1. 31 1月, 2022 2 次提交
    • J
      iommu: Fix some W=1 warnings · 30209b93
      John Garry 提交于
      The code is mostly free of W=1 warning, so fix the following:
      
      drivers/iommu/iommu.c:996: warning: expecting prototype for iommu_group_for_each_dev(). Prototype was for __iommu_group_for_each_dev() instead
      drivers/iommu/iommu.c:3048: warning: Function parameter or member 'drvdata' not described in 'iommu_sva_bind_device'
      drivers/iommu/ioasid.c:354: warning: Function parameter or member 'ioasid' not described in 'ioasid_get'
      drivers/iommu/omap-iommu.c:1098: warning: expecting prototype for omap_iommu_suspend_prepare(). Prototype was for omap_iommu_prepare() instead
      Signed-off-by: NJohn Garry <john.garry@huawei.com>
      Reviewed-by: NRobin Murphy <robin.murphy@arm.com>
      Link: https://lore.kernel.org/r/1643366673-26803-1-git-send-email-john.garry@huawei.comSigned-off-by: NJoerg Roedel <jroedel@suse.de>
      30209b93
    • V
      iommu: Fix potential use-after-free during probe · b54240ad
      Vijayanand Jitta 提交于
      Kasan has reported the following use after free on dev->iommu.
      when a device probe fails and it is in process of freeing dev->iommu
      in dev_iommu_free function, a deferred_probe_work_func runs in parallel
      and tries to access dev->iommu->fwspec in of_iommu_configure path thus
      causing use after free.
      
      BUG: KASAN: use-after-free in of_iommu_configure+0xb4/0x4a4
      Read of size 8 at addr ffffff87a2f1acb8 by task kworker/u16:2/153
      
      Workqueue: events_unbound deferred_probe_work_func
      Call trace:
       dump_backtrace+0x0/0x33c
       show_stack+0x18/0x24
       dump_stack_lvl+0x16c/0x1e0
       print_address_description+0x84/0x39c
       __kasan_report+0x184/0x308
       kasan_report+0x50/0x78
       __asan_load8+0xc0/0xc4
       of_iommu_configure+0xb4/0x4a4
       of_dma_configure_id+0x2fc/0x4d4
       platform_dma_configure+0x40/0x5c
       really_probe+0x1b4/0xb74
       driver_probe_device+0x11c/0x228
       __device_attach_driver+0x14c/0x304
       bus_for_each_drv+0x124/0x1b0
       __device_attach+0x25c/0x334
       device_initial_probe+0x24/0x34
       bus_probe_device+0x78/0x134
       deferred_probe_work_func+0x130/0x1a8
       process_one_work+0x4c8/0x970
       worker_thread+0x5c8/0xaec
       kthread+0x1f8/0x220
       ret_from_fork+0x10/0x18
      
      Allocated by task 1:
       ____kasan_kmalloc+0xd4/0x114
       __kasan_kmalloc+0x10/0x1c
       kmem_cache_alloc_trace+0xe4/0x3d4
       __iommu_probe_device+0x90/0x394
       probe_iommu_group+0x70/0x9c
       bus_for_each_dev+0x11c/0x19c
       bus_iommu_probe+0xb8/0x7d4
       bus_set_iommu+0xcc/0x13c
       arm_smmu_bus_init+0x44/0x130 [arm_smmu]
       arm_smmu_device_probe+0xb88/0xc54 [arm_smmu]
       platform_drv_probe+0xe4/0x13c
       really_probe+0x2c8/0xb74
       driver_probe_device+0x11c/0x228
       device_driver_attach+0xf0/0x16c
       __driver_attach+0x80/0x320
       bus_for_each_dev+0x11c/0x19c
       driver_attach+0x38/0x48
       bus_add_driver+0x1dc/0x3a4
       driver_register+0x18c/0x244
       __platform_driver_register+0x88/0x9c
       init_module+0x64/0xff4 [arm_smmu]
       do_one_initcall+0x17c/0x2f0
       do_init_module+0xe8/0x378
       load_module+0x3f80/0x4a40
       __se_sys_finit_module+0x1a0/0x1e4
       __arm64_sys_finit_module+0x44/0x58
       el0_svc_common+0x100/0x264
       do_el0_svc+0x38/0xa4
       el0_svc+0x20/0x30
       el0_sync_handler+0x68/0xac
       el0_sync+0x160/0x180
      
