From: Greg Kroah-Hartman Date: Sun, 7 May 2023 13:13:23 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v5.15.111~67 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=23e5bc973a3c4560ec4203697d4821c41c9891ee;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: btrfs-scrub-reject-unsupported-scrub-flags.patch dm-clone-call-kmem_cache_destroy-in-dm_clone_init-error-path.patch dm-flakey-fix-a-crash-with-invalid-table-line.patch dm-integrity-call-kmem_cache_destroy-in-dm_integrity_init-error-path.patch dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern.patch dm-verity-fix-error-handling-for-check_at_most_once-on-fec.patch ia64-fix-an-addr-to-taddr-in-huge_pte_offset.patch s390-dasd-fix-hanging-blockdevice-after-request-requeue.patch scripts-gdb-fix-lx-timerlist-for-python3.patch --- diff --git a/queue-5.10/btrfs-scrub-reject-unsupported-scrub-flags.patch b/queue-5.10/btrfs-scrub-reject-unsupported-scrub-flags.patch new file mode 100644 index 00000000000..5212a54c2a2 --- /dev/null +++ b/queue-5.10/btrfs-scrub-reject-unsupported-scrub-flags.patch @@ -0,0 +1,57 @@ +From 604e6681e114d05a2e384c4d1e8ef81918037ef5 Mon Sep 17 00:00:00 2001 +From: Qu Wenruo +Date: Thu, 6 Apr 2023 13:00:34 +0800 +Subject: btrfs: scrub: reject unsupported scrub flags + +From: Qu Wenruo + +commit 604e6681e114d05a2e384c4d1e8ef81918037ef5 upstream. + +Since the introduction of scrub interface, the only flag that we support +is BTRFS_SCRUB_READONLY. Thus there is no sanity checks, if there are +some undefined flags passed in, we just ignore them. + +This is problematic if we want to introduce new scrub flags, as we have +no way to determine if such flags are supported. + +Address the problem by introducing a check for the flags, and if +unsupported flags are set, return -EOPNOTSUPP to inform the user space. + +This check should be backported for all supported kernels before any new +scrub flags are introduced. + +CC: stable@vger.kernel.org # 4.14+ +Reviewed-by: Anand Jain +Signed-off-by: Qu Wenruo +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/ioctl.c | 5 +++++ + include/uapi/linux/btrfs.h | 1 + + 2 files changed, 6 insertions(+) + +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -3702,6 +3702,11 @@ static long btrfs_ioctl_scrub(struct fil + if (IS_ERR(sa)) + return PTR_ERR(sa); + ++ if (sa->flags & ~BTRFS_SCRUB_SUPPORTED_FLAGS) { ++ ret = -EOPNOTSUPP; ++ goto out; ++ } ++ + if (!(sa->flags & BTRFS_SCRUB_READONLY)) { + ret = mnt_want_write_file(file); + if (ret) +--- a/include/uapi/linux/btrfs.h ++++ b/include/uapi/linux/btrfs.h +@@ -181,6 +181,7 @@ struct btrfs_scrub_progress { + }; + + #define BTRFS_SCRUB_READONLY 1 ++#define BTRFS_SCRUB_SUPPORTED_FLAGS (BTRFS_SCRUB_READONLY) + struct btrfs_ioctl_scrub_args { + __u64 devid; /* in */ + __u64 start; /* in */ diff --git a/queue-5.10/dm-clone-call-kmem_cache_destroy-in-dm_clone_init-error-path.patch b/queue-5.10/dm-clone-call-kmem_cache_destroy-in-dm_clone_init-error-path.patch new file mode 100644 index 00000000000..a23a43ad83d --- /dev/null +++ b/queue-5.10/dm-clone-call-kmem_cache_destroy-in-dm_clone_init-error-path.patch @@ -0,0 +1,28 @@ +From 6827af4a9a9f5bb664c42abf7c11af4978d72201 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Tue, 4 Apr 2023 11:59:00 -0400 +Subject: dm clone: call kmem_cache_destroy() in dm_clone_init() error path + +From: Mike Snitzer + +commit 6827af4a9a9f5bb664c42abf7c11af4978d72201 upstream. + +Otherwise the _hydration_cache will leak if dm_register_target() fails. + +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-clone-target.