1. 28 Nov, 2022 2 commits
    • Chao Yu's avatar
      f2fs: fix to do sanity check on i_extra_isize in is_alive() · d3b7b4af
      Chao Yu authored
      syzbot found a f2fs bug:
      
      BUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline]
      BUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline]
      BUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline]
      BUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734
      Read of size 4 at addr ffff888076557568 by task kworker/u4:3/52
      
      CPU: 1 PID: 52 Comm: kworker/u4:3 Not tainted 6.1.0-rc4-syzkaller-00362-gfef7fd48 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
      Workqueue: writeback wb_workfn (flush-7:0)
      Call Trace:
      <TASK>
      __dump_stack lib/dump_stack.c:88 [inline]
      dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
      print_address_description mm/kasan/report.c:284 [inline]
      print_report+0x15e/0x45d mm/kasan/report.c:395
      kasan_report+0xbb/0x1f0 mm/kasan/report.c:495
      data_blkaddr fs/f2fs/f2fs.h:2891 [inline]
      is_alive fs/f2fs/gc.c:1117 [inline]
      gc_data_segment fs/f2fs/gc.c:1520 [inline]
      do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734
      f2fs_gc+0x88c/0x20a0 fs/f2fs/gc.c:1831
      f2fs_balance_fs+0x544/0x6b0 fs/f2fs/segment.c:410
      f2fs_write_inode+0x57e/0xe20 fs/f2fs/inode.c:753
      write_inode fs/fs-writeback.c:1440 [inline]
      __writeback_single_inode+0xcfc/0x1440 fs/fs-writeback.c:1652
      writeback_sb_inodes+0x54d/0xf90 fs/fs-writeback.c:1870
      wb_writeback+0x2c5/0xd70 fs/fs-writeback.c:2044
      wb_do_writeback fs/fs-writeback.c:2187 [inline]
      wb_workfn+0x2dc/0x12f0 fs/fs-writeback.c:2227
      process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
      worker_thread+0x665/0x1080 kernel/workqueue.c:2436
      kthread+0x2e4/0x3a0 kernel/kthread.c:376
      ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
      
      The root cause is that we forgot to do sanity check on .i_extra_isize
      in below path, result in accessing invalid address later, fix it.
      - gc_data_segment
       - is_alive
        - data_blkaddr
         - offset_in_addr
      
      Reported-by: syzbot+f8f3dfa4abc489e768a1@syzkaller.appspotmail.com
      Link: https://lore.kernel.org/linux-f2fs-devel/0000000000003cb3c405ed5c17f9@google.com/T/#uSigned-off-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      d3b7b4af
    • Daeho Jeong's avatar
      f2fs: introduce F2FS_IOC_START_ATOMIC_REPLACE · 41e8f85a
      Daeho Jeong authored
      introduce a new ioctl to replace the whole content of a file atomically,
      which means it induces truncate and content update at the same time.
      We can start it with F2FS_IOC_START_ATOMIC_REPLACE and complete it with
      F2FS_IOC_COMMIT_ATOMIC_WRITE. Or abort it with
      F2FS_IOC_ABORT_ATOMIC_WRITE.
      Signed-off-by: default avatarDaeho Jeong <daehojeong@google.com>
      Reviewed-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      41e8f85a
  2. 11 Nov, 2022 7 commits
    • Yangtao Li's avatar
      f2fs: fix to set flush_merge opt and show noflush_merge · 967eaad1
      Yangtao Li authored
      Some minor modifications to flush_merge and related parameters:
      
        1.The FLUSH_MERGE opt is set by default only in non-ro mode.
        2.When ro and merge are set at the same time, an error is reported.
        3.Display noflush_merge mount opt.
      Suggested-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarYangtao Li <frank.li@vivo.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      967eaad1
    • Tetsuo Handa's avatar
      f2fs: initialize locks earlier in f2fs_fill_super() · 92b4cf5b
      Tetsuo Handa authored
      syzbot is reporting lockdep warning at f2fs_handle_error() [1], for
      spin_lock(&sbi->error_lock) is called before spin_lock_init() is called.
      For safe locking in error handling, move initialization of locks (and
      obvious structures) in f2fs_fill_super() to immediately after memory
      allocation.
      