      Freed by task 1:
       kasan_set_track+0x4c/0x84
       kasan_set_free_info+0x28/0x4c
       ____kasan_slab_free+0x120/0x15c
       __kasan_slab_free+0x18/0x28
       slab_free_freelist_hook+0x204/0x2fc
       kfree+0xfc/0x3a4
       __iommu_probe_device+0x284/0x394
       probe_iommu_group+0x70/0x9c
       bus_for_each_dev+0x11c/0x19c
       bus_iommu_probe+0xb8/0x7d4
       bus_set_iommu+0xcc/0x13c
       arm_smmu_bus_init+0x44/0x130 [arm_smmu]
       arm_smmu_device_probe+0xb88/0xc54 [arm_smmu]
       platform_drv_probe+0xe4/0x13c
       really_probe+0x2c8/0xb74
       driver_probe_device+0x11c/0x228
       device_driver_attach+0xf0/0x16c
       __driver_attach+0x80/0x320
       bus_for_each_dev+0x11c/0x19c
       driver_attach+0x38/0x48
       bus_add_driver+0x1dc/0x3a4
       driver_register+0x18c/0x244
       __platform_driver_register+0x88/0x9c
       init_module+0x64/0xff4 [arm_smmu]
       do_one_initcall+0x17c/0x2f0
       do_init_module+0xe8/0x378
       load_module+0x3f80/0x4a40
       __se_sys_finit_module+0x1a0/0x1e4
       __arm64_sys_finit_module+0x44/0x58
       el0_svc_common+0x100/0x264
       do_el0_svc+0x38/0xa4
       el0_svc+0x20/0x30
       el0_sync_handler+0x68/0xac
       el0_sync+0x160/0x180
      
      Fix this by setting dev->iommu to NULL first and
      then freeing dev_iommu structure in dev_iommu_free
      function.
      Suggested-by: NRobin Murphy <robin.murphy@arm.com>
      Signed-off-by: NVijayanand Jitta <quic_vjitta@quicinc.com>
      Link: https://lore.kernel.org/r/1643613155-20215-1-git-send-email-quic_vjitta@quicinc.comSigned-off-by: NJoerg Roedel <jroedel@suse.de>
      b54240ad
  2. 30 1月, 2022 20 次提交
  3. 29 1月, 2022 18 次提交
    • L
      Merge tag 'gpio-fixes-for-v5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · 4cd90083
      Linus Torvalds 提交于
      Pull gpio fixes from Bartosz Golaszewski:
       "Two fixes for the gpio-simulator:
      
         - fix a bug with hogs not being set-up in gpio-sim when user-space
           sets the chip label to an empty string
      
         - include the gpio-sim documentation in the index"
      
      * tag 'gpio-fixes-for-v5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: sim: add doc file to index file
        gpio: sim: check the label length when setting up device properties
      4cd90083
    • L
      Merge tag 'char-misc-5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · e255759e
      Linus Torvalds 提交于
      Pull char/misc driver fixes from Greg KH:
       "Here are two small char/misc driver fixes for 5.17-rc2 that fix some
        reported issues. They are:
      
         - fix up a merge issue in the at25.c driver that ended up dropping
           some lines in the driver. The removed lines ended being needed, so
           this restores it and the driver works again.
      
         - counter core fix where the wrong error was being returned, NULL
           should be the correct error for when memory is gone here, like the
           kmalloc() core does.
      
