1. 21 Nov, 2022 3 commits
  2. 20 Nov, 2022 8 commits
  3. 19 Nov, 2022 8 commits
  4. 18 Nov, 2022 21 commits
    • Chen Jun's avatar
      Input: i8042 - fix leaking of platform device on module removal · 81cd7e84
      Chen Jun authored
      Avoid resetting the module-wide i8042_platform_device pointer in
      i8042_probe() or i8042_remove(), so that the device can be properly
      destroyed by i8042_exit() on module unload.
      
      Fixes: 9222ba68 ("Input: i8042 - add deferred probe support")
      Signed-off-by: default avatarChen Jun <chenjun102@huawei.com>
      Link: https://lore.kernel.org/r/20221109034148.23821-1-chenjun102@huawei.comSigned-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      81cd7e84
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.1-2022-11-18' of git://git.kernel.dk/linux · a66e4cbf
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "This is mostly fixing issues around the poll rework, but also two
        tweaks for the multishot handling for accept and receive.
      
        All stable material"
      
      * tag 'io_uring-6.1-2022-11-18' of git://git.kernel.dk/linux:
        io_uring: disallow self-propelled ring polling
        io_uring: fix multishot recv request leaks
        io_uring: fix multishot accept request leaks
        io_uring: fix tw losing poll events
        io_uring: update res mask in io_poll_check_events
      a66e4cbf
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 23a60a03
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
      
       - Fix a build error with CONFIG_CFI_CLANG + CONFIG_FTRACE when
         CONFIG_FUNCTION_GRAPH_TRACER is not enabled.
      
       - Fix a BUG_ON triggered by the page table checker due to incorrect
         file_map_count for non-leaf pmd/pud (the arm64
         pmd_user_accessible_page() not checking whether it's a leaf entry).
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud
        arm64: ftrace: Define ftrace_stub_graph only with FUNCTION_GRAPH_TRACER
      23a60a03
    • Linus Torvalds's avatar
      Merge tag 'block-6.1-2022-11-18' of git://git.kernel.dk/linux · f4408c3d
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - NVMe pull request via Christoph:
            - Two more bogus nid quirks (Bean Huo, Tiago Dias Ferreira)
            - Memory leak fix in nvmet (Sagi Grimberg)
      
       - Regression fix for block cgroups pinning the wrong blkcg, causing
         leaks of cgroups and blkcgs (Chris)
      
       - UAF fix for drbd setup error handling (Dan)
      
       - Fix DMA alignment propagation in DM (Keith)
      
      * tag 'block-6.1-2022-11-18' of git://git.kernel.dk/linux:
        dm-log-writes: set dma_alignment limit in io_hints
        dm-integrity: set dma_alignment limit in io_hints
        block: make blk_set_default_limits() private
        dm-crypt: provide dma_alignment limit in io_hints
        block: make dma_alignment a stacking queue_limit
        nvmet: fix a memory leak in nvmet_auth_set_key
        nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
        drbd: use after free in drbd_create_device()
        nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
        blk-cgroup: properly pin the parent in blkcg_css_online
      f4408c3d
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2022-11-19' of git://anongit.freedesktop.org/drm/drm · b5bf1d8a
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "I guess the main question is are things settling down, and I'd say
        kinda, these are all pretty small fixes, nothing big stands out
        really, just seems to be quite a few of them.
      
        Mostly amdgpu and core fixes, with some i915, tegra, vc4, panel bits.
      
        core:
         - Fix potential memory leak in drm_dev_init()
         - Fix potential null-ptr-deref in drm_vblank_destroy_worker()
         - Revert hiding unregistered connectors from userspace, as it breaks
           on DP-MST
         - Add workaround for DP++ dual mode adaptors that don't support i2c
           subaddressing
      
        i915:
         - Fix uaf with lmem_userfault_list handling
      
        amdgpu:
         - gang submit fixes
         - Fix a possible memory leak in ganng submit error path
         - DP tunneling fixes
         - DCN 3.1 page flip fix
         - DCN 3.2.x fixes
         - DCN 3.1.4 fixes
         - Don't expose degamma on hardware that doesn't support it
         - BACO fixes for SMU 11.x
         - BACO fixes for SMU 13.x
         - Virtual display fix for devices with no display hardware
      
        amdkfd:
         - Memory limit regression fix
      
        tegra:
         - tegra20 GART fix
      
        vc4:
         - Fix error handling in vc4_atomic_commit_tail()
      
        lima:
         - Set lima's clkname corrrectly when regulator is missing
      
        panel:
         - Set bpc for logictechno panels"
      
