From 9e1ed5e7b9e429efccd782fb2a8649dc44f9a614 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Mon, 10 Apr 2023 08:34:52 -0400 Subject: [PATCH] Fixes for 6.2 Signed-off-by: Sasha Levin --- ...gd_need_part_scan-if-scan-partition-.patch | 75 ++++++++++++++ ...sure-that-block-size-is-set-correctl.patch | 51 ++++++++++ ...e-paths-in-cifs_update_super_prepath.patch | 98 +++++++++++++++++++ queue-6.2/iio-adc-ad7791-fix-irq-flags.patch | 40 ++++++++ ...ory-leak-when-removing-provided-buff.patch | 63 ++++++++++++ ...urn-value-when-removing-provided-buf.patch | 50 ++++++++++ ...vme-fix-discard-support-without-oncs.patch | 57 +++++++++++ ...e-same-task-check-in-perf_event_set_.patch | 73 ++++++++++++++ ...rf-optimize-perf_pmu_migrate_context.patch | 55 +++++++++++ ...heck-that-sock-is-valid-before-iscsi.patch | 48 +++++++++ ...fix-memory-leak-in-qla2x00_probe_one.patch | 58 +++++++++++ queue-6.2/series | 11 +++ 12 files changed, 679 insertions(+) create mode 100644 queue-6.2/block-don-t-set-gd_need_part_scan-if-scan-partition-.patch create mode 100644 queue-6.2/block-ublk-make-sure-that-block-size-is-set-correctl.patch create mode 100644 queue-6.2/cifs-sanitize-paths-in-cifs_update_super_prepath.patch create mode 100644 queue-6.2/iio-adc-ad7791-fix-irq-flags.patch create mode 100644 queue-6.2/io_uring-fix-memory-leak-when-removing-provided-buff.patch create mode 100644 queue-6.2/io_uring-fix-return-value-when-removing-provided-buf.patch create mode 100644 queue-6.2/nvme-fix-discard-support-without-oncs.patch create mode 100644 queue-6.2/perf-core-fix-the-same-task-check-in-perf_event_set_.patch create mode 100644 queue-6.2/perf-optimize-perf_pmu_migrate_context.patch create mode 100644 queue-6.2/scsi-iscsi_tcp-check-that-sock-is-valid-before-iscsi.patch create mode 100644 queue-6.2/scsi-qla2xxx-fix-memory-leak-in-qla2x00_probe_one.patch diff --git a/queue-6.2/block-don-t-set-gd_need_part_scan-if-scan-partition-.patch b/queue-6.2/block-don-t-set-gd_need_part_scan-if-scan-partition-.patch new file mode 100644 index 00000000000..aa365553913 --- /dev/null +++ b/queue-6.2/block-don-t-set-gd_need_part_scan-if-scan-partition-.patch @@ -0,0 +1,75 @@ +From 144a0b0905d519c3ecc3917d23f3e6653294608f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 22 Mar 2023 11:59:26 +0800 +Subject: block: don't set GD_NEED_PART_SCAN if scan partition failed + +From: Yu Kuai + +[ Upstream commit 3723091ea1884d599cc8b8bf719d6f42e8d4d8b1 ] + +Currently if disk_scan_partitions() failed, GD_NEED_PART_SCAN will still +set, and partition scan will be proceed again when blkdev_get_by_dev() +is called. However, this will cause a problem that re-assemble partitioned +raid device will creat partition for underlying disk. + +Test procedure: + +mdadm -CR /dev/md0 -l 1 -n 2 /dev/sda /dev/sdb -e 1.0 +sgdisk -n 0:0:+100MiB /dev/md0 +blockdev --rereadpt /dev/sda +blockdev --rereadpt /dev/sdb +mdadm -S /dev/md0 +mdadm -A /dev/md0 /dev/sda /dev/sdb + +Test result: underlying disk partition and raid partition can be +observed at the same time + +Note that this can still happen in come corner cases that +GD_NEED_PART_SCAN can be set for underlying disk while re-assemble raid +device. + +Fixes: e5cfefa97bcc ("block: fix scan partition for exclusively open device again") +Reviewed-by: Jan Kara +Reviewed-by: Ming Lei +Signed-off-by: Yu Kuai +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + block/genhd.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/block/genhd.c b/block/genhd.c +index 9c4c9aa559ab8..7082032636035 100644 +--- a/block/genhd.c ++++ b/block/genhd.c +@@ -368,7 +368,6 @@ int disk_scan_partitions(struct gendisk *disk, fmode_t mode) + if (disk->open_partitions) + return -EBUSY; + +- set_bit(GD_NEED_PART_SCAN, &disk->state); + /* + * If the device is opened exclusively by current thread already, it's + * safe to scan partitons, otherwise, use bd_prepare_to_claim() to +@@ -381,12 +380,19 @@ int disk_scan_partitions(struct gendisk *disk, fmode_t mode) + return ret; + } + ++ set_bit(GD_NEED_PART_SCAN, &disk->state); + bdev = blkdev_get_by_dev(disk_devt(disk), mode & ~FMODE_EXCL, NULL); + if (IS_ERR(bdev)) + ret = PTR_ERR(bdev); + else + blkdev_put(bdev, mode & ~FMODE_EXCL); + ++ /* ++ * If blkdev_get_by_dev() failed early, GD_NEED_PART_SCAN is still set, ++ * and this will cause that re-assemble partitioned raid device will ++ * creat partition for underlying disk. ++ */ ++ clear_bit(GD_NEED_PART_SCAN, &disk->state); + if (!