Add a blk_crypto_submit_bio helper that either submits the bio when
it is not encrypted or inline encryption is provided, but otherwise
handles the encryption before going down into the low-level driver.
This reduces the risk from bio reordering and keeps memory allocation
as high up in the stack as possible.
Note that if the submitter knows that inline enctryption is known to
be supported by the underyling driver, it can still use plain
submit_bio.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Avoid the relatively high overhead of constructing and walking per-page
segment bio_vecs for data unit alignment checking by merging the checks
into existing loops.
For hardware support crypto, perform the check in bio_split_io_at, which
already contains a similar alignment check applied for all I/O. This
means bio-based drivers that do not call bio_split_to_limits, should they
ever grow blk-crypto support, need to implement the check themselves,
just like all other queue limits checks.
For blk-crypto-fallback do it in the encryption/decryption loops. This
means alignment errors for decryption will only be detected after I/O
has completed, but that seems like a worthwhile trade off.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Calling mempool_alloc in a loop is not safe unless the maximum allocation
size times the maximum number of threads using it is less than the
minimum pool size. Use the new mempool_alloc_bulk helper to allocate
all missing elements in one pass to remove this deadlock risk. This
also means that non-pool allocations now use alloc_pages_bulk which can
be significantly faster than a loop over individual page allocations.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Allocating a skcipher request dynamically can deadlock or cause
unexpected I/O failures when called from writeback context. Avoid the
allocation entirely by using on-stack skciphers, similar to what the
non-blk-crypto fscrypt path already does.
This drops the incomplete support for asynchronous algorithms, which
previously could be used, but only synchronously.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
The current code in blk_crypto_fallback_encrypt_bio is inefficient and
prone to deadlocks under memory pressure: It first walks the passed in
plaintext bio to see how much of it can fit into a single encrypted
bio using up to BIO_MAX_VEC PAGE_SIZE segments, and then allocates a
plaintext clone that fits the size, only to allocate another bio for
the ciphertext later. While the plaintext clone uses a bioset to avoid
deadlocks when allocations could fail, the ciphertex one uses bio_kmalloc
which is a no-go in the file system I/O path.
Switch blk_crypto_fallback_encrypt_bio to walk the source plaintext bio
while consuming bi_iter without cloning it, and instead allocate a
ciphertext bio at the beginning and whenever we fille up the previous
one. The existing bio_set for the plaintext clones is reused for the
ciphertext bios to remove the deadlock risk.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Restructure blk_crypto_fallback_bio_prep so that it always submits the
encrypted bio instead of passing it back to the caller, which allows
to simplify the calling conventions for blk_crypto_fallback_bio_prep and
blk_crypto_bio_prep so that they never have to return a bio, and can
use a true return value to indicate that the caller should submit the
bio, and false that the blk-crypto code consumed it.
The submission is handled by the on-stack bio list in the current
task_struct by the block layer and does not cause additional stack
usage or major overhead. It also prepares for the following optimization
and fixes for the blk-crypto fallback write path.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
This returns the bio_crypt_ctx if CONFIG_BLK_INLINE_ENCRYPTION is enabled
and a crypto context is attached to the bio, else NULL.
The use case is to allow safely dereferencing the context in common code
without needed #ifdef CONFIG_BLK_INLINE_ENCRYPTION.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
This should slightly improve performance for large zeroing operations,
but more importantly prepares for blk-crypto refactoring that requires
all fscrypt users to call submit_bio directly.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
While the pblk argument to fscrypt_zeroout_range_inline_crypt is
declared as a sector_t it actually is interpreted as a logical block
size unit, which is highly unusual. Switch to passing the 512 byte
units that sector_t is defined for.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
When checking if a bio fits in a single segment, bio_may_need_split()
compares bi_size against the current bvec's bv_len. However, for
partially consumed bvecs (bi_bvec_done > 0), such as in cloned or
split bios, the remaining bytes in the current bvec is actually
(bv_len - bi_bvec_done), not bv_len.
This could cause bio_may_need_split() to incorrectly return false,
leading to nr_phys_segments being set to 1 when the bio actually
spans multiple segments. This triggers the WARN_ON in __blk_rq_map_sg()
when the actual mapped segments exceed the expected count.
Fix by subtracting bi_bvec_done from bv_len in the comparison.
Reported-by: Venkat Rao Bagalkote <venkat88@linux.ibm.com>
Close: https://lore.kernel.org/linux-block/9687cf2b-1f32-44e1-b58d-2492dc6e7185@linux.ibm.com/
Repored-and-bisected-by: Christoph Hellwig <hch@infradead.org>
Tested-by: Venkat Rao Bagalkote <venkat88@linux.ibm.com>
Tested-by: Christoph Hellwig <hch@infradead.org>
Fixes: ee623c892a ("block: use bvec iterator helper for bio_may_need_split()")
Cc: Nitesh Shetty <nj.shetty@samsung.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
bi_offload_capable() returns whether a block device's metadata size
matches its PI tuple size. Use pi_tuple_size instead of switching on
csum_type. This makes the code considerably simpler and less branchy.
Signed-off-by: Caleb Sander Mateos <csander@purestorage.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Anuj Gupta <anuj20.g@samsung.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
io_import_kbuf() recalculates iter->nr_segs to reflect only the bvecs
needed for the requested byte range. This was added to provide an
accurate segment count to bio_iov_bvec_set(), which copied nr_segs to
bio->bi_vcnt for use as a bio split hint.
The previous two patches eliminated this dependency:
- bio_may_need_split() now uses bi_iter instead of bi_vcnt for split
decisions
- bio_iov_bvec_set() no longer copies nr_segs to bi_vcnt
Since nr_segs is no longer used for bio split decisions, the
recalculation loop is unnecessary. The iov_iter already has the correct
bi_size to cap iteration, so an oversized nr_segs is harmless.
Link: https://lkml.org/lkml/2025/4/16/351
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Nitesh Shetty <nj.shetty@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
bio_iov_bvec_set() creates a cloned bio that borrows a bvec array from
an iov_iter. For cloned bios, bi_vcnt is meaningless because iteration
is controlled entirely by bi_iter (bi_idx, bi_size, bi_bvec_done), not
by bi_vcnt. Remove the incorrect bi_vcnt assignment.
Explicitly initialize bi_iter.bi_idx to 0 to ensure iteration starts
at the first bvec. While bi_idx is typically already zero from bio
initialization, making this explicit improves clarity and correctness.
This change also avoids accessing iter->nr_segs, which is an iov_iter
implementation detail that block code should not depend on.
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Nitesh Shetty <nj.shetty@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
bio_may_need_split() uses bi_vcnt to determine if a bio has a single
segment, but bi_vcnt is unreliable for cloned bios. Cloned bios share
the parent's bi_io_vec array but iterate over a subset via bi_iter,
so bi_vcnt may not reflect the actual segment count being iterated.
