summaryrefslogtreecommitdiffstats
path: root/fs/btrfs (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-03-02serial: sifive: Use uart_prepare_sysrq_char() to handle sysrq.Sebastian Andrzej Siewior1-10/+7
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Handle sysrq requests sysrq once the port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Cc: Palmer Dabbelt <palmer@dabbelt.com> Cc: Paul Walmsley <paul.walmsley@sifive.com> Cc: linux-riscv@lists.infradead.org Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-13-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: rda: Use uart_prepare_sysrq_char() to handle sysrq.Sebastian Andrzej Siewior1-18/+10
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Handle sysrq requests sysrq once the port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Cc: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> Cc: linux-arm-kernel@lists.infradead.org Cc: linux-unisoc@lists.infradead.org Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-12-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: owl: Use uart_prepare_sysrq_char() to handle sysrq.Sebastian Andrzej Siewior1-18/+12
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Handle sysrq requests sysrq once the port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Cc: Andreas Färber <afaerber@suse.de> Cc: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> Cc: linux-arm-kernel@lists.infradead.org Cc: linux-actions@lists.infradead.org Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-11-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: lpc32xx_hs: Use uart_prepare_sysrq_char() to handle sysrq.Sebastian Andrzej Siewior1-10/+7
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Handle sysrq requests sysrq once the port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Cc: Vladimir Zapolskiy <vz@mleia.com> Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-10-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: sunplus: Use uart_prepare_sysrq_char().Sebastian Andrzej Siewior1-12/+6
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Delay handling sysrq until port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Cc: Hammer Hsieh <hammerh0314@gmail.com> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-9-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: pxa: Use uart_prepare_sysrq_char().Sebastian Andrzej Siewior1-11/+6
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Delay handling sysrq until port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-8-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: omap: Use uart_prepare_sysrq_char().Sebastian Andrzej Siewior1-10/+6
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Delay handling sysrq until port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-7-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: msm: Use uart_prepare_sysrq_char().Sebastian Andrzej Siewior1-23/+10
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Delay handling sysrq until port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Cc: Bjorn Andersson <andersson@kernel.org> Cc: Konrad Dybcio <konrad.dybcio@linaro.org> Cc: linux-arm-msm@vger.kernel.org Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-6-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: meson: Use uart_prepare_sysrq_char().Sebastian Andrzej Siewior1-14/+8
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Delay handling sysrq until port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Cc: Kevin Hilman <khilman@baylibre.com> Cc: Jerome Brunet <jbrunet@baylibre.com> Cc: linux-arm-kernel@lists.infradead.org Cc: linux-amlogic@lists.infradead.org Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-5-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: bcm63xx: Use uart_prepare_sysrq_char().Sebastian Andrzej Siewior1-16/+8
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Delay handling sysrq until port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-4-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: ar933x: Use uart_prepare_sysrq_char().Sebastian Andrzej Siewior1-12/+6
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Delay handling sysrq until port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-3-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: amba-pl011: Use uart_prepare_sysrq_char().Sebastian Andrzej Siewior1-16/+8
The port lock is a spinlock_t which is becomes a sleeping lock on PREEMPT_RT. The driver splits the locking function into two parts: local_irq_save() and uart_port_lock() and this breaks PREEMPT_RT. Delay handling sysrq until port lock is dropped. Remove the special case in the console write routine an always use the complete locking function. Cc: Russell King <linux@armlinux.org.uk> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20240301215246.891055-2-bigeasy@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: 8250_dw: Emit an error message if getting the baudclk failedUwe Kleine-König1-1/+2