        Both of these have been in linux-next this week with no reported
        issues"
      
      * tag 'char-misc-5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        counter: fix an IS_ERR() vs NULL bug
        eeprom: at25: Restore missing allocation
      e255759e
    • L
      Merge tag 'tty-5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · bb37101b
      Linus Torvalds 提交于
      Pull tty/serial driver fixes from Greg KH:
       "Here are some small bug fixes and reverts for reported problems with
        the tty core and drivers. They include:
      
         - revert the fifo use for the 8250 console mode. It caused too many
           regressions and problems, and had a bug in it as well. This is
           being reworked and should show up in a later -rc1 release, but it's
           not ready for 5.17
      
         - rpmsg tty race fix
      
         - restore the cyclades.h uapi header file. Turns out a compiler test
           suite used it for some unknown reason. Bring it back just for the
           parts that are used by the builder test so they continue to build.
           No functionality is restored as no one actually has this hardware
           anymore, nor is it really tested.
      
         - stm32 driver fixes
      
         - n_gsm flow control fixes
      
         - pl011 driver fix
      
         - rs485 initialization fix
      
        All of these have been in linux-next this week with no reported
        problems"
      
      * tag 'tty-5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        kbuild: remove include/linux/cyclades.h from header file check
        serial: core: Initialize rs485 RTS polarity already on probe
        serial: pl011: Fix incorrect rs485 RTS polarity on set_mctrl
        serial: stm32: fix software flow control transfer
        serial: stm32: prevent TDR register overwrite when sending x_char
        tty: n_gsm: fix SW flow control encoding/handling
        serial: 8250: of: Fix mapped region size when using reg-offset property
        tty: rpmsg: Fix race condition releasing tty port
        tty: Partially revert the removal of the Cyclades public API
        tty: Add support for Brainboxes UC cards.
        Revert "tty: serial: Use fifo in 8250 console driver"
      bb37101b
    • L
      Merge tag 'usb-5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 44aa31a2
      Linus Torvalds 提交于
      Pull USB driver fixes from Greg KH:
       "Here are some small USB driver fixes for 5.17-rc2 that resolve a
        number of reported problems. These include:
      
         - typec driver fixes
      
         - xhci platform driver fixes for suspending
      
         - ulpi core fix
      
         - role.h build fix
      
         - new device ids
      
         - syzbot-reported bugfixes
      
         - gadget driver fixes
      
         - dwc3 driver fixes
      
         - other small fixes
      
        All of these have been in linux-next this week with no reported
        issues"
      
      * tag 'usb-5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: cdnsp: Fix segmentation fault in cdns_lost_power function
        usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
        usb: gadget: at91_udc: fix incorrect print type
        usb: dwc3: xilinx: Fix error handling when getting USB3 PHY
        usb: dwc3: xilinx: Skip resets and USB3 register settings for USB2.0 mode
        usb: xhci-plat: fix crash when suspend if remote wake enable
        usb: common: ulpi: Fix crash in ulpi_match()
        usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
        ucsi_ccg: Check DEV_INT bit only when starting CCG4
        USB: core: Fix hang in usb_kill_urb by adding memory barriers
        usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
        usb: typec: tcpm: Do not disconnect when receiving VSAFE0V
        usb: typec: tcpm: Do not disconnect while receiving VBUS off
        usb: typec: Don't try to register component master without components
        usb: typec: Only attempt to link USB ports if there is fwnode
        usb: typec: tcpci: don't touch CC line if it's Vconn source
        usb: roles: fix include/linux/usb/role.h compile issue
      44aa31a2
    • L
      Merge tag 'block-5.17-2022-01-28' of git://git.kernel.dk/linux-block · cb323ee7
      Linus Torvalds 提交于
      Pull block fixes from Jens Axboe:
      
       - NVMe pull request
            - add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (Wu
              Zheng)
            - remove the unneeded ret variable in nvmf_dev_show (Changcheng
              Deng)
      
       - Fix for a hang regression introduced with a patch in the merge
         window, where low queue depth devices would not always get woken
         correctly (Laibin)
      
       - Small series fixing an IO accounting issue with bio backed dm devices
         (Mike, Yu)
      
