commit 91de249b6804473d49984030836381c3b9b3cfb0 Author: Greg Kroah-Hartman Date: Sat May 25 16:22:56 2024 +0200 Linux 6.6.32 Link: https://lore.kernel.org/r/20240523130342.462912131@linuxfoundation.org Tested-by: SeongJae Park Tested-by: Mark Brown Tested-by: Florian Fainelli Tested-by: Takeshi Ogasawara Tested-by: Linux Kernel Functional Testing Tested-by: Harshit Mogalapalli Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Jon Hunter Tested-by: Ron Economos Tested-by: Kelsey Steele Signed-off-by: Greg Kroah-Hartman commit 3ffef551160a073bc852d7b7cfd26a635e63db34 Author: Christoph Hellwig Date: Thu May 2 15:00:33 2024 +0200 block: add a partscan sysfs attribute for disks commit a4217c6740dc64a3eb6815868a9260825e8c68c6 upstream. Userspace had been unknowingly relying on a non-stable interface of kernel internals to determine if partition scanning is enabled for a given disk. Provide a stable interface for this purpose instead. Cc: stable@vger.kernel.org # 6.3+ Depends-on: 140ce28dd3be ("block: add a disk_has_partscan helper") Signed-off-by: Christoph Hellwig Link: https://lore.kernel.org/linux-block/ZhQJf8mzq_wipkBH@gardel-login/ Link: https://lore.kernel.org/r/20240502130033.1958492-3-hch@lst.de [axboe: add links and commit message from Keith] Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman commit d6b6dfff6cda4cdacc514d10073449703a2fdf3b Author: Christoph Hellwig Date: Thu May 2 15:00:32 2024 +0200 block: add a disk_has_partscan helper commit 140ce28dd3bee8e53acc27f123ae474d69ef66f0 upstream. Add a helper to check if partition scanning is enabled instead of open coding the check in a few places. This now always checks for the hidden flag even if all but one of the callers are never reachable for hidden gendisks. Signed-off-by: Christoph Hellwig Link: https://lore.kernel.org/r/20240502130033.1958492-2-hch@lst.de Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman commit fe4549b1d6aca7cffb4ab5010f7918263a6b1058 Author: SeongJae Park Date: Fri May 3 11:03:14 2024 -0700 Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file commit da2a061888883e067e8e649d086df35c92c760a7 upstream. The example usage of DAMOS filter sysfs files, specifically the part of 'matching' file writing for memcg type filter, is wrong. The intention is to exclude pages of a memcg that already getting enough care from a given scheme, but the example is setting the filter to apply the scheme to only the pages of the memcg. Fix it. Link: https://lkml.kernel.org/r/20240503180318.72798-7-sj@kernel.org Fixes: 9b7f9322a530 ("Docs/admin-guide/mm/damon/usage: document DAMOS filters of sysfs") Closes: https://lore.kernel.org/r/20240317191358.97578-1-sj@kernel.org Signed-off-by: SeongJae Park Cc: [6.3.x] Cc: Jonathan Corbet Cc: Shuah Khan Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 71483049de809c74a3cb995decf570df28e1517d Author: Akira Yokosawa Date: Wed May 1 12:16:11 2024 +0900 docs: kernel_include.py: Cope with docutils 0.21 commit d43ddd5c91802a46354fa4c4381416ef760676e2 upstream. Running "make htmldocs" on a newly installed Sphinx 7.3.7 ends up in a build error: Sphinx parallel build error: AttributeError: module 'docutils.nodes' has no attribute 'reprunicode' docutils 0.21 has removed nodes.reprunicode, quote from release note [1]: * Removed objects: docutils.nodes.reprunicode, docutils.nodes.ensure_str() Python 2 compatibility hacks Sphinx 7.3.0 supports docutils 0.21 [2]: kernel_include.py, whose origin is misc.py of docutils, uses reprunicode. Upstream docutils removed the offending line from the corresponding file (docutils/docutils/parsers/rst/directives/misc.py) in January 2022. Quoting the changelog [3]: Deprecate `nodes.reprunicode` and `nodes.ensure_str()`. Drop uses of the deprecated constructs (not required with Python 3). Do the same for kernel_include.py. Tested against: - Sphinx 2.4.5 (docutils 0.17.1) - Sphinx 3.4.3 (docutils 0.17.1) - Sphinx 5.3.0 (docutils 0.18.1) - Sphinx 6.2.1 (docutils 0.19) - Sphinx 7.2.6 (docutils 0.20.1) - Sphinx 7.3.7 (docutils 0.21.2) Link: http://www.docutils.org/RELEASE-NOTES.html#release-0-21-2024-04-09 [1] Link: https://www.sphinx-doc.org/en/master/changes.html#release-7-3-0-released-apr-16-2024 [2] Link: https://github.com/docutils/docutils/commit/c8471ce47a24 [3] Signed-off-by: Akira Yokosawa Cc: stable@vger.kernel.org Signed-off-by: Jonathan Corbet Link: https://lore.kernel.org/r/faf5fa45-2a9d-4573-9d2e-3930bdc1ed65@gmail.com Signed-off-by: Greg Kroah-Hartman commit 1266e5a8f5bceb828bf3456fee08c0a81bd9b283 Author: Thomas Weißschuh Date: Tue Apr 23 12:34:25 2024 +0200 admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET commit 8af2d1ab78f2342f8c4c3740ca02d86f0ebfac5a upstream. sched_core_share_pid() copies the cookie to userspace with put_user(id, (u64 __user *)uaddr), expecting 64 bits of space. The "unsigned long" datatype that is documented in core-scheduling.rst however is only 32 bits large on 32 bit architectures. Document "unsigned long long" as the correct data type that is always 64bits large. This matches what the selftest cs_prctl_test.c has been doing all along. Fixes: 0159bb020ca9 ("Documentation: Add usecases, design and interface for core scheduling") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/util-linux/df7a25a0-7923-4f8b-a527-5e6f0064074d@t-8ch.de/ Signed-off-by: Thomas Weißschuh Reviewed-by: Chris Hyser Signed-off-by: Jonathan Corbet Link: https://lore.kernel.org/r/20240423-core-scheduling-cookie-v1-1-5753a35f8dfc@weissschuh.net Signed-off-by: Greg Kroah-Hartman commit 1c652e1e10676f942149052d9329b8bf2703529a Author: Jarkko Sakkinen Date: Mon May 13 21:19:04 2024 +0300 KEYS: trusted: Do not use WARN when encode fails commit 050bf3c793a07f96bd1e2fd62e1447f731ed733b upstream. When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Cc: stable@vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen Signed-off-by: Greg Kroah-Hartman commit 26c6d7dc8c6a9fde9d362ab2eef6390efeff145e Author: AngeloGioacchino Del Regno Date: Thu Mar 21 09:46:13 2024 +0100 remoteproc: mediatek: Make sure IPI buffer fits in L2TCM commit 331f91d86f71d0bb89a44217cc0b2a22810bbd42 upstream. The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the devicetree node is large enough for that, and while this is especially true for multi-core SCP, it's still useful to check on single-core variants as well. Failing to perform this check may make this driver perform R/W operations out of the L2TCM boundary, resulting (at best) in a kernel panic. To fix that, check that the IPI buffer fits, otherwise return a failure and refuse to boot the relevant SCP core (or the SCP at all, if this is single core). Fixes: 3efa0ea743b7 ("remoteproc/mediatek: read IPI buffer offset from FW") Signed-off-by: AngeloGioacchino Del Regno Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20240321084614.45253-2-angelogioacchino.delregno@collabora.com Signed-off-by: Mathieu Poirier Signed-off-by: Greg Kroah-Hartman commit 642069561ea52ed61554dfb862f5958613babb33 Author: Daniel Thompson Date: Wed Apr 24 15:21:41 2024 +0100 serial: kgdboc: Fix NMI-safety problems from keyboard reset code commit b2aba15ad6f908d1a620fd97f6af5620c3639742 upstream. Currently, when kdb is compiled with keyboard support, then we will use schedule_work() to provoke reset of the keyboard status. Unfortunately schedule_work() gets called from the kgdboc post-debug-exception handler. That risks deadlock since schedule_work() is not NMI-safe and, even on platforms where the NMI is not directly used for debugging, the debug trap can have NMI-like behaviour depending on where breakpoints are placed. Fix this by using the irq work system, which is NMI-safe, to defer the call to schedule_work() to a point when it is safe to call. Reported-by: Liuye Closes: https://lore.kernel.org/all/20240228025602.3087748-1-liu.yeC@h3c.com/ Cc: stable@vger.kernel.org Reviewed-by: Douglas Anderson Acked-by: Greg Kroah-Hartman Link: https://lore.kernel.org/r/20240424-kgdboc_fix_schedule_work-v2-1-50f5a490aec5@linaro.org Signed-off-by: Daniel Thompson Signed-off-by: Greg Kroah-Hartman commit 40b963e45cbbf3769fd784faebc660dabd74edc0 Author: Javier Carrasco Date: Mon Apr 29 15:35:58 2024 +0200 usb: typec: tipd: fix event checking for tps6598x commit 409c1cfb5a803f3cf2d17aeaf75c25c4be951b07 upstream. The current interrupt service routine of the tps6598x only reads the first 64 bits of the INT_EVENT1 and INT_EVENT2 registers, which means that any event above that range will be ignored, leaving interrupts unattended. Moreover, those events will not be cleared, and the device will keep the interrupt enabled. This issue has been observed while attempting to load patches, and the 'ReadyForPatch' field (bit 81) of INT_EVENT1 was set. Given that older versions of the tps6598x (1, 2 and 6) provide 8-byte registers, a mechanism based on the upper byte of the version register (0x0F) has been included. The manufacturer has confirmed [1] that this byte is always 0 for older versions, and either 0xF7 (DH parts) or 0xF9 (DK parts) is returned in newer versions (7 and 8). Read the complete INT_EVENT registers to handle all interrupts generated by the device and account for the hardware version to select the register size. Link: https://e2e.ti.com/support/power-management-group/power-management/f/power-management-forum/1346521/tps65987d-register-command-to-distinguish-between-tps6591-2-6-and-tps65987-8 [1] Fixes: 0a4c005bd171 ("usb: typec: driver for TI TPS6598x USB Power Delivery controllers") Cc: stable@vger.kernel.org Signed-off-by: Javier Carrasco Link: https://lore.kernel.org/r/20240429-tps6598x_fix_event_handling-v3-2-4e8e58dce489@wolfvision.net Signed-off-by: Greg Kroah-Hartman commit 2f95dfb647a8f7789b1d8a806ac89bab1cf1f543 Author: Heikki Krogerus Date: Tue May 7 16:43:16 2024 +0300 usb: typec: ucsi: displayport: Fix potential deadlock