1. 18 Oct, 2021 9 commits
  2. 11 Oct, 2021 11 commits
  3. 03 Oct, 2021 12 commits
    • Linus Torvalds's avatar
      Linux 5.15-rc4 · 9e1ff307
      Linus Torvalds authored
      9e1ff307
    • Chen Jingwen's avatar
      elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings · 9b2f72cc
      Chen Jingwen authored
      In commit b212921b ("elf: don't use MAP_FIXED_NOREPLACE for elf
      executable mappings") we still leave MAP_FIXED_NOREPLACE in place for
      load_elf_interp.
      
      Unfortunately, this will cause kernel to fail to start with:
      
          1 (init): Uhuuh, elf segment at 00003ffff7ffd000 requested but the memory is mapped already
          Failed to execute /init (error -17)
      
      The reason is that the elf interpreter (ld.so) has overlapping segments.
      
        readelf -l ld-2.31.so
        Program Headers:
          Type           Offset             VirtAddr           PhysAddr
                         FileSiz            MemSiz              Flags  Align
          LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                         0x000000000002c94c 0x000000000002c94c  R E    0x10000
          LOAD           0x000000000002dae0 0x000000000003dae0 0x000000000003dae0
                         0x00000000000021e8 0x0000000000002320  RW     0x10000
          LOAD           0x000000000002fe00 0x000000000003fe00 0x000000000003fe00
                         0x00000000000011ac 0x0000000000001328  RW     0x10000
      
      The reason for this problem is the same as described in commit
      ad55eac7 ("elf: enforce MAP_FIXED on overlaying elf segments").
      
      Not only executable binaries, elf interpreters (e.g. ld.so) can have
      overlapping elf segments, so we better drop MAP_FIXED_NOREPLACE and go
      back to MAP_FIXED in load_elf_interp.
      
      Fixes: 4ed28639 ("fs, elf: drop MAP_FIXED usage from elf_map")
      Cc: <stable@vger.kernel.org> # v4.19
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: default avatarChen Jingwen <chenjingwen6@huawei.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9b2f72cc
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · ca3cef46
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "Fix a number of ext4 bugs in fast_commit, inline data, and delayed
        allocation.
      
        Also fix error handling code paths in ext4_dx_readdir() and
        ext4_fill_super().
      
        Finally, avoid a grabbing a journal head in the delayed allocation
        write in the common cases where we are overwriting a pre-existing
        block or appending to an inode"
      
      * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: recheck buffer uptodate bit under buffer lock
        ext4: fix potential infinite loop in ext4_dx_readdir()
        ext4: flush s_error_work before journal destroy in ext4_fill_super
        ext4: fix loff_t overflow in ext4_max_bitmap_size()
        ext4: fix reserved space counter leakage
        ext4: limit the number of blocks in one ADD_RANGE TLV
        ext4: enforce buffer head state assertion in ext4_da_map_blocks
        ext4: remove extent cache entries when truncating inline data
        ext4: drop unnecessary journal handle in delalloc write
        ext4: factor out write end code of inline file
        ext4: correct the error path of ext4_write_inline_data_end()
        ext4: check and update i_disksize properly
        ext4: add error checking to ext4_ext_replay_set_iblocks()
      ca3cef46
    • Linus Torvalds's avatar
      objtool: print out the symbol type when complaining about it · 7fab1c12
      Linus Torvalds authored
      The objtool warning that the kvm instruction emulation code triggered
      wasn't very useful:
      
          arch/x86/kvm/emulate.o: warning: objtool: __ex_table+0x4: don't know how to handle reloc symbol type: kvm_fastop_exception
      
      in that it helpfully tells you which symbol name it had trouble figuring
      out the relocation for, but it doesn't actually say what the unknown
      symbol type was that triggered it all.
      
      In this case it was because of missing type information (type 0, aka
      STT_NOTYPE), but on the whole it really should just have printed that
      out as part of the message.
      
      Because if this warning triggers, that's very much the first thing you
      want to know - why did reloc2sec_off() return failure for that symbol?
      
