stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event
@ 2023-04-06 11:32 Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 02/11] Input: i8042 - add quirk for Fujitsu Lifebook A574/H Sasha Levin
                   ` (9 more replies)
  0 siblings, 10 replies; 11+ messages in thread
From: Sasha Levin @ 2023-04-06 11:32 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Douglas Raillard, Mukesh Ojha, Chao Yu, Jaegeuk Kim, Sasha Levin,
	rostedt, mhiramat, linux-f2fs-devel, linux-trace-kernel

From: Douglas Raillard <douglas.raillard@arm.com>

[ Upstream commit 0b04d4c0542e8573a837b1d81b94209e48723b25 ]

Fix the nid_t field so that its size is correctly reported in the text
format embedded in trace.dat files. As it stands, it is reported as
being of size 4:

        field:nid_t nid[3];     offset:24;      size:4; signed:0;

Instead of 12:

        field:nid_t nid[3];     offset:24;      size:12;        signed:0;

This also fixes the reported offset of subsequent fields so that they
match with the actual struct layout.

Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Reviewed-by: Mukesh Ojha <quic_mojha@quicinc.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/trace/events/f2fs.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/trace/events/f2fs.h b/include/trace/events/f2fs.h
index 4cb055af1ec0b..f5dcf7c9b7076 100644
--- a/include/trace/events/f2fs.h
+++ b/include/trace/events/f2fs.h
@@ -513,7 +513,7 @@ TRACE_EVENT(f2fs_truncate_partial_nodes,
 	TP_STRUCT__entry(
 		__field(dev_t,	dev)
 		__field(ino_t,	ino)
-		__field(nid_t,	nid[3])
+		__array(nid_t,	nid, 3)
 		__field(int,	depth)
 		__field(int,	err)
 	),
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* [PATCH AUTOSEL 5.15 02/11] Input: i8042 - add quirk for Fujitsu Lifebook A574/H
  2023-04-06 11:32 [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Sasha Levin
@ 2023-04-06 11:32 ` Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 03/11] platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 Sasha Levin
                   ` (8 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2023-04-06 11:32 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Jonathan Denose, Jonathan Denose, Hans de Goede, Dmitry Torokhov,
	Sasha Levin, wse, chenhuacai, wsa+renesas, linux-input

From: Jonathan Denose <jdenose@chromium.org>

[ Upstream commit f5bad62f9107b701a6def7cac1f5f65862219b83 ]

Fujitsu Lifebook A574/H requires the nomux option to properly
probe the touchpad, especially when waking from sleep.

Signed-off-by: Jonathan Denose <jdenose@google.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20230303152623.45859-1-jdenose@google.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/input/serio/i8042-x86ia64io.h | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
index 239c777f8271c..339e765bcf5ae 100644
--- a/drivers/input/serio/i8042-x86ia64io.h
+++ b/drivers/input/serio/i8042-x86ia64io.h
@@ -601,6 +601,14 @@ static const struct dmi_system_id i8042_dmi_quirk_table[] __initconst = {
 		},
 		.driver_data = (void *)(SERIO_QUIRK_NOMUX)
 	},
+	{
+		/* Fujitsu Lifebook A574/H */
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
+			DMI_MATCH(DMI_PRODUCT_NAME, "FMVA0501PZ"),
+		},
+		.driver_data = (void *)(SERIO_QUIRK_NOMUX)
+	},
 	{
 		/* Gigabyte M912 */
 		.matches = {
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* [PATCH AUTOSEL 5.15 03/11] platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2
  2023-04-06 11:32 [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 02/11] Input: i8042 - add quirk for Fujitsu Lifebook A574/H Sasha Levin
@ 2023-04-06 11:32 ` Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 04/11] selftests: sigaltstack: fix -Wuninitialized Sasha Levin
                   ` (7 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2023-04-06 11:32 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Frank Crawford, Thomas Weißschuh, Hans de Goede,
	Sasha Levin, thomas, markgross, platform-driver-x86

From: Frank Crawford <frank@crawford.emu.id.au>

[ Upstream commit b7c994f8c35e916e27c60803bb21457bc1373500 ]

Add support for A320M-S2H V2.  Tested using module force_load option.

