing_inode() was broken in rc1 due to vfs
           changes, now fixed along with another lost wakeup
      
         - fragmentation LRU fixes; fsck now repairs successfully (this is the
           data structure copygc uses); along with some nice simplification.
      
         - Rework logged op error handling, so that if logged op replay errors
           (due to another filesystem error) we delete the logged op instead
           of going into an infinite loop)
      
         - Various small filesystem connectivitity repair fixes"
      
      * tag 'bcachefs-2024-10-05' of git://evilpiepirate.org/bcachefs:
        bcachefs: Rework logged op error handling
        bcachefs: Add warn param to subvol_get_snapshot, peek_inode
        bcachefs: Kill snapshot arg to fsck_write_inode()
        bcachefs: Check for unlinked, non-empty dirs in check_inode()
        bcachefs: Check for unlinked inodes with dirents
        bcachefs: Check for directories with no backpointers
        bcachefs: Kill alloc_v4.fragmentation_lru
        bcachefs: minor lru fsck fixes
        bcachefs: Mark more errors AUTOFIX
        bcachefs: Make sure we print error that causes fsck to bail out
        bcachefs: bkey errors are only AUTOFIX during read
        bcachefs: Create lost+found in correct snapshot
        bcachefs: Fix reattach_inode()
        bcachefs: Add missing wakeup to bch2_inode_hash_remove()
        bcachefs: Fix trans_commit disk accounting revert
        bcachefs: Fix bch2_inode_is_open() check
        bcachefs: Fix return type of dirent_points_to_inode_nowarn()
        bcachefs: Fix bad shift in bch2_read_flag_list()
      8f602276
    • Linus Torvalds's avatar
      Merge tag 'for-linus-6.12a-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · fc20a3e5
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "Fix Xen config issue introduced in the merge window"
      
      * tag 'for-linus-6.12a-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen: Fix config option reference in XEN_PRIVCMD definition
      fc20a3e5
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus-5.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · fdd0a94d
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "Fix some ext4 bugs and regressions relating to oneline resize and fast
        commits"
      
      * tag 'ext4_for_linus-5.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: fix off by one issue in alloc_flex_gd()
        ext4: mark fc as ineligible using an handle in ext4_xattr_set()
        ext4: use handle to mark fc as ineligible in __track_dentry_update()
      fdd0a94d
    • Linus Torvalds's avatar
      Merge tag 'cxl-fixes-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl · 7c50f221
      Linus Torvalds authored
      Pull cxl fix from Ira Weiny:
      
       - Fix calculation for SBDF in error injection
      
      * tag 'cxl-fixes-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
        EINJ, CXL: Fix CXL device SBDF calculation
      7c50f221
    • Linus Torvalds's avatar
      Merge tag 'i2c-for-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 3a28c9e1
      Linus Torvalds authored
      Pull i2c fix from Wolfram Sang:
      
       - Fix potential deadlock during runtime suspend and resume (stm32f7)
      
      * tag 'i2c-for-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
      3a28c9e1
    • Linus Torvalds's avatar
      Merge tag 'spi-fix-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · 60b9f47e
      Linus Torvalds authored
      Pull spi fixes from Mark Brown:
       "A small set of driver specific fixes that came in since the merge
        window, about half of which is fixes for correctness in the use of the
        runtime PM APIs done as part of a broader cleanup"
      
      * tag 'spi-fix-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: s3c64xx: fix timeout counters in flush_fifo
        spi: atmel-quadspi: Fix wrong register value written to MR
        spi: spi-cadence: Fix missing spi_controller_is_target() check
        spi: spi-cadence: Fix pm_runtime_set_suspended() with runtime pm enabled
        spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled
      60b9f47e
    • Linus Torvalds's avatar
      Merge tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 9ec2236a
      Linus Torvalds authored
      Pull hardening fixes from Kees Cook:
      
       - gcc plugins: Avoid Kconfig warnings with randstruct (Nathan
         Chancellor)
      
       - MAINTAINERS: Add security/Kconfig.hardening to hardening section
         (Nathan Chancellor)
      
       - MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list
      
      * tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        MAINTAINERS: Add security/Kconfig.hardening to hardening section
        hardening: Adjust dependencies in selection of MODVERSIONS
        MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list
      9ec2236a
    • Linus Torvalds's avatar
      Merge tag 'lsm-pr-20241004' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm · fb9b7674
      Linus Torvalds authored
      Pull lsm revert from Paul Moore:
       "Here is the CONFIG_SECURITY_TOMOYO_LKM revert that we've been
        discussing this week. With near unanimous agreement that the original
        TOMOYO patches were not the right way to solve the distro problem
        Tetsuo is trying the solve, reverting is our best option at this time"
      
      * tag 'lsm-pr-20241004' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
        tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support
      fb9b7674
    • Zach Wade's avatar
      platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug · 7d59ac07
      Zach Wade authored
      Attaching SST PCI device to VM causes "BUG: KASAN: slab-out-of-bounds".
      kasan report:
      [   19.411889] ==================================================================
      [   19.413702] BUG: KASAN: slab-out-of-bounds in _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]
      [   19.415634] Read of size 8 at addr ffff888829e65200 by task cpuhp/16/113
      [   19.417368]
      [   19.418627] CPU: 16 PID: 113 Comm: cpuhp/16 Tainted: G            E      6.9.0 #10
      [   19.420435] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022
      [   19.422687] Call Trace:
      [   19.424091]  <TASK>
      [   19.425448]  dump_stack_lvl+0x5d/0x80
      [   19.426963]  ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]
      [   19.428694]  print_report+0x19d/0x52e
      [   19.430206]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
      [   19.431837]  ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]
      [   19.433539]  kasan_report+0xf0/0x170
      [   19.435019]  ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]
      [   19.436709]  _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]
      [   19.438379]  ? __pfx_sched_clock_cpu+0x10/0x10
      [   19.439910]  isst_if_cpu_online+0x406/0x58f [isst_if_common]
      [   19.441573]  ? __pfx_isst_if_cpu_online+0x10/0x10 [isst_if_common]
      [   19.443263]  ? ttwu_queue_wakelist+0x2c1/0x360
      [   19.444797]  cpuhp_invoke_callback+0x221/0xec0
      [   19.446337]  cpuhp_thread_fun+0x21b/0x610
      [   19.447814]  ? __pfx_cpuhp_thread_fun+0x10/0x10
      [   19.449354]  smpboot_thread_fn+0x2e7/0x6e0
      [   19.450859]  ? __pfx_smpboot_thread_fn+0x10/0x10
      [   19.452405]  kthread+0x29c/0x350
      [   19.453817]  ? __pfx_kthread+0x10/0x10
      [   19.455253]  ret_from_fork+0x31/0x70
      [   19.456685]  ? __pfx_kthread+0x10/0x10
      [   19.458114]  ret_from_fork_asm+0x1a/0x30
      [   19.459573]  </TASK>
      [   19.460853]
      [   19.462055] Allocated by task 1198:
      [   19.463410]  kasan_save_stack+0x30/0x50
      [   19.464788]  kasan_save_track+0x14/0x30
      [   19.466139]  __kasan_kmalloc+0xaa/0xb0
      [   19.467465]  __kmalloc+0x1cd/0x470
      [   19.468748]  isst_if_cdev_register+0x1da/0x350 [isst_if_common]
      [   19.470233]  isst_if_mbox_init+0x108/0xff0 [isst_if_mbox_msr]
      [   19.471670]  do_one_initcall+0xa4/0x380
      [   19.472903]  do_init_module+0x238/0x760
      [   19.474105]  load_module+0x5239/0x6f00
      [   19.475285]  init_module_from_file+0xd1/0x130
      [   19.476506]  idempotent_init_module+0x23b/0x650
      [   19.477725]  __x64_sys_finit_module+0xbe/0x130
      [   19.476506]  idempotent_init_module+0x23b/0x650
      [   19.477725]  __x64_sys_finit_module+0xbe/0x130
      [   19.478920]  do_syscall_64+0x82/0x160
      [   19.480036]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
      [   19.481292]
      [   19.482205] The buggy address belongs to the object at ffff888829e65000
       which belongs to the cache kmalloc-512 of size 512
      [   19.484818] The buggy address is located 0 bytes to the right of
       allocated 512-byte region [ffff888829e65000, ffff888829e65200)
      [   19.487447]
      [   19.488328] The buggy address belongs to the physical page:
      [   19.489569] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888829e60c00 pfn:0x829e60
      [   19.491140] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
      [   19.492466] anon flags: 0x57ffffc0000840(slab|head|node=1|zone=2|lastcpupid=0x1fffff)
      [   19.493914] page_type: 0xffffffff()
      [   19.494988] raw: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001
      [   19.496451] raw: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000
      [   19.497906] head: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001
      [   19.499379] head: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000
      [   19.500844] head: 0057ffffc0000003 ffffea0020a79801 ffffea0020a79848 00000000ffffffff
      [   19.502316] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
      [   19.503784] page dumped because: kasan: bad access detected
      [   19.505058]
      [   19.505970] Memory state around the buggy address:
      [   19.507172]  ffff888829e65100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [   19.508599]  ffff888829e65180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [   19.510013] >ffff888829e65200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [   19.510014]                    ^
      [   19.510016]  ffff888829e65280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [   19.510018]  ffff888829e65300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [   19.515367] ==================================================================
      
