1. 22 May, 2021 3 commits
  2. 21 May, 2021 20 commits
  3. 20 May, 2021 17 commits
    • Rohith Surabattula's avatar
      Fix KASAN identified use-after-free issue. · 9687c85d
      Rohith Surabattula authored
      [  612.157429] ==================================================================
      [  612.158275] BUG: KASAN: use-after-free in process_one_work+0x90/0x9b0
      [  612.158801] Read of size 8 at addr ffff88810a31ca60 by task kworker/2:9/2382
      
      [  612.159611] CPU: 2 PID: 2382 Comm: kworker/2:9 Tainted: G
      OE     5.13.0-rc2+ #98
      [  612.159623] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
      BIOS 1.14.0-1.fc33 04/01/2014
      [  612.159640] Workqueue:  0x0 (deferredclose)
      [  612.159669] Call Trace:
      [  612.159685]  dump_stack+0xbb/0x107
      [  612.159711]  print_address_description.constprop.0+0x18/0x140
      [  612.159733]  ? process_one_work+0x90/0x9b0
      [  612.159743]  ? process_one_work+0x90/0x9b0
      [  612.159754]  kasan_report.cold+0x7c/0xd8
      [  612.159778]  ? lock_is_held_type+0x80/0x130
      [  612.159789]  ? process_one_work+0x90/0x9b0
      [  612.159812]  kasan_check_range+0x145/0x1a0
      [  612.159834]  process_one_work+0x90/0x9b0
      [  612.159877]  ? pwq_dec_nr_in_flight+0x110/0x110
      [  612.159914]  ? spin_bug+0x90/0x90
      [  612.159967]  worker_thread+0x3b6/0x6c0
      [  612.160023]  ? process_one_work+0x9b0/0x9b0
      [  612.160038]  kthread+0x1dc/0x200
      [  612.160051]  ? kthread_create_worker_on_cpu+0xd0/0xd0
      [  612.160092]  ret_from_fork+0x1f/0x30
      
      [  612.160399] Allocated by task 2358:
      [  612.160757]  kasan_save_stack+0x1b/0x40
      [  612.160768]  __kasan_kmalloc+0x9b/0xd0
      [  612.160778]  cifs_new_fileinfo+0xb0/0x960 [cifs]
      [  612.161170]  cifs_open+0xadf/0xf20 [cifs]
      [  612.161421]  do_dentry_open+0x2aa/0x6b0
      [  612.161432]  path_openat+0xbd9/0xfa0
      [  612.161441]  do_filp_open+0x11d/0x230
      [  612.161450]  do_sys_openat2+0x115/0x240
      [  612.161460]  __x64_sys_openat+0xce/0x140
      
      When mod_delayed_work is called to modify the delay of pending work,
      it might return false and queue a new work when pending work is
      already scheduled or when try to grab pending work failed.
      
      So, Increase the reference count when new work is scheduled to
      avoid use-after-free.
      Signed-off-by: default avatarRohith Surabattula <rohiths@microsoft.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      9687c85d
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · f01da525
      Linus Torvalds authored
      Pull rdma fixes from Jason Gunthorpe:
       "A mixture of small bug fixes, most for longer standing problems:
      
         - NULL pointer crash in siw
      
         - Various error unwind bugs in siw, rxe, cm
      
         - User triggerable errors in uverbs
      
         - Minor bugs in mlx5 and rxe drivers"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        RDMA/uverbs: Fix a NULL vs IS_ERR() bug
        RDMA/mlx5: Fix query DCT via DEVX
        RDMA/core: Don't access cm_id after its destruction
        RDMA/rxe: Return CQE error if invalid lkey was supplied
        RDMA/mlx5: Recover from fatal event in dual port mode
        RDMA/mlx5: Verify that DM operation is reasonable
        RDMA/rxe: Clear all QP fields if creation failed
        RDMA/core: Prevent divide-by-zero error triggered by the user
        RDMA/siw: Release xarray entry
        RDMA/siw: Properly check send and receive CQ pointers
      f01da525
    • Linus Torvalds's avatar
      Merge tag 'sound-5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 6aa37a53
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "All small device-specific fixes here: a series of FireWire audio
        fixes, UAF and other fixes in USB-audio and co spotted by fuzzer,
        and a few HD-audio quirks as usual"
      
