Commit Graph

1235283 Commits

Author SHA1 Message Date
David Howells
9a6b294ab4 afs: Fix use-after-free due to get/remove race in volume tree
When an afs_volume struct is put, its refcount is reduced to 0 before
the cell->volume_lock is taken and the volume removed from the
cell->volumes tree.

Unfortunately, this means that the lookup code can race and see a volume
with a zero ref in the tree, resulting in a use-after-free:

    refcount_t: addition on 0; use-after-free.
    WARNING: CPU: 3 PID: 130782 at lib/refcount.c:25 refcount_warn_saturate+0x7a/0xda
    ...
    RIP: 0010:refcount_warn_saturate+0x7a/0xda
    ...
    Call Trace:
     afs_get_volume+0x3d/0x55
     afs_create_volume+0x126/0x1de
     afs_validate_fc+0xfe/0x130
     afs_get_tree+0x20/0x2e5
     vfs_get_tree+0x1d/0xc9
     do_new_mount+0x13b/0x22e
     do_mount+0x5d/0x8a
     __do_sys_mount+0x100/0x12a
     do_syscall_64+0x3a/0x94
     entry_SYSCALL_64_after_hwframe+0x62/0x6a

Fix this by:

 (1) When putting, use a flag to indicate if the volume has been removed
     from the tree and skip the rb_erase if it has.

 (2) When looking up, use a conditional ref increment and if it fails
     because the refcount is 0, replace the node in the tree and set the
     removal flag.

Fixes: 20325960f8 ("afs: Reorganise volume and server trees to be rooted on the cell")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2023-12-21 10:16:07 -08:00
Matthew Wilcox (Oracle)
af73483f4e ida: Fix crash in ida_free when the bitmap is empty
The IDA usually detects double-frees, but that detection failed to
consider the case when there are no nearby IDs allocated and so we have a
NULL bitmap rather than simply having a clear bit.  Add some tests to the
test-suite to be sure we don't inadvertently reintroduce this problem.
Unfortunately they're quite noisy so include a message to disregard
the warnings.

Reported-by: Zhenghan Wang <wzhmmmmm@gmail.com>
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2023-12-21 10:02:28 -08:00
David Howells
a9e01ac8c5 afs: Fix overwriting of result of DNS query
In afs_update_cell(), ret is the result of the DNS lookup and the errors
are to be handled by a switch - however, the value gets clobbered in
between by setting it to -ENOMEM in case afs_alloc_vlserver_list()
fails.

Fix this by moving the setting of -ENOMEM into the error handling for
OOM failure.  Further, only do it if we don't have an alternative error
to return.

Found by Linux Verification Center (linuxtesting.org) with SVACE.  Based
on a patch from Anastasia Belova [1].

Fixes: d5c32c89b2 ("afs: Fix cell DNS lookup")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
cc: Anastasia Belova <abelova@astralinux.ru>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
cc: lvc-project@linuxtesting.org
Link: https://lore.kernel.org/r/20231221085849.1463-1-abelova@astralinux.ru/ [1]
Link: https://lore.kernel.org/r/1700862.1703168632@warthog.procyon.org.uk/ # v1
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2023-12-21 09:57:43 -08:00
Linus Torvalds
937fd40338 AFS fixes
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEqG5UsNXhtOCrfGQP+7dXa6fLC2sFAmWEVXEACgkQ+7dXa6fL
 C2sxbw/+IIgTpjfXDGQoGOpcvQyHW+gMGFqrrZjKJZGQiNZ0DfHPciYcMvOOyqZp
 rbt22V/WvQKOlcQ1IYQqjdB47DilFGRepRLZ/fuqq6JDmcHGx2Btj8uJTsV0He4o
 rCLXVrfm/JNYECY6dO5bGizrCYL6clVo0x/U2LPlU/2mbXltY1d1yXtzE++6kBZl
 w/MLJDmQxvONarhpdD0J9E/uAJ+kHX05HhlqnSxu8HEoGHMVka1N5EGAOq9cICvm
 y/8NwnGtflhpJEIso2Kx7XAE8kszXyKw0PJvOaO4GG1PWMs3rIrZbHn7wCbChyMi
 xOw+qZVC60BTang/vEOo5I4eFD+NIdBDoGdyuyNICXDIMQ9WvN2nF5qUdFAeR7Vi
 Dgxld1WWHm6RcOjl6y9t5Na0zJmgdOyONWx6Xli/AJw2RTx5JiVzDuKP6yu+DMvn
 DUPrjEQ1m+qPbTwclEzqu3grNabp7EX1vYRKDC4bf+Lg8iGNxlFp+2uyg14HsDUH
 N/yqnj8MK6ADcVMfZGGUalIzsgN06vHfHhE7Tj4xSnrR1dekxBveNFJM3r+eeaLV
 0VsjHW/IMKPWxO/vDzi6zr0nBeWYQgxAAg+w3LXl3qRGEXlihibmosofovhQFD6k
 GhkXojmc3BeSceVfOcEHZu0xXZIy/2y+hZy95BbNLT/eiCwIf/M=
 =GJNW
 -----END PGP SIGNATURE-----

Merge tag 'afs-fixes-20231221' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

Pull AFS fixes from David Howells:
 "Improve the interaction of arbitrary lookups in the AFS dynamic root
  that hit DNS lookup failures [1] where kafs behaves differently from
  openafs and causes some applications to fail that aren't expecting
  that. Further, negative DNS results aren't getting removed and are
  causing failures to persist.

   - Always delete unused (particularly negative) dentries as soon as
     possible so that they don't prevent future lookups from retrying.

   - Fix the handling of new-style negative DNS lookups in ->lookup() to
     make them return ENOENT so that userspace doesn't get confused when
     stat succeeds but the following open on the looked up file then
     fails.

   - Fix key handling so that DNS lookup results are reclaimed almost as
     soon as they expire rather than sitting round either forever or for
     an additional 5 mins beyond a set expiry time returning
     EKEYEXPIRED. They persist for 1s as /bin/ls will do a second stat
     call if the first fails"

Link: https://bugzilla.kernel.org/show_bug.cgi?id=216637 [1]
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>

* tag 'afs-fixes-20231221' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
  keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry
  afs: Fix dynamic root lookup DNS check
  afs: Fix the dynamic root's d_delete to always delete unused dentries
2023-12-21 09:53:25 -08:00
Linus Torvalds
13b734465a Tracing fixes for 6.7:
- Fix another kerneldoc warning
 
 - Fix eventfs files to inherit the ownership of its parent directory.
   The dynamic creating of dentries in eventfs did not take into
   account if the tracefs file system was mounted with a gid/uid,
   and would still default to the gid/uid of root. This is a regression.
 
 - Fix warning when synthetic event testing is enabled along with
   startup event tracing testing is enabled
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZYRYjhQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qs0aAQCXWcBeDEWsi8VxAOBU5Q6isvXn2koM
 +xSX6LJPh6hFVAD+Pc3oLgvyE5IyqNUM9RYtpwPVMhpAsyE9FIz3TWarEww=
 =LY0i
 -----END PGP SIGNATURE-----

Merge tag 'trace-v6.7-rc6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull tracing fixes from Steven Rostedt:

 - Fix another kerneldoc warning

 - Fix eventfs files to inherit the ownership of its parent directory.

   The dynamic creation of dentries in eventfs did not take into account
   if the tracefs file system was mounted with a gid/uid, and would
   still default to the gid/uid of root. This is a regression.

 - Fix warning when synthetic event testing is enabled along with
   startup event tracing testing is enabled

* tag 'trace-v6.7-rc6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  tracing / synthetic: Disable events after testing in synth_event_gen_test_init()
  eventfs: Have event files and directories default to parent uid and gid
  tracing/synthetic: fix kernel-doc warnings
2023-12-21 09:31:45 -08:00
Linus Torvalds
7c5e046bdc Including fixes from WiFi and bpf.
Current release - regressions:
 
   - bpf: syzkaller found null ptr deref in unix_bpf proto add
 
   - eth: i40e: fix ST code value for clause 45
 
 Previous releases - regressions:
 
   - core: return error from sk_stream_wait_connect() if sk_wait_event() fails
 
   - ipv6: revert remove expired routes with a separated list of routes
 
   - wifi rfkill:
     - set GPIO direction
     - fix crash with WED rx support enabled
 
   - bluetooth:
     - fix deadlock in vhci_send_frame
     - fix use-after-free in bt_sock_recvmsg
 
   - eth: mlx5e: fix a race in command alloc flow
 
   - eth: ice: fix PF with enabled XDP going no-carrier after reset
 
   - eth: bnxt_en: do not map packet buffers twice
 
 Previous releases - always broken:
 
   - core:
     - check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()
     - check dev->gso_max_size in gso_features_check()
 
   - mptcp: fix inconsistent state on fastopen race
 
   - phy: skip LED triggers on PHYs on SFP modules
 
   - eth: mlx5e:
     - fix double free of encap_header
     - fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list()
 
 Signed-off-by: Paolo Abeni <pabeni@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEg1AjqC77wbdLX2LbKSR5jcyPE6QFAmWELNYSHHBhYmVuaUBy
 ZWRoYXQuY29tAAoJECkkeY3MjxOkL0MQALYng9iIz5m/iX0pjRpI4HxruflMkdWa
 +FMRnWp0OE5ak8l/UcffgYRNozXAcA/PSJhanZU3gT21IeJ+X78paivWyEPUhpqN
 d1nhRRsnx37fTK3lbS/wSGJUN+x4g49kHQn5mw8vfi/RGHuc/vbLO23iWsawB92/
 7YI0rEzZh2b1FKytvqF9t2lLtJw5ucwQtdm3d/tg4iuL44Lq8dA69dln4wZx3t28
 lobsW0eQW2JRh2YwrREb1oUD0CcUNk+XGsWVyUXqs31OflkqYMEzI41Yxs/lHJs0
 0Lmt3/F2Ls+H+vEYElJ0wsNPFZr4TDhAsV5KMxZdoBfWhTN8ordloBXGHre1IVSK
 SQtja5IqT01dLbDoL7tLpyEsGLp1A+HPH+BVxt582srSMoXWmFYOZcRczKJ85C1W
 qaohCGeEO537ExrAMHbJ0CxR3oSawyOBszjTYGdbI3xiFj5q1n48YyJSep//rgvP
 PewzqtMpPPapPIiJbvRjN8Mn56Y2832TSbPOVZ2KJuBpx+i/mjXyIK97FMb+Jdvu
 3ACH3BmsUfvXXpXNSZIgtc35tP03GSeV9B2vzlhjFwxB2vV4wuX9NbI5OIWi7ZM1
 03jkC2wQf6jVby45IM5kMuEKL3hMXUx9t0nZg0szJ3T31+OQ6e5Hlv1Aqp4Ihn5Q
 N+fxo6lpm+Aq
 =sEmi
 -----END PGP SIGNATURE-----

Merge tag 'net-6.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Paolo Abeni:
 "Including fixes from WiFi and bpf.