      Link: https://syzkaller.appspot.com/bug?extid=40642be9b7e0bb28e0df [1]
      Reported-by: default avatarsyzbot <syzbot+40642be9b7e0bb28e0df@syzkaller.appspotmail.com>
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Tested-by: default avatarsyzbot <syzbot+40642be9b7e0bb28e0df@syzkaller.appspotmail.com>
      Reviewed-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      92b4cf5b
    • Chao Yu's avatar
      f2fs: optimize iteration over sparse directories · 59237a21
      Chao Yu authored
      Wei Chen reports a kernel bug as blew:
      
      INFO: task syz-executor.0:29056 blocked for more than 143 seconds.
            Not tainted 5.15.0-rc5 #1
      "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
      task:syz-executor.0  state:D stack:14632 pid:29056 ppid:  6574 flags:0x00000004
      Call Trace:
       __schedule+0x4a1/0x1720
       schedule+0x36/0xe0
       rwsem_down_write_slowpath+0x322/0x7a0
       fscrypt_ioctl_set_policy+0x11f/0x2a0
       __f2fs_ioctl+0x1a9f/0x5780
       f2fs_ioctl+0x89/0x3a0
       __x64_sys_ioctl+0xe8/0x140
       do_syscall_64+0x34/0xb0
       entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      Eric did some investigation on this issue, quoted from reply of Eric:
      
      "Well, the quality of this bug report has a lot to be desired (not on
      upstream kernel, reproducer is full of totally irrelevant stuff, not
      sent to the mailing list of the filesystem whose disk image is being
      fuzzed, etc.).  But what is going on is that f2fs_empty_dir() doesn't
      consider the case of a directory with an extremely large i_size on a
      malicious disk image.
      
      Specifically, the reproducer mounts an f2fs image with a directory
      that has an i_size of 14814520042850357248, then calls
      FS_IOC_SET_ENCRYPTION_POLICY on it.
      
      That results in a call to f2fs_empty_dir() to check whether the
      directory is empty.  f2fs_empty_dir() then iterates through all
      3616826182336513 blocks the directory allegedly contains to check
      whether any contain anything.  i_rwsem is held during this, so
      anything else that tries to take it will hang."
      
      In order to solve this issue, let's use f2fs_get_next_page_offset()
      to speed up iteration by skipping holes for all below functions:
      - f2fs_empty_dir
      - f2fs_readdir
      - find_in_level
      
      The way why we can speed up iteration was described in
      'commit 3cf45747 ("f2fs: introduce get_next_page_offset to speed
      up SEEK_DATA")'.
      
      Meanwhile, in f2fs_empty_dir(), let's use f2fs_find_data_page()
      instead f2fs_get_lock_data_page(), due to i_rwsem was held in
      caller of f2fs_empty_dir(), there shouldn't be any races, so it's
      fine to not lock dentry page during lookuping dirents in the page.
      
      Link: https://lore.kernel.org/lkml/536944df-a0ae-1dd8-148f-510b476e1347@kernel.org/T/Reported-by: default avatarWei Chen <harperchen1110@gmail.com>
      Cc: Eric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      59237a21
    • Chao Yu's avatar
      f2fs: fix to avoid accessing uninitialized spinlock · cc249e4c
      Chao Yu authored
      syzbot reports a kernel bug:
      
       __dump_stack lib/dump_stack.c:88 [inline]
       dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
       assign_lock_key+0x22a/0x240 kernel/locking/lockdep.c:981
       register_lock_class+0x287/0x9b0 kernel/locking/lockdep.c:1294
       __lock_acquire+0xe4/0x1f60 kernel/locking/lockdep.c:4934
       lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5668
       __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
       _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
       spin_lock include/linux/spinlock.h:350 [inline]
       f2fs_save_errors fs/f2fs/super.c:3868 [inline]
       f2fs_handle_error+0x29/0x230 fs/f2fs/super.c:3896
       f2fs_iget+0x215/0x4bb0 fs/f2fs/inode.c:516
       f2fs_fill_super+0x47d3/0x7b50 fs/f2fs/super.c:4222
       mount_bdev+0x26c/0x3a0 fs/super.c:1401
       legacy_get_tree+0xea/0x180 fs/fs_context.c:610
       vfs_get_tree+0x88/0x270 fs/super.c:1531
       do_new_mount+0x289/0xad0 fs/namespace.c:3040
       do_mount fs/namespace.c:3383 [inline]
       __do_sys_mount fs/namespace.c:3591 [inline]
       __se_sys_mount+0x2e3/0x3d0 fs/namespace.c:3568
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd
      
      F2FS-fs (loop1): Failed to read F2FS meta data inode
      
      The root cause is if sbi->error_lock may be accessed before
      its initialization, fix it.
      
