1. 23 Oct, 2022 6 commits
  2. 22 Oct, 2022 14 commits
  3. 21 Oct, 2022 20 commits
    • Linus Torvalds's avatar
      Merge tag '6.1-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · bd8e9634
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
      
       - memory leak fixes
      
       - fixes for directory leases, including an important one which fixes a
         problem noticed by git functional tests
      
       - fixes relating to missing free_xid calls (helpful for
         tracing/debugging of entry/exit into cifs.ko)
      
       - a multichannel fix
      
       - a small cleanup fix (use of list_move instead of list_del/list_add)
      
      * tag '6.1-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: update internal module number
        cifs: fix memory leaks in session setup
        cifs: drop the lease for cached directories on rmdir or rename
        smb3: interface count displayed incorrectly
        cifs: Fix memory leak when build ntlmssp negotiate blob failed
        cifs: set rc to -ENOENT if we can not get a dentry for the cached dir
        cifs: use LIST_HEAD() and list_move() to simplify code
        cifs: Fix xid leak in cifs_get_file_info_unix()
        cifs: Fix xid leak in cifs_ses_add_channel()
        cifs: Fix xid leak in cifs_flock()
        cifs: Fix xid leak in cifs_copy_file_range()
        cifs: Fix xid leak in cifs_create()
      bd8e9634
    • Linus Torvalds's avatar
      Merge tag 'nfsd-6.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux · 022c028f
      Linus Torvalds authored
      Pull nfsd fixes from Chuck Lever:
       "Fixes for patches merged in v6.1"
      
      * tag 'nfsd-6.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
        nfsd: ensure we always call fh_verify_error tracepoint
        NFSD: unregister shrinker when nfsd_init_net() fails
      022c028f
    • Chang S. Bae's avatar
      x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly · 471f0aa7
      Chang S. Bae authored
      When an extended state component is not present in fpstate, but in init
      state, the function copies from init_fpstate via copy_feature().
      
      But, dynamic states are not present in init_fpstate because of all-zeros
      init states. Then retrieving them from init_fpstate will explode like this:
      
       BUG: kernel NULL pointer dereference, address: 0000000000000000
       ...
       RIP: 0010:memcpy_erms+0x6/0x10
        ? __copy_xstate_to_uabi_buf+0x381/0x870
        fpu_copy_guest_fpstate_to_uabi+0x28/0x80
        kvm_arch_vcpu_ioctl+0x14c/0x1460 [kvm]
        ? __this_cpu_preempt_check+0x13/0x20
        ? vmx_vcpu_put+0x2e/0x260 [kvm_intel]
        kvm_vcpu_ioctl+0xea/0x6b0 [kvm]
        ? kvm_vcpu_ioctl+0xea/0x6b0 [kvm]
        ? __fget_light+0xd4/0x130
        __x64_sys_ioctl+0xe3/0x910
        ? debug_smp_processor_id+0x17/0x20
        ? fpregs_assert_state_consistent+0x27/0x50
        do_syscall_64+0x3f/0x90
        entry_SYSCALL_64_after_hwframe+0x63/0xcd
      
      Adjust the 'mask' to zero out the userspace buffer for the features that
      are not available both from fpstate and from init_fpstate.
      
      The dynamic features depend on the compacted XSAVE format. Ensure it is
      enabled before reading XCOMP_BV in init_fpstate.
      
      Fixes: 2308ee57 ("x86/fpu/amx: Enable the AMX feature in 64-bit mode")
      Reported-by: default avatarYuan Yao <yuan.yao@intel.com>
      Suggested-by: default avatarDave Hansen <dave.hansen@intel.com>
      Signed-off-by: default avatarChang S. Bae <chang.seok.bae@intel.com>
      Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
      Tested-by: default avatarYuan Yao <yuan.yao@intel.com>
      Link: https://lore.kernel.org/lkml/BYAPR11MB3717EDEF2351C958F2C86EED95259@BYAPR11MB3717.namprd11.prod.outlook.com/
      Link: https://lkml.kernel.org/r/20221021185844.13472-1-chang.seok.bae@intel.com
      471f0aa7
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · ed537795
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Two small changes, one in the lpfc driver and the other in the core.
      