      The reason for this error is physical_package_ids assigned by VMware VMM
      are not continuous and have gaps. This will cause value returned by
      topology_physical_package_id() to be more than topology_max_packages().
      
      Here the allocation uses topology_max_packages(). The call to
      topology_max_packages() returns maximum logical package ID not physical
      ID. Hence use topology_logical_package_id() instead of
      topology_physical_package_id().
      
      Fixes: 9a1aac8a ("platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering")
      Cc: stable@vger.kernel.org
      Acked-by: default avatarSrinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
      Signed-off-by: default avatarZach Wade <zachwade.k@gmail.com>
      Link: https://lore.kernel.org/r/20240923144508.1764-1-zachwade.k@gmail.comReviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      7d59ac07
    • Linus Torvalds's avatar
      Merge tag 'linux_kselftest-fixes-6.12-rc2' of... · 27cc6fdf
      Linus Torvalds authored
      Merge tag 'linux_kselftest-fixes-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull kselftest fixes from Shuah Khan:
       "Fixes to build warnings, install scripts, run-time error path, and git
        status cleanups to tests:
      
         - devices/probe: fix for Python3 regex string syntax warnings
      
         - clone3: removing unused macro from clone3_cap_checkpoint_restore()
      
         - vDSO: fix to align getrandom states to cache line
      
         - core and exec: add missing executables to .gitignore files
      
         - rtc: change to skip test if /dev/rtc0 can't be accessed
      
         - timers/posix: fix warn_unused_result result in __fatal_error()
      
         - breakpoints: fix to detect suspend successful condition correctly
      
         - hid: fix to install required dependencies to run the test"
      
      * tag 'linux_kselftest-fixes-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        selftests: breakpoints: use remaining time to check if suspend succeed
        kselftest/devices/probe: Fix SyntaxWarning in regex strings for Python3
        selftest: hid: add missing run-hid-tools-tests.sh
        selftests: vDSO: align getrandom states to cache line
        selftests: exec: update gitignore for load_address
        selftests: core: add unshare_test to gitignore
        clone3: clone3_cap_checkpoint_restore: remove unused MAX_PID_NS_LEVEL macro
        selftests:timers: posix_timers: Fix warn_unused_result in __fatal_error()
        selftest: rtc: Check if could access /dev/rtc0 before testing
      27cc6fdf
    • Kent Overstreet's avatar
      bcachefs: Rework logged op error handling · 0f25eb4b
      Kent Overstreet authored
      Initially it was thought that we just wanted to ignore errors from
      logged op replay, but it turns out we do need to catch -EROFS, or we'll
      go into an infinite loop.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      0f25eb4b
    • Kent Overstreet's avatar
      bcachefs: Add warn param to subvol_get_snapshot, peek_inode · 1f73cb4d
      Kent Overstreet authored
      These shouldn't always be fatal errors - logged op resume, in
      particular, and we want it as a parameter there.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      1f73cb4d