      Link: https://lore.kernel.org/linux-f2fs-devel/0000000000007edb6605ecbb6442@google.com/T/#u
      Reported-by: syzbot+40642be9b7e0bb28e0df@syzkaller.appspotmail.com
      Fixes: 95fa90c9 ("f2fs: support recording errors into superblock")
      Signed-off-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      cc249e4c
    • Daeho Jeong's avatar
      f2fs: correct i_size change for atomic writes · 4d8d45df
      Daeho Jeong authored
      We need to make sure i_size doesn't change until atomic write commit is
      successful and restore it when commit is failed.
      Signed-off-by: default avatarDaeho Jeong <daehojeong@google.com>
      Reviewed-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      4d8d45df
    • Yangtao Li's avatar
      f2fs: add proc entry to show discard_plist info · 225d6795
      Yangtao Li authored
      This patch adds a new proc entry to show discard_plist
      information in more detail, which is very helpful to
      know the discard pend list count clearly.
      
      Such as:
      
      Discard pend list(Show diacrd_cmd count on each entry, .:not exist):
        0       390     156      85      67      46      37      26      14
        8        17      12       9       9       6      12      11      10
        16        5       9       2       4       8       3       4       1
        24        3       2       2       5       2       4       5       4
        32        3       3       2       3       .       3       3       1
        40        .       4       1       3       2       1       2       1
        48        1       .       1       1       .       1       1       .
        56        .       1       1       1       .       2       .       1
        64        1       2       .       .       .       .       .       .
        72        .       1       .       .       .       .       .       .
        80        3       1       .       .       1       1       .       .
        88        1       .       .       .       1       .       .       1
      ......
      Signed-off-by: default avatarYangtao Li <frank.li@vivo.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      225d6795
    • Jaegeuk Kim's avatar
      f2fs: allow to read node block after shutdown · e6ecb142
      Jaegeuk Kim authored
      If block address is still alive, we should give a valid node block even after
      shutdown. Otherwise, we can see zero data when reading out a file.
      
      Cc: stable@vger.kernel.org
      Fixes: 83a3bfdb ("f2fs: indicate shutdown f2fs to allow unmount successfully")
      Reviewed-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      e6ecb142
  3. 02 Nov, 2022 19 commits
  4. 28 Oct, 2022 1 commit
  5. 25 Oct, 2022 2 commits
  6. 17 Oct, 2022 1 commit
  7. 16 Oct, 2022 8 commits
    • Linus Torvalds's avatar
      Linux 6.1-rc1 · 9abf2313
      Linus Torvalds authored
      9abf2313
    • Linus Torvalds's avatar
      Merge tag 'random-6.1-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random · f1947d7c
      Linus Torvalds authored
      Pull more random number generator updates from Jason Donenfeld:
       "This time with some large scale treewide cleanups.
      
        The intent of this pull is to clean up the way callers fetch random
        integers. The current rules for doing this right are:
      
         - If you want a secure or an insecure random u64, use get_random_u64()
      
         - If you want a secure or an insecure random u32, use get_random_u32()
      
           The old function prandom_u32() has been deprecated for a while
           now and is just a wrapper around get_random_u32(). Same for
           get_random_int().
      
         - If you want a secure or an insecure random u16, use get_random_u16()
      
         - If you want a secure or an insecure random u8, use get_random_u8()
      
         - If you want secure or insecure random bytes, use get_random_bytes().
      
           The old function prandom_bytes() has been deprecated for a while
           now and has long been a wrapper around get_random_bytes()
      
         - If you want a non-uniform random u32, u16, or u8 bounded by a
           certain open interval maximum, use prandom_u32_max()
      
           I say "non-uniform", because it doesn't do any rejection sampling
           or divisions. Hence, it stays within the prandom_*() namespace, not
           the get_random_*() namespace.
      
           I'm currently investigating a "uniform" function for 6.2. We'll see
           what comes of that.
      
        By applying these rules uniformly, we get several benefits:
      
         - By using prandom_u32_max() with an upper-bound that the compiler
           can prove at compile-time is ≤65536 or ≤256, internally
           get_random_u16() or get_random_u8() is used, which wastes fewer
           batched random bytes, and hence has higher throughput.
      
         - By using prandom_u32_max() instead of %, when the upper-bound is
           not a constant, division is still avoided, because
           prandom_u32_max() uses a faster multiplication-based trick instead.
      
