Whether the file system is mounted read-only or read/write is more
important than the quota mode, which we are already printing. Add the
ro vs r/w indication since this can be helpful in debugging problems
from the console log.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
If there are failures while changing the mount options in
__ext4_remount(), we need to restore the old mount options.
This commit fixes two problem. The first is there is a chance that we
will free the old quota file names before a potential failure leading
to a use-after-free. The second problem addressed in this commit is
if there is a failed read/write to read-only transition, if the quota
has already been suspended, we need to renable quota handling.
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20230506142419.984260-2-tytso@mit.edu
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
When a file system currently mounted read/only is remounted
read/write, if we clear the SB_RDONLY flag too early, before the quota
is initialized, and there is another process/thread constantly
attempting to create a directory, it's possible to trigger the
WARN_ON_ONCE(dquot_initialize_needed(inode));
in ext4_xattr_block_set(), with the following stack trace:
WARNING: CPU: 0 PID: 5338 at fs/ext4/xattr.c:2141 ext4_xattr_block_set+0x2ef2/0x3680
RIP: 0010:ext4_xattr_block_set+0x2ef2/0x3680 fs/ext4/xattr.c:2141
Call Trace:
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2458
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x347e/0x43d0 fs/ext4/ialloc.c:1324
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2992
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20230506142419.984260-1-tytso@mit.edu
Reported-by: syzbot+6385d7d3065524c5ca6d@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?id=6513f6cb5cd6b5fc9f37e3bb70d273b94be9c34c
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Ext4 has a filesystem wide lock protecting ext4_writepages() calls to
avoid races with switching of journalled data flag or inode format. This
lock can however cause a deadlock like:
CPU0 CPU1
ext4_writepages()
percpu_down_read(sbi->s_writepages_rwsem);
ext4_change_inode_journal_flag()
percpu_down_write(sbi->s_writepages_rwsem);
- blocks, all readers block from now on
ext4_do_writepages()
ext4_init_io_end()
kmem_cache_zalloc(io_end_cachep, GFP_KERNEL)
fs_reclaim frees dentry...
dentry_unlink_inode()
iput() - last ref =>
iput_final() - inode dirty =>
write_inode_now()...
ext4_writepages() tries to acquire sbi->s_writepages_rwsem
and blocks forever
Make sure we cannot recurse into filesystem reclaim from writeback code
to avoid the deadlock.
Reported-by: syzbot+6898da502aef574c5f8a@syzkaller.appspotmail.com
Link: https://lore.kernel.org/all/0000000000004c66b405fa108e27@google.com
Fixes: c8585c6fca ("ext4: fix races between changing inode journal mode and ext4_writepages")
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230504124723.20205-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Previously, ext4_get_group_info() would treat an invalid group number
as BUG(), since in theory it should never happen. However, if a
malicious attaker (or fuzzer) modifies the superblock via the block
device while it is the file system is mounted, it is possible for
s_first_data_block to get set to a very large number. In that case,
when calculating the block group of some block number (such as the
starting block of a preallocation region), could result in an
underflow and very large block group number. Then the BUG_ON check in
ext4_get_group_info() would fire, resutling in a denial of service
attack that can be triggered by root or someone with write access to
the block device.
For a quality of implementation perspective, it's best that even if
the system administrator does something that they shouldn't, that it
will not trigger a BUG. So instead of BUG'ing, ext4_get_group_info()
will call ext4_error and return NULL. We also add fallback code in
all of the callers of ext4_get_group_info() that it might NULL.
Also, since ext4_get_group_info() was already borderline to be an
inline function, un-inline it. The results in a next reduction of the
compiled text size of ext4 by roughly 2k.
