1. 22 Nov, 2020 13 commits
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · 4a51c60a
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "8 patches.
        Subsystems affected by this patch series: mm (madvise, pagemap,
        readahead, memcg, userfaultfd), kbuild, and vfs"
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        mm: fix madvise WILLNEED performance problem
        libfs: fix error cast of negative value in simple_attr_write()
        mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault()
        mm: memcg/slab: fix root memcg vmstats
        mm: fix readahead_page_batch for retry entries
        mm: fix phys_to_target_node() and memory_add_physaddr_to_nid() exports
        compiler-clang: remove version check for BPF Tracing
        mm/madvise: fix memory leak from process_madvise
    • Linus Torvalds's avatar
      Merge tag 'staging-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · d27637ec
      Linus Torvalds authored
      Pull staging and IIO fixes from Greg KH:
       "Here are some small Staging and IIO driver fixes for 5.10-rc5. They
         - IIO fixes for reported regressions and problems
         - new device ids for IIO drivers
         - new device id for rtl8723bs driver
         - staging ralink driver Kconfig dependency fix
         - staging mt7621-pci bus resource fix
        All of these have been in linux-next all week with no reported issues"
      * tag 'staging-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode
        iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum
        docs: ABI: testing: iio: stm32: remove re-introduced unsupported ABI
        iio: light: fix kconfig dependency bug for VCNL4035
        iio/adc: ingenic: Fix AUX/VBAT readings when touchscreen is used
        iio/adc: ingenic: Fix battery VREF for JZ4770 SoC
        staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids
        staging: ralink-gdma: fix kconfig dependency bug for DMA_RALINK
        staging: mt7621-pci: avoid to request pci bus resources
        iio: imu: st_lsm6dsx: set 10ms as min shub slave timeout
        counter/ti-eqep: Fix regmap max_register
        iio: adc: stm32-adc: fix a regression when using dma and irq
        iio: adc: mediatek: fix unset field
        iio: cros_ec: Use default frequencies when EC returns invalid information
    • Linus Torvalds's avatar
      Merge tag 'tty-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · de758035
      Linus Torvalds authored
      Pull tty fixes from Greg KH:
       "Here are some small tty/serial fixes for 5.10-rc5 that resolve some
        reported issues:
         - speakup crash when telling the kernel to use a device that isn't
           really there
         - imx serial driver fixes for reported problems
         - ar933x_uart driver fix for probe error handling path
        All have been in linux-next for a while with no reported issues"
      * tag 'tty-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        serial: ar933x_uart: disable clk on error handling path in probe
        tty: serial: imx: keep console clocks always on
        speakup: Do not let the line discipline be used several times
        tty: serial: imx: fix potential deadlock
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · a7f07fc1
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "A final set of miscellaneous bug fixes for ext4"
      * tag 'ext4_for_linus_fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: fix bogus warning in ext4_update_dx_flag()
        jbd2: fix kernel-doc markups
        ext4: drop fast_commit from /proc/mounts
    • David Howells's avatar
      afs: Fix speculative status fetch going out of order wrt to modifications · a9e5c87c
      David Howells authored
      When doing a lookup in a directory, the afs filesystem uses a bulk
      status fetch to speculatively retrieve the statuses of up to 48 other
      vnodes found in the same directory and it will then either update extant
      inodes or create new ones - effectively doing 'lookup ahead'.
      To avoid the possibility of deadlocking itself, however, the filesystem
      doesn't lock all of those inodes; rather just the directory inode is
      locked (by the VFS).
      When the operation completes, afs_inode_init_from_status() or
      afs_apply_status() is called, depending on whether the inode already
      exists, to commit the new status.
      A case exists, however, where the speculative status fetch operation may
      straddle a modification operation on one of those vnodes.  What can then
      happen is that the speculative bulk status RPC retrieves the old status,
      and whilst that is happening, the modification happens - which returns
      an updated status, then the modification status is committed, then we
      attempt to commit the speculative status.