      So rather than just saying you can't handle some type of symbol without
      saying what the type _was_, just print out the type number too.
      
      Fixes: 24ff6525 ("objtool: Teach get_alt_entry() about more relocation types")
      Link: https://lore.kernel.org/lkml/CAHk-=wiZwq-0LknKhXN4M+T8jbxn_2i9mcKpO+OaBSSq_Eh7tg@mail.gmail.com/Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7fab1c12
    • Linus Torvalds's avatar
      kvm: fix objtool relocation warning · 291073a5
      Linus Torvalds authored
      The recent change to make objtool aware of more symbol relocation types
      (commit 24ff6525: "objtool: Teach get_alt_entry() about more
      relocation types") also added another check, and resulted in this
      objtool warning when building kvm on x86:
      
          arch/x86/kvm/emulate.o: warning: objtool: __ex_table+0x4: don't know how to handle reloc symbol type: kvm_fastop_exception
      
      The reason seems to be that kvm_fastop_exception() is marked as a global
      symbol, which causes the relocation to ke kept around for objtool.  And
      at the same time, the kvm_fastop_exception definition (which is done as
      an inline asm statement) doesn't actually set the type of the global,
      which then makes objtool unhappy.
      
      The minimal fix is to just not mark kvm_fastop_exception as being a
      global symbol.  It's only used in that one compilation unit anyway, so
      it was always pointless.  That's how all the other local exception table
      labels are done.
      
      I'm not entirely happy about the kinds of games that the kvm code plays
      with doing its own exception handling, and the fact that it confused
      objtool is most definitely a symptom of the code being a bit too subtle
      and ad-hoc.  But at least this trivial one-liner makes objtool no longer
      upset about what is going on.
      
      Fixes: 24ff6525 ("objtool: Teach get_alt_entry() about more relocation types")
      Link: https://lore.kernel.org/lkml/CAHk-=wiZwq-0LknKhXN4M+T8jbxn_2i9mcKpO+OaBSSq_Eh7tg@mail.gmail.com/
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Sean Christopherson <seanjc@google.com>
      Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
      Cc: Wanpeng Li <wanpengli@tencent.com>
      Cc: Jim Mattson <jmattson@google.com>
      Cc: Joerg Roedel <joro@8bytes.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Nathan Chancellor <nathan@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      291073a5
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 6761a0ae
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small misc driver fixes for 5.15-rc4. They are in two
        "groups":
      
         - ipack driver fixes for issues found by Johan Hovold
      
         - interconnect driver fixes for reported problems
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'char-misc-5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        ipack: ipoctal: fix module reference leak
        ipack: ipoctal: fix missing allocation-failure check
        ipack: ipoctal: fix tty-registration error handling
        ipack: ipoctal: fix tty registration race
        ipack: ipoctal: fix stack information leak
        interconnect: qcom: sdm660: Add missing a2noc qos clocks
        dt-bindings: interconnect: sdm660: Add missing a2noc qos clocks
        interconnect: qcom: sdm660: Correct NOC_QOS_PRIORITY shift and mask
        interconnect: qcom: sdm660: Fix id of slv_cnoc_mnoc_cfg
      6761a0ae
    • Linus Torvalds's avatar
      Merge tag 'driver-core-5.15-rc4' of... · 84928ce3
      Linus Torvalds authored
      Merge tag 'driver-core-5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core fixes from Greg KH:
       "Here are some driver core and kernfs fixes for reported issues for
        5.15-rc4. These fixes include:
      
         - kernfs positive dentry bugfix
      
         - debugfs_create_file_size error path fix
      
         - cpumask sysfs file bugfix to preserve the user/kernel abi (has been
           reported multiple times.)
      
         - devlink fixes for mdiobus devices as reported by the subsystem
           maintainers.
      
        Also included in here are some devlink debugging changes to make it
        easier for people to report problems when asked. They have already
        helped with the mdiobus and other subsystems reporting issues.
      
