1. 15 Oct, 2024 1 commit
  2. 11 Oct, 2024 1 commit
    • Christophe Leroy's avatar
      powerpc/8xx: Fix kernel DTLB miss on dcbz · 8956c582
      Christophe Leroy authored
      Following OOPS is encountered while loading test_bpf module
      on powerpc 8xx:
      
      [  218.835567] BUG: Unable to handle kernel data access on write at 0xcb000000
      [  218.842473] Faulting instruction address: 0xc0017a80
      [  218.847451] Oops: Kernel access of bad area, sig: 11 [#1]
      [  218.852854] BE PAGE_SIZE=16K PREEMPT CMPC885
      [  218.857207] SAF3000 DIE NOTIFICATION
      [  218.860713] Modules linked in: test_bpf(+) test_module
      [  218.865867] CPU: 0 UID: 0 PID: 527 Comm: insmod Not tainted 6.11.0-s3k-dev-09856-g3de3d71ae2e6-dirty #1280
      [  218.875546] Hardware name: MIAE 8xx 0x500000 CMPC885
      [  218.880521] NIP:  c0017a80 LR: beab859c CTR: 000101d4
      [  218.885584] REGS: cac2bc90 TRAP: 0300   Not tainted  (6.11.0-s3k-dev-09856-g3de3d71ae2e6-dirty)
      [  218.894308] MSR:  00009032 <EE,ME,IR,DR,RI>  CR: 55005555  XER: a0007100
      [  218.901290] DAR: cb000000 DSISR: c2000000
      [  218.901290] GPR00: 000185d1 cac2bd50 c21b9580 caf7c030 c3883fcc 00000008 cafffffc 00000000
      [  218.901290] GPR08: 00040000 18300000 20000000 00000004 99005555 100d815e ca669d08 00000369
      [  218.901290] GPR16: ca730000 00000000 ca2c004c 00000000 00000000 0000035d 00000311 00000369
      [  218.901290] GPR24: ca732240 00000001 00030ba3 c3800000 00000000 00185d48 caf7c000 ca2c004c
      [  218.941087] NIP [c0017a80] memcpy+0x88/0xec
      [  218.945277] LR [beab859c] test_bpf_init+0x22c/0x3c90 [test_bpf]
      [  218.951476] Call Trace:
      [  218.953916] [cac2bd50] [beab8570] test_bpf_init+0x200/0x3c90 [test_bpf] (unreliable)
      [  218.962034] [cac2bde0] [c0004c04] do_one_initcall+0x4c/0x1fc
      [  218.967706] [cac2be40] [c00a2ec4] do_init_module+0x68/0x360
      [  218.973292] [cac2be60] [c00a5194] init_module_from_file+0x8c/0xc0
      [  218.979401] [cac2bed0] [c00a5568] sys_finit_module+0x250/0x3f0
      [  218.985248] [cac2bf20] [c000e390] system_call_exception+0x8c/0x15c
      [  218.991444] [cac2bf30] [c00120a8] ret_from_syscall+0x0/0x28
      
      This happens in the main loop of memcpy()
      
        ==>	c0017a80:	7c 0b 37 ec 	dcbz    r11,r6
      	c0017a84:	80 e4 00 04 	lwz     r7,4(r4)
      	c0017a88:	81 04 00 08 	lwz     r8,8(r4)
      	c0017a8c:	81 24 00 0c 	lwz     r9,12(r4)
      	c0017a90:	85 44 00 10 	lwzu    r10,16(r4)
      	c0017a94:	90 e6 00 04 	stw     r7,4(r6)
      	c0017a98:	91 06 00 08 	stw     r8,8(r6)
      	c0017a9c:	91 26 00 0c 	stw     r9,12(r6)
      	c0017aa0:	95 46 00 10 	stwu    r10,16(r6)
      	c0017aa4:	42 00 ff dc 	bdnz    c0017a80 <memcpy+0x88>
      
      Commit ac9f97ff ("powerpc/8xx: Inconditionally use task PGDIR in
      DTLB misses") relies on re-reading DAR register to know if an error is
      due to a missing copy of a PMD entry in task's PGDIR, allthough DAR
      was already read in the exception prolog and copied into thread
      struct. This is because is it done very early in the exception and
      there are not enough registers available to keep a pointer to thread
      struct.
      