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20230430154311.579720-2-tytso@mit.edu
Reported-by: syzbot+e2efa3efc15a1c9e95c3@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?id=69b28112e098b070f639efb356393af3ffec4220
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmRfkqYQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgptznD/9PB1uPQEZ6hDaCg31XBmbe4m6sRcAEaNr0
RO18W8A8TYgxxpaQubPm53+sMFoaSc3oH7Ingu1iBfZdNY/5sY2hfgQW+M9NGoXa
uSeibVThihngeLVrWIks/w9k2UL+80Xs8THH/b+AQISK3gVqrPkpFcAybIGSPOZS
LiB3MbEbvGyxfKe64pRBPOZ3B6nedKHqpQ24g6XR9tx0dwtOUWWn6Len+4yPE1j7
Isd9OVMZEvw1orIVNe5y+FzJfoezGAMrHxTaQ+sGZj5JjaFzrFFfn9BeD9kMAxFd
8OoWRAUQWGD3yrxQ8Dd9jEdGfvNQHKmiFb9nygPPBUmgNmGct6O9lWyUWCKV121+
7m6ThdZLLYS9G555BZjI/4ubHtl/Y4upsHI5Ixbnmgvrp3tFyaX1ids5VNJPgKaH
lrrlQ307tIMDp1q2xcunE3uBE4/eBewnQ74S0rvtpvBM3UV6iDBLEkBQ/+5WPw0q
qAgQwDkTr+uzudkOUhJDa5VWzNY521ALLmc94d+4bOawiY9YYjuxV0ORVa6s4V2a
Ez6Gj9O06h3Ndg0UbDvUOE4YF4fmBezbLdbS10gcRCR9L/VZMG44jfHualgrfXmN
efZrK5YUHaSkwllsN2OSkYaH0/iG63yEHOc9sL1lfRQfUEVOWSUqkkrsPwSlG2E8
FC4b6BEpQA==
=8fWJ
-----END PGP SIGNATURE-----
Merge tag 'block-6.4-2023-05-13' of git://git.kernel.dk/linux
Pull block fixes from Jens Axboe:
"Just a few minor fixes for drivers, and a deletion of a file that is
woefully out-of-date these days"
* tag 'block-6.4-2023-05-13' of git://git.kernel.dk/linux:
Documentation/block: drop the request.rst file
ublk: fix command op code check
block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE
nbd: Fix debugfs_create_dir error checking
Add a return to the error path when cxl_cdat_read_table() fails. Current
code continues with the table pointer points to freed memory.
Fixes: 7a877c9239 ("cxl/pci: Simplify CDAT retrieval error path")
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
Link: https://lore.kernel.org/r/168382793506.3510737.4792518576623749076.stgit@djiang5-mobl3
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Starting with commit:
95433f7263 ("srcu: Begin offloading srcu_struct fields to srcu_update")
...it is no longer possible to do:
static DEFINE_SRCU(x)
Switch to DEFINE_STATIC_SRCU(x) to fix:
tools/testing/cxl/test/mock.c:22:1: error: duplicate ‘static’
22 | static DEFINE_SRCU(cxl_mock_srcu);
| ^~~~~~
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/168392709546.1135523.10424917245934547117.stgit@dwillia2-xfh.jf.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
SYM_FUNC_START_LOCAL_NOALIGN() adds an endbr leading to this layout
(leaving only the last 2 bytes of the address):
3bff <zen_untrain_ret>:
3bff: f3 0f 1e fa endbr64
3c03: f6 test $0xcc,%bl
3c04 <__x86_return_thunk>:
3c04: c3 ret
3c05: cc int3
3c06: 0f ae e8 lfence
However, "the RET at __x86_return_thunk must be on a 64 byte boundary,
for alignment within the BTB."
Use SYM_START instead.