      * tag 'drm-fixes-2022-11-19' of git://anongit.freedesktop.org/drm/drm: (28 commits)
        gpu: host1x: Avoid trying to use GART on Tegra20
        drm/display: Don't assume dual mode adaptors support i2c sub-addressing
        drm/amd/pm: fix SMU13 runpm hang due to unintentional workaround
        drm/amd/pm: enable runpm support over BACO for SMU13.0.7
        drm/amd/pm: enable runpm support over BACO for SMU13.0.0
        drm/amdgpu: there is no vbios fb on devices with no display hw (v2)
        drm/amdkfd: Fix a memory limit issue
        drm/amdgpu: disable BACO support on more cards
        drm/amd/display: don't enable DRM CRTC degamma property for DCE
        drm/amd/display: Set max for prefetch lines on dcn32
        drm/amd/display: use uclk pstate latency for fw assisted mclk validation dcn32
        drm/amd/display: Fix prefetch calculations for dcn32
        drm/amd/display: Fix optc2_configure warning on dcn314
        drm/amd/display: Fix calculation for cursor CAB allocation
        Revert "drm: hide unregistered connectors from GETCONNECTOR IOCTL"
        drm/amd/display: Support parsing VRAM info v3.0 from VBIOS
        drm/amd/display: Fix invalid DPIA AUX reply causing system hang
        drm/amdgpu: Add psp_13_0_10_ta firmware to modinfo
        drm/amd/display: Add HUBP surface flip interrupt handler
        drm/amd/display: Fix access timeout to DPIA AUX at boot time
        ...
      b5bf1d8a
    • Linus Torvalds's avatar
      Merge tag 's390-6.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · ab290ead
      Linus Torvalds authored
      Pull s390 fixes from Alexander Gordeev:
      
       - Fix deadlock in discontiguous saved segments (DCSS) block device
         driver. When adding a disk and scanning partitions the scan would not
         break out early without a missed flag.
      
       - Avoid using global register variable for current_stack_pointer due to
         an old bug in gcc versions prior to gcc-8.4. Due to this bug a broken
         code is generated, which leads to stack corruptions.
      
      * tag 's390-6.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390: avoid using global register for current_stack_pointer
        s390/dcssblk: fix deadlock when adding a DCSS
      ab290ead
    • Linus Torvalds's avatar
      Merge tag 'for-6.1/dm-fixes-2' of... · 5556a78c
      Linus Torvalds authored
      Merge tag 'for-6.1/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - Fix misbehavior if list_versions DM ioctl races with module loading
      
       - Fix missing decrement of no_sleep_enabled if dm_bufio_client_create
         failed
      
       - Allow DM integrity devices to be activated in read-only mode
      
      * tag 'for-6.1/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm integrity: clear the journal on suspend
        dm integrity: flush the journal on suspend
        dm bufio: Fix missing decrement of no_sleep_enabled if dm_bufio_client_create failed
        dm ioctl: fix misbehavior if list_versions races with module loading
      5556a78c
    • Dave Airlie's avatar
      Merge tag 'drm/tegra/for-6.1-rc6' of https://gitlab.freedesktop.org/drm/tegra into drm-fixes · b1010b93
      Dave Airlie authored
      drm/tegra: Fixes for v6.1-rc6
      
      This contains a single fix that avoids using the GART on Tegra20 because
      it doesn't work well with the way the Tegra DRM driver tries to use it.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Thierry Reding <thierry.reding@gmail.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20221118121614.3511110-1-thierry.reding@gmail.com
      b1010b93
    • Linus Torvalds's avatar
      Merge tag 'usb-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 950a9f56
      Linus Torvalds authored
      Pull USB driver fixes from Greg KH:
       "Here are a number of USB driver fixes and new device ids for 6.1-rc6.
        Included in here are:
      