  Current release - regressions:

   - bpf: syzkaller found null ptr deref in unix_bpf proto add

   - eth: i40e: fix ST code value for clause 45

  Previous releases - regressions:

   - core: return error from sk_stream_wait_connect() if sk_wait_event()
     fails

   - ipv6: revert remove expired routes with a separated list of routes

   - wifi rfkill:
       - set GPIO direction
       - fix crash with WED rx support enabled

   - bluetooth:
       - fix deadlock in vhci_send_frame
       - fix use-after-free in bt_sock_recvmsg

   - eth: mlx5e: fix a race in command alloc flow

   - eth: ice: fix PF with enabled XDP going no-carrier after reset

   - eth: bnxt_en: do not map packet buffers twice

  Previous releases - always broken:

   - core:
       - check vlan filter feature in vlan_vids_add_by_dev() and
         vlan_vids_del_by_dev()
       - check dev->gso_max_size in gso_features_check()

   - mptcp: fix inconsistent state on fastopen race

   - phy: skip LED triggers on PHYs on SFP modules

   - eth: mlx5e:
       - fix double free of encap_header
       - fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list()"

* tag 'net-6.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (69 commits)
  net: check dev->gso_max_size in gso_features_check()
  kselftest: rtnetlink.sh: use grep_fail when expecting the cmd fail
  net/ipv6: Revert remove expired routes with a separated list of routes
  net: avoid build bug in skb extension length calculation
  net: ethernet: mtk_wed: fix possible NULL pointer dereference in mtk_wed_wo_queue_tx_clean()
  net: stmmac: fix incorrect flag check in timestamp interrupt
  selftests: add vlan hw filter tests
  net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()
  net: hns3: add new maintainer for the HNS3 ethernet driver
  net: mana: select PAGE_POOL
  net: ks8851: Fix TX stall caused by TX buffer overrun
  ice: Fix PF with enabled XDP going no-carrier after reset
  ice: alter feature support check for SRIOV and LAG
  ice: stop trashing VF VSI aggregator node ID information
  mailmap: add entries for Geliang Tang
  mptcp: fill in missing MODULE_DESCRIPTION()
  mptcp: fix inconsistent state on fastopen race
  selftests: mptcp: join: fix subflow_send_ack lookup
  net: phy: skip LED triggers on PHYs on SFP modules
  bpf: Add missing BPF_LINK_TYPE invocations
  ...
2023-12-21 09:15:37 -08:00
Steven Rostedt (Google)
88b30c7f5d tracing / synthetic: Disable events after testing in synth_event_gen_test_init()
The synth_event_gen_test module can be built in, if someone wants to run
the tests at boot up and not have to load them.

The synth_event_gen_test_init() function creates and enables the synthetic
events and runs its tests.

The synth_event_gen_test_exit() disables the events it created and
destroys the events.

If the module is builtin, the events are never disabled. The issue is, the
events should be disable after the tests are run. This could be an issue
if the rest of the boot up tests are enabled, as they expect the events to
be in a known state before testing. That known state happens to be
disabled.

When CONFIG_SYNTH_EVENT_GEN_TEST=y and CONFIG_EVENT_TRACE_STARTUP_TEST=y
a warning will trigger:

 Running tests on trace events:
 Testing event create_synth_test:
 Enabled event during self test!
 ------------[ cut here ]------------
 WARNING: CPU: 2 PID: 1 at kernel/trace/trace_events.c:4150 event_trace_self_tests+0x1c2/0x480
 Modules linked in:
 CPU: 2 PID: 1 Comm: swapper/0 Not tainted 6.7.0-rc2-test-00031-gb803d7c664d5-dirty #276
 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
 RIP: 0010:event_trace_self_tests+0x1c2/0x480
 Code: bb e8 a2 ab 5d fc 48 8d 7b 48 e8 f9 3d 99 fc 48 8b 73 48 40 f6 c6 01 0f 84 d6 fe ff ff 48 c7 c7 20 b6 ad bb e8 7f ab 5d fc 90 <0f> 0b 90 48 89 df e8 d3 3d 99 fc 48 8b 1b 4c 39 f3 0f 85 2c ff ff
 RSP: 0000:ffffc9000001fdc0 EFLAGS: 00010246
 RAX: 0000000000000029 RBX: ffff88810399ca80 RCX: 0000000000000000
 RDX: 0000000000000000 RSI: ffffffffb9f19478 RDI: ffff88823c734e64
 RBP: ffff88810399f300 R08: 0000000000000000 R09: fffffbfff79eb32a
 R10: ffffffffbcf59957 R11: 0000000000000001 R12: ffff888104068090
 R13: ffffffffbc89f0a0 R14: ffffffffbc8a0f08 R15: 0000000000000078
 FS:  0000000000000000(0000) GS:ffff88823c700000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000000 CR3: 00000001f6282001 CR4: 0000000000170ef0
 Call Trace:
  <TASK>
  ? __warn+0xa5/0x200
  ? event_trace_self_tests+0x1c2/0x480
  ? report_bug+0x1f6/0x220
  ? handle_bug+0x6f/0x90
  ? exc_invalid_op+0x17/0x50
  ? asm_exc_invalid_op+0x1a/0x20
  ? tracer_preempt_on+0x78/0x1c0
  ? event_trace_self_tests+0x1c2/0x480
  ? __pfx_event_trace_self_tests_init+0x10/0x10
  event_trace_self_tests_init+0x27/0xe0
  do_one_initcall+0xd6/0x3c0
  ? __pfx_do_one_initcall+0x10/0x10
  ? kasan_set_track+0x25/0x30
  ? rcu_is_watching+0x38/0x60
  kernel_init_freeable+0x324/0x450
  ? __pfx_kernel_init+0x10/0x10
  kernel_init+0x1f/0x1e0
  ? _raw_spin_unlock_irq+0x33/0x50
  ret_from_fork+0x34/0x60
  ? __pfx_kernel_init+0x10/0x10
  ret_from_fork_asm+0x1b/0x30
  </TASK>

This is because the synth_event_gen_test_init() left the synthetic events
that it created enabled. By having it disable them after testing, the
other selftests will run fine.

Link: https://lore.kernel.org/linux-trace-kernel/20231220111525.2f0f49b0@gandalf.local.home

Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Fixes: 9fe41efaca ("tracing: Add synth event generation test module")
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reported-by: Alexander Graf <graf@amazon.com>
Tested-by: Alexander Graf <graf@amazon.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2023-12-21 10:04:45 -05:00
Steven Rostedt (Google)
0dfc852b6f eventfs: Have event files and directories default to parent uid and gid
Dongliang reported:

  I found that in the latest version, the nodes of tracefs have been
  changed to dynamically created.

  This has caused me to encounter a problem where the gid I specified in
  the mounting parameters cannot apply to all files, as in the following
  situation:

  /data/tmp/events # mount | grep tracefs
  tracefs on /data/tmp type tracefs (rw,seclabel,relatime,gid=3012)

  gid 3012 = readtracefs

  /data/tmp # ls -lh
  total 0
  -r--r-----   1 root readtracefs 0 1970-01-01 08:00 README
  -r--r-----   1 root readtracefs 0 1970-01-01 08:00 available_events

  ums9621_1h10:/data/tmp/events # ls -lh
  total 0
  drwxr-xr-x 2 root root 0 2023-12-19 00:56 alarmtimer
  drwxr-xr-x 2 root root 0 2023-12-19 00:56 asoc

  It will prevent certain applications from accessing tracefs properly, I
  try to avoid this issue by making the following modifications.

To fix this, have the files created default to taking the ownership of
the parent dentry unless the ownership was previously set by the user.

Link: https://lore.kernel.org/linux-trace-kernel/1703063706-30539-1-git-send-email-dongliang.cui@unisoc.com/
Link: https://lore.kernel.org/linux-trace-kernel/20231220105017.1489d790@gandalf.local.home

Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Hongyu Jin  <hongyu.jin@unisoc.com>
Fixes: 28e12c09f5 ("eventfs: Save ownership and mode")
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reported-by: Dongliang Cui <cuidongliang390@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2023-12-21 09:58:02 -05:00
David Howells
39299bdd25 keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry
If a key has an expiration time, then when that time passes, the key is
left around for a certain amount of time before being collected (5 mins by
default) so that EKEYEXPIRED can be returned instead of ENOKEY.  This is a
problem for DNS keys because we want to redo the DNS lookup immediately at
that point.

Fix this by allowing key types to be marked such that keys of that type
don't have this extra period, but are reclaimed as soon as they expire and
turn this on for dns_resolver-type keys.  To make this easier to handle,
key->expiry is changed to be permanent if TIME64_MAX rather than 0.

Furthermore, give such new-style negative DNS results a 1s default expiry
if no other expiry time is set rather than allowing it to stick around
indefinitely.  This shouldn't be zero as ls will follow a failing stat call
immediately with a second with AT_SYMLINK_NOFOLLOW added.

Fixes: 1a4240f476 ("DNS: Separate out CIFS DNS Resolver code")
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Markus Suvanto <markus.suvanto@gmail.com>
cc: Wang Lei <wang840925@gmail.com>
cc: Jeff Layton <jlayton@redhat.com>
cc: Steve French <smfrench@gmail.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Jarkko Sakkinen <jarkko@kernel.org>
cc: "David S. Miller" <davem@davemloft.net>
cc: Eric Dumazet <edumazet@google.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Paolo Abeni <pabeni@redhat.com>
cc: linux-afs@lists.infradead.org
cc: linux-cifs@vger.kernel.org
cc: linux-nfs@vger.kernel.org
cc: ceph-devel@vger.kernel.org
cc: keyrings@vger.kernel.org
cc: netdev@vger.kernel.org
2023-12-21 13:47:38 +00:00
Paolo Abeni
74769d810e bpf-for-netdev
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTFp0I1jqZrAX+hPRXbK58LschIgwUCZYQVjgAKCRDbK58LschI
 g/NfAP9xMBCASd22+KPu44FtPPO5DKcdG7hATXZMpb/cygF8GQEAojcZ4jztx42S
 F1+4RPEoxrn31oVYdtEGFY9q85ruzgA=
 =2XhN
 -----END PGP SIGNATURE-----

Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

Daniel Borkmann says:

====================
pull-request: bpf 2023-12-21

Hi David, hi Jakub, hi Paolo, hi Eric,

The following pull-request contains BPF updates for your *net* tree.

We've added 3 non-merge commits during the last 5 day(s) which contain
a total of 4 files changed, 45 insertions(+).

The main changes are:

1) Fix a syzkaller splat which triggered an oob issue in bpf_link_show_fdinfo(),
   from Jiri Olsa.