        The core change is an additional footgun guard which prevents users
        from writing the wrong state to sysfs and causing a hang"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: lpfc: Fix memory leak in lpfc_create_port()
        scsi: core: Restrict legal sdev_state transitions via sysfs
      ed537795
    • Linus Torvalds's avatar
      Merge tag 'block-6.1-2022-10-20' of git://git.kernel.dk/linux · d4b7332e
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - NVMe pull request via Christoph:
            - fix nvme-hwmon for DMA non-cohehrent architectures (Serge Semin)
            - add a nvme-hwmong maintainer (Christoph Hellwig)
            - fix error pointer dereference in error handling (Dan Carpenter)
            - fix invalid memory reference in nvmet_subsys_attr_qid_max_show
              (Daniel Wagner)
            - don't limit the DMA segment size in nvme-apple (Russell King)
            - fix workqueue MEM_RECLAIM flushing dependency (Sagi Grimberg)
            - disable write zeroes on various Kingston SSDs (Xander Li)
      
       - fix a memory leak with block device tracing (Ye)
      
       - flexible-array fix for ublk (Yushan)
      
       - document the ublk recovery feature from this merge window
         (ZiyangZhang)
      
       - remove dead bfq variable in struct (Yuwei)
      
       - error handling rq clearing fix (Yu)
      
       - add an IRQ safety check for the cached bio freeing (Pavel)
      
       - drbd bio cloning fix (Christoph)
      
      * tag 'block-6.1-2022-10-20' of git://git.kernel.dk/linux:
        blktrace: remove unnessary stop block trace in 'blk_trace_shutdown'
        blktrace: fix possible memleak in '__blk_trace_remove'
        blktrace: introduce 'blk_trace_{start,stop}' helper
        bio: safeguard REQ_ALLOC_CACHE bio put
        block, bfq: remove unused variable for bfq_queue
        drbd: only clone bio if we have a backing device
        ublk_drv: use flexible-array member instead of zero-length array
        nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show
        nvmet: fix workqueue MEM_RECLAIM flushing dependency
        nvme-hwmon: kmalloc the NVME SMART log buffer
        nvme-hwmon: consistently ignore errors from nvme_hwmon_init
        nvme: add Guenther as nvme-hwmon maintainer
        nvme-apple: don't limit DMA segement size
        nvme-pci: disable write zeroes on various Kingston SSD
        nvme: fix error pointer dereference in error handling
        Documentation: document ublk user recovery feature
        blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
      d4b7332e
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.1-2022-10-20' of git://git.kernel.dk/linux · 294e73ff
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
      
       - Fix a potential memory leak in the error handling path of io-wq setup
         (Rafael)
      
       - Kill an errant debug statement that got added in this release (me)
      
       - Fix an oops with an invalid direct descriptor with IORING_OP_MSG_RING
         (Harshit)
      
       - Remove unneeded FFS_SCM flagging (Pavel)
      
       - Remove polling off the exit path (Pavel)
      
       - Move out direct descriptor debug check to the cleanup path (Pavel)
      
       - Use the proper helper rather than open-coding cached request get
         (Pavel)
      
      * tag 'io_uring-6.1-2022-10-20' of git://git.kernel.dk/linux:
        io-wq: Fix memory leak in worker creation
        io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd()
        io_uring/rw: remove leftover debug statement
        io_uring: don't iopoll from io_ring_ctx_wait_and_kill()
        io_uring: reuse io_alloc_req()
        io_uring: kill hot path fixed file bitmap debug checks
        io_uring: remove FFS_SCM
      294e73ff
    • Linus Torvalds's avatar
      Merge tag 'for-linus-6.1-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 1d61754c
      Linus Torvalds authored
      Pull xen fixes from Juergen Gross:
       "Just two fixes for the new 'virtio with grants' feature"
      
      * tag 'for-linus-6.1-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/virtio: Convert PAGE_SIZE/PAGE_SHIFT/PFN_UP to Xen counterparts
        xen/virtio: Handle cases when page offset > PAGE_SIZE properly
      1d61754c
    • Linus Torvalds's avatar
      Merge tag 'selinux-pr-20221020' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux · 0de0b768
      Linus Torvalds authored
      Pull selinux fix from Paul Moore:
       "A small SELinux fix for a GFP_KERNEL allocation while a spinlock is
        held.
      