        All of these have been linux-next for a while with no reported issues"
      
      * tag 'driver-core-5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        kernfs: also call kernfs_set_rev() for positive dentry
        driver core: Add debug logs when fwnode links are added/deleted
        driver core: Create __fwnode_link_del() helper function
        driver core: Set deferred probe reason when deferred by driver core
        net: mdiobus: Set FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD for mdiobus parents
        driver core: fw_devlink: Add support for FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD
        driver core: fw_devlink: Improve handling of cyclic dependencies
        cpumask: Omit terminating null byte in cpumap_print_{list,bitmask}_to_buf
        debugfs: debugfs_create_file_size(): use IS_ERR to check for error
      84928ce3
    • Linus Torvalds's avatar
      Merge tag 'sched_urgent_for_v5.15_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 777feaba
      Linus Torvalds authored
      Pull scheduler fixes from Borislav Petkov:
      
       - Tell the compiler to always inline is_percpu_thread()
      
       - Make sure tunable_scaling buffer is null-terminated after an update
         in sysfs
      
       - Fix LTP named regression due to cgroup list ordering
      
      * tag 'sched_urgent_for_v5.15_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched: Always inline is_percpu_thread()
        sched/fair: Null terminate buffer when updating tunable_scaling
        sched/fair: Add ancestors of unthrottled undecayed cfs_rq
      777feaba
    • Linus Torvalds's avatar
      Merge tag 'perf_urgent_for_v5.15_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 3a399a2b
      Linus Torvalds authored
      Pull perf fixes from Borislav Petkov:
      
       - Make sure the destroy callback is reset when a event initialization
         fails
      
       - Update the event constraints for Icelake
      
       - Make sure the active time of an event is updated even for inactive
         events
      
      * tag 'perf_urgent_for_v5.15_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/core: fix userpage->time_enabled of inactive events
        perf/x86/intel: Update event constraints for ICX
        perf/x86: Reset destroy callback on event init failure
      3a399a2b
    • Linus Torvalds's avatar
      Merge tag 'objtool_urgent_for_v5.15_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 52c3c170
      Linus Torvalds authored
      Pull objtool fix from Borislav Petkov:
      
       - Handle symbol relocations properly due to changes in the toolchains
         which remove section symbols now
      
      * tag 'objtool_urgent_for_v5.15_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        objtool: Teach get_alt_entry() about more relocation types
      52c3c170
    • Linus Torvalds's avatar
      Merge tag 'hwmon-for-v5.15-rc4' of... · 7b66f439
      Linus Torvalds authored
      Merge tag 'hwmon-for-v5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
      
      Pull hwmon fixes from Guenter Roeck:
      
       - Fixed various potential NULL pointer accesses in w8379* drivers
      
       - Improved error handling, fault reporting, and fixed rounding in
         thmp421 driver
      
       - Fixed error handling in ltc2947 driver
      
       - Added missing attribute to pmbus/mp2975 driver
      
       - Fixed attribute values in pbus/ibm-cffps, occ, and mlxreg-fan
         drivers
      
       - Removed unused residual code from k10temp driver
      
      * tag 'hwmon-for-v5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
        hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
        hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
        hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field
        hwmon: (pmbus/mp2975) Add missed POUT attribute for page 1 mp2975 controller
        hwmon: (pmbus/ibm-cffps) max_power_out swap changes
        hwmon: (occ) Fix P10 VRM temp sensors
        hwmon: (ltc2947) Properly handle errors when looking for the external clock
        hwmon: (tmp421) fix rounding for negative values
        hwmon: (tmp421) report /PVLD condition as fault
        hwmon: (tmp421) handle I2C errors
        hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
        hwmon: (k10temp) Remove residues of current and voltage
      7b66f439
    • Linus Torvalds's avatar
      Merge tag '5.15-rc3-ksmbd-fixes' of git://git.samba.org/ksmbd · e25ca045
      Linus Torvalds authored
      Pull ksmbd server fixes from Steve French:
       "Eleven fixes for the ksmbd kernel server, mostly security related:
      