Replace the bi_vcnt check with bvec iterator access via
__bvec_iter_bvec(), comparing bi_iter.bi_size against the current
bvec's length. This correctly handles both cloned and non-cloned bios.
Move bi_io_vec into the first cache line adjacent to bi_iter. This is
a sensible layout since bi_io_vec and bi_iter are commonly accessed
together throughout the block layer - every bvec iteration requires
both fields. This displaces bi_end_io to the second cache line, which
is acceptable since bi_end_io and bi_private are always fetched
together in bio_endio() anyway.
The struct layout change requires bio_reset() to preserve and restore
bi_io_vec across the memset, since it now falls within BIO_RESET_BYTES.
Nitesh verified that this patch doesn't regress NVMe 512-byte IO perf [1].
Link: https://lore.kernel.org/linux-block/20251220081607.tvnrltcngl3cc2fh@green245.gost/ [1]
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Nitesh Shetty <nj.shetty@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Before using the data buffer to send back the response message, zero it
completely. This prevents any stray bytes to be picked up by the client
side when there the message is exchanged between different protocol
versions.
Signed-off-by: Md Haris Iqbal <haris.iqbal@ionos.com>
Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Grzegorz Prajsner <grzegorz.prajsner@ionos.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
On rnbd-srv, the bi_size of the bio is set during the bio_add_page
function, to which datalen is passed. But for special IOs like DISCARD
and WRITE_ZEROES, datalen is 0, since there is no data to write. For
these special IOs, use the bi_size of the rnbd_msg_io.
Fixes: f6f84be089 ("block/rnbd-srv: Add sanity check and remove redundant assignment")
Signed-off-by: Florian-Ewald Mueller <florian-ewald.mueller@ionos.com>
Signed-off-by: Md Haris Iqbal <haris.iqbal@ionos.com>
Signed-off-by: Grzegorz Prajsner <grzegorz.prajsner@ionos.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
The __print_flags helper meant for bitmask, while the rnbd_rw_flags is
mixed with bitmask and enum, to avoid confusion, just print the data
as it is.
Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
Reviewed-by: Md Haris Iqbal <haris.iqbal@ionos.com>
Signed-off-by: Grzegorz Prajsner <grzegorz.prajsner@ionos.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
The NOUNMAP flag is in combination with WRITE_ZEROES flag to indicate
that the upper layers wants the sectors zeroed, but does not want it to
get freed. This instruction is especially important for storage stacks
which involves a layer capable of thin provisioning.
This commit makes RNBD block device transfer and retain this NOUNMAP flag
for requests, so it can be passed onto the backend device on the server
side.
Since it is a change in the wire protocol, bump the minor version of
protocol.
Signed-off-by: Md Haris Iqbal <haris.iqbal@ionos.com>
Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Grzegorz Prajsner <grzegorz.prajsner@ionos.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Every ktype must provides a .release function that will be called after
the last kobject_put.
Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Reviewed-by: Md Haris Iqbal <haris.iqbal@ionos.com>
Signed-off-by: Grzegorz Prajsner <grzegorz.prajsner@ionos.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
In RNBD client, for a WRITE request of size 0, with only the REQ_PREFLUSH
bit set, while converting from bio_opf to rnbd_opf, we do REQ_OP_WRITE to
RNBD_OP_WRITE, and then check if the rq is flush through function
op_is_flush. That function checks both REQ_PREFLUSH and REQ_FUA flag, and
if any of them is set, the RNBD_F_FUA is set.
On the RNBD server side, while converting the RNBD flags to req flags, if
the RNBD_F_FUA flag is set, we just set the REQ_FUA flag. This means we
have lost the PREFLUSH flag, and added the REQ_FUA flag in its place.
This commits adds a new RNBD_F_PREFLUSH flag, and also adds separate
handling for REQ_PREFLUSH flag. On the server side, if the RNBD_F_PREFLUSH
is present, the REQ_PREFLUSH is added to the bio.
Since it is a change in the wire protocol, bump the minor version of
protocol.
The change is backwards compatible, and does not change the functionality
if either the client or the server is running older/newer versions.
If the client side is running the older version, both REQ_PREFLUSH and
REQ_FUA is converted to RNBD_F_FUA. The server running newer one would
still add only the REQ_FUA flag which is what happens when both client and
server is running the older version.
If the client side is running the newer version, just like before a
RNBD_F_FUA is added, but now a RNBD_F_PREFLUSH is also added to the
rnbd_opf. In case the server is running the older version the
RNBD_F_PREFLUSH is ignored, and only the RNBD_F_FUA is processed.
Signed-off-by: Md Haris Iqbal <haris.iqbal@ionos.com>
Reviewed-by: Jack Wang <jinpu.wang@ionos.com>
Reviewed-by: Florian-Ewald Mueller <florian-ewald.mueller@ionos.com>
Signed-off-by: Grzegorz Prajsner <grzegorz.prajsner@ionos.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
'struct configfs_item_operations' and 'configfs_group_operations' are not
modified in this driver.
Constifying these structures moves some data to a read-only section, so
increases overall security, especially when the structure holds some
function pointers.
On a x86_64, with allmodconfig:
Before:
======
text data bss dec hex filename
100263 37808 2752 140823 22617 drivers/block/null_blk/main.o
After:
=====
text data bss dec hex filename
100423 37648 2752 140823 22617 drivers/block/null_blk/main.o
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Replace simple_strtol() with the recommended kstrtoul() for parsing the
'ramdisk_size=' boot parameter. Unlike simple_strtol(), which returns a
long, kstrtoul() converts the string directly to an unsigned long and
avoids implicit casting.
Check the return value of kstrtoul() and reject invalid values. This
adds error handling while preserving behavior for existing values, and
removes use of the deprecated simple_strtol() helper. The current code
silently sets 'rd_size = 0' if parsing fails, instead of leaving the
default value (CONFIG_BLK_DEV_RAM_SIZE) unchanged.
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
C-String literals were added in Rust 1.77. Replace instances of
`kernel::c_str!` with C-String literals where possible.
Signed-off-by: Tamir Duberstein <tamird@gmail.com>
Reviewed-by: Daniel Almeida <daniel.almeida@collabora.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Here are some small USB fixes, and bunch of reverts for 6.19-rc3.
Included in here are:
- reverts of some typec ucsi driver changes that had a lot of
regression reports after -rc1. Let's just revert it all for now and
it will come back in a way that is better tested.
- other typec bugfixes
- usb-storage quirk fixups
- dwc3 driver fix
- other minor USB fixes for reported problems.