Instead of silently giving up, at least tell what the problem is. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/20240222111922.2016122-2-u.kleine-koenig@pengutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02dt-bindings: serial: convert st,asc to DT schemaRaphael Gallais-Pou2-18/+55
'clocks' property is required regarding the device. Convert st,asc binding to DT schema format in order to add this property, and update example. Signed-off-by: Raphael Gallais-Pou <rgallaispou@gmail.com> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20240226152135.8671-1-rgallaispou@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: 8250: Use serial8250_do_set_termios for uartclk updatingSerge Semin1-19/+1
The serial8250_update_uartclk() body was created based on the several method calls copied from the serial8250_do_set_termios() function. Seeing aside with some other things the later method can update the baud rate based on the new reference clock let's just call it instead thus simplifying the code a bit. Suggested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/linux-serial/ZczD7KPbeRnY4CFc@black.fi.intel.com Signed-off-by: Serge Semin <fancer.lancer@gmail.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Link: https://lore.kernel.org/r/20240222145058.28307-1-fancer.lancer@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: st-asc: don't get/put GPIOs in atomic contextBartosz Golaszewski1-16/+24
Since commit 1f2bcb8c8ccd ("gpio: protect the descriptor label with SRCU") gpiod_set_consumer_name() calls synchronize_srcu() which led to a "sleeping in atomic context" smatch warning. This function (along with gpiod_get/put() and all other GPIO APIs apart from gpiod_get/set_value() and gpiod_direction_input/output()) should have never been called with a spinlock taken. We're only fixing this now as GPIOLIB has been rebuilt to use SRCU for access serialization which uncovered this problem. Move the calls to gpiod_get/put() outside the spinlock critical section. Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Closes: https://lore.kernel.org/linux-gpio/deee1438-efc1-47c4-8d80-0ab2cf01d60a@moroto.mountain/ Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com> Link: https://lore.kernel.org/r/20240220113410.16613-1-brgl@bgdev.pl Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: samsung: honor fifosize from dts at firstTamseel Shams1-7/+10
Currently for platforms which passes UART fifosize from DT gets override by local driver structure "s3c24xx_serial_drv_data", which is not intended. Change the code to honor fifosize from device tree at first. Signed-off-by: Tamseel Shams <m.shams@samsung.com> Link: https://lore.kernel.org/r/20240220101227.80741-1-m.shams@samsung.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02drivers/tty/serial: Remove unused function early_mcf_setupThomas Huth1-27/+0
Compiling a kernel for the ColdFire causes a compiler warning: drivers/tty/serial/mcf.c:473:12: warning: no previous prototype for ‘early_mcf_setup’ [-Wmissing-prototypes] 473 | int __init early_mcf_setup(struct mcf_platform_uart *platp) | ^~~~~~~~~~~~~~~ This function seems to be completely unused, so let's remove it to silence the warning. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Acked-by: Greg Ungerer <gerg@linux-m68k.org> Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org> Link: https://lore.kernel.org/r/20240219164002.520342-1-thuth@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: 8250_pci1xxxx: Drop quirk from 8250_portAndy Shevchenko2-14/+18
We are not supposed to spread quirks in 8250_port module especially when we have a separate driver for the hardware in question. Move quirk from generic module to the driver that uses it. While at it, move IO to ->set_divisor() callback as it has to be from day 1. ->get_divisor() is not supposed to perform any IO as UART port: - might not be powered on - is not locked by a spin lock Fixes: 1ed67ecd1349 ("8250: microchip: Add 4 Mbps support in PCI1XXXX UART") Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by: Rengarajan S <rengarajan.s@microchip.com> Link: https://lore.kernel.org/r/20240219162917.2159736-1-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: 8250_exar: Don't use "proxy" headersAndy Shevchenko1-5/+9
Update header inclusions to follow IWYU (Include What You Use) principle. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/20240219150627.2101198-8-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: 8250_exar: Use 8250 PCI library to map and assign resourcesAndy Shevchenko2-5/+7
8250 PCI library provides a common code to map and assign resources. Use it in order to deduplicate existing code and support IO port variants. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/20240219150627.2101198-7-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: 8250_exar: switch to DEFINE_SIMPLE_DEV_PM_OPS()Andy Shevchenko1-4/+5
