1. 06 Jan, 2023 13 commits
    • Linus Torvalds's avatar
      hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling · cb7a95af
      Linus Torvalds authored
      Commit 55d1cbbb ("hfs/hfsplus: use WARN_ON for sanity check") fixed
      a build warning by turning a comment into a WARN_ON(), but it turns out
      that syzbot then complains because it can trigger said warning with a
      corrupted hfs image.
      
      The warning actually does warn about a bad situation, but we are much
      better off just handling it as the error it is.  So rather than warn
      about us doing bad things, stop doing the bad things and return -EIO.
      
      While at it, also fix a memory leak that was introduced by an earlier
      fix for a similar syzbot warning situation, and add a check for one case
      that historically wasn't handled at all (ie neither comment nor
      subsequent WARN_ON).
      
      Reported-by: syzbot+7bb7cd3595533513a9e7@syzkaller.appspotmail.com
      Fixes: 55d1cbbb ("hfs/hfsplus: use WARN_ON for sanity check")
      Fixes: 8d824e69 ("hfs: fix OOB Read in __hfs_brec_find")
      Link: https://lore.kernel.org/lkml/000000000000dbce4e05f170f289@google.com/Tested-by: default avatarMichael Schmitz <schmitzmic@gmail.com>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Viacheslav Dubeyko <slava@dubeyko.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cb7a95af
    • Linus Torvalds's avatar
      Merge tag 'block-2023-01-06' of git://git.kernel.dk/linux · a689b938
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "The big change here is obviously the revert of the pktcdvd driver
        removal. Outside of that, just minor tweaks. In detail:
      
         - Re-instate the pktcdvd driver, which necessitates adding back
           bio_copy_data_iter() and the fops->devnode() hook for now (me)
      
         - Fix for splitting of a bio marked as NOWAIT, causing either nowait
           reads or writes to error with EAGAIN even if parts of the IO
           completed (me)
      
         - Fix for ublk, punting management commands to io-wq as they can all
           easily block for extended periods of time (Ming)
      
         - Removal of SRCU dependency for the block layer (Paul)"
      
      * tag 'block-2023-01-06' of git://git.kernel.dk/linux:
        block: Remove "select SRCU"
        Revert "pktcdvd: remove driver."
        Revert "block: remove devnode callback from struct block_device_operations"
        Revert "block: bio_copy_data_iter"
        ublk: honor IO_URING_F_NONBLOCK for handling control command
        block: don't allow splitting of a REQ_NOWAIT bio
        block: handle bio_split_to_limits() NULL return
      a689b938
    • Linus Torvalds's avatar
      Merge tag 'io_uring-2023-01-06' of git://git.kernel.dk/linux · ef1a4a77
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "A few minor fixes that should go into the 6.2 release:
      
         - Fix for a memory leak in io-wq worker creation, if we ultimately
           end up canceling the worker creation before it gets created (me)
      
         - lockdep annotations for the CQ locking (Pavel)
      
         - A regression fix for CQ timeout handling (Pavel)
      
         - Ring pinning around deferred task_work fix (Pavel)
      
         - A trivial member move in struct io_ring_ctx, saving us some memory
           (me)"
      
      * tag 'io_uring-2023-01-06' of git://git.kernel.dk/linux:
        io_uring: fix CQ waiting timeout handling
        io_uring: move 'poll_multi_queue' bool in io_ring_ctx
        io_uring: lockdep annotate CQ locking
        io_uring: pin context while queueing deferred tw
        io_uring/io-wq: free worker if task_work creation is canceled
      ef1a4a77
    • Linus Torvalds's avatar
      Merge tag 'tif-notify-signal-2023-01-06' of git://git.kernel.dk/linux · 93387d49
      Linus Torvalds authored
      Pull arm TIF_NOTIFY_SIGNAL fixup from Jens Axboe:
       "Hui Tang reported a performance regressions with _TIF_WORK_MASK in
        newer kernels, which he tracked to a change that went into 5.11. After
        this change, we'll call do_work_pending() more often than we need to,
        because we're now testing bits 0..15 rather than just 0..7.
      