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: <stable@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmRebDIACgkQxWXV+ddt
WDu3vA//RNyRGjEz0HgfhTc1119DXJLwK6j544waYLrzRcMtBK4xKByiaFkAA4tL
PQidGX+nAQPm+pZl0jcK30cBMObik5GXJwoSOZGl7/ectx4O7aFfXqiSfwPTyqZU
3fTavoqoJxbxJCVbifcXOPNhsUxMlEGYJmA3CVRsllLviXY+3HMpX2ZpWZ7vch+N
MLENNBfUo1HVdWaxOYfQif/qT5iR9G7D8dBjX9DUK0kVwrbwBB0rolJy4fPrY6z5
gBLED9Ks3FBgyU3mYq4qrfPmbfF8mPiaU0+1j+B46vw3PdPtIwjIForR+91GsZ1v
iHojbykf6VWTQV+gO78mgv4O4vRtn3C+UJaGxLL86OMOaiQQHFYdSETn9arPmoho
p1wCBidI82tvfIOGYXgrTGorLN27hhyPJinHe/2Bqo+1wUL8/J8mwCWunIox7a8z
rxO5QhDIDFX7gamsvYjkW3tBkYuGiGvBjx+Ic2cBHTkVp9wSPL9PCvqNNru2qexA
t0BpAL9DxvN+T1xO1thC3qsm2Ogx0QEmgdDfRglbEVASnRZKZZsJEMO90FzFbkFg
vLbs0KnT7yS7mTwq4NklDrgHZ0eiiJLZVCb8bR8xkzVW+ADrUmZuDM8WOcCgJAUp
fUoMmFsJZi5zsdAOygDWr1bBHorLV5szrY0bSB5L2eHwJjYZ6KE=
=uWUN
-----END PGP SIGNATURE-----
Merge tag 'for-6.4-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
Pull more btrfs fixes from David Sterba:
- fix incorrect number of bitmap entries for space cache if loading is
interrupted by some error
- fix backref walking, this breaks a mode of LOGICAL_INO_V2 ioctl that
is used in deduplication tools
- zoned mode fixes:
- properly finish zone reserved for relocation
- correctly calculate super block zone end on ZNS
- properly initialize new extent buffer for redirty
- make mount option clear_cache work with block-group-tree, to rebuild
free-space-tree instead of temporarily disabling it that would lead
to a forced read-only mount
- fix alignment check for offset when printing extent item
* tag 'for-6.4-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
btrfs: make clear_cache mount option to rebuild FST without disabling it
btrfs: zero the buffer before marking it dirty in btrfs_redirty_list_add
btrfs: zoned: fix full zone super block reading on ZNS
btrfs: zoned: zone finish data relocation BG with last IO
btrfs: fix backref walking not returning all inode refs
btrfs: fix space cache inconsistency after error loading it from disk
btrfs: print-tree: parent bytenr must be aligned to sector size
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmRd3pcACgkQiiy9cAdy
T1FrEAwAj6M0DnI13diLdjZVs9WAVRIiu5Fk1l8oA6bco74UepbJjZmTf8K8G0pM
fQDTXZWDa5g11tbYuXFb4Ue9Dv7hu4RuUthWZCxoDnKcvH00VtAtYplE1LJstWBh
mZwHm8iEBRPs2oB1YZ7KnQ8kFSjs2VgwV2PQAI24QDP0QWTT4jtw/nPqLxKLxyef
Rr9YkOK0LZPhhGEAZ5ABwkPH97U5CUMMwRTqhGDO/mm91FZ8sD+vAsqM7GdLU73w
wGHp3M1RKBVBubNCgNT0uRMlnlqBcvoThqhYgJ6PYnS4uE23a2uLDNI8vj9LlMRo
csoYdM+Kltpvki8hFIWiFxfHFfECHD6h/QOpRMSv9InU0ly6o7zwnl9VtuWcRyrM
vyz3xnlI6wG6TCy1HGezq3HSaEbEbVpwLCxyG/xFiAHV/VdkmjmRUb0RJV4X3X8M
/KUT+1wj0MAMmVUTIpIHuotRikScAPnP/NDMorIsgEUp/2TFh2m+FQZ15o401sGv
96G8v+9I
=ax5r
-----END PGP SIGNATURE-----
Merge tag '6.4-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs client fixes from Steve French:
- fix for copy_file_range bug for very large files that are multiples
of rsize
- do not ignore "isolated transport" flag if set on share
- set rasize default better
- three fixes related to shutdown and freezing (fixes 4 xfstests, and
closes deferred handles faster in some places that were missed)
* tag '6.4-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: release leases for deferred close handles when freezing
smb3: fix problem remounting a share after shutdown
SMB3: force unmount was failing to close deferred close files
smb3: improve parallel reads of large files
do not reuse connection if share marked as isolated
cifs: fix pcchunk length type in smb2_copychunk_range
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCZF5YpQAKCRCRxhvAZXjc
oqZpAQCuXA/XDf4Cyhfk87C0gbzy1Akjf3Xpia8q1mWtvN4I+AD+PE54krWgxGRi
mu5Ae2X95tQ1v+MUAcmWOMdITK8HewE=
=8+GL
-----END PGP SIGNATURE-----
Merge tag 'vfs/v6.4-rc1/pipe' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs
Pull vfs fix from Christian Brauner:
"During the pipe nonblock rework the check for both O_NONBLOCK and
IOCB_NOWAIT was dropped. Both checks need to be performed to ensure
that files without O_NONBLOCK but IOCB_NOWAIT don't block when writing
to or reading from a pipe.