SIMPLE_DEV_PM_OPS() is deprecated, replace it with DEFINE_SIMPLE_DEV_PM_OPS() and use pm_sleep_ptr() for setting the driver's PM routines. We can now remove the __maybe_unused qualifier in the suspend and resume functions. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/20240219150627.2101198-6-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: 8250_exar: Use generic function to set firmware nodeAndy Shevchenko1-2/+2
Use generic function to set firmware node instead of ACPI specific one. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/20240219150627.2101198-5-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: 8250_exar: Clear interrupts before registering handlerAndy Shevchenko1-3/+3
While now there is no issue if IRQ is fired before we clearing the interrupts as the handler does the same, but strictly speaking it might be problematic if IRQ handler wants to do something more. Move clearing interrupt code to be called before registering the IRQ handler. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/20240219150627.2101198-4-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: 8250_exar: Use dev_get_drvdata() directly in PM callbacksAndy Shevchenko1-2/+1
PM callbacks take struct device pointer as a parameter, use dev_get_drvdata() to retrieve it instead of unneeded double loop of referencing via pci_get_drvdata(to_pci_dev(dev)). Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/20240219150627.2101198-3-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02serial: 8250_exar: Don't remove GPIO device on suspendAndy Shevchenko1-4/+1
It seems a copy&paste mistake that suspend callback removes the GPIO device. There is no counterpart of this action, means once suspended there is no more GPIO device available untile full unbind-bind cycle is performed. Remove suspicious GPIO device removal in suspend. Fixes: d0aeaa83f0b0 ("serial: exar: split out the exar code from 8250_pci") Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/20240219150627.2101198-2-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-02-26Linux 6.8-rc6v6.8-rc6Linus Torvalds1-1/+1
2024-02-25bcachefs: fix bch2_save_backtrace()Kent Overstreet1-1/+1
Missed a call in the previous fix. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-25ext4_get_link(): fix breakage in RCU modeAl Viro1-3/+5
1) errors from ext4_getblk() should not be propagated to caller unless we are really sure that we would've gotten the same error in non-RCU pathwalk. 2) we leak buffer_heads if ext4_getblk() is successful, but bh is not uptodate. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25cifs_get_link(): bail out in unsafe caseAl Viro1-0/+3
->d_revalidate() bails out there, anyway. It's not enough to prevent getting into ->get_link() in RCU mode, but that could happen only in a very contrieved setup. Not worth trying to do anything fancy here unless ->d_revalidate() stops kicking out of RCU mode at least in some cases. Reviewed-by: Christian Brauner <brauner@kernel.org> Acked-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25fuse: fix UAF in rcu pathwalksAl Viro3-6/+13
->permission(), ->get_link() and ->inode_get_acl() might dereference ->s_fs_info (and, in case of ->permission(), ->s_fs_info->fc->user_ns as well) when called from rcu pathwalk. Freeing ->s_fs_info->fc is rcu-delayed; we need to make freeing ->s_fs_info and dropping ->user_ns rcu-delayed too. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25procfs: make freeing proc_fs_info rcu-delayedAl Viro2-1/+2
makes proc_pid_ns() safe from rcu pathwalk (put_pid_ns() is still synchronous, but that's not a problem - it does rcu-delay everything that needs to be) Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25procfs: move dropping pde and pid from ->evict_inode() to ->free_inode()Al Viro2-13/+8
that keeps both around until struct inode is freed, making access to them safe from rcu-pathwalk Acked-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25nfs: fix UAF on pathwalk running into umountAl Viro2-3/+12
NFS ->d_revalidate(), ->permission() and ->get_link() need to access some parts of nfs_server when called in RCU mode: server->flags server->caps *(server->io_stats) and, worst of all, call server->nfs_client->rpc_ops->have_delegation (the last one - as NFS_PROTO(inode)->have_delegation()). We really don't want to RCU-delay the entire nfs_free_server() (it would have to be done with schedule_work() from RCU callback, since it can't be made to run from interrupt context), but actual freeing of nfs_server and ->io_stats can be done via call_rcu() just fine. nfs_client part is handled simply by making nfs_free_client() use kfree_rcu(). Acked-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25nfs: make nfs_set_verifier() safe for use in RCU pathwalkAl Viro1-2/+2
