1. 24 Sep, 2021 3 commits
    • Zhihao Cheng's avatar
      blktrace: Fix uaf in blk_trace access after removing by sysfs · 5afedf67
      Zhihao Cheng authored
      There is an use-after-free problem triggered by following process:
      
            P1(sda)				P2(sdb)
      			echo 0 > /sys/block/sdb/trace/enable
      			  blk_trace_remove_queue
      			    synchronize_rcu
      			    blk_trace_free
      			      relay_close
      rcu_read_lock
      __blk_add_trace
        trace_note_tsk
        (Iterate running_trace_list)
      			        relay_close_buf
      				  relay_destroy_buf
      				    kfree(buf)
          trace_note(sdb's bt)
            relay_reserve
              buf->offset <- nullptr deference (use-after-free) !!!
      rcu_read_unlock
      
      [  502.714379] BUG: kernel NULL pointer dereference, address:
      0000000000000010
      [  502.715260] #PF: supervisor read access in kernel mode
      [  502.715903] #PF: error_code(0x0000) - not-present page
      [  502.716546] PGD 103984067 P4D 103984067 PUD 17592b067 PMD 0
      [  502.717252] Oops: 0000 [#1] SMP
      [  502.720308] RIP: 0010:trace_note.isra.0+0x86/0x360
      [  502.732872] Call Trace:
      [  502.733193]  __blk_add_trace.cold+0x137/0x1a3
      [  502.733734]  blk_add_trace_rq+0x7b/0xd0
      [  502.734207]  blk_add_trace_rq_issue+0x54/0xa0
      [  502.734755]  blk_mq_start_request+0xde/0x1b0
      [  502.735287]  scsi_queue_rq+0x528/0x1140
      ...
      [  502.742704]  sg_new_write.isra.0+0x16e/0x3e0
      [  502.747501]  sg_ioctl+0x466/0x1100
      
      Reproduce method:
        ioctl(/dev/sda, BLKTRACESETUP, blk_user_trace_setup[buf_size=127])
        ioctl(/dev/sda, BLKTRACESTART)
        ioctl(/dev/sdb, BLKTRACESETUP, blk_user_trace_setup[buf_size=127])
        ioctl(/dev/sdb, BLKTRACESTART)
      
        echo 0 > /sys/block/sdb/trace/enable &
        // Add delay(mdelay/msleep) before kernel enters blk_trace_free()
      
        ioctl$SG_IO(/dev/sda, SG_IO, ...)
        // Enters trace_note_tsk() after blk_trace_free() returned
        // Use mdelay in rcu region rather than msleep(which may schedule out)
      
      Remove blk_trace from running_list before calling blk_trace_free() by
      sysfs if blk_trace is at Blktrace_running state.
      
      Fixes: c71a8961 ("blktrace: add ftrace plugin")
      Signed-off-by: default avatarZhihao Cheng <chengzhihao1@huawei.com>
      Link: https://lore.kernel.org/r/20210923134921.109194-1-chengzhihao1@huawei.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      5afedf67
    • Ming Lei's avatar
      block: don't call rq_qos_ops->done_bio if the bio isn't tracked · a647a524
      Ming Lei authored
      rq_qos framework is only applied on request based driver, so:
      
      1) rq_qos_done_bio() needn't to be called for bio based driver
      
      2) rq_qos_done_bio() needn't to be called for bio which isn't tracked,
      such as bios ended from error handling code.
      
      Especially in bio_endio():
      
      1) request queue is referred via bio->bi_bdev->bd_disk->queue, which
      may be gone since request queue refcount may not be held in above two
      cases
      
      2) q->rq_qos may be freed in blk_cleanup_queue() when calling into
      __rq_qos_done_bio()
      
      Fix the potential kernel panic by not calling rq_qos_ops->done_bio if
      the bio isn't tracked. This way is safe because both ioc_rqos_done_bio()
      and blkcg_iolatency_done_bio() are nop if the bio isn't tracked.
      Reported-by: default avatarYu Kuai <yukuai3@huawei.com>
      Cc: tj@kernel.org
      Signed-off-by: default avatarMing Lei <ming.lei@redhat.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Acked-by: default avatarTejun Heo <tj@kernel.org>
      Link: https://lore.kernel.org/r/20210924110704.1541818-1-ming.lei@redhat.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      a647a524
    • Jens Axboe's avatar
      Merge tag 'nvme-5.15-2021-09-24' of git://git.infradead.org/nvme into block-5.15 · 5cad8756
      Jens Axboe authored
      Pull NVMe fixes from Christoph:
      
      "nvme fixes for Linux 5.15:
      