This just contains the fix adding the check for IOCB_NOWAIT back in"
* tag 'vfs/v6.4-rc1/pipe' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs:
pipe: check for IOCB_NOWAIT alongside O_NONBLOCK
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmRecVUQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpjCVEACLszSdcUqj2x1vGJqrC+Q1yIbnL8c6QSWp
SAvULM0cwdENxdI3Xpdo3K5j1+eK6ELwrJl724Cp8nE1fpoZbt4MFHNDv9OYD7bN
PPNoY+6pbvg8DBZI4DIqojn2ZsnB7SDWl04ENLVfsG9AUN/3gStuiJYEFvPZ4UCr
cA7hM3ACrZtLmoOKZx4BM3aPc+Kr4KOC0bdFnKwblcJATEJzeqjnfG1/oO3LSIfU
ZvQLG2HZechUTfaB/aZKGOrscUgsSYpabW7s8wMMKcsyfpAOZK5NBFyiPMh9iaKt
feivC7V1Io2K8xkH2K5CnI6I7SJ+epW3US9r/r+Ouh+G3/C2MM4hu5TRJnjfHpY0
eom3QUzwSoO75Bxg+X9XeyTj9akk3ndkihCqqh9RbIRCb/YgOYPkVGMT5mjNzPf9
UocTt3SXRABcFhUS6AztEY+VbC8FNw8o0clcX9A8a2cuAkoYu032aC8Zlqk7+EN5
l9ELDwr6TiHCQHNbvXQ3g6h4dNbvaH1KepiC4NVuhcXfFFpF4nvziNEQO/eRzDUa
8Rr8UZz70ET1LZkjZnXinvHUdKisEcdvf45UQ/Fl021PnDdpcb0RQx21L51ooqm6
C8U7Y2fRfiD+kbz+rjGaSvPG4ha1T02CRbzRPzMw9krcJnaOEzygPgjEq7nBiuAS
67DIm5gekw==
=C+lE
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.4-2023-05-12' of git://git.kernel.dk/linux
Pull io_uring fix from Jens Axboe:
"Just a single fix making io_uring_sqe_cmd() available regardless of
CONFIG_IO_URING, fixing a regression introduced during the merge
window if nvme was selected but io_uring was not"
* tag 'io_uring-6.4-2023-05-12' of git://git.kernel.dk/linux:
io_uring: make io_uring_sqe_cmd() unconditionally available
* A fix to the linker script to avoid orpahaned sections in kernel/pi.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmReU9QTHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRAuExnzX7sYiUS6D/9/ZUTRuQTnhctIFJbjrLCLqWm0ay50
5/PGV6/LlpCu5YfCkPa88n/grjlyCqbUTk7iW/ohYpERbfM7rvathKJ+9nMnJLJF
vRIXWM4zk0oCNfmTlchKtB9O3yt4YeZUuEQvVg+u1v0MyUA9j46bYkeVARg+ajla
ssCHu+BGPlcvr9Q7rCT+Wh4GMo0dftBbkAeI1UG2Uxx3tEpWVdPg1OEJ4lnvx+3D
fFBNvtQJ3dkbIugJdmzx+rCwPVUsTAs/zERFReUZE2cq2G/Y1pq9phj17pcfxEx6
az/ZE/WRF1zNqDVaoOJeC4g8imXDnJm6B0AlVmJDsXJPcmpyRunALEvTmIhKRSpX
FMkinHUFKLsYkDp+axfn3ts0WqJRSOKjCIQykOelf7sGsf3vwrUNONPoumqeR/e9
BwuoHso+RCN0LVog7H8d+FJjIa+bDmeR5Z7BYGMG5RMevT+dPV+Ptom3jsbZFczb
6qO5icGprdpyVkFUsMxsIcjXfmYhcWPE+2kvgKK7VNvyT3qJ7G8gb/FuuBPW4ea/