All of these have passed 0-day testing and individual testing.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCaVElGw8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ylMeQCgzsZZNX7AtfUXlHkFENzlKFyAYZEAn0Nl01xd
BBKmE3GqGMWsVIJ2T0AI
=cjZ8
-----END PGP SIGNATURE-----
Merge tag 'usb-6.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are some small USB fixes, and bunch of reverts for 6.19-rc3.
Included in here are:
- reverts of some typec ucsi driver changes that had a lot of
regression reports after -rc1. Let's just revert it all for now and
it will come back in a way that is better tested.
- other typec bugfixes
- usb-storage quirk fixups
- dwc3 driver fix
- other minor USB fixes for reported problems.
All of these have passed 0-day testing and individual testing"
* tag 'usb-6.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (22 commits)
Revert "usb: typec: ucsi: Update UCSI structure to have message in and message out fields"
Revert "usb: typec: ucsi: Add support for message out data structure"
Revert "usb: typec: ucsi: Enable debugfs for message_out data structure"
Revert "usb: typec: ucsi: Add support for SET_PDOS command"
Revert "usb: typec: ucsi: Fix null pointer dereference in ucsi_sync_control_common"
Revert "usb: typec: ucsi: Get connector status after enable notifications"
usb: ohci-nxp: clean up probe error labels
usb: gadget: lpc32xx_udc: clean up probe error labels
usb: ohci-nxp: fix device leak on probe failure
usb: phy: isp1301: fix non-OF device reference imbalance
usb: gadget: lpc32xx_udc: fix clock imbalance in error path
usb: typec: ucsi: Get connector status after enable notifications
usb: usb-storage: Maintain minimal modifications to the bcdDevice range.
usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe
usb: typec: ucsi: Fix null pointer dereference in ucsi_sync_control_common
USB: lpc32xx_udc: Fix error handling in probe
usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe()
usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal
usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc()
usb: typec: ucsi: huawei-gaokin: add DRM dependency
...
Here are some small serial driver fixes for some reported issues.
Included in here are:
- serial sysfs fwnode fix that was much reported
- sh-sci driver fix
- serial device init bugfix
- 8250 bugfix
- xilinx_uartps bugfix
All of these have passed 0-day testing and individual testing
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCaVEl7A8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+yn1AgCfYUqy05A3BNhwOfhzoJ2ToKn/aZkAn0iYT/06
vLBTQBtVhoMff9CneVvu
=eNi3
-----END PGP SIGNATURE-----
Merge tag 'tty-6.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Pull serial driver fixes from Greg KH:
"Here are some small serial driver fixes for some reported issues.
Included in here are:
- serial sysfs fwnode fix that was much reported
- sh-sci driver fix
- serial device init bugfix
- 8250 bugfix
- xilinx_uartps bugfix
All of these have passed 0-day testing and individual testing"
* tag 'tty-6.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
serial: xilinx_uartps: fix rs485 delay_rts_after_send
serial: sh-sci: Check that the DMA cookie is valid
serial: core: Fix serial device initialization
serial: 8250: longson: Fix NULL vs IS_ERR() bug in probe
serial: core: Restore sysfs fwnode information
A fix for PCI driver for Texas Instruments PCILyx series. The driver had
a bug where it allocated a DMA-coherent buffer of 16 KB but released it
using PAGE_SIZE. This disproportion was reported in 2020, but the fix was
never merged. It is finally resolved.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQQE66IEYNDXNBPeGKSsLtaWM8LwEwUCaVEkHAAKCRCsLtaWM8Lw
E47xAQCakWPjeQ1S64vK9lmNAcUjWRw/YhacDLVv3euEBjSzuwEAwvK3pPv95IlA
fO6V8UVJN+Lg5dwusM+fdleZqvR4mQ4=
=UZIn
-----END PGP SIGNATURE-----
Merge tag 'firewire-fixes-6.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
Pull firewire fix from Takashi Sakamoto:
"A fix for PCI driver for Texas Instruments PCILyx series.
The driver had a bug where it allocated a DMA-coherent buffer of 16 KB
but released it using PAGE_SIZE. This disproportion was reported in
2020, but the fix was never merged. It is finally resolved"
* tag 'firewire-fixes-6.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
firewire: nosy: Fix dma_free_coherent() size
- Add probing and userspace reporting support for the standard RISC-V
ISA extensions Zilsd and Zclsd, which implement load/store dual
instructions on RV32
- Abstract the register saving code in setup_sigcontext() so it can be
used for stateful RISC-V ISA extensions beyond the vector extension
- Add the SBI extension ID and some initial data structure definitions
for the RISC-V standard SBI debug trigger extension
- Clean up some code slightly: change some page table functions to
avoid atomic operations oinn !SMP and to avoid unnecessary casts to
atomic_long_t; and use the existing RISCV_FULL_BARRIER macro in
place of some open-coded "fence rw,rw" instructions
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEElRDoIDdEz9/svf2Kx4+xDQu9KksFAmlQ5hUACgkQx4+xDQu9
KkuzjQ/+LV27EOKp3ofhkN6yD+u/MZJv2L8d/L+iuZ6mC7ynerVqY7jHj1bUtSWG
lGJPLLtB3rWITsN0tTkQZDE+LySABACvGsHsH0jDOPu25EUu8fmKL+4UOBpJ4EmH
GrldJCgJjZiV9/NdFqUSwpsZKfuNC3IT5hQvEfFmBGexMb4O0ch2LTrqNTxsS5eu
x1a5DJPbls8olyTYYMoIIbQMU35bHdQWSGEUBvKpisziD11E5c9P9zZcN/X7TnFZ
9wxDCeCmdtiayJzWECRO5HFErxw16IWOBsW7JwanOLlJuE2vi/hEW3bwAAQMaYSh
FvN6ID9d6fE9cuStNfqILuWeF8cogVkowMzEX9ud6hFp8AKE/mAlF4Rd26qIAbwE
Migv/MjSuMKSYfPIcJ+fkrMoPgMeMCoGW34NtSV7MjSujBYozjjnN/Yc5iSu5rdN
16b08rtusMvQI0Eowt21RO7iXRauK1+6Xcag5WZytD+sdMZkPxOepDK/mZijiida
w8FYENlHEjhlF7A9Uiy8igVCjXJg63r3ctcnzB2wskUb+gfJF9IXdpv0O7ZO6IoJ
6Q4OI3oNhHSWic7noXYu+dSbTT4DjlPpUBnI79X7bPo+6Ck3X9fr8YPpHzKnmHN9
aVixfWk8zShNutROkt+3vQYzgNACcNtMT9Uz5Ce2FI3urqALp1M=
=Pgyz
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-6.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V updates from Paul Walmsley:
"Nothing exotic here; these are the cleanup and new ISA extension
probing patches (not including CFI):
- Add probing and userspace reporting support for the standard RISC-V
ISA extensions Zilsd and Zclsd, which implement load/store dual
instructions on RV32
- Abstract the register saving code in setup_sigcontext() so it can
be used for stateful RISC-V ISA extensions beyond the vector
extension
- Add the SBI extension ID and some initial data structure
definitions for the RISC-V standard SBI debug trigger extension
- Clean up some code slightly: change some page table functions to
avoid atomic operations oinn !SMP and to avoid unnecessary casts to
atomic_long_t; and use the existing RISCV_FULL_BARRIER macro in
place of some open-coded 'fence rw,rw' instructions"
* tag 'riscv-for-linus-6.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: Add SBI debug trigger extension and function ids
riscv/atomic.h: use RISCV_FULL_BARRIER in _arch_atomic* function.