       - keep ctrl->namespaces ordered (me)
       - fix incorrect h2cdata pdu offset accounting in nvme-tcp
         (Sagi Grimberg)
       - handled updated hw_queues in nvme-fc more carefully (Daniel Wagner,
         James Smart)"
      
      * tag 'nvme-5.15-2021-09-24' of git://git.infradead.org/nvme:
        nvme: keep ctrl->namespaces ordered
        nvme-tcp: fix incorrect h2cdata pdu offset accounting
        nvme-fc: remove freeze/unfreeze around update_nr_hw_queues
        nvme-fc: avoid race between time out and tear down
        nvme-fc: update hardware queues before using them
      5cad8756
  2. 22 Sep, 2021 2 commits
  3. 21 Sep, 2021 5 commits
  4. 15 Sep, 2021 6 commits
    • Li Jinlin's avatar
      blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd · 858560b2
      Li Jinlin authored
      KASAN reports a use-after-free report when doing fuzz test:
      
      [693354.104835] ==================================================================
      [693354.105094] BUG: KASAN: use-after-free in bfq_io_set_weight_legacy+0xd3/0x160
      [693354.105336] Read of size 4 at addr ffff888be0a35664 by task sh/1453338
      
      [693354.105607] CPU: 41 PID: 1453338 Comm: sh Kdump: loaded Not tainted 4.18.0-147
      [693354.105610] Hardware name: Huawei 2288H V5/BC11SPSCB0, BIOS 0.81 07/02/2018
      [693354.105612] Call Trace:
      [693354.105621]  dump_stack+0xf1/0x19b
      [693354.105626]  ? show_regs_print_info+0x5/0x5
      [693354.105634]  ? printk+0x9c/0xc3
      [693354.105638]  ? cpumask_weight+0x1f/0x1f
      [693354.105648]  print_address_description+0x70/0x360
      [693354.105654]  kasan_report+0x1b2/0x330
      [693354.105659]  ? bfq_io_set_weight_legacy+0xd3/0x160
      [693354.105665]  ? bfq_io_set_weight_legacy+0xd3/0x160
      [693354.105670]  bfq_io_set_weight_legacy+0xd3/0x160
      [693354.105675]  ? bfq_cpd_init+0x20/0x20
      [693354.105683]  cgroup_file_write+0x3aa/0x510
      [693354.105693]  ? ___slab_alloc+0x507/0x540
      [693354.105698]  ? cgroup_file_poll+0x60/0x60
      [693354.105702]  ? 0xffffffff89600000
      [693354.105708]  ? usercopy_abort+0x90/0x90
      [693354.105716]  ? mutex_lock+0xef/0x180
      [693354.105726]  kernfs_fop_write+0x1ab/0x280
      [693354.105732]  ? cgroup_file_poll+0x60/0x60
      [693354.105738]  vfs_write+0xe7/0x230
      [693354.105744]  ksys_write+0xb0/0x140
      [693354.105749]  ? __ia32_sys_read+0x50/0x50
      [693354.105760]  do_syscall_64+0x112/0x370
      [693354.105766]  ? syscall_return_slowpath+0x260/0x260
      [693354.105772]  ? do_page_fault+0x9b/0x270
      [693354.105779]  ? prepare_exit_to_usermode+0xf9/0x1a0
      [693354.105784]  ? enter_from_user_mode+0x30/0x30
      [693354.105793]  entry_SYSCALL_64_after_hwframe+0x65/0xca
      
      [693354.105875] Allocated by task 1453337:
      [693354.106001]  kasan_kmalloc+0xa0/0xd0
      [693354.106006]  kmem_cache_alloc_node_trace+0x108/0x220
      [693354.106010]  bfq_pd_alloc+0x96/0x120
      [693354.106015]  blkcg_activate_policy+0x1b7/0x2b0
      [693354.106020]  bfq_create_group_hierarchy+0x1e/0x80
      [693354.106026]  bfq_init_queue+0x678/0x8c0
      [693354.106031]  blk_mq_init_sched+0x1f8/0x460
      [693354.106037]  elevator_switch_mq+0xe1/0x240
      [693354.106041]  elevator_switch+0x25/0x40
      [693354.106045]  elv_iosched_store+0x1a1/0x230
      [693354.106049]  queue_attr_store+0x78/0xb0
      [693354.106053]  kernfs_fop_write+0x1ab/0x280
      [693354.106056]  vfs_write+0xe7/0x230
      [693354.106060]  ksys_write+0xb0/0x140
      [693354.106064]  do_syscall_64+0x112/0x370
      [693354.106069]  entry_SYSCALL_64_after_hwframe+0x65/0xca
      
