1. 22 Jun, 2021 3 commits
    • Greg Kurz's avatar
      virtiofs: propagate sync() to file server · 2d82ab25
      Greg Kurz authored
      Even if POSIX doesn't mandate it, linux users legitimately expect sync() to
      flush all data and metadata to physical storage when it is located on the
      same system.  This isn't happening with virtiofs though: sync() inside the
      guest returns right away even though data still needs to be flushed from
      the host page cache.
      
      This is easily demonstrated by doing the following in the guest:
      
      $ dd if=/dev/zero of=/mnt/foo bs=1M count=5K ; strace -T -e sync sync
      5120+0 records in
      5120+0 records out
      5368709120 bytes (5.4 GB, 5.0 GiB) copied, 5.22224 s, 1.0 GB/s
      sync()                                  = 0 <0.024068>
      
      and start the following in the host when the 'dd' command completes
      in the guest:
      
      $ strace -T -e fsync /usr/bin/sync virtiofs/foo
      fsync(3)                                = 0 <10.371640>
      
      There are no good reasons not to honor the expected behavior of sync()
      actually: it gives an unrealistic impression that virtiofs is super fast
      and that data has safely landed on HW, which isn't the case obviously.
      
      Implement a ->sync_fs() superblock operation that sends a new FUSE_SYNCFS
      request type for this purpose.  Provision a 64-bit placeholder for possible
      future extensions.  Since the file server cannot handle the wait == 0 case,
      we skip it to avoid a gratuitous roundtrip.  Note that this is
      per-superblock: a FUSE_SYNCFS is send for the root mount and for each
      submount.
      
      Like with FUSE_FSYNC and FUSE_FSYNCDIR, lack of support for FUSE_SYNCFS in
      the file server is treated as permanent success.  This ensures
      compatibility with older file servers: the client will get the current
      behavior of sync() not being propagated to the file server.
      
      Note that such an operation allows the file server to DoS sync().  Since a
      typical FUSE file server is an untrusted piece of software running in
      userspace, this is disabled by default.  Only enable it with virtiofs for
      now since virtiofsd is supposedly trusted by the guest kernel.
      Reported-by: default avatarRobert Krawitz <rlk@redhat.com>
      Signed-off-by: default avatarGreg Kurz <groug@kaod.org>
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      2d82ab25
    • Miklos Szeredi's avatar
      fuse: reject internal errno · 49221cf8
      Miklos Szeredi authored
      Don't allow userspace to report errors that could be kernel-internal.
      Reported-by: default avatarAnatoly Trosinenko <anatoly.trosinenko@gmail.com>
      Fixes: 334f485d ("[PATCH] FUSE - device functions")
      Cc: <stable@vger.kernel.org> # v2.6.14
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      49221cf8
    • Miklos Szeredi's avatar
      fuse: check connected before queueing on fpq->io · 80ef0867
      Miklos Szeredi authored
      A request could end up on the fpq->io list after fuse_abort_conn() has
      reset fpq->connected and aborted requests on that list:
      
      Thread-1			  Thread-2
      ========			  ========
      ->fuse_simple_request()           ->shutdown
        ->__fuse_request_send()
          ->queue_request()		->fuse_abort_conn()
      ->fuse_dev_do_read()                ->acquire(fpq->lock)
        ->wait_for(fpq->lock) 	  ->set err to all req's in fpq->io
      				  ->release(fpq->lock)
        ->acquire(fpq->lock)
        ->add req to fpq->io
      
      After the userspace copy is done the request will be ended, but
      req->out.h.error will remain uninitialized.  Also the copy might block
      despite being already aborted.
      
      Fix both issues by not allowing the request to be queued on the fpq->io
      list after fuse_abort_conn() has processed this list.
      Reported-by: default avatarPradeep P V K <pragalla@codeaurora.org>
      Fixes: fd22d62e ("fuse: no fc->lock for iqueue parts")
      Cc: <stable@vger.kernel.org> # v4.2
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      80ef0867
  2. 18 Jun, 2021 1 commit
    • Miklos Szeredi's avatar
      fuse: ignore PG_workingset after stealing · b89ecd60
      Miklos Szeredi authored
      Fix the "fuse: trying to steal weird page" warning.
      