         - By using get_random_u16() or get_random_u8() in cases where the
           return value is intended to indeed be a u16 or a u8, we waste fewer
           batched random bytes, and hence have higher throughput.
      
        This series was originally done by hand while I was on an airplane
        without Internet. Later, Kees and I worked on retroactively figuring
        out what could be done with Coccinelle and what had to be done
        manually, and then we split things up based on that.
      
        So while this touches a lot of files, the actual amount of code that's
        hand fiddled is comfortably small"
      
      * tag 'random-6.1-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random:
        prandom: remove unused functions
        treewide: use get_random_bytes() when possible
        treewide: use get_random_u32() when possible
        treewide: use get_random_{u8,u16}() when possible, part 2
        treewide: use get_random_{u8,u16}() when possible, part 1
        treewide: use prandom_u32_max() when possible, part 2
        treewide: use prandom_u32_max() when possible, part 1
      f1947d7c
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-for-v6.1-2-2022-10-16' of... · 8636df94
      Linus Torvalds authored
      Merge tag 'perf-tools-for-v6.1-2-2022-10-16' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull more perf tools updates from Arnaldo Carvalho de Melo:
      
       - Use BPF CO-RE (Compile Once, Run Everywhere) to support old kernels
         when using bperf (perf BPF based counters) with cgroups.
      
       - Support HiSilicon PCIe Performance Monitoring Unit (PMU), that
         monitors bandwidth, latency, bus utilization and buffer occupancy.
      
         Documented in Documentation/admin-guide/perf/hisi-pcie-pmu.rst.
      
       - User space tasks can migrate between CPUs, so when tracing selected
         CPUs, system-wide sideband is still needed, fix it in the setup of
         Intel PT on hybrid systems.
      
       - Fix metricgroups title message in 'perf list', it should state that
         the metrics groups are to be used with the '-M' option, not '-e'.
      
       - Sync the msr-index.h copy with the kernel sources, adding support for
         using "AMD64_TSC_RATIO" in filter expressions in 'perf trace' as well
         as decoding it when printing the MSR tracepoint arguments.
      
       - Fix program header size and alignment when generating a JIT ELF in
         'perf inject'.
      
       - Add multiple new Intel PT 'perf test' entries, including a jitdump
         one.
      
       - Fix the 'perf test' entries for 'perf stat' CSV and JSON output when
         running on PowerPC due to an invalid topology number in that arch.
      
       - Fix the 'perf test' for arm_coresight failures on the ARM Juno
         system.
      
       - Fix the 'perf test' attr entry for PERF_FORMAT_LOST, adding this
         option to the or expression expected in the intercepted
         perf_event_open() syscall.
      
       - Add missing condition flags ('hs', 'lo', 'vc', 'vs') for arm64 in the
         'perf annotate' asm parser.
      
       - Fix 'perf mem record -C' option processing, it was being chopped up
         when preparing the underlying 'perf record -e mem-events' and thus
         being ignored, requiring using '-- -C CPUs' as a workaround.
      
       - Improvements and tidy ups for 'perf test' shell infra.
      
       - Fix Intel PT information printing segfault in uClibc, where a NULL
         format was being passed to fprintf.
      
      * tag 'perf-tools-for-v6.1-2-2022-10-16' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: (23 commits)
        tools arch x86: Sync the msr-index.h copy with the kernel sources
        perf auxtrace arm64: Add support for parsing HiSilicon PCIe Trace packet
        perf auxtrace arm64: Add support for HiSilicon PCIe Tune and Trace device driver
        perf auxtrace arm: Refactor event list iteration in auxtrace_record__init()
        perf tests stat+json_output: Include sanity check for topology
        perf tests stat+csv_output: Include sanity check for topology
        perf intel-pt: Fix system_wide dummy event for hybrid
        perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
        perf test: Fix attr tests for PERF_FORMAT_LOST
        perf test: test_intel_pt.sh: Add 9 tests
        perf inject: Fix GEN_ELF_TEXT_OFFSET for jit
        perf test: test_intel_pt.sh: Add jitdump test
        perf test: test_intel_pt.sh: Tidy some alignment
        perf test: test_intel_pt.sh: Print a message when skipping kernel tracing
        perf test: test_intel_pt.sh: Tidy some perf record options
        perf test: test_intel_pt.sh: Fix return checking again
        perf: Skip and warn on unknown format 'configN' attrs
        perf list: Fix metricgroups title message
        perf mem: Fix -C option behavior for perf mem record
        perf annotate: Add missing condition flags for arm64
        ...
      8636df94
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v6.1' of... · 2df76606
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - Fix CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y compile error for the
         combination of Clang >= 14 and GAS <= 2.35.
      