        The patch, while still fairly small, is a bit larger than one might
        expect from a simple s/GFP_KERNEL/GFP_ATOMIC/ conversion because we
        added support for the function to be called with different gfp flags
        depending on the context, preserving GFP_KERNEL for those cases that
        can safely sleep"
      
      * tag 'selinux-pr-20221020' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
        selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
      0de0b768
    • Linus Torvalds's avatar
      Merge tag 'mm-hotfixes-stable-2022-10-20' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm · 440b7895
      Linus Torvalds authored
      Pull misc fixes from Andrew Morron:
       "Seventeen hotfixes, mainly for MM.
      
        Five are cc:stable and the remainder address post-6.0 issues"
      
      * tag 'mm-hotfixes-stable-2022-10-20' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
        nouveau: fix migrate_to_ram() for faulting page
        mm/huge_memory: do not clobber swp_entry_t during THP split
        hugetlb: fix memory leak associated with vma_lock structure
        mm/page_alloc: reduce potential fragmentation in make_alloc_exact()
        mm: /proc/pid/smaps_rollup: fix maple tree search
        mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
        mm/mmap: fix MAP_FIXED address return on VMA merge
        mm/mmap.c: __vma_adjust(): suppress uninitialized var warning
        mm/mmap: undo ->mmap() when mas_preallocate() fails
        init: Kconfig: fix spelling mistake "satify" -> "satisfy"
        ocfs2: clear dinode links count in case of error
        ocfs2: fix BUG when iput after ocfs2_mknod fails
        gcov: support GCC 12.1 and newer compilers
        zsmalloc: zs_destroy_pool: add size_class NULL check
        mm/mempolicy: fix mbind_range() arguments to vma_merge()
        mailmap: update email for Qais Yousef
        mailmap: update Dan Carpenter's email address
      440b7895
    • Linus Torvalds's avatar
      Merge tag 'trace-tools-6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace · ce3d90a8
      Linus Torvalds authored
      Pull tracing tool update from Steven Rostedt:
      
       - Make dot2c generate monitor's automata definition static
      
      * tag 'trace-tools-6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
        rv/dot2c: Make automaton definition static
      ce3d90a8
    • Linus Torvalds's avatar
      Merge tag 'linux-watchdog-6.1-rc2' of git://www.linux-watchdog.org/linux-watchdog · 4f1e0c18
      Linus Torvalds authored
      Pull watchdog updates from Wim Van Sebroeck:
      
       - Add tracing events for the most common watchdog events
      
      * tag 'linux-watchdog-6.1-rc2' of git://www.linux-watchdog.org/linux-watchdog:
        watchdog: Add tracing events for the most usual watchdog events
      4f1e0c18
    • Rafael J. Wysocki's avatar
      Merge branches 'acpi-scan', 'acpi-resource', 'acpi-apei', 'acpi-extlog' and 'acpi-docs' · 3f8deab6
      Rafael J. Wysocki authored
      Merge assorted ACPI fixes for 6.1-rc2:
      
       - Fix resource list walk in acpi_dma_get_range() (Robin Murphy).
      
       - Add IRQ override quirk for LENOVO IdeaPad and extend the IRQ
         override warning message (Jiri Slaby).
      
       - Fix integer overflow in ghes_estatus_pool_init() (Ashish Kalra).
      
       - Fix multiple error records handling in one of the ACPI extlog driver
         code paths (Tony Luck).
      
       - Prune DSDT override documentation from index after dropping it (Bagas
         Sanjaya).
      
      * acpi-scan:
        ACPI: scan: Fix DMA range assignment
      
      * acpi-resource:
        ACPI: resource: note more about IRQ override
        ACPI: resource: do IRQ override on LENOVO IdeaPad
      
      * acpi-apei:
        ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
      
      * acpi-extlog:
        ACPI: extlog: Handle multiple records
      
      * acpi-docs:
        Documentation: ACPI: Prune DSDT override documentation from index
      3f8deab6
    • Chen Zhongjin's avatar
      x86/unwind/orc: Fix unreliable stack dump with gcov · 230db824
      Chen Zhongjin authored
      When a console stack dump is initiated with CONFIG_GCOV_PROFILE_ALL
      enabled, show_trace_log_lvl() gets out of sync with the ORC unwinder,
      causing the stack trace to show all text addresses as unreliable:
      