      Description from Johannes Weiner:
      
        "Think of it as similar to PG_active. It's just another usage/heat
         indicator of file and anon pages on the reclaim LRU that, unlike
         PG_active, persists across deactivation and even reclaim (we store it in
         the page cache / swapper cache tree until the page refaults).
      
         So if fuse accepts pages that can legally have PG_active set,
         PG_workingset is fine too."
      Reported-by: default avatarThomas Lindroth <thomas.lindroth@gmail.com>
      Fixes: 1899ad18 ("mm: workingset: tell cache transitions from workingset thrashing")
      Cc: <stable@vger.kernel.org> # v4.20
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      b89ecd60
  3. 09 Jun, 2021 3 commits
    • Greg Kurz's avatar
      fuse: Fix infinite loop in sget_fc() · e4a9ccdd
      Greg Kurz authored
      We don't set the SB_BORN flag on submounts. This is wrong as these
      superblocks are then considered as partially constructed or dying
      in the rest of the code and can break some assumptions.
      
      One such case is when you have a virtiofs filesystem with submounts
      and you try to mount it again : virtio_fs_get_tree() tries to obtain
      a superblock with sget_fc(). The logic in sget_fc() is to loop until
      it has either found an existing matching superblock with SB_BORN set
      or to create a brand new one. It is assumed that a superblock without
      SB_BORN is transient and the loop is restarted. Forgetting to set
      SB_BORN on submounts hence causes sget_fc() to retry forever.
      
      Setting SB_BORN requires special care, i.e. a write barrier for
      super_cache_count() which can check SB_BORN without taking any lock.
      We should call vfs_get_tree() to deal with that but this requires
      to have a proper ->get_tree() implementation for submounts, which
      is a bigger piece of work. Go for a simple bug fix in the meatime.
      
      Fixes: bf109c64 ("fuse: implement crossmounts")
      Cc: stable@vger.kernel.org # v5.10+
      Signed-off-by: default avatarGreg Kurz <groug@kaod.org>
      Reviewed-by: default avatarMax Reitz <mreitz@redhat.com>
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      e4a9ccdd
    • Greg Kurz's avatar
      fuse: Fix crash if superblock of submount gets killed early · e3a43f2a
      Greg Kurz authored
      As soon as fuse_dentry_automount() does up_write(&sb->s_umount), the
      superblock can theoretically be killed. If this happens before the
      submount was added to the &fc->mounts list, fuse_mount_remove() later
      crashes in list_del_init() because it assumes the submount to be
      already there.
      
      Add the submount before dropping sb->s_umount to fix the inconsistency.
      It is okay to nest fc->killsb under sb->s_umount, we already do this
      on the ->kill_sb() path.
      Signed-off-by: default avatarGreg Kurz <groug@kaod.org>
      Fixes: bf109c64 ("fuse: implement crossmounts")
      Cc: stable@vger.kernel.org # v5.10+
      Reviewed-by: default avatarMax Reitz <mreitz@redhat.com>
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      e3a43f2a
    • Greg Kurz's avatar
      fuse: Fix crash in fuse_dentry_automount() error path · d92d88f0
      Greg Kurz authored
      If fuse_fill_super_submount() returns an error, the error path
      triggers a crash:
      
      [   26.206673] BUG: kernel NULL pointer dereference, address: 0000000000000000
      [...]
      [   26.226362] RIP: 0010:__list_del_entry_valid+0x25/0x90
      [...]
      [   26.247938] Call Trace:
      [   26.248300]  fuse_mount_remove+0x2c/0x70 [fuse]
      [   26.248892]  virtio_kill_sb+0x22/0x160 [virtiofs]
      [   26.249487]  deactivate_locked_super+0x36/0xa0
      [   26.250077]  fuse_dentry_automount+0x178/0x1a0 [fuse]
      
      The crash happens because fuse_mount_remove() assumes that the FUSE
      mount was already added to list under the FUSE connection, but this
      only done after fuse_fill_super_submount() has returned success.
      
      This means that until fuse_fill_super_submount() has returned success,
      the FUSE mount isn't actually owned by the superblock. We should thus
      reclaim ownership by clearing sb->s_fs_info, which will skip the call
      to fuse_mount_remove(), and perform rollback, like virtio_fs_get_tree()
      already does for the root sb.
      