      [693354.106114] Freed by task 1453336:
      [693354.106225]  __kasan_slab_free+0x130/0x180
      [693354.106229]  kfree+0x90/0x1b0
      [693354.106233]  blkcg_deactivate_policy+0x12c/0x220
      [693354.106238]  bfq_exit_queue+0xf5/0x110
      [693354.106241]  blk_mq_exit_sched+0x104/0x130
      [693354.106245]  __elevator_exit+0x45/0x60
      [693354.106249]  elevator_switch_mq+0xd6/0x240
      [693354.106253]  elevator_switch+0x25/0x40
      [693354.106257]  elv_iosched_store+0x1a1/0x230
      [693354.106261]  queue_attr_store+0x78/0xb0
      [693354.106264]  kernfs_fop_write+0x1ab/0x280
      [693354.106268]  vfs_write+0xe7/0x230
      [693354.106271]  ksys_write+0xb0/0x140
      [693354.106275]  do_syscall_64+0x112/0x370
      [693354.106280]  entry_SYSCALL_64_after_hwframe+0x65/0xca
      
      [693354.106329] The buggy address belongs to the object at ffff888be0a35580
                       which belongs to the cache kmalloc-1k of size 1024
      [693354.106736] The buggy address is located 228 bytes inside of
                       1024-byte region [ffff888be0a35580, ffff888be0a35980)
      [693354.107114] The buggy address belongs to the page:
      [693354.107273] page:ffffea002f828c00 count:1 mapcount:0 mapping:ffff888107c17080 index:0x0 compound_mapcount: 0
      [693354.107606] flags: 0x17ffffc0008100(slab|head)
      [693354.107760] raw: 0017ffffc0008100 ffffea002fcbc808 ffffea0030bd3a08 ffff888107c17080
      [693354.108020] raw: 0000000000000000 00000000001c001c 00000001ffffffff 0000000000000000
      [693354.108278] page dumped because: kasan: bad access detected
      
      [693354.108511] Memory state around the buggy address:
      [693354.108671]  ffff888be0a35500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [693354.116396]  ffff888be0a35580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [693354.124473] >ffff888be0a35600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [693354.132421]                                                        ^
      [693354.140284]  ffff888be0a35680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [693354.147912]  ffff888be0a35700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [693354.155281] ==================================================================
      
      blkgs are protected by both queue and blkcg locks and holding
      either should stabilize them. However, the path of destroying
      blkg policy data is only protected by queue lock in
      blkcg_activate_policy()/blkcg_deactivate_policy(). Other tasks
      can get the blkg policy data before the blkg policy data is
      destroyed, and use it after destroyed, which will result in a
      use-after-free.
      
      CPU0                             CPU1
      blkcg_deactivate_policy
        spin_lock_irq(&q->queue_lock)
                                       bfq_io_set_weight_legacy
                                         spin_lock_irq(&blkcg->lock)
                                         blkg_to_bfqg(blkg)
                                           pd_to_bfqg(blkg->pd[pol->plid])
                                           ^^^^^^blkg->pd[pol->plid] != NULL
                                                 bfqg != NULL
        pol->pd_free_fn(blkg->pd[pol->plid])
          pd_to_bfqg(blkg->pd[pol->plid])
          bfqg_put(bfqg)
            kfree(bfqg)
        blkg->pd[pol->plid] = NULL
        spin_unlock_irq(q->queue_lock);
                                         bfq_group_set_weight(bfqg, val, 0)
                                           bfqg->entity.new_weight
                                           ^^^^^^trigger uaf here
                                         spin_unlock_irq(&blkcg->lock);
      