riscv: hwprobe: export Zilsd and Zclsd ISA extensions
riscv: add ISA extension parsing for Zilsd and Zclsd
dt-bindings: riscv: add Zilsd and Zclsd extension descriptions
riscv: mm: use xchg() on non-atomic_long_t variables, not atomic_long_xchg()
riscv: mm: ptep_get_and_clear(): avoid atomic ops when !CONFIG_SMP
riscv: mm: pmdp_huge_get_and_clear(): avoid atomic ops when !CONFIG_SMP
riscv: signal: abstract header saving for setup_sigcontext
- Fix for kexec warning due to SMT disable or partial SMT enabled
- Handle font bitmap pointer with reloc_offset to fix boot crash
- Fix to enable cpuidle state for Power11
- Couple of misc fixes
Thanks to: Aboorva Devarajan, Aditya Bodkhe, Cedar Maxwell, Christian Zigotzky, Christophe Leroy, Christophe Leroy (CS GROUP), Finn Thain, Gopi Krishna Menon, Guenter Roeck, Jan Stancek, Joe Lawrence, Josh Poimboeuf, Justin M. Forbes, Madadi Vineeth Reddy, Naveen N Rao (AMD), Nysal Jan K.A., Sachin P Bappalige, Samir M, Sourabh Jain, Srikar Dronamraju, Stan Johnson
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqX2DNAOgU8sBX3pRpnEsdPSHZJQFAmlQnssACgkQpnEsdPSH
ZJTVyg//f3NGQ3WJPWm0bx162qM8H1sExsdji6ra7ViDx/0fx93RjU23bmvn/zc1
Dirfk224xyYHTXIz9Crd6cESao6RgECqucolnjDyZFg0ip2Ew8yIkL386h50NVhL
IuMeWrAwj7QE5mJ5hvqq1019MAq2sk6WvIOJACqzbogVH8k4E119LnzrvNk6phOX
aQr9RvpIrfA5TmReG8PT5owkFPr8yiqV4Gz7p4JOKgruvkAj5zJk2FLEOh7yU9/Q
Wcqrp3m3F2Gl3QCdj8F5gQGDUU3sxapgRrjOQZTTJckfDJcYDz9W9XteBVXicVMr
Uc2Lzgps5fnjORQYXQi/q6Z1XeHTCsO9CAM81l9zGmeg/J53CUI4SMumQn+kEdSN
lLpNecU6YDrae1QdT97o18tpWPQSueAapv/Uxnn2goY8Q80IZyhY6iy8ITdbEK0x
CqAyqFNWfpNJIt2PLCUVzfcVJ7iPCQBTBVCTKJSUmlxOScadj+UKDACGKZIN/jtR
CNBcoM4Ciz4Po1KLFhbfHqp0ixuxHRPfaS+1UyIfKHEYwoNvpCHlXtBf9qQYW92h
07/4ou6uzTmfuvyAQ8iY67/cMWDFocz3ephViOzmiCiEg445xx6w94CGiWp0QFCP
D6wYlDh48IxH8iia4r7r/IB0r1Bw7gygUM/zeu5weMnvxmcUwII=
=mQlX
-----END PGP SIGNATURE-----
Merge tag 'powerpc-6.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fixes from Madhavan Srinivasan:
- Fix for kexec warning due to SMT disable or partial SMT enabled
- Handle font bitmap pointer with reloc_offset to fix boot crash
- Fix to enable cpuidle state for Power11
- Couple of misc fixes
Thanks to Aboorva Devarajan, Aditya Bodkhe, Cedar Maxwell, Christian
Zigotzky, Christophe Leroy, Christophe Leroy (CS GROUP), Finn Thain,
Gopi Krishna Menon, Guenter Roeck, Jan Stancek, Joe Lawrence, Josh
Poimboeuf, Justin M. Forbes, Madadi Vineeth Reddy, Naveen N Rao (AMD),
Nysal Jan K.A., Sachin P Bappalige, Samir M, Sourabh Jain, Srikar
Dronamraju, and Stan Johnson
* tag 'powerpc-6.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/32: Restore disabling of interrupts at interrupt/syscall exit
powerpc/powernv: Enable cpuidle state detection for POWER11
powerpc: Add reloc_offset() to font bitmap pointer used for bootx_printf()
powerpc/tools: drop `-o pipefail` in gcc check scripts
selftests/powerpc/pmu/: Add check_extended_reg_test to .gitignore
powerpc/kexec: Enable SMT before waking offline CPUs
We've got more fixes here for the Cadence QSPI controller, this time
fixing some issues that come up when working with slower flashes on some
platforms plus a general race condition.
We also add support for the Allwinner A523, this is just some new
compatibles.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmlPvm0ACgkQJNaLcl1U
h9BwWgf+MWIgqU0Rh8de+IiEkrfp82V9Xz5ZNKqgtvlyJdp41QG3SAukmy2LBtYK
RO9RzZcaBse/uLvEgZZO9sEvPgQHakn0p60EgJEhwKHP+lCt1EfaDKv1kbvAATwl
urtZE8YDHu6SITJvPobmIykCgr/yODpcMWfyyRNxmoZFb3LYQiXV3pbWem0VBdn/
ZJ2QBEKYyLSkYgqiZmhosgGyWI8nXml7xhHY6EunvbWWXb599aQoPS44Y3aTwftB
8lZ4fMWTGwTsRqc0eh2dCrVCLNpGLSM4T0/R2VvpW058Tu877yD+4w4vd1O++2kF
HbphKV5TvUUpR+Ivo4LSPsQ4fGaLxg==
=ASmz
-----END PGP SIGNATURE-----
Merge tag 'spi-fix-v6.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"We've got more fixes here for the Cadence QSPI controller, this time
fixing some issues that come up when working with slower flashes on
some platforms plus a general race condition.