2) Fix another syzkaller-found issue which triggered a NULL pointer dereference
   in BPF sockmap for unconnected unix sockets, from John Fastabend.

bpf-for-netdev

* tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
  bpf: Add missing BPF_LINK_TYPE invocations
  bpf: sockmap, test for unconnected af_unix sock
  bpf: syzkaller found null ptr deref in unix_bpf proto add
====================

Link: https://lore.kernel.org/r/20231221104844.1374-1-daniel@iogearbox.net
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-21 12:27:29 +01:00
Eric Dumazet
24ab059d2e net: check dev->gso_max_size in gso_features_check()
Some drivers might misbehave if TSO packets get too big.

GVE for instance uses a 16bit field in its TX descriptor,
and will do bad things if a packet is bigger than 2^16 bytes.

Linux TCP stack honors dev->gso_max_size, but there are
other ways for too big packets to reach an ndo_start_xmit()
handler : virtio_net, af_packet, GRO...

Add a generic check in gso_features_check() and fallback
to GSO when needed.

gso_max_size was added in the blamed commit.

Fixes: 82cc1a7a56 ("[NET]: Add per-connection option to set max TSO frame size")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20231219125331.4127498-1-edumazet@google.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-21 10:15:10 +01:00
Hangbin Liu
b8056f2ce0 kselftest: rtnetlink.sh: use grep_fail when expecting the cmd fail
run_cmd_grep_fail should be used when expecting the cmd fail, or the ret
will be set to 1, and the total test return 1 when exiting. This would cause
the result report to fail if run via run_kselftest.sh.

Before fix:
 # ./rtnetlink.sh -t kci_test_addrlft
 PASS: preferred_lft addresses have expired
 # echo $?
 1

After fix:
 # ./rtnetlink.sh -t kci_test_addrlft
 PASS: preferred_lft addresses have expired
 # echo $?
 0

Fixes: 9c2a19f715 ("kselftest: rtnetlink.sh: add verbose flag")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20231219065737.1725120-1-liuhangbin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-21 09:32:13 +01:00
David Ahern
dade3f6a1e net/ipv6: Revert remove expired routes with a separated list of routes
This reverts commit 3dec89b14d.

The commit has some race conditions given how expires is managed on a
fib6_info in relation to gc start, adding the entry to the gc list and
setting the timer value leading to UAF. Revert the commit and try again
in a later release.

Fixes: 3dec89b14d ("net/ipv6: Remove expired routes with a separated list of routes")
Cc: Kui-Feng Lee <thinker.li@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20231219030243.25687-1-dsahern@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-21 09:01:30 +01:00
Paolo Abeni
b414020fed Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue
Tony Nguyen says:

====================
Intel Wired LAN Driver Updates 2023-12-18 (ice)

This series contains updates to ice driver only.

Jakes stops clearing of needed aggregator information.

Dave adds a check for LAG device support before initializing the
associated event handler.

Larysa restores accounting of XDP queues in TC configurations.

* '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue:
  ice: Fix PF with enabled XDP going no-carrier after reset
  ice: alter feature support check for SRIOV and LAG
  ice: stop trashing VF VSI aggregator node ID information
====================

Link: https://lore.kernel.org/r/20231218192708.3397702-1-anthony.l.nguyen@intel.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-21 08:34:09 +01:00
Thomas Weißschuh
d6e5794b06 net: avoid build bug in skb extension length calculation
GCC seems to incorrectly fail to evaluate skb_ext_total_length() at
compile time under certain conditions.

The issue even occurs if all values in skb_ext_type_len[] are "0",
ruling out the possibility of an actual overflow.

As the patch has been in mainline since v6.6 without triggering the
problem it seems to be a very uncommon occurrence.

As the issue only occurs when -fno-tree-loop-im is specified as part of
CFLAGS_GCOV, disable the BUILD_BUG_ON() only when building with coverage
reporting enabled.

Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202312171924.4FozI5FG-lkp@intel.com/
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/lkml/487cfd35-fe68-416f-9bfd-6bb417f98304@app.fastmail.com/
Fixes: 5d21d0a65b ("net: generalize calculation of skb extensions length")
Cc: <stable@vger.kernel.org>
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20231218-net-skbuff-build-bug-v1-1-eefc2fb0a7d3@weissschuh.net
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-21 08:09:40 +01:00
Lorenzo Bianconi
7cb8cd4daa net: ethernet: mtk_wed: fix possible NULL pointer dereference in mtk_wed_wo_queue_tx_clean()
In order to avoid a NULL pointer dereference, check entry->buf pointer before running
skb_free_frag in mtk_wed_wo_queue_tx_clean routine.

Fixes: 799684448e ("net: ethernet: mtk_wed: introduce wed wo support")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/3c1262464d215faa8acebfc08869798c81c96f4a.1702827359.git.lorenzo@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-21 08:09:22 +01:00
Linus Torvalds
a4aebe9365 posix-timers: Get rid of [COMPAT_]SYS_NI() uses
Only the posix timer system calls use this (when the posix timer support
is disabled, which does not actually happen in any normal case), because
they had debug code to print out a warning about missing system calls.

Get rid of that special case, and just use the standard COND_SYSCALL
interface that creates weak system call stubs that return -ENOSYS for
when the system call does not exist.

This fixes a kCFI issue with the SYS_NI() hackery:

  CFI failure at int80_emulation+0x67/0xb0 (target: sys_ni_posix_timers+0x0/0x70; expected type: 0xb02b34d9)
  WARNING: CPU: 0 PID: 48 at int80_emulation+0x67/0xb0

Reported-by: kernel test robot <oliver.sang@intel.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Sami Tolvanen <samitolvanen@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2023-12-20 21:30:27 -08:00
Linus Torvalds
eee7f5b48e eight import client fixes addressing, most also for stable
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmWDm5MACgkQiiy9cAdy
 T1G34gv+N6wKK2jsQp6zPTGkMNDCcTb2JluSFyTw9IXJDXRICSaVAmG1aBY6X/GT
 pe4NRDd9fD2KZu9wf9Sw4oVpmEoXU4uiQwSGYYkUBMRBj1jqpWYe+Vs7m3ShQyJM
 CAReHCV/TAbLNgjC8ZzrkuyHOh9jSAr3lWYPX9caTWC1n1KkFc1gGBi9A8PhVUJn
 MMKwbugc7bCzXhiAmLy1X7EhLtDvjLsby7r0lveK8OR+iSr9Nf59inX+cwmcePe1
 8pCNrQUX72O5jQ8y7eXIloZaFUwEvXx4TlYR6Ty3TL3h+f2tvQzbKhzKQQmCnB17
 gbInx4rgn5irI8RYgRca3pyXyB0Xv0H3lG0hy7qjvjTdlTYLYhLL18fTy1r9L7f2
 VJ/5aa6fT/WFNezQmyvQ5VSg9n5lQ+Pg5aX6QtjmDWxlOu/VrBddpC1ScjUYBdPa
 0Ep7xUqbDxgUBONa4gQMVHpiiZDfUCibl6pTH+kl6N5EMzLtj0uQhdM37P5B0znS
 s3dQNeWD
 =+3SX
 -----END PGP SIGNATURE-----

Merge tag '6.7-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fixes from Steve French:

 - two multichannel reconnect fixes, one fixing an important refcounting
   problem that can lead to umount problems

 - atime fix

 - five fixes for various potential OOB accesses, including a CVE fix,
   and two additional fixes for problems pointed out by Robert Morris's
   fuzzing investigation

* tag '6.7-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: do not let cifs_chan_update_iface deallocate channels
  cifs: fix a pending undercount of srv_count
  fs: cifs: Fix atime update check
  smb: client: fix potential OOB in smb2_dump_detail()
  smb: client: fix potential OOB in cifs_dump_detail()
  smb: client: fix OOB in smbCalcSize()
  smb: client: fix OOB in SMB2_query_info_init()
  smb: client: fix OOB in cifsd when receiving compounded resps
2023-12-20 21:09:47 -08:00
Linus Torvalds
1bf5c89256 s390 updates for 6.7-rc7
- Fix virtual vs physical address confusion in Storage Class Memory
   (SCM) block device driver.
 
 - Fix saving and restoring of FPU kernel context, which could lead
   to corruption of vector registers 8-15.
 
 - Update defconfigs.
 -----BEGIN PGP SIGNATURE-----
 
 iI0EABYIADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCZYL8uxccYWdvcmRlZXZA
 bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8BlUAQDEWcaTXoHbuLEZ8DN9lVHLryOW
 ACOFFLpPFlIjVj+eCwD+Ir4xzVdWOCImtNlMbsdrIcribmuzezl4nJ001Jhi6QE=
 =o5b2
 -----END PGP SIGNATURE-----

Merge tag 's390-6.7-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Alexander Gordeev:

 - Fix virtual vs physical address confusion in Storage Class Memory
   (SCM) block device driver.

 - Fix saving and restoring of FPU kernel context, which could lead to
   corruption of vector registers 8-15

 - Update defconfigs

* tag 's390-6.7-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390: update defconfigs
  s390/vx: fix save/restore of fpu kernel context
  s390/scm: fix virtual vs physical address confusion
2023-12-20 16:12:39 -08:00
Linus Torvalds
87c71dd604 ARM: SoC fixes for 6.7, part 2
There are only a handful of bugfixes this time, which feels almost too
 small, so I hope we are not missing something important.
 
  - One more mediatek dts warning fix after the previous larger set,
    this should finally result in a clean defconfig build.
 
  - TI OMAP dts fixes for a spurious hang on am335x and invalid data on DTA7
 
  - One DTS fix for ethernet on Oriange Pi Zero (Allwinner H616)
 
  - A regression fix for ti-sysc interconnect target module driver to
    not access registers after reset if srst_udelay quirk is needed
 
  - Reset controller driver fixes for a crash during error handling and
    a build warning
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmWC6TcACgkQYKtH/8kJ
 UidYdw/9F+yGbp71bmlq+pqrqMflw1Xg921gTSx8t4H2PwDY9EID/4TEPQKRP7rj
 FV5r0wegJZMGnu9omCUOj2v71g6eT1S/Ces58u5dp57rcCV4cnUMXumcw/hxwXXE
 hb9l941EFpp/0ARcR8X0SK56xJQiGdsEdH9CD9IpX89CjEuQ3hAgPuw3EagBYsLX
 9ncyv9ngkiaD5INNf3+bKAsHNL9AHDqGT8230RwHF9yOBoq53blSfGwN3ma9C3M/
 lGF+24FgBByXRZWVWU8aWQuD9BMp8IADwYDY7qORUbBgEdlp87n7TkdVmqmC+io7
 C+qRcwwWHy1vA8TKIU17ybicnCuI0/LSWj9OpDx63gKtw/YAyeR2GRH7VheJJT3G
 OOQDfUH2BbF74sqC+uRtP5K1Da1KjmIeSvyq0ClxqYAtvhXrsJjWm5fGvw13MPM0
 gDK4DcD3iNpSJgj7+YQ4p5aQ9LPkX3TwLZilTPFVJzZXWY7+fa/NKi5ySAUUWZU2
 vs3l072WkujAVv8OVrdeAyNEafhQG9vJDbya3dOTGdt416VIvmBAviqGI313D6u/
 neoxOeRgu4ewa8qYYhRn7YK2pFZkKFVY9Lq4kfx3Ee636zWb0QIDXS0wcFVoFLty
 Lawcqx+Jy9V14VRzRhVnIMlBl8CRdlCLC5WU0BFFveFQsFpx+pU=
 =oPLt
 -----END PGP SIGNATURE-----

Merge tag 'soc-fixes-6.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

Pull ARM SoC fixes from Arnd Bergmann:
 "There are only a handful of bugfixes this time, which feels almost too
  small, so I hope we are not missing something important.