      Fixes: bf109c64 ("fuse: implement crossmounts")
      Cc: stable@vger.kernel.org # v5.10+
      Signed-off-by: default avatarGreg Kurz <groug@kaod.org>
      Reviewed-by: default avatarMax Reitz <mreitz@redhat.com>
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      d92d88f0
  4. 06 Jun, 2021 11 commits
    • Linus Torvalds's avatar
      Linux 5.13-rc5 · 614124be
      Linus Torvalds authored
      614124be
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 90d56a3d
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Five small and fairly minor fixes, all in drivers"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
        scsi: ufs: ufs-mediatek: Fix HCI version in some platforms
        scsi: qedf: Do not put host in qedf_vport_create() unconditionally
        scsi: lpfc: Fix failure to transmit ABTS on FC link
        scsi: target: core: Fix warning on realtime kernels
      90d56a3d
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · 20e41d9b
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "Miscellaneous ext4 bug fixes"
      
      * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: Only advertise encrypted_casefold when encryption and unicode are enabled
        ext4: fix no-key deletion for encrypt+casefold
        ext4: fix memory leak in ext4_fill_super
        ext4: fix fast commit alignment issues
        ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
        ext4: fix accessing uninit percpu counter variable with fast_commit
        ext4: fix memory leak in ext4_mb_init_backend on error path.
      20e41d9b
    • Linus Torvalds's avatar
      Merge tag 'arm-soc-fixes-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · decad3e1
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "A set of fixes that have been coming in over the last few weeks, the
        usual mix of fixes:
      
         - DT fixups for TI K3
      
         - SATA drive detection fix for TI DRA7
      
         - Power management fixes and a few build warning removals for OMAP
      
         - OP-TEE fix to use standard API for UUID exporting
      
         - DT fixes for a handful of i.MX boards
      
        And a few other smaller items"
      
      * tag 'arm-soc-fixes-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (29 commits)
        arm64: meson: select COMMON_CLK
        soc: amlogic: meson-clk-measure: remove redundant dev_err call in meson_msr_probe()
        ARM: OMAP1: ams-delta: remove unused function ams_delta_camera_power
        bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act
        ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells
        ARM: dts: imx7d-pico: Fix the 'tuning-step' property
        ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property
        arm64: dts: freescale: sl28: var1: fix RGMII clock and voltage
        arm64: dts: freescale: sl28: var4: fix RGMII clock and voltage
        ARM: imx: pm-imx27: Include "common.h"
        arm64: dts: zii-ultra: fix 12V_MAIN voltage
        arm64: dts: zii-ultra: remove second GEN_3V3 regulator instance
        arm64: dts: ls1028a: fix memory node
        bus: ti-sysc: Fix am335x resume hang for usb otg module
        ARM: OMAP2+: Fix build warning when mmc_omap is not built
        ARM: OMAP1: isp1301-omap: Add missing gpiod_add_lookup_table function
        ARM: OMAP1: Fix use of possibly uninitialized irq variable
        optee: use export_uuid() to copy client UUID
        arm64: dts: ti: k3*: Introduce reg definition for interrupt routers
        arm64: dts: ti: k3-am65|j721e|am64: Map the dma / navigator subsystem via explicit ranges
        ...
      decad3e1
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.13-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · bd7b12aa
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "Fix our KVM reverse map real-mode handling since we enabled huge
        vmalloc (in some configurations).
      
        Revert a recent change to our IOMMU code which broke some devices.
      
        Fix KVM handling of FSCR on P7/P8, which could have possibly let a
        guest crash it's Qemu.
      
        Fix kprobes validation of prefixed instructions across page boundary.
      
        Thanks to Alexey Kardashevskiy, Christophe Leroy, Fabiano Rosas,
        Frederic Barrat, Naveen N. Rao, and Nicholas Piggin"
      
      * tag 'powerpc-5.13-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        Revert "powerpc/kernel/iommu: Align size for IOMMU_PAGE_SIZE() to save TCEs"
        KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path
        powerpc: Fix reverse map real-mode address lookup with huge vmalloc
        powerpc/kprobes: Fix validation of prefixed instructions across page boundary
      bd7b12aa
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v5.13-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 773ac53b
      Linus Torvalds authored
      Pull x86 fixes from Borislav Petkov:
       "A bunch of x86/urgent stuff accumulated for the last two weeks so
        lemme unload it to you.
      