commit b791a67f68121d69108640d4a3e591d210ffe850 upstream. The function ucsi_displayport_work() does not access the connector, so it also must not acquire the connector lock. This fixes a potential deadlock scenario: ucsi_displayport_work() -> lock(&con->lock) typec_altmode_vdm() dp_altmode_vdm() dp_altmode_work() typec_altmode_enter() ucsi_displayport_enter() -> lock(&con->lock) Reported-by: Mathias Nyman Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Cc: stable@vger.kernel.org Signed-off-by: Heikki Krogerus Link: https://lore.kernel.org/r/20240507134316.161999-1-heikki.krogerus@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit a202b26d9531dab60f9f90af55c6538948d0f344 Author: Jose Ignacio Tornos Martinez Date: Fri May 10 11:08:28 2024 +0200 net: usb: ax88179_178a: fix link status when link is set to down/up commit ecf848eb934b03959918f5269f64c0e52bc23998 upstream. The idea was to keep only one reset at initialization stage in order to reduce the total delay, or the reset from usbnet_probe or the reset from usbnet_open. I have seen that restarting from usbnet_probe is necessary to avoid doing too complex things. But when the link is set to down/up (for example to configure a different mac address) the link is not correctly recovered unless a reset is commanded from usbnet_open. So, detect the initialization stage (first call) to not reset from usbnet_open after the reset from usbnet_probe and after this stage, always reset from usbnet_open too (when the link needs to be rechecked). Apply to all the possible devices, the behavior now is going to be the same. cc: stable@vger.kernel.org # 6.6+ Fixes: 56f78615bcb1 ("net: usb: ax88179_178a: avoid writing the mac address before first reading") Reported-by: Isaac Ganoung Reported-by: Yongqin Liu Signed-off-by: Jose Ignacio Tornos Martinez Reviewed-by: Simon Horman Link: https://lore.kernel.org/r/20240510090846.328201-1-jtornosm@redhat.com Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman commit ec96bcf5f96a7a5c556b0e881ac3e5c3924d542c Author: Prashanth K Date: Thu May 2 10:11:03 2024 +0530 usb: dwc3: Wait unconditionally after issuing EndXfer command commit 1d26ba0944d398f88aaf997bda3544646cf21945 upstream. Currently all controller IP/revisions except DWC3_usb3 >= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controller revisions >= 3.10a supports GUCTL2[14: Rst_actbitlater] bit which allows polling CMDACT bit to know whether ENDXFER command is completed. Consider a case where an IN request was queued, and parallelly soft_disconnect was called (due to ffs_epfile_release). This eventually calls stop_active_transfer with IOC cleared, hence send_gadget_ep_cmd() skips waiting for CMDACT cleared during EndXfer. For DWC3 controllers with revisions >= 310a, we don't forcefully wait for 1ms either, and we proceed by unmapping the requests. If ENDXFER didn't complete by this time, it leads to SMMU faults since the controller would still be accessing those requests. Fix this by ensuring ENDXFER completion by adding 1ms delay in __dwc3_stop_active_transfer() unconditionally. Cc: stable@vger.kernel.org Fixes: b353eb6dc285 ("usb: dwc3: gadget: Skip waiting for CMDACT cleared during endxfer") Signed-off-by: Prashanth K Acked-by: Thinh Nguyen Link: https://lore.kernel.org/r/20240502044103.1066350-1-quic_prashk@quicinc.com Signed-off-by: Greg Kroah-Hartman commit 71df2cb2869da2e43600efe64106ce5682d992c5 Author: Carlos Llamas Date: Sun Apr 21 17:37:49 2024 +0000 binder: fix max_thread type inconsistency commit 42316941335644a98335f209daafa4c122f28983 upstream. The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from size_t to __u32 in order to avoid incompatibility issues between 32 and 64-bit kernels. However, the internal types used to copy from user and store the value were never updated. Use u32 to fix the inconsistency. Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration") Reported-by: Arve Hjønnevåg Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas Reviewed-by: Alice Ryhl Link: https://lore.kernel.org/r/20240421173750.3117808-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman commit c364e7a34c85c2154fb2e47561965d5b5a0b69b1 Author: Srinivasan Shanmugam Date: Tue Dec 26 15:32:19 2023 +0530 drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() commit b8d55a90fd55b767c25687747e2b24abd1ef8680 upstream. Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176) Suggested-by: Hawking Zhang Cc: Tao Zhou Cc: Hawking Zhang Cc: Christian König Cc: Alex Deucher Signed-off-by: Srinivasan Shanmugam Reviewed-by: Hawking Zhang Signed-off-by: Alex Deucher [Ajay: applied AMDGPU_RAS_BLOCK_COUNT condition to amdgpu_ras_query_error_status() as amdgpu_ras_query_error_status_helper() not present in v6.6, v6.1 amdgpu_ras_query_error_status_helper() was introduced in 8cc0f5669eb6] Signed-off-by: Ajay Kaher Signed-off-by: Greg Kroah-Hartman commit f9b877a7ee312ec8ce17598a7ef85cb820d7c371 Author: Christian Brauner Date: Fri Apr 19 20:36:11 2024 +0800 erofs: reliably distinguish block based and fscache mode commit 7af2ae1b1531feab5d38ec9c8f472dc6cceb4606 upstream. When erofs_kill_sb() is called in block dev based mode, s_bdev may not have been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled, it will be mistaken for fscache mode, and then attempt to free an anon_dev that has never been allocated, triggering the following warning: ============================================ ida_free called for id=0 which is not allocated. WARNING: CPU: 14 PID: 926 at lib/idr.c:525 ida_free+0x134/0x140 Modules linked in: CPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630 RIP: 0010:ida_free+0x134/0x140 Call Trace: erofs_kill_sb+0x81/0x90 deactivate_locked_super+0x35/0x80 get_tree_bdev+0x136/0x1e0 vfs_get_tree+0x2c/0xf0 do_new_mount+0x190/0x2f0 [...] ============================================ Now when erofs_kill_sb() is called, erofs_sb_info must have been initialised, so use sbi->fsid to distinguish between the two modes. Signed-off-by: Christian Brauner Signed-off-by: Baokun Li Reviewed-by: Jingbo Xu Reviewed-by: Gao Xiang Reviewed-by: Chao Yu Link: https://lore.kernel.org/r/20240419123611.947084-3-libaokun1@huawei.com Signed-off-by: Gao Xiang Signed-off-by: Greg Kroah-Hartman commit 3924179ba93353ed6f4462f111b5b5a8bee6cd75 Author: Baokun Li Date: Fri Apr 19 20:36:10 2024 +0800 erofs: get rid of erofs_fs_context commit 07abe43a28b2c660f726d66f5470f7f114f9643a upstream. Instead of allocating the erofs_sb_info in fill_super() allocate it during erofs_init_fs_context() and ensure that erofs can always have the info available during erofs_kill_sb(). After this erofs_fs_context is no longer needed, replace ctx with sbi, no functional changes. Suggested-by: Jingbo Xu Signed-off-by: Baokun Li Reviewed-by: Jingbo Xu Reviewed-by: Gao Xiang Reviewed-by: Chao Yu Link: https://lore.kernel.org/r/20240419123611.947084-2-libaokun1@huawei.com [ Gao Xiang: trivial conflict due to a warning message. ] Signed-off-by: Gao Xiang Signed-off-by: Greg Kroah-Hartman commit fcb05fee000614770d2ce9b1a664fb81d56a033a Author: Jiri Olsa Date: Sat Dec 16 00:05:02 2023 +0100 bpf: Add missing BPF_LINK_TYPE invocations commit 117211aa739a926e6555cfea883be84bee6f1695 upstream. Pengfei Xu reported [1] Syzkaller/KASAN issue found in bpf_link_show_fdinfo. The reason is missing BPF_LINK_TYPE invocation for uprobe multi link and for several other links, adding that. [1] https://lore.kernel.org/bpf/ZXptoKRSLspnk2ie@xpf.sh.intel.com/ Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link") Fixes: e420bed02507 ("bpf: Add fd-based tcx multi-prog infra with link support") Fixes: 84601d6ee68a ("bpf: add bpf_link support for BPF_NETFILTER programs") Fixes: 35dfaad7188c ("netkit, bpf: Add bpf programmable net device") Reported-by: Pengfei Xu Signed-off-by: Jiri Olsa Signed-off-by: Andrii Nakryiko Tested-by: Pengfei Xu Acked-by: Hou Tao Link: https://lore.kernel.org/bpf/20231215230502.2769743-1-jolsa@kernel.org Signed-off-by: Ignat Korchagin Signed-off-by: Greg Kroah-Hartman commit f70d849b679b3f493a3f4f3f94ee6cbc4647f85e Author: Mark Brown Date: Thu Sep 28 16:38:11 2023 +0200 kselftest: Add a ksft_perror() helper commit 907f33028871fa7c9a3db1efd467b78ef82cce20 upstream. The standard library perror() function provides a convenient way to print an error message based on the current errno but this doesn't play nicely with KTAP output. Provide a helper which does an equivalent thing in a KTAP compatible format. nolibc doesn't have a strerror() and adding the table of strings required doesn't seem like a good fit for what it's trying to do so when we're using that only print the errno. Signed-off-by: Mark Brown Reviewed-by: Kees Cook Signed-off-by: Shuah Khan Stable-dep-of: 071af0c9e582 ("selftests: timers: Convert posix_timers test to generate KTAP output") Signed-off-by: Edward Liaw Signed-off-by: Greg Kroah-Hartman commit 7b4bd57cf005e35ba076e350300b50a99d42e4b8 Author: Mengqi Zhang Date: Mon Dec 25 17:38:40 2023 +0800 mmc: core: Add HS400 tuning in HS400es initialization commit 77e01b49e35f24ebd1659096d5fc5c3b75975545 upstream. During the initialization to HS400es stage, add a HS400 tuning flow as an optional process. For Mediatek IP, the HS400es mode requires a specific tuning to ensure the correct HS400 timing setting. Signed-off-by: Mengqi Zhang Link: https://lore.kernel.org/r/20231225093839.22931-2-mengqi.zhang@mediatek.com Signed-off-by: Ulf Hansson Cc: "Lin Gui (桂林)" Signed-off-by: Greg Kroah-Hartman commit e62835264d0352be6086975f18fdfed2b5520b13 Author: Jarkko Sakkinen Date: Mon May 20 02:31:53 2024 +0300 KEYS: trusted: Fix memory leak in tpm2_key_encode() commit ffcaa2172cc1a85ddb8b783de96d38ca8855e248 upstream. 