      However, dcbz instruction is buggy and doesn't update DAR register on
      fault. That is detected and generates a call to FixupDAR workaround
      which updates DAR copy in thread struct but doesn't fix DAR register.
      
      Let's fix DAR in addition to the update of DAR copy in thread struct.
      
      Fixes: ac9f97ff ("powerpc/8xx: Inconditionally use task PGDIR in DTLB misses")
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://msgid.link/2b851399bd87e81c6ccb87ea3a7a6b32c7aa04d7.1728118396.git.christophe.leroy@csgroup.eu
      8956c582
  3. 06 Oct, 2024 20 commits
  4. 05 Oct, 2024 18 commits
    • Linus Torvalds's avatar
      Merge tag 'bcachefs-2024-10-05' of git://evilpiepirate.org/bcachefs · 8f602276
      Linus Torvalds authored
      Pull bcachefs fixes from Kent Overstreet:
       "A lot of little fixes, bigger ones include:
      
         - bcachefs's __wait_on_freeing_inode() was broken in rc1 due to vfs
           changes, now fixed along with another lost wakeup
      
         - fragmentation LRU fixes; fsck now repairs successfully (this is the
           data structure copygc uses); along with some nice simplification.
      
         - Rework logged op error handling, so that if logged op replay errors
           (due to another filesystem error) we delete the logged op instead
           of going into an infinite loop)
      
         - Various small filesystem connectivitity repair fixes"
      
      * tag 'bcachefs-2024-10-05' of git://evilpiepirate.org/bcachefs:
        bcachefs: Rework logged op error handling
        bcachefs: Add warn param to subvol_get_snapshot, peek_inode
        bcachefs: Kill snapshot arg to fsck_write_inode()
        bcachefs: Check for unlinked, non-empty dirs in check_inode()
        bcachefs: Check for unlinked inodes with dirents
        bcachefs: Check for directories with no backpointers
        bcachefs: Kill alloc_v4.fragmentation_lru
        bcachefs: minor lru fsck fixes
        bcachefs: Mark more errors AUTOFIX
        bcachefs: Make sure we print error that causes fsck to bail out
        bcachefs: bkey errors are only AUTOFIX during read
        bcachefs: Create lost+found in correct snapshot
        bcachefs: Fix reattach_inode()
        bcachefs: Add missing wakeup to bch2_inode_hash_remove()
        bcachefs: Fix trans_commit disk accounting revert
        bcachefs: Fix bch2_inode_is_open() check
        bcachefs: Fix return type of dirent_points_to_inode_nowarn()
        bcachefs: Fix bad shift in bch2_read_flag_list()
      8f602276
    • Linus Torvalds's avatar
      Merge tag 'for-linus-6.12a-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · fc20a3e5
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "Fix Xen config issue introduced in the merge window"
      
      * tag 'for-linus-6.12a-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen: Fix config option reference in XEN_PRIVCMD definition
      fc20a3e5
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus-5.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · fdd0a94d
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "Fix some ext4 bugs and regressions relating to oneline resize and fast
        commits"
      
      * tag 'ext4_for_linus-5.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: fix off by one issue in alloc_flex_gd()
        ext4: mark fc as ineligible using an handle in ext4_xattr_set()
        ext4: use handle to mark fc as ineligible in __track_dentry_update()
      fdd0a94d
    • Linus Torvalds's avatar
      Merge tag 'cxl-fixes-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl · 7c50f221
      Linus Torvalds authored
      Pull cxl fix from Ira Weiny:
      
       - Fix calculation for SBDF in error injection
      
      * tag 'cxl-fixes-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
        EINJ, CXL: Fix CXL device SBDF calculation
      7c50f221
    • Linus Torvalds's avatar
      Merge tag 'i2c-for-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 3a28c9e1
      Linus Torvalds authored
      Pull i2c fix from Wolfram Sang:
      