      Fix by grabbing the matching blkcg lock before trying to
      destroy blkg policy data.
      Suggested-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarLi Jinlin <lijinlin3@huawei.com>
      Acked-by: default avatarTejun Heo <tj@kernel.org>
      Link: https://lore.kernel.org/r/20210914042605.3260596-1-lijinlin3@huawei.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      858560b2
    • Yanfei Xu's avatar
      blkcg: fix memory leak in blk_iolatency_init · 6f5ddde4
      Yanfei Xu authored
      BUG: memory leak
      unreferenced object 0xffff888129acdb80 (size 96):
        comm "syz-executor.1", pid 12661, jiffies 4294962682 (age 15.220s)
        hex dump (first 32 bytes):
          20 47 c9 85 ff ff ff ff 20 d4 8e 29 81 88 ff ff   G...... ..)....
          01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        backtrace:
          [<ffffffff82264ec8>] kmalloc include/linux/slab.h:591 [inline]
          [<ffffffff82264ec8>] kzalloc include/linux/slab.h:721 [inline]
          [<ffffffff82264ec8>] blk_iolatency_init+0x28/0x190 block/blk-iolatency.c:724
          [<ffffffff8225b8c4>] blkcg_init_queue+0xb4/0x1c0 block/blk-cgroup.c:1185
          [<ffffffff822253da>] blk_alloc_queue+0x22a/0x2e0 block/blk-core.c:566
          [<ffffffff8223b175>] blk_mq_init_queue_data block/blk-mq.c:3100 [inline]
          [<ffffffff8223b175>] __blk_mq_alloc_disk+0x25/0xd0 block/blk-mq.c:3124
          [<ffffffff826a9303>] loop_add+0x1c3/0x360 drivers/block/loop.c:2344
          [<ffffffff826a966e>] loop_control_get_free drivers/block/loop.c:2501 [inline]
          [<ffffffff826a966e>] loop_control_ioctl+0x17e/0x2e0 drivers/block/loop.c:2516
          [<ffffffff81597eec>] vfs_ioctl fs/ioctl.c:51 [inline]
          [<ffffffff81597eec>] __do_sys_ioctl fs/ioctl.c:874 [inline]
          [<ffffffff81597eec>] __se_sys_ioctl fs/ioctl.c:860 [inline]
          [<ffffffff81597eec>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860
          [<ffffffff843fa745>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
          [<ffffffff843fa745>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
          [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      Once blk_throtl_init() queue init failed, blkcg_iolatency_exit() will
      not be invoked for cleanup. That leads a memory leak. Swap the
      blk_throtl_init() and blk_iolatency_init() calls can solve this.
      
      Reported-by: syzbot+01321b15cc98e6bf96d6@syzkaller.appspotmail.com
      Fixes: 19688d7f (block/blk-cgroup: Swap the blk_throtl_init() and blk_iolatency_init() calls)
      Signed-off-by: default avatarYanfei Xu <yanfei.xu@windriver.com>
      Acked-by: default avatarTejun Heo <tj@kernel.org>
      Link: https://lore.kernel.org/r/20210915072426.4022924-1-yanfei.xu@windriver.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      6f5ddde4
    • Jens Axboe's avatar
      Merge tag 'nvme-5.15-2021-09-15' of git://git.infradead.org/nvme into block-5.15 · 65ed1e69
      Jens Axboe authored
      Pull NVMe fixes from Christoph:
      
      "nvme fixes for Linux 5.15
      
       - fix ANA state updates when a namespace is not present (Anton Eidelman)
       - nvmet: fix a width vs precision bug in nvmet_subsys_attr_serial_show
         (Dan Carpenter)
       - avoid race in shutdown namespace removal (Daniel Wagner)
       - fix io_work priority inversion in nvme-tcp (Keith Busch)
       - destroy cm id before destroy qp to avoid use after free (Ruozhu Li)"
      
      * tag 'nvme-5.15-2021-09-15' of git://git.infradead.org/nvme:
        nvme-tcp: fix io_work priority inversion
        nvme-rdma: destroy cm id before destroy qp to avoid use after free
        nvme-multipath: fix ANA state updates when a namespace is not present
        nvme: avoid race in shutdown namespace removal
        nvmet: fix a width vs precision bug in nvmet_subsys_attr_serial_show()
      65ed1e69
    • Christoph Hellwig's avatar
      nvme: remove the call to nvme_update_disk_info in nvme_ns_remove · 9da4c727
      Christoph Hellwig authored
      There is no need to explicitly unregister the integrity profile when
      deleting the gendisk.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
      Link: https://lore.kernel.org/r/20210914070657.87677-4-hch@lst.deSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      9da4c727
    • Lihong Kou's avatar
      block: flush the integrity workqueue in blk_integrity_unregister · 3df49967
      Lihong Kou authored
      When the integrity profile is unregistered there can still be integrity
      reads queued up which could see a NULL verify_fn as shown by the race
      window below:
      
      CPU0                                    CPU1
        process_one_work                      nvme_validate_ns
          bio_integrity_verify_fn                nvme_update_ns_info
      	                                     nvme_update_disk_info
      	                                       blk_integrity_unregister
                                                     ---set queue->integrity as 0
      	bio_integrity_process
      	--access bi->profile->verify_fn(bi is a pointer of queue->integity)
      