       - Drop vmlinux.bz2 from the rpm package as it just annoyingly increased
         the package size.
      
       - Fix modpost error under build environments using musl.
      
       - Make *.ll files keep value names for easier debugging
      
       - Fix single directory build
      
       - Prevent RISC-V from selecting the broken DWARF5 support when Clang
         and GAS are used together.
      
      * tag 'kbuild-fixes-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5
        kbuild: fix single directory build
        kbuild: add -fno-discard-value-names to cmd_cc_ll_c
        scripts/clang-tools: Convert clang-tidy args to list
        modpost: put modpost options before argument
        kbuild: Stop including vmlinux.bz2 in the rpm's
        Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
        Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5
      2df76606
    • Linus Torvalds's avatar
      Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · 2fcd8f10
      Linus Torvalds authored
      Pull more clk updates from Stephen Boyd:
       "This is the final part of the clk patches for this merge window.
      
        The clk rate range series needed another week to fully bake. Maxime
        fixed the bug that broke clk notifiers and prevented this from being
        included in the first pull request. He also added a unit test on top
        to make sure it doesn't break so easily again. The majority of the
        series fixes up how the clk_set_rate_*() APIs work, particularly
        around when the rate constraints are dropped and how they move around
        when reparenting clks. Overall it's a much needed improvement to the
        clk rate range APIs that used to be pretty broken if you looked
        sideways.
      
        Beyond the core changes there are a few driver fixes for a compilation
        issue or improper data causing clks to fail to register or have the
        wrong parents. These are good to get in before the first -rc so that
        the system actually boots on the affected devices"
      
      * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (31 commits)
        clk: tegra: Fix Tegra PWM parent clock
        clk: at91: fix the build with binutils 2.27
        clk: qcom: gcc-msm8660: Drop hardcoded fixed board clocks
        clk: mediatek: clk-mux: Add .determine_rate() callback
        clk: tests: Add tests for notifiers
        clk: Update req_rate on __clk_recalc_rates()
        clk: tests: Add missing test case for ranges
        clk: qcom: clk-rcg2: Take clock boundaries into consideration for gfx3d
        clk: Introduce the clk_hw_get_rate_range function
        clk: Zero the clk_rate_request structure
        clk: Stop forwarding clk_rate_requests to the parent
        clk: Constify clk_has_parent()
        clk: Introduce clk_core_has_parent()
        clk: Switch from __clk_determine_rate to clk_core_round_rate_nolock
        clk: Add our request boundaries in clk_core_init_rate_req
        clk: Introduce clk_hw_init_rate_request()
        clk: Move clk_core_init_rate_req() from clk_core_round_rate_nolock() to its caller
        clk: Change clk_core_init_rate_req prototype
        clk: Set req_rate on reparenting
        clk: Take into account uncached clocks in clk_set_rate_range()
        ...
      2fcd8f10
    • Linus Torvalds's avatar
      Merge tag '6.1-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6 · b08cd744
      Linus Torvalds authored
      Pull more cifs updates from Steve French:
      
       - fix a regression in guest mounts to old servers
      
       - improvements to directory leasing (caching directory entries safely
         beyond the root directory)
      
       - symlink improvement (reducing roundtrips needed to process symlinks)
      
       - an lseek fix (to problem where some dir entries could be skipped)
      
       - improved ioctl for returning more detailed information on directory
         change notifications
      
       - clarify multichannel interface query warning
      
       - cleanup fix (for better aligning buffers using ALIGN and round_up)
      
       - a compounding fix
      
       - fix some uninitialized variable bugs found by Coverity and the kernel
         test robot
      
      * tag '6.1-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: improve SMB3 change notification support
        cifs: lease key is uninitialized in two additional functions when smb1
        cifs: lease key is uninitialized in smb1 paths
        smb3: must initialize two ACL struct fields to zero
        cifs: fix double-fault crash during ntlmssp
        cifs: fix static checker warning
        cifs: use ALIGN() and round_up() macros
        cifs: find and use the dentry for cached non-root directories also
        cifs: enable caching of directories for which a lease is held
        cifs: prevent copying past input buffer boundaries
        cifs: fix uninitialised var in smb2_compound_op()
        cifs: improve symlink handling for smb2+
        smb3: clarify multichannel warning
        cifs: fix regression in very old smb1 mounts
        cifs: fix skipping to incorrect offset in emit_cached_dirents
      b08cd744
    • Tetsuo Handa's avatar
      Revert "cpumask: fix checking valid cpu range". · 80493877
      Tetsuo Handa authored
      This reverts commit 78e5a339 ("cpumask: fix checking valid cpu range").
      