      * tag 'block-5.17-2022-01-28' of git://git.kernel.dk/linux-block:
        dm: properly fix redundant bio-based IO accounting
        dm: revert partial fix for redundant bio-based IO accounting
        block: add bio_start_io_acct_time() to control start_time
        blk-mq: Fix wrong wakeup batch configuration which will cause hang
        nvme-fabrics: remove the unneeded ret variable in nvmf_dev_show
        nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs
        blk-mq: fix missing blk_account_io_done() in error path
        block: fix memory leak in disk_register_independent_access_ranges
      cb323ee7
    • L
      Merge tag 'io_uring-5.17-2022-01-28' of git://git.kernel.dk/linux-block · 3b58e9f3
      Linus Torvalds 提交于
      Pull io_uring fixes from Jens Axboe:
       "Just two small fixes this time:
      
         - Fix a bug that can lead to node registration taking 1 second, when
           it should finish much quicker (Dylan)
      
         - Remove an unused argument from a function (Usama)"
      
      * tag 'io_uring-5.17-2022-01-28' of git://git.kernel.dk/linux-block:
        io_uring: remove unused argument from io_rsrc_node_alloc
        io_uring: fix bug in slow unregistering of nodes
      3b58e9f3
    • L
      Merge tag 'powerpc-5.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · d66c1e79
      Linus Torvalds 提交于
      Pull powerpc fixes from Michael Ellerman:
      
       - Fix VM debug warnings on boot triggered via __set_fixmap().
      
       - Fix a debug warning in the 64-bit Book3S PMU handling code.
      
       - Fix nested guest HFSCR handling with multiple vCPUs on Power9 or
         later.
      
       - Fix decrementer storm caused by a recent change, seen with some
         configs.
      
      Thanks to Alexey Kardashevskiy, Athira Rajeev, Christophe Leroy,
      Fabiano Rosas, Maxime Bizon, Nicholas Piggin, and Sachin Sant.
      
      * tag 'powerpc-5.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/64s/interrupt: Fix decrementer storm
        KVM: PPC: Book3S HV Nested: Fix nested HFSCR being clobbered with multiple vCPUs
        powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending
        powerpc/fixmap: Fix VM debug warning on unmap
      d66c1e79
    • L
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 216e2aed
      Linus Torvalds 提交于
      Pull arm64 fixes from Catalin Marinas:
      
       - Errata workarounds for Cortex-A510: broken hardware dirty bit
         management, detection code for the TRBE (tracing) bugs with the
         actual fixes going in via the CoreSight tree.
      
       - Cortex-X2 errata handling for TRBE (inheriting the workarounds from
         Cortex-A710).
      
       - Fix ex_handler_load_unaligned_zeropad() to use the correct struct
         members.
      
       - A couple of kselftest fixes for FPSIMD.
      
       - Silence the vdso "no previous prototype" warning.
      
       - Mark start_backtrace() notrace and NOKPROBE_SYMBOL.
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: cpufeature: List early Cortex-A510 parts as having broken dbm
        kselftest/arm64: Correct logging of FPSIMD register read via ptrace
        kselftest/arm64: Skip VL_INHERIT tests for unsupported vector types
        arm64: errata: Add detection for TRBE trace data corruption
        arm64: errata: Add detection for TRBE invalid prohibited states
        arm64: errata: Add detection for TRBE ignored system register writes
        arm64: Add Cortex-A510 CPU part definition
        arm64: extable: fix load_unaligned_zeropad() reg indices
        arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL
        arm64: errata: Update ARM64_ERRATUM_[2119858|2224489] with Cortex-X2 ranges
        arm64: Add Cortex-X2 CPU part definition
        arm64: vdso: Fix "no previous prototype" warning
      216e2aed
    • L
      Merge tag 'fixes-v5.17-lsm-ceph-null' of... · d1e7f091
      Linus Torvalds 提交于
      Merge tag 'fixes-v5.17-lsm-ceph-null' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
      
      Pull security sybsystem fix from James Morris:
       "Fix NULL pointer crash in LSM via Ceph, from Vivek Goyal"
      