       - Fix potential deadlock during runtime suspend and resume (stm32f7)
      
      * tag 'i2c-for-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
      3a28c9e1
    • Linus Torvalds's avatar
      Merge tag 'spi-fix-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · 60b9f47e
      Linus Torvalds authored
      Pull spi fixes from Mark Brown:
       "A small set of driver specific fixes that came in since the merge
        window, about half of which is fixes for correctness in the use of the
        runtime PM APIs done as part of a broader cleanup"
      
      * tag 'spi-fix-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: s3c64xx: fix timeout counters in flush_fifo
        spi: atmel-quadspi: Fix wrong register value written to MR
        spi: spi-cadence: Fix missing spi_controller_is_target() check
        spi: spi-cadence: Fix pm_runtime_set_suspended() with runtime pm enabled
        spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled
      60b9f47e
    • Linus Torvalds's avatar
      Merge tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 9ec2236a
      Linus Torvalds authored
      Pull hardening fixes from Kees Cook:
      
       - gcc plugins: Avoid Kconfig warnings with randstruct (Nathan
         Chancellor)
      
       - MAINTAINERS: Add security/Kconfig.hardening to hardening section
         (Nathan Chancellor)
      
       - MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list
      
      * tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        MAINTAINERS: Add security/Kconfig.hardening to hardening section
        hardening: Adjust dependencies in selection of MODVERSIONS
        MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list
      9ec2236a
    • Linus Torvalds's avatar
      Merge tag 'lsm-pr-20241004' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm · fb9b7674
      Linus Torvalds authored
      Pull lsm revert from Paul Moore:
       "Here is the CONFIG_SECURITY_TOMOYO_LKM revert that we've been
        discussing this week. With near unanimous agreement that the original
        TOMOYO patches were not the right way to solve the distro problem
        Tetsuo is trying the solve, reverting is our best option at this time"
      