      * tag 'sound-5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: line6: Fix racy initialization of LINE6 MIDI
        ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency
        ALSA: dice: disable double_pcm_frames mode for M-Audio Profire 610, 2626 and Avid M-Box 3 Pro
        ALSA: intel8x0: Don't update period unless prepared
        ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293
        ALSA: firewire-lib: fix amdtp_packet tracepoints event for packet_index field
        ALSA: firewire-lib: fix calculation for size of IR context payload
        ALSA: firewire-lib: fix check for the size of isochronous packet payload
        ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
        ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26
        ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx
        ALSA: usb-audio: Fix potential out-of-bounce access in MIDI EP parser
        ALSA: usb-audio: Validate MS endpoint descriptors
        ALSA: hda: fixup headset for ASUS GU502 laptop
        ALSA: hda/realtek: reset eapd coeff to default value for alc287
      6aa37a53
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v5.13-2' of... · 9ebd8118
      Linus Torvalds authored
      Merge tag 'platform-drivers-x86-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
      
      Pull x86 platform driver fixes from Hans de Goede:
       "Assorted pdx86 bug-fixes and model-specific quirks for 5.13"
      
      * tag 'platform-drivers-x86-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
        platform/x86: touchscreen_dmi: Add info for the Chuwi Hi10 Pro (CWI529) tablet
        platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet
        platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
        platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
        platform/x86: hp-wireless: add AMD's hardware id to the supported list
        platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle
        platform/x86: gigabyte-wmi: add support for B550 Aorus Elite
        platform/x86: gigabyte-wmi: add support for X570 UD
        platform/x86: gigabyte-wmi: streamline dmi matching
        platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue
        platform/surface: dtx: Fix poll function
        platform/surface: aggregator: Add platform-drivers-x86 list to MAINTAINERS entry
        platform/surface: aggregator: avoid clang -Wconstant-conversion warning
        platform/surface: aggregator: Do not mark interrupt as shared
        platform/x86: hp_accel: Avoid invoking _INI to speed up resume
        platform/x86: ideapad-laptop: fix method name typo
        platform/x86: ideapad-laptop: fix a NULL pointer dereference
      9ebd8118
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 50f09a3d
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here is a big set of char/misc/other driver fixes for 5.13-rc3.
      
        The majority here is the fallout of the umn.edu re-review of all prior
        submissions. That resulted in a bunch of reverts along with the
        "correct" changes made, such that there is no regression of any of the
        potential fixes that were made by those individuals. I would like to
        thank the over 80 different developers who helped with the review and
        fixes for this mess.
      
        Other than that, there's a few habanna driver fixes for reported
        issues, and some dyndbg fixes for reported problems.
      
        All of these have been in linux-next for a while with no reported
        problems"
      
      * tag 'char-misc-5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (82 commits)
        misc: eeprom: at24: check suspend status before disable regulator
        uio_hv_generic: Fix another memory leak in error handling paths
        uio_hv_generic: Fix a memory leak in error handling paths
        uio/uio_pci_generic: fix return value changed in refactoring
        Revert "Revert "ALSA: usx2y: Fix potential NULL pointer dereference""
        dyndbg: drop uninformative vpr_info
        dyndbg: avoid calling dyndbg_emit_prefix when it has no work
        binder: Return EFAULT if we fail BINDER_ENABLE_ONEWAY_SPAM_DETECTION
        cdrom: gdrom: initialize global variable at init time
        brcmfmac: properly check for bus register errors
        Revert "brcmfmac: add a check for the status of usb_register"
        video: imsttfb: check for ioremap() failures
        Revert "video: imsttfb: fix potential NULL pointer dereferences"
        net: liquidio: Add missing null pointer checks
        Revert "net: liquidio: fix a NULL pointer dereference"
        media: gspca: properly check for errors in po1030_probe()
        Revert "media: gspca: Check the return value of write_bridge for timeout"
        media: gspca: mt9m111: Check write_bridge for timeout
        Revert "media: gspca: mt9m111: Check write_bridge for timeout"
        media: dvb: Add check on sp8870_readreg return
        ...
      50f09a3d
    • Linus Torvalds's avatar
      Merge tag 'quota_for_v5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · 7ac17714
      Linus Torvalds authored
      Pull quota fixes from Jan Kara:
       "The most important part in the pull is disablement of the new syscall
        quotactl_path() which was added in rc1.
      