      This results in something like the following being seen in dmesg:
      	kAFS: vnode modified {100058:861} 8->9 YFS.InlineBulkStatus
      showing that for vnode 861 on volume 100058, we saw YFS.InlineBulkStatus
      say that the vnode had data version 8 when we'd already recorded version
      9 due to a local modification.  This was causing the cache to be
      invalidated for that vnode when it shouldn't have been.  If it happens
      on a data file, this might lead to local changes being lost.
      Fix this by ignoring speculative status updates if the data version
      doesn't match the expected value.
      Note that it is possible to get a DV regression if a volume gets
      restored from a backup - but we should get a callback break in such a
      case that should trigger a recheck anyway.  It might be worth checking
      the volume creation time in the volsync info and, if a change is
      observed in that (as would happen on a restore), invalidate all caches
      associated with the volume.
      Fixes: 5cf9dd55
       ("afs: Prospectively look up extra files when doing a single lookup")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Matthew Wilcox (Oracle)'s avatar
      mm: fix madvise WILLNEED performance problem · 66383800
      Matthew Wilcox (Oracle) authored
      The calculation of the end page index was incorrect, leading to a
      regression of 70% when running stress-ng.
      With this fix, we instead see a performance improvement of 3%.
      Fixes: e6e88712
       ("mm: optimise madvise WILLNEED")
      Reported-by: default avatarkernel test robot <rong.a.chen@intel.com>
      Signed-off-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Tested-by: default avatarXing Zhengjun <zhengjun.xing@linux.intel.com>
      Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Cc: William Kucharski <william.kucharski@oracle.com>
      Cc: Feng Tang <feng.tang@intel.com>
      Cc: "Chen, Rong A" <rong.a.chen@intel.com>
      Link: https://lkml.kernel.org/r/20201109134851.29692-1-willy@infradead.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Yicong Yang's avatar
      libfs: fix error cast of negative value in simple_attr_write() · 488dac0c
      Yicong Yang authored
      The attr->set() receive a value of u64, but simple_strtoll() is used for
      doing the conversion.  It will lead to the error cast if user inputs a
      negative value.
      Use kstrtoull() instead of simple_strtoll() to convert a string got from
      the user to an unsigned value.  The former will return '-EINVAL' if it
      gets a negetive value, but the latter can't handle the situation
      correctly.  Make 'val' unsigned long long as what kstrtoull() takes,
      this will eliminate the compile warning on no 64-bit architectures.
      Fixes: f7b88631
       ("fs/libfs.c: fix simple_attr_write() on 32bit machines")
      Signed-off-by: default avatarYicong Yang <yangyicong@hisilicon.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Link: https://lkml.kernel.org/r/1605341356-11872-1-git-send-email-yangyicong@hisilicon.com
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Gerald Schaefer's avatar
      mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() · bfe8cc1d
      Gerald Schaefer authored
      Alexander reported a syzkaller / KASAN finding on s390, see below for
      complete output.
      In do_huge_pmd_anonymous_page(), the pre-allocated pagetable will be
      freed in some cases.  In the case of userfaultfd_missing(), this will
      happen after calling handle_userfault(), which might have released the
      mmap_lock.  Therefore, the following pte_free(vma->vm_mm, pgtable) will
      access an unstable vma->vm_mm, which could have been freed or re-used
      For all architectures other than s390 this will go w/o any negative
      impact, because pte_free() simply frees the page and ignores the
      passed-in mm.  The implementation for SPARC32 would also access
      mm->page_table_lock for pte_free(), but there is no THP support in
      SPARC32, so the buggy code path will not be used there.
      For s390, the mm->context.pgtable_list is being used to maintain the 2K
      pagetable fragments, and operating on an already freed or even re-used
      mm could result in various more or less subtle bugs due to list /
      pagetable corruption.
      Fix this by calling pte_free() before handle_userfault(), similar to how
      it is already done in __do_huge_pmd_anonymous_page() for the WRITE /
      non-huge_zero_page case.