VkmuwMutGhe+FbGJCqbYaeDaAwSw1OTnZzQB2O5GrvCS0/HG7CHDmK2J4qFlhFp9
butb6JjcxJLBPtbTSvFjnYV9LQbGsNQNbAoUGJKVOxXWNDVtO1NasoFpB1o6KsDr
u30J7KMRQokkhA==
=Hjh9
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-6.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fix from Palmer Dabbelt:
"Just a single fix this week for a build issue. That'd usually be a
good sign, but we've started to get some reports of boot failures on
some hardware/bootloader configurations. Nothing concrete yet, but
I've got a funny feeling that's where much of the bug hunting is going
right now.
Nothing's reproducing on my end, though, and this fixes some pretty
concrete issues so I figured there's no reason to delay it:
- a fix to the linker script to avoid orpahaned sections in
kernel/pi"
* tag 'riscv-for-linus-6.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: Fix orphan section warnings caused by kernel/pi
Pipe reads or writes need to enable nonblocking attempts, if either
O_NONBLOCK is set on the file, or IOCB_NOWAIT is set in the iocb being
passed in. The latter isn't currently true, ensure we check for both
before waiting on data or space.
Fixes: afed6271f5 ("pipe: set FMODE_NOWAIT on pipes")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Message-Id: <e5946d67-4e5e-b056-ba80-656bab12d9f6@kernel.dk>
Signed-off-by: Christian Brauner <brauner@kernel.org>
In case of CONFIG_BLKDEV_UBLK_LEGACY_OPCODES, type of cmd opcode could
be 0 or 'u'; and type can only be 'u' if CONFIG_BLKDEV_UBLK_LEGACY_OPCODES
isn't set.
So fix the wrong check.
Fixes: 2d786e66c9 ("block: ublk: switch to ioctl command encoding")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20230505153142.1258336-1-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
The debugfs_create_dir function returns ERR_PTR in case of error, and the
only correct way to check if an error occurred is 'IS_ERR' inline function.
This patch will replace the null-comparison with IS_ERR.
Signed-off-by: Ivan Orlov <ivan.orlov0322@gmail.com>
Link: https://lore.kernel.org/r/20230512130533.98709-1-ivan.orlov0322@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
The pull request includes one patch to fix the change added to 6.3 kernel.
The patch can be applied to 6.3 stable kernel as is.