        It should be all totally risk-free, of course. :-)
      
         - Fix out-of-spec hardware (1st gen Hygon) which does not implement
           MSR_AMD64_SEV even though the spec clearly states so, and check
           CPUID bits first.
      
         - Send only one signal to a task when it is a SEGV_PKUERR si_code
           type.
      
         - Do away with all the wankery of reserving X amount of memory in the
           first megabyte to prevent BIOS corrupting it and simply and
           unconditionally reserve the whole first megabyte.
      
         - Make alternatives NOP optimization work at an arbitrary position
           within the patched sequence because the compiler can put
           single-byte NOPs for alignment anywhere in the sequence (32-bit
           retpoline), vs our previous assumption that the NOPs are only
           appended.
      
         - Force-disable ENQCMD[S] instructions support and remove
           update_pasid() because of insufficient protection against FPU state
           modification in an interrupt context, among other xstate horrors
           which are being addressed at the moment. This one limits the
           fallout until proper enablement.
      
         - Use cpu_feature_enabled() in the idxd driver so that it can be
           build-time disabled through the defines in disabled-features.h.
      
         - Fix LVT thermal setup for SMI delivery mode by making sure the APIC
           LVT value is read before APIC initialization so that softlockups
           during boot do not happen at least on one machine.
      
         - Mark all legacy interrupts as legacy vectors when the IO-APIC is
           disabled and when all legacy interrupts are routed through the PIC"
      
      * tag 'x86_urgent_for_v5.13-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/sev: Check SME/SEV support in CPUID first
        x86/fault: Don't send SIGSEGV twice on SEGV_PKUERR
        x86/setup: Always reserve the first 1M of RAM
        x86/alternative: Optimize single-byte NOPs at an arbitrary position
        x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove update_pasid()
        dmaengine: idxd: Use cpu_feature_enabled()
        x86/thermal: Fix LVT thermal setup for SMI delivery mode
        x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
      773ac53b
    • Daniel Rosenberg's avatar
      ext4: Only advertise encrypted_casefold when encryption and unicode are enabled · e71f99f2
      Daniel Rosenberg authored
      Encrypted casefolding is only supported when both encryption and
      casefolding are both enabled in the config.
      
      Fixes: 471fbbea ("ext4: handle casefolding with encryption")
      Cc: stable@vger.kernel.org # 5.13+
      Signed-off-by: default avatarDaniel Rosenberg <drosen@google.com>
      Link: https://lore.kernel.org/r/20210603094849.314342-1-drosen@google.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      e71f99f2
    • Daniel Rosenberg's avatar
      ext4: fix no-key deletion for encrypt+casefold · 63e7f128
      Daniel Rosenberg authored
      commit 471fbbea ("ext4: handle casefolding with encryption") is
      missing a few checks for the encryption key which are needed to
      support deleting enrypted casefolded files when the key is not
      present.
      
      This bug made it impossible to delete encrypted+casefolded directories
      without the encryption key, due to errors like:
      
          W         : EXT4-fs warning (device vdc): __ext4fs_dirhash:270: inode #49202: comm Binder:378_4: Siphash requires key
      
      Repro steps in kvm-xfstests test appliance:
            mkfs.ext4 -F -E encoding=utf8 -O encrypt /dev/vdc
            mount /vdc
            mkdir /vdc/dir
            chattr +F /vdc/dir
            keyid=$(head -c 64 /dev/zero | xfs_io -c add_enckey /vdc | awk '{print $NF}')
            xfs_io -c "set_encpolicy $keyid" /vdc/dir
            for i in `seq 1 100`; do
                mkdir /vdc/dir/$i
            done
            xfs_io -c "rm_enckey $keyid" /vdc
            rm -rf /vdc/dir # fails with the bug
      
      Fixes: 471fbbea ("ext4: handle casefolding with encryption")
      Signed-off-by: default avatarDaniel Rosenberg <drosen@google.com>
      Link: https://lore.kernel.org/r/20210522004132.2142563-1-drosen@google.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      63e7f128
    • Alexey Makhalov's avatar
      ext4: fix memory leak in ext4_fill_super · afd09b61
      Alexey Makhalov authored
      Buffer head references must be released before calling kill_bdev();
      otherwise the buffer head (and its page referenced by b_data) will not
      be freed by kill_bdev, and subsequently that bh will be leaked.
      