        # echo l > /proc/sysrq-trigger
        [  477.521031] sysrq: Show backtrace of all active CPUs
        [  477.523813] NMI backtrace for cpu 0
        [  477.524492] CPU: 0 PID: 1021 Comm: bash Not tainted 6.0.0 #65
        [  477.525295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-1.fc36 04/01/2014
        [  477.526439] Call Trace:
        [  477.526854]  <TASK>
        [  477.527216]  ? dump_stack_lvl+0xc7/0x114
        [  477.527801]  ? dump_stack+0x13/0x1f
        [  477.528331]  ? nmi_cpu_backtrace.cold+0xb5/0x10d
        [  477.528998]  ? lapic_can_unplug_cpu+0xa0/0xa0
        [  477.529641]  ? nmi_trigger_cpumask_backtrace+0x16a/0x1f0
        [  477.530393]  ? arch_trigger_cpumask_backtrace+0x1d/0x30
        [  477.531136]  ? sysrq_handle_showallcpus+0x1b/0x30
        [  477.531818]  ? __handle_sysrq.cold+0x4e/0x1ae
        [  477.532451]  ? write_sysrq_trigger+0x63/0x80
        [  477.533080]  ? proc_reg_write+0x92/0x110
        [  477.533663]  ? vfs_write+0x174/0x530
        [  477.534265]  ? handle_mm_fault+0x16f/0x500
        [  477.534940]  ? ksys_write+0x7b/0x170
        [  477.535543]  ? __x64_sys_write+0x1d/0x30
        [  477.536191]  ? do_syscall_64+0x6b/0x100
        [  477.536809]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
        [  477.537609]  </TASK>
      
      This happens when the compiled code for show_stack() has a single word
      on the stack, and doesn't use a tail call to show_stack_log_lvl().
      (CONFIG_GCOV_PROFILE_ALL=y is the only known case of this.)  Then the
      __unwind_start() skip logic hits an off-by-one bug and fails to unwind
      all the way to the intended starting frame.
      
      Fix it by reverting the following commit:
      
        f1d9a2ab ("x86/unwind/orc: Don't skip the first frame for inactive tasks")
      
      The original justification for that commit no longer exists.  That
      original issue was later fixed in a different way, with the following
      commit:
      
        f2ac57a4 ("x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels")
      
      Fixes: f1d9a2ab ("x86/unwind/orc: Don't skip the first frame for inactive tasks")
      Signed-off-by: default avatarChen Zhongjin <chenzhongjin@huawei.com>
      [jpoimboe: rewrite commit log]
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
      Signed-off-by: default avatarPeter Zijlstra <peterz@infradead.org>
      230db824
    • Ard Biesheuvel's avatar
      efi: runtime: Don't assume virtual mappings are missing if VA == PA == 0 · 37926f96
      Ard Biesheuvel authored
      The generic EFI stub can be instructed to avoid SetVirtualAddressMap(),
      and simply run with the firmware's 1:1 mapping. In this case, it
      populates the virtual address fields of the runtime regions in the
      memory map with the physical address of each region, so that the mapping
      code has to be none the wiser. Only if SetVirtualAddressMap() fails, the
      virtual addresses are wiped and the kernel code knows that the regions
      cannot be mapped.
      
      However, wiping amounts to setting it to zero, and if a runtime region
      happens to live at physical address 0, its valid 1:1 mapped virtual
      address could be mistaken for a wiped field, resulting on loss of access
      to the EFI services at runtime.
      