        Shuffle the bits around to avoid this"
      
      * tag 'tif-notify-signal-2023-01-06' of git://git.kernel.dk/linux:
        ARM: renumber bits related to _TIF_WORK_MASK
      93387d49
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-6.2-rc3' of https://github.com/ceph/ceph-client · 5c1a712f
      Linus Torvalds authored
      Pull ceph fixes from Ilya Dryomov:
       "Two file locking fixes from Xiubo"
      
      * tag 'ceph-for-6.2-rc3' of https://github.com/ceph/ceph-client:
        ceph: avoid use-after-free in ceph_fl_release_lock()
        ceph: switch to vfs_inode_has_locks() to fix file lock bug
      5c1a712f
    • Linus Torvalds's avatar
      Merge tag 'fixes_for_v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · 7b8c854c
      Linus Torvalds authored
      Pull UDF fixes from Jan Kara:
       "Two fixups of the UDF changes that went into 6.2-rc1"
      
      * tag 'fixes_for_v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        udf: initialize newblock to 0
        udf: Fix extension of the last extent in the file
      7b8c854c
    • Linus Torvalds's avatar
      Merge tag 'for-6.2-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · fc7b76c4
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "A few more regression and regular fixes:
      
         - regressions:
             - fix assertion condition using = instead of ==
             - fix false alert on bad tree level check
             - fix off-by-one error in delalloc search during lseek
      
         - fix compat ro feature check at read-write remount
      
         - handle case when read-repair happens with ongoing device replace
      
         - updated error messages"
      
      * tag 'for-6.2-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: fix compat_ro checks against remount
        btrfs: always report error in run_one_delayed_ref()
        btrfs: handle case when repair happens with dev-replace
        btrfs: fix off-by-one in delalloc search during lseek
        btrfs: fix false alert on bad tree level check
        btrfs: add error message for metadata level mismatch
        btrfs: fix ASSERT em->len condition in btrfs_get_extent
      fc7b76c4
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · a389e546
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - use the correct mask for c.jr/c.jalr when decoding instructions
      
       - build fix for get_user() to avoid a sparse warning
      
      * tag 'riscv-for-linus-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: uaccess: fix type of 0 variable on error in get_user()
        riscv, kprobes: Stricter c.jr/c.jalr decoding
      a389e546
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of... · 56f81458
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tools fixes from Arnaldo Carvalho de Melo:
      
       - Fix segfault when trying to process tracepoints present in a
         perf.data file and not linked with libtraceevent.
      
       - Fix build on uClibc systems by adding missing sys/types.h include,
         that was being obtained indirectly which stopped being the case when
         tools/lib/traceevent was removed.
      
       - Don't show commands in 'perf help' that depend on linking with
         libtraceevent when not building with that library, which is now a
         possibility since we no longer ship a copy in tools/lib/traceevent.
      
       - Fix failure in 'perf test' entry testing the combination of 'perf
         probe' user space function + 'perf record' + 'perf script' where it
         expects a backtrace leading to glibc's inet_pton() from 'ping' that
         now happens more than once with glibc 2.35 for IPv6 addreses.
      
       - Fix for the inet_pton perf test on s/390 where
         'text_to_binary_address' now appears on the backtrace.
      
       - Fix build error on riscv due to missing header for 'struct
         perf_sample'.
      
       - Fix 'make -C tools perf_install' install variant by not propagating
         the 'subdir' to submakes for the 'install_headers' targets.
      
       - Fix handling of unsupported cgroup events when using BPF counters in
         'perf stat'.
      
       - Count all cgroups, not just the last one when using 'perf stat' and
         combining --for-each-cgroup with --bpf-counters.
      
         This makes the output using BPF counters match the output without
         using it, which was the intention all along, the output should be the
         same using --bpf-counters or not.
      
       - Fix 'perf lock contention' core dump related to not finding the
         "__sched_text_end" symbol on s/390.
      
       - Fix build failure when HEAD is signed: exclude the signature from the
         version string.
      
       - Add missing closedir() calls to in perf_data__open_dir(), plugging a
         fd leak.
      
      * tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf tools: Fix build on uClibc systems by adding missing sys/types.h include
        perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match non BPF mode
        perf stat: Fix handling of unsupported cgroup events when using BPF counters
        perf test record_probe_libc_inet_pton: Fix test on s/390 where 'text_to_binary_address' now appears on the backtrace
        perf lock contention: Fix core dump related to not finding the "__sched_text_end" symbol on s/390
        perf build: Don't propagate subdir to submakes for install_headers
        perf test record_probe_libc_inet_pton: Fix failure due to extra inet_pton() backtrace in glibc >= 2.35
        perf tools: Fix segfault when trying to process tracepoints in perf.data and not linked with libtraceevent
        perf tools: Don't include signature in version strings
        perf help: Use HAVE_LIBTRACEEVENT to filter out unsupported commands
        perf tools riscv: Fix build error on riscv due to missing header for 'struct perf_sample'
        perf tools: Fix resources leak in perf_data__open_dir()
      56f81458
    • Linus Torvalds's avatar
      Merge tag 'perf-urgent-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d7a0853d
      Linus Torvalds authored
      Pull perf fix from Ingo Molnar:
       "Intel RAPL updates for new model IDs"
      
      * tag 'perf-urgent-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/rapl: Add support for Intel Emerald Rapids
        perf/x86/rapl: Add support for Intel Meteor Lake
        perf/x86/rapl: Treat Tigerlake like Icelake
      d7a0853d
    • Linus Torvalds's avatar
      Merge tag 'v6.2-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 90bc52c5
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes a CFI crash in arm64/sm4 as well as a regression in the
        caam driver"
      
      * tag 'v6.2-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: arm64/sm4 - fix possible crash with CFI enabled
        crypto: caam - fix CAAM io mem access in blob_gen
      90bc52c5
    • Tom Rix's avatar
      udf: initialize newblock to 0 · 23970a1c
      Tom Rix authored
      The clang build reports this error
      fs/udf/inode.c:805:6: error: variable 'newblock' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
              if (*err < 0)
                  ^~~~~~~~
      newblock is never set before error handling jump.
      Initialize newblock to 0 and remove redundant settings.
      
      Fixes: d8b39db5fab8 ("udf: Handle error when adding extent to a file")
      Reported-by: default avatarNathan Chancellor <nathan@kernel.org>
      Signed-off-by: default avatarTom Rix <trix@redhat.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Message-Id: <20221230175341.1629734-1-trix@redhat.com>
      23970a1c
    • Jan Kara's avatar
      udf: Fix extension of the last extent in the file · 83c7423d
      Jan Kara authored
      When extending the last extent in the file within the last block, we
      wrongly computed the length of the last extent. This is mostly a
      cosmetical problem since the extent does not contain any data and the
      length will be fixed up by following operations but still.
      
      Fixes: 1f3868f0 ("udf: Fix extending file within last block")
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      83c7423d
  2. 05 Jan, 2023 15 commits
    • Linus Torvalds's avatar
      Merge tag 'thermal-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 1f5abbd7
      Linus Torvalds authored
      Pull thermal control fix from Rafael Wysocki:
       "Add a missing sysfs attribute to the int340x thermal driver (Srinivas
        Pandruvada)"
      
      * tag 'thermal-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        thermal: int340x: Add missing attribute for data rate base
      1f5abbd7
    • Linus Torvalds's avatar
      Merge tag 'net-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 50011c32
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bpf, wifi, and netfilter.
      
        Current release - regressions:
      
         - bpf: fix nullness propagation for reg to reg comparisons, avoid
           null-deref
      
         - inet: control sockets should not use current thread task_frag
      
         - bpf: always use maximal size for copy_array()
      
         - eth: bnxt_en: don't link netdev to a devlink port for VFs
      
        Current release - new code bugs:
      
         - rxrpc: fix a couple of potential use-after-frees
      
         - netfilter: conntrack: fix IPv6 exthdr error check
      
         - wifi: iwlwifi: fw: skip PPAG for JF, avoid FW crashes
      
         - eth: dsa: qca8k: various fixes for the in-band register access
      
         - eth: nfp: fix schedule in atomic context when sync mc address
      
         - eth: renesas: rswitch: fix getting mac address from device tree
      
         - mobile: ipa: use proper endpoint mask for suspend
      
        Previous releases - regressions:
      