      Commit 6b251fc9 ("userfaultfd: call handle_userfault() for
      userfaultfd_missing() faults") actually introduced both, the
      do_huge_pmd_anonymous_page() and also __do_huge_pmd_anonymous_page()
      changes wrt to calling handle_userfault(), but only in the latter case
      it put the pte_free() before calling handle_userfault().
        BUG: KASAN: use-after-free in do_huge_pmd_anonymous_page+0xcda/0xd90 mm/huge_memory.c:744
        Read of size 8 at addr 00000000962d6988 by task syz-executor.0/9334
        CPU: 1 PID: 9334 Comm: syz-executor.0 Not tainted 5.10.0-rc1-syzkaller-07083-g4c9720875573 #0
        Hardware name: IBM 3906 M04 701 (KVM/Linux)
        Call Trace:
          do_huge_pmd_anonymous_page+0xcda/0xd90 mm/huge_memory.c:744
          create_huge_pmd mm/memory.c:4256 [inline]
          __handle_mm_fault+0xe6e/0x1068 mm/memory.c:4480
          handle_mm_fault+0x288/0x748 mm/memory.c:4607
          do_exception+0x394/0xae0 arch/s390/mm/fault.c:479
          do_dat_exception+0x34/0x80 arch/s390/mm/fault.c:567
          pgm_check_handler+0x1da/0x22c arch/s390/kernel/entry.S:706
          copy_from_user_mvcos arch/s390/lib/uaccess.c:111 [inline]
          raw_copy_from_user+0x3a/0x88 arch/s390/lib/uaccess.c:174
          _copy_from_user+0x48/0xa8 lib/usercopy.c:16
          copy_from_user include/linux/uaccess.h:192 [inline]
          __do_sys_sigaltstack kernel/signal.c:4064 [inline]
          __s390x_sys_sigaltstack+0xc8/0x240 kernel/signal.c:4060
          system_call+0xe0/0x28c arch/s390/kernel/entry.S:415
        Allocated by task 9334:
          slab_alloc_node mm/slub.c:2891 [inline]
          slab_alloc mm/slub.c:2899 [inline]
          kmem_cache_alloc+0x118/0x348 mm/slub.c:2904
          vm_area_dup+0x9c/0x2b8 kernel/fork.c:356
          __split_vma+0xba/0x560 mm/mmap.c:2742
          split_vma+0xca/0x108 mm/mmap.c:2800
          mlock_fixup+0x4ae/0x600 mm/mlock.c:550
          apply_vma_lock_flags+0x2c6/0x398 mm/mlock.c:619
          do_mlock+0x1aa/0x718 mm/mlock.c:711
          __do_sys_mlock2 mm/mlock.c:738 [inline]
          __s390x_sys_mlock2+0x86/0xa8 mm/mlock.c:728
          system_call+0xe0/0x28c arch/s390/kernel/entry.S:415
        Freed by task 9333:
          slab_free mm/slub.c:3142 [inline]
          kmem_cache_free+0x7c/0x4b8 mm/slub.c:3158
          __vma_adjust+0x7b2/0x2508 mm/mmap.c:960
          vma_merge+0x87e/0xce0 mm/mmap.c:1209
          userfaultfd_release+0x412/0x6b8 fs/userfaultfd.c:868
          __fput+0x22c/0x7a8 fs/file_table.c:281
          task_work_run+0x200/0x320 kernel/task_work.c:151
          tracehook_notify_resume include/linux/tracehook.h:188 [inline]
          do_notify_resume+0x100/0x148 arch/s390/kernel/signal.c:538
          system_call+0xe6/0x28c arch/s390/kernel/entry.S:416
        The buggy address belongs to the object at 00000000962d6948 which belongs to the cache vm_area_struct of size 200
        The buggy address is located 64 bytes inside of 200-byte region [00000000962d6948, 00000000962d6a10)
        The buggy address belongs to the page: page:00000000313a09fe refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x962d6 flags: 0x3ffff00000000200(slab)
        raw: 3ffff00000000200 000040000257e080 0000000c0000000c 000000008020ba00
        raw: 0000000000000000 000f001e00000000 ffffffff00000001 0000000096959501
        page dumped because: kasan: bad access detected
        Memory state around the buggy address:
         00000000962d6880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         00000000962d6900: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb
        >00000000962d6980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
         00000000962d6a00: fb fb fc fc fc fc fc fc fc fc 00 00 00 00 00 00