         - new usb-serial device ids
      
         - dwc3 driver fixes for reported problems
      
         - cdns3 driver fixes
      
         - new USB device quirks
      
         - typec driver fixes
      
         - extcon USB typec driver fix
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        USB: serial: option: add u-blox LARA-L6 modem
        USB: serial: option: add u-blox LARA-R6 00B modem
        USB: serial: option: remove old LARA-R6 PID
        USB: serial: option: add Fibocom FM160 0x0111 composition
        usb: add NO_LPM quirk for Realforce 87U Keyboard
        usb: cdns3: host: fix endless superspeed hub port reset
        usb: chipidea: fix deadlock in ci_otg_del_timer
        usb: dwc3: Do not get extcon device when usb-role-switch is used
        usb: typec: tipd: Prevent uninitialized event{1,2} in IRQ handler
        usb: typec: mux: Enter safe mode only when pins need to be reconfigured
        extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered
        Revert "usb: dwc3: disable USB core PHY management"
        usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
        USB: bcma: Make GPIO explicitly optional
        USB: serial: option: add Sierra Wireless EM9191
      950a9f56
    • Linus Torvalds's avatar
      Merge tag 'staging-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 12fe29ee
      Linus Torvalds authored
      Pull staging driver fix from Greg KH:
       "Here is a single staging driver fix for 6.1-rc6.
      
        It resolves a bogus signed character test as pointed out, and fixed
        by, Jason in the rtl8192e driver
      
        It has been in linux-next for a few weeks now with no reported
        problems"
      
      * tag 'staging-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: rtl8192e: remove bogus ssid character sign test
      12fe29ee
    • Liu Shixin's avatar
      arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud · 5b47348f
      Liu Shixin authored
      The page table check trigger BUG_ON() unexpectedly when collapse hugepage:
      
       ------------[ cut here ]------------
       kernel BUG at mm/page_table_check.c:82!
       Internal error: Oops - BUG: 00000000f2000800 [#1] SMP
       Dumping ftrace buffer:
          (ftrace buffer empty)
       Modules linked in:
       CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750
       Hardware name: linux,dummy-virt (DT)
       pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
       pc : page_table_check_clear.isra.0+0x258/0x3f0
       lr : page_table_check_clear.isra.0+0x240/0x3f0
      [...]
       Call trace:
        page_table_check_clear.isra.0+0x258/0x3f0
        __page_table_check_pmd_clear+0xbc/0x108
        pmdp_collapse_flush+0xb0/0x160
        collapse_huge_page+0xa08/0x1080
        hpage_collapse_scan_pmd+0xf30/0x1590
        khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8
        khugepaged+0x338/0x518
        kthread+0x278/0x2f8
        ret_from_fork+0x10/0x20
      [...]
      
      Since pmd_user_accessible_page() doesn't check if a pmd is leaf, it
      decrease file_map_count for a non-leaf pmd comes from collapse_huge_page().
      and so trigger BUG_ON() unexpectedly.
      
      Fix this problem by using pmd_leaf() insteal of pmd_present() in
      pmd_user_accessible_page(). Moreover, use pud_leaf() for
      pud_user_accessible_page() too.
      
      Fixes: 42b25471 ("arm64/mm: enable ARCH_SUPPORTS_PAGE_TABLE_CHECK")
      Reported-by: default avatarDenys Vlasenko <dvlasenk@redhat.com>
      Signed-off-by: default avatarLiu Shixin <liushixin2@huawei.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Acked-by: default avatarPasha Tatashin <pasha.tatashin@soleen.com>
      Reviewed-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
      Acked-by: default avatarWill Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20221117075602.2904324-2-liushixin2@huawei.comSigned-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      5b47348f
    • Linus Torvalds's avatar
      Merge tag 'tty-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 09389357
      Linus Torvalds authored
      Pull tty/serial driver fixes from Greg KH:
       "Here are a number of small tty and serial driver fixes for 6.1-rc6.
        They all resolve reported problems:
      
         - kernel doc build problems with the -rc1 serial driver documentation
           update
      
         - n_gsm reported problems
      
         - imx serial driver missing callback
      
         - lots of tiny 8250 driver fixes for reported issues.
      
        All of these have been in linux-next for over a week with no reported
        problems"
      
      * tag 'tty-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        docs/driver-api/miscellaneous: Remove kernel-doc of serial_core.c
        serial: 8250: Flush DMA Rx on RLSI
        serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake
        serial: 8250_lpss: Configure DMA also w/o DMA filter
        serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
        tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
        Revert "tty: n_gsm: replace kicktimer with delayed_work"
        Revert "tty: n_gsm: avoid call of sleeping functions from atomic context"
        serial: imx: Add missing .thaw_noirq hook
        tty: serial: fsl_lpuart: don't break the on-going transfer when global reset
        serial: 8250: omap: Flush PM QOS work on remove
        serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
        serial: 8250_omap: remove wait loop from Errata i202 workaround
        serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl()
        serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
      09389357
    • Linus Torvalds's avatar
      Merge tag 'driver-core-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core · 63c8c0d7
      Linus Torvalds authored
      Pull driver core fixes from Greg KH:
       "Here are two small driver core fixes for 6.1-rc6:
      
         - utsname fix, this one should already be in your tree as it came
           from a different tree earlier.
      