         - tcp: add TIME_WAIT sockets in bhash2, fix regression caught by
           Jiri / python tests
      
         - net: tc: don't intepret cls results when asked to drop, fix
           oob-access
      
         - vrf: determine the dst using the original ifindex for multicast
      
         - eth: bnxt_en:
            - fix XDP RX path if BPF adjusted packet length
            - fix HDS (header placement) and jumbo thresholds for RX packets
      
         - eth: ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf,
           avoid memory corruptions
      
        Previous releases - always broken:
      
         - ulp: prevent ULP without clone op from entering the LISTEN status
      
         - veth: fix race with AF_XDP exposing old or uninitialized
           descriptors
      
         - bpf:
            - pull before calling skb_postpull_rcsum() (fix checksum support
              and avoid a WARN())
            - fix panic due to wrong pageattr of im->image (when livepatch and
              kretfunc coexist)
            - keep a reference to the mm, in case the task is dead
      
         - mptcp: fix deadlock in fastopen error path
      
         - netfilter:
            - nf_tables: perform type checking for existing sets
            - nf_tables: honor set timeout and garbage collection updates
            - ipset: fix hash:net,port,net hang with /0 subnet
            - ipset: avoid hung task warning when adding/deleting entries
      
         - selftests: net:
            - fix cmsg_so_mark.sh test hang on non-x86 systems
            - fix the arp_ndisc_evict_nocarrier test for IPv6
      
         - usb: rndis_host: secure rndis_query check against int overflow
      
         - eth: r8169: fix dmar pte write access during suspend/resume with
           WOL
      
         - eth: lan966x: fix configuration of the PCS
      
         - eth: sparx5: fix reading of the MAC address
      
         - eth: qed: allow sleep in qed_mcp_trace_dump()
      
         - eth: hns3:
            - fix interrupts re-initialization after VF FLR
            - fix handling of promisc when MAC addr table gets full
            - refine the handling for VF heartbeat
      
         - eth: mlx5:
            - properly handle ingress QinQ-tagged packets on VST
            - fix io_eq_size and event_eq_size params validation on big endian
            - fix RoCE setting at HCA level if not supported at all
            - don't turn CQE compression on by default for IPoIB
      
         - eth: ena:
            - fix toeplitz initial hash key value
            - account for the number of XDP-processed bytes in interface stats
            - fix rx_copybreak value update
      
        Misc:
      
         - ethtool: harden phy stat handling against buggy drivers
      
         - docs: netdev: convert maintainer's doc from FAQ to a normal
           document"
      
      * tag 'net-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (112 commits)
        caif: fix memory leak in cfctrl_linkup_request()
        inet: control sockets should not use current thread task_frag
        net/ulp: prevent ULP without clone op from entering the LISTEN status
        qed: allow sleep in qed_mcp_trace_dump()
        MAINTAINERS: Update maintainers for ptp_vmw driver
        usb: rndis_host: Secure rndis_query check against int overflow
        net: dpaa: Fix dtsec check for PCS availability
        octeontx2-pf: Fix lmtst ID used in aura free
        drivers/net/bonding/bond_3ad: return when there's no aggregator
        netfilter: ipset: Rework long task execution when adding/deleting entries
        netfilter: ipset: fix hash:net,port,net hang with /0 subnet
        net: sparx5: Fix reading of the MAC address
        vxlan: Fix memory leaks in error path
        net: sched: htb: fix htb_classify() kernel-doc
        net: sched: cbq: dont intepret cls results when asked to drop
        net: sched: atm: dont intepret cls results when asked to drop
        dt-bindings: net: marvell,orion-mdio: Fix examples
        dt-bindings: net: sun8i-emac: Add phy-supply property
        net: ipa: use proper endpoint mask for suspend
        selftests: net: return non-zero for failures reported in arp_ndisc_evict_nocarrier
        ...
      50011c32
    • Ben Dooks's avatar
      riscv: uaccess: fix type of 0 variable on error in get_user() · b9b916ae
      Ben Dooks authored
      If the get_user(x, ptr) has x as a pointer, then the setting
      of (x) = 0 is going to produce the following sparse warning,
      so fix this by forcing the type of 'x' when access_ok() fails.
      