      Before calling blk_integrity_unregister in nvme_update_disk_info, we must
      make sure that there is no work item in the kintegrityd_wq. Just call
      blk_flush_integrity to flush the work queue so the bug can be resolved.
      Signed-off-by: default avatarLihong Kou <koulihong@huawei.com>
      [hch: split up and shortened the changelog]
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
      Link: https://lore.kernel.org/r/20210914070657.87677-3-hch@lst.deSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      3df49967
    • Christoph Hellwig's avatar
      block: check if a profile is actually registered in blk_integrity_unregister · 783a40a1
      Christoph Hellwig authored
      While clearing the profile itself is harmless, we really should not clear
      the stable writes flag if it wasn't set due to a registered integrity
      profile.
      Reported-by: default avatarLihong Kou <koulihong@huawei.com>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
      Link: https://lore.kernel.org/r/20210914070657.87677-2-hch@lst.deSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      783a40a1
  5. 14 Sep, 2021 3 commits
  6. 13 Sep, 2021 3 commits
  7. 12 Sep, 2021 12 commits
    • Linus Torvalds's avatar
      Linux 5.15-rc1 · 6880fa6c
      Linus Torvalds authored
      6880fa6c
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-for-v5.15-2021-09-11' of... · b5b65f13
      Linus Torvalds authored
      Merge tag 'perf-tools-for-v5.15-2021-09-11' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull more perf tools updates from Arnaldo Carvalho de Melo:
      
       - Add missing fields and remove some duplicate fields when printing a
         perf_event_attr.
      
       - Fix hybrid config terms list corruption.
      
       - Update kernel header copies, some resulted in new kernel features
         being automagically added to 'perf trace' syscall/tracepoint argument
         id->string translators.
      
       - Add a file generated during the documentation build to .gitignore.
      
       - Add an option to build without libbfd, as some distros, like Debian
         consider its ABI unstable.
      
       - Add support to print a textual representation of IBS raw sample data
         in 'perf report'.
      
       - Fix bpf 'perf test' sample mismatch reporting
      
       - Fix passing arguments to stackcollapse report in a 'perf script'
         python script.
      
       - Allow build-id with trailing zeros.
      
       - Look for ImageBase in PE file to compute .text offset.
      
      * tag 'perf-tools-for-v5.15-2021-09-11' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: (25 commits)
        tools headers UAPI: Update tools's copy of drm.h headers
        tools headers UAPI: Sync drm/i915_drm.h with the kernel sources
        tools headers UAPI: Sync linux/fs.h with the kernel sources
        tools headers UAPI: Sync linux/in.h copy with the kernel sources
        perf tools: Add an option to build without libbfd
        perf tools: Allow build-id with trailing zeros
        perf tools: Fix hybrid config terms list corruption
        perf tools: Factor out copy_config_terms() and free_config_terms()
        perf tools: Fix perf_event_attr__fprintf() missing/dupl. fields
        perf tools: Ignore Documentation dependency file
        perf bpf: Provide a weak btf__load_from_kernel_by_id() for older libbpf versions
        tools include UAPI: Update linux/mount.h copy
        perf beauty: Cover more flags in the  move_mount syscall argument beautifier
        tools headers UAPI: Sync linux/prctl.h with the kernel sources
        tools include UAPI: Sync sound/asound.h copy with the kernel sources
        tools headers UAPI: Sync linux/kvm.h with the kernel sources
        tools headers UAPI: Sync x86's asm/kvm.h with the kernel sources
        perf report: Add support to print a textual representation of IBS raw sample data
        perf report: Add tools/arch/x86/include/asm/amd-ibs.h
        perf env: Add perf_env__cpuid, perf_env__{nr_}pmu_mappings
        ...
      b5b65f13
    • Linus Torvalds's avatar
      Merge tag 'compiler-attributes-for-linus-v5.15-rc1-v2' of git://github.com/ojeda/linux · c3e46874
      Linus Torvalds authored
      Pull compiler attributes updates from Miguel Ojeda:
      
       - Fix __has_attribute(__no_sanitize_coverage__) for GCC 4 (Marco Elver)
      
       - Add Nick as Reviewer for compiler_attributes.h (Nick Desaulniers)
      
       - Move __compiletime_{error|warning} (Nick Desaulniers)
      
      * tag 'compiler-attributes-for-linus-v5.15-rc1-v2' of git://github.com/ojeda/linux:
        compiler_attributes.h: move __compiletime_{error|warning}
        MAINTAINERS: add Nick as Reviewer for compiler_attributes.h
        Compiler Attributes: fix __has_attribute(__no_sanitize_coverage__) for GCC 4
      c3e46874
    • Linus Torvalds's avatar
      Merge tag 'auxdisplay-for-linus-v5.15-rc1' of git://github.com/ojeda/linux · d41adc4e
      Linus Torvalds authored
      Pull auxdisplay updates from Miguel Ojeda:
       "An assortment of improvements for auxdisplay:
      
         - Replace symbolic permissions with octal permissions (Jinchao Wang)
      