Signed-off-by: Frank Crawford <frank@crawford.emu.id.au>
Acked-by: Thomas Weißschuh <linux@weissschuh.net>
Link: https://lore.kernel.org/r/20230318091441.1240921-1-frank@crawford.emu.id.au
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/platform/x86/gigabyte-wmi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/platform/x86/gigabyte-wmi.c b/drivers/platform/x86/gigabyte-wmi.c
index 0163e912fafec..aea4f3144b68f 100644
--- a/drivers/platform/x86/gigabyte-wmi.c
+++ b/drivers/platform/x86/gigabyte-wmi.c
@@ -140,6 +140,7 @@ static u8 gigabyte_wmi_detect_sensor_usability(struct wmi_device *wdev)
 	}}
 
 static const struct dmi_system_id gigabyte_wmi_known_working_platforms[] = {
+	DMI_EXACT_MATCH_GIGABYTE_BOARD_NAME("A320M-S2H V2-CF"),
 	DMI_EXACT_MATCH_GIGABYTE_BOARD_NAME("B450M DS3H-CF"),
 	DMI_EXACT_MATCH_GIGABYTE_BOARD_NAME("B450M DS3H WIFI-CF"),
 	DMI_EXACT_MATCH_GIGABYTE_BOARD_NAME("B450M S2H V2"),
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* [PATCH AUTOSEL 5.15 04/11] selftests: sigaltstack: fix -Wuninitialized
  2023-04-06 11:32 [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 02/11] Input: i8042 - add quirk for Fujitsu Lifebook A574/H Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 03/11] platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 Sasha Levin
@ 2023-04-06 11:32 ` Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 05/11] scsi: megaraid_sas: Fix fw_crash_buffer_show() Sasha Levin
                   ` (6 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2023-04-06 11:32 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nick Desaulniers, Linux Kernel Functional Testing, Kees Cook,
	Anders Roxell, Shuah Khan, Sasha Levin, shuah, paul.walmsley,
	palmer, aou, guoren, nathan, linux-kselftest, linux-riscv,
	linux-csky, llvm

From: Nick Desaulniers <ndesaulniers@google.com>

[ Upstream commit 05107edc910135d27fe557267dc45be9630bf3dd ]

Building sigaltstack with clang via:
$ ARCH=x86 make LLVM=1 -C tools/testing/selftests/sigaltstack/

produces the following warning:
  warning: variable 'sp' is uninitialized when used here [-Wuninitialized]
  if (sp < (unsigned long)sstack ||
      ^~

Clang expects these to be declared at global scope; we've fixed this in
the kernel proper by using the macro `current_stack_pointer`. This is
defined in different headers for different target architectures, so just
create a new header that defines the arch-specific register names for
the stack pointer register, and define it for more targets (at least the
ones that support current_stack_pointer/ARCH_HAS_CURRENT_STACK_POINTER).

Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
Link: https://lore.kernel.org/lkml/CA+G9fYsi3OOu7yCsMutpzKDnBMAzJBCPimBp86LhGBa0eCnEpA@mail.gmail.com/
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
Tested-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../sigaltstack/current_stack_pointer.h       | 23 +++++++++++++++++++
 tools/testing/selftests/sigaltstack/sas.c     |  7 +-----
 2 files changed, 24 insertions(+), 6 deletions(-)
 create mode 100644 tools/testing/selftests/sigaltstack/current_stack_pointer.h

