* [PATCH AUTOSEL 4.9 1/7] irqchip/tegra: Fix overflow implicit truncation warnings
@ 2022-08-14 15:36 Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 2/7] usb: host: ohci-ppc-of: Fix refcount leak bug Sasha Levin
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Sasha Levin @ 2022-08-14 15:36 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Sai Prakash Ranjan, Marc Zyngier, Arnd Bergmann, Sasha Levin,
tglx, thierry.reding, jonathanh, linux-tegra
From: Sai Prakash Ranjan <quic_saipraka@quicinc.com>
[ Upstream commit 443685992bda9bb4f8b17fc02c9f6c60e62b1461 ]
Fix -Woverflow warnings for tegra irqchip driver which is a result
of moving arm64 custom MMIO accessor macros to asm-generic function
implementations giving a bonus type-checking now and uncovering these
overflow warnings.
drivers/irqchip/irq-tegra.c: In function ‘tegra_ictlr_suspend’:
drivers/irqchip/irq-tegra.c:151:18: warning: large integer implicitly truncated to unsigned type [-Woverflow]
writel_relaxed(~0ul, ictlr + ICTLR_COP_IER_CLR);
^
Suggested-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Sai Prakash Ranjan <quic_saipraka@quicinc.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Cc: Marc Zyngier <maz@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-tegra.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/irqchip/irq-tegra.c b/drivers/irqchip/irq-tegra.c
index 3973a14bb15b..02ffefd5011a 100644
--- a/drivers/irqchip/irq-tegra.c
+++ b/drivers/irqchip/irq-tegra.c
@@ -157,10 +157,10 @@ static int tegra_ictlr_suspend(void)
lic->cop_iep[i] = readl_relaxed(ictlr + ICTLR_COP_IEP_CLASS);
/* Disable COP interrupts */
- writel_relaxed(~0ul, ictlr + ICTLR_COP_IER_CLR);
+ writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_COP_IER_CLR);
/* Disable CPU interrupts */
- writel_relaxed(~0ul, ictlr + ICTLR_CPU_IER_CLR);
+ writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_CPU_IER_CLR);
/* Enable the wakeup sources of ictlr */
writel_relaxed(lic->ictlr_wake_mask[i], ictlr + ICTLR_CPU_IER_SET);
@@ -181,12 +181,12 @@ static void tegra_ictlr_resume(void)
writel_relaxed(lic->cpu_iep[i],
ictlr + ICTLR_CPU_IEP_CLASS);
- writel_relaxed(~0ul, ictlr + ICTLR_CPU_IER_CLR);
+ writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_CPU_IER_CLR);
writel_relaxed(lic->cpu_ier[i],
ictlr + ICTLR_CPU_IER_SET);
writel_relaxed(lic->cop_iep[i],
ictlr + ICTLR_COP_IEP_CLASS);
- writel_relaxed(~0ul, ictlr + ICTLR_COP_IER_CLR);
+ writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_COP_IER_CLR);
writel_relaxed(lic->cop_ier[i],
ictlr + ICTLR_COP_IER_SET);
}
@@ -321,7 +321,7 @@ static int __init tegra_ictlr_init(struct device_node *node,
lic->base[i] = base;
/* Disable all interrupts */
- writel_relaxed(~0UL, base + ICTLR_CPU_IER_CLR);
+ writel_relaxed(GENMASK(31, 0), base + ICTLR_CPU_IER_CLR);
/* All interrupts target IRQ */
writel_relaxed(0, base + ICTLR_CPU_IEP_CLASS);
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH AUTOSEL 4.9 2/7] usb: host: ohci-ppc-of: Fix refcount leak bug
2022-08-14 15:36 [PATCH AUTOSEL 4.9 1/7] irqchip/tegra: Fix overflow implicit truncation warnings Sasha Levin
@ 2022-08-14 15:36 ` Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 3/7] gadgetfs: ep_io - wait until IRQ finishes Sasha Levin
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2022-08-14 15:36 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Liang He, Alan Stern, Greg Kroah-Hartman, Sasha Levin, linux-usb
From: Liang He <windhl@126.com>
[ Upstream commit 40a959d7042bb7711e404ad2318b30e9f92c6b9b ]
In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return
a node pointer with refcount incremented. We should use of_node_put()
when it is not used anymore.