         - an important fix for disabling weak NTLMv1 authentication
      
         - seven security (improved buffer overflow checks) fixes
      
         - fix for wrong infolevel struct used in some getattr/setattr paths
      
         - two small documentation fixes"
      
      * tag '5.15-rc3-ksmbd-fixes' of git://git.samba.org/ksmbd:
        ksmbd: missing check for NULL in convert_to_nt_pathname()
        ksmbd: fix transform header validation
        ksmbd: add buffer validation for SMB2_CREATE_CONTEXT
        ksmbd: add validation in smb2 negotiate
        ksmbd: add request buffer validation in smb2_set_info
        ksmbd: use correct basic info level in set_file_basic_info()
        ksmbd: remove NTLMv1 authentication
        ksmbd: fix documentation for 2 functions
        MAINTAINERS: rename cifs_common to smbfs_common in cifs and ksmbd entry
        ksmbd: fix invalid request buffer access in compound
        ksmbd: remove RFC1002 check in smb2 request
      e25ca045
  4. 02 Oct, 2021 8 commits
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 9904468f
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Five fairly minor fixes and spelling updates, all in drivers. Even
        though the ufs fix is in tracing, it's a potentially exploitable use
        beyond end of array bug"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: csiostor: Add module softdep on cxgb4
        scsi: qla2xxx: Fix excessive messages during device logout
        scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
        scsi: ses: Fix unsigned comparison with less than zero
        scsi: ufs: Fix illegal offset in UPIU event trace
      9904468f
    • Linus Torvalds's avatar
      Merge tag 'block-5.15-2021-10-01' of git://git.kernel.dk/linux-block · ab2a7a35
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A few block fixes for this release:
      
         - Revert a BFQ commit that causes breakage for people. Unfortunately
           it was auto-selected for stable as well, so now 5.14.7 suffers from
           it too. Hopefully stable will pick up this revert quickly too, so
           we can remove the issue on that end as well.
      
         - Add a quirk for Apple NVMe controllers, which due to their
           non-compliance broke due to the introduction of command sequences
           (Keith)
      
         - Use shifts in nbd, fixing a __divdi3 issue (Nick)"
      
      * tag 'block-5.15-2021-10-01' of git://git.kernel.dk/linux-block:
        nbd: use shifts rather than multiplies
        Revert "block, bfq: honor already-setup queue merges"
        nvme: add command id quirk for apple controllers
      ab2a7a35
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.15-2021-10-01' of git://git.kernel.dk/linux-block · 65893b49
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "Two fixes in here:
      
         - The signal issue that was discussed start of this week (me).
      
         - Kill dead fasync support in io_uring. Looks like it was broken
           since io_uring was initially merged, and given that nobody has ever
           complained about it, let's just kill it (Pavel)"
      
      * tag 'io_uring-5.15-2021-10-01' of git://git.kernel.dk/linux-block:
        io_uring: kill fasync
        io-wq: exclusively gate signal based exit on get_signal() return
      65893b49
    • Linus Torvalds's avatar
      Merge tag 'libnvdimm-fixes-5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · f05c6437
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
       "A fix for a regression added this cycle in the pmem driver, and for a
        long standing bug for failed NUMA node lookups on ARM64.
      
        This has appeared in -next for several days with no reported issues.
      
        Summary:
      
         - Fix a regression that caused the sysfs ABI for pmem block devices
           to not be registered. This fails the nvdimm unit tests and dax
           xfstests.
      
         - Fix numa node lookups for dax-kmem memory (device-dax memory
           assigned to the page allocator) on ARM64"
      
      * tag 'libnvdimm-fixes-5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        nvdimm/pmem: fix creating the dax group
        ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect
      f05c6437
    • Dave Wysochanski's avatar
      cachefiles: Fix oops in trace_cachefiles_mark_buried due to NULL object · 6e9bfdcf
      Dave Wysochanski authored
      In cachefiles_mark_object_buried, the dentry in question may not have an
      owner, and thus our cachefiles_object pointer may be NULL when calling
      the tracepoint, in which case we will also not have a valid debug_id to
      print in the tracepoint.
      