         - ks0108: Switch to use module_parport_driver() (Andy Shevchenko)
      
         - charlcd: Drop unneeded initializers and switch to C99 style (Andy
           Shevchenko)
      
         - hd44780: Fix oops on module unloading (Lars Poeschel)
      
         - Add I2C gpio expander example (Ralf Schlatterbeck)"
      
      * tag 'auxdisplay-for-linus-v5.15-rc1' of git://github.com/ojeda/linux:
        auxdisplay: Replace symbolic permissions with octal permissions
        auxdisplay: ks0108: Switch to use module_parport_driver()
        auxdisplay: charlcd: Drop unneeded initializers and switch to C99 style
        auxdisplay: hd44780: Fix oops on module unloading
        auxdisplay: Add I2C gpio expander example
      d41adc4e
    • Linus Torvalds's avatar
      Merge tag 'smp-urgent-2021-09-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · f306b90c
      Linus Torvalds authored
      Pull CPU hotplug updates from Thomas Gleixner:
       "Updates for the SMP and CPU hotplug:
      
         - Remove DEFINE_SMP_CALL_CACHE_FUNCTION() which is a left over of the
           original hotplug code and now causing trouble with the ARM64 cache
           topology setup due to the pointless SMP function call.
      
           It's not longer required as the hotplug callbacks are guaranteed to
           be invoked on the upcoming CPU.
      
         - Remove the deprecated and now unused CPU hotplug functions
      
         - Rewrite the CPU hotplug API documentation"
      
      * tag 'smp-urgent-2021-09-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        Documentation: core-api/cpuhotplug: Rewrite the API section
        cpu/hotplug: Remove deprecated CPU-hotplug functions.
        thermal: Replace deprecated CPU-hotplug functions.
        drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
      f306b90c
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.15-rc1-lkdtm' of... · d8e988b6
      Linus Torvalds authored
      Merge tag 'char-misc-5.15-rc1-lkdtm' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
      
      Pull misc driver fix from Greg KH:
       "Here is a single patch for 5.15-rc1, for the lkdtm misc driver.
      
        It resolves a build issue that many people were hitting with your
        current tree, and Kees and others felt would be good to get merged
        before -rc1 comes out, to prevent them from having to constantly hit
        it as many development trees restart on -rc1, not older -rc releases.
      
        It has NOT been in linux-next, but has passed 0-day testing and looks
        'obviously correct' when reviewing it locally :)"
      
      * tag 'char-misc-5.15-rc1-lkdtm' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        lkdtm: Use init_uts_ns.name instead of macros
      d8e988b6
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.15-1' of git://github.com/cminyard/linux-ipmi · 1791596b
      Linus Torvalds authored
      Pull IPMI updates from Corey Minyard:
       "A couple of very minor fixes for style and rate limiting.
      
        Nothing big, but probably needs to go in"
      
      * tag 'for-linus-5.15-1' of git://github.com/cminyard/linux-ipmi:
        char: ipmi: use DEVICE_ATTR helper macro
        ipmi: rate limit ipmi smi_event failure message
      1791596b
    • Linus Torvalds's avatar
      Merge tag 'sched_urgent_for_v5.15_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 56c24438
      Linus Torvalds authored
      Pull scheduler fixes from Borislav Petkov:
      
       - Make sure the idle timer expires in hardirq context, on PREEMPT_RT
      
       - Make sure the run-queue balance callback is invoked only on the
         outgoing CPU
      
      * tag 'sched_urgent_for_v5.15_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched: Prevent balance_push() on remote runqueues
        sched/idle: Make the idle timer expire in hard interrupt context
      56c24438
    • Linus Torvalds's avatar
      Merge tag 'locking_urgent_for_v5.15_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 165d05d8
      Linus Torvalds authored
      Pull locking fixes from Borislav Petkov:
      
       - Fix the futex PI requeue machinery to not return to userspace in
         inconsistent state
      
       - Avoid a potential null pointer dereference in the ww_mutex deadlock
         check
      
       - Other smaller cleanups and optimizations
      
      * tag 'locking_urgent_for_v5.15_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/rtmutex: Fix ww_mutex deadlock check
        futex: Remove unused variable 'vpid' in futex_proxy_trylock_atomic()
        futex: Avoid redundant task lookup
        futex: Clarify comment for requeue_pi_wake_futex()
        futex: Prevent inconsistent state and exit race
        futex: Return error code instead of assigning it without effect
        locking/rwsem: Add missing __init_rwsem() for PREEMPT_RT
      165d05d8
    • Linus Torvalds's avatar
      Merge tag 'timers_urgent_for_v5.15_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7bf31426
      Linus Torvalds authored
      Pull timer fix from Borislav Petkov:
      
       - Handle negative second values properly when converting a timespec64
         to nanoseconds.
      