   - One more mediatek dts warning fix after the previous larger set,
     this should finally result in a clean defconfig build.

   - TI OMAP dts fixes for a spurious hang on am335x and invalid data on
     DTA7

   - One DTS fix for ethernet on Oriange Pi Zero (Allwinner H616)

   - A regression fix for ti-sysc interconnect target module driver to
     not access registers after reset if srst_udelay quirk is needed

   - Reset controller driver fixes for a crash during error handling and
     a build warning"

* tag 'soc-fixes-6.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
  arm64: dts: mediatek: mt8395-genio-1200-evk: add interrupt-parent for mt6360
  ARM: dts: Fix occasional boot hang for am3 usb
  reset: Fix crash when freeing non-existent optional resets
  ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init
  ARM: dts: dra7: Fix DRA7 L3 NoC node register size
  bus: ti-sysc: Flush posted write only after srst_udelay
  reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
  arm64: dts: allwinner: h616: update emac for Orange Pi Zero 3
2023-12-20 16:06:40 -08:00
Linus Torvalds
1bddd45b5c platform-drivers-x86 for v6.7-5
Fixes:
 - Fan reporting on some ThinkPads
 - Laptop 13 spurious keypresses while suspended
 - Intel PMC correction to avoid crash
 
 The following is an automated shortlog grouped by driver:
 
 amd/pmc:
  -  Disable keyboard wakeup on AMD Framework 13
  -  Move keyboard wakeup disablement detection to pmc-quirks
  -  Move platform defines to header
  -  Only run IRQ1 firmware version check on Cezanne
 
 intel/pmc:
  -  Fix hang in pmc_core_send_ltr_ignore()
 
 thinkpad_acpi:
  -  fix for incorrect fan reporting on some ThinkPad systems
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQSCSUwRdwTNL2MhaBlZrE9hU+XOMQUCZYLGKQAKCRBZrE9hU+XO
 MXs/APoCNjjwrIo1l8yR9hiOQeKm5nRZdg7CPsjzxTyzvtG04gEAvWlsv3K5TG5F
 D6+T62Q4Qs92sbSG7ccwu3Z7icQjNAc=
 =218L
 -----END PGP SIGNATURE-----

Merge tag 'platform-drivers-x86-v6.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86

Pull x86 platform drivers fixes from Ilpo Järvinen:

 - Fan reporting on some ThinkPads

 - Laptop 13 spurious keypresses while suspended

 - Intel PMC correction to avoid crash

* tag 'platform-drivers-x86-v6.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
  platform/x86/amd/pmc: Disable keyboard wakeup on AMD Framework 13
  platform/x86/amd/pmc: Move keyboard wakeup disablement detection to pmc-quirks
  platform/x86/amd/pmc: Only run IRQ1 firmware version check on Cezanne
  platform/x86/amd/pmc: Move platform defines to header
  platform/x86/intel/pmc: Fix hang in pmc_core_send_ltr_ignore()
  platform/x86: thinkpad_acpi: fix for incorrect fan reporting on some ThinkPad systems
2023-12-20 15:58:18 -08:00
Linus Torvalds
1a44b0073b overlayfs fixes for 6.7-rc7
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE9zuTYTs0RXF+Ke33EVvVyTe/1WoFAmWCXnIACgkQEVvVyTe/
 1WpafRAAiEDCJW3nczULYVUhqWqROFwPULpyBs/DNAkc+eZ3i4WC0KlPfSrgpKsw
 V1JBncqxRRU5D5NKDPx2FXUjE+wZKDXqNQizdFKgvEgTmMZ24Avoirq2qfUo1MP+
 pWzRzDYY27geBovLRalmHJt76Jl3OOQ6j4RTCvnroaf5gfHj2eKv9cI/BSCYQ5Lf
 sjvsXEsL07eXZFzY1MaBz4kcn/feJuvQyBxyauLiZ/hsJI2a+W70DNsZUV4y+swE
 xtWxWAJXvtcoJ5aKcfpDcrHhKs6ZOq4iV/F9KgAhM5SkoyWqpGJ1/aZxYv9LfSG3
 5oqKci9qEMdDur6RsE9BLwDr1GZ9sD1N+NjY2gFM+6S+e0Vcg6RHE6Nt+TEDu88n
 FjyzqHF5dOzmV65a+OUMssNjvXsrMOwkonF0Io31njP/xMk1R6HTmGR0EjMbikI6
 2wcIqGFGJwFCt4EtST69jjnLr9NEbtOxu9A2uLnZ02Nn6yokn2jOABzGjwtfLIwF
 rJFqsM6QQDpHq7RVvuzQYPXgVxH87YjLMgBOswH6MlKKGcDTa+RgxU5Jglm3TblZ
 aMTgAgd2vQfP078y2Hvi6ywFD/tN7ROJ44ibKKdFlapn8zVV4M/qqI2vJ39Q2UMx
 BTmTT3ZKK7rFf9BaJGtg1oztXbfv6rgPwFwhNKDaHsMIABgT2Ho=
 =c+C2
 -----END PGP SIGNATURE-----

Merge tag 'ovl-fixes-6.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs

Pull overlayfs fix from Amir Goldstein:
 "Fix a regression from this merge window"

* tag 'ovl-fixes-6.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs:
  ovl: fix dentry reference leak after changes to underlying layers
2023-12-20 12:04:03 -08:00
Linus Torvalds
74d8fc2b86 More bcachefs bugfixes for 6.7:
- Fix a deadlock in the data move path with nocow locks (vs. update in
    place writes); when trylock failed we were incorrectly waiting for in
    flight ios to flush.
  - Fix reporting of NFS file handle length
  - Fix early error path in bch2_fs_alloc() - list head wasn't being
    initialized early enough
  - Make sure correct (hardware accelerated) crc modules get loaded
  - Fix a rare overflow in the btree split path, when the packed bkey
    format grows and all the keys have no value (LRU btree).
  - Fix error handling in the sector allocator
    This was causing writes to spuriously fail in multidevice setups, and
    another bug meant that the errors weren't being logged, only reported
    via fsync.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEKnAFLkS8Qha+jvQrE6szbY3KbnYFAmWCXs8ACgkQE6szbY3K
 bnaNcQ//bECexJp/gNYJg1kZDEeLrYoe5rAjVEE46hWM+PuXV8NqzJqw+lqhmnzL
 x/gX6vT/daGU2TMvxHo6Utk2dcmR18iYK3O1DK+No0m/U4riuB8sYNU2jw3QLYGc
 onZKg5fFqmuM5riuKDEsLnkTiDE/PRQ++YuFKcp9ejG57sSXszvPymAZVPC3pT17
 tGD0ejpVqjmp0ztKuCnFoknLhf8YxOIBwF2nHgtsVOKqBAmutmQcNPnuTdpYu5TO
 Bdc24DIWJqfjyGqO9SxlpcOYBp5dDK2PeP9FJ7UL6aDj3swP2DChKGZr0OW7h3jH
 wDFt7rR392Hcc5PEBJMU0CDdVj4Y5B6M88PUlUlNGKXgaX/epMKZTqSzepx2pqT6
 zjn+wN8Y/092NuEPeIDbAXny+LmxHGf4BPRvraruertLD/sPtW+p1qA0OB5+9leK
 SrfR/RMqSlPLEAgxbQ+AOtCaODgPODpLV3zpOdZU+NtWfXcs7sAxNcrEGk7pjnjn
 1YQn+LSHXGovURhJsDMT/ht8UOm9ryx1aCzRA344wPtyvswis9xy+GnGhsrwhjcu
 5TKvu9B3Lg3IONoMSegtInWJK2FiO9oOAuf75vjSaID+lAEiRNfxofU8dQ9DV3hx
 GHWz8D1tHobPVRtUJg6geC+3td06dFyKSD9cBPoNO5T23dgxQNQ=
 =y4Cl
 -----END PGP SIGNATURE-----

Merge tag 'bcachefs-2023-12-19' of https://evilpiepirate.org/git/bcachefs

Pull more bcachefs fixes from Kent Overstreet:

 - Fix a deadlock in the data move path with nocow locks (vs. update in
   place writes); when trylock failed we were incorrectly waiting for in
   flight ios to flush.

 - Fix reporting of NFS file handle length

 - Fix early error path in bch2_fs_alloc() - list head wasn't being
   initialized early enough

 - Make sure correct (hardware accelerated) crc modules get loaded

 - Fix a rare overflow in the btree split path, when the packed bkey
   format grows and all the keys have no value (LRU btree).

 - Fix error handling in the sector allocator

   This was causing writes to spuriously fail in multidevice setups, and
   another bug meant that the errors weren't being logged, only reported
   via fsync.

* tag 'bcachefs-2023-12-19' of https://evilpiepirate.org/git/bcachefs:
  bcachefs: Fix bch2_alloc_sectors_start_trans() error handling
  bcachefs; guard against overflow in btree node split
  bcachefs: btree_node_u64s_with_format() takes nr keys
  bcachefs: print explicit recovery pass message only once
  bcachefs: improve modprobe support by providing softdeps
  bcachefs: fix invalid memory access in bch2_fs_alloc() error path
  bcachefs: Fix determining required file handle length
  bcachefs: Fix nocow locks deadlock
2023-12-20 11:24:28 -08:00
Linus Torvalds
ac1c13e257 nfsd-6.7 fixes:
- Address a few recently-introduced issues
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEKLLlsBKG3yQ88j7+M2qzM29mf5cFAmWB+F4ACgkQM2qzM29m
 f5dZKBAAoAxQA9FTIcb+uMIviGvMFBylKv9mhQxKSkhWhhP9XX2ESXAl+6pcBQJP
 ikjWw09WO/6ttvxg4hY7exk6FgkDuCALnx1xB6azEq5Ndf4T2aauuFUTEERfQ8th
 mtGSKEX1a98bGlkBIVQgfr3VFbQ0MRwcr0iGKfbHC3X5GiuFZOHn5fFE+0LjXWyJ
 7MjI0Du3lXDlrG5mJ88T5ySMcbaOWBTzqlMY3kbwcf1dWy3TZ6uh6faXqbemrDPg
 Zixj6JGi+oLlrbYYjQV1Sm5QLW3e882QCQ0U9g2sOEjmLRN/hbCE90i6l1rVEe9a
 E1ZkAY5qtl+iFK6cbAYUt6lOcZaF8lNeEtBW5JhcFm7f7CJAUSmMb05klZ6rwpXR
 l6UDwQtnAbmghqAwuKaWdfxys/yqFTvKNJRida7+qK1fs8H8q0y/acKsIv/5PoWz
 cJvWXova4wIT7Q3xneaYXhHk1aWTQTooErQ0VrgnsE0Ch7Vc4sONhQ3SLajllChD
 x3JL0DgDJ6mO/JaFZCfIy3ihEaprV0uL3bqgXaad1SszEWJt4HCCE1fQpI0cSbXH
 Vyq5H0R74EoLh8TGc6dbJ5wZwU81P6Rc0nHz/VU+gUPrEeNYKv8P2bahnXfR7Nsc
 F93sl2DqQOEv/Q/h/9UolwL7AGl6TkzdPKEoYKNafagUWT031y0=
 =F1lB
 -----END PGP SIGNATURE-----