      * tag 'lsm-pr-20241004' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
        tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support
      fb9b7674
    • Zach Wade's avatar
      platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug · 7d59ac07
      Zach Wade authored
      Attaching SST PCI device to VM causes "BUG: KASAN: slab-out-of-bounds".
      kasan report:
      [   19.411889] ==================================================================
      [   19.413702] BUG: KASAN: slab-out-of-bounds in _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]
      [   19.415634] Read of size 8 at addr ffff888829e65200 by task cpuhp/16/113
      [   19.417368]
      [   19.418627] CPU: 16 PID: 113 Comm: cpuhp/16 Tainted: G            E      6.9.0 #10
      [   19.420435] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022
      [   19.422687] Call Trace:
      [   19.424091]  <TASK>
      [   19.425448]  dump_stack_lvl+0x5d/0x80
      [   19.426963]  ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]
      [   19.428694]  print_report+0x19d/0x52e
      [   19.430206]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
      [   19.431837]  ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]
      [   19.433539]  kasan_report+0xf0/0x170
      [   19.435019]  ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]
      [   19.436709]  _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]
      [   19.438379]  ? __pfx_sched_clock_cpu+0x10/0x10
      [   19.439910]  isst_if_cpu_online+0x406/0x58f [isst_if_common]
      [   19.441573]  ? __pfx_isst_if_cpu_online+0x10/0x10 [isst_if_common]
      [   19.443263]  ? ttwu_queue_wakelist+0x2c1/0x360
      [   19.444797]  cpuhp_invoke_callback+0x221/0xec0
      [   19.446337]  cpuhp_thread_fun+0x21b/0x610
      [   19.447814]  ? __pfx_cpuhp_thread_fun+0x10/0x10
      [   19.449354]  smpboot_thread_fn+0x2e7/0x6e0
      [   19.450859]  ? __pfx_smpboot_thread_fn+0x10/0x10
      [   19.452405]  kthread+0x29c/0x350
      [   19.453817]  ? __pfx_kthread+0x10/0x10
      [   19.455253]  ret_from_fork+0x31/0x70
      [   19.456685]  ? __pfx_kthread+0x10/0x10
      [   19.458114]  ret_from_fork_asm+0x1a/0x30
      [   19.459573]  </TASK>
      [   19.460853]
      [   19.462055] Allocated by task 1198:
      [   19.463410]  kasan_save_stack+0x30/0x50
      [   19.464788]  kasan_save_track+0x14/0x30
      [   19.466139]  __kasan_kmalloc+0xaa/0xb0
      [   19.467465]  __kmalloc+0x1cd/0x470
      [   19.468748]  isst_if_cdev_register+0x1da/0x350 [isst_if_common]
      [   19.470233]  isst_if_mbox_init+0x108/0xff0 [isst_if_mbox_msr]
      [   19.471670]  do_one_initcall+0xa4/0x380
      [   19.472903]  do_init_module+0x238/0x760
      [   19.474105]  load_module+0x5239/0x6f00
      [   19.475285]  init_module_from_file+0xd1/0x130
      [   19.476506]  idempotent_init_module+0x23b/0x650
      [   19.477725]  __x64_sys_finit_module+0xbe/0x130
      [   19.476506]  idempotent_init_module+0x23b/0x650
      [   19.477725]  __x64_sys_finit_module+0xbe/0x130
      [   19.478920]  do_syscall_64+0x82/0x160
      [   19.480036]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
      [   19.481292]
      [   19.482205] The buggy address belongs to the object at ffff888829e65000
       which belongs to the cache kmalloc-512 of size 512
      [   19.484818] The buggy address is located 0 bytes to the right of
       allocated 512-byte region [ffff888829e65000, ffff888829e65200)
      [   19.487447]
      [   19.488328] The buggy address belongs to the physical page:
      [   19.489569] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888829e60c00 pfn:0x829e60
      [   19.491140] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
      [   19.492466] anon flags: 0x57ffffc0000840(slab|head|node=1|zone=2|lastcpupid=0x1fffff)
      [   19.493914] page_type: 0xffffffff()
      [   19.494988] raw: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001
      [   19.496451] raw: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000
      [   19.497906] head: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001
      [   19.499379] head: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000
      [   19.500844] head: 0057ffffc0000003 ffffea0020a79801 ffffea0020a79848 00000000ffffffff
      [   19.502316] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
      [   19.503784] page dumped because: kasan: bad access detected
      [   19.505058]
      [   19.505970] Memory state around the buggy address:
      [   19.507172]  ffff888829e65100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [   19.508599]  ffff888829e65180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [   19.510013] >ffff888829e65200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [   19.510014]                    ^
      [   19.510016]  ffff888829e65280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [   19.510018]  ffff888829e65300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [   19.515367] ==================================================================
      
      The reason for this error is physical_package_ids assigned by VMware VMM
      are not continuous and have gaps. This will cause value returned by
      topology_physical_package_id() to be more than topology_max_packages().
      
      Here the allocation uses topology_max_packages(). The call to
      topology_max_packages() returns maximum logical package ID not physical
      ID. Hence use topology_logical_package_id() instead of
      topology_physical_package_id().
      
      Fixes: 9a1aac8a ("platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering")
      Cc: stable@vger.kernel.org
      Acked-by: default avatarSrinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
      Signed-off-by: default avatarZach Wade <zachwade.k@gmail.com>
      Link: https://lore.kernel.org/r/20240923144508.1764-1-zachwade.k@gmail.comReviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      7d59ac07
    • Linus Torvalds's avatar
      Merge tag 'linux_kselftest-fixes-6.12-rc2' of... · 27cc6fdf
      Linus Torvalds authored
      Merge tag 'linux_kselftest-fixes-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull kselftest fixes from Shuah Khan:
       "Fixes to build warnings, install scripts, run-time error path, and git
        status cleanups to tests:
      
         - devices/probe: fix for Python3 regex string syntax warnings
      
         - clone3: removing unused macro from clone3_cap_checkpoint_restore()
      
         - vDSO: fix to align getrandom states to cache line
      
         - core and exec: add missing executables to .gitignore files
      
         - rtc: change to skip test if /dev/rtc0 can't be accessed
      
         - timers/posix: fix warn_unused_result result in __fatal_error()
      