diff --git a/tools/testing/selftests/sigaltstack/current_stack_pointer.h b/tools/testing/selftests/sigaltstack/current_stack_pointer.h
new file mode 100644
index 0000000000000..ea9bdf3a90b16
--- /dev/null
+++ b/tools/testing/selftests/sigaltstack/current_stack_pointer.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+#if __alpha__
+register unsigned long sp asm("$30");
+#elif __arm__ || __aarch64__ || __csky__ || __m68k__ || __mips__ || __riscv
+register unsigned long sp asm("sp");
+#elif __i386__
+register unsigned long sp asm("esp");
+#elif __loongarch64
+register unsigned long sp asm("$sp");
+#elif __ppc__
+register unsigned long sp asm("r1");
+#elif __s390x__
+register unsigned long sp asm("%15");
+#elif __sh__
+register unsigned long sp asm("r15");
+#elif __x86_64__
+register unsigned long sp asm("rsp");
+#elif __XTENSA__
+register unsigned long sp asm("a1");
+#else
+#error "implement current_stack_pointer equivalent"
+#endif
diff --git a/tools/testing/selftests/sigaltstack/sas.c b/tools/testing/selftests/sigaltstack/sas.c
index c53b070755b65..98d37cb744fb2 100644
--- a/tools/testing/selftests/sigaltstack/sas.c
+++ b/tools/testing/selftests/sigaltstack/sas.c
@@ -20,6 +20,7 @@
 #include <sys/auxv.h>
 
 #include "../kselftest.h"
+#include "current_stack_pointer.h"
 
 #ifndef SS_AUTODISARM
 #define SS_AUTODISARM  (1U << 31)
@@ -46,12 +47,6 @@ void my_usr1(int sig, siginfo_t *si, void *u)
 	stack_t stk;
 	struct stk_data *p;
 
-#if __s390x__
-	register unsigned long sp asm("%15");
-#else
-	register unsigned long sp asm("sp");
-#endif
-
 	if (sp < (unsigned long)sstack ||
 			sp >= (unsigned long)sstack + stack_size) {
 		ksft_exit_fail_msg("SP is not on sigaltstack\n");
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* [PATCH AUTOSEL 5.15 05/11] scsi: megaraid_sas: Fix fw_crash_buffer_show()
  2023-04-06 11:32 [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Sasha Levin
                   ` (2 preceding siblings ...)
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 04/11] selftests: sigaltstack: fix -Wuninitialized Sasha Levin
@ 2023-04-06 11:32 ` Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 06/11] scsi: core: Improve scsi_vpd_inquiry() checks Sasha Levin
                   ` (5 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2023-04-06 11:32 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Tomas Henzl, Martin K . Petersen, Sasha Levin, kashyap.desai,
	sumit.saxena, shivasharan.srikanteshwara, jejb,
	megaraidlinux.pdl, linux-scsi

From: Tomas Henzl <thenzl@redhat.com>

[ Upstream commit 0808ed6ebbc292222ca069d339744870f6d801da ]

If crash_dump_buf is not allocated then crash dump can't be available.
Replace logical 'and' with 'or'.

Signed-off-by: Tomas Henzl <thenzl@redhat.com>
Link: https://lore.kernel.org/r/20230324135249.9733-1-thenzl@redhat.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/megaraid/megaraid_sas_base.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index 88e164e3d2eac..f7da1876e7a38 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -3302,7 +3302,7 @@ fw_crash_buffer_show(struct device *cdev,
 
 	spin_lock_irqsave(&instance->crashdump_lock, flags);
 	buff_offset = instance->fw_crash_buffer_offset;
-	if (!instance->crash_dump_buf &&
+	if (!instance->crash_dump_buf ||
 		!((instance->fw_crash_state == AVAILABLE) ||
 		(instance->fw_crash_state == COPYING))) {
 		dev_err(&instance->pdev->dev,
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* [PATCH AUTOSEL 5.15 06/11] scsi: core: Improve scsi_vpd_inquiry() checks
  2023-04-06 11:32 [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Sasha Levin
                   ` (3 preceding siblings ...)
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 05/11] scsi: megaraid_sas: Fix fw_crash_buffer_show() Sasha Levin
@ 2023-04-06 11:32 ` Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 07/11] net: dsa: b53: mmap: add phy ops Sasha Levin
                   ` (4 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2023-04-06 11:32 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Damien Le Moal, Benjamin Block, Martin K . Petersen, Sasha Levin,
	jejb, linux-scsi