         00000000962d6a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      Fixes: 6b251fc9
       ("userfaultfd: call handle_userfault() for userfaultfd_missing() faults")
      Reported-by: default avatarAlexander Egorenkov <egorenar@linux.ibm.com>
      Signed-off-by: default avatarGerald Schaefer <gerald.schaefer@linux.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Heiko Carstens <hca@linux.ibm.com>
      Cc: <stable@vger.kernel.org>	[4.3+]
      Link: https://lkml.kernel.org/r/20201110190329.11920-1-gerald.schaefer@linux.ibm.com
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Muchun Song's avatar
      mm: memcg/slab: fix root memcg vmstats · 8faeb1ff
      Muchun Song authored
      If we reparent the slab objects to the root memcg, when we free the slab
      object, we need to update the per-memcg vmstats to keep it correct for
      the root memcg.  Now this at least affects the vmstat of
      NR_KERNEL_STACK_KB for !CONFIG_VMAP_STACK when the thread stack size is
      smaller than the PAGE_SIZE.
      David said:
       "I assume that without this fix that the root memcg's vmstat would
        always be inflated if we reparented"
      Fixes: ec9f0238
       ("mm: workingset: fix vmstat counters for shadow nodes")
      Signed-off-by: default avatarMuchun Song <songmuchun@bytedance.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Reviewed-by: default avatarShakeel Butt <shakeelb@google.com>
      Acked-by: default avatarRoman Gushchin <guro@fb.com>
      Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Acked-by: default avatarDavid Rientjes <rientjes@google.com>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
      Cc: Christopher Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: Roman Gushchin <guro@fb.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Yafang Shao <laoar.shao@gmail.com>
      Cc: Chris Down <chris@chrisdown.name>
      Cc: <stable@vger.kernel.org>	[5.3+]
      Link: https://lkml.kernel.org/r/20201110031015.15715-1-songmuchun@bytedance.com
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Matthew Wilcox (Oracle)'s avatar
      mm: fix readahead_page_batch for retry entries · 4349a83a
      Matthew Wilcox (Oracle) authored
      Both btrfs and fuse have reported faults caused by seeing a retry entry
      instead of the page they were looking for.  This was caused by a missing
      check in the iterator.
      As can be seen in the below panic log, the accessing 0x402 causes a
      panic.  In the xarray.h, 0x402 means RETRY_ENTRY.
        BUG: kernel NULL pointer dereference, address: 0000000000000402
        CPU: 14 PID: 306003 Comm: as Not tainted 5.9.0-1-amd64 #1 Debian 5.9.1-1
        Hardware name: Lenovo ThinkSystem SR665/7D2VCTO1WW, BIOS D8E106Q-1.01 05/30/2020
        RIP: 0010:fuse_readahead+0x152/0x470 [fuse]
        Code: 41 8b 57 18 4c 8d 54 10 ff 4c 89 d6 48 8d 7c 24 10 e8 d2 e3 28 f9 48 85 c0 0f 84 fe 00 00 00 44 89 f2 49 89 04 d4 44 8d 72 01 <48> 8b 10 41 8b 4f 1c 48 c1 ea 10 83 e2 01 80 fa 01 19 d2 81 e2 01
        RSP: 0018:ffffad99ceaebc50 EFLAGS: 00010246
        RAX: 0000000000000402 RBX: 0000000000000001 RCX: 0000000000000002
        RDX: 0000000000000000 RSI: ffff94c5af90bd98 RDI: ffffad99ceaebc60
        RBP: ffff94ddc1749a00 R08: 0000000000000402 R09: 0000000000000000
        R10: 0000000000000000 R11: 0000000000000100 R12: ffff94de6c429ce0
        R13: ffff94de6c4d3700 R14: 0000000000000001 R15: ffffad99ceaebd68
        FS:  00007f228c5c7040(0000) GS:ffff94de8ed80000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: 0000000000000402 CR3: 0000001dbd9b4000 CR4: 0000000000350ee0
        Call Trace:
      Fixes: 042124cc
       ("mm: add new readahead_control API")