        The reason is some people at LWN discussion pointed out dirfd would be
        useful for this path based syscall and Christian Brauner agreed.
      
        Without dirfd it may be indeed problematic for containers. So let's
        just disable the syscall for now when it doesn't have users yet so
        that we have more time to mull over how to best specify the filesystem
        we want to work on"
      
      * tag 'quota_for_v5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        quota: Disable quotactl_path syscall
        quota: Use 'hlist_for_each_entry' to simplify code
      7ac17714
    • Darrick J. Wong's avatar
      xfs: restore old ioctl definitions · e3c2b047
      Darrick J. Wong authored
      These ioctl definitions in xfs_fs.h are part of the userspace ABI and
      were mistakenly removed during the 5.13 merge window.
      
      Fixes: 9fefd5db ("xfs: convert to fileattr")
      Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      e3c2b047
    • Darrick J. Wong's avatar
      xfs: fix deadlock retry tracepoint arguments · 16c9de54
      Darrick J. Wong authored
      sc->ip is the inode that's being scrubbed, which means that it's not set
      for scrub types that don't involve inodes.  If one of those scrubbers
      (e.g. inode btrees) returns EDEADLOCK, we'll trip over the null pointer.
      Fix that by reporting either the file being examined or the file that
      was used to call scrub.
      Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
      16c9de54
    • Darrick J. Wong's avatar
      xfs: retry allocations when locality-based search fails · 676a659b
      Darrick J. Wong authored
      If a realtime allocation fails because we can't find a sufficiently
      large free extent satisfying locality rules, relax the locality rules
      and try again.  This reduces the occurrence of short writes to realtime
      files when the write size is large and the free space is fragmented.
      
      This was originally discovered by running generic/186 with the realtime
      reflink patchset and a 128k cow extent size hint, but the short write
      symptoms can manifest with a 128k extent size hint and no reflink, so
      apply the fix now.
      Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      676a659b
    • Johannes Thumshirn's avatar
      btrfs: zoned: fix parallel compressed writes · 764c7c9a
      Johannes Thumshirn authored
      When multiple processes write data to the same block group on a
      compressed zoned filesystem, the underlying device could report I/O
      errors and data corruption is possible.
      
      This happens because on a zoned file system, compressed data writes
      where sent to the device via a REQ_OP_WRITE instead of a
      REQ_OP_ZONE_APPEND operation. But with REQ_OP_WRITE and parallel
      submission it cannot be guaranteed that the data is always submitted
      aligned to the underlying zone's write pointer.
      
      The change to using REQ_OP_ZONE_APPEND instead of REQ_OP_WRITE on a
      zoned filesystem is non intrusive on a regular file system or when
      submitting to a conventional zone on a zoned filesystem, as it is
      guarded by btrfs_use_zone_append.
      Reported-by: default avatarDavid Sterba <dsterba@suse.com>
      Fixes: 9d294a68 ("btrfs: zoned: enable to mount ZONED incompat flag")
      CC: stable@vger.kernel.org # 5.12.x: e380adfc: btrfs: zoned: pass start block to btrfs_use_zone_append
      CC: stable@vger.kernel.org # 5.12.x
      Signed-off-by: default avatarJohannes Thumshirn <johannes.thumshirn@wdc.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      764c7c9a
    • Johannes Thumshirn's avatar
      btrfs: zoned: pass start block to btrfs_use_zone_append · e380adfc
      Johannes Thumshirn authored
      btrfs_use_zone_append only needs the passed in extent_map's block_start
      member, so there's no need to pass in the full extent map.
      