From: Damien Le Moal <damien.lemoal@opensource.wdc.com>

[ Upstream commit f0aa59a33d2ac2267d260fe21eaf92500df8e7b4 ]

Some USB-SATA adapters have broken behavior when an unsupported VPD page is
probed: Depending on the VPD page number, a 4-byte header with a valid VPD
page number but with a 0 length is returned. Currently, scsi_vpd_inquiry()
only checks that the page number is valid to determine if the page is
valid, which results in receiving only the 4-byte header for the
non-existent page. This error manifests itself very often with page 0xb9
for the Concurrent Positioning Ranges detection done by sd_read_cpr(),
resulting in the following error message:

sd 0:0:0:0: [sda] Invalid Concurrent Positioning Ranges VPD page

Prevent such misleading error message by adding a check in
scsi_vpd_inquiry() to verify that the page length is not 0.

Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Link: https://lore.kernel.org/r/20230322022211.116327-1-damien.lemoal@opensource.wdc.com
Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/scsi.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
index 4fc9466d820a7..a499a57150720 100644
--- a/drivers/scsi/scsi.c
+++ b/drivers/scsi/scsi.c
@@ -323,11 +323,18 @@ static int scsi_vpd_inquiry(struct scsi_device *sdev, unsigned char *buffer,
 	if (result)
 		return -EIO;
 
-	/* Sanity check that we got the page back that we asked for */
+	/*
+	 * Sanity check that we got the page back that we asked for and that
+	 * the page size is not 0.
+	 */
 	if (buffer[1] != page)
 		return -EIO;
 
-	return get_unaligned_be16(&buffer[2]) + 4;
+	result = get_unaligned_be16(&buffer[2]);
+	if (!result)
+		return -EIO;
+
+	return result + 4;
 }
 
 /**
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* [PATCH AUTOSEL 5.15 07/11] net: dsa: b53: mmap: add phy ops
  2023-04-06 11:32 [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Sasha Levin
                   ` (4 preceding siblings ...)
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 06/11] scsi: core: Improve scsi_vpd_inquiry() checks Sasha Levin
@ 2023-04-06 11:32 ` Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 08/11] s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling Sasha Levin
                   ` (3 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2023-04-06 11:32 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Álvaro Fernández Rojas, Florian Fainelli,
	David S . Miller, Sasha Levin, andrew, olteanv, edumazet, kuba,
	pabeni, netdev

From: Álvaro Fernández Rojas <noltari@gmail.com>

[ Upstream commit 45977e58ce65ed0459edc9a0466d9dfea09463f5 ]

Implement phy_read16() and phy_write16() ops for B53 MMAP to avoid accessing
B53_PORT_MII_PAGE registers which hangs the device.
This access should be done through the MDIO Mux bus controller.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/dsa/b53/b53_mmap.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/drivers/net/dsa/b53/b53_mmap.c b/drivers/net/dsa/b53/b53_mmap.c
index 3388f620fac99..ca6f53c630676 100644
--- a/drivers/net/dsa/b53/b53_mmap.c
+++ b/drivers/net/dsa/b53/b53_mmap.c
@@ -216,6 +216,18 @@ static int b53_mmap_write64(struct b53_device *dev, u8 page, u8 reg,
 	return 0;
 }
 