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case. Cc: stable@vger.kernel.org # +v5.13 Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen Signed-off-by: Greg Kroah-Hartman commit ad3f7986c5a0f82b8b66a0afe1cc1f5421e1d674 Author: Sungwoo Kim Date: Sat May 4 15:23:29 2024 -0400 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() commit a5b862c6a221459d54e494e88965b48dcfa6cc44 upstream. l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to validate MTU and stop the connection process earlier if MTU is invalid. Also, add a missing validation in read_buffer_size() and make it return an error value if the validation fails. Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a kzalloc failure and invalid MTU value. divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci0 hci_rx_work RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547 Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c 89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42 RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246 RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084 R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000 FS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline] l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline] l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809 l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506 hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline] hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335 worker_thread+0x926/0xe70 kernel/workqueue.c:3416 kthread+0x2e3/0x380 kernel/kthread.c:388 ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Modules linked in: ---[ end trace 0000000000000000 ]--- Fixes: 6ed58ec520ad ("Bluetooth: Use LE buffers for LE traffic") Suggested-by: Luiz Augusto von Dentz Signed-off-by: Sungwoo Kim Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Greg Kroah-Hartman commit cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5 Author: Sungwoo Kim Date: Tue Apr 30 02:32:10 2024 -0400 Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() commit 4d7b41c0e43995b0e992b9f8903109275744b658 upstream. Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect ┌ mutex_lock(&conn->chan_lock); │ chan = pchan->ops->new_connection(pchan); <- alloc chan │ __l2cap_chan_add(conn, chan); │ l2cap_chan_hold(chan); │ list_add(&chan->list, &conn->chan_l); ... (1) └ mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del ┌ mutex_lock(&conn->chan_lock); │ foreach chan in conn->chan_l: ... (2) │ l2cap_chan_put(chan); │ l2cap_chan_destroy │ kfree(chan) ... (3) <- chan freed └ mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311 Fixes: 73ffa904b782 ("Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan") Signed-off-by: Sungwoo Kim Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Greg Kroah-Hartman commit 4d29fd53a0cb48a2c7bee4114b29bd82fa5c1b73 Author: Jacob Keller Date: Fri Feb 16 14:06:36 2024 -0800 ice: remove unnecessary duplicate checks for VF VSI ID commit 363f689600dd010703ce6391bcfc729a97d21840 upstream. The ice_vc_fdir_param_check() function validates that the VSI ID of the virtchnl flow director command matches the VSI number of the VF. This is already checked by the call to ice_vc_isvalid_vsi_id() immediately following this. This check is unnecessary since ice_vc_isvalid_vsi_id() already confirms this by checking that the VSI ID can locate the VSI associated with the VF structure. Furthermore, a following change is going to refactor the ice driver to report VSI IDs using a relative index for each VF instead of reporting the PF VSI number. This additional check would break that logic since it enforces that the VSI ID matches the VSI number. Since this check duplicates the logic in ice_vc_isvalid_vsi_id() and gets in the way of refactoring that logic, remove it. Signed-off-by: Jacob Keller Reviewed-by: Przemek Kitszel Tested-by: Rafal Romanowski Signed-off-by: Tony Nguyen Signed-off-by: Greg Kroah-Hartman commit 0ca683f921a9717ecc894e552c39d4e3e5f4e7ff Author: Jacob Keller Date: Fri Feb 16 14:06:35 2024 -0800 ice: pass VSI pointer into ice_vc_isvalid_q_id commit a21605993dd5dfd15edfa7f06705ede17b519026 upstream. The ice_vc_isvalid_q_id() function takes a VSI index and a queue ID. It looks up the VSI from its index, and then validates that the queue number is valid for that VSI. The VSI ID passed is typically a VSI index from the VF. This VSI number is validated by the PF to ensure that it matches the VSI associated with the VF already. In every flow where ice_vc_isvalid_q_id() is called, the PF driver already has a pointer to the VSI associated with the VF. This pointer is obtained using ice_get_vf_vsi(), rather than looking up the VSI using the index sent by the VF. Since we already know which VSI to operate on, we can modify ice_vc_isvalid_q_id() to take a VSI pointer instead of a VSI index. Pass the VSI we found from ice_get_vf_vsi() instead of re-doing the lookup. This removes some unnecessary computation and scanning of the VSI list. It also removes the last place where the driver directly used the VSI number from the VF. This will pave the way for refactoring to communicate relative VSI numbers to the VF instead of absolute numbers from the PF space. Signed-off-by: Jacob Keller Reviewed-by: Przemek Kitszel Tested-by: Rafal Romanowski Signed-off-by: Tony Nguyen Signed-off-by: Greg Kroah-Hartman commit 3a7ac4902917a044854ae466edbb7520419a9a33 Author: Ronald Wahl Date: Mon May 13 16:39:22 2024 +0200 net: ks8851: Fix another TX stall caused by wrong ISR flag handling commit 317a215d493230da361028ea8a4675de334bfa1a upstream. Under some circumstances it may happen that the ks8851 Ethernet driver stops sending data. Currently the interrupt handler resets the interrupt status flags in the hardware after handling TX. With this approach we may lose interrupts in the time window between handling the TX interrupt and resetting the TX interrupt status bit. When all of the three following conditions are true then transmitting data stops: - TX queue is stopped to wait for room in the hardware TX buffer - no queued SKBs in the driver (txq) that wait for being written to hw - hardware TX buffer is empty and the last TX interrupt was lost This is because reenabling the TX queue happens when handling the TX interrupt status but if the TX status bit has already been cleared then this interrupt will never come. With this commit the interrupt status flags will be cleared before they are handled. That way we stop losing interrupts. The wrong handling of the ISR flags was there from the beginning but with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") the issue becomes apparent. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Simon Horman Cc: netdev@vger.kernel.org Cc: stable@vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl Reviewed-by: Simon Horman Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 7e4f50dfc98c49b3dc6875a35c3112522fb25639 Author: Jose Fernandez Date: Mon Apr 22 08:35:44 2024 -0600 drm/amd/display: Fix division by zero in setup_dsc_config commit 130afc8a886183a94cf6eab7d24f300014ff87ba upstream. When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a state that requires a reboot. This patch adds a check to avoid the division by zero. The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor connected via Thunderbolt. The amdgpu driver crashed with this exception when I rebooted the system with the monitor connected. kernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) kernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2)) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu After applying this patch, the driver no longer crashes when the monitor is connected and the system is rebooted. I believe this is the same issue reported for 3113. Reviewed-by: Rodrigo Siqueira Signed-off-by: Jose Fernandez Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3113 Signed-off-by: Rodrigo Siqueira Signed-off-by: Alex Deucher Cc: "Limonciello, Mario" Signed-off-by: Greg Kroah-Hartman commit d4a079d1466d6fd9dba12a763a008b6f43890afb Author: Gustavo A. R. Silva Date: Thu Apr 11 09:35:42 2024 -0600 smb: smb2pdu.h: Avoid -Wflex-array-member-not-at-end warnings -Wflex-array-member-not-at-end is coming in GCC-14, and we are getting ready to enable it globally. So, in order to avoid ending up with a flexible-array member in the middle of multiple other structs, we use the `__struct_group()` helper to separate the flexible array from the rest of the members in the flexible structure, and use the tagged `struct create_context_hdr` instead of `struct create_context`. So, with these changes, fix 51 of the following warnings[1]: fs/smb/client/../common/smb2pdu.h:1225:31: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] Link: https://gist.github.com/GustavoARSilva/772526a39be3dd4db39e71497f0a9893 [1] Link: https://github.com/KSPP/linux/issues/202 Signed-off-by: Gustavo A. R. Silva Signed-off-by: Steve French commit 5a65254c4c4a302fa4935df68310c67c7398999c Author: Namjae Jeon Date: Sat Apr 20 09:17:58 2024 +0900 ksmbd: add continuous availability share parameter [ Upstream commit e9d8c2f95ab8acaf3f4d4a53682a4afa3c263692 ] If capabilities of the share is not SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY, ksmbd should not grant a persistent handle to the client. This patch add continuous availability share parameter to control it. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 07e76ea1799c1ce9626a6c3c11ce1c2de301790e Author: David Howells Date: Thu Apr 4 13:51:36 2024 +0100 cifs: Add tracing for the cifs_tcon struct refcounting [ Upstream commit afc23febd51c7e24361e3a9c09f3e892eb0a41ea ] Add tracing for the refcounting/lifecycle of the cifs_tcon struct, marking different events with different labels and giving each tcon its own debug ID so that the tracelines corresponding to individual tcons can be distinguished. This can be enabled with: echo 1 >/sys/kernel/debug/tracing/events/cifs/smb3_tcon_ref/enable Signed-off-by: David Howells Acked-by: Paulo Alcantara (Red Hat) cc: Shyam Prasad N cc: linux-cifs@vger.kernel.org cc: linux-fsdevel@vger.kernel.org Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 2004e41cd2c418d707fd77b21e4ac38d647e55ef Author: Paulo Alcantara Date: Tue Apr 9 11:28:59 2024 -0300 smb: client: instantiate when creating SFU files [ Upstream commit c6ff459037b2e35450af2351037eac4c8aca1d6b ] In cifs_sfu_make_node(), on success, instantiate rather than leave it with dentry unhashed negative to support callers that expect mknod(2) to always instantiate. This fixes the following test case: mount.cifs //srv/share /mnt -o ...,sfu mkfifo /mnt/fifo ./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo ... BUG: unable to handle page fault for address: 000000034cec4e58 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted 5.14.0-436.3987_1240945149.el9.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20 Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8 d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04 fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206 RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000 RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200 R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000 FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __mutex_lock.constprop.0+0x5f7/0x6a0 ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10 __mutex_lock.constprop.0+0x5f7/0x6a0 ? __mod_memcg_lruvec_state+0x84/0xd0 pipe_write+0x47/0x650 ? do_anonymous_page+0x258/0x410 ? inode_security+0x22/0x60 ? selinux_file_permission+0x108/0x150 vfs_write+0x2cb/0x410 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0xf0 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x6b/0xf0 ? sched_clock_cpu+0x9/0xc0 ? exc_page_fault+0x62/0x150 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Cc: stable@vger.kernel.org Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") Suggested-by: Al Viro Signed-off-by: Paulo Alcantara (Red Hat) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 01bce099af0f831131e48d99fa63a9a63c930fc3 Author: Paulo Alcantara Date: Mon Apr 8 18:32:17 2024 -0300 smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file() [ Upstream commit ec4535b2a1d709d3a1fbec26739c672f13c98a7b ] cifs_get_fattr() may be called with a NULL inode, so check for a non-NULL inode before calling cifs_mark_open_handles_for_deleted_file(). This fixes the following oops: mount.cifs //srv/share /mnt -o ...,vers=3.1.1 cd /mnt touch foo; tail -f foo & rm foo cat foo BUG: kernel NULL pointer dereference, address: 00000000000005c0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 2 PID: 696 Comm: cat Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 RIP: 0010:__lock_acquire+0x5d/0x1c70 Code: 00 00 44 8b a4 24 a0 00 00 00 45 85 f6 0f 84 bb 06 00 00 8b 2d 48 e2 95 01 45 89 c3 41 89 d2 45 89 c8 85 ed 0 0 <48> 81 3f 40 7a 76 83 44 0f 44 d8 83 fe 01 0f 86 1b 03 00 00 31 d2 RSP: 0018:ffffc90000b37490 EFLAGS: 00010002 RAX: 0000000000000000 RBX: ffff888110021ec0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000005c0 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000200 FS: 00007f2a1fa08740(0000) GS:ffff888157a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000005c0 CR3: 000000011ac7c000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: ? __die+0x23/0x70 ? page_fault_oops+0x180/0x490 ? srso_alias_return_thunk+0x5/0xfbef5 ? exc_page_fault+0x70/0x230 ? asm_exc_page_fault+0x26/0x30 ? __lock_acquire+0x5d/0x1c70 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 lock_acquire+0xc0/0x2d0 ? cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs] ? srso_alias_return_thunk+0x5/0xfbef5 ? kmem_cache_alloc+0x2d9/0x370 _raw_spin_lock+0x34/0x80 ? cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs] cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs] cifs_get_fattr+0x24c/0x940 [cifs] ? srso_alias_return_thunk+0x5/0xfbef5 cifs_get_inode_info+0x96/0x120 [cifs] cifs_lookup+0x16e/0x800 [cifs] cifs_atomic_open+0xc7/0x5d0 [cifs] ? lookup_open.isra.0+0x3ce/0x5f0 ? __pfx_cifs_atomic_open+0x10/0x10 [cifs] lookup_open.isra.0+0x3ce/0x5f0 path_openat+0x42b/0xc30 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 do_filp_open+0xc4/0x170 do_sys_openat2+0xab/0xe0 __x64_sys_openat+0x57/0xa0 do_syscall_64+0xc1/0x1e0 entry_SYSCALL_64_after_hwframe+0x72/0x7a Fixes: ffceb7640cbf ("smb: client: do not defer close open handles to deleted files") Reviewed-by: Meetakshi Setiya Reviewed-by: Bharath SM Signed-off-by: Paulo Alcantara (Red Hat) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit dbd2df36cd676ccf9e1da712ff554769291cbffb Author: Steve French Date: Sun Mar 24 00:01:02 2024 -0500 smb3: add trace event for mknod [ Upstream commit e9e9fbeb83f65d3d487e0a0838c0867292c99fb2 ] Add trace points to help debug mknod and mkfifo: smb3_mknod_done smb3_mknod_enter smb3_mknod_err Example output: TASK-PID CPU# ||||| TIMESTAMP FUNCTION | | | ||||| | | mkfifo-6163 [003] ..... 960.425558: smb3_mknod_enter: xid=12 sid=0xb55130f6 tid=0x46e6241c path=\fifo1 mkfifo-6163 [003] ..... 960.432719: smb3_mknod_done: xid=12 sid=0xb55130f6 tid=0x46e6241c Reviewed-by: Bharath SM Reviewed-by: Meetakshi Setiya Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 8aff8b8b177d250208b2fcc627474e56869b86af Author: Steve French Date: Tue Mar 19 17:00:01 2024 -0500 smb311: additional compression flag defined in updated protocol spec [ Upstream commit e56bc745fa1de77abc2ad8debc4b1b83e0426c49 ] Added new compression flag that was recently documented, in addition fix some typos and clarify the sid_attr_data struct definition. Reviewed-by: Bharath SM Signed-off-by: Steve French Signed-off-by: Sasha Levin commit a9aa7a776efcf899b875fd573e316a5272809cba Author: Steve French Date: Tue Mar 19 15:59:38 2024 -0500 smb311: correct incorrect offset field in compression header [ Upstream commit 68c5818a27afcb5cdddab041b82e9d47c996cb6a ] The offset field in the compression header is 32 bits not 16. Reviewed-by: Bharath SM Reported-by: Enzo Matsumiya Signed-off-by: Steve French Signed-off-by: Sasha Levin commit c1f3c8204e6f19b66123a3bae3fc2a566d814d97 Author: Steve French Date: Wed May 1 01:39:48 2024 -0500 cifs: Move some extern decls from .c files to .h [ Upstream commit 5b142b37c70b1fa6936fa2d0babb0b8c16767d3a ] Move the following: extern mempool_t *cifs_sm_req_poolp; extern mempool_t *cifs_req_poolp; extern mempool_t *cifs_mid_poolp; extern bool disable_legacy_dialects; from various .c files to cifsglob.h. Signed-off-by: David Howells cc: linux-cifs@vger.kernel.org Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 39bdc4197acf2ed13269167ccf093ee28cfa2a4e Author: Namjae Jeon Date: Tue Mar 19 08:40:48 2024 +0900 ksmbd: fix potencial out-of-bounds when buffer offset is invalid [ Upstream commit c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da ] I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length. Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 9e4937cbc150f9d5a9b5576e1922ef0b5ed2eb72 Author: Namjae Jeon Date: Sat Mar 16 23:36:36 2024 +0900 ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() [ Upstream commit d10c77873ba1e9e6b91905018e29e196fd5f863d ] If ->NameOffset/Length is bigger than ->CreateContextsOffset/Length, ksmbd_check_message doesn't validate request buffer it correctly. So slab-out-of-bounds warning from calling smb_strndup_from_utf16() in smb2_open() could happen. If ->NameLength is non-zero, Set the larger of the two sums (Name and CreateContext size) as the offset and length of the data area. Reported-by: Yang Chaoming Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 74dc3e5bf6e1920cb05da51ed90b6c63a1e56f5a Author: Colin Ian King Date: Wed Mar 13 09:16:16 2024 +0000 ksmbd: Fix spelling mistake "connction" -> "connection" [ Upstream commit e758fa6956cbc873e4819ec3dd97cfd05a4c147e ] There is a spelling mistake in a ksmbd_debug debug message. Fix it. Signed-off-by: Colin Ian King Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 27b40b7bfcd121fe13a150ffe11957630cf49246 Author: Marios Makassikis Date: Wed Mar 13 15:11:38 2024 +0100 ksmbd: fix possible null-deref in smb_lazy_parent_lease_break_close [ Upstream commit 5fb282ba4fef8985a5acf2b32681f2ec07732561 ] rcu_dereference can return NULL, so make sure we check against that. Signed-off-by: Marios Makassikis Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 8b2326963da773c11cb75327aff600984ca2b8e8 Author: Bharath SM Date: Thu Mar 14 23:36:36 2024 +0530 cifs: remove redundant variable assignment [ Upstream commit 2760161d149f8d60c3f767fc62a823a1ead9d367 ] This removes an unnecessary variable assignment. The assigned value will be overwritten by cifs_fattr_to_inode before it is accessed, making the line redundant. Signed-off-by: Bharath SM Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 1598a015c7610896e09e11fa0a927057f2488e11 Author: Meetakshi Setiya Date: Thu Mar 14 08:05:49 2024 -0400 cifs: fixes for get_inode_info [ Upstream commit fc20c523211a38b87fc850a959cb2149e4fd64b0 ] Fix potential memory leaks, add error checking, remove unnecessary initialisation of status_file_deleted and do not use cifs_iget() to get inode in reparse_info_to_fattr since fattrs may not be fully set. Fixes: ffceb7640cbf ("smb: client: do not defer close open handles to deleted files") Reported-by: Paulo Alcantara Signed-off-by: Meetakshi Setiya Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 91cdeb0d4baf7e5a68b0266ccee9047d019e6e72 Author: Bharath SM Date: Tue Mar 12 21:21:41 2024 -0500 cifs: defer close file handles having RH lease [ Upstream commit dc528770edb138e26a533f8a77de5c4db18ea7f3 ] Previously we only deferred closing file handles with RHW lease. To enhance performance benefits from deferred closes, we now include handles with RH leases as well. Signed-off-by: Bharath SM Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 