1. 22 Aug, 2024 4 commits
    • Hannes Reinecke's avatar
      nvme-tcp: check for invalidated or revoked key · 5bc46b49
      Hannes Reinecke authored
      key_lookup() will always return a key, even if that key is revoked
      or invalidated. So check for invalid keys before continuing.
      Signed-off-by: default avatarHannes Reinecke <hare@kernel.org>
      Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarKeith Busch <kbusch@kernel.org>
      5bc46b49
    • Hannes Reinecke's avatar
      nvme-tcp: sanitize TLS key handling · 36389576
      Hannes Reinecke authored
      There is a difference between TLS configured (ie the user has
      provisioned/requested a key) and TLS enabled (ie the connection
      is encrypted with TLS). This becomes important for secure concatenation,
      where the initial authentication is run on an unencrypted connection
      (ie with TLS configured, but not enabled), and then the queue is reset to
      run over TLS (ie TLS configured _and_ enabled).
      So to differentiate between those two states store the generated
      key in opts->tls_key (as we're using the same TLS key for all queues),
      the key serial of the resulting TLS handshake in ctrl->tls_pskid
      (to signal that TLS on the admin queue is enabled), and a simple
      flag for the queues to indicated that TLS has been enabled.
      Signed-off-by: default avatarHannes Reinecke <hare@kernel.org>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarKeith Busch <kbusch@kernel.org>
      36389576
    • Hannes Reinecke's avatar
      nvme-keyring: restrict match length for version '1' identifiers · 79559c75
      Hannes Reinecke authored
      TP8018 introduced a new TLS PSK identifier version (version 1), which appended
      a PSK hash value to the existing identifier (cf NVMe TCP specification v1.1,
      section 3.6.1.3 'TLS PSK and PSK Identity Derivation').
      An original (version 0) identifier has the form:
      
      NVMe0<type><hmac> <hostnqn> <subsysnqn>
      
      and a version 1 identifier has the form:
      
      NVMe1<type><hmac> <hostnqn> <subsysnqn> <hash>
      
      This patch modifies the lookup algorthm to compare only the first part
      of the identifier (excluding the hash value) to handle both version 0 and
      version 1 identifiers.
      And the spec declares 'version 0' identifiers obsolete, so the lookup
      algorithm is modified to prever v1 identifiers.
      Signed-off-by: default avatarHannes Reinecke <hare@kernel.org>
      Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarKeith Busch <kbusch@kernel.org>
      79559c75
    • Stuart Hayes's avatar
      nvme_core: scan namespaces asynchronously · 4e893ca8
      Stuart Hayes authored
      Use async function calls to make namespace scanning happen in parallel.
      
      Without the patch, NVME namespaces are scanned serially, so it can take
      a long time for all of a controller's namespaces to become available,
      especially with a slower (TCP) interface with large number of
      namespaces.
      
      It is not uncommon to have large numbers (hundreds or thousands) of
      namespaces on nvme-of with storage servers.
      
      The time it took for all namespaces to show up after connecting (via
      TCP) to a controller with 1002 namespaces was measured on one system:
      
      network latency   without patch   with patch
           0                 6s            1s
          50ms             210s           10s
         100ms             417s           18s
      
      Measurements taken on another system show the effect of the patch on the
      time nvme_scan_work() took to complete, when connecting to a linux
      nvme-of target with varying numbers of namespaces, on a network of
      400us.
      
      namespaces    without patch   with patch
           1            16ms           14ms
           2            24ms           16ms
           4            49ms           22ms
           8           101ms           33ms
          16           207ms           56ms
         100           1.4s           0.6s
        1000          12.9s           2.0s
      
      On the same system, connecting to a local PCIe NVMe drive (a Samsung
      PM1733) instead of a network target:
      
      namespaces    without patch   with patch
           1            13ms           12ms
           2            41ms           13ms
      Signed-off-by: default avatarStuart Hayes <stuart.w.hayes@gmail.com>
      Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
      4e893ca8
  2. 16 Aug, 2024 1 commit
  3. 13 Aug, 2024 2 commits
  4. 12 Aug, 2024 1 commit
  5. 02 Aug, 2024 1 commit
  6. 28 Jul, 2024 19 commits
  7. 27 Jul, 2024 12 commits
    • Linus Torvalds's avatar
      Merge tag 'block-6.11-20240726' of git://git.kernel.dk/linux · 6342649c
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - NVMe pull request via Keith:
           - Fix request without payloads cleanup  (Leon)
           - Use new protection information format (Francis)
           - Improved debug message for lost pci link (Bart)
           - Another apst quirk (Wang)
           - Use appropriate sysfs api for printing chars (Markus)
      