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQE66IEYNDXNBPeGKSsLtaWM8LwEwUCZF4I/QAKCRCsLtaWM8Lw
ExDRAQClp3h1+HWdPmT9gu2BjEFhRlL2TE6GaVu0PHvLY5kBOAD+MkocvIiNMVS0
TP7kOOwtP8tCAnZKA6PnJt9rAhUbbQw=
=rXK1
-----END PGP SIGNATURE-----
Merge tag 'firewire-fixes-6.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
Pull firewire fix from Takashi Sakamoto:
- fix early release of request packet
* tag 'firewire-fixes-6.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
firewire: net: fix unexpected release of object for asynchronous request packet
o fixes for inode garbage collection shutdown racing with work queue
updates
o ensure inodegc workers run on the CPU they are supposed to
o disable counter scrubbing until we can exclusively freeze the
filesystem from the kernel
o Regression fixes for new allocation related bugs
o a couple of minor cleanups
-----BEGIN PGP SIGNATURE-----
iQJIBAABCgAyFiEEmJOoJ8GffZYWSjj/regpR/R1+h0FAmRcSIsUHGRhdmlkQGZy
b21vcmJpdC5jb20ACgkQregpR/R1+h2Y8xAAxtsTdOx71XtDuNyfBOiqzZgTCq6b
6LsckJIDQa1AXjUNq9G3zWcUcWBcRWcw+CWbkqjqQ9W47K/ijLuoKnjRsQ+5B4DU
TBUctVq+/Zk2lBlb6HKuKdzqDGnIFWGVKVd7u8KlowqnXuzUeQ0vFkT7ZHTepUKG
P+midgGNVT4+tykq7oH0H8WxoTyNPZhKiAUcZjneBgA60IAoQWHA2iUt+SKpbrkL
1HyK+/edVMTXiDXtyHfXmDaH9Pgy6NCpw3TNkPDhuL1UDpLhg/zgT39rFZGBsAUt
gaDM3wN5jBrot/mvJE3rH9bdZhkcf+NQKPx/1DDg3DL8plS/1/LUC4cImdolBJ3w
RNmgJv1lK+AlE4MUJ/bUDlEpHUmwAjnnsxBXwEvnYNfj+9V6/mDB+HqKiY7/XxVK
vF77s6z+CWvefdnZavJ4/72pVVJNkcDYCYmvh/donRP6vtnwZyzocFUeBeNMInV1
/s3WMrF9hwmJqAClKG7p1fnszWp658yFIuw/TXVs+NrjTtQgXwMpl2cEYYvUZEJN
Trq2p0xH/JSwcnOPSPJO6WHb8UPoqrM6lgGFaJVWJx1AWt1i1CFLf5eA5X+XisDV
AJKgpqlnDg02bBMQ0tMFGZUaNx/1S1mwtxcZsyEFTutpUNxqJKDaMohpxxrWb0WC
ppSqDvyJN4wtlFI=
=qok2
-----END PGP SIGNATURE-----
Merge tag 'xfs-6.4-rc1-fixes' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Pull xfs bug fixes from Dave Chinner:
"Largely minor bug fixes and cleanups, th emost important of which are
probably the fixes for regressions in the extent allocation code:
- fixes for inode garbage collection shutdown racing with work queue
updates
- ensure inodegc workers run on the CPU they are supposed to
- disable counter scrubbing until we can exclusively freeze the
filesystem from the kernel
- regression fixes for new allocation related bugs
- a couple of minor cleanups"
* tag 'xfs-6.4-rc1-fixes' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: fix xfs_inodegc_stop racing with mod_delayed_work
xfs: disable reaping in fscounters scrub
xfs: check that per-cpu inodegc workers actually run on that cpu
xfs: explicitly specify cpu when forcing inodegc delayed work to run immediately
xfs: fix negative array access in xfs_getbmap
xfs: don't allocate into the data fork for an unshare request
xfs: flush dirty data and drain directios before scrubbing cow fork
xfs: set bnobt/cntbt numrecs correctly when formatting new AGs
xfs: don't unconditionally null args->pag in xfs_bmap_btalloc_at_eof
A use-after-free bug may occur if init_imstt invokes framebuffer_release
and free the info ptr. The caller, imsttfb_probe didn't notice that and
still keep the ptr as private data in pdev.
If we remove the driver which will call imsttfb_remove to make cleanup,
UAF happens.
Fix it by return error code if bad case happens in init_imstt.
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Few fixes for Devicetree bindings and related docs, all for issues
introduced in v6.4-rc1 commits:
1. media/ov2685: fix number of possible data lanes, as old binding
explicitly mentioned one data lane. This fixes dt_binding_check
warnings like:
Documentation/devicetree/bindings/media/rockchip-isp1.example.dtb: camera@3c: port:endpoint:data-lanes: [[1]] is too short
From schema: Documentation/devicetree/bindings/media/i2c/ovti,ov2685.yaml
2. Maintainers: correct path of Apple PWM binding. This fixes
refcheckdocs warning.