      fs/aio.c:2073:21: warning: Using plain integer as NULL pointer
      Signed-off-by: default avatarBen Dooks <ben-linux@fluff.org>
      Reviewed-by: default avatarPalmer Dabbelt <palmer@rivosinc.com>
      Link: https://lore.kernel.org/r/20221229170545.718264-1-ben-linux@fluff.org
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPalmer Dabbelt <palmer@rivosinc.com>
      b9b916ae
    • Björn Töpel's avatar
      riscv, kprobes: Stricter c.jr/c.jalr decoding · b2d473a6
      Björn Töpel authored
      In the compressed instruction extension, c.jr, c.jalr, c.mv, and c.add
      is encoded the following way (each instruction is 16b):
      
      ---+-+-----------+-----------+--
      100 0 rs1[4:0]!=0       00000 10 : c.jr
      100 1 rs1[4:0]!=0       00000 10 : c.jalr
      100 0  rd[4:0]!=0 rs2[4:0]!=0 10 : c.mv
      100 1  rd[4:0]!=0 rs2[4:0]!=0 10 : c.add
      
      The following logic is used to decode c.jr and c.jalr:
      
        insn & 0xf007 == 0x8002 => instruction is an c.jr
        insn & 0xf007 == 0x9002 => instruction is an c.jalr
      
      When 0xf007 is used to mask the instruction, c.mv can be incorrectly
      decoded as c.jr, and c.add as c.jalr.
      
      Correct the decoding by changing the mask from 0xf007 to 0xf07f.
      
      Fixes: c22b0bcb ("riscv: Add kprobes supported")
      Signed-off-by: default avatarBjörn Töpel <bjorn@rivosinc.com>
      Reviewed-by: default avatarConor Dooley <conor.dooley@microchip.com>
      Reviewed-by: default avatarGuo Ren <guoren@kernel.org>
      Link: https://lore.kernel.org/r/20230102160748.1307289-1-bjorn@kernel.org
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPalmer Dabbelt <palmer@rivosinc.com>
      b2d473a6
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · aa01a183
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
       "A reference leak fix, two fixes for using uninitialized variables and
        more drivers converted to using immutable irqchips:
      
         - fix a reference leak in gpio-sifive
      
         - fix a potential use of an uninitialized variable in core gpiolib
      
         - fix a potential use of an uninitialized variable in gpio-pca953x
      
         - make GPIO irqchips immutable in gpio-pmic-eic-sprd, gpio-eic-sprd
           and gpio-sprd"
      
      * tag 'gpio-fixes-for-v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: sifive: Fix refcount leak in sifive_gpio_probe
        gpio: sprd: Make the irqchip immutable
        gpio: pmic-eic-sprd: Make the irqchip immutable
        gpio: eic-sprd: Make the irqchip immutable
        gpio: pca953x: avoid to use uninitialized value pinctrl
        gpiolib: Fix using uninitialized lookup-flags on ACPI platforms
      aa01a183
    • Linus Torvalds's avatar
      Merge tag 'fbdev-for-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev · 5e9af4b4
      Linus Torvalds authored
      Pull fbdev fixes from Helge Deller:
      
       - Fix Matrox G200eW initialization failure
      
       - Fix build failure of offb driver when built as module
      
       - Optimize stack usage in omapfb
      
      * tag 'fbdev-for-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev:
        fbdev: omapfb: avoid stack overflow warning
        fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB
        fbdev: atyfb: use strscpy() to instead of strncpy()
        fbdev: omapfb: use strscpy() to instead of strncpy()
        fbdev: make offb driver tristate
      5e9af4b4
    • Paul E. McKenney's avatar
      block: Remove "select SRCU" · b2b50d57
      Paul E. McKenney authored
      Now that the SRCU Kconfig option is unconditionally selected, there is
      no longer any point in selecting it.  Therefore, remove the "select SRCU"
      Kconfig statements.
      Signed-off-by: default avatarPaul E. McKenney <paulmck@kernel.org>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: linux-block@vger.kernel.org
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      b2b50d57
    • Pavel Begunkov's avatar
      io_uring: fix CQ waiting timeout handling · 12521a5d
      Pavel Begunkov authored
      Jiffy to ktime CQ waiting conversion broke how we treat timeouts, in
      particular we rearm it anew every time we get into
      io_cqring_wait_schedule() without adjusting the timeout. Waiting for 2
      CQEs and getting a task_work in the middle may double the timeout value,
      or even worse in some cases task may wait indefinitely.
      