Merge tag 'nfsd-6.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux

Pull nfsd fixes from Chuck Lever:

 - Address a few recently-introduced issues

* tag 'nfsd-6.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
  SUNRPC: Revert 5f7fc5d69f
  NFSD: Revert 738401a9bd
  NFSD: Revert 6c41d9a9bd
  nfsd: hold nfsd_mutex across entire netlink operation
  nfsd: call nfsd_last_thread() before final nfsd_put()
2023-12-20 11:16:50 -08:00
Linus Torvalds
0a7a93d96d - DM raid target (and MD raid) fix for reconfig_mutex MD deadlock that
should have been merged along with recent v6.7-rc6 MD fixes (see MD
   related commits: f2d87a759f68^..b39113349de6)
 
 - DM integrity target fix to avoid modifying immutable biovec in the
   integrity_metadata() edge case where kmalloc fails.
 
 - Fix drivers/md/Kconfig so DM_AUDIT depends on BLK_DEV_DM.
 
 - Update DM entry in MAINTAINERS to remove stale info.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEJfWUX4UqZ4x1O2wixSPxCi2dA1oFAmWB5+4ACgkQxSPxCi2d
 A1oNCQf9GsB0h6BzCXNR334yz82N6dBCVD6FvOUaBY0oUFC8Fsb4x3uI6X7U6isz
 7+ZdFvxXq2DWYctUdW9UnEG6O04dJkswdFh2xUGN09GBgUd14BHu/ElZsRKxhWYw
 n4BmJsBrRiGKrG4Jl0KIMjxiVeQUsUWPYUb2GpZ3wXRJotXBPhOGyXBbl8KRz9zF
 XLgYjtbpeSQSjlDl7Id85LB3SD7YqIG2OnxhEpVf+dGttr94+8MITbkgdzBPpKuj
 e0YULwAZlvHFvTdp/9TtjaBNvKH6oPtfMmpDGQDJjqmTa+ImqM2rV2aHCTsXZAM/
 1OQWqgbX9J2BeWqUUhH6iA9Xk7ra5A==
 =L/z8
 -----END PGP SIGNATURE-----

Merge tag 'dm-6.7/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

 - DM raid target (and MD raid) fix for reconfig_mutex MD deadlock that
   should have been merged along with recent v6.7-rc6 MD fixes (see MD
   related commits: f2d87a759f68^..b39113349de6)

 - DM integrity target fix to avoid modifying immutable biovec in the
   integrity_metadata() edge case where kmalloc fails.

 - Fix drivers/md/Kconfig so DM_AUDIT depends on BLK_DEV_DM.

 - Update DM entry in MAINTAINERS to remove stale info.

* tag 'dm-6.7/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  MAINTAINERS: remove stale info for DEVICE-MAPPER
  dm audit: fix Kconfig so DM_AUDIT depends on BLK_DEV_DM
  dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata()
  dm-raid: delay flushing event_work() after reconfig_mutex is released
2023-12-20 11:01:28 -08:00
Randy Dunlap
7beb82b7d5 tracing/synthetic: fix kernel-doc warnings
scripts/kernel-doc warns about using @args: for variadic arguments to
functions. Documentation/doc-guide/kernel-doc.rst says that this should
be written as @...: instead, so update the source code to match that,
preventing the warnings.

trace_events_synth.c:1165: warning: Excess function parameter 'args' description in '__synth_event_gen_cmd_start'
trace_events_synth.c:1714: warning: Excess function parameter 'args' description in 'synth_event_trace'

Link: https://lore.kernel.org/linux-trace-kernel/20231220061226.30962-1-rdunlap@infradead.org

Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes: 35ca5207c2 ("tracing: Add synthetic event command generation functions")
Fixes: 8dcc53ad95 ("tracing: Add synth_event_trace() and related functions")
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2023-12-20 12:51:03 -05:00
Macpaul Lin
fa3d6c7183
arm64: dts: mediatek: mt8395-genio-1200-evk: add interrupt-parent for mt6360
This patch fix the warning introduced by mt6360 node in
mt8395-genio-1200-evk.dts.

arch/arm64/boot/dts/mediatek/mt8195.dtsi:464.4-27: Warning (interrupts_property): /soc/i2c@11d01000/pmic@34:#interrupt-cells: size is (8), expected multiple of 16

Add a missing 'interrupt-parent' to fix this warning.

Fixes: f2b543a191 ("arm64: dts: mediatek: add device-tree for Genio 1200 EVK board")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/linux-devicetree/20231212214737.230115-1-arnd@kernel.org/
Signed-off-by: Macpaul Lin <macpaul.lin@mediatek.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2023-12-20 13:05:43 +00:00
Arnd Bergmann
02350805ee Fix for occasional boot hang for am335x USB
A fix for occasional boot hang for am335x USB that I've only recently
 started noticing.
 
 This can be merged naturally whenever suitable. This issue has been seen
 with other similar SoCs earlier and has clearly existed for a long time.
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEkgNvrZJU/QSQYIcQG9Q+yVyrpXMFAmWCzvcRHHRvbnlAYXRv
 bWlkZS5jb20ACgkQG9Q+yVyrpXPLBxAA4RmKA3bAGcmyR++ppU1IxLNcKd2owPcr
 mXu8j4QMOZgZEuE5uk6T6O+/5xoMzQ4kwq3o1PYXwC2rMOkV2xkv2qAyzk7wd4E8
 ZQwbzbEk/VDFfBaHuevQxwX3eP4Ry2wTzr9X9yrbINSDIFexY4X8y9BMiNBlhrpi
 1s6pMy0hCZCn59r2Iy6+GewKKKYW1DvpLEByfW+WyUL8d0g7vbSRSQznnkDb6KbO
 6Jcmj2ldfs4woc+AthbHZayQ4LvU9WNR8pdSc6BMBJcxMDAKbNkFMYHOVJirZmL8
 ot/z2XoIee7YbLBYN2oWJxCocaDDuRBpDHKlq0SLhpYzc2SKs/POiFuTlWC9mPxV
 CPyIbBJRE+MNHPNDjnbdov9GmfsRxk4DezBExTtM5xUuFMTbF1rsUAVZAGuOh8xh
 xVvGAoCJzM+cGKdDpr1buWx2StT3p6pQz+npK9HxGpu5/iDsFsEvRpcR6nxOIZZM
 /AQ+F9ssOj3/Hs2KeA9LtOPPGn1GGUvui4NEzFJSYpM9lIXLoPs7J30Pm+6tA3CE
 9ELpyWn2yNM5aNrW4UrtqScoKogIPF8ArCi7kRnXRu4HOplM7RenXUHTcfpUOydS
 EIOc+7uRbYT8FFcdmfd3Jd35byVrkTcP9rBJJKDjOpbG3UqZQVI2I1nUjnGkbYyA
 tgoSTrUFvs8=
 =9ILx
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmWC2FYACgkQYKtH/8kJ
 UidimA/+LnWRm1wgYiqkyOMTnqeDKvJTUVLpuzioSiqI2Pn97Ggwt8uECuvLHN/4
 WmjDc0LNNjmFtGUgxiei0XKhIrs8pzGOBK3ZzZ83WoIqU8wVvDchZlYQRkOg6VMJ
 5BcCmNGWmax0vnbm2j4mtZ3qJmkH4qbMZDl9z5bq6Ed73scxKJ0ftVDDSOvPWzIP
 mUrLJpLqpq4sWq8b2TwxQMyKV57JNhbFXCeQyIODqA6lSodCRIyBwOKtsPqHdde8
 +PcsNPJ54uvzG79aQ3uFEry2vzYmqFPHudX1SVlh4cbqzrQpPxveNhCQ9Zoor3TX
 2uWZoTokcTSKg+g5xTtfKFzYg1SbH7wGqw2DwX4Ou8M4BbJ4MUc5tVCopnWf6IVj
 8DanN5VwrXeb2dlfsxgCe0sgo1dPHGgLzQW45128XZ2s9dkToy3azNvGNE2qv3pJ
 Jm/pvyrSgIdICb2MSKmfFK1UiH3dXg3mO80RibEvII8daq61UyKXXaxs5R2n8I8k
 BEkt5Flogaqm88ZcIHBkXu3CMRqlcMEWXRwWvZqF5hbLWnFExqXbYQg9Wa6D4VLe
 wvZ3aK7GZLmGKVZgS1bDDpitpRJZUTVZ4bjdDQtSJZfOG9RLcc26D/9LIOhrvqYQ
 QNcttvPHIUEcFKEhMMfJP6ElBHQev4ekktQH/0OixsC2GnD1HTI=
 =4AMb
 -----END PGP SIGNATURE-----

Merge tag 'am3-usb-hang-fix-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/fixes

Fix for occasional boot hang for am335x USB

A fix for occasional boot hang for am335x USB that I've only recently
started noticing.

This can be merged naturally whenever suitable. This issue has been seen
with other similar SoCs earlier and has clearly existed for a long time.