      * tag 'fixes-v5.17-lsm-ceph-null' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        security, lsm: dentry_init_security() Handle multi LSM registration
      d1e7f091
    • L
      Merge tag 'docs-5.17-3' of git://git.lwn.net/linux · 246e179d
      Linus Torvalds 提交于
      Pull documentation fixes from Jonathan Corbet:
       "A few documentation fixes for 5.17"
      
      * tag 'docs-5.17-3' of git://git.lwn.net/linux:
        docs/vm: Fix typo in *harden*
        Documentation: arm: marvell: Extend Avanta list
        docs: fix typo in Documentation/kernel-hacking/locking.rst
        docs: Hook the RTLA documents into the kernel docs build
      246e179d
    • M
      dm: properly fix redundant bio-based IO accounting · b879f915
      Mike Snitzer 提交于
      Record the start_time for a bio but defer the starting block core's IO
      accounting until after IO is submitted using bio_start_io_acct_time().
      
      This approach avoids the need to mess around with any of the
      individual IO stats in response to a bio_split() that follows bio
      submission.
      Reported-by: NBud Brown <bubrown@redhat.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Cc: stable@vger.kernel.org
      Depends-on: e45c47d1 ("block: add bio_start_io_acct_time() to control start_time")
      Signed-off-by: NMike Snitzer <snitzer@redhat.com>
      Link: https://lore.kernel.org/r/20220128155841.39644-4-snitzer@redhat.comSigned-off-by: NJens Axboe <axboe@kernel.dk>
      b879f915
    • M
      dm: revert partial fix for redundant bio-based IO accounting · f524d9c9
      Mike Snitzer 提交于
      Reverts a1e1cb72 ("dm: fix redundant IO accounting for bios that
      need splitting") because it was too narrow in scope (only addressed
      redundant 'sectors[]' accounting and not ios, nsecs[], etc).
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NMike Snitzer <snitzer@redhat.com>
      Link: https://lore.kernel.org/r/20220128155841.39644-3-snitzer@redhat.comSigned-off-by: NJens Axboe <axboe@kernel.dk>
      f524d9c9
    • M
      block: add bio_start_io_acct_time() to control start_time · e45c47d1
      Mike Snitzer 提交于
      bio_start_io_acct_time() interface is like bio_start_io_acct() that
      allows start_time to be passed in. This gives drivers the ability to
      defer starting accounting until after IO is issued (but possibily not
      entirely due to bio splitting).
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NMike Snitzer <snitzer@redhat.com>
      Link: https://lore.kernel.org/r/20220128155841.39644-2-snitzer@redhat.comSigned-off-by: NJens Axboe <axboe@kernel.dk>
      e45c47d1
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 169387e2
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "Sixteen patches, mostly minor fixes and updates; however there are
        substantive driver bug fixes in pm8001, bnx2fc, zfcp, myrs and qedf"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: myrs: Fix crash in error case
        scsi: 53c700: Remove redundant assignment to pointer SCp
        scsi: ufs: Treat link loss as fatal error
        scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode()
        scsi: bfa: Remove useless DMA-32 fallback configuration
        scsi: hisi_sas: Remove useless DMA-32 fallback configuration
        scsi: 3w-sas: Remove useless DMA-32 fallback configuration
        scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
        scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
        scsi: pm8001: Fix bogus FW crash for maxcpus=1
        scsi: qedf: Change context reset messages to ratelimited
        scsi: qedf: Fix refcount issue when LOGO is received during TMF
        scsi: qedf: Add stag_work to all the vports
        scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup()
        scsi: target: iscsi: Make sure the np under each tpg is unique
        scsi: elx: efct: Don't use GFP_KERNEL under spin lock
      169387e2
    • L
      Merge tag 'efi-urgent-for-v5.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi · 073819e0
      Linus Torvalds 提交于
      Pull EFI fixes from Ard Biesheuvel:
      
       - avoid UEFI v2.00+ runtime services on Apple Mac systems, as they have
         been reported to cause crashes, and most Macs claim to be EFI v1.10
         anyway
      
       - avoid a spurious boot time warning on arm64 systems with 64k pages
      
      * tag 'efi-urgent-for-v5.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
        efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
        efi/libstub: arm64: Fix image check alignment at entry
      073819e0
    • V
      security, lsm: dentry_init_security() Handle multi LSM registration · 7f5056b9
      Vivek Goyal 提交于
      A ceph user has reported that ceph is crashing with kernel NULL pointer
      dereference. Following is the backtrace.
      