nfs_set_verifier() relies upon dentry being pinned; if that's the case, grabbing ->d_lock stabilizes ->d_parent and guarantees that ->d_parent points to a positive dentry. For something we'd run into in RCU mode that is *not* true - dentry might've been through dentry_kill() just as we grabbed ->d_lock, with its parent going through the same just as we get to into nfs_set_verifier_locked(). It might get to detaching inode (and zeroing ->d_inode) before nfs_set_verifier_locked() gets to fetching that; we get an oops as the result. That can happen in nfs{,4} ->d_revalidate(); the call chain in question is nfs_set_verifier_locked() <- nfs_set_verifier() <- nfs_lookup_revalidate_delegated() <- nfs{,4}_do_lookup_revalidate(). We have checked that the parent had been positive, but that's done before we get to nfs_set_verifier() and it's possible for memory pressure to pick our dentry as eviction candidate by that time. If that happens, back-to-back attempts to kill dentry and its parent are quite normal. Sure, in case of eviction we'll fail the ->d_seq check in the caller, but we need to survive until we return there... Acked-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25afs: fix __afs_break_callback() / afs_drop_open_mmap() raceAl Viro1-2/+6
In __afs_break_callback() we might check ->cb_nr_mmap and if it's non-zero do queue_work(&vnode->cb_work). In afs_drop_open_mmap() we decrement ->cb_nr_mmap and do flush_work(&vnode->cb_work) if it reaches zero. The trouble is, there's nothing to prevent __afs_break_callback() from seeing ->cb_nr_mmap before the decrement and do queue_work() after both the decrement and flush_work(). If that happens, we might be in trouble - vnode might get freed before the queued work runs. __afs_break_callback() is always done under ->cb_lock, so let's make sure that ->cb_nr_mmap can change from non-zero to zero while holding ->cb_lock (the spinlock component of it - it's a seqlock and we don't need to mess with the counter). Acked-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25hfsplus: switch to rcu-delayed unloading of nls and freeing ->s_fs_infoAl Viro2-3/+10
->d_hash() and ->d_compare() use those, so we need to delay freeing them. Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25exfat: move freeing sbi, upcase table and dropping nls into rcu-delayed helperAl Viro3-19/+16
That stuff can be accessed by ->d_hash()/->d_compare(); as it is, we have a hard-to-hit UAF if rcu pathwalk manages to get into ->d_hash() on a filesystem that is in process of getting shut down. Besides, having nls and upcase table cleanup moved from ->put_super() towards the place where sbi is freed makes for simpler failure exits. Acked-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25affs: free affs_sb_info with kfree_rcu()Al Viro2-1/+2
one of the flags in it is used by ->d_hash()/->d_compare() Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25rcu pathwalk: prevent bogus hard errors from may_lookup()Al Viro1-1/+5
If lazy call of ->permission() returns a hard error, check that try_to_unlazy() succeeds before returning it. That both makes life easier for ->permission() instances and closes the race in ENOTDIR handling - it is possible that positive d_can_lookup() seen in link_path_walk() applies to the state *after* unlink() + mkdir(), while nd->inode matches the state prior to that. Normally seeing e.g. EACCES from permission check in rcu pathwalk means that with some timings non-rcu pathwalk would've run into the same; however, running into a non-executable regular file in the middle of a pathname would not get to permission check - it would fail with ENOTDIR instead. Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25fs/super.c: don't drop ->s_user_ns until we free struct super_block itselfAl Viro1-9/+4
Avoids fun races in RCU pathwalk... Same goes for freeing LSM shite hanging off super_block's arse. Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25bcachefs: Fix check_snapshot() memcpyKent Overstreet1-1/+1
check_snapshot() copies the bch_snapshot to a temporary to easily handle older versions that don't have all the fields of the current version, but it lacked a min() to correctly handle keys newer and larger than the current version. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-25bcachefs: Fix bch2_journal_flush_device_pins()Kent Overstreet1-3/+5
If a journal write errored, the list of devices it was written to could be empty - we're not supposed to mark an empty replicas list. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-25bcachefs: fix iov_iter count underflow on sub-block dio readBrian Foster1-0/+2