      Cc: stable@vger.kernel.org
      Fixes: 22833966 ("io_uring: don't convert to jiffies for waiting on timeouts")
      Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Link: https://lore.kernel.org/r/f7bffddd71b08f28a877d44d37ac953ddb01590d.1672915663.git.asml.silence@gmail.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      12521a5d
    • Arnd Bergmann's avatar
      fbdev: omapfb: avoid stack overflow warning · 634cf6ea
      Arnd Bergmann authored
      The dsi_irq_stats structure is a little too big to fit on the
      stack of a 32-bit task, depending on the specific gcc options:
      
      fbdev/omap2/omapfb/dss/dsi.c: In function 'dsi_dump_dsidev_irqs':
      fbdev/omap2/omapfb/dss/dsi.c:1621:1: error: the frame size of 1064 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
      
      Since this is only a debugfs file, performance is not critical,
      so just dynamically allocate it, and print an error message
      in there in place of a failure code when the allocation fails.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarHelge Deller <deller@gmx.de>
      634cf6ea
    • Zhengchao Shao's avatar
      caif: fix memory leak in cfctrl_linkup_request() · fe69230f
      Zhengchao Shao authored
      When linktype is unknown or kzalloc failed in cfctrl_linkup_request(),
      pkt is not released. Add release process to error path.
      
      Fixes: b482cd20 ("net-caif: add CAIF core protocol stack")
      Fixes: 8d545c8f ("caif: Disconnect without waiting for response")
      Signed-off-by: default avatarZhengchao Shao <shaozhengchao@huawei.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Link: https://lore.kernel.org/r/20230104065146.1153009-1-shaozhengchao@huawei.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      fe69230f
    • Eric Dumazet's avatar
      inet: control sockets should not use current thread task_frag · 1ac88557
      Eric Dumazet authored
      Because ICMP handlers run from softirq contexts,
      they must not use current thread task_frag.
      
      Previously, all sockets allocated by inet_ctl_sock_create()
      would use the per-socket page fragment, with no chance of
      recursion.
      
      Fixes: 98123866 ("Treewide: Stop corrupting socket's task_frag")
      Reported-by: syzbot+bebc6f1acdf4cbb79b03@syzkaller.appspotmail.com
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Benjamin Coddington <bcodding@redhat.com>
      Acked-by: default avatarGuillaume Nault <gnault@redhat.com>
      Link: https://lore.kernel.org/r/20230103192736.454149-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      1ac88557
    • Paolo Abeni's avatar
      net/ulp: prevent ULP without clone op from entering the LISTEN status · 2c02d41d
      Paolo Abeni authored
      When an ULP-enabled socket enters the LISTEN status, the listener ULP data
      pointer is copied inside the child/accepted sockets by sk_clone_lock().
      
      The relevant ULP can take care of de-duplicating the context pointer via
      the clone() operation, but only MPTCP and SMC implement such op.
      
      Other ULPs may end-up with a double-free at socket disposal time.
      
      We can't simply clear the ULP data at clone time, as TLS replaces the
      socket ops with custom ones assuming a valid TLS ULP context is
      available.
      
      Instead completely prevent clone-less ULP sockets from entering the
      LISTEN status.
      
      Fixes: 734942cc ("tcp: ULP infrastructure")
      Reported-by: default avatarslipper <slipper.alive@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Link: https://lore.kernel.org/r/4b80c3d1dbe3d0ab072f80450c202d9bc88b4b03.1672740602.git.pabeni@redhat.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      2c02d41d
    • Caleb Sander's avatar
      qed: allow sleep in qed_mcp_trace_dump() · 5401c3e0
      Caleb Sander authored
      By default, qed_mcp_cmd_and_union() delays 10us at a time in a loop
      that can run 500K times, so calls to qed_mcp_nvm_rd_cmd()
      may block the current thread for over 5s.
      We observed thread scheduling delays over 700ms in production,
      with stacktraces pointing to this code as the culprit.
      