3. PCI/fsl,imx6q: correct parsing of assigned-clocks and related
properties and make the clocks more specific per PCI device (host or
endpoint). This fixes dtschema limitation and dt_binding_check
warnings like:
Documentation/devicetree/bindings/pci/fsl,imx6q-pcie-ep.example.dtb: pcie-ep@33800000: Unevaluated properties are not allowed
From schema: Documentation/devicetree/bindings/pci/fsl,imx6q-pcie-ep.yaml
-----BEGIN PGP SIGNATURE-----
iQJEBAABCgAuFiEE3dJiKD0RGyM7briowTdm5oaLg9cFAmRcxQIQHGtyemtAa2Vy
bmVsLm9yZwAKCRDBN2bmhouD158qD/0bBKNr0Ydj9HsobdAsGnkIUIpGgl2TktxB
tvOgbb4ppD3I4HAbh+AobXsB3zILnC1nv9Vky7jRxty9CquDotzRsedBhfih00fK
2lU5eClF1tX2dFNU+yHeLmdQxgocxfGvpvO8GZWpL5f/sZWYsFkuBiOedrFeqbLZ
6Sj231lW71rJj884HoeA/vLEQJXf4peHTGIfw5xQuSGninaForendT7fsZh9Ij4d
MdNEnA3irxypDWbuHiEVKwv/Fbgp9RTomgi9+MfaecmcH1Z0zTbRn/AzGYiehIgw
IeJA25HkOaiHNARyczQI2PzSPuFslFVT8vc7CtAgaX13NcJ01gbQDWm00W8tP5GX
hih3ky50GImarwhSFizmv5pxsGXc9FaPAC5WMgXMADqFP2equzYngKlDcXBnKkiw
hOByMJs9aGe2/fksExeV4OS3oBDLo3KTzvJ5biWNkcCaHxvNQT2fNPOMYuDxew1S
qvFgcxc4b/DkH73yO7Jp0wOAbUwAfSxD6CX06AyKl64OOZ852mtS8R51G0+xHQcn
bJ1uWgf9+TSlSZAUhdmcbkLRNTk+zM6T11hWoNB+hIr5FN4/KxteEsE5l0YvLMzo
T7cTrrXBee1MuU33x6GbLybsewBZMOAnXm64sqpua6DyfuBY1kBUjzL9mTc6PaB/
C4C6fY1Bew==
=iuNU
-----END PGP SIGNATURE-----
Merge tag 'dt-fixes-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux-dt
Pull devicetree binding fixes from Krzysztof Kozlowski:
"A few fixes for Devicetree bindings and related docs, all for issues
introduced in v6.4-rc1 commits:
- media/ov2685: fix number of possible data lanes, as old binding
explicitly mentioned one data lane. This fixes dt_binding_check
warnings like:
Documentation/devicetree/bindings/media/rockchip-isp1.example.dtb: camera@3c: port:endpoint:data-lanes: [[1]] is too short
From schema: Documentation/devicetree/bindings/media/i2c/ovti,ov2685.yaml
- PCI/fsl,imx6q: correct parsing of assigned-clocks and related
properties and make the clocks more specific per PCI device (host
or endpoint). This fixes dtschema limitation and dt_binding_check
warnings like:
Documentation/devicetree/bindings/pci/fsl,imx6q-pcie-ep.example.dtb: pcie-ep@33800000: Unevaluated properties are not allowed
From schema: Documentation/devicetree/bindings/pci/fsl,imx6q-pcie-ep.yaml
- Maintainers: correct path of Apple PWM binding. This fixes
refcheckdocs warning"
* tag 'dt-fixes-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux-dt:
dt-bindings: PCI: fsl,imx6q: fix assigned-clocks warning
MAINTAINERS: adjust file entry for ARM/APPLE MACHINE SUPPORT
media: dt-bindings: ov2685: Correct data-lanes attribute