         - breakpoints: fix to detect suspend successful condition correctly
      
         - hid: fix to install required dependencies to run the test"
      
      * tag 'linux_kselftest-fixes-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        selftests: breakpoints: use remaining time to check if suspend succeed
        kselftest/devices/probe: Fix SyntaxWarning in regex strings for Python3
        selftest: hid: add missing run-hid-tools-tests.sh
        selftests: vDSO: align getrandom states to cache line
        selftests: exec: update gitignore for load_address
        selftests: core: add unshare_test to gitignore
        clone3: clone3_cap_checkpoint_restore: remove unused MAX_PID_NS_LEVEL macro
        selftests:timers: posix_timers: Fix warn_unused_result in __fatal_error()
        selftest: rtc: Check if could access /dev/rtc0 before testing
      27cc6fdf
    • Kent Overstreet's avatar
      bcachefs: Rework logged op error handling · 0f25eb4b
      Kent Overstreet authored
      Initially it was thought that we just wanted to ignore errors from
      logged op replay, but it turns out we do need to catch -EROFS, or we'll
      go into an infinite loop.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      0f25eb4b
    • Kent Overstreet's avatar
      bcachefs: Add warn param to subvol_get_snapshot, peek_inode · 1f73cb4d
      Kent Overstreet authored
      These shouldn't always be fatal errors - logged op resume, in
      particular, and we want it as a parameter there.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      1f73cb4d
    • Kent Overstreet's avatar
      bcachefs: Kill snapshot arg to fsck_write_inode() · 72350ee0
      Kent Overstreet authored
      It was initially believed that it would be better to be explicit about
      the snapshot we're updating when writing inodes in fsck; however, it
      turns out that passing around the snapshot separately is more error
      prone and we're usually updating the inode in the same snapshow we read
      it from.
      
      This is different from normal filesystem paths, where we do the update
      in the snapshot of the subvolume we're in.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      72350ee0
    • Kent Overstreet's avatar
      bcachefs: Check for unlinked, non-empty dirs in check_inode() · c9306a91
      Kent Overstreet authored
      We want to check for this early so it can be reattached if necessary in
      check_unreachable_inodes(); better than letting it be deleted and having
      the children reattached, losing their filenames.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      c9306a91
    • Kent Overstreet's avatar
      bcachefs: Check for unlinked inodes with dirents · c7da5ee2
      Kent Overstreet authored
      link count works differently in bcachefs - it's only nonzero for files
      with multiple hardlinks, which means we can also avoid checking it
      except for files that are known to have hardlinks.
      
      That means we need a few different checks instead; in particular, we
      don't want fsck to delet a file that has a dirent pointing to it.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      c7da5ee2
    • Kent Overstreet's avatar
      bcachefs: Check for directories with no backpointers · 1c6051bb
      Kent Overstreet authored
      It's legal for regular files to have missing backpointers (due to
      hardlinks), and fsck should automatically add them, but for directories
      this is an error that should be flagged.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      1c6051bb
    • Kent Overstreet's avatar
      bcachefs: Kill alloc_v4.fragmentation_lru · 260af156
      Kent Overstreet authored
      The fragmentation_lru field hasn't been needed since we reworked the LRU
      btrees to use the btree write buffer; previously it was used to resolve
      collisions, but the revised LRU btree uses the backpointer (the bucket)
      as part of the key.
      
      It should have been deleted at the time of the LRU rework; since it
      wasn't, that left places for bugs to hide, in check/repair.
      
      This fixes LRU fsck on a filesystem image helpfully provided by a user
      who disappeared before I could get his name for the reported-by.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      260af156
    • Kent Overstreet's avatar
      bcachefs: minor lru fsck fixes · 01bf5e3b
      Kent Overstreet authored
      check_lru_key() wasn't using write buffer updates for deleting bad lru
      entries - dating from before the lru btree used the btree write buffer.
      
      And when possibly flushing the btree write buffer (to make sure we're
      seeing a real inconsistency), we need to be using the modern
      bch2_btree_write_buffer_maybe_flush().
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      01bf5e3b