We also add support for the Allwinner A523, this is just some new
compatibles"
* tag 'spi-fix-v6.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: cadence-quadspi: Improve CQSPI_SLOW_SRAM quirk if flash is slow
spi: cadence-quadspi: Prevent lost complete() call during indirect read
spi: sun6i: Support A523's SPI controllers
spi: dt-bindings: sun6i: Add compatibles for A523's SPI controllers
A couple of fixes from Thomas, making the UAPI headers more robustly
correct and ensuring they are covered by checkpatch, and one from
Andreas fixing an update for a change to the DT bindings that I missed
was requested during bindings review in the newly added fp9931 driver.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmlPvaEACgkQJNaLcl1U
h9A9Ogf9Fp1tjyQK1onQZlG9EcPGF2gZ3wTKdxEb1PZOx7ioyLUrQHtB1b1wPpEr
Wniq2BxsG4yqGxaBPSiA7NsLe35CgozvDNy/kJXAcPsix9ZKEMtcjQuZQ9hD8fR9
SWYLMoey/hZDu/OdF7pnmOEjm9WmXjQ1ielfaAEzwV7rgkZkWSsslj04joYsMcFX
ESO12jea/pHBj5nI0nfSaRH5UW+spyR3KScU1Z3RP23boG3+ZtT6NK1Kyx3K+x5V
k0d71rDcqIKn/QYEF651H0RIsrJ8BYd85QAtCW+Of4ATCNttTgeKLN8ZhC91gOns
VlCogXA+t85KzmVtLH5Fia98lJu+ig==
=0hFe
-----END PGP SIGNATURE-----
Merge tag 'regulator-fix-v6.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"A couple of fixes from Thomas, making the UAPI headers more robustly
correct and ensuring they are covered by checkpatch, and one from
Andreas fixing an update for a change to the DT bindings that I missed
was requested during bindings review in the newly added fp9931 driver"
* tag 'regulator-fix-v6.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: fp9931: fix regulator node pointer
regulator: Add UAPI headers to MAINTAINERS
regulator: uapi: Use UAPI integer type
Fixes for v6.19:
GPU:
- Fix crash on a7xx GPUs not supporting IFPC
- Fix perfcntr use with IFPC
- Concurrent binning fix
DPU:
- Fixed DSC and SSPP fetching issues
- Switched to scnprint instead of snprintf
- Added missing NULL checks in pingpong code
Also documentation fixes.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Rob Clark <rob.clark@oss.qualcomm.com>
Link: https://patch.msgid.link/CACSVV01jcLLChsFtmqc4VDNoQ2ic2q+d86n3wdoSUdmW6xaSdQ@mail.gmail.com
Three HBA driver and one upper level driver (sg) fix. The sg change
is the largest, but that results mostly from moving code to avoid the
described race condition.
Signed-off-by: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
-----BEGIN PGP SIGNATURE-----
iLgEABMIAGAWIQTnYEDbdso9F2cI+arnQslM7pishQUCaU9UWRsUgAAAAAAEAA5t
YW51MiwyLjUrMS4xMSwyLDImHGphbWVzLmJvdHRvbWxleUBoYW5zZW5wYXJ0bmVy
c2hpcC5jb20ACgkQ50LJTO6YrIUsFQEA49RD3/43W3fNYU1RfqcjDFmaJgDeUpvk
q+JF6RTzjaQA/j7t4sGNLnPq8kDBhacYhStIFUUMoeHkiS8Nq+s0TuWL
=T0c1
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Three HBA driver and one upper level driver (sg) fix.
The sg change is the largest, but that results mostly from moving code
to avoid the described race condition"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error
scsi: sg: Fix occasional bogus elapsed time that exceeds timeout
scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow
scsi: scsi_debug: Fix atomic write enable module param description
- Introduce DMA Rust helpers to avoid build errors when !CONFIG_HAS_DMA.
- Remove unnecessary (and hence incorrect) endian conversion in the Rust
PCI driver sample code.
- Fix memory leak in the unwind path of debugfs_change_name().
- Support non-const struct software_node pointers in
SOFTWARE_NODE_REFERENCE(), after introducing _Generic().
- Avoid NULL pointer dereference in the unwind path of
simple_xattrs_free().
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQS2q/xV6QjXAdC7k+1FlHeO1qrKLgUCaU7O/wAKCRBFlHeO1qrK
LirZAPoCljVnVVZoA1oesoyIQ8KWDdoC55dfUZyCp4yz87MvjgD/e1Gw1o+y3YyS
dut7ODDimiUPh0I54nMX4l561NMVggU=
=v3Qg
-----END PGP SIGNATURE-----
Merge tag 'driver-core-6.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/driver-core/driver-core
Pull driver core fixes from Danilo Krummrich:
- Introduce DMA Rust helpers to avoid build errors when !CONFIG_HAS_DMA
- Remove unnecessary (and hence incorrect) endian conversion in the
Rust PCI driver sample code
- Fix memory leak in the unwind path of debugfs_change_name()
- Support non-const struct software_node pointers in
SOFTWARE_NODE_REFERENCE(), after introducing _Generic()
- Avoid NULL pointer dereference in the unwind path of
simple_xattrs_free()
* tag 'driver-core-6.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/driver-core/driver-core:
fs/kernfs: null-ptr deref in simple_xattrs_free()
software node: Also support referencing non-constant software nodes
debugfs: Fix memleak in debugfs_change_name().