+static int b53_mmap_phy_read16(struct b53_device *dev, int addr, int reg,
+			       u16 *value)
+{
+	return -EIO;
+}
+
+static int b53_mmap_phy_write16(struct b53_device *dev, int addr, int reg,
+				u16 value)
+{
+	return -EIO;
+}
+
 static const struct b53_io_ops b53_mmap_ops = {
 	.read8 = b53_mmap_read8,
 	.read16 = b53_mmap_read16,
@@ -227,6 +239,8 @@ static const struct b53_io_ops b53_mmap_ops = {
 	.write32 = b53_mmap_write32,
 	.write48 = b53_mmap_write48,
 	.write64 = b53_mmap_write64,
+	.phy_read16 = b53_mmap_phy_read16,
+	.phy_write16 = b53_mmap_phy_write16,
 };
 
 static int b53_mmap_probe_of(struct platform_device *pdev,
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* [PATCH AUTOSEL 5.15 08/11] s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
  2023-04-06 11:32 [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Sasha Levin
                   ` (5 preceding siblings ...)
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 07/11] net: dsa: b53: mmap: add phy ops Sasha Levin
@ 2023-04-06 11:32 ` Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 09/11] nvme-tcp: fix a possible UAF when failing to allocate an io queue Sasha Levin
                   ` (2 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2023-04-06 11:32 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Heiko Carstens, Sven Schnelle, Vasily Gorbik, Sasha Levin, oleg,
	agordeev, linux-s390

From: Heiko Carstens <hca@linux.ibm.com>

[ Upstream commit f9bbf25e7b2b74b52b2f269216a92657774f239c ]

Return -EFAULT if put_user() for the PTRACE_GET_LAST_BREAK
request fails, instead of silently ignoring it.

Reviewed-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/s390/kernel/ptrace.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c
index 0ea3d02b378de..516c21baf3ad3 100644
--- a/arch/s390/kernel/ptrace.c
+++ b/arch/s390/kernel/ptrace.c
@@ -481,9 +481,7 @@ long arch_ptrace(struct task_struct *child, long request,
 		}
 		return 0;
 	case PTRACE_GET_LAST_BREAK:
-		put_user(child->thread.last_break,
-			 (unsigned long __user *) data);
-		return 0;
+		return put_user(child->thread.last_break, (unsigned long __user *)data);
 	case PTRACE_ENABLE_TE:
 		if (!MACHINE_HAS_TE)
 			return -EIO;
@@ -837,9 +835,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
 		}
 		return 0;
 	case PTRACE_GET_LAST_BREAK:
-		put_user(child->thread.last_break,
-			 (unsigned int __user *) data);
-		return 0;
+		return put_user(child->thread.last_break, (unsigned int __user *)data);
 	}
 	return compat_ptrace_request(child, request, addr, data);
 }
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* [PATCH AUTOSEL 5.15 09/11] nvme-tcp: fix a possible UAF when failing to allocate an io queue
  2023-04-06 11:32 [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Sasha Levin
                   ` (6 preceding siblings ...)
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 08/11] s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling Sasha Levin
@ 2023-04-06 11:32 ` Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 10/11] xen/netback: use same error messages for same errors Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 11/11] platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE Sasha Levin
  9 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2023-04-06 11:32 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Sagi Grimberg, Yanjun Zhang, Yanjun Zhang, Christoph Hellwig,
	Sasha Levin, kbusch, axboe, linux-nvme

From: Sagi Grimberg <sagi@grimberg.me>

[ Upstream commit 88eaba80328b31ef81813a1207b4056efd7006a6 ]

When we allocate a nvme-tcp queue, we set the data_ready callback before
we actually need to use it. This creates the potential that if a stray
controller sends us data on the socket before we connect, we can trigger
the io_work and start consuming the socket.

In this case reported: we failed to allocate one of the io queues, and
as we start releasing the queues that we already allocated, we get
a UAF [1] from the io_work which is running before it should really.

Fix this by setting the socket ops callbacks only before we start the
queue, so that we can't accidentally schedule the io_work in the
initialization phase before the queue started. While we are at it,
rename nvme_tcp_restore_sock_calls to pair with nvme_tcp_setup_sock_ops.