* tag 'am3-usb-hang-fix-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  ARM: dts: Fix occasional boot hang for am3 usb

Link: https://lore.kernel.org/r/pull-1703071616-395333@atomide.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2023-12-20 12:04:38 +00:00
Arnd Bergmann
2096d3ec46 Fixes for omaps
A few fixes for omaps:
 
 - A regression fix for ti-sysc interconnect target module driver to not access
   registers after reset if srst_udelay quirk is needed
 
 - DRA7 L3 NoC node register size fix
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEkgNvrZJU/QSQYIcQG9Q+yVyrpXMFAmVzCN8RHHRvbnlAYXRv
 bWlkZS5jb20ACgkQG9Q+yVyrpXOEig/+M2KjohrRcQ3yzS1K1+abpiK/+Zud+8D7
 4sUjv4R3DB4X0TA91m41Nm/cqnIayrwtekiWdBdyEarp+KEZxIt4UHUKLypNb52u
 MdhGp/n2662FPrgmj1gRKOZuu1rtKG30QdBXBA8mZAffC23uQXBImWIE4BBGQtHf
 MnLBhH7y+7CHLuISnC4pViGMO1mP+6VV4ienM5FEn+e9QkFZazzGYVi7hbQLc1dZ
 XCwdO7vecPscHKZwNuxOdHlmp1QRWmu7sdXqerDhewnzk2qN0AvWxfgJl0I7ovy+
 +k0wjnrN6RVuVypLC4/wAQAmLM/FZwJapSWp/ZdwOTz2R1FXLk1pRar7XpGgQojM
 z5Q9zCPqLZ+HhbTJSRz8pMYGnjuibQ877N0d0/ECc8gqCb/Y74bGxApoTcqWnZj1
 1UP54AWSO2VvnkhlIeD8o2dnrVbKpYBNEkZ690nHy8JDbUz8KYosKJ1u1L/4pOTl
 SwZY3WH8d7I3nxfpF8AtqVJLmVQ7W2RHLSa/3ovFGGkgj9Bfo8srTdSKcrvGhFQc
 3fwf5e3t//K7/MkdRJ8YWmAeuw8QlmqgaUeK48Y+ZlN0QW7MNWBAcIbYd6sfGZuM
 1IYZPb0PyfFNPkMXQvoJwERqkz/z48vij/4HPmIhJcEC/RD34I6bj23JkQLVivho
 hcU5yZgAXLY=
 =U4b9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmWC19cACgkQYKtH/8kJ
 Uic66w/+KwhrJQKv9dMEUJspCho572cA/b+ecmwSMse3WNuTtuLoH3OA7in/TT8o
 l9B1UJqW1zrVH94+kpKgBlvhVQnryZBx8KD/RBxh9tW9mkWlTRlxwCguVhllKXyk
 Nmjz0HQG6vshE1RsLy/yrZiGklc8HEg6ImV7g9aQxg3ajKjHFapzD2RiCWJtvAD9
 BAT2+pJpR5Mq93i9xbGooJKB/ICL1AXbWOC/xmTjKPcDVtdxArVcmnAoRQ7dMUOl
 4yx+tklpRYOkX+qiWEKwRsbuMAKEUmKKkLbON/gVyw+cSB29HXJaysOsWc3LgrY1
 zNaBnhQtWy5FsUeCcOJgi54OyKpN/QJkM3IY3UxdVnyyftfxrbGlJdCel59Y+0V1
 DK4Ab3OSHNiUm4zMv+31rHyCS71jnK245dMFqHcuF7Ij+lIyT1IRiIUHDntpkl0A
 3thG618Du9iyz/NS2hwlJ7B/vhCT3JGZDJwFv/d0qCrI560PD5tlPWlLteCCRbB3
 aj9p5XjurPdTlvUY1AIFoFy5zNNd7kEV4hc+hmCreRX2+fi3zerIR3L+AmLv5zKH
 Yivw06zBopu4cUaHGw4o8NCPsKMaUL3gYZlL6fl5W1yx702CkEXFlJMT86gLd+y3
 xsJ9QaDpdvhXops63muj5k0wcQ+SuxMiI/894G0yjgkVie4R4ro=
 =IJiJ
 -----END PGP SIGNATURE-----

Merge tag 'omap-for-v6.7/fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/fixes

Fixes for omaps

A few fixes for omaps:

- A regression fix for ti-sysc interconnect target module driver to not access
  registers after reset if srst_udelay quirk is needed

- DRA7 L3 NoC node register size fix

* tag 'omap-for-v6.7/fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init
  ARM: dts: dra7: Fix DRA7 L3 NoC node register size
  bus: ti-sysc: Flush posted write only after srst_udelay

Link: https://lore.kernel.org/r/pull-1702037799-781982@atomide.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2023-12-20 12:02:31 +00:00
David Howells
74cef6872c afs: Fix dynamic root lookup DNS check
In the afs dynamic root directory, the ->lookup() function does a DNS check
on the cell being asked for and if the DNS upcall reports an error it will
report an error back to userspace (typically ENOENT).

However, if a failed DNS upcall returns a new-style result, it will return
a valid result, with the status field set appropriately to indicate the
type of failure - and in that case, dns_query() doesn't return an error and
we let stat() complete with no error - which can cause confusion in
userspace as subsequent calls that trigger d_automount then fail with
ENOENT.

Fix this by checking the status result from a valid dns_query() and
returning an error if it indicates a failure.

Fixes: bbb4c4323a ("dns: Allow the dns resolver to retrieve a server set")
Reported-by: Markus Suvanto <markus.suvanto@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=216637
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Markus Suvanto <markus.suvanto@gmail.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
2023-12-20 11:57:47 +00:00
David Howells
71f8b55bc3 afs: Fix the dynamic root's d_delete to always delete unused dentries
Fix the afs dynamic root's d_delete function to always delete unused
dentries rather than only deleting them if they're positive.  With things
as they stand upstream, negative dentries stemming from failed DNS lookups
stick around preventing retries.

Fixes: 66c7e1d319 ("afs: Split the dynroot stuff out and give it its own ops tables")
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Markus Suvanto <markus.suvanto@gmail.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
2023-12-20 11:57:35 +00:00
Lai Peter Jun Ann
bd7f77dae6 net: stmmac: fix incorrect flag check in timestamp interrupt
The driver should continue get the timestamp if STMMAC_FLAG_EXT_SNAPSHOT_EN
flag is set.

Fixes: aa5513f5d9 ("net: stmmac: replace the ext_snapshot_en field with a flag")
Cc: <stable@vger.kernel.org> # 6.6
Signed-off-by: Song Yoong Siang <yoong.siang.song@intel.com>
Signed-off-by: Lai Peter Jun Ann <jun.ann.lai@intel.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Serge Semin <fancer.lancer@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-12-20 11:21:10 +00:00
David S. Miller
498444e390 bluetooth pull request for net:
- Add encryption key size check when acting as peripheral
  - Shut up false-positive build warning
  - Send reject if L2CAP command request is corrupted
  - Fix Use-After-Free in bt_sock_recvmsg
  - Fix not notifying when connection encryption changes
  - Fix not checking if HCI_OP_INQUIRY has been sent
  - Fix address type send over to the MGMT interface
  - Fix deadlock in vhci_send_frame
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE7E6oRXp8w05ovYr/9JCA4xAyCykFAmV8mvcZHGx1aXoudm9u
 LmRlbnR6QGludGVsLmNvbQAKCRD0kIDjEDILKcFTEACQRFdK50+kKekfzNoFe4SA
 CEDQqPyoR59Q12zc/sZmVVdWKCLjHT3yx9/3UPOPhz4LWQl0juvpPhNE/WSIh+Dx
 eozOZViebOfh9DstOSnjDKg7qGrybEjmtpVJn+jcFfzJedDVHF+POM97SleGSj50
 EgJ8j3Qe8KNVQqhT0beJUE/Ku5f6zDBxZ3gcgphIU2CVnWQwrR36yaY/psDRn3oz
 YXcSz/Un4gWpIw0pwby8kViFjcnt8c65xJLX0o+WL+2rJecTiikDvSPtVHhI3F9W
 1dmZ9rNg+mBYc+Lw/LkpDpj051+A+dINa71jLS/XCZyj4MMQw3uH/8D2diHwLxX8
 Nst3ZF/xDZsEjFEbJEfDamM6M7DtqmltQ8A28Lmp90+AMIczNlrU2ZYAnRd+zK/H
 pbzTNddbVEj7gSSJb2OrymN45i1unX7dHZ9ASDAzBDxgQEdsrM0W1Qp0YW+7qefa
 ihvQOGM52ZdGNM6C73rvSYXssGKTp8G/illIQkHg4szs1H96Yw4x2ArXo5S1KANC
 5c/k4qQEsr7vgDgkfORtJZ6BKFBb6p6/toyf2GizAiGfcsKCUwHvd7i8/AeGznj3
 bCkLnL5v9nOSEeIqvBe9hIFsL6a3k1CbpTF4U/tK33Ybqqp8eiGrQY35+1EESdY4
 Cy5fz5AgONuLAiOoypmN5A==
 =JAze
 -----END PGP SIGNATURE-----

Merge tag 'for-net-2023-12-15' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

Luiz Augusto von Dentz says:

====================
bluetooth pull request for net:

 - Add encryption key size check when acting as peripheral
 - Shut up false-positive build warning
 - Send reject if L2CAP command request is corrupted
 - Fix Use-After-Free in bt_sock_recvmsg
 - Fix not notifying when connection encryption changes
 - Fix not checking if HCI_OP_INQUIRY has been sent
 - Fix address type send over to the MGMT interface
 - Fix deadlock in vhci_send_frame
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2023-12-20 11:12:12 +00:00
Kent Overstreet
247ce5f1bb bcachefs: Fix bch2_alloc_sectors_start_trans() error handling
When we fail to allocate because of insufficient open buckets, we don't
want to retry from the full set of devices - we just want to retry in
blocking mode.

But if the retry in blocking mode fails with a different error code, we
end up squashing the -BCH_ERR_open_buckets_empty error with an error
that makes us thing we won't be able to allocate (insufficient_devices)
- which is incorrect when we didn't try to allocate from the full set of
devices, and causes the write to fail.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2023-12-19 19:01:52 -05:00
Kent Overstreet
7ba1f6ec97 bcachefs; guard against overflow in btree node split
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2023-12-19 16:18:16 -05:00
Kent Overstreet
0fa3b97767 bcachefs: btree_node_u64s_with_format() takes nr keys
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2023-12-19 16:18:13 -05:00
Linus Torvalds
55cb5f4368 tracing fix for 6.7-rc6
While working on the ring buffer, I found one more bug with the timestamp
 code, and the fix for this removed the need for the final 64-bit cmpxchg!
 
 The ring buffer events hold a "delta" from the previous event. If it is
 determined that the delta can not be calculated, it falls back to adding an
 absolute timestamp value. The way to know if the delta can be used is via
 two stored timestamps in the per-cpu buffer meta data:
 
  before_stamp and write_stamp
 
 The before_stamp is written by every event before it tries to allocate its
 space on the ring buffer. The write_stamp is written after it allocates its
 space and knows that nothing came in after it read the previous
 before_stamp and write_stamp and the two matched.
 
 A previous fix dd93942570 ("ring-buffer: Do not try to put back
 write_stamp") removed putting back the write_stamp to match the
 before_stamp so that the next event could use the delta, but races were
 found where the two would match, but not be for of the previous event.
 
 It was determined to allow the event reservation to not have a valid
 write_stamp when it is finished, and this fixed a lot of races.
 
 The last use of the 64-bit timestamp cmpxchg depended on the write_stamp
 being valid after an interruption. But this is no longer the case, as if an
 event is interrupted by a softirq that writes an event, and that event gets
 interrupted by a hardirq or NMI and that writes an event, then the softirq
 could finish its reservation without a valid write_stamp.
 
 In the slow path of the event reservation, a delta can still be used if the
 write_stamp is valid. Instead of using a cmpxchg against the write stamp,
 the before_stamp needs to be read again to validate the write_stamp. The
 cmpxchg is not needed.
 