      /proc/version: Linux version 5.16.2-arch1-1 (linux@archlinux) (gcc (GCC)
      11.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Thu, 20 Jan 2022
      16:18:29 +0000
      distro / arch: Arch Linux / x86_64
      SELinux is not enabled
      ceph cluster version: 16.2.7 (dd0603118f56ab514f133c8d2e3adfc983942503)
      
      relevant dmesg output:
      [   30.947129] BUG: kernel NULL pointer dereference, address:
      0000000000000000
      [   30.947206] #PF: supervisor read access in kernel mode
      [   30.947258] #PF: error_code(0x0000) - not-present page
      [   30.947310] PGD 0 P4D 0
      [   30.947342] Oops: 0000 [#1] PREEMPT SMP PTI
      [   30.947388] CPU: 5 PID: 778 Comm: touch Not tainted 5.16.2-arch1-1 #1
      86fbf2c313cc37a553d65deb81d98e9dcc2a3659
      [   30.947486] Hardware name: Gigabyte Technology Co., Ltd. B365M
      DS3H/B365M DS3H, BIOS F5 08/13/2019
      [   30.947569] RIP: 0010:strlen+0x0/0x20
      [   30.947616] Code: b6 07 38 d0 74 16 48 83 c7 01 84 c0 74 05 48 39 f7 75
      ec 31 c0 31 d2 89 d6 89 d7 c3 48 89 f8 31 d2 89 d6 89 d7 c3 0
      f 1f 40 00 <80> 3f 00 74 12 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 31
      ff
      [   30.947782] RSP: 0018:ffffa4ed80ffbbb8 EFLAGS: 00010246
      [   30.947836] RAX: 0000000000000000 RBX: ffffa4ed80ffbc60 RCX:
      0000000000000000
      [   30.947904] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
      0000000000000000
      [   30.947971] RBP: ffff94b0d15c0ae0 R08: 0000000000000000 R09:
      0000000000000000
      [   30.948040] R10: 0000000000000000 R11: 0000000000000000 R12:
      0000000000000000
      [   30.948106] R13: 0000000000000001 R14: ffffa4ed80ffbc60 R15:
      0000000000000000
      [   30.948174] FS:  00007fc7520f0740(0000) GS:ffff94b7ced40000(0000)
      knlGS:0000000000000000
      [   30.948252] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   30.948308] CR2: 0000000000000000 CR3: 0000000104a40001 CR4:
      00000000003706e0
      [   30.948376] Call Trace:
      [   30.948404]  <TASK>
      [   30.948431]  ceph_security_init_secctx+0x7b/0x240 [ceph
      49f9c4b9bf5be8760f19f1747e26da33920bce4b]
      [   30.948582]  ceph_atomic_open+0x51e/0x8a0 [ceph
      49f9c4b9bf5be8760f19f1747e26da33920bce4b]
      [   30.948708]  ? get_cached_acl+0x4d/0xa0
      [   30.948759]  path_openat+0x60d/0x1030
      [   30.948809]  do_filp_open+0xa5/0x150
      [   30.948859]  do_sys_openat2+0xc4/0x190
      [   30.948904]  __x64_sys_openat+0x53/0xa0
      [   30.948948]  do_syscall_64+0x5c/0x90
      [   30.948989]  ? exc_page_fault+0x72/0x180
      [   30.949034]  entry_SYSCALL_64_after_hwframe+0x44/0xae
      [   30.949091] RIP: 0033:0x7fc7521e25bb
      [   30.950849] Code: 25 00 00 41 00 3d 00 00 41 00 74 4b 64 8b 04 25 18 00
      00 00 85 c0 75 67 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 0
      0 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 91 00 00 00 48 8b 54 24 28 64 48 2b 14
      25
      
      Core of the problem is that ceph checks for return code from
      security_dentry_init_security() and if return code is 0, it assumes
      everything is fine and continues to call strlen(name), which crashes.
      