      So let's only assume that VA == 0 means 'no runtime services' if the
      region in question does not live at PA 0x0.
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      37926f96
    • Ard Biesheuvel's avatar
      efi: libstub: Fix incorrect payload size in zboot header · 53a7ea28
      Ard Biesheuvel authored
      The linker script symbol definition that captures the size of the
      compressed payload inside the zboot decompressor (which is exposed via
      the image header) refers to '.' for the end of the region, which does
      not give the correct result as the expression is not placed at the end
      of the payload. So use the symbol name explicitly.
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      53a7ea28
    • Ard Biesheuvel's avatar
      efi: libstub: Give efi_main() asmlinkage qualification · db14655a
      Ard Biesheuvel authored
      To stop the bots from sending sparse warnings to me and the list about
      efi_main() not having a prototype, decorate it with asmlinkage so that
      it is clear that it is called from assembly, and therefore needs to
      remain external, even if it is never declared in a header file.
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      db14655a
    • Ard Biesheuvel's avatar
      efi: efivars: Fix variable writes without query_variable_store() · 8a254d90
      Ard Biesheuvel authored
      Commit bbc6d2c6 ("efi: vars: Switch to new wrapper layer")
      refactored the efivars layer so that the 'business logic' related to
      which UEFI variables affect the boot flow in which way could be moved
      out of it, and into the efivarfs driver.
      
      This inadvertently broke setting variables on firmware implementations
      that lack the QueryVariableInfo() boot service, because we no longer
      tolerate a EFI_UNSUPPORTED result from check_var_size() when calling
      efivar_entry_set_get_size(), which now ends up calling check_var_size()
      a second time inadvertently.
      
      If QueryVariableInfo() is missing, we support writes of up to 64k -
      let's move that logic into check_var_size(), and drop the redundant
      call.
      
      Cc: <stable@vger.kernel.org> # v6.0
      Fixes: bbc6d2c6 ("efi: vars: Switch to new wrapper layer")
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      8a254d90
    • Ard Biesheuvel's avatar
      efi: ssdt: Don't free memory if ACPI table was loaded successfully · 4b017e59
      Ard Biesheuvel authored
      Amadeusz reports KASAN use-after-free errors introduced by commit
      3881ee0b ("efi: avoid efivars layer when loading SSDTs from
      variables"). The problem appears to be that the memory that holds the
      new ACPI table is now freed unconditionally, instead of only when the
      ACPI core reported a failure to load the table.
      
      So let's fix this, by omitting the kfree() on success.
      
      Cc: <stable@vger.kernel.org> # v6.0
      Link: https://lore.kernel.org/all/a101a10a-4fbb-5fae-2e3c-76cf96ed8fbd@linux.intel.com/
      Fixes: 3881ee0b ("efi: avoid efivars layer when loading SSDTs from variables")
      Reported-by: default avatarAmadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      4b017e59
    • Ard Biesheuvel's avatar
      efi: libstub: Remove zboot signing from build options · f57fb375
      Ard Biesheuvel authored
      The zboot decompressor series introduced a feature to sign the PE/COFF
      kernel image for secure boot as part of the kernel build. This was
      necessary because there are actually two images that need to be signed:
      the kernel with the EFI stub attached, and the decompressor application.
      
      This is a bit of a burden, because it means that the images must be
      signed on the the same system that performs the build, and this is not
      realistic for distros.
      
      During the next cycle, we will introduce changes to the zboot code so
      that the inner image no longer needs to be signed. This means that the
      outer PE/COFF image can be handled as usual, and be signed later in the
      release process.
      
      Let's remove the associated Kconfig options now so that they don't end
      up in a LTS release while already being deprecated.
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      f57fb375
    • Jerry Snitselaar's avatar
      iommu/vt-d: Clean up si_domain in the init_dmars() error path · 620bf9f9
      Jerry Snitselaar authored
      A splat from kmem_cache_destroy() was seen with a kernel prior to
      commit ee2653bb ("iommu/vt-d: Remove domain and devinfo mempool")
      when there was a failure in init_dmars(), because the iommu_domain
      cache still had objects. While the mempool code is now gone, there
      still is a leak of the si_domain memory if init_dmars() fails. So
      clean up si_domain in the init_dmars() error path.
      
      Cc: Lu Baolu <baolu.lu@linux.intel.com>
      Cc: Joerg Roedel <joro@8bytes.org>
      Cc: Will Deacon <will@kernel.org>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Fixes: 86080ccc ("iommu/vt-d: Allocate si_domain in init_dmars()")
      Signed-off-by: default avatarJerry Snitselaar <jsnitsel@redhat.com>
      Link: https://lore.kernel.org/r/20221010144842.308890-1-jsnitsel@redhat.comSigned-off-by: default avatarLu Baolu <baolu.lu@linux.intel.com>
      Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
      620bf9f9