      If blocksizes differ, sb_set_blocksize() will kill current buffers and
      page cache by using kill_bdev(). And then super block will be reread
      again but using correct blocksize this time. sb_set_blocksize() didn't
      fully free superblock page and buffer head, and being busy, they were
      not freed and instead leaked.
      
      This can easily be reproduced by calling an infinite loop of:
      
        systemctl start <ext4_on_lvm>.mount, and
        systemctl stop <ext4_on_lvm>.mount
      
      ... since systemd creates a cgroup for each slice which it mounts, and
      the bh leak get amplified by a dying memory cgroup that also never
      gets freed, and memory consumption is much more easily noticed.
      
      Fixes: ce40733c ("ext4: Check for return value from sb_set_blocksize")
      Fixes: ac27a0ec ("ext4: initial copy of files from ext3")
      Link: https://lore.kernel.org/r/20210521075533.95732-1-amakhalov@vmware.comSigned-off-by: default avatarAlexey Makhalov <amakhalov@vmware.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Cc: stable@kernel.org
      afd09b61
    • Harshad Shirwadkar's avatar
      ext4: fix fast commit alignment issues · a7ba36bc
      Harshad Shirwadkar authored
      Fast commit recovery data on disk may not be aligned. So, when the
      recovery code reads it, this patch makes sure that fast commit info
      found on-disk is first memcpy-ed into an aligned variable before
      accessing it. As a consequence of it, we also remove some macros that
      could resulted in unaligned accesses.
      
      Cc: stable@kernel.org
      Fixes: 8016e29f ("ext4: fast commit recovery path")
      Signed-off-by: default avatarHarshad Shirwadkar <harshadshirwadkar@gmail.com>
      Link: https://lore.kernel.org/r/20210519215920.2037527-1-harshads@google.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      a7ba36bc
    • Ye Bin's avatar
      ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed · 082cd4ec
      Ye Bin authored
      We got follow bug_on when run fsstress with injecting IO fault:
      [130747.323114] kernel BUG at fs/ext4/extents_status.c:762!
      [130747.323117] Internal error: Oops - BUG: 0 [#1] SMP
      ......
      [130747.334329] Call trace:
      [130747.334553]  ext4_es_cache_extent+0x150/0x168 [ext4]
      [130747.334975]  ext4_cache_extents+0x64/0xe8 [ext4]
      [130747.335368]  ext4_find_extent+0x300/0x330 [ext4]
      [130747.335759]  ext4_ext_map_blocks+0x74/0x1178 [ext4]
      [130747.336179]  ext4_map_blocks+0x2f4/0x5f0 [ext4]
      [130747.336567]  ext4_mpage_readpages+0x4a8/0x7a8 [ext4]
      [130747.336995]  ext4_readpage+0x54/0x100 [ext4]
      [130747.337359]  generic_file_buffered_read+0x410/0xae8
      [130747.337767]  generic_file_read_iter+0x114/0x190
      [130747.338152]  ext4_file_read_iter+0x5c/0x140 [ext4]
      [130747.338556]  __vfs_read+0x11c/0x188
      [130747.338851]  vfs_read+0x94/0x150
      [130747.339110]  ksys_read+0x74/0xf0
      
      This patch's modification is according to Jan Kara's suggestion in:
      https://patchwork.ozlabs.org/project/linux-ext4/patch/20210428085158.3728201-1-yebin10@huawei.com/
      "I see. Now I understand your patch. Honestly, seeing how fragile is trying
      to fix extent tree after split has failed in the middle, I would probably
      go even further and make sure we fix the tree properly in case of ENOSPC
      and EDQUOT (those are easily user triggerable).  Anything else indicates a
      HW problem or fs corruption so I'd rather leave the extent tree as is and
      don't try to fix it (which also means we will not create overlapping
      extents)."
      
      Cc: stable@kernel.org
      Signed-off-by: default avatarYe Bin <yebin10@huawei.com>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Link: https://lore.kernel.org/r/20210506141042.3298679-1-yebin10@huawei.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      082cd4ec
  5. 05 Jun, 2021 22 commits