      syzbot is hitting WARN_ON_ONCE(cpu >= nr_cpumask_bits) warning at
      cpu_max_bits_warn() [1], for commit 78e5a339 ("cpumask: fix checking
      valid cpu range") is broken.  Obviously that patch hits WARN_ON_ONCE()
      when e.g.  reading /proc/cpuinfo because passing "cpu + 1" instead of
      "cpu" will trivially hit cpu == nr_cpumask_bits condition.
      
      Although syzbot found this problem in linux-next.git on 2022/09/27 [2],
      this problem was not fixed immediately.  As a result, that patch was
      sent to linux.git before the patch author recognizes this problem, and
      syzbot started failing to test changes in linux.git since 2022/10/10
      [3].
      
      Andrew Jones proposed a fix for x86 and riscv architectures [4].  But
      [2] and [5] indicate that affected locations are not limited to arch
      code.  More delay before we find and fix affected locations, less tested
      kernel (and more difficult to bisect and fix) before release.
      
      We should have inspected and fixed basically all cpumask users before
      applying that patch.  We should not crash kernels in order to ask
      existing cpumask users to update their code, even if limited to
      CONFIG_DEBUG_PER_CPU_MAPS=y case.
      
      Link: https://syzkaller.appspot.com/bug?extid=d0fd2bf0dd6da72496dd [1]
      Link: https://syzkaller.appspot.com/bug?extid=21da700f3c9f0bc40150 [2]
      Link: https://syzkaller.appspot.com/bug?extid=51a652e2d24d53e75734 [3]
      Link: https://lkml.kernel.org/r/20221014155845.1986223-1-ajones@ventanamicro.com [4]
      Link: https://syzkaller.appspot.com/bug?extid=4d46c43d81c3bd155060 [5]
      Reported-by: default avatarAndrew Jones <ajones@ventanamicro.com>
      Reported-by: syzbot+d0fd2bf0dd6da72496dd@syzkaller.appspotmail.com
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Cc: Yury Norov <yury.norov@gmail.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      80493877
    • Nathan Chancellor's avatar
      lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 · 0a6de78c
      Nathan Chancellor authored
      When building with a RISC-V kernel with DWARF5 debug info using clang
      and the GNU assembler, several instances of the following error appear:
      
        /tmp/vgettimeofday-48aa35.s:2963: Error: non-constant .uleb128 is not supported
      
      Dumping the .s file reveals these .uleb128 directives come from
      .debug_loc and .debug_ranges:
      
        .Ldebug_loc0:
                .byte   4                               # DW_LLE_offset_pair
                .uleb128 .Lfunc_begin0-.Lfunc_begin0    #   starting offset
                .uleb128 .Ltmp1-.Lfunc_begin0           #   ending offset
                .byte   1                               # Loc expr size
                .byte   90                              # DW_OP_reg10
                .byte   0                               # DW_LLE_end_of_list
      
        .Ldebug_ranges0:
                .byte   4                               # DW_RLE_offset_pair
                .uleb128 .Ltmp6-.Lfunc_begin0           #   starting offset
                .uleb128 .Ltmp27-.Lfunc_begin0          #   ending offset
                .byte   4                               # DW_RLE_offset_pair
                .uleb128 .Ltmp28-.Lfunc_begin0          #   starting offset
                .uleb128 .Ltmp30-.Lfunc_begin0          #   ending offset
                .byte   0                               # DW_RLE_end_of_list
      
      There is an outstanding binutils issue to support a non-constant operand
      to .sleb128 and .uleb128 in GAS for RISC-V but there does not appear to
      be any movement on it, due to concerns over how it would work with
      linker relaxation.
      
      To avoid these build errors, prevent DWARF5 from being selected when
      using clang and an assembler that does not have support for these symbol
      deltas, which can be easily checked in Kconfig with as-instr plus the
      small test program from the dwz test suite from the binutils issue.
      
      Link: https://sourceware.org/bugzilla/show_bug.cgi?id=27215
      Link: https://github.com/ClangBuiltLinux/linux/issues/1719Signed-off-by: default avatarNathan Chancellor <nathan@kernel.org>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      0a6de78c