8df4bcdb0a4232192b2445256c39b787d58ef14d Author: Namjae Jeon Date: Tue Mar 12 14:05:57 2024 +0900 ksmbd: add support for durable handles v1/v2 [ Upstream commit c8efcc786146a951091588e5fa7e3c754850cb3c ] Durable file handles allow reopening a file preserved on a short network outage and transparent client reconnection within a timeout. i.e. Durable handles aren't necessarily cleaned up when the opening process terminates. This patch add support for durable handle version 1 and 2. To prove durable handles work on ksmbd, I have tested this patch with the following smbtorture tests: smb2.durable-open.open-oplock smb2.durable-open.open-lease smb2.durable-open.reopen1 smb2.durable-open.reopen1a smb2.durable-open.reopen1a-lease smb2.durable-open.reopen2 smb2.durable-open.reopen2a smb2.durable-open.reopen2-lease smb2.durable-open.reopen2-lease-v2 smb2.durable-open.reopen3 smb2.durable-open.reopen4 smb2.durable-open.delete_on_close2 smb2.durable-open.file-position smb2.durable-open.lease smb2.durable-open.alloc-size smb2.durable-open.read-only smb2.durable-v2-open.create-blob smb2.durable-v2-open.open-oplock smb2.durable-v2-open.open-lease smb2.durable-v2-open.reopen1 smb2.durable-v2-open.reopen1a smb2.durable-v2-open.reopen1a-lease smb2.durable-v2-open.reopen2 smb2.durable-v2-open.reopen2b Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 665e85883098e252d44551954681c2f77c651369 Author: Namjae Jeon Date: Sun Mar 10 19:30:51 2024 +0900 ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session [ Upstream commit fa9415d4024fd0c58d24a4ad4f1826fb8bfcc4aa ] Currently ksmbd exit connection as well destroying previous session. When testing durable handle feaure, I found that destroy_previous_session() should destroy only session, i.e. the connection should be still alive. This patch mark SMB2_SESSION_EXPIRED on the previous session to be destroyed later and not used anymore. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin commit eb4a05e3c34b576515486e602f1dd4fd49137430 Author: Enzo Matsumiya Date: Fri Mar 8 19:00:12 2024 -0300 smb: common: simplify compression headers [ Upstream commit 24337b60e88219816f84d633369299660e8e8cce ] Unify compression headers (chained and unchained) into a single struct so we can use it for the initial compression transform header interchangeably. Also make the OriginalPayloadSize field to be always visible in the compression payload header, and have callers subtract its size when not needed. Rename the related structs to match the naming convetion used in the other SMB2 structs. Signed-off-by: Enzo Matsumiya Signed-off-by: Steve French Signed-off-by: Sasha Levin commit fdd938b2b468dd37b0ccf9af6c88feda21f77229 Author: Enzo Matsumiya Date: Fri Mar 8 18:34:10 2024 -0300 smb: common: fix fields sizes in compression_pattern_payload_v1 [ Upstream commit f49af462875a0922167cf301cf126cd04009070e ] See protocol documentation in MS-SMB2 section 2.2.42.2.2 Signed-off-by: Enzo Matsumiya Signed-off-by: Steve French Signed-off-by: Sasha Levin commit e8aee4f4d2e3048704474d82f2563edfe2d2fe5b Author: Enzo Matsumiya Date: Fri Feb 23 11:58:57 2024 -0300 smb: client: negotiate compression algorithms [ Upstream commit 8fe7062b7d11fcd21c4dcb5f530eaa1a099b24e7 ] Change "compress=" mount option to a boolean flag, that, if set, will enable negotiating compression algorithms with the server. Do not de/compress anything for now. Signed-off-by: Enzo Matsumiya Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 25f3604fcd628d8a238a8e61037977b697bf0e8b Author: Steve French Date: Wed Mar 6 01:03:59 2024 -0600 smb3: add dynamic trace point for ioctls [ Upstream commit 073dd87c8e1ee55ca163956f0c71249dc28aac51 ] It can be helpful in debugging to know which ioctls are called to better correlate them with smb3 fsctls (and opens). Add a dynamic trace point to trace ioctls into cifs.ko Here is sample output: TASK-PID CPU# ||||| TIMESTAMP FUNCTION | | | ||||| | | new-inotify-ioc-90418 [001] ..... 142157.397024: smb3_ioctl: xid=18 fid=0x0 ioctl cmd=0xc009cf0b new-inotify-ioc-90457 [007] ..... 142217.943569: smb3_ioctl: xid=22 fid=0x389bf5b6 ioctl cmd=0xc009cf0b Signed-off-by: Steve French Signed-off-by: Sasha Levin commit c057a809e128e09391c0d57265ae3e61f53f6a57 Author: Paulo Alcantara Date: Sat Feb 24 16:57:14 2024 -0300 smb: client: return reparse type in /proc/mounts [ Upstream commit 1e5f4240714bb238d2d17c7e14e5fb45c9140665 ] Add support for returning reparse mount option in /proc/mounts. Reported-by: kernel test robot Closes: https://lore.kernel.org/oe-kbuild-all/202402262152.YZOwDlCM-lkp@intel.com/ Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 582524019459e7229bc90677fbf47c02a551558b Author: Paulo Alcantara Date: Fri Feb 2 13:42:11 2024 -0300 smb: client: set correct d_type for reparse DFS/DFSR and mount point [ Upstream commit 8bd25b61c5a55bc769c6608e9ce95860759acdcb ] Set correct dirent->d_type for IO_REPARSE_TAG_DFS{,R} and IO_REPARSE_TAG_MOUNT_POINT reparse points. Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 97db416045554ab33533536b04398037d49e532e Author: Paulo Alcantara Date: Sun Jan 28 21:52:03 2024 -0300 smb: client: parse uid, gid, mode and dev from WSL reparse points [ Upstream commit 78e26bec4d6d3aef04276e28bed48a45fd00e116 ] Parse the extended attributes from WSL reparse points to correctly report uid, gid mode and dev from ther instantiated inodes. Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 7449d736bbbd160c76b01b8fcdf72f58a8757d4b Author: Steve French Date: Wed May 1 01:01:06 2024 -0500 smb: client: introduce SMB2_OP_QUERY_WSL_EA [ Upstream commit ea41367b2a602f602ea6594fc4a310520dcc64f4 ] Add a new command to smb2_compound_op() for querying WSL extended attributes from reparse points. Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit b93ac66fa2361e24f7a9909580862d80f5f72240 Author: Dan Carpenter Date: Wed Jan 31 10:10:18 2024 +0300 smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() [ Upstream commit e0e1e09b2c41d383a2483f2ee5227b724860ced1 ] This was intended to be an IS_ERR() check. The ea_create_context() function doesn't return NULL. Fixes: 1eab17fe485c ("smb: client: add support for WSL reparse points") Reviewed-by: Paulo Alcantara Signed-off-by: Dan Carpenter Signed-off-by: Steve French Signed-off-by: Sasha Levin commit df0a8a19251007b6930d4b5ef57cf54e5c1e9c30 Author: Paulo Alcantara Date: Fri Jan 26 19:26:06 2024 -0300 smb: client: add support for WSL reparse points [ Upstream commit 5a4b09ecf8e8ad26ea03a37e52e310fe13f15b49 ] Add support for creating special files via WSL reparse points when using 'reparse=wsl' mount option. They're faster than NFS reparse points because they don't require extra roundtrips to figure out what ->d_type a specific dirent is as such information is already stored in query dir responses and then making getdents() calls faster. Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 831ffbd1c7b5e48fbbbf4eedccd666aa9bcda793 Author: Paulo Alcantara Date: Thu Jan 25 19:21:48 2024 -0300 smb: client: reduce number of parameters in smb2_compound_op() [ Upstream commit fa792d8d235c20df5f422e4bd172db1efde55ab9 ] Replace @desired_access, @create_disposition, @create_options and @mode parameters with a single @oparms. No functional changes. Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 84c597f7f98ce692ba6078e6e63bc33303c7798f Author: Paulo Alcantara Date: Thu Jan 25 17:04:05 2024 -0300 smb: client: fix potential broken compound request [ Upstream commit 6914d288c63682e20e0f6e1e0b8e8f5847012d67 ] Now that smb2_compound_op() can accept up to 5 commands in a single compound request, set the appropriate NextCommand and related flags to all subsequent commands as well as handling the case where a valid @cfile is passed and therefore skipping create and close requests in the compound chain. This fix a potential broken compound request that could be sent from smb2_get_reparse_inode() if the client found a valid open file (@cfile) prior to calling smb2_compound_op(). Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit db0f1c0770bc206fea8f2933109215b654f75d79 Author: Paulo Alcantara Date: Tue Mar 5 23:28:48 2024 -0600 smb: client: move most of reparse point handling code to common file [ Upstream commit c520ba7573a84bd37f8803a3beeb8f6f995bf9e1 ] In preparation to add support for creating special files also via WSL reparse points in next commits. Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit c1468c7e0ab9528db8e43e79ed75127885e3fb86 Author: Paulo Alcantara Date: Sun Jan 21 13:28:21 2024 -0300 smb: client: introduce reparse mount option [ Upstream commit eb90e8ecb2b54ac1af51e28596e0ef7ba351476d ] Allow the user to create special files and symlinks by choosing between WSL and NFS reparse points via 'reparse={nfs,wsl}' mount options. If unset or 'reparse=default', the client will default to creating them via NFS reparse points. Creating WSL reparse points isn't supported yet, so simply return error when attempting to mount with 'reparse=wsl' for now. Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 1e60bc0e954389af82f1d9a85f13a63f6572350f Author: Meetakshi Setiya Date: Tue Mar 5 22:43:53 2024 -0500 smb: client: retry compound request without reusing lease [ Upstream commit 71f15c90e785d1de4bcd65a279e7256684c25c0d ] There is a shortcoming in the current implementation of the file lease mechanism exposed when the lease keys were attempted to be reused for unlink, rename and set_path_size operations for a client. As per MS-SMB2, lease keys are associated with the file name. Linux smb client maintains lease keys with the inode. If the file has any hardlinks, it is possible that the lease for a file be wrongly reused for an operation on the hardlink or vice versa. In these cases, the mentioned compound operations fail with STATUS_INVALID_PARAMETER. This patch adds a fallback to the old mechanism of not sending any lease with these compound operations if the request with lease key fails with STATUS_INVALID_PARAMETER. Resending the same request without lease key should not hurt any functionality, but might impact performance especially in cases where the error is not because of the usage of wrong lease key and we might end up doing an extra roundtrip. Signed-off-by: Meetakshi Setiya Signed-off-by: Steve French Signed-off-by: Sasha Levin commit b6e27f7fc2456b8d652b7d43c9af2c1eae3a68fc Author: Steve French Date: Wed May 1 00:56:13 2024 -0500 smb: client: do not defer close open handles to deleted files [ Upstream commit ffceb7640cbfe6ea60e7769e107451d63a2fe3d3 ] When a file/dentry has been deleted before closing all its open handles, currently, closing them can add them to the deferred close list. This can lead to problems in creating file with the same name when the file is re-created before the deferred close completes. This issue was seen while reusing a client's already existing lease on a file for compound operations and xfstest 591 failed because of the deferred close handle that remained valid even after the file was deleted and was being reused to create a file with the same name. The server in this case returns an error on open with STATUS_DELETE_PENDING. Recreating the file would fail till the deferred handles are closed (duration specified in closetimeo). This patch fixes the issue by flagging all open handles for the deleted file (file path to be precise) by setting status_file_deleted to true in the cifsFileInfo structure. As per the information classes specified in MS-FSCC, SMB2 query info response from the server has a DeletePending field, set to true to indicate that deletion has been requested on that file. If this is the case, flag the open handles for this file too. When doing close in cifs_close for each of these handles, check the value of this boolean field and do not defer close these handles if the corresponding filepath has been deleted. Signed-off-by: Meetakshi Setiya Signed-off-by: Steve French Signed-off-by: Sasha Levin commit f93d145f90028a508d68c08b2b0f0a36063d02cb Author: Meetakshi Setiya Date: Tue Mar 5 22:43:51 2024 -0500 smb: client: reuse file lease key in compound operations [ Upstream commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 ] Currently, when a rename, unlink or set path size compound operation is requested on a file that has a lot of dirty pages to be written to the server, we do not send the lease key for these requests. As a result, the server can assume that this request is from a new client, and send a lease break notification to the same client, on the same connection. As a response to the lease break, the client can consume several credits to write the dirty pages to the server. Depending on the server's credit grant implementation, the server can stop granting more credits to this connection, and this can cause a deadlock (which can only be resolved when the lease timer on the server expires). One of the problems here is that the client is sending no lease key, even if it has a lease for the file. This patch fixes the problem by reusing the existing lease key on the file for rename, unlink and set path size compound operations so that the client does not break its own lease. A very trivial example could be a set of commands by a client that maintains open handle (for write) to a file and then tries to copy the contents of that file to another one, eg., tail -f /dev/null > myfile & mv myfile myfile2 Presently, the network capture on the client shows that the move (or rename) would trigger a lease break on the same client, for the same file. With the lease key reused, the lease break request-response overhead is eliminated, thereby reducing the roundtrips performed for this set of operations. The patch fixes the bug described above and also provides perf benefit. Signed-off-by: Meetakshi Setiya Signed-off-by: Steve French Signed-off-by: Sasha Levin commit cfb8f73da601387203e443c37f4be641c77f5e5d Author: Paulo Alcantara Date: Fri Jan 19 01:08:28 2024 -0300 smb: client: get rid of smb311_posix_query_path_info() [ Upstream commit f83709b9e0eb7048d74ba4515f268c6eacbce9c9 ] Merge smb311_posix_query_path_info into ->query_path_info() to get rid of duplicate code. Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit a90f37e3d7acfd9824f162830583bbf7846fe252 Author: Steve French Date: Wed May 1 00:35:20 2024 -0500 smb: client: parse owner/group when creating reparse points [ Upstream commit 858e74876c5cbff1dfd5bace99e32fbce2abd4b5 ] Parse owner/group when creating special files and symlinks under SMB3.1.1 POSIX mounts. Move the parsing of owner/group to smb2_compound_op() so we don't have to duplicate it in both smb2_get_reparse_inode() and smb311_posix_query_path_info(). Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit e4232010b13aec5457ed0e09e0cf76f4d1c4dcf7 Author: Steve French Date: Thu Feb 22 00:26:52 2024 -0600 smb3: update allocation size more accurately on write completion [ Upstream commit dbfdff402d89854126658376cbcb08363194d3cd ] Changes to allocation size are approximated for extending writes of cached files until the server returns the actual value (on SMB3 close or query info for example), but it was setting the estimated value for number of blocks to larger than the file size even if the file is likely sparse which breaks various xfstests (e.g. generic/129, 130, 221, 228). When i_size and i_blocks are updated in write completion do not increase allocation size more than what was written (rounded up to 512 bytes). Signed-off-by: Steve French Signed-off-by: Sasha Levin commit fff4045e712b3ec9dff2cfc473e8eab408c63959 Author: Paulo Alcantara Date: Sun Feb 11 20:19:31 2024 -0300 smb: client: handle path separator of created SMB symlinks [ Upstream commit 8bde59b20de06339d598e8b05e5195f7c631c38b ] Convert path separator to CIFS_DIR_SEP(cifs_sb) from symlink target before sending it over the wire otherwise the created SMB symlink may become innaccesible from server side. Fixes: 514d793e27a3 ("smb: client: allow creating symlinks via reparse points") Signed-off-by: Paulo Alcantara (Red Hat) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 1b5f2928cc6be8fe2d4ca33e3901d09aefcb0d57 Author: Steve French Date: Sun Apr 28 01:32:09 2024 -0500 cifs: update the same create_guid on replay [ Upstream commit 79520587fe42cd4988aff8695d60621e689109cb ] File open requests made to the server contain a CreateGuid, which is used by the server to identify the open request. If the same request needs to be replayed, it needs to be sent with the same CreateGuid in the durable handle v2 context. Without doing so, we could end up leaking handles on the server when: 1. multichannel is used AND 2. connection goes down, but not for all channels This is because the replayed open request would have a new CreateGuid and the server will treat this as a new request and open a new handle. This change fixes this by reusing the existing create_guid stored in the cached fid struct. REF: MS-SMB2 4.9 Replay Create Request on an Alternate Channel Fixes: 4f1fffa23769 ("cifs: commands that are retried should have replay flag set") Signed-off-by: Shyam Prasad N Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 75417833bb3e4da041934b3a9570a5dccbc88887 Author: Yang Li Date: Fri Feb 2 16:13:17 2024 +0800 ksmbd: Add kernel-doc for ksmbd_extract_sharename() function [ Upstream commit a12bc36032a2f7917068f9ce9eb26d869e54b31a ] The ksmbd_extract_sharename() function lacked a complete kernel-doc comment. This patch adds parameter descriptions and detailed function behavior to improve code readability and maintainability. Signed-off-by: Yang Li Acked-by: Randy Dunlap Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin commit cdd7870a5fd56aca9fdc65edb7ba3c9938f2f818 Author: Shyam Prasad N Date: Thu Jan 18 09:14:10 2024 +0000 cifs: set replay flag for retries of write command [ Upstream commit 4cdad80261862c8cdcbb5fd232aa713d0bdefe24 ] Similar to the rest of the commands, this is a change to add replay flags on retry. This one does not add a back-off, considering that we may want to flush a write ASAP to the server. Considering that this will be a flush of cached pages, the retrans value is also not honoured. Signed-off-by: Shyam Prasad N Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 433042a91f9373241307725b52de573933ffedbf Author: Shyam Prasad N Date: Sun Jan 21 03:32:47 2024 +0000 cifs: commands that are retried should have replay flag set [ Upstream commit 4f1fffa2376922f3d1d506e49c0fd445b023a28e ] MS-SMB2 states that the header flag SMB2_FLAGS_REPLAY_OPERATION needs to be set when a command needs to be retried, so that the server is aware that this is a replay for an operation that appeared before. This can be very important, for example, for state changing operations and opens which get retried following a reconnect; since the client maybe unaware of the status of the previous open. This is particularly important for multichannel scenario, since disconnection of one connection does not mean that the session is lost. The requests can be replayed on another channel. This change also makes use of exponential back-off before replays and also limits the number of retries to "retrans" mount option value. Also, this change does not modify the read/write codepath. Signed-off-by: Shyam Prasad N Signed-off-by: Steve French Signed-off-by: Sasha Levin commit a5df7820310b4c9443d747b985165ddb79d1fb87 Author: Alexey Dobriyan Date: Tue Jan 23 13:40:00 2024 +0300 smb: client: delete "true", "false" defines [ Upstream commit 5d390df3bdd13d178eb2e02e60e9a480f7103f7b ] Kernel has its own official true/false definitions. The defines aren't even used in this file. Signed-off-by: Alexey Dobriyan Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 5cf3fddbd3682eca45d4c854446e20ce49f53943 