         - kernfs bugfix for a much reported syzbot report that seems to keep
           getting triggered.
      
        Both of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'driver-core-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        kernfs: Fix spurious lockdep warning in kernfs_find_and_get_node_by_id()
        kernel/utsname_sysctl.c: Add missing enum uts_proc value
      63c8c0d7
    • Linus Torvalds's avatar
      Merge tag 'char-misc-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 1f63d1a1
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small char/misc and other driver fixes for 6.1-rc6 to
        resolve some reported problems. Included in here are:
      
         - iio driver fixes
      
         - binder driver fix
      
         - nvmem driver fix
      
         - vme_vmci information leak fix
      
         - parport fix
      
         - slimbus configuration fix
      
         - coreboot firmware bugfix
      
         - speakup build fix and crash fix
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'char-misc-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (22 commits)
        firmware: coreboot: Register bus in module init
        nvmem: u-boot-env: fix crc32_data_offset on redundant u-boot-env
        slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m
        docs: update mediator contact information in CoC doc
        slimbus: stream: correct presence rate frequencies
        nvmem: lan9662-otp: Fix compatible string
        binder: validate alloc->mm in ->mmap() handler
        parport_pc: Avoid FIFO port location truncation
        siox: fix possible memory leak in siox_device_add()
        misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
        speakup: replace utils' u_char with unsigned char
        speakup: fix a segfault caused by switching consoles
        tools: iio: iio_generic_buffer: Fix read size
        iio: imu: bno055: uninitialized variable bug in bno055_trigger_handler()
        iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
        iio: adc: mp2629: fix potential array out of bound access
        iio: adc: mp2629: fix wrong comparison of channel
        iio: pressure: ms5611: changed hardcoded SPI speed to value limited
        iio: pressure: ms5611: fixed value compensation bug
        iio: accel: bma400: Ensure VDDIO is enable defore reading the chip ID.
        ...
      1f63d1a1
    • Linus Torvalds's avatar
      Merge tag 'sound-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · ae558268
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A fair amount of commits at this time due to ASoC PR merge, but all
        look small and easy, mostly device-specific fixes spanned in various
        drivers. Hopefully this should be the last big chunk for 6.1"
      
      * tag 'sound-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (21 commits)
        ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
        ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
        ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
        ASoC: stm32: dfsdm: manage cb buffers cleanup
        ASoC: sof_es8336: reduce pop noise on speaker
        ASoC: SOF: topology: No need to assign core ID if token parsing failed
        ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
        ASoC: rt5677: fix legacy dai naming
        ASoC: rt5514: fix legacy dai naming
        ASoC: SOF: ipc3-topology: use old pipeline teardown flow with SOF2.1 and older
        ASoC: hda: intel-dsp-config: add ES83x6 quirk for IceLake
        ASoC: Intel: soc-acpi: add ES83x6 support to IceLake
        ASoC: tas2780: Fix set_tdm_slot in case of single slot
        ASoC: tas2764: Fix set_tdm_slot in case of single slot
        ASoC: tas2770: Fix set_tdm_slot in case of single slot
        ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N
        ASoC: core: Fix use-after-free in snd_soc_exit()
        MAINTAINERS: update Tzung-Bi's email address
        ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
        ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table
        ...
      ae558268
    • Linus Torvalds's avatar
      Merge tag 'mmc-v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 4ab9ffda
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "MMC core:
         - Fixup VDD/VMMC voltage-range negotiation
      
        MMC host:
         - sdhci-pci: Fix memory leak by adding a missing pci_dev_put()
         - sdhci-pci-o2micro: Fix card detect by tuning the debounce timeout"
      
      * tag 'mmc-v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
        mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout
        mmc: core: properly select voltage range without power cycle
      4ab9ffda
    • Pavel Begunkov's avatar
      io_uring: disallow self-propelled ring polling · 7fdbc5f0
      Pavel Begunkov authored
      When we post a CQE we wake all ring pollers as it normally should be.
      However, if a CQE was generated by a multishot poll request targeting
      its own ring, it'll wake that request up, which will make it to post
      a new CQE, which will wake the request and so on until it exhausts all
      CQ entries.
      