[1]:
[16802.107284] nvme nvme4: starting error recovery
[16802.109166] nvme nvme4: Reconnecting in 10 seconds...
[16812.173535] nvme nvme4: failed to connect socket: -111
[16812.173745] nvme nvme4: Failed reconnect attempt 1
[16812.173747] nvme nvme4: Reconnecting in 10 seconds...
[16822.413555] nvme nvme4: failed to connect socket: -111
[16822.413762] nvme nvme4: Failed reconnect attempt 2
[16822.413765] nvme nvme4: Reconnecting in 10 seconds...
[16832.661274] nvme nvme4: creating 32 I/O queues.
[16833.919887] BUG: kernel NULL pointer dereference, address: 0000000000000088
[16833.920068] nvme nvme4: Failed reconnect attempt 3
[16833.920094] #PF: supervisor write access in kernel mode
[16833.920261] nvme nvme4: Reconnecting in 10 seconds...
[16833.920368] #PF: error_code(0x0002) - not-present page
[16833.921086] Workqueue: nvme_tcp_wq nvme_tcp_io_work [nvme_tcp]
[16833.921191] RIP: 0010:_raw_spin_lock_bh+0x17/0x30
...
[16833.923138] Call Trace:
[16833.923271]  <TASK>
[16833.923402]  lock_sock_nested+0x1e/0x50
[16833.923545]  nvme_tcp_try_recv+0x40/0xa0 [nvme_tcp]
[16833.923685]  nvme_tcp_io_work+0x68/0xa0 [nvme_tcp]
[16833.923824]  process_one_work+0x1e8/0x390
[16833.923969]  worker_thread+0x53/0x3d0
[16833.924104]  ? process_one_work+0x390/0x390
[16833.924240]  kthread+0x124/0x150
[16833.924376]  ? set_kthread_struct+0x50/0x50
[16833.924518]  ret_from_fork+0x1f/0x30
[16833.924655]  </TASK>

Reported-by: Yanjun Zhang <zhangyanjun@cestc.cn>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Tested-by: Yanjun Zhang <zhangyanjun@cestc.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/nvme/host/tcp.c | 46 +++++++++++++++++++++++------------------
 1 file changed, 26 insertions(+), 20 deletions(-)

diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
index 96d8d7844e846..fb47d0603e051 100644
--- a/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -1563,22 +1563,7 @@ static int nvme_tcp_alloc_queue(struct nvme_ctrl *nctrl,
 	if (ret)
 		goto err_init_connect;
 
-	queue->rd_enabled = true;
 	set_bit(NVME_TCP_Q_ALLOCATED, &queue->flags);
-	nvme_tcp_init_recv_ctx(queue);
-
-	write_lock_bh(&queue->sock->sk->sk_callback_lock);
-	queue->sock->sk->sk_user_data = queue;
-	queue->state_change = queue->sock->sk->sk_state_change;
-	queue->data_ready = queue->sock->sk->sk_data_ready;
-	queue->write_space = queue->sock->sk->sk_write_space;
-	queue->sock->sk->sk_data_ready = nvme_tcp_data_ready;
-	queue->sock->sk->sk_state_change = nvme_tcp_state_change;
-	queue->sock->sk->sk_write_space = nvme_tcp_write_space;
-#ifdef CONFIG_NET_RX_BUSY_POLL
-	queue->sock->sk->sk_ll_usec = 1;
-#endif
-	write_unlock_bh(&queue->sock->sk->sk_callback_lock);
 
 	return 0;
 
@@ -1598,7 +1583,7 @@ static int nvme_tcp_alloc_queue(struct nvme_ctrl *nctrl,
 	return ret;
 }
 
-static void nvme_tcp_restore_sock_calls(struct nvme_tcp_queue *queue)
+static void nvme_tcp_restore_sock_ops(struct nvme_tcp_queue *queue)
 {
 	struct socket *sock = queue->sock;
 