      qed_mcp_trace_dump() is called from ethtool, so sleeping is permitted.
      It already can sleep in qed_mcp_halt(), which calls qed_mcp_cmd().
      Add a "can sleep" parameter to qed_find_nvram_image() and
      qed_nvram_read() so they can sleep during qed_mcp_trace_dump().
      qed_mcp_trace_get_meta_info() and qed_mcp_trace_read_meta(),
      called only by qed_mcp_trace_dump(), allow these functions to sleep.
      I can't tell if the other caller (qed_grc_dump_mcp_hw_dump()) can sleep,
      so keep b_can_sleep set to false when it calls these functions.
      
      An example stacktrace from a custom warning we added to the kernel
      showing a thread that has not scheduled despite long needing resched:
      [ 2745.362925,17] ------------[ cut here ]------------
      [ 2745.362941,17] WARNING: CPU: 23 PID: 5640 at arch/x86/kernel/irq.c:233 do_IRQ+0x15e/0x1a0()
      [ 2745.362946,17] Thread not rescheduled for 744 ms after irq 99
      [ 2745.362956,17] Modules linked in: ...
      [ 2745.363339,17] CPU: 23 PID: 5640 Comm: lldpd Tainted: P           O    4.4.182+ #202104120910+6d1da174272d.61x
      [ 2745.363343,17] Hardware name: FOXCONN MercuryB/Quicksilver Controller, BIOS H11P1N09 07/08/2020
      [ 2745.363346,17]  0000000000000000 ffff885ec07c3ed8 ffffffff8131eb2f ffff885ec07c3f20
      [ 2745.363358,17]  ffffffff81d14f64 ffff885ec07c3f10 ffffffff81072ac2 ffff88be98ed0000
      [ 2745.363369,17]  0000000000000063 0000000000000174 0000000000000074 0000000000000000
      [ 2745.363379,17] Call Trace:
      [ 2745.363382,17]  <IRQ>  [<ffffffff8131eb2f>] dump_stack+0x8e/0xcf
      [ 2745.363393,17]  [<ffffffff81072ac2>] warn_slowpath_common+0x82/0xc0
      [ 2745.363398,17]  [<ffffffff81072b4c>] warn_slowpath_fmt+0x4c/0x50
      [ 2745.363404,17]  [<ffffffff810d5a8e>] ? rcu_irq_exit+0xae/0xc0
      [ 2745.363408,17]  [<ffffffff817c99fe>] do_IRQ+0x15e/0x1a0
      [ 2745.363413,17]  [<ffffffff817c7ac9>] common_interrupt+0x89/0x89
      [ 2745.363416,17]  <EOI>  [<ffffffff8132aa74>] ? delay_tsc+0x24/0x50
      [ 2745.363425,17]  [<ffffffff8132aa04>] __udelay+0x34/0x40
      [ 2745.363457,17]  [<ffffffffa04d45ff>] qed_mcp_cmd_and_union+0x36f/0x7d0 [qed]
      [ 2745.363473,17]  [<ffffffffa04d5ced>] qed_mcp_nvm_rd_cmd+0x4d/0x90 [qed]
      [ 2745.363490,17]  [<ffffffffa04e1dc7>] qed_mcp_trace_dump+0x4a7/0x630 [qed]
      [ 2745.363504,17]  [<ffffffffa04e2556>] ? qed_fw_asserts_dump+0x1d6/0x1f0 [qed]
      [ 2745.363520,17]  [<ffffffffa04e4ea7>] qed_dbg_mcp_trace_get_dump_buf_size+0x37/0x80 [qed]
      [ 2745.363536,17]  [<ffffffffa04ea881>] qed_dbg_feature_size+0x61/0xa0 [qed]
      [ 2745.363551,17]  [<ffffffffa04eb427>] qed_dbg_all_data_size+0x247/0x260 [qed]
      [ 2745.363560,17]  [<ffffffffa0482c10>] qede_get_regs_len+0x30/0x40 [qede]
      [ 2745.363566,17]  [<ffffffff816c9783>] ethtool_get_drvinfo+0xe3/0x190
      [ 2745.363570,17]  [<ffffffff816cc152>] dev_ethtool+0x1362/0x2140
      [ 2745.363575,17]  [<ffffffff8109bcc6>] ? finish_task_switch+0x76/0x260
      [ 2745.363580,17]  [<ffffffff817c2116>] ? __schedule+0x3c6/0x9d0
      [ 2745.363585,17]  [<ffffffff810dbd50>] ? hrtimer_start_range_ns+0x1d0/0x370
      [ 2745.363589,17]  [<ffffffff816c1e5b>] ? dev_get_by_name_rcu+0x6b/0x90
      [ 2745.363594,17]  [<ffffffff816de6a8>] dev_ioctl+0xe8/0x710
      [ 2745.363599,17]  [<ffffffff816a58a8>] sock_do_ioctl+0x48/0x60
      [ 2745.363603,17]  [<ffffffff816a5d87>] sock_ioctl+0x1c7/0x280
      [ 2745.363608,17]  [<ffffffff8111f393>] ? seccomp_phase1+0x83/0x220
      [ 2745.363612,17]  [<ffffffff811e3503>] do_vfs_ioctl+0x2b3/0x4e0
      [ 2745.363616,17]  [<ffffffff811e3771>] SyS_ioctl+0x41/0x70
      [ 2745.363619,17]  [<ffffffff817c6ffe>] entry_SYSCALL_64_fastpath+0x1e/0x79
      [ 2745.363622,17] ---[ end trace f6954aa440266421 ]---
      