      Check for NULL object in the tracepoint and if so, just set debug_id to
      MAX_UINT as was done in 2908f5e1 ("fscache: Add a cookie debug ID
      and use that in traces").
      
      This fixes the following oops:
      
          FS-Cache: Cache "mycache" added (type cachefiles)
          CacheFiles: File cache on vdc registered
          ...
          Workqueue: fscache_object fscache_object_work_func [fscache]
          RIP: 0010:trace_event_raw_event_cachefiles_mark_buried+0x4e/0xa0 [cachefiles]
          ....
          Call Trace:
           cachefiles_mark_object_buried+0xa5/0xb0 [cachefiles]
           cachefiles_bury_object+0x270/0x430 [cachefiles]
           cachefiles_walk_to_object+0x195/0x9c0 [cachefiles]
           cachefiles_lookup_object+0x5a/0xc0 [cachefiles]
           fscache_look_up_object+0xd7/0x160 [fscache]
           fscache_object_work_func+0xb2/0x340 [fscache]
           process_one_work+0x1f1/0x390
           worker_thread+0x53/0x3e0
           kthread+0x127/0x150
      
      Fixes: 2908f5e1 ("fscache: Add a cookie debug ID and use that in traces")
      Signed-off-by: default avatarDave Wysochanski <dwysocha@redhat.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: linux-cachefs@redhat.com
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6e9bfdcf
    • Hugh Dickins's avatar
      drm/i915: fix blank screen booting crashes · cdc1e6e2
      Hugh Dickins authored
      5.15-rc1 crashes with blank screen when booting up on two ThinkPads
      using i915.  Bisections converge convincingly, but arrive at different
      and suprising "culprits", none of them the actual culprit.
      
      netconsole (with init_netconsole() hacked to call i915_init() when
      logging has started, instead of by module_init()) tells the story:
      
      kernel BUG at drivers/gpu/drm/i915/i915_sw_fence.c:245!
      with RSI: ffffffff814d408b pointing to sw_fence_dummy_notify().
      I've been building with CONFIG_CC_OPTIMIZE_FOR_SIZE=y, and that
      function needs to be 4-byte aligned.
      
      Fixes: 62eaf0ae ("drm/i915/guc: Support request cancellation")
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Tested-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cdc1e6e2
    • Nadezda Lutovinova's avatar
      hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field · dd4d747e
      Nadezda Lutovinova authored
      If driver read tmp value sufficient for
      (tmp & 0x08) && (!(tmp & 0x80)) && ((tmp & 0x7) == ((tmp >> 4) & 0x7))
      from device then Null pointer dereference occurs.
      (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers)
      Also lm75[] does not serve a purpose anymore after switching to
      devm_i2c_new_dummy_device() in w83791d_detect_subclients().
      
      The patch fixes possible NULL pointer dereference by removing lm75[].
      
      Found by Linux Driver Verification project (linuxtesting.org).
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarNadezda Lutovinova <lutovinova@ispras.ru>
      Link: https://lore.kernel.org/r/20210921155153.28098-3-lutovinova@ispras.ru
      [groeck: Dropped unnecessary continuation lines, fixed multi-line alignments]
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      dd4d747e
    • Nadezda Lutovinova's avatar
      hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field · 0f36b881
      Nadezda Lutovinova authored
      If driver read val value sufficient for
      (val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7))
      from device then Null pointer dereference occurs.
      (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers)
      Also lm75[] does not serve a purpose anymore after switching to
      devm_i2c_new_dummy_device() in w83791d_detect_subclients().
      
      The patch fixes possible NULL pointer dereference by removing lm75[].
      
      Found by Linux Driver Verification project (linuxtesting.org).
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarNadezda Lutovinova <lutovinova@ispras.ru>
      Link: https://lore.kernel.org/r/20210921155153.28098-2-lutovinova@ispras.ru
      [groeck: Dropped unnecessary continuation lines, fixed multipline alignment]
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      0f36b881