       - ublk async device deletion fix (Ming)
      
       - drbd kerneldoc fixups (Simon)
      
       - Fix deadlock between sd removal and release (Yang)
      
      * tag 'block-6.11-20240726' of git://git.kernel.dk/linux:
        nvme-pci: add missing condition check for existence of mapped data
        ublk: fix UBLK_CMD_DEL_DEV_ASYNC handling
        block: fix deadlock between sd_remove & sd_release
        drbd: Add peer_device to Kernel doc
        nvme-core: choose PIF from QPIF if QPIFS supports and PIF is QTYPE
        nvme-pci: Fix the instructions for disabling power management
        nvme: remove redundant bdev local variable
        nvme-fabrics: Use seq_putc() in __nvmf_concat_opt_tokens()
        nvme/pci: Add APST quirk for Lenovo N60z laptop
      6342649c
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.11-20240726' of git://git.kernel.dk/linux · 8c930747
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
      
       - Fix a syzbot issue for the msg ring cache added in this release. No
         ill effects from this one, but it did make KMSAN unhappy (me)
      
       - Sanitize the NAPI timeout handling, by unifying the value handling
         into all ktime_t rather than converting back and forth (Pavel)
      
       - Fail NAPI registration for IOPOLL rings, it's not supported (Pavel)
      
       - Fix a theoretical issue with ring polling and cancelations (Pavel)
      
       - Various little cleanups and fixes (Pavel)
      
      * tag 'io_uring-6.11-20240726' of git://git.kernel.dk/linux:
        io_uring/napi: pass ktime to io_napi_adjust_timeout
        io_uring/napi: use ktime in busy polling
        io_uring/msg_ring: fix uninitialized use of target_req->flags
        io_uring: align iowq and task request error handling
        io_uring: kill REQ_F_CANCEL_SEQ
        io_uring: simplify io_uring_cmd return
        io_uring: fix io_match_task must_hold
        io_uring: don't allow netpolling with SETUP_IOPOLL
        io_uring: tighten task exit cancellations
      8c930747
    • Linus Torvalds's avatar
      Merge tag 'vfs-6.11-rc1.fixes.3' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs · bc4eee85
      Linus Torvalds authored
      Pull vfs fixes from Christian Brauner:
       "This contains two fixes for this merge window:
      
        VFS:
      
         - I noticed that it is possible for a privileged user to mount most
           filesystems with a non-initial user namespace in sb->s_user_ns.
      
           When fsopen() is called in a non-init namespace the caller's
           namespace is recorded in fs_context->user_ns. If the returned file
           descriptor is then passed to a process privileged in init_user_ns,
           that process can call fsconfig(fd_fs, FSCONFIG_CMD_CREATE*),
           creating a new superblock with sb->s_user_ns set to the namespace
           of the process which called fsopen().
      
           This is problematic as only filesystems that raise FS_USERNS_MOUNT
           are known to be able to support a non-initial s_user_ns. Others may
           suffer security issues, on-disk corruption or outright crash the
           kernel. Prevent that by restricting such delegation to filesystems
           that allow FS_USERNS_MOUNT.
      
           Note, that this delegation requires a privileged process to
           actually create the superblock so either the privileged process is
           cooperaing or someone must have tricked a privileged process into
           operating on a fscontext file descriptor whose origin it doesn't
           know (a stupid idea).
      
           The bug dates back to about 5 years afaict.
      
        Misc:
      
         - Fix hostfs parsing when the mount request comes in via the legacy
           mount api.
      
           In the legacy mount api hostfs allows to specify the host directory
           mount without any key.
      
           Restore that behavior"
      
      * tag 'vfs-6.11-rc1.fixes.3' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
        hostfs: fix the host directory parse when mounting.
        fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
      bc4eee85
    • Linus Torvalds's avatar
      Merge tag 'rust-6.11' of https://github.com/Rust-for-Linux/linux · 910bfc26
      Linus Torvalds authored
      Pull Rust updates from Miguel Ojeda:
       "The highlight is the establishment of a minimum version for the Rust
        toolchain, including 'rustc' (and bundled tools) and 'bindgen'.
      
        The initial minimum will be the pinned version we currently have, i.e.
        we are just widening the allowed versions. That covers three stable
        Rust releases: 1.78.0, 1.79.0, 1.80.0 (getting released tomorrow),
        plus beta, plus nightly.
      
        This should already be enough for kernel developers in distributions
        that provide recent Rust compiler versions routinely, such as Arch
        Linux, Debian Unstable (outside the freeze period), Fedora Linux,
        Gentoo Linux (especially the testing channel), Nix (unstable) and
        openSUSE Slowroll and Tumbleweed.
      