      Don't allow multishot polling io_uring files but downgrade them to
      oneshots, which was always stated as a correct behaviour that the
      userspace should check for.
      
      Cc: stable@vger.kernel.org
      Fixes: aa43477b ("io_uring: poll rework")
      Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Link: https://lore.kernel.org/r/3124038c0e7474d427538c2d915335ec28c92d21.1668785722.git.asml.silence@gmail.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      7fdbc5f0
    • Mikulas Patocka's avatar
      dm integrity: clear the journal on suspend · 984bf2cc
      Mikulas Patocka authored
      There was a problem that a user burned a dm-integrity image on CDROM
      and could not activate it because it had a non-empty journal.
      
      Fix this problem by flushing the journal (done by the previous commit)
      and clearing the journal (done by this commit). Once the journal is
      cleared, dm-integrity won't attempt to replay it on the next
      activation.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@kernel.org>
      984bf2cc
    • Mikulas Patocka's avatar
      dm integrity: flush the journal on suspend · 5e5dab5e
      Mikulas Patocka authored
      This commit flushes the journal on suspend. It is prerequisite for the
      next commit that enables activating dm integrity devices in read-only mode.
      
      Note that we deliberately didn't flush the journal on suspend, so that the
      journal replay code would be tested. However, the dm-integrity code is 5
      years old now, so that journal replay is well-tested, and we can make this
      change now.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@kernel.org>
      5e5dab5e
    • Zhihao Cheng's avatar
      dm bufio: Fix missing decrement of no_sleep_enabled if dm_bufio_client_create failed · 0dfc1f4c
      Zhihao Cheng authored
      The 'no_sleep_enabled' should be decreased in error handling path
      in dm_bufio_client_create() when the DM_BUFIO_CLIENT_NO_SLEEP flag
      is set, otherwise static_branch_unlikely() will always return true
      even if no dm_bufio_client instances have DM_BUFIO_CLIENT_NO_SLEEP
      flag set.
      
      Cc: stable@vger.kernel.org
      Fixes: 3c1c875d ("dm bufio: conditionally enable branching for DM_BUFIO_CLIENT_NO_SLEEP")
      Signed-off-by: default avatarZhihao Cheng <chengzhihao1@huawei.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@kernel.org>
      0dfc1f4c
    • Mikulas Patocka's avatar
      dm ioctl: fix misbehavior if list_versions races with module loading · 4fe1ec99
      Mikulas Patocka authored
      __list_versions will first estimate the required space using the
      "dm_target_iterate(list_version_get_needed, &needed)" call and then will
      fill the space using the "dm_target_iterate(list_version_get_info,
      &iter_info)" call. Each of these calls locks the targets using the
      "down_read(&_lock)" and "up_read(&_lock)" calls, however between the first
      and second "dm_target_iterate" there is no lock held and the target
      modules can be loaded at this point, so the second "dm_target_iterate"
      call may need more space than what was the first "dm_target_iterate"
      returned.
      
      The code tries to handle this overflow (see the beginning of
      list_version_get_info), however this handling is incorrect.
      
      The code sets "param->data_size = param->data_start + needed" and
      "iter_info.end = (char *)vers+len" - "needed" is the size returned by the
      first dm_target_iterate call; "len" is the size of the buffer allocated by
      userspace.
      
      "len" may be greater than "needed"; in this case, the code will write up
      to "len" bytes into the buffer, however param->data_size is set to
      "needed", so it may write data past the param->data_size value. The ioctl
      interface copies only up to param->data_size into userspace, thus part of
      the result will be truncated.
      
      Fix this bug by setting "iter_info.end = (char *)vers + needed;" - this
      guarantees that the second "dm_target_iterate" call will write only up to
      the "needed" buffer and it will exit with "DM_BUFFER_FULL_FLAG" if it
      overflows the "needed" space - in this case, userspace will allocate a
      larger buffer and retry.
      
      Note that there is also a bug in list_version_get_needed - we need to add
      "strlen(tt->name) + 1" to the needed size, not "strlen(tt->name)".
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@kernel.org>
      4fe1ec99