 This updates the slowpath to validate the write_stamp by comparing it to
 the before_stamp and removes all rb_time_cmpxchg() as there are no more
 users of that function.
 
 The removal of the 32-bit updates of rb_time_t will be done in the next
 merge window.
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZYHVxhQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qhk5AQDT56Uis34ewzeEzkwBSs8nsV2HDhnA
 d0CU4BHsf0GUVQD9E2eWVbIB9z8MiQwNMvKslpFJYmGCzr359pCMzoOmcws=
 =0rcD
 -----END PGP SIGNATURE-----

Merge tag 'trace-v6.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull tracing fix from Steven Rostedt:
 "While working on the ring buffer, I found one more bug with the
  timestamp code, and the fix for this removed the need for the final
  64-bit cmpxchg!

  The ring buffer events hold a "delta" from the previous event. If it
  is determined that the delta can not be calculated, it falls back to
  adding an absolute timestamp value. The way to know if the delta can
  be used is via two stored timestamps in the per-cpu buffer meta data:

   before_stamp and write_stamp

  The before_stamp is written by every event before it tries to allocate
  its space on the ring buffer. The write_stamp is written after it
  allocates its space and knows that nothing came in after it read the
  previous before_stamp and write_stamp and the two matched.

  A previous fix dd93942570 ("ring-buffer: Do not try to put back
  write_stamp") removed putting back the write_stamp to match the
  before_stamp so that the next event could use the delta, but races
  were found where the two would match, but not be for of the previous
  event.

  It was determined to allow the event reservation to not have a valid
  write_stamp when it is finished, and this fixed a lot of races.

  The last use of the 64-bit timestamp cmpxchg depended on the
  write_stamp being valid after an interruption. But this is no longer
  the case, as if an event is interrupted by a softirq that writes an
  event, and that event gets interrupted by a hardirq or NMI and that
  writes an event, then the softirq could finish its reservation without
  a valid write_stamp.

  In the slow path of the event reservation, a delta can still be used
  if the write_stamp is valid. Instead of using a cmpxchg against the
  write stamp, the before_stamp needs to be read again to validate the
  write_stamp. The cmpxchg is not needed.

  This updates the slowpath to validate the write_stamp by comparing it
  to the before_stamp and removes all rb_time_cmpxchg() as there are no
  more users of that function.

  The removal of the 32-bit updates of rb_time_t will be done in the
  next merge window"

* tag 'trace-v6.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  ring-buffer: Fix slowpath of interrupted event
2023-12-19 12:25:43 -08:00
Linus Torvalds
9c749e61a1 ARC fixes for 6.7
- build error for hugetlb, sparse and smatch fixes
 
  - Removal of VIPT aliasing cache code
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEOXpuCuR6hedrdLCJadfx3eKKwl4FAmWBJsIACgkQadfx3eKK
 wl5mjQ/+NnUv9+CT3uFJFue9KNfNVQg8ZxGHd3eOMa6rJJRx5SSpPHGKcsa0mdda
 /u+OmqFTnkx1OahrJcSo6epOQc4MW6W43cFqcDWQnQDPr7s8Za6GFXGAhayXu5ff
 Qnp/Bb1WUF97KHdpvYhl6zy0U5Er9pfT2qpWFzNwue0woNwg4RCIxhcPtSHnzJ5J
 06CWPKmtRkFVZo3dwDKHnyL41P0nhLqE4PfNtl7fEDHVU0G5S+L4csyHpSULbVLn
 5V+5oSDaQLy0dKw6fQAcntikqAKRZVP//8NWOEkqnbtAI37yO6gsrCEZxOvIqpGc
 ovjejC4pzS7lscQurQYWUtCd5GYreypIC0E0Luf78Iopt1KjpgqXmPjaS5sT2om1
 LCVt2LEmImtxA1aBIVZGshYyA2oebKARVfVvaxRaVj5un89J3nTS6pkiwdWwK8JC
 E2cAyfgnDW9n3J7gGbfOiRBqLna3fFUqBpybCcN/IP8fnCd7VGv9dnMMABWy1kP8
 MmzJEjAC3nKXyoQo8cf96aOGqzt6fL3odxO/nvaFjyq0AmRN4I410ZJfylqSFVYe
 n3bpjgZDRcaZkRltkk9eMDxl82BKMivYLr3Vya/r4WZSZr/+I7jIKzw9Tcbq9SjT
 r4haRp/tVqJuOX5CSMEExV6AuJ07aliztIrWD3qh38bFnXYlAOw=
 =82fK
 -----END PGP SIGNATURE-----

Merge tag 'arc-6.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc

Pull ARC fixes from Vineet Gupta:

 - build error for hugetlb, sparse and smatch fixes

 - removal of VIPT aliasing cache code

* tag 'arc-6.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
  ARC: add hugetlb definitions
  ARC: fix smatch warning
  ARC: fix spare error
  ARC: mm: retire support for aliasing VIPT D$
  ARC: entry: move ARCompact specific bits out of entry.h
  ARC: entry: SAVE_ABI_CALLEE_REG: ISA/ABI specific helper
2023-12-19 12:19:25 -08:00
Shyam Prasad N
12d1e301bd cifs: do not let cifs_chan_update_iface deallocate channels
cifs_chan_update_iface is meant to check and update the server
interface used for a channel when the existing server interface
is no longer available.

So far, this handler had the code to remove an interface entry
even if a new candidate interface is not available. Allowing
this leads to several corner cases to handle.

This change makes the logic much simpler by not deallocating
the current channel interface entry if a new interface is not
found to replace it with.

Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-12-19 11:04:04 -06:00
Shyam Prasad N
f30bbc3870 cifs: fix a pending undercount of srv_count
The following commit reverted the changes to ref count
the server struct while scheduling a reconnect work:
8233425248 Revert "cifs: reconnect work should have reference on server struct"

However, a following change also introduced scheduling
of reconnect work, and assumed ref counting. This change
fixes that as well.

Fixes umount problems like:

[73496.157838] CPU: 5 PID: 1321389 Comm: umount Tainted: G        W  OE      6.7.0-060700rc6-generic #202312172332
[73496.157841] Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET67W (1.50 ) 12/15/2022
[73496.157843] RIP: 0010:cifs_put_tcp_session+0x17d/0x190 [cifs]
[73496.157906] Code: 5d 31 c0 31 d2 31 f6 31 ff c3 cc cc cc cc e8 4a 6e 14 e6 e9 f6 fe ff ff be 03 00 00 00 48 89 d7 e8 78 26 b3 e5 e9 e4 fe ff ff <0f> 0b e9 b1 fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90
[73496.157908] RSP: 0018:ffffc90003bcbcb8 EFLAGS: 00010286
[73496.157911] RAX: 00000000ffffffff RBX: ffff8885830fa800 RCX: 0000000000000000
[73496.157913] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[73496.157915] RBP: ffffc90003bcbcc8 R08: 0000000000000000 R09: 0000000000000000
[73496.157917] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[73496.157918] R13: ffff8887d56ba800 R14: 00000000ffffffff R15: ffff8885830fa800
[73496.157920] FS:  00007f1ff0e33800(0000) GS:ffff88887ba80000(0000) knlGS:0000000000000000
[73496.157922] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[73496.157924] CR2: 0000115f002e2010 CR3: 00000003d1e24005 CR4: 00000000003706f0
[73496.157926] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[73496.157928] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[73496.157929] Call Trace:
[73496.157931]  <TASK>
[73496.157933]  ? show_regs+0x6d/0x80
[73496.157936]  ? __warn+0x89/0x160
[73496.157939]  ? cifs_put_tcp_session+0x17d/0x190 [cifs]
[73496.157976]  ? report_bug+0x17e/0x1b0
[73496.157980]  ? handle_bug+0x51/0xa0
[73496.157983]  ? exc_invalid_op+0x18/0x80
[73496.157985]  ? asm_exc_invalid_op+0x1b/0x20
[73496.157989]  ? cifs_put_tcp_session+0x17d/0x190 [cifs]
[73496.158023]  ? cifs_put_tcp_session+0x1e/0x190 [cifs]
[73496.158057]  __cifs_put_smb_ses+0x2b5/0x540 [cifs]
[73496.158090]  ? tconInfoFree+0xc2/0x120 [cifs]
[73496.158130]  cifs_put_tcon.part.0+0x108/0x2b0 [cifs]
[73496.158173]  cifs_put_tlink+0x49/0x90 [cifs]
[73496.158220]  cifs_umount+0x56/0xb0 [cifs]
[73496.158258]  cifs_kill_sb+0x52/0x60 [cifs]
[73496.158306]  deactivate_locked_super+0x32/0xc0
[73496.158309]  deactivate_super+0x46/0x60
[73496.158311]  cleanup_mnt+0xc3/0x170
[73496.158314]  __cleanup_mnt+0x12/0x20
[73496.158330]  task_work_run+0x5e/0xa0
[73496.158333]  exit_to_user_mode_loop+0x105/0x130
[73496.158336]  exit_to_user_mode_prepare+0xa5/0xb0
[73496.158338]  syscall_exit_to_user_mode+0x29/0x60
[73496.158341]  do_syscall_64+0x6c/0xf0
[73496.158344]  ? syscall_exit_to_user_mode+0x37/0x60
[73496.158346]  ? do_syscall_64+0x6c/0xf0
[73496.158349]  ? exit_to_user_mode_prepare+0x30/0xb0
[73496.158353]  ? syscall_exit_to_user_mode+0x37/0x60
[73496.158355]  ? do_syscall_64+0x6c/0xf0

Reported-by: Robert Morris <rtm@csail.mit.edu>
Fixes: 705fc522fe ("cifs: handle when server starts supporting multichannel")
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-12-19 10:59:11 -06:00
Heiko Carstens
3d940bb181 s390: update defconfigs
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
2023-12-19 17:37:26 +01:00
Zizhi Wo
01fe654f78 fs: cifs: Fix atime update check
Commit 9b9c5bea0b ("cifs: do not return atime less than mtime") indicates
that in cifs, if atime is less than mtime, some apps will break.
Therefore, it introduce a function to compare this two variables in two
places where atime is updated. If atime is less than mtime, update it to
mtime.

However, the patch was handled incorrectly, resulting in atime and mtime
being exactly equal. A previous commit 69738cfdfa ("fs: cifs: Fix atime
update check vs mtime") fixed one place and forgot to fix another. Fix it.

Fixes: 9b9c5bea0b ("cifs: do not return atime less than mtime")
Cc: stable@vger.kernel.org
Signed-off-by: Zizhi Wo <wozizhi@huawei.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-12-19 10:33:57 -06:00
Paulo Alcantara
567320c46a smb: client: fix potential OOB in smb2_dump_detail()
Validate SMB message with ->check_message() before calling
->calc_smb_size().

This fixes CVE-2023-6610.