      * tag 'timers_urgent_for_v5.15_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        time: Handle negative seconds correctly in timespec64_to_ns()
      7bf31426
    • Linus Torvalds's avatar
      Merge branch 'misc.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · fdfc3463
      Linus Torvalds authored
      Pull namei updates from Al Viro:
       "Clearing fallout from mkdirat in io_uring series. The fix in the
        kern_path_locked() patch plus associated cleanups"
      
      * 'misc.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        putname(): IS_ERR_OR_NULL() is wrong here
        namei: Standardize callers of filename_create()
        namei: Standardize callers of filename_lookup()
        rename __filename_parentat() to filename_parentat()
        namei: Fix use after free in kern_path_locked
      fdfc3463
    • Linus Torvalds's avatar
      Merge tag '5.15-rc-cifs-part2' of git://git.samba.org/sfrench/cifs-2.6 · 8d4a0b5d
      Linus Torvalds authored
      Pull smbfs updates from Steve French:
       "cifs/smb3 updates:
      
         - DFS reconnect fix
      
         - begin creating common headers for server and client
      
         - rename the cifs_common directory to smbfs_common to be more
           consistent ie change use of the name cifs to smb (smb3 or smbfs is
           more accurate, as the very old cifs dialect has long been
           superseded by smb3 dialects).
      
        In the future we can rename the fs/cifs directory to fs/smbfs.
      
        This does not include the set of multichannel fixes nor the two
        deferred close fixes (they are still being reviewed and tested)"
      
      * tag '5.15-rc-cifs-part2' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: properly invalidate cached root handle when closing it
        cifs: move SMB FSCTL definitions to common code
        cifs: rename cifs_common to smbfs_common
        cifs: update FSCTL definitions
      8d4a0b5d
  8. 11 Sep, 2021 6 commits
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 78e70952
      Linus Torvalds authored
      Pull virtio updates from Michael Tsirkin:
      
       - vduse driver ("vDPA Device in Userspace") supporting emulated virtio
         block devices
      
       - virtio-vsock support for end of record with SEQPACKET
      
       - vdpa: mac and mq support for ifcvf and mlx5
      
       - vdpa: management netlink for ifcvf
      
       - virtio-i2c, gpio dt bindings
      
       - misc fixes and cleanups
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: (39 commits)
        Documentation: Add documentation for VDUSE
        vduse: Introduce VDUSE - vDPA Device in Userspace
        vduse: Implement an MMU-based software IOTLB
        vdpa: Support transferring virtual addressing during DMA mapping
        vdpa: factor out vhost_vdpa_pa_map() and vhost_vdpa_pa_unmap()
        vdpa: Add an opaque pointer for vdpa_config_ops.dma_map()
        vhost-iotlb: Add an opaque pointer for vhost IOTLB
        vhost-vdpa: Handle the failure of vdpa_reset()
        vdpa: Add reset callback in vdpa_config_ops
        vdpa: Fix some coding style issues
        file: Export receive_fd() to modules
        eventfd: Export eventfd_wake_count to modules
        iova: Export alloc_iova_fast() and free_iova_fast()
        virtio-blk: remove unneeded "likely" statements
        virtio-balloon: Use virtio_find_vqs() helper
        vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro
        vsock_test: update message bounds test for MSG_EOR
        af_vsock: rename variables in receive loop
        virtio/vsock: support MSG_EOR bit processing
        vhost/vsock: support MSG_EOR bit processing
        ...
      78e70952
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-5.15-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · b79bd0d5
      Linus Torvalds authored
      Pull more RISC-V updates from Palmer Dabbelt:
      
       - A pair of defconfig additions, for NVMe and the EFI filesystem
         localization options.
      
       - A larger address space for stack randomization.
      
       - A cleanup to our install rules.
      
       - A DTS update for the Microchip Icicle board, to fix the serial
         console.
      
       - Support for build-time table sorting, which allows us to have
         __ex_table read-only.
      
      * tag 'riscv-for-linus-5.15-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: Move EXCEPTION_TABLE to RO_DATA segment
        riscv: Enable BUILDTIME_TABLE_SORT
        riscv: dts: microchip: mpfs-icicle: Fix serial console
        riscv: move the (z)install rules to arch/riscv/Makefile
        riscv: Improve stack randomisation on RV64
        riscv: defconfig: enable NLS_CODEPAGE_437, NLS_ISO8859_1
        riscv: defconfig: enable BLK_DEV_NVME
      b79bd0d5
    • Linus Torvalds's avatar
      Merge branch 'for-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux · 4e1c7544
      Linus Torvalds authored
      Pull coccinelle updates from Julia Lawall:
       "These changes update some existing semantic patches with
        respect to some recent changes in the kernel.
      