      Reported-by: default avatarDavid Sterba <dsterba@suse.com>
      Reported-by: default avatarWonhyuk Yang <vvghjk1234@gmail.com>
      Signed-off-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: <stable@vger.kernel.org>
      Link: https://lkml.kernel.org/r/20201103142852.8543-1-willy@infradead.org
      Link: https://lkml.kernel.org/r/20201103124349.16722-1-vvghjk1234@gmail.com
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Dan Williams's avatar
      mm: fix phys_to_target_node() and memory_add_physaddr_to_nid() exports · a927bd6b
      Dan Williams authored
      The core-mm has a default __weak implementation of phys_to_target_node()
      to mirror the weak definition of memory_add_physaddr_to_nid().  That
      symbol is exported for modules.  However, while the export in
      mm/memory_hotplug.c exported the symbol in the configuration cases of:
      ...it failed to export the symbol in the case of:
      Not only is that broken, but Christoph points out that the kernel should
      not be exporting any __weak symbol, which means that
      memory_add_physaddr_to_nid() example that phys_to_target_node() copied
      is broken too.
      Rework the definition of phys_to_target_node() and
      memory_add_physaddr_to_nid() to not require weak symbols.  Move to the
      common arch override design-pattern of an asm header defining a symbol
      to replace the default implementation.
      The only common header that all memory_add_physaddr_to_nid() producing
      architectures implement is asm/sparsemem.h.  In fact, powerpc already
      defines its memory_add_physaddr_to_nid() helper in sparsemem.h.
      Double-down on that observation and define phys_to_target_node() where
      necessary in asm/sparsemem.h.  An alternate consideration that was
      discarded was to put this override in asm/numa.h, but that entangles
      with the definition of MAX_NUMNODES relative to the inclusion of
      linux/nodemask.h, and requires powerpc to grow a new header.
      The dependency on NUMA_KEEP_MEMINFO for DEV_DAX_HMEM_DEVICES is invalid
      now that the symbol is properly exported / stubbed in all combinations
      [dan.j.williams@intel.com: v4]
        Link: https://lkml.kernel.org/r/160461461867.1505359.5301571728749534585.stgit@dwillia2-desk3.amr.corp.intel.com
      [dan.j.williams@intel.com: powerpc: fix create_section_mapping compile warning]
        Link: https://lkml.kernel.org/r/160558386174.2948926.2740149041249041764.stgit@dwillia2-desk3.amr.corp.intel.com
      Fixes: a035b6bf
       ("mm/memory_hotplug: introduce default phys_to_target_node() implementation")
      Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Reported-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Reported-by: default avatarChristoph Hellwig <hch@infradead.org>
      Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Tested-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Tested-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Cc: Joao Martins <joao.m.martins@oracle.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Vishal Verma <vishal.l.verma@intel.com>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Link: https://lkml.kernel.org/r/160447639846.1133764.7044090803980177548.stgit@dwillia2-desk3.amr.corp.intel.com
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Nick Desaulniers's avatar
      compiler-clang: remove version check for BPF Tracing · bc2dc440
      Nick Desaulniers authored
      bpftrace parses the kernel headers and uses Clang under the hood.
      Remove the version check when __BPF_TRACING__ is defined (as bpftrace
      does) so that this tool can continue to parse kernel headers, even with
      older clang sources.