      Fixes: c965db44 ("qed: Add support for debug data collection")
      Signed-off-by: default avatarCaleb Sander <csander@purestorage.com>
      Acked-by: default avatarAlok Prasad <palok@marvell.com>
      Link: https://lore.kernel.org/r/20230103233021.1457646-1-csander@purestorage.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      5401c3e0
    • Jakub Kicinski's avatar
      Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 49d9601b
      Jakub Kicinski authored
      Alexei Starovoitov says:
      
      ====================
      bpf 2023-01-04
      
      We've added 5 non-merge commits during the last 8 day(s) which contain
      a total of 5 files changed, 112 insertions(+), 18 deletions(-).
      
      The main changes are:
      
      1) Always use maximal size for copy_array in the verifier to fix
         KASAN tracking, from Kees.
      
      2) Fix bpf task iterator walking through dead tasks, from Kui-Feng.
      
      3) Make sure livepatch and bpf fexit can coexist, from Chuang.
      
      * tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        bpf: Always use maximal size for copy_array()
        selftests/bpf: add a test for iter/task_vma for short-lived processes
        bpf: keep a reference to the mm, in case the task is dead.
        selftests/bpf: Temporarily disable part of btf_dump:var_data test.
        bpf: Fix panic due to wrong pageattr of im->image
      ====================
      
      Link: https://lore.kernel.org/r/20230104215500.79435-1-alexei.starovoitov@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      49d9601b
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 41c03ba9
      Linus Torvalds authored
      Pull virtio updates from Michael Tsirkin:
       "Mostly fixes all over the place, a couple of cleanups"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: (32 commits)
        virtio_blk: Fix signedness bug in virtblk_prep_rq()
        vdpa_sim_net: should not drop the multicast/broadcast packet
        vdpasim: fix memory leak when freeing IOTLBs
        vdpa: conditionally fill max max queue pair for stats
        vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove
        vduse: Validate vq_num in vduse_validate_config()
        tools/virtio: remove smp_read_barrier_depends()
        tools/virtio: remove stray characters
        vhost_vdpa: fix the crash in unmap a large memory
        virtio: Implementing attribute show with sysfs_emit
        virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
        tools/virtio: Variable type completion
        vdpa_sim: fix vringh initialization in vdpasim_queue_ready()
        virtio_blk: use UINT_MAX instead of -1U
        vhost-vdpa: fix an iotlb memory leak
        vhost: fix range used in translate_desc()
        vringh: fix range used in iotlb_translate()
        vhost/vsock: Fix error handling in vhost_vsock_init()
        vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init()
        tools: Delete the unneeded semicolon after curly braces
        ...
      41c03ba9
  3. 04 Jan, 2023 12 commits