        Specifically, the change to kvmalloc.cocci searches for
        kfree_sensitive rather than kzfree, and the change to
        use_after_iter.cocci adds list_entry_is_head as a valid
        use of a list iterator index variable after the end of
        the loop"
      
      * 'for-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux:
        scripts: coccinelle: allow list_entry_is_head() to use pos
        coccinelle: api: rename kzfree to kfree_sensitive
      4e1c7544
    • Arnaldo Carvalho de Melo's avatar
      tools headers UAPI: Update tools's copy of drm.h headers · 17a99e52
      Arnaldo Carvalho de Melo authored
      Picking the changes from:
      
        17ce9c61 ("drm: document DRM_IOCTL_MODE_RMFB")
      
      Doesn't result in any tooling changes:
      
        $ tools/perf/trace/beauty/drm_ioctl.sh  > before
        $ cp include/uapi/drm/drm.h tools/include/uapi/drm/drm.h
        $ tools/perf/trace/beauty/drm_ioctl.sh  > after
        $ diff -u before after
      
      Silencing these perf build warnings:
      
        Warning: Kernel ABI header at 'tools/include/uapi/drm/drm.h' differs from latest version at 'include/uapi/drm/drm.h'
        diff -u tools/include/uapi/drm/drm.h include/uapi/drm/drm.h
      
      Cc: Simon Ser <contact@emersion.fr>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      17a99e52
    • Arnaldo Carvalho de Melo's avatar
      tools headers UAPI: Sync drm/i915_drm.h with the kernel sources · 4dc24d7c
      Arnaldo Carvalho de Melo authored
      To pick the changes in:
      
        b65a9489 ("drm/i915/userptr: Probe existence of backing struct pages upon creation")
        ee242ca7 ("drm/i915/guc: Implement GuC priority management")
        81340cf3 ("drm/i915/uapi: reject set_domain for discrete")
        7961c5b6 ("drm/i915: Add TTM offset argument to mmap.")
        aef7b67a ("drm/i915/uapi: convert drm_i915_gem_userptr to kernel doc")
        e7737b67 ("drm/i915/uapi: reject caching ioctls for discrete")
        3aa8c57f ("drm/i915/uapi: convert drm_i915_gem_set_domain to kernel doc")
        289f5a72 ("drm/i915/uapi: convert drm_i915_gem_caching to kernel doc")
        4a766ae4 ("drm/i915: Drop the CONTEXT_CLONE API (v2)")
        6ff6d61d ("drm/i915: Drop I915_CONTEXT_PARAM_NO_ZEROMAP")
        fe4751c3 ("drm/i915: Drop I915_CONTEXT_PARAM_RINGSIZE")
        57772953 ("drm/i915: Document the Virtual Engine uAPI")
        c649432e ("drm/i915: Fix busy ioctl commentary")
      
      That doesn't result in any changes to tooling as no new ioctl were
      added (at least not perceived by tools/perf/trace/beauty/drm_ioctl.sh).
      
      Addressing this perf build warning:
      
        Warning: Kernel ABI header at 'tools/include/uapi/drm/i915_drm.h' differs from latest version at 'include/uapi/drm/i915_drm.h'
        diff -u tools/include/uapi/drm/i915_drm.h include/uapi/drm/i915_drm.h
      
      Cc: Chris Wilson <chris@chris-wilson.co.uk>
      Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
      Cc: Jason Ekstrand <jason@jlekstrand.net>
      Cc: John Harrison <John.C.Harrison@Intel.com>
      Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
      Cc: Matthew Auld <matthew.auld@intel.com>
      Cc: Matthew Brost <matthew.brost@intel.com>
      Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      4dc24d7c
    • Arnaldo Carvalho de Melo's avatar
      tools headers UAPI: Sync linux/fs.h with the kernel sources · 2bae3e64
      Arnaldo Carvalho de Melo authored
      To pick the change in:
      
        7957d93b ("block: add ioctl to read the disk sequence number")
      
      It adds a new ioctl, but we are still not using that to generate tables
      for 'perf trace', so no changes in tooling.
      
      This silences this perf build warning:
      
        Warning: Kernel ABI header at 'tools/include/uapi/linux/fs.h' differs from latest version at 'include/uapi/linux/fs.h'
        diff -u tools/include/uapi/linux/fs.h include/uapi/linux/fs.h
      
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: Matteo Croce <mcroce@microsoft.com>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      2bae3e64