samples: rust: fix endianness issue in rust_driver_pci
rust: dma: add helpers for architectures without CONFIG_HAS_DMA
A couple of fixes for EFI regressions introduced this cycle:
- Make EDID handling in the EFI stub mixed mode safe
- Ensure that efi_mm.user_ns has a sane value - this is needed now that
EFI runtime calls are preemptible on arm64
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQQQm/3uucuRGn1Dmh0wbglWLn0tXAUCaU694AAKCRAwbglWLn0t
XJHoAPsHkA4g+rRXXhqgysWvqQvGWTrWLiVHPeDOs3dAWTxHpQD+KTNVaW4H+BCz
x+5S3unu5q9PxWOwqeoCi2JvkKKjJwE=
=fb7r
-----END PGP SIGNATURE-----
Merge tag 'efi-fixes-for-v6.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi
Pull EFI fixes from Ard Biesheuvel:
"A couple of fixes for EFI regressions introduced this cycle:
- Make EDID handling in the EFI stub mixed mode safe
- Ensure that efi_mm.user_ns has a sane value - this is needed now
that EFI runtime calls are preemptible on arm64"
* tag 'efi-fixes-for-v6.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
kthread: Warn if mm_struct lacks user_ns in kthread_use_mm()
arm64: efi: Fix NULL pointer dereference by initializing user_ns
efi/libstub: gop: Fix EDID support in mixed-mode
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmlOrqkQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpmIoEAC25bhRVlbwHPGTXiT2tFpxb3AQofmcxNZK
2Ooj525wcHvgPoh6shBiPDoH8tDoUJaqg+ZUtMjA3gYWmbhL719G5n3TuJSE/I6m
AUwP0pAU+dtJbDRxTfYD7JjSGidKd74WlLHAoF5SiDW1U1DMfyYPfQO+p+MhuGJV
Olo+oFVdWst4+aV8elxY/SgRISI+3VIRwe+zIlPofRTrvkhh1qYcDKzUZmrxDCRl
TP4csqKanuTrTZaWTG6tTrIEfyuvsfxDSst/slZziUlEx3k+WnB6WHUbWufWMFp6
zRuK+NGKrwrLb/K0J1kSGeGsc2Ptkx6Sn+dOp3zNsrH1chihZvr7k+q8z5kBpv7i
mwu1CbreGRI3pgQYMIdO3UD7PZKEj/5XJ36cHPYWQwG056vrtD2X7dMfGFfJ4SdE
KBSm3tXDiBLqbP6g2lZ6BixeUB/nHoDqhZtfsP/guw8coVyGkN4w0ND0/mIbbD0p
VQ47HSQB4zfE6NHlr4tcnDDxEg4V+9d3H1yva0KRwVXjrEsTUcMVSoRwA99JUQoi
VLmQ2sGn8qEGWxVHPGXvF6gEHnU8eoQfZD2oG2gZPyw145HKeuml4VtbB6wy0J0n
GHWY8cLcq5y2quWfHDYEbd/g9yedE+Y8eVkHgPbHmGjwCLZOt3pltKmfpjw5otkt
xdNoodcOTw==
=DwyX
-----END PGP SIGNATURE-----
Merge tag 'block-6.19-20251226' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
Pull block fixes from Jens Axboe:
- Fix for a signedness issue introduced in this kernel release for rnbd
- Fix up user copy references for ublk when the server exits
* tag 'block-6.19-20251226' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux:
block: rnbd-clt: Fix signedness bug in init_dev()
ublk: clean up user copy references on ublk server exit
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmlOro8QHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgprhhEADWKzgb1tqALkgjSNfzA9mEBpxt6Xp6++7x
4lwUnnX/m4C1ILphAD4ii7YY2hm7xjRBaUeqH2OifznxXnAw1Rbhjr9GJdKqq43y
1HWIzz48wP9wn0LI0tXkHA2AZR3Rs0IbtHZ+87gHA0HVoSNxqBIM9DKuFbbKDFNq
P2ef4WoPZekThIRKXM05bkeVZuiMekMWpC5YUKPpm+XzPOE0rOtsPDypbmGVN/hT
vpTjtAFEEDh3zTmmjd/Egk9fMJJMBMhr7E5us8VrUHFtNyZ6DmGCHOKAcJj3iJyT
/BEOHQ1Yu/COXHlqj1kDefmoD/glsCnZFeGAXQu45CaU/ZU8jcm6Yy04hRbd9FLu
QT6ycA84N0HOqoe1+UYnTy8/vqseCo5E6e9thPak6CWLsZA6Xc/8LcXZbNhe6fEW
m9ldoQRnLnPkmiX3+gtEyjb+fa8DjYxzq/7ab37khIjdaJxesqFWkZ2Z+M2GKzVq
9Qvth2ribWq0xtm9vZ0jb07JSss/Q+lQMKGlZ3vlvG2CODB5ll7Gq18LAxS7xoO3
ciA+tcrMgTZcw9R7Ha5gbqkjpKZbwqA1malsNUo4YNRI/S4d6UU74nEVuyyAcsTv
czFeU+d2nffwp1HV94ipNrCR2adKIQ1ESRxLTDNKt9hcFDlL9tHB//Kr28BO123V
SrDcDR3Slw==
=vmEn
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.19-20251226' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
Pull io_uring fix from Jens Axboe:
"Just a single fix for a bug that can cause a leak of the filename with
IORING_OP_OPENAT, if direct descriptors are asked for and O_CLOEXEC
has been set in the request flags"
* tag 'io_uring-6.19-20251226' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux:
io_uring: fix filename leak in __io_openat_prep()
Just a bunch of fixes, mostly trivial ones in tools/virtio
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQFDBAABCgAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmlOnSYPHG1zdEByZWRo
YXQuY29tAAoJECgfDbjSjVRpLvsH/RiAvtYIimnu5XEuk013EB9T4WXn8dE4pDRt
EwZyJie+Ox99ZpNTLEgqpN4jyOQzJ7udVIgbHANR0SWqHtXzYV39I5tI7ZCJ951F
/CXax7INc/oS0s0bHpMKhji8U0FTvtrBY0d9FgvmVTXJpEhnwyKPKx0Z8eJEvaaU
1OCpMNOhbx5EIS9CWvxyJtcc8y2jY6CO855BCph3IdCdUlOTJLrJ6nPdAyP2RRuL
+pjsWRH/ZKhYpL5zmLbTDduRTDaKdns00sMMN6xqjNgu4bgvBo2DM5ljZrRKoFTB
zZAQsitIjR5nxcrtv1QxEeL32XENkb4iXOb9T96+3veEwk9SlRM=
=Ofvg
-----END PGP SIGNATURE-----
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
Pull virtio fixes from Michael Tsirkin:
"Just a bunch of fixes, mostly trivial ones in tools/virtio"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
vhost/vsock: improve RCU read sections around vhost_vsock_get()
tools/virtio: add device, device_driver stubs
tools/virtio: fix up oot build
virtio_features: make it self-contained
tools/virtio: switch to kernel's virtio_config.h
tools/virtio: stub might_sleep and synchronize_rcu
tools/virtio: add struct cpumask to cpumask.h
tools/virtio: pass KCFLAGS to module build
tools/virtio: add ucopysize.h stub
tools/virtio: add dev_WARN_ONCE and is_vmalloc_addr stubs
tools/virtio: stub DMA mapping functions
tools/virtio: add struct module forward declaration
tools/virtio: use kernel's virtio.h
virtio: make it self-contained
tools/virtio: fix up compiler.h stub
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmlMjJYACgkQiiy9cAdy
T1EK1wv9H3OR/MYWie0dD2QDEUbYje9wAxR5mbxZ8AQpDJFdiqaCg6FKJOBpo2YL
iXB8r2948DWELuqj/cgzvs0iOZazx797soMhfOkN/3VZ08rchag3xAFDJmLgECPI
lU/v3j0JKfo3icw117jBmVNi7zn1sUWaNJVgW0Ed2QgzT7caBiV1IjsL3QPmtnXN
1sdoE3aYABJjsM/H0Yobgji/7oDRJQJMuhfw6OMw8amHlXh2Qg1hrjUB6R8BkVfJ
r46jbwPSKmdjkxw/waZ152qljpnkf5SnWspNruoye885o5XlQud+c8Br2xMYwX3J
4sJCMXOkeoju3OEHL3B02/Q2tjzeVjoKgGM4aTuIeiNuFB+3zu1ibvNppEwsUPhG
xjUsqsZsLqP7E0/l4gy8CyszHXdd4jiex6D0maLS4QaxeB27DFCdG8MiVfbe2nKO
+i8rZqvwSU3WvkA2vyQw+i29rKitNUpRljwa69MyGUWgDlvLULa/ArjdhEFMehkP
OkvROSOx
=Qr9r
-----END PGP SIGNATURE-----
Merge tag 'v6.19-rc2-smb3-server-fixes' of git://git.samba.org/ksmbd
Pull smb server fixes from Steve French:
- Fix parsing of SMB1 negotiate request by adjusting offsets affected
by the removal of the RFC1002 length field from the SMB header
- Update minimum PDU size macros for both SMB1 and SMB2
- Rename smb2_get_msg function to smb_get_msg to better reflect its
role in handling both SMB1 and SMB2 requests
* tag 'v6.19-rc2-smb3-server-fixes' of git://git.samba.org/ksmbd:
smb/server: fix minimum SMB2 PDU size
smb/server: fix minimum SMB1 PDU size
ksmbd: rename smb2_get_msg to smb_get_msg
ksmbd: Fix to handle removal of rfc1002 header from smb_hdr
It looks like the buffer allocated and mapped in add_card() is done
with size RCV_BUFFER_SIZE which is 16 KB and 4KB.