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/md/dm-clone-target.c ++++ b/drivers/md/dm-clone-target.c +@@ -2221,6 +2221,7 @@ static int __init dm_clone_init(void) + r = dm_register_target(&clone_target); + if (r < 0) { + DMERR("Failed to register clone target"); ++ kmem_cache_destroy(_hydration_cache); + return r; + } + diff --git a/queue-5.10/dm-flakey-fix-a-crash-with-invalid-table-line.patch b/queue-5.10/dm-flakey-fix-a-crash-with-invalid-table-line.patch new file mode 100644 index 00000000000..dc28c69f4f3 --- /dev/null +++ b/queue-5.10/dm-flakey-fix-a-crash-with-invalid-table-line.patch @@ -0,0 +1,37 @@ +From 98dba02d9a93eec11bffbb93c7c51624290702d2 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 18 Apr 2023 15:57:47 -0400 +Subject: dm flakey: fix a crash with invalid table line + +From: Mikulas Patocka + +commit 98dba02d9a93eec11bffbb93c7c51624290702d2 upstream. + +This command will crash with NULL pointer dereference: + dmsetup create flakey --table \ + "0 `blockdev --getsize /dev/ram0` flakey /dev/ram0 0 0 1 2 corrupt_bio_byte 512" + +Fix the crash by checking if arg_name is non-NULL before comparing it. + +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-flakey.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/md/dm-flakey.c ++++ b/drivers/md/dm-flakey.c +@@ -124,9 +124,9 @@ static int parse_features(struct dm_arg_ + * Direction r or w? + */ + arg_name = dm_shift_arg(as); +- if (!strcasecmp(arg_name, "w")) ++ if (arg_name && !strcasecmp(arg_name, "w")) + fc->corrupt_bio_rw = WRITE; +- else if (!strcasecmp(arg_name, "r")) ++ else if (arg_name && !strcasecmp(arg_name, "r")) + fc->corrupt_bio_rw = READ; + else { + ti->error = "Invalid corrupt bio direction (r or w)"; diff --git a/queue-5.10/dm-integrity-call-kmem_cache_destroy-in-dm_integrity_init-error-path.patch b/queue-5.10/dm-integrity-call-kmem_cache_destroy-in-dm_integrity_init-error-path.patch new file mode 100644 index 00000000000..3c719393b8a --- /dev/null +++ b/queue-5.10/dm-integrity-call-kmem_cache_destroy-in-dm_integrity_init-error-path.patch @@ -0,0 +1,37 @@ +From 6b79a428c02769f2a11f8ae76bf866226d134887 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Tue, 4 Apr 2023 13:34:28 -0400 +Subject: dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path + +From: Mike Snitzer + +commit 6b79a428c02769f2a11f8ae76bf866226d134887 upstream. + +Otherwise the journal_io_cache will leak if dm_register_target() fails. + +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-integrity.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -4481,11 +4481,13 @@ static int __init dm_integrity_init(void + } + + r = dm_register_target(&integrity_target); +- +- if (r < 0) ++ if (r < 0) { + DMERR("register failed %d", r); ++ kmem_cache_destroy(journal_io_cache); ++ return r; ++ } + +- return r; ++ return 0; + } + + static void __exit dm_integrity_exit(void) diff --git a/queue-5.10/dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern.patch b/queue-5.10/dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern.patch new file mode 100644 index 00000000000..383264d7b21 --- /dev/null +++ b/queue-5.10/dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern.patch @@ -0,0 +1,58 @@ +From 3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Mon, 17 Apr 2023 11:59:56 -0400 +Subject: dm ioctl: fix nested locking in table_clear() to remove deadlock concern + +From: Mike Snitzer + +commit 3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89 upstream. + +syzkaller found the following problematic rwsem locking (with write +lock already held): + + down_read+0x9d/0x450 kernel/locking/rwsem.c:1509 + dm_get_inactive_table+0x2b/0xc0 drivers/md/dm-ioctl.c:773 + __dev_status+0x4fd/0x7c0 drivers/md/dm-ioctl.c:844 + table_clear+0x197/0x280 drivers/md/dm-ioctl.c:1537 + +In table_clear, it first acquires a write lock +https://elixir.bootlin.com/linux/v6.2/source/drivers/md/dm-ioctl.c#L1520 +down_write(&_hash_lock); + +Then before the lock is released at L1539, there is a path shown above: +table_clear -> __dev_status -> dm_get_inactive_table -> down_read +https://elixir.bootlin.com/linux/v6.2/source/drivers/md/dm-ioctl.c#L773 +down_read(&_hash_lock); + +It tries to acquire the same read lock again, resulting in the deadlock +problem. + +Fix this by moving table_clear()'s __dev_status() call to after its +up_write(&_hash_lock); + +Cc: stable@vger.kernel.org +Reported-by: Zheng Zhang +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-ioctl.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/md/dm-ioctl.c ++++ b/drivers/md/dm-ioctl.c +@@ -1435,11 +1435,12 @@ static int table_clear(struct file *filp + hc->new_map = NULL; + } + +- param->flags &= ~DM_INACTIVE_PRESENT_FLAG; +- +- __dev_status(hc->md, param); + md = hc->md; + up_write(&_hash_lock); ++ ++ param->flags &= ~DM_INACTIVE_PRESENT_FLAG; ++ __dev_status(md, param); ++ + if (old_map) { + dm_sync_table(md); + dm_table_destroy(old_map); diff --git a/queue-5.10/dm-verity-fix-error-handling-for-check_at_most_once-on-fec.patch b/queue-5.10/dm-verity-fix-error-handling-for-check_at_most_once-on-fec.patch new file mode 100644 index 00000000000..eeb11416d78 --- /dev/null +++ b/queue-5.10/dm-verity-fix-error-handling-for-check_at_most_once-on-fec.patch @@ -0,0 +1,44 @@ +From e8c5d45f82ce0c238a4817739892fe8897a3dcc3 Mon Sep 17 00:00:00 2001 +From: Yeongjin Gil +Date: Mon, 20 Mar 2023 15:59:32 +0900 +Subject: dm verity: fix error handling for check_at_most_once on FEC + +From: Yeongjin Gil + +commit e8c5d45f82ce0c238a4817739892fe8897a3dcc3 upstream. + +In verity_end_io(), if bi_status is not BLK_STS_OK, it can be return +directly. But if FEC configured, it is desired to correct the data page +through verity_verify_io. And the return value will be converted to +blk_status and passed to verity_finish_io(). + +BTW, when a bit is set in v->validated_blocks, verity_verify_io() skips +verification regardless of I/O error for the corresponding bio. In this +case, the I/O error could not be returned properly, and as a result, +there is a problem that abnormal data could be read for the +corresponding block. + +To fix this problem, when an I/O error occurs, do not skip verification +even if the bit related is set in v->validated_blocks. + +Fixes: 843f38d382b1 ("dm verity: add 'check_at_most_once' option to only validate hashes once") +Cc: stable@vger.kernel.org +Reviewed-by: Sungjong Seo +Signed-off-by: Yeongjin Gil +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-verity-target.