      This also enables the use of btrfs_use_zone_append in places where we only
      have a start byte but no extent_map.
      Signed-off-by: default avatarJohannes Thumshirn <johannes.thumshirn@wdc.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      e380adfc
    • Pavel Begunkov's avatar
      io_uring: fortify tctx/io_wq cleanup · ba5ef6dc
      Pavel Begunkov authored
      We don't want anyone poking into tctx->io_wq awhile it's being destroyed
      by io_wq_put_and_exit(), and even though it shouldn't even happen, if
      buggy would be preferable to get a NULL-deref instead of subtle delayed
      failure or UAF.
      Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Link: https://lore.kernel.org/r/827b021de17926fd807610b3e53a5a5fa8530856.1621513214.git.asml.silence@gmail.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      ba5ef6dc
    • Hans de Goede's avatar
      platform/x86: touchscreen_dmi: Add info for the Chuwi Hi10 Pro (CWI529) tablet · e68671e9
      Hans de Goede authored
      Add touchscreen info for the Chuwi Hi10 Pro (CWI529) tablet. This includes
      info for getting the firmware directly from the UEFI, so that the user does
      not need to manually install the firmware in /lib/firmware/silead.
      
      This change will make the touchscreen on these devices work OOTB,
      without requiring any manual setup.
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Link: https://lore.kernel.org/r/20210520093228.7439-1-hdegoede@redhat.com
      e68671e9
    • Christian König's avatar
      dma-buf: fix unintended pin/unpin warnings · 7e008b02
      Christian König authored
      DMA-buf internal users call the pin/unpin functions without having a
      dynamic attachment. Avoid the warning and backtrace in the logs.
      Signed-off-by: default avatarChristian König <christian.koenig@amd.com>
      Bugs: https://gitlab.freedesktop.org/drm/intel/-/issues/3481
      Fixes: c545781e ("dma-buf: doc polish for pin/unpin")
      Reviewed-by: default avatarAlex Deucher <alexander.deucher@amd.com>
      Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      CC: stable@kernel.org
      Link: https://patchwork.freedesktop.org/patch/msgid/20210517115705.2141-1-christian.koenig@amd.com
      7e008b02
    • Rohith Surabattula's avatar
      Defer close only when lease is enabled. · 0ab95c25
      Rohith Surabattula authored
      When smb2 lease parameter is disabled on server. Server grants
      batch oplock instead of RHW lease by default on open, inode page cache
      needs to be zapped immediatley upon close as cache is not valid.
      Signed-off-by: default avatarRohith Surabattula <rohiths@microsoft.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      0ab95c25
    • Rohith Surabattula's avatar
      Fix kernel oops when CONFIG_DEBUG_ATOMIC_SLEEP is enabled. · 860b69a9
      Rohith Surabattula authored
      Removed oplock_break_received flag which was added to achieve
      synchronization between oplock handler and open handler by earlier commit.
      
      It is not needed because there is an existing lock open_file_lock to achieve
      the same. find_readable_file takes open_file_lock and then traverses the
      openFileList. Similarly, cifs_oplock_break while closing the deferred
      handle (i.e cifsFileInfo_put) takes open_file_lock and then sends close
      to the server.
      
      Added comments for better readability.
      Signed-off-by: default avatarRohith Surabattula <rohiths@microsoft.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      860b69a9
    • Jiapeng Chong's avatar
      cifs: Fix inconsistent indenting · e83aa352
      Jiapeng Chong authored
      Eliminate the follow smatch warning:
      
      fs/cifs/fs_context.c:1148 smb3_fs_context_parse_param() warn:
      inconsistent indenting.
      Reported-by: default avatarAbaci Robot <abaci@linux.alibaba.com>
      Signed-off-by: default avatarJiapeng Chong <jiapeng.chong@linux.alibaba.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      e83aa352