Fixes: 286468210d ("firewire: new driver: nosy - IEEE 1394 traffic sniffer")
Co-developed-by: Thomas Fourier <fourier.thomas@gmail.com>
Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com>
Co-developed-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/20251216165420.38355-2-fourier.thomas@gmail.com
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
__io_openat_prep() allocates a struct filename using getname(). However,
for the condition of the file being installed in the fixed file table as
well as having O_CLOEXEC flag set, the function returns early. At that
point, the request doesn't have REQ_F_NEED_CLEANUP flag set. Due to this,
the memory for the newly allocated struct filename is not cleaned up,
causing a memory leak.
Fix this by setting the REQ_F_NEED_CLEANUP for the request just after the
successful getname() call, so that when the request is torn down, the
filename will be cleaned up, along with other resources needing cleanup.
Reported-by: syzbot+00e61c43eb5e4740438f@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=00e61c43eb5e4740438f
Tested-by: syzbot+00e61c43eb5e4740438f@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Prithvi Tambewagh <activprithvi@gmail.com>
Fixes: b9445598d8 ("io_uring: openat directly into fixed fd table")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Add a WARN_ON_ONCE() check to detect mm_struct instances that are
missing user_ns initialization when passed to kthread_use_mm().
When a kthread adopts an mm via kthread_use_mm(), LSM hooks and
capability checks may access current->mm->user_ns for credential
validation. If user_ns is NULL, this leads to a NULL pointer
dereference crash.
This was observed with efi_mm on arm64, where commit a5baf582f4
("arm64/efi: Call EFI runtime services without disabling preemption")
introduced kthread_use_mm(&efi_mm), but efi_mm lacked user_ns
initialization, causing crashes during /proc access.
Adding this warning helps catch similar bugs early during development
rather than waiting for hard-to-debug NULL pointer crashes in
production.
Signed-off-by: Breno Leitao <leitao@debian.org>
Acked-by: Rik van Riel <riel@surriel.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Linux 6.19-rc2 (9448598b22 ("Linux 6.19-rc2")) is crashing with a NULL
pointer dereference on arm64 hosts:
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c8
pc : cap_capable (security/commoncap.c:82 security/commoncap.c:128)
Call trace:
cap_capable (security/commoncap.c:82 security/commoncap.c:128) (P)
security_capable (security/security.c:?)
ns_capable_noaudit (kernel/capability.c:342 kernel/capability.c:381)
__ptrace_may_access (./include/linux/rcupdate.h:895 kernel/ptrace.c:326)
ptrace_may_access (kernel/ptrace.c:353)
do_task_stat (fs/proc/array.c:467)
proc_tgid_stat (fs/proc/array.c:673)
proc_single_show (fs/proc/base.c:803)
I've bissected the problem to commit a5baf582f4 ("arm64/efi: Call EFI
runtime services without disabling preemption").
>From my analyzes, the crash occurs because efi_mm lacks a user_ns field
initialization. This was previously harmless, but commit a5baf582f4
("arm64/efi: Call EFI runtime services without disabling preemption")
changed the EFI runtime call path to use kthread_use_mm(&efi_mm), which
temporarily adopts efi_mm as the current mm for the calling kthread.
When a thread has an active mm, LSM hooks like cap_capable() expect
mm->user_ns to be valid for credential checks. With efi_mm.user_ns being
NULL, capability checks during possible /proc access dereference the
NULL pointer and crash.
Fix by initializing efi_mm.user_ns to &init_user_ns.
Fixes: a5baf582f4 ("arm64/efi: Call EFI runtime services without disabling preemption")
Signed-off-by: Breno Leitao <leitao@debian.org>
Acked-by: Rik van Riel <riel@surriel.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
The efi_edid_discovered_protocol and efi_edid_active_protocol have mixed
mode fields. So all their attributes should be accessed through
the efi_table_attr() helper.
Doing so fixes the upper 32 bits of the 64 bit gop_edid pointer getting
set to random values (followed by a crash at boot) when booting a x86_64
kernel on a machine with 32 bit UEFI like the Asus T100TA.
Fixes: 17029cdd8f ("efi/libstub: gop: Add support for reading EDID")
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Hans de Goede <johannes.goede@oss.qualcomm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
A set of NFSD fixes that arrived just a bit late for the 6.19 merge
window.