(mode & FMODE_EXCL)) + bd_abort_claiming(disk->part0, disk_scan_partitions); + return ret; +-- +2.39.2 + diff --git a/queue-6.2/block-ublk-make-sure-that-block-size-is-set-correctl.patch b/queue-6.2/block-ublk-make-sure-that-block-size-is-set-correctl.patch new file mode 100644 index 00000000000..30abc0dfbbb --- /dev/null +++ b/queue-6.2/block-ublk-make-sure-that-block-size-is-set-correctl.patch @@ -0,0 +1,51 @@ +From 3bff7b9564ddb4f59dcf10542fb9f60cfb69ccba Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 Apr 2023 20:40:59 +0800 +Subject: block: ublk: make sure that block size is set correctly + +From: Ming Lei + +[ Upstream commit 1d1665279a845d16c93687389e364386e3fe0f38 ] + +block size is one very key setting for block layer, and bad block size +could panic kernel easily. + +Make sure that block size is set correctly. + +Meantime if ublk_validate_params() fails, clear ub->params so that disk +is prevented from being added. + +Fixes: 71f28f3136af ("ublk_drv: add io_uring based userspace block driver") +Reported-and-tested-by: Breno Leitao +Signed-off-by: Ming Lei +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + drivers/block/ublk_drv.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c +index 22a790d512842..341f490fdbb02 100644 +--- a/drivers/block/ublk_drv.c ++++ b/drivers/block/ublk_drv.c +@@ -233,7 +233,7 @@ static int ublk_validate_params(const struct ublk_device *ub) + if (ub->params.types & UBLK_PARAM_TYPE_BASIC) { + const struct ublk_param_basic *p = &ub->params.basic; + +- if (p->logical_bs_shift > PAGE_SHIFT) ++ if (p->logical_bs_shift > PAGE_SHIFT || p->logical_bs_shift < 9) + return -EINVAL; + + if (p->logical_bs_shift > p->physical_bs_shift) +@@ -1886,6 +1886,8 @@ static int ublk_ctrl_set_params(struct io_uring_cmd *cmd) + /* clear all we don't support yet */ + ub->params.types &= UBLK_PARAM_TYPE_ALL; + ret = ublk_validate_params(ub); ++ if (ret) ++ ub->params.types = 0; + } + mutex_unlock(&ub->mutex); + ublk_put_device(ub); +-- +2.39.2 + diff --git a/queue-6.2/cifs-sanitize-paths-in-cifs_update_super_prepath.patch b/queue-6.2/cifs-sanitize-paths-in-cifs_update_super_prepath.patch new file mode 100644 index 00000000000..394891657be --- /dev/null +++ b/queue-6.2/cifs-sanitize-paths-in-cifs_update_super_prepath.patch @@ -0,0 +1,98 @@ +From 5c9b8eb07ede32a2ba1698873c9dfee82b4925bd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 5 Apr 2023 10:16:48 -0300 +Subject: cifs: sanitize paths in cifs_update_super_prepath. + +From: Thiago Rafael Becker + +[ Upstream commit d19342c6609b67f2ba83b9eccca2777e3687f625 ] + +After a server reboot, clients are failing to move files with ENOENT. +This is caused by DFS referrals containing multiple separators, which +the server move call doesn't recognize. + +v1: Initial patch. +v2: Move prototype to header. + +Link: https://bugzilla.redhat.com/show_bug.cgi?id=2182472 +Fixes: a31080899d5f ("cifs: sanitize multiple delimiters in prepath") +Actually-Fixes: 24e0a1eff9e2 ("cifs: switch to new mount api") +Reviewed-by: Paulo Alcantara (SUSE) +Signed-off-by: Thiago Rafael Becker +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/fs_context.c | 13 +++++++------ + fs/cifs/fs_context.h | 3 +++ + fs/cifs/misc.c | 2 +- + 3 files changed, 11 insertions(+), 7 deletions(-) + +diff --git a/fs/cifs/fs_context.c b/fs/cifs/fs_context.c +index 6d13f8207e96a..ace11a1a7c8ab 100644 +--- a/fs/cifs/fs_context.c ++++ b/fs/cifs/fs_context.c +@@ -441,13 +441,14 @@ int smb3_parse_opt(const char *options, const char *key, char **val) + * but there are some bugs that prevent rename from working if there are + * multiple delimiters. + * +- * Returns a sanitized duplicate of @path. The caller is responsible for +- * cleaning up the original. ++ * Returns a sanitized duplicate of @path. @gfp indicates the GFP_* flags ++