        In addition, the kernel is now being built-tested by Rust's pre-merge
        CI. That is, every change that is attempting to land into the Rust
        compiler is tested against the kernel, and it is merged only if it
        passes. Similarly, the bindgen tool has agreed to build the kernel in
        their CI too.
      
        Thus, with the pre-merge CI in place, both projects hope to avoid
        unintentional changes to Rust that break the kernel. This means that,
        in general, apart from intentional changes on their side (that we will
        need to workaround conditionally on our side), the upcoming Rust
        compiler versions should generally work.
      
        In addition, the Rust project has proposed getting the kernel into
        stable Rust (at least solving the main blockers) as one of its three
        flagship goals for 2024H2 [1].
      
        I would like to thank Niko, Sid, Emilio et al. for their help
        promoting the collaboration between Rust and the kernel.
      
        Toolchain and infrastructure:
      
         - Support several Rust toolchain versions.
      
         - Support several bindgen versions.
      
         - Remove 'cargo' requirement and simplify 'rusttest', thanks to
           'alloc' having been dropped last cycle.
      
         - Provide proper error reporting for the 'rust-analyzer' target.
      
        'kernel' crate:
      
         - Add 'uaccess' module with a safe userspace pointers abstraction.
      
         - Add 'page' module with a 'struct page' abstraction.
      
         - Support more complex generics in workqueue's 'impl_has_work!'
           macro.
      
        'macros' crate:
      
         - Add 'firmware' field support to the 'module!' macro.
      
         - Improve 'module!' macro documentation.
      
        Documentation:
      
         - Provide instructions on what packages should be installed to build
           the kernel in some popular Linux distributions.
      
         - Introduce the new kernel.org LLVM+Rust toolchains.
      
         - Explain '#[no_std]'.
      
        And a few other small bits"
      
      Link: https://rust-lang.github.io/rust-project-goals/2024h2/index.html#flagship-goals [1]
      
      * tag 'rust-6.11' of https://github.com/Rust-for-Linux/linux: (26 commits)
        docs: rust: quick-start: add section on Linux distributions
        rust: warn about `bindgen` versions 0.66.0 and 0.66.1
        rust: start supporting several `bindgen` versions
        rust: work around `bindgen` 0.69.0 issue
        rust: avoid assuming a particular `bindgen` build
        rust: start supporting several compiler versions
        rust: simplify Clippy warning flags set
        rust: relax most deny-level lints to warnings
        rust: allow `dead_code` for never constructed bindings
        rust: init: simplify from `map_err` to `inspect_err`
        rust: macros: indent list item in `paste!`'s docs
        rust: add abstraction for `struct page`
        rust: uaccess: add typed accessors for userspace pointers
        uaccess: always export _copy_[from|to]_user with CONFIG_RUST
        rust: uaccess: add userspace pointers
        kbuild: rust-analyzer: improve comment documentation
        kbuild: rust-analyzer: better error handling
        docs: rust: no_std is used
        rust: alloc: add __GFP_HIGHMEM flag
        rust: alloc: fix typo in docs for GFP_NOWAIT
        ...
      910bfc26
    • Linus Torvalds's avatar
      Merge tag 'apparmor-pr-2024-07-25' of... · ff305644
      Linus Torvalds authored
      Merge tag 'apparmor-pr-2024-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
      
      Pull apparmor updates from John Johansen:
       "Cleanups
         - optimization: try to avoid refing the label in apparmor_file_open
         - remove useless static inline function is_deleted
         - use kvfree_sensitive to free data->data
         - fix typo in kernel doc
      
        Bug fixes:
         - unpack transition table if dfa is not present
         - test: add MODULE_DESCRIPTION()
         - take nosymfollow flag into account
         - fix possible NULL pointer dereference
         - fix null pointer deref when receiving skb during sock creation"
      
      * tag 'apparmor-pr-2024-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
        apparmor: unpack transition table if dfa is not present
        apparmor: try to avoid refing the label in apparmor_file_open
        apparmor: test: add MODULE_DESCRIPTION()
        apparmor: take nosymfollow flag into account
        apparmor: fix possible NULL pointer dereference
        apparmor: fix typo in kernel doc
        apparmor: remove useless static inline function is_deleted
        apparmor: use kvfree_sensitive to free data->data
        apparmor: Fix null pointer deref when receiving skb during sock creation
      ff305644
    • Linus Torvalds's avatar
      Merge tag 'landlock-6.11-rc1-houdini-fix' of... · 86b405ad
      Linus Torvalds authored
      Merge tag 'landlock-6.11-rc1-houdini-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux
      