@@ -1613,7 +1598,7 @@ static void nvme_tcp_restore_sock_calls(struct nvme_tcp_queue *queue)
 static void __nvme_tcp_stop_queue(struct nvme_tcp_queue *queue)
 {
 	kernel_sock_shutdown(queue->sock, SHUT_RDWR);
-	nvme_tcp_restore_sock_calls(queue);
+	nvme_tcp_restore_sock_ops(queue);
 	cancel_work_sync(&queue->io_work);
 }
 
@@ -1628,21 +1613,42 @@ static void nvme_tcp_stop_queue(struct nvme_ctrl *nctrl, int qid)
 	mutex_unlock(&queue->queue_lock);
 }
 
+static void nvme_tcp_setup_sock_ops(struct nvme_tcp_queue *queue)
+{
+	write_lock_bh(&queue->sock->sk->sk_callback_lock);
+	queue->sock->sk->sk_user_data = queue;
+	queue->state_change = queue->sock->sk->sk_state_change;
+	queue->data_ready = queue->sock->sk->sk_data_ready;
+	queue->write_space = queue->sock->sk->sk_write_space;
+	queue->sock->sk->sk_data_ready = nvme_tcp_data_ready;
+	queue->sock->sk->sk_state_change = nvme_tcp_state_change;
+	queue->sock->sk->sk_write_space = nvme_tcp_write_space;
+#ifdef CONFIG_NET_RX_BUSY_POLL
+	queue->sock->sk->sk_ll_usec = 1;
+#endif
+	write_unlock_bh(&queue->sock->sk->sk_callback_lock);
+}
+
 static int nvme_tcp_start_queue(struct nvme_ctrl *nctrl, int idx)
 {
 	struct nvme_tcp_ctrl *ctrl = to_tcp_ctrl(nctrl);
+	struct nvme_tcp_queue *queue = &ctrl->queues[idx];
 	int ret;
 
+	queue->rd_enabled = true;
+	nvme_tcp_init_recv_ctx(queue);
+	nvme_tcp_setup_sock_ops(queue);
+
 	if (idx)
 		ret = nvmf_connect_io_queue(nctrl, idx);
 	else
 		ret = nvmf_connect_admin_queue(nctrl);
 
 	if (!ret) {
-		set_bit(NVME_TCP_Q_LIVE, &ctrl->queues[idx].flags);
+		set_bit(NVME_TCP_Q_LIVE, &queue->flags);
 	} else {
-		if (test_bit(NVME_TCP_Q_ALLOCATED, &ctrl->queues[idx].flags))
-			__nvme_tcp_stop_queue(&ctrl->queues[idx]);
+		if (test_bit(NVME_TCP_Q_ALLOCATED, &queue->flags))
+			__nvme_tcp_stop_queue(queue);
 		dev_err(nctrl->device,
 			"failed to connect queue: %d ret=%d\n", idx, ret);
 	}
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* [PATCH AUTOSEL 5.15 10/11] xen/netback: use same error messages for same errors
  2023-04-06 11:32 [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Sasha Levin
                   ` (7 preceding siblings ...)
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 09/11] nvme-tcp: fix a possible UAF when failing to allocate an io queue Sasha Levin
@ 2023-04-06 11:32 ` Sasha Levin
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 11/11] platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE Sasha Levin
  9 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2023-04-06 11:32 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Juergen Gross, Jan Beulich, Paolo Abeni, Sasha Levin, wei.liu,
	paul, davem, edumazet, kuba, xen-devel, netdev

From: Juergen Gross <jgross@suse.com>

[ Upstream commit 2eca98e5b24d01c02b46c67be05a5f98cc9789b1 ]

Issue the same error message in case an illegal page boundary crossing
has been detected in both cases where this is tested.