Reported-by: j51569436@gmail.com
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218219
Cc; stable@vger.kernel.org
Signed-off-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-12-19 10:33:39 -06:00
Paolo Abeni
8353c2abc0 Merge branch 'check-vlan-filter-feature-in-vlan_vids_add_by_dev-and-vlan_vids_del_by_dev'
Liu Jian says:

====================
check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()

v2->v3:
	Filter using vlan_hw_filter_capable().
	Add one basic test.
====================

Link: https://lore.kernel.org/r/20231216075219.2379123-1-liujian56@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-19 13:13:59 +01:00
Liu Jian
2258b66648 selftests: add vlan hw filter tests
Add one basic vlan hw filter test.

Signed-off-by: Liu Jian <liujian56@huawei.com>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-19 13:13:56 +01:00
Liu Jian
01a564bab4 net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()
I got the below warning trace:

WARNING: CPU: 4 PID: 4056 at net/core/dev.c:11066 unregister_netdevice_many_notify
CPU: 4 PID: 4056 Comm: ip Not tainted 6.7.0-rc4+ #15
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
RIP: 0010:unregister_netdevice_many_notify+0x9a4/0x9b0
Call Trace:
 rtnl_dellink
 rtnetlink_rcv_msg
 netlink_rcv_skb
 netlink_unicast
 netlink_sendmsg
 __sock_sendmsg
 ____sys_sendmsg
 ___sys_sendmsg
 __sys_sendmsg
 do_syscall_64
 entry_SYSCALL_64_after_hwframe

It can be repoduced via:

    ip netns add ns1
    ip netns exec ns1 ip link add bond0 type bond mode 0
    ip netns exec ns1 ip link add bond_slave_1 type veth peer veth2
    ip netns exec ns1 ip link set bond_slave_1 master bond0
[1] ip netns exec ns1 ethtool -K bond0 rx-vlan-filter off
[2] ip netns exec ns1 ip link add link bond_slave_1 name bond_slave_1.0 type vlan id 0
[3] ip netns exec ns1 ip link add link bond0 name bond0.0 type vlan id 0
[4] ip netns exec ns1 ip link set bond_slave_1 nomaster
[5] ip netns exec ns1 ip link del veth2
    ip netns del ns1

This is all caused by command [1] turning off the rx-vlan-filter function
of bond0. The reason is the same as commit 01f4fd2708 ("bonding: Fix
incorrect deletion of ETH_P_8021AD protocol vid from slaves"). Commands
[2] [3] add the same vid to slave and master respectively, causing
command [4] to empty slave->vlan_info. The following command [5] triggers
this problem.

To fix this problem, we should add VLAN_FILTER feature checks in
vlan_vids_add_by_dev() and vlan_vids_del_by_dev() to prevent incorrect
addition or deletion of vlan_vid information.

Fixes: 348a1443cc ("vlan: introduce functions to do mass addition/deletion of vids by another device")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-19 13:13:56 +01:00
Jijie Shao
fa94a0c842 net: hns3: add new maintainer for the HNS3 ethernet driver
Jijie Shao will be responsible for
maintaining the hns3 driver's code in the future,
so add Jijie to the hns3 driver's matainer list.

Signed-off-by: Jijie Shao <shaojijie@huawei.com>
Link: https://lore.kernel.org/r/20231216070413.233668-1-shaojijie@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-19 12:43:41 +01:00
Yury Norov
340943fbff net: mana: select PAGE_POOL
Mana uses PAGE_POOL API. x86_64 defconfig doesn't select it:

ld: vmlinux.o: in function `mana_create_page_pool.isra.0':
mana_en.c:(.text+0x9ae36f): undefined reference to `page_pool_create'
ld: vmlinux.o: in function `mana_get_rxfrag':
mana_en.c:(.text+0x9afed1): undefined reference to `page_pool_alloc_pages'
make[3]: *** [/home/yury/work/linux/scripts/Makefile.vmlinux:37: vmlinux] Error 1
make[2]: *** [/home/yury/work/linux/Makefile:1154: vmlinux] Error 2
make[1]: *** [/home/yury/work/linux/Makefile:234: __sub-make] Error 2
make[1]: Leaving directory '/home/yury/work/build-linux-x86_64'
make: *** [Makefile:234: __sub-make] Error 2

So we need to select it explicitly.

Signed-off-by: Yury Norov <yury.norov@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Tested-by: Simon Horman <horms@kernel.org> # build-tested
Fixes: ca9c54d2 ("net: mana: Add a driver for Microsoft Azure Network Adapter")
Link: https://lore.kernel.org/r/20231215203353.635379-1-yury.norov@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-19 12:18:55 +01:00
Ronald Wahl
3dc5d44545 net: ks8851: Fix TX stall caused by TX buffer overrun
There is a bug in the ks8851 Ethernet driver that more data is written
to the hardware TX buffer than actually available. This is caused by
wrong accounting of the free TX buffer space.

The driver maintains a tx_space variable that represents the TX buffer
space that is deemed to be free. The ks8851_start_xmit_spi() function
adds an SKB to a queue if tx_space is large enough and reduces tx_space
by the amount of buffer space it will later need in the TX buffer and
then schedules a work item. If there is not enough space then the TX
queue is stopped.

The worker function ks8851_tx_work() dequeues all the SKBs and writes
the data into the hardware TX buffer. The last packet will trigger an
interrupt after it was send. Here it is assumed that all data fits into
the TX buffer.

In the interrupt routine (which runs asynchronously because it is a
threaded interrupt) tx_space is updated with the current value from the
hardware. Also the TX queue is woken up again.

Now it could happen that after data was sent to the hardware and before
handling the TX interrupt new data is queued in ks8851_start_xmit_spi()
when the TX buffer space had still some space left. When the interrupt
is actually handled tx_space is updated from the hardware but now we
already have new SKBs queued that have not been written to the hardware
TX buffer yet. Since tx_space has been overwritten by the value from the
hardware the space is not accounted for.

Now we have more data queued then buffer space available in the hardware
and ks8851_tx_work() will potentially overrun the hardware TX buffer. In
many cases it will still work because often the buffer is written out
fast enough so that no overrun occurs but for example if the peer
throttles us via flow control then an overrun may happen.

This can be fixed in different ways. The most simple way would be to set
tx_space to 0 before writing data to the hardware TX buffer preventing
the queuing of more SKBs until the TX interrupt has been handled. I have
chosen a slightly more efficient (and still rather simple) way and
track the amount of data that is already queued and not yet written to
the hardware. When new SKBs are to be queued the already queued amount
of data is honoured when checking free TX buffer space.

I tested this with a setup of two linked KS8851 running iperf3 between
the two in bidirectional mode. Before the fix I got a stall after some
minutes. With the fix I saw now issues anymore after hours.

Fixes: 3ba81f3ece ("net: Micrel KS8851 SPI network driver")
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Ben Dooks <ben.dooks@codethink.co.uk>
Cc: Tristram Ha <Tristram.Ha@microchip.com>
Cc: netdev@vger.kernel.org
Cc: stable@vger.kernel.org # 5.10+
Signed-off-by: Ronald Wahl <ronald.wahl@raritan.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20231214181112.76052-1-rwahl@gmx.de
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-19 11:35:26 +01:00
Steven Rostedt (Google)
b803d7c664 ring-buffer: Fix slowpath of interrupted event
To synchronize the timestamps with the ring buffer reservation, there are
two timestamps that are saved in the buffer meta data.

1. before_stamp
2. write_stamp

When the two are equal, the write_stamp is considered valid, as in, it may
be used to calculate the delta of the next event as the write_stamp is the
timestamp of the previous reserved event on the buffer.

This is done by the following:

 /*A*/	w = current position on the ring buffer
	before = before_stamp
	after = write_stamp
	ts = read current timestamp

	if (before != after) {
		write_stamp is not valid, force adding an absolute
		timestamp.
	}

 /*B*/	before_stamp = ts

 /*C*/	write = local_add_return(event length, position on ring buffer)

	if (w == write - event length) {
		/* Nothing interrupted between A and C */
 /*E*/		write_stamp = ts;
		delta = ts - after
		/*
		 * If nothing interrupted again,
		 * before_stamp == write_stamp and write_stamp
		 * can be used to calculate the delta for
		 * events that come in after this one.
		 */
	} else {

		/*
		 * The slow path!
		 * Was interrupted between A and C.
		 */

This is the place that there's a bug. We currently have:

		after = write_stamp
		ts = read current timestamp

 /*F*/		if (write == current position on the ring buffer &&
		    after < ts && cmpxchg(write_stamp, after, ts)) {

			delta = ts - after;

		} else {
			delta = 0;
		}

The assumption is that if the current position on the ring buffer hasn't
moved between C and F, then it also was not interrupted, and that the last
event written has a timestamp that matches the write_stamp. That is the
write_stamp is valid.

But this may not be the case:

If a task context event was interrupted by softirq between B and C.

And the softirq wrote an event that got interrupted by a hard irq between
C and E.

and the hard irq wrote an event (does not need to be interrupted)

We have:

 /*B*/ before_stamp = ts of normal context

   ---> interrupted by softirq

	/*B*/ before_stamp = ts of softirq context

	  ---> interrupted by hardirq

		/*B*/ before_stamp = ts of hard irq context
		/*E*/ write_stamp = ts of hard irq context

		/* matches and write_stamp valid */
	  <----

	/*E*/ write_stamp = ts of softirq context

	/* No longer matches before_stamp, write_stamp is not valid! */

   <---

 w != write - length, go to slow path

// Right now the order of events in the ring buffer is:
//
// |-- softirq event --|-- hard irq event --|-- normal context event --|
//

 after = write_stamp (this is the ts of softirq)
 ts = read current timestamp

 if (write == current position on the ring buffer [true] &&
     after < ts [true] && cmpxchg(write_stamp, after, ts) [true]) {

	delta = ts - after  [Wrong!]

The delta is to be between the hard irq event and the normal context
event, but the above logic made the delta between the softirq event and
the normal context event, where the hard irq event is between the two. This
will shift all the remaining event timestamps on the sub-buffer
incorrectly.

The write_stamp is only valid if it matches the before_stamp. The cmpxchg
does nothing to help this.

Instead, the following logic can be done to fix this:

	before = before_stamp
	ts = read current timestamp
	before_stamp = ts

	after = write_stamp

	if (write == current position on the ring buffer &&
	    after == before && after < ts) {

		delta = ts - after

	} else {
		delta = 0;
	}

The above will only use the write_stamp if it still matches before_stamp
and was tested to not have changed since C.

As a bonus, with this logic we do not need any 64-bit cmpxchg() at all!

This means the 32-bit rb_time_t workaround can finally be removed. But
that's for a later time.

Link: https://lore.kernel.org/linux-trace-kernel/20231218175229.58ec3daf@gandalf.local.home/
Link: https://lore.kernel.org/linux-trace-kernel/20231218230712.3a76b081@gandalf.local.home

Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Fixes: dd93942570 ("ring-buffer: Do not try to put back write_stamp")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2023-12-18 23:12:22 -05:00