      Fixes: commit 1f7a44f6
       ("compiler-clang: add build check for clang 10.0.1")
      Reported-by: default avatarChen Yu <yu.chen.surf@gmail.com>
      Reported-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      Signed-off-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Tested-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      Acked-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      Acked-by: default avatarSong Liu <songliubraving@fb.com>
      Acked-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Acked-by: default avatarMiguel Ojeda <ojeda@kernel.org>
      Link: https://lkml.kernel.org/r/20201104191052.390657-1-ndesaulniers@google.com
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Eric Dumazet's avatar
      mm/madvise: fix memory leak from process_madvise · 450677dc
      Eric Dumazet authored
      The early return in process_madvise() will produce a memory leak.
      Fix it.
      Fixes: ecb8ac8b
       ("mm/madvise: introduce process_madvise() syscall: an external memory hinting API")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarMinchan Kim <minchan@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Link: https://lkml.kernel.org/r/20201116155132.GA3805951@google.com
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  2. 21 Nov, 2020 4 commits
  3. 20 Nov, 2020 14 commits
  4. 19 Nov, 2020 9 commits
    • Darrick J. Wong's avatar
      xfs: revert "xfs: fix rmap key and record comparison functions" · eb840907
      Darrick J. Wong authored
      This reverts commit 6ff646b2
      Your maintainer committed a major braino in the rmap code by adding the
      attr fork, bmbt, and unwritten extent usage bits into rmap record key
      comparisons.  While XFS uses the usage bits *in the rmap records* for
      cross-referencing metadata in xfs_scrub and xfs_repair, it only needs
      the owner and offset information to distinguish between reverse mappings
      of the same physical extent into the data fork of a file at multiple
      offsets.  The other bits are not important for key comparisons for index
      lookups, and never have been.
      Eric Sandeen reports that this causes regressions in generic/299, so
      undo this patch before it does more damage.
      Reported-by: default avatarEric Sandeen <sandeen@sandeen.net>
      Fixes: 6ff646b2
       ("xfs: fix rmap key and record comparison functions")
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
    • Linus Torvalds's avatar
      Merge tag 'net-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 4d02da97
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes for 5.10-rc5, including fixes from the WiFi
        (mac80211), can and bpf (including the strncpy_from_user fix).
        Current release - regressions:
         - mac80211: fix memory leak of filtered powersave frames
         - mac80211: free sta in sta_info_insert_finish() on errors to avoid
           sleeping in atomic context
         - netlabel: fix an uninitialized variable warning added in -rc4
        Previous release - regressions:
         - vsock: forward all packets to the host when no H2G is registered,
           un-breaking AWS Nitro Enclaves
         - net: Exempt multicast addresses from five-second neighbor lifetime
           requirement, decreasing the chances neighbor tables fill up
         - net/tls: fix corrupted data in recvmsg
         - qed: fix ILT configuration of SRC block
         - can: m_can: process interrupt only when not runtime suspended
        Previous release - always broken:
         - page_frag: Recover from memory pressure by not recycling pages
           allocating from the reserves
         - strncpy_from_user: Mask out bytes after NUL terminator
         - ip_tunnels: Set tunnel option flag only when tunnel metadata is
           present, always setting it confuses Open vSwitch
         - bpf, sockmap:
            - Fix partial copy_page_to_iter so progress can still be made
            - Fix socket memory accounting and obeying SO_RCVBUF
         - net: Have netpoll bring-up DSA management interface
         - net: bridge: add missing counters to ndo_get_stats64 callback
         - tcp: brr: only postpone PROBE_RTT if RTT is < current min_rtt
         - enetc: Workaround MDIO register access HW bug
         - net/ncsi: move netlink family registration to a subsystem init,
           instead of tying it to driver probe
         - net: ftgmac100: unregister NC-SI when removing driver to avoid
         - lan743x:
            - prevent interrupt storm on open
            - fix freeing skbs in the wrong context
         - net/mlx5e: Fix socket refcount leak on kTLS RX resync
         - net: dsa: mv88e6xxx: Avoid VLAN database corruption on 6097
         - fix 21 unset return codes and other mistakes on error paths, mostly
           detected by the Hulk Robot"
      * tag 'net-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (115 commits)
        fail_function: Remove a redundant mutex unlock
        selftest/bpf: Test bpf_probe_read_user_str() strips trailing bytes after NUL
        lib/strncpy_from_user.c: Mask out bytes after NUL terminator.