Issues reported with v6.19-rc:
- Mark variable __maybe_unused to avoid W=1 build break
Issues that need expedient stable backports:
- NFSv4 file creation neglects setting ACL
- Clear TIME_DELEG in the suppattr_exclcreat bitmap
- Clear SECLABEL in the suppattr_exclcreat bitmap
- Fix memory leak in nfsd_create_serv error paths
- Bound check rq_pages index in inline path
- Return 0 on success from svc_rdma_copy_inline_range
- Use rc_pageoff for memcpy byte offset
- Avoid NULL deref on zero length gss_token in gss_read_proxy_verf
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEKLLlsBKG3yQ88j7+M2qzM29mf5cFAmlKp+EACgkQM2qzM29m
f5e0IhAAwkgBfMIKn9S9eIJ4jYIMAlZGTv24Pt4DkTHcSMYzwZ/8bnCNqL5S1UUV
V8DeVe4pYKoMsXZYkFt9ZyPE77D6ZrWaOHdwHeq/UI624f1KIccOGrnDHfz6Xt+Q
7xuWsfblKPQQMalRgbfiVq+mRfBfAzdR/cjT+11RaagMEEOP/jMdXIn0qel03Yuy
v+4L92wg0gD5GIpQqKZiNXWsPWbYvw/kj1a1hIpOFv//4R9L5oPESC/2jXFweTUE
fCKuAa+CntaagJcTqXHokPB7DO0lvSNoP5wt/eS/uFmrnnLFPTHu0q5+EAangIV7
laqEJiIqT/QR/mfunJ1v07ifGGmXCeg209olyM95enkPgaBCVaYg1OU52YMgGFPY
GxnUCCEDQVBjPVnETRN4LpvnTcnDlceuzwzw9O99x0A3pZ1++FCfFl0VtcGI227u
BZu8+/1jfSCGTOqvx+bzHJ+XR9h9edKZMIFruceEXKfagOkyjvknbWaTBs1+lPsZ
9EswllY7V9MzRsD951sd8KiCVChhtOvNFutuhRz30KHBxT+alrP8D90TQBAYpUrz
wN3eNqDKkD+YOIx8T8P3Qn4MxLWd/xX8roG/9TzwgmqD+5c3D12IKouYo4tiNqc5
d+cH/CpqhwMqsM72XNw4+RQvZFsZyfubrKPUnVidc0t0Ong73zM=
=jkV1
-----END PGP SIGNATURE-----
Merge tag 'nfsd-6.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux
Pull nfsd fixes from Chuck Lever:
"A set of NFSD fixes that arrived just a bit late for the 6.19 merge
window.
Regression fixes:
- Mark variable __maybe_unused to avoid W=1 build break
Stable fixes:
- NFSv4 file creation neglects setting ACL
- Clear TIME_DELEG in the suppattr_exclcreat bitmap
- Clear SECLABEL in the suppattr_exclcreat bitmap
- Fix memory leak in nfsd_create_serv error paths
- Bound check rq_pages index in inline path
- Return 0 on success from svc_rdma_copy_inline_range
- Use rc_pageoff for memcpy byte offset
- Avoid NULL deref on zero length gss_token in gss_read_proxy_verf"
* tag 'nfsd-6.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
NFSD: NFSv4 file creation neglects setting ACL
NFSD: Clear TIME_DELEG in the suppattr_exclcreat bitmap
NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap
nfsd: fix memory leak in nfsd_create_serv error paths
nfsd: Mark variable __maybe_unused to avoid W=1 build break
svcrdma: bound check rq_pages index in inline path
svcrdma: return 0 on success from svc_rdma_copy_inline_range
svcrdma: use rc_pageoff for memcpy byte offset
SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf
- Fix unexpected EIOs under memory pressure caused by recent
incorrect error propagation logic
-----BEGIN PGP SIGNATURE-----
iQJFBAABCgAvFiEEQ0A6bDUS9Y+83NPFUXZn5Zlu5qoFAmlKo9sRHHhpYW5nQGtl
cm5lbC5vcmcACgkQUXZn5Zlu5qqPNw/+MXDqg6VYI2aykRHdHaQIhisL/zSyUM1Q
WXn25/xCyIC6K+Szwk0st+F8lAviAnbpMZBQZvH2YLRUn7/M6ajZmizEtKPAe9z3
nvRJmwG2EI37b3HgUzQ0ua+GPciUFV3l5EoB+c+2L8NIx6XSXe1JYUW9ik7XezBZ
CsN0p6Crf/RxGuhhnqD9h1lHqWOA7XHkqezUn0CPz/W89OuOBwZ1HXMgKkIw7hSi
vzCLz0/YBp37ZgN1BgY4EQAIw0/Uaop1QQ9LQ2RRyJVHxUt3HCpeIwUvh21YHOXT
H/2aUK1NbcPFg1iuzFOHqd9O7HQxiCa3IbTdpB1YqdrYIHBtpeQCv1Ow2SJ+1n5v
aQv3LC3lRqDj8OccfOjiWFKz8SxvZzmHuv3O47tkza1JOo5YozGYJ8/ZfnOZmFfV
QZfCvwAUyychkV3pu1NdYoMbzNRbVOBkY9r0tTIu1xYL/b2SmxrWS7FNpaRB+5Dk
YITGb1ARAqXhfsLMu2j7faa5bTCvnjVSgRYI4i1iQYq0oxdkyISRdupSky7IsoHe
4Oe2VBcqQakhuN6rJUPLSQiiMPn9epS6iaCJnk2KffhLsidVh+KCzszsRaonDcII
4VSNAftWekDm8QnlbuH7xX9Ovcam9QllON2MdpwhX4zb4qpzJekGaZRZOONAEHmW
EsGOeC64ejs=
=vMIs
-----END PGP SIGNATURE-----
Merge tag 'erofs-for-6.19-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs
Pull erofs fix from Gao Xiang:
"Junbeom reported that synchronous reads could hit unintended EIOs
under memory pressure due to incorrect error propagation in
z_erofs_decompress_queue(), where earlier physical clusters in the
same decompression queue may be served for another readahead.
This addresses the issue by decompressing each physical cluster
independently as long as disk I/Os succeed, rather than being impacted
by the error status of previous physical clusters in the same queue.
Summary:
- Fix unexpected EIOs under memory pressure caused by recent
incorrect error propagation logic"
* tag 'erofs-for-6.19-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs:
erofs: fix unexpected EIO under memory pressure
In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the
function returns immediately without freeing and erasing the newly
allocated new_password and new_password2. This causes both a memory leak
and a potential information leak.
Fix this by calling kfree_sensitive() on both password buffers before
returning in this error case.
Fixes: 0f0e357902 ("cifs: during remount, make sure passwords are in sync")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Reviewed-by: ChenXiaoSong <chenxiaosong@kylinos.cn>
Signed-off-by: Steve French <stfrench@microsoft.com>
The refill_buf function uses snprintf to append to a fixed-size buffer.
snprintf returns the length that would have been written, which can
exceed the remaining buffer size. If this happens, ptr advances beyond
the buffer and rem becomes negative. In the 2nd iteration, rem is
treated as a large unsigned integer, causing snprintf to write oob.
While this behavior is technically mitigated by num_perfcntrs being
locked at 5, it's still unsafe if num_perfcntrs were ever to change/a
second source was added.
Signed-off-by: Evan Lambert <veyga@veygax.dev>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Patchwork: https://patchwork.freedesktop.org/patch/696358/
Link: https://lore.kernel.org/r/20251224124254.17920-3-veyga@veygax.dev
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