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/dm-verity-target.c ++++ b/drivers/md/dm-verity-target.c +@@ -481,7 +481,7 @@ static int verity_verify_io(struct dm_ve + sector_t cur_block = io->block + b; + struct ahash_request *req = verity_io_hash_req(v, io); + +- if (v->validated_blocks && ++ if (v->validated_blocks && bio->bi_status == BLK_STS_OK && + likely(test_bit(cur_block, v->validated_blocks))) { + verity_bv_skip_block(v, io, &io->iter); + continue; diff --git a/queue-5.10/ia64-fix-an-addr-to-taddr-in-huge_pte_offset.patch b/queue-5.10/ia64-fix-an-addr-to-taddr-in-huge_pte_offset.patch new file mode 100644 index 00000000000..ad90331f409 --- /dev/null +++ b/queue-5.10/ia64-fix-an-addr-to-taddr-in-huge_pte_offset.patch @@ -0,0 +1,36 @@ +From 3647ebcfbfca384840231fe13fae665453238a61 Mon Sep 17 00:00:00 2001 +From: Hugh Dickins +Date: Sun, 16 Apr 2023 22:17:05 -0700 +Subject: ia64: fix an addr to taddr in huge_pte_offset() + +From: Hugh Dickins + +commit 3647ebcfbfca384840231fe13fae665453238a61 upstream. + +I know nothing of ia64 htlbpage_to_page(), but guess that the p4d +line should be using taddr rather than addr, like everywhere else. + +Link: https://lkml.kernel.org/r/732eae88-3beb-246-2c72-281de786740@google.com +Fixes: c03ab9e32a2c ("ia64: add support for folded p4d page tables") +Signed-off-by: Hugh Dickins +Acked-by: Mike Rapoport (IBM) +Cc: Ard Biesheuvel +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + arch/ia64/mm/hugetlbpage.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/ia64/mm/hugetlbpage.c ++++ b/arch/ia64/mm/hugetlbpage.c +@@ -57,7 +57,7 @@ huge_pte_offset (struct mm_struct *mm, u + + pgd = pgd_offset(mm, taddr); + if (pgd_present(*pgd)) { +- p4d = p4d_offset(pgd, addr); ++ p4d = p4d_offset(pgd, taddr); + if (p4d_present(*p4d)) { + pud = pud_offset(p4d, taddr); + if (pud_present(*pud)) { diff --git a/queue-5.10/s390-dasd-fix-hanging-blockdevice-after-request-requeue.patch b/queue-5.10/s390-dasd-fix-hanging-blockdevice-after-request-requeue.patch new file mode 100644 index 00000000000..53015213849 --- /dev/null +++ b/queue-5.10/s390-dasd-fix-hanging-blockdevice-after-request-requeue.patch @@ -0,0 +1,39 @@ +From d8898ee50edecacdf0141f26fd90acf43d7e9cd7 Mon Sep 17 00:00:00 2001 +From: Stefan Haberland +Date: Wed, 5 Apr 2023 16:20:17 +0200 +Subject: s390/dasd: fix hanging blockdevice after request requeue + +From: Stefan Haberland + +commit d8898ee50edecacdf0141f26fd90acf43d7e9cd7 upstream. + +The DASD driver does not kick the requeue list when requeuing IO requests +to the blocklayer. This might lead to hanging blockdevice when there is +no other trigger for this. + +Fix by automatically kick the requeue list when requeuing DASD requests +to the blocklayer. + +Fixes: e443343e509a ("s390/dasd: blk-mq conversion") +CC: stable@vger.kernel.org # 4.14+ +Signed-off-by: Stefan Haberland +Reviewed-by: Jan Hoeppner +Reviewed-by: Halil Pasic +Link: https://lore.kernel.org/r/20230405142017.2446986-8-sth@linux.ibm.