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220617034637.4003115-1-windhl@126.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/ohci-ppc-of.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/host/ohci-ppc-of.c b/drivers/usb/host/ohci-ppc-of.c
index 4f87a5c61b08..d22a70363fbf 100644
--- a/drivers/usb/host/ohci-ppc-of.c
+++ b/drivers/usb/host/ohci-ppc-of.c
@@ -168,6 +168,7 @@ static int ohci_hcd_ppc_of_probe(struct platform_device *op)
release_mem_region(res.start, 0x4);
} else
pr_debug("%s: cannot get ehci offset from fdt\n", __FILE__);
+ of_node_put(np);
}
irq_dispose_mapping(irq);
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH AUTOSEL 4.9 3/7] gadgetfs: ep_io - wait until IRQ finishes
2022-08-14 15:36 [PATCH AUTOSEL 4.9 1/7] irqchip/tegra: Fix overflow implicit truncation warnings Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 2/7] usb: host: ohci-ppc-of: Fix refcount leak bug Sasha Levin
@ 2022-08-14 15:36 ` Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 4/7] cxl: Fix a memory leak in an error handling path Sasha Levin
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2022-08-14 15:36 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Jozef Martiniak, Greg Kroah-Hartman, Sasha Levin, balbi, stern,
hbh25y, axboe, rdunlap, mingo, linux-usb
From: Jozef Martiniak <jomajm@gmail.com>
[ Upstream commit 04cb742d4d8f30dc2e83b46ac317eec09191c68e ]
after usb_ep_queue() if wait_for_completion_interruptible() is
interrupted we need to wait until IRQ gets finished.
Otherwise complete() from epio_complete() can corrupt stack.
Signed-off-by: Jozef Martiniak <jomajm@gmail.com>
Link: https://lore.kernel.org/r/20220708070645.6130-1-jomajm@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/legacy/inode.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
index 2b30b5a1b577..8d53b3ac31c6 100644
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -365,6 +365,7 @@ ep_io (struct ep_data *epdata, void *buf, unsigned len)
spin_unlock_irq (&epdata->dev->lock);
DBG (epdata->dev, "endpoint gone\n");
+ wait_for_completion(&done);
epdata->status = -ENODEV;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH AUTOSEL 4.9 4/7] cxl: Fix a memory leak in an error handling path
2022-08-14 15:36 [PATCH AUTOSEL 4.9 1/7] irqchip/tegra: Fix overflow implicit truncation warnings Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 2/7] usb: host: ohci-ppc-of: Fix refcount leak bug Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 3/7] gadgetfs: ep_io - wait until IRQ finishes Sasha Levin
@ 2022-08-14 15:36 ` Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 5/7] drivers:md:fix a potential use-after-free bug Sasha Levin
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2022-08-14 15:36 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Christophe JAILLET, Andrew Donnellan, Greg Kroah-Hartman,
Sasha Levin, fbarrat, linuxppc-dev
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 3a15b45b5454da862376b5d69a4967f5c6fa1368 ]
A bitmap_zalloc() must be balanced by a corresponding bitmap_free() in the
error handling path of afu_allocate_irqs().
Acked-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/ce5869418f5838187946eb6b11a52715a93ece3d.1657566849.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/cxl/irq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/misc/cxl/irq.c b/drivers/misc/cxl/irq.c
index dec60f58a767..99e2bd65825f 100644
--- a/drivers/misc/cxl/irq.c
+++ b/drivers/misc/cxl/irq.c
@@ -302,6 +302,7 @@ int afu_allocate_irqs(struct cxl_context *ctx, u32 count)
out:
cxl_ops->release_irq_ranges(&ctx->irqs, ctx->afu->adapter);
+ bitmap_free(ctx->irq_bitmap);
afu_irq_name_free(ctx);
return -ENOMEM;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH AUTOSEL 4.9 5/7] drivers:md:fix a potential use-after-free bug
2022-08-14 15:36 [PATCH AUTOSEL 4.9 1/7] irqchip/tegra: Fix overflow implicit truncation warnings Sasha Levin
` (2 preceding siblings ...)
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 4/7] cxl: Fix a memory leak in an error handling path Sasha Levin
@ 2022-08-14 15:36 ` Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 6/7] ext4: avoid remove directory when directory is corrupted Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 7/7] ext4: avoid resizing to a partial cluster size Sasha Levin
5 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2022-08-14 15:36 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Wentao_Liang, Song Liu, Jens Axboe, Sasha Levin, linux-raid
From: Wentao_Liang <Wentao_Liang_g@163.com>
[ Upstream commit 104212471b1c1817b311771d817fb692af983173 ]
In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and
may cause sh to be released. However, sh is subsequently used in lines
2886 "if (sh->batch_head && sh != sh->batch_head)". This may result in an
use-after-free bug.
It can be fixed by moving "raid5_release_stripe(sh);" to the bottom of
the function.