      Pull landlock fix from Mickaël Salaün:
       "Jann Horn reported a sandbox bypass for Landlock. This includes the
        fix and new tests. This should be backported"
      
      * tag 'landlock-6.11-rc1-houdini-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
        selftests/landlock: Add cred_transfer test
        landlock: Don't lose track of restrictions on cred_transfer
      86b405ad
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · 8e333791
      Linus Torvalds authored
      Pull gpio fix from Bartosz Golaszewski:
      
       - don't use sprintf() with non-constant format string
      
      * tag 'gpio-fixes-for-v6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: virtuser: avoid non-constant format string
      8e333791
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-6.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · bf80f139
      Linus Torvalds authored
      Pull more devicetree updates from Rob Herring:
       "Most of this is a treewide change to of_property_for_each_u32() which
        was small enough to do in one go before rc1 and avoids the need to
        create of_property_for_each_u32_some_new_name().
      
         - Treewide conversion of of_property_for_each_u32() to drop internal
           arguments making struct property opaque
      
         - Add binding for Amlogic A4 SoC watchdog
      
         - Fix constraints for AD7192 'single-channel' property"
      
      * tag 'devicetree-fixes-for-6.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        dt-bindings: iio: adc: ad7192: Fix 'single-channel' constraints
        of: remove internal arguments from of_property_for_each_u32()
        dt-bindings: watchdog: add support for Amlogic A4 SoCs
      bf80f139
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux · b465ed28
      Linus Torvalds authored
      Pull iommu fixes from Will Deacon:
       "We're still resolving a regression with the handling of unexpected
        page faults on SMMUv3, but we're not quite there with a fix yet.
      
         - Fix NULL dereference when freeing domain in Unisoc SPRD driver
      
         - Separate assignment statements with semicolons in AMD page-table
           code
      
         - Fix Tegra erratum workaround when the CPU is using 16KiB pages"
      
      * tag 'iommu-fixes-v6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux:
        iommu: arm-smmu: Fix Tegra workaround for PAGE_SIZE mappings
        iommu/amd: Convert comma to semicolon
        iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
      b465ed28
    • Linus Torvalds's avatar
      Merge tag 'firewire-fixes-6.11-rc1' of... · 04216211
      Linus Torvalds authored
      Merge tag 'firewire-fixes-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
      
      Pull firewire fixes from Takashi Sakamoto:
       "The recent integration of compiler collections introduced the
        technology to check flexible array length at runtime by providing
        proper annotations. In v6.10 kernel, a patch was merged into firewire
        subsystem to utilize it, however the annotation was inadequate.
      
        There is also the related change for the flexible array in sound
        subsystem, but it causes a regression where the data in the payload of
        isochronous packet is incorrect for some devices. These bugs are now
        fixed"
      
      * tag 'firewire-fixes-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
        ALSA: firewire-lib: fix wrong value as length of header for CIP_NO_HEADER case
        Revert "firewire: Annotate struct fw_iso_packet with __counted_by()"
      04216211
    • Linus Torvalds's avatar
      Merge tag 'spi-fix-v6.11-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · ab11658f
      Linus Torvalds authored
      Pull spi fixes from Mark Brown:
       "The bulk of this is a series of fixes for the microchip-core driver
        mostly originating from one of their customers, I also applied an
        additional patch adding support for controlling the word size which
        came along with it since it's still the merge window and clearly had a
        bunch of fairly thorough testing.
      
        We also have a fix for the compatible used to bind spidev to the
        BH2228FV"
      
      * tag 'spi-fix-v6.11-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: spidev: add correct compatible for Rohm BH2228FV
        dt-bindings: trivial-devices: fix Rohm BH2228FV compatible string
        spi: microchip-core: add support for word sizes of 1 to 32 bits
        spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer
        spi: microchip-core: fix init function not setting the master and motorola modes
        spi: microchip-core: only disable SPI controller when register value change requires it
        spi: microchip-core: defer asserting chip select until just before write to TX FIFO
        spi: microchip-core: fix the issues in the isr
      ab11658f
    • Linus Torvalds's avatar
      Merge tag 'regulator-fix-v6.11-merge-window' of... · 560e8050
      Linus Torvalds authored
      Merge tag 'regulator-fix-v6.11-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
      
      Pull regulator fixes from Mark Brown:
       "These two commits clean up the excessively loose dependencies for the
        RZG2L USB VBCTRL regulator driver, ensuring it shouldn't prompt for
        people who can't use it"
      
      * tag 'regulator-fix-v6.11-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
        regulator: Further restrict RZG2L USB VBCTRL regulator dependencies
        regulator: renesas-usb-vbus-regulator: Update the default
      560e8050