        net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid()
        net/smc: fix matching of existing link groups
        ipv6: Remove dependency of ipv6_frag_thdr_truncated on ipv6 module
        libbpf: Fix VERSIONED_SYM_COUNT number parsing
        net/mlx4_core: Fix init_hca fields offset
        atm: nicstar: Unmap DMA on send error
        page_frag: Recover from memory pressure
        net: dsa: mv88e6xxx: Wait for EEPROM done after HW reset
        mlxsw: core: Use variable timeout for EMAD retries
        mlxsw: Fix firmware flashing
        net: Have netpoll bring-up DSA management interface
        atl1e: fix error return code in atl1e_probe()
        atl1c: fix error return code in atl1c_probe()
        ah6: fix error return code in ah6_input()
        net: usb: qmi_wwan: Set DTR quirk for MR400
        can: m_can: process interrupt only when not runtime suspended
        can: flexcan: flexcan_chip_start(): fix erroneous flexcan_transceiver_enable() during bus-off recovery
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · 3be28e93
      Linus Torvalds authored
      Pull rdma fixes from Jason Gunthorpe:
       "The last two weeks have been quiet here, just the usual smattering of
        long standing bug fixes.
        A collection of error case bug fixes:
         - Improper nesting of spinlock types in cm
         - Missing error codes and kfree()
         - Ensure dma_virt_ops users have the right kconfig symbols to work
         - Compilation failure of tools/testing"
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        tools/testing/scatterlist: Fix test to compile and run
        IB/hfi1: Fix error return code in hfi1_init_dd()
        RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs
        RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device()
        RDMA/cm: Make the local_id_table xarray non-irq
    • Theodore Ts'o's avatar
      ext4: drop fast_commit from /proc/mounts · 704c2317
      Theodore Ts'o authored
      The options in /proc/mounts must be valid mount options --- and
      fast_commit is not a mount option.  Otherwise, command sequences like
      this will fail:
          # mount /dev/vdc /vdc
          # mkdir -p /vdc/phoronix_test_suite /pts
          # mount --bind /vdc/phoronix_test_suite /pts
          # mount -o remount,nodioread_nolock /pts
          mount: /pts: mount point not mounted or bad option.
      And in the system logs, you'll find:
          EXT4-fs (vdc): Unrecognized mount option "fast_commit" or missing value
      Fixes: 995a3ed6
       ("ext4: add fast_commit feature and handling for extended mount options")
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    • Jakub Kicinski's avatar
      Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · e6ea60ba
      Jakub Kicinski authored
      Alexei Starovoitov says:
      1) libbpf should not attempt to load unused subprogs, from Andrii.
      2) Make strncpy_from_user() mask out bytes after NUL terminator, from Daniel.
      3) Relax return code check for subprograms in the BPF verifier, from Dmitrii.
      4) Fix several sockmap issues, from John.
      * https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        fail_function: Remove a redundant mutex unlock
        selftest/bpf: Test bpf_probe_read_user_str() strips trailing bytes after NUL
        lib/strncpy_from_user.c: Mask out bytes after NUL terminator.
        libbpf: Fix VERSIONED_SYM_COUNT number parsing
        bpf, sockmap: Avoid failures from skb_to_sgvec when skb has frag_list
        bpf, sockmap: Handle memory acct if skb_verdict prog redirects to self
        bpf, sockmap: Avoid returning unneeded EAGAIN when redirecting to self
        bpf, sockmap: Use truesize with sk_rmem_schedule()
        bpf, sockmap: Ensure SO_RCVBUF memory is observed on ingress redirect
        bpf, sockmap: Fix partial copy_page_to_iter so progress can still be made
        selftests/bpf: Fix error return code in run_getsockopt_test()
        bpf: Relax return code check for subprograms
        tools, bpftool: Add missing close before bpftool net attach exit
        MAINTAINERS/bpf: Update Andrii's entry.