Signed-off-by: Wentao_Liang <Wentao_Liang_g@163.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid5.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index b396e78b1b6d..bea171a5e663 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -2513,10 +2513,10 @@ static void raid5_end_write_request(struct bio *bi)
if (!test_and_clear_bit(R5_DOUBLE_LOCKED, &sh->dev[i].flags))
clear_bit(R5_LOCKED, &sh->dev[i].flags);
set_bit(STRIPE_HANDLE, &sh->state);
- raid5_release_stripe(sh);
if (sh->batch_head && sh != sh->batch_head)
raid5_release_stripe(sh->batch_head);
+ raid5_release_stripe(sh);
}
static void raid5_build_block(struct stripe_head *sh, int i, int previous)
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH AUTOSEL 4.9 6/7] ext4: avoid remove directory when directory is corrupted
2022-08-14 15:36 [PATCH AUTOSEL 4.9 1/7] irqchip/tegra: Fix overflow implicit truncation warnings Sasha Levin
` (3 preceding siblings ...)
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 5/7] drivers:md:fix a potential use-after-free bug Sasha Levin
@ 2022-08-14 15:36 ` Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 7/7] ext4: avoid resizing to a partial cluster size Sasha Levin
5 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2022-08-14 15:36 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Ye Bin, Jan Kara, Theodore Ts'o, Sasha Levin, adilger.kernel,
linux-ext4
From: Ye Bin <yebin10@huawei.com>
[ Upstream commit b24e77ef1c6d4dbf42749ad4903c97539cc9755a ]
Now if check directoy entry is corrupted, ext4_empty_dir may return true
then directory will be removed when file system mounted with "errors=continue".
In order not to make things worse just return false when directory is corrupted.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220622090223.682234-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/namei.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index edf78728ed32..6d9dedee6b44 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -2777,11 +2777,8 @@ bool ext4_empty_dir(struct inode *inode)
de = (struct ext4_dir_entry_2 *) (bh->b_data +
(offset & (sb->s_blocksize - 1)));
if (ext4_check_dir_entry(inode, NULL, de, bh,
- bh->b_data, bh->b_size, offset)) {
- offset = (offset | (sb->s_blocksize - 1)) + 1;
- continue;
- }
- if (le32_to_cpu(de->inode)) {
+ bh->b_data, bh->b_size, offset) ||
+ le32_to_cpu(de->inode)) {
brelse(bh);
return false;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH AUTOSEL 4.9 7/7] ext4: avoid resizing to a partial cluster size
2022-08-14 15:36 [PATCH AUTOSEL 4.9 1/7] irqchip/tegra: Fix overflow implicit truncation warnings Sasha Levin
` (4 preceding siblings ...)
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 6/7] ext4: avoid remove directory when directory is corrupted Sasha Levin
@ 2022-08-14 15:36 ` Sasha Levin
5 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2022-08-14 15:36 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Kiselev, Oleg, Theodore Ts'o, Sasha Levin, adilger.kernel,
linux-ext4
From: "Kiselev, Oleg" <okiselev@amazon.com>
[ Upstream commit 69cb8e9d8cd97cdf5e293b26d70a9dee3e35e6bd ]
This patch avoids an attempt to resize the filesystem to an
unaligned cluster boundary. An online resize to a size that is not
integral to cluster size results in the last iteration attempting to
grow the fs by a negative amount, which trips a BUG_ON and leaves the fs
with a corrupted in-memory superblock.
Signed-off-by: Oleg Kiselev <okiselev@amazon.com>
Link: https://lore.kernel.org/r/0E92A0AB-4F16-4F1A-94B7-702CC6504FDE@amazon.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/resize.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index c367129dcdc1..c16bcd3f2e6d 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1940,6 +1940,16 @@ int ext4_resize_fs(struct super_block *sb, ext4_fsblk_t n_blocks_count)
}
brelse(bh);
+ /*
+ * For bigalloc, trim the requested size to the nearest cluster
+ * boundary to avoid creating an unusable filesystem. We do this
+ * silently, instead of returning an error, to avoid breaking
+ * callers that blindly resize the filesystem to the full size of
+ * the underlying block device.
+ */
+ if (ext4_has_feature_bigalloc(sb))
+ n_blocks_count &= ~((1 << EXT4_CLUSTER_BITS(sb)) - 1);
+
retry:
o_blocks_count = ext4_blocks_count(es);
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-08-14 15:57 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-14 15:36 [PATCH AUTOSEL 4.9 1/7] irqchip/tegra: Fix overflow implicit truncation warnings Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 2/7] usb: host: ohci-ppc-of: Fix refcount leak bug Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 3/7] gadgetfs: ep_io - wait until IRQ finishes Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 4/7] cxl: Fix a memory leak in an error handling path Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 5/7] drivers:md:fix a potential use-after-free bug Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 6/7] ext4: avoid remove directory when directory is corrupted Sasha Levin
2022-08-14 15:36 ` [PATCH AUTOSEL 4.9 7/7] ext4: avoid resizing to a partial cluster size Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).