      Typically SELinux LSM returns 0 and sets name to "security.selinux" and
      it is not a problem. Or if selinux is not compiled in or disabled, it
      returns -EOPNOTSUP and ceph deals with it.
      
      But somehow in this configuration, 0 is being returned and "name" is
      not being initialized and that's creating the problem.
      
      Our suspicion is that BPF LSM is registering a hook for
      dentry_init_security() and returns hook default of 0.
      
      LSM_HOOK(int, 0, dentry_init_security, struct dentry *dentry,...)
      
      I have not been able to reproduce it just by doing CONFIG_BPF_LSM=y.
      Stephen has tested the patch though and confirms it solves the problem
      for him.
      
      dentry_init_security() is written in such a way that it expects only one
      LSM to register the hook. Atleast that's the expectation with current code.
      
      If another LSM returns a hook and returns default, it will simply return
      0 as of now and that will break ceph.
      
      Hence, suggestion is that change semantics of this hook a bit. If there
      are no LSMs or no LSM is taking ownership and initializing security context,
      then return -EOPNOTSUP. Also allow at max one LSM to initialize security
      context. This hook can't deal with multiple LSMs trying to init security
      context. This patch implements this new behavior.
      Reported-by: NStephen Muth <smuth4@gmail.com>
      Tested-by: NStephen Muth <smuth4@gmail.com>
      Suggested-by: NCasey Schaufler <casey@schaufler-ca.com>
      Acked-by: NCasey Schaufler <casey@schaufler-ca.com>
      Reviewed-by: NSerge Hallyn <serge@hallyn.com>
      Cc: Jeff Layton <jlayton@kernel.org>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Paul Moore <paul@paul-moore.com>
      Cc: <stable@vger.kernel.org> # 5.16.0
      Signed-off-by: NVivek Goyal <vgoyal@redhat.com>
      Reviewed-by: NJeff Layton <jlayton@kernel.org>
      Acked-by: NPaul Moore <paul@paul-moore.com>
      Acked-by: NChristian Brauner <brauner@kernel.org>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      7f5056b9
    • L
      Merge tag 'pm-5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · a7b4b007
      Linus Torvalds 提交于
      Pull power management fixes from Rafael Wysocki:
       "These make the buffer handling in pm_show_wakelocks() more robust and
        drop an unused hibernation-related function.
      
        Specifics:
      
         - Make the buffer handling in pm_show_wakelocks() more robust by
           using sysfs_emit_at() in it to generate output (Greg
           Kroah-Hartman).
      
         - Drop register_nosave_region_late() which is not used (Amadeusz
           Sławiński)"
      
      * tag 'pm-5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        PM: hibernate: Remove register_nosave_region_late()
        PM: wakeup: simplify the output logic of pm_show_wakelocks()
      a7b4b007
    • L
      Merge tag 'trace-v5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · df000154
      Linus Torvalds 提交于
      Pulltracing fixes from Steven Rostedt:
      
       - Limit mcount build time sorting to only those archs that we know it
         works for.
      
       - Fix memory leak in error path of histogram setup
      
       - Fix and clean up rel_loc array out of bounds issue
      
       - tools/rtla documentation fixes
      
       - Fix issues with histogram logic
      
      * tag 'trace-v5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Don't inc err_log entry count if entry allocation fails
        tracing: Propagate is_signed to expression
        tracing: Fix smatch warning for do while check in event_hist_trigger_parse()
        tracing: Fix smatch warning for null glob in event_hist_trigger_parse()
        tools/tracing: Update Makefile to build rtla
        rtla: Make doc build optional
        tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro
        tracing: Avoid -Warray-bounds warning for __rel_loc macro
        tracing/histogram: Fix a potential memory leak for kstrdup()
        ftrace: Have architectures opt-in for mcount build time sorting
      df000154