Suggested-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Link: https://lore.kernel.org/r/20230329080259.14823-1-jgross@suse.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/xen-netback/netback.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c
index 303d8ebbaafc4..63118b56c5289 100644
--- a/drivers/net/xen-netback/netback.c
+++ b/drivers/net/xen-netback/netback.c
@@ -996,10 +996,8 @@ static void xenvif_tx_build_gops(struct xenvif_queue *queue,
 
 		/* No crossing a page as the payload mustn't fragment. */
 		if (unlikely((txreq.offset + txreq.size) > XEN_PAGE_SIZE)) {
-			netdev_err(queue->vif->dev,
-				   "txreq.offset: %u, size: %u, end: %lu\n",
-				   txreq.offset, txreq.size,
-				   (unsigned long)(txreq.offset&~XEN_PAGE_MASK) + txreq.size);
+			netdev_err(queue->vif->dev, "Cross page boundary, txreq.offset: %u, size: %u\n",
+				   txreq.offset, txreq.size);
 			xenvif_fatal_tx_err(queue->vif);
 			break;
 		}
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* [PATCH AUTOSEL 5.15 11/11] platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE
  2023-04-06 11:32 [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Sasha Levin
                   ` (8 preceding siblings ...)
  2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 10/11] xen/netback: use same error messages for same errors Sasha Levin
@ 2023-04-06 11:32 ` Sasha Levin
  9 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2023-04-06 11:32 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Hans de Goede, Brandon Nielsen, Sasha Levin, thomas, markgross,
	platform-driver-x86

From: Hans de Goede <hdegoede@redhat.com>

[ Upstream commit 52f91e51944808d83dfe2d5582601b5e84e472cc ]

Add "X570S AORUS ELITE" to known working boards

Reported-by: Brandon Nielsen <nielsenb@jetfuse.net>
Link: https://lore.kernel.org/r/20230331014902.7864-1-nielsenb@jetfuse.net
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/platform/x86/gigabyte-wmi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/platform/x86/gigabyte-wmi.c b/drivers/platform/x86/gigabyte-wmi.c
index aea4f3144b68f..bf1b98dd00b99 100644
--- a/drivers/platform/x86/gigabyte-wmi.c
+++ b/drivers/platform/x86/gigabyte-wmi.c
@@ -156,6 +156,7 @@ static const struct dmi_system_id gigabyte_wmi_known_working_platforms[] = {
 	DMI_EXACT_MATCH_GIGABYTE_BOARD_NAME("X570 GAMING X"),
 	DMI_EXACT_MATCH_GIGABYTE_BOARD_NAME("X570 I AORUS PRO WIFI"),
 	DMI_EXACT_MATCH_GIGABYTE_BOARD_NAME("X570 UD"),
+	DMI_EXACT_MATCH_GIGABYTE_BOARD_NAME("X570S AORUS ELITE"),
 	DMI_EXACT_MATCH_GIGABYTE_BOARD_NAME("Z690M AORUS ELITE AX DDR4"),
 	{ }
 };
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-04-06 11:38 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-06 11:32 [PATCH AUTOSEL 5.15 01/11] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Sasha Levin
2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 02/11] Input: i8042 - add quirk for Fujitsu Lifebook A574/H Sasha Levin
2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 03/11] platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 Sasha Levin
2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 04/11] selftests: sigaltstack: fix -Wuninitialized Sasha Levin
2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 05/11] scsi: megaraid_sas: Fix fw_crash_buffer_show() Sasha Levin
2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 06/11] scsi: core: Improve scsi_vpd_inquiry() checks Sasha Levin
2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 07/11] net: dsa: b53: mmap: add phy ops Sasha Levin
2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 08/11] s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling Sasha Levin
2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 09/11] nvme-tcp: fix a possible UAF when failing to allocate an io queue Sasha Levin
2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 10/11] xen/netback: use same error messages for same errors Sasha Levin
2023-04-06 11:32 ` [PATCH AUTOSEL 5.15 11/11] platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE Sasha Levin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).