Author: Yang Li Date: Fri Jan 19 17:57:07 2024 +0800 smb: Fix some kernel-doc comments [ Upstream commit 72b0cbf6b81003c01d63c60180b335f7692d170e ] Fix some kernel-doc comments to silence the warnings: fs/smb/server/transport_tcp.c:374: warning: Function parameter or struct member 'max_retries' not described in 'ksmbd_tcp_read' fs/smb/server/transport_tcp.c:423: warning: Function parameter or struct member 'iface' not described in 'create_socket' Signed-off-by: Yang Li Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin commit b4ca2942a0a413e08161a5e4a1b32eb3d2d9f8f7 Author: Shyam Prasad N Date: Wed Jan 17 06:09:16 2024 +0000 cifs: new mount option called retrans [ Upstream commit ce09f8d8a7130e6edfdd6fcad8eb277824d5de95 ] We have several places in the code where we treat the error -EAGAIN very differently. Some code retry for arbitrary number of times. Introducing this new mount option named "retrans", so that all these handlers of -EAGAIN can retry a fixed number of times. This applies only to soft mounts. Signed-off-by: Shyam Prasad N Signed-off-by: Steve French Signed-off-by: Sasha Levin commit de2cadf4bffad1c1993fbf1271b85425b22f7477 Author: Paulo Alcantara Date: Fri Jan 19 01:08:29 2024 -0300 smb: client: don't clobber ->i_rdev from cached reparse points [ Upstream commit 66c9314b61ed5b7bfcff0d89359aa0f975c0ab53 ] Don't clobber ->i_rdev from valid reparse inodes over readdir(2) as it can't be provided by query dir responses. Signed-off-by: Paulo Alcantara Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 6789c8387676a35a2d1c3860b22d478795f32d03 Author: Shyam Prasad N Date: Wed Jan 17 06:21:33 2024 +0000 cifs: new nt status codes from MS-SMB2 [ Upstream commit 7f738527a7a03021c7e1b02e188f446845f05eb6 ] MS-SMB2 spec has introduced two new status codes, STATUS_SERVER_UNAVAILABLE and STATUS_FILE_NOT_AVAILABLE which are to be treated as retryable errors. This change adds these to the available mappings and maps them to Linux errno EAGAIN. Signed-off-by: Shyam Prasad N Signed-off-by: Steve French Signed-off-by: Sasha Levin commit b96ea433fff45fd2265c3536cef57ad62451299b Author: Shyam Prasad N Date: Wed Jan 10 10:48:36 2024 +0000 cifs: pick channel for tcon and tdis [ Upstream commit 268b8b5797becb242013fcd63173eb28c007c8ae ] Today, the tree connect and disconnect requests are sent on the primary channel only. However, the new multichannel logic allows the session to remain active even if one of the channels are alive. So a tree connect can now be triggered during a reconnect on any of its channels. This change changes tcon and tdis calls to pick an active channel instead of the first one. Signed-off-by: Shyam Prasad N Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 36f8070c9bdb446d5bd1287a1dbb19eb9374452e Author: Steve French Date: Wed Jan 17 16:56:05 2024 -0600 cifs: minor comment cleanup [ Upstream commit 0b549c4f594167d7ef056393c6a06ac77f5690ff ] minor comment cleanup and trivial camelCase removal Reviewed-by: Bharath SM Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 8358f46bef22c31bdcdbd43810694cc9cedf19d8 Author: Colin Ian King Date: Tue Jan 16 10:51:34 2024 +0000 cifs: remove redundant variable tcon_exist [ Upstream commit 8ca5d2641be217a78a891d4dbe2a46232d1d8eb9 ] The variable tcon_exist is being assigned however it is never read, the variable is redundant and can be removed. Cleans up clang scan build warning: warning: Although the value stored to 'tcon_exist' is used in the enclosing expression, the value is never actually readfrom 'tcon_exist' [deadcode.DeadStores] Signed-off-by: Colin Ian King Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 67ed045c5f403e1c0586092f87798e7169b23f69 Author: Randy Dunlap Date: Fri Dec 15 19:28:14 2023 -0800 ksmbd: vfs: fix all kernel-doc warnings [ Upstream commit 8d99c1131d9d03053b7b1e1245b8f6e6846d9c69 ] Fix all kernel-doc warnings in vfs.c: vfs.c:54: warning: Function parameter or member 'parent' not described in 'ksmbd_vfs_lock_parent' vfs.c:54: warning: Function parameter or member 'child' not described in 'ksmbd_vfs_lock_parent' vfs.c:54: warning: No description found for return value of 'ksmbd_vfs_lock_parent' vfs.c:372: warning: Function parameter or member 'fp' not described in 'ksmbd_vfs_read' vfs.c:372: warning: Excess function parameter 'fid' description in 'ksmbd_vfs_read' vfs.c:489: warning: Function parameter or member 'fp' not described in 'ksmbd_vfs_write' vfs.c:489: warning: Excess function parameter 'fid' description in 'ksmbd_vfs_write' vfs.c:555: warning: Function parameter or member 'path' not described in 'ksmbd_vfs_getattr' vfs.c:555: warning: Function parameter or member 'stat' not described in 'ksmbd_vfs_getattr' vfs.c:555: warning: Excess function parameter 'work' description in 'ksmbd_vfs_getattr' vfs.c:555: warning: Excess function parameter 'fid' description in 'ksmbd_vfs_getattr' vfs.c:555: warning: Excess function parameter 'attrs' description in 'ksmbd_vfs_getattr' vfs.c:572: warning: Function parameter or member 'p_id' not described in 'ksmbd_vfs_fsync' vfs.c:595: warning: Function parameter or member 'work' not described in 'ksmbd_vfs_remove_file' vfs.c:595: warning: Function parameter or member 'path' not described in 'ksmbd_vfs_remove_file' vfs.c:595: warning: Excess function parameter 'name' description in 'ksmbd_vfs_remove_file' vfs.c:633: warning: Function parameter or member 'work' not described in 'ksmbd_vfs_link' vfs.c:805: warning: Function parameter or member 'fp' not described in 'ksmbd_vfs_truncate' vfs.c:805: warning: Excess function parameter 'fid' description in 'ksmbd_vfs_truncate' vfs.c:846: warning: Excess function parameter 'size' description in 'ksmbd_vfs_listxattr' vfs.c:953: warning: Function parameter or member 'option' not described in 'ksmbd_vfs_set_fadvise' vfs.c:953: warning: Excess function parameter 'options' description in 'ksmbd_vfs_set_fadvise' vfs.c:1167: warning: Function parameter or member 'um' not described in 'ksmbd_vfs_lookup_in_dir' vfs.c:1203: warning: Function parameter or member 'work' not described in 'ksmbd_vfs_kern_path_locked' vfs.c:1641: warning: No description found for return value of 'ksmbd_vfs_init_kstat' Signed-off-by: Randy Dunlap Cc: Namjae Jeon Cc: Steve French Cc: Sergey Senozhatsky Cc: Tom Talpey Cc: linux-cifs@vger.kernel.org Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin commit d4caa984c971b6fb8b3daeef78bb108c2cf6c5bf Author: Randy Dunlap Date: Fri Dec 15 19:03:57 2023 -0800 ksmbd: auth: fix most kernel-doc warnings [ Upstream commit b4068f1ef36d634ef44ece894738284d756d6627 ] Fix 12 of 17 kernel-doc warnings in auth.c: auth.c:221: warning: Function parameter or member 'conn' not described in 'ksmbd_auth_ntlmv2' auth.c:221: warning: Function parameter or member 'cryptkey' not described in 'ksmbd_auth_ntlmv2' auth.c:305: warning: Function parameter or member 'blob_len' not described in 'ksmbd_decode_ntlmssp_auth_blob' auth.c:305: warning: Function parameter or member 'conn' not described in 'ksmbd_decode_ntlmssp_auth_blob' auth.c:305: warning: Excess function parameter 'usr' description in 'ksmbd_decode_ntlmssp_auth_blob' auth.c:385: warning: Function parameter or member 'blob_len' not described in 'ksmbd_decode_ntlmssp_neg_blob' auth.c:385: warning: Function parameter or member 'conn' not described in 'ksmbd_decode_ntlmssp_neg_blob' auth.c:385: warning: Excess function parameter 'rsp' description in 'ksmbd_decode_ntlmssp_neg_blob' auth.c:385: warning: Excess function parameter 'sess' description in 'ksmbd_decode_ntlmssp_neg_blob' auth.c:413: warning: Function parameter or member 'conn' not described in 'ksmbd_build_ntlmssp_challenge_blob' auth.c:413: warning: Excess function parameter 'rsp' description in 'ksmbd_build_ntlmssp_challenge_blob' auth.c:413: warning: Excess function parameter 'sess' description in 'ksmbd_build_ntlmssp_challenge_blob' The other 5 are only present when a W=1 kernel build is done or when scripts/kernel-doc is run with -Wall. They are: auth.c:81: warning: No description found for return value of 'ksmbd_gen_sess_key' auth.c:385: warning: No description found for return value of 'ksmbd_decode_ntlmssp_neg_blob' auth.c:413: warning: No description found for return value of 'ksmbd_build_ntlmssp_challenge_blob' auth.c:577: warning: No description found for return value of 'ksmbd_sign_smb2_pdu' auth.c:628: warning: No description found for return value of 'ksmbd_sign_smb3_pdu' Signed-off-by: Randy Dunlap Cc: Namjae Jeon Cc: Steve French Cc: Sergey Senozhatsky Cc: Tom Talpey Cc: linux-cifs@vger.kernel.org Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 42430638ace696680199a78daa57bcaadc1fa863 Author: Steve French Date: Mon Jan 8 22:37:10 2024 -0600 cifs: remove unneeded return statement [ Upstream commit a3f763fdcb2f784c355aed66ddac6748ff8dbfa6 ] Return statement was not needed at end of cifs_chan_update_iface Suggested-by: Christophe Jaillet Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 8e6a3999e6d5d607b9079e1723ba8e7d106c2463 Author: Paulo Alcantara Date: Sat Jan 6 20:05:18 2024 -0300 cifs: get rid of dup length check in parse_reparse_point() [ Upstream commit 8a3c4e44c243308c2364a00f9944c3d6fbdeb125 ] smb2_compound_op(SMB2_OP_GET_REPARSE) already checks if ioctl response has a valid reparse data buffer's length, so there's no need to check it again in parse_reparse_point(). In order to get rid of duplicate check, validate reparse data buffer's length also in cifs_query_reparse_point(). Signed-off-by: Paulo Alcantara (SUSE) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 774c6452475e56f5983689ea962ac07936e779c4 Author: David Howells Date: Mon Jan 1 15:40:10 2024 +0000 cifs: Pass unbyteswapped eof value into SMB2_set_eof() [ Upstream commit 6ebfede8d57a615dcbdec7e490faed585153f7f1 ] Change SMB2_set_eof() to take eof as CPU order rather than __le64 and pass it directly rather than by pointer. This moves the conversion down into SMB_set_eof() rather than all of its callers and means we don't need to undo it for the traceline. Signed-off-by: David Howells cc: Jeff Layton cc: linux-cifs@vger.kernel.org Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 88e07de246fa10b594bb2ad2165b4f389303baf0 Author: Markus Elfring Date: Fri Dec 29 20:43:12 2023 +0100 smb3: Improve exception handling in allocate_mr_list() [ Upstream commit 96d566b6c933be96e9f5b216f04024ab522e0465 ] The kfree() function was called in one case by the allocate_mr_list() function during error handling even if the passed variable contained a null pointer. This issue was detected by using the Coccinelle software. Thus use another label. Signed-off-by: Markus Elfring Signed-off-by: Steve French Signed-off-by: Sasha Levin commit d53fcb485f4b8eb262aadda32b8c54bfce2e4ec8 Author: Steve French Date: Sat Apr 27 20:05:11 2024 -0500 cifs: fix in logging in cifs_chan_update_iface [ Upstream commit 516eea97f92f1e7271f20835cfe9e73774b0f8cc ] Recently, cifs_chan_update_iface was modified to not remove an iface if a suitable replacement was not found. With that, there were two conditionals that were exactly the same. This change removes that extra condition check. Also, fixed a logging in the same function to indicate the correct message. Signed-off-by: Shyam Prasad N Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 304ff3c1b07c45707bfbdd81904062770f1675a9 Author: Paulo Alcantara Date: Tue Nov 28 18:23:33 2023 -0300 smb: client: handle special files and symlinks in SMB3 POSIX [ Upstream commit 9c38568a75c160786d5f5d5b96aeefed0c1b76bd ] Parse reparse points in SMB3 posix query info as they will be supported and required by the new specification. Signed-off-by: Paulo Alcantara (SUSE) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 870c73abef4bcc34e1c0b9ce854a3d0467f114cb Author: Paulo Alcantara Date: Sat Nov 25 23:55:08 2023 -0300 smb: client: cleanup smb2_query_reparse_point() [ Upstream commit 3ded18a9e9d22a9cba8acad24b77a87851f9c9fa ] Use smb2_compound_op() with SMB2_OP_GET_REPARSE to get reparse point. Signed-off-by: Paulo Alcantara (SUSE) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 00ecebcb86d86877afbbfc85ba1a9fccd239c76d Author: Paulo Alcantara Date: Sat Nov 25 23:55:04 2023 -0300 smb: client: allow creating symlinks via reparse points [ Upstream commit 514d793e27a310eb26b112c1f8f1a160472907e5 ] Add support for creating symlinks via IO_REPARSE_TAG_SYMLINK reparse points in SMB2+. These are fully supported by most SMB servers and documented in MS-FSCC. Also have the advantage of requiring fewer roundtrips as their symlink targets can be parsed directly from CREATE responses on STATUS_STOPPED_ON_SYMLINK errors. Reported-by: kernel test robot Closes: https://lore.kernel.org/oe-kbuild-all/202311260838.nx5mkj1j-lkp@intel.com/ Signed-off-by: Paulo Alcantara (SUSE) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit a158bb66b1373866d9fd5997565a58a573085539 Author: Steve French Date: Sun Apr 28 01:14:29 2024 -0500 smb: client: optimise reparse point querying [ Upstream commit 67ec9949b0dfe78c99e110dd975eb7dc5645630c ] Reduce number of roundtrips to server when querying reparse points in ->query_path_info() by sending a single compound request of create+get_reparse+get_info+close. Signed-off-by: Paulo Alcantara (SUSE) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 02bcf865cc532aa406f4c6c7973012f2070d8c51 Author: Steve French Date: Sun Apr 28 01:12:41 2024 -0500 smb: client: allow creating special files via reparse points [ Upstream commit 102466f303ffcd5cff207b3c122557f73f1041e6 ] Add support for creating special files (e.g. char/block devices, sockets, fifos) via NFS reparse points on SMB2+, which are fully supported by most SMB servers and documented in MS-FSCC. smb2_get_reparse_inode() creates the file with a corresponding reparse point buffer set in @iov through a single roundtrip to the server. Reported-by: kernel test robot Closes: https://lore.kernel.org/oe-kbuild-all/202311260746.HOJ039BV-lkp@intel.com/ Signed-off-by: Paulo Alcantara (SUSE) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 886b7fb4556dd80687a669ad3843584d3c481b24 Author: Steve French Date: Sun Apr 28 01:09:59 2024 -0500 smb: client: extend smb2_compound_op() to accept more commands [ Upstream commit 3322960ce222997b1663ffa69e691b2edfec4ac9 ] Make smb2_compound_op() accept up to MAX_COMPOUND(5) commands to be sent over a single compounded request. This will allow next commits to read and write reparse files through a single roundtrip to the server. Signed-off-by: Paulo Alcantara (SUSE) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit da70c1d3c58436a956093a0c11527b2bb8562cfc Author: Pierre Mariani Date: Sun Nov 26 20:52:56 2023 -0800 smb: client: Fix minor whitespace errors and warnings [ Upstream commit 0108ce08aed195d200ffbad74c1948bbaefe6625 ] Fixes no-op checkpatch errors and warnings. Signed-off-by: Pierre Mariani Signed-off-by: Steve French Signed-off-by: Sasha Levin commit abea3c9ac8c6e85c6853258a85e6bf72df8b59ea Author: Steve French Date: Sat Apr 27 09:16:18 2024 -0500 smb: client: introduce cifs_sfu_make_node() [ Upstream commit b0348e459c836abdb0f4b967e006d15c77cf1c87 ] Remove duplicate code and add new helper for creating special files in SFU (Services for UNIX) format that can be shared by SMB1+ code. Signed-off-by: Paulo Alcantara (SUSE) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit a7b537b3be9f7de3ed349dbfbcc163ad35c01fa2 Author: Ritvik Budhiraja Date: Tue Nov 21 19:13:47 2023 +0530 cifs: fix use after free for iface while disabling secondary channels [ Upstream commit a15ccef82d3de9a37dc25898c60a394209368dc8 ] We were deferencing iface after it has been released. Fix is to release after all dereference instances have been encountered. Signed-off-by: Ritvik Budhiraja Reported-by: kernel test robot Reported-by: Dan Carpenter Closes: https://lore.kernel.org/r/202311110815.UJaeU3Tt-lkp@intel.com/ Signed-off-by: Steve French Signed-off-by: Sasha Levin commit bb536892dadd9b94be61f99f249c6f335fd5801d Author: Steve French Date: Fri Nov 10 01:24:16 2023 -0600 Missing field not being returned in ioctl CIFS_IOC_GET_MNT_INFO [ Upstream commit 784e0e20b4c97c270b2892f677d3fad658e2c1d5 ] The tcon_flags field was always being set to zero in the information about the mount returned by the ioctl CIFS_IOC_GET_MNT_INFO instead of being set to the value of the Flags field in the tree connection structure as intended. Reviewed-by: Shyam Prasad N Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 210c8b9d496e6b937cd4656a81a5c79d94eb019a Author: Steve French Date: Mon Nov 6 15:37:03 2023 -0600 smb3: minor cleanup of session handling code [ Upstream commit f72d96507640835726d4f5ba26c1c11acbe1bc97 ] Minor cleanup of style issues found by checkpatch Reviewed-by: Bharath SM Signed-off-by: Steve French Signed-off-by: Sasha Levin commit cc3035d092ebfe54b39f99caf506365d1b6415a5 Author: Steve French Date: Mon Nov 6 22:40:38 2023 -0600 smb3: more minor cleanups for session handling routines [ Upstream commit 1bc081b67a79b6e75fae686e98048cea1038ae31 ] Some trivial cleanup pointed out by checkpatch Reviewed-by: Bharath SM Signed-off-by: Steve French Signed-off-by: Sasha Levin commit b74c8d9be35a3029aa7a58ca9bf2ec2b6a7ee1f7 Author: Steve French Date: Mon Nov 6 13:31:45 2023 -0600 smb3: minor RDMA cleanup [ Upstream commit 43960dc2328e554c4c61b22c47e77e8b1c48d854 ] Some minor smbdirect debug cleanup spotted by checkpatch Cc: Long Li Reviewed-by: Bharath SM Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 9c88aae1e44c47c9d22ead49150e018e33633e36 Author: Shyam Prasad N Date: Mon Oct 30 11:00:07 2023 +0000 cifs: print server capabilities in DebugData [ Upstream commit 52768695d36a44d352e9fb79ba27468a5363ab8d ] In the output of /proc/fs/cifs/DebugData, we do not print the server->capabilities field today. With this change, we will do that. Signed-off-by: Shyam Prasad N Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 69a1669a6ba1ca6c8f7b07a2b0303b1fcb6ca4c1 Author: Eric Biggers Date: Sat Oct 28 22:03:00 2023 -0700 smb: use crypto_shash_digest() in symlink_hash() [ Upstream commit 783fa2c94f4150fe1b7f7d88b3baf6d98f82b41b ] Simplify symlink_hash() by using crypto_shash_digest() instead of an init+update+final sequence. This should also improve performance. Signed-off-by: Eric Biggers Reviewed-by: Paulo Alcantara (SUSE) Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 5b3c76351b4937c074e242e294aaa4458832d1d6 Author: Steve French Date: Sun Oct 8 23:04:01 2023 -0500 Add definition for new smb3.1.1 command type [ Upstream commit 7588b83066db9b9dc10c1a43b8e52a028ad327d2 ] Add structs and defines for new SMB3.1.1 command, server to client notification. See MS-SMB2 section 2.2.44 Signed-off-by: Steve French Signed-off-by: Sasha Levin commit c5c63108a86824b0a56faa1d516b41489bffceb0 Author: Steve French Date: Sun Oct 8 23:11:38 2023 -0500 SMB3: clarify some of the unused CreateOption flags [ Upstream commit d5a3c153fd00f5e951c4f20b4c65feb1e1cfbfcb ] Update comments to show flags which should be not set (zero). See MS-SMB2 section 2.2.13 Signed-off-by: Steve French Signed-off-by: Sasha Levin commit 6bd52f41d8047e83ebd57c2a3f43abd00eef067a Author: Meetakshi Setiya Date: Wed Oct 4 07:17:55 2023 -0400 cifs: Add client version details to NTLM authenticate message [ Upstream commit 1460720c5913c11415e4d7c4df5a287eb2ad3f3e ] The NTLM authenticate message currently sets the NTLMSSP_NEGOTIATE_VERSION flag but does not populate the VERSION structure. This commit fixes this bug by ensuring that the flag is set and the version details are included in the message. Signed-off-by: Meetakshi Setiya Reviewed-by: Bharath SM Reviewed-by: Paulo Alcantara (SUSE) Reviewed-by: Shyam Prasad N Signed-off-by: Steve French Signed-off-by: Sasha Levin