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/s390/block/dasd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/s390/block/dasd.c ++++ b/drivers/s390/block/dasd.c +@@ -3000,7 +3000,7 @@ static int _dasd_requeue_request(struct + return 0; + spin_lock_irq(&cqr->dq->lock); + req = (struct request *) cqr->callback_data; +- blk_mq_requeue_request(req, false); ++ blk_mq_requeue_request(req, true); + spin_unlock_irq(&cqr->dq->lock); + + return 0; diff --git a/queue-5.10/scripts-gdb-fix-lx-timerlist-for-python3.patch b/queue-5.10/scripts-gdb-fix-lx-timerlist-for-python3.patch new file mode 100644 index 00000000000..358a2880aa0 --- /dev/null +++ b/queue-5.10/scripts-gdb-fix-lx-timerlist-for-python3.patch @@ -0,0 +1,67 @@ +From 7362042f3556528e9e9b1eb5ce8d7a3a6331476b Mon Sep 17 00:00:00 2001 +From: Peng Liu +Date: Tue, 21 Mar 2023 14:19:29 +0800 +Subject: scripts/gdb: fix lx-timerlist for Python3 + +From: Peng Liu + +commit 7362042f3556528e9e9b1eb5ce8d7a3a6331476b upstream. + +Below incompatibilities between Python2 and Python3 made lx-timerlist fail +to run under Python3. + +o xrange() is replaced by range() in Python3 +o bytes and str are different types in Python3 +o the return value of Inferior.read_memory() is memoryview object in + Python3 + +akpm: cc stable so that older kernels are properly debuggable under newer +Python. + +Link: https://lkml.kernel.org/r/TYCP286MB2146EE1180A4D5176CBA8AB2C6819@TYCP286MB2146.JPNP286.PROD.OUTLOOK.COM +Signed-off-by: Peng Liu +Reviewed-by: Jan Kiszka +Cc: Florian Fainelli +Cc: Kieran Bingham +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + scripts/gdb/linux/timerlist.py | 4 +++- + scripts/gdb/linux/utils.py | 5 ++++- + 2 files changed, 7 insertions(+), 2 deletions(-) + +--- a/scripts/gdb/linux/timerlist.py ++++ b/scripts/gdb/linux/timerlist.py +@@ -73,7 +73,7 @@ def print_cpu(hrtimer_bases, cpu, max_cl + ts = cpus.per_cpu(tick_sched_ptr, cpu) + + text = "cpu: {}\n".format(cpu) +- for i in xrange(max_clock_bases): ++ for i in range(max_clock_bases): + text += " clock {}:\n".format(i) + text += print_base(cpu_base['clock_base'][i]) + +@@ -158,6 +158,8 @@ def pr_cpumask(mask): + num_bytes = (nr_cpu_ids + 7) / 8 + buf = utils.read_memoryview(inf, bits, num_bytes).tobytes() + buf = binascii.b2a_hex(buf) ++ if type(buf) is not str: ++ buf=buf.decode() + + chunks = [] + i = num_bytes +--- a/scripts/gdb/linux/utils.py ++++ b/scripts/gdb/linux/utils.py +@@ -89,7 +89,10 @@ def get_target_endianness(): + + + def read_memoryview(inf, start, length): +- return memoryview(inf.read_memory(start, length)) ++ m = inf.read_memory(start, length) ++ if type(m) is memoryview: ++ return m ++ return memoryview(m) + + + def read_u16(buffer, offset): diff --git a/queue-5.10/series b/queue-5.10/series index b0173d5df26..6af238c49de 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -277,3 +277,12 @@ mfd-tqmx86-add-support-for-tqmx110eb-and-tqmxe40x.patch mfd-tqmx86-specify-io-port-register-range-more-preci.patch mfd-tqmx86-correct-board-names-for-tqmxe39x.patch afs-fix-updating-of-i_size-with-dv-jump-from-server.patch +scripts-gdb-fix-lx-timerlist-for-python3.patch +btrfs-scrub-reject-unsupported-scrub-flags.patch +s390-dasd-fix-hanging-blockdevice-after-request-requeue.patch +ia64-fix-an-addr-to-taddr-in-huge_pte_offset.patch +dm-verity-fix-error-handling-for-check_at_most_once-on-fec.patch +dm-clone-call-kmem_cache_destroy-in-dm_clone_init-error-path.patch +dm-integrity-call-kmem_cache_destroy-in-dm_integrity_init-error-path.patch +dm-flakey-fix-a-crash-with-invalid-table-line.patch +dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern.patch