        selftests/bpf: Fix unused attribute usage in subprogs_unused test
        bpf: Fix unsigned 'datasec_id' compared with zero in check_pseudo_btf_id
        bpf: Fix passing zero to PTR_ERR() in bpf_btf_printf_prepare
        libbpf: Don't attempt to load unused subprog as an entry-point BPF program
      Link: https://lore.kernel.org/r/20201119200721.288-1-alexei.starovoitov@gmail.com
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
    • Chris Wilson's avatar
      drm/i915/gt: Fixup tgl mocs for PTE tracking · be33805c
      Chris Wilson authored
      Forcing mocs:1 [used for our winsys follows-pte mode] to be cached
      caused display glitches. Though it is documented as deprecated (and so
      likely behaves as uncached) use the follow-pte bit and force it out of
      L3 cache.
      Testcase: igt/kms_frontbuffer_tracking
      Testcase: igt/kms_big_fb
      Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      Cc: Ayaz A Siddiqui <ayaz.siddiqui@intel.com>
      Cc: Lucas De Marchi <lucas.demarchi@intel.com>
      Cc: Matt Roper <matthew.d.roper@intel.com>
      Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
      Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
      Reviewed-by: default avatarVille Syrjälä <ville.syrjala@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20201015122138.30161-4-chris@chris-wilson.co.uk
      (cherry picked from commit a04ac827366594c7244f60e9be79fcb404af69f0)
      Fixes: 849c0fe9
       ("drm/i915/gt: Initialize reserved and unspecified MOCS indices")
      Signed-off-by: default avatarRodrigo Vivi <rodrigo.vivi@intel.com>
      [Rodrigo: Updated Fixes tag]
    • Dave Airlie's avatar
      Merge tag 'amd-drm-fixes-5.10-2020-11-18' of... · f95dddc9
      Dave Airlie authored
      Merge tag 'amd-drm-fixes-5.10-2020-11-18' of git://people.freedesktop.org/~agd5f/linux
       into drm-fixes
      - Pageflip fix for navi1x with 5 or 6 displays
      - Remove experimental flag for Arcturus
      - Fix regression in atomic commit tail rework
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Alex Deucher <alexdeucher@gmail.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20201118213646.4015-1-alexander.deucher@amd.com
    • Luo Meng's avatar
      fail_function: Remove a redundant mutex unlock · 2801a5da
      Luo Meng authored
      Fix a mutex_unlock() issue where before copy_from_user() is
      not called mutex_locked.
      Fixes: 4b1a29a7
       ("error-injection: Support fault injection framework")
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarLuo Meng <luomeng12@huawei.com>
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Link: https://lore.kernel.org/bpf/160570737118.263807.8358435412898356284.stgit@devnote2
    • Alexei Starovoitov's avatar
      Merge branch 'Fix bpf_probe_read_user_str() overcopying' · 14d6d86c
      Alexei Starovoitov authored
      Daniel Xu says:
       ("bpf: Add probe_read_{user, kernel} and probe_read_{user,
      kernel}_str helpers") introduced a subtle bug where
      bpf_probe_read_user_str() would potentially copy a few extra bytes after
      the NUL terminator.
      This issue is particularly nefarious when strings are used as map keys,
      as seemingly identical strings can occupy multiple entries in a map.
      This patchset fixes the issue and introduces a selftest to prevent
      future regressions.
      v6 -> v7:
      * Add comments
      v5 -> v6:
      * zero-pad up to sizeof(unsigned long) after NUL
      v4 -> v5:
      * don't read potentially uninitialized memory
      v3 -> v4:
      * directly pass userspace pointer to prog
      * test more strings of different length
      v2 -> v3:
      * set pid filter before attaching prog in selftest
      * use long instead of int as bpf_probe_read_user_str() retval
      * style changes
      v1 -> v2:
      * add Fixes: tag
      * add selftest
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>