bch2_direct_IO_read() checks the request offset and size for sector alignment and then falls through to a couple calculations to shrink the size of the request based on the inode size. The problem is that these checks round up to the fs block size, which runs the risk of underflowing iter->count if the block size happens to be large enough. This is triggered by fstest generic/361 with a 4k block size, which subsequently leads to a crash. To avoid this crash, check that the shorten length doesn't exceed the overall length of the iter. Fixes: Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-by: Su Yue <glass.su@suse.com> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-25bcachefs: Fix BTREE_ITER_FILTER_SNAPSHOTS on inodes btreeKent Overstreet1-1/+3
If we're in FILTER_SNAPSHOTS mode and we start scanning a range of the keyspace where no keys are visible in the current snapshot, we have a problem - we'll scan for a very long time before scanning terminates. Awhile back, this was fixed for most cases with peek_upto() (and assertions that enforce that it's being used). But the fix missed the fact that the inodes btree is different - every key offset is in a different snapshot tree, not just the inode field. Fixes: Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-25bcachefs: Kill __GFP_NOFAIL in buffered read pathKent Overstreet1-13/+8
Recently, we fixed our __GFP_NOFAIL usage in the readahead path, but the easy one in read_single_folio() (where wa can return an error) was missed - oops. Fixes: Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-25bcachefs: fix backpointer_to_text() when dev does not existKent Overstreet1-3/+5
Fixes: Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-24dm-integrity, dm-verity: reduce stack usage for recheckArnd Bergmann2-8/+6
The newly added integrity_recheck() function has another larger stack allocation, just like its caller integrity_metadata(). When it gets inlined, the combination of the two exceeds the warning limit for 32-bit architectures and possibly risks an overflow when this is called from a deep call chain through a file system: drivers/md/dm-integrity.c:1767:13: error: stack frame size (1048) exceeds limit (1024) in 'integrity_metadata' [-Werror,-Wframe-larger-than] 1767 | static void integrity_metadata(struct work_struct *w) Since the caller at this point is done using its checksum buffer, just reuse the same buffer in the new function to avoid the double allocation. [Mikulas: add "noinline" to integrity_recheck and verity_recheck. These functions are only called on error, so they shouldn't bloat the stack frame or code size of the caller.] Fixes: c88f5e553fe3 ("dm-integrity: recheck the integrity tag after a failure") Fixes: 9177f3c0dea6 ("dm-verity: recheck the hash after a failure") Cc: stable@vger.kernel.org Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Mike Snitzer <snitzer@kernel.org>
2024-02-23i2c: imx: when being a target, mark the last read as processedCorey Minyard1-0/+5
When being a target, NAK from the controller means that all bytes have been transferred. So, the last byte needs also to be marked as 'processed'. Otherwise index registers of backends may not increase. Fixes: f7414cd6923f ("i2c: imx: support slave mode for imx I2C driver") Signed-off-by: Corey Minyard <minyard@acm.org> Tested-by: Andrew Manley <andrew.manley@sealingtech.com> Reviewed-by: Andrew Manley <andrew.manley@sealingtech.com> Reviewed-by: Oleksij Rempel <o.rempel@pengutronix.de> [wsa: fixed comment and commit message to properly describe the case] Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by: Andi Shyti <andi.shyti@kernel.org>
2024-02-23iommu/sva: Restore SVA handle sharingJason Gunthorpe2-0/+20
Prior to commit 092edaddb660 ("iommu: Support mm PASID 1:n with sva domains") the code allowed a SVA handle to be bound multiple times to the same (mm, device) pair. This was alluded to in the kdoc comment, but we had understood this to be more a remark about allowing multiple devices, not a literal same-driver re-opening the same SVA. It turns out uacce and idxd were both relying on the core code to handle reference counting for same-device same-mm scenarios. As this looks hard to resolve in the drivers bring it back to the core code. The new design has changed the meaning of the domain->users refcount to refer to the number of devices that are sharing that domain for the same mm. This is part of the design to lift the SVA domain de-duplication out of the drivers. Return the old behavior by explicitly de-duplicating the struct iommu_sva handle. The same (mm, device) will return the same handle pointer and the core code will handle tracking this. The last unbind of the handle will destroy it. Fixes: 092edaddb660 ("iommu: Support mm PASID 1:n with sva domains") Reported-by: Zhangfei Gao <zhangfei.gao@linaro.org> Closes: https://lore.kernel.org/all/20240221110658.529-1-zhangfei.gao@linaro.org/ Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com> Link: https://lore.kernel.org/r/0-v1-9455fc497a6f+3b4-iommu_sva_sharing_jgg@nvidia.com Signed-off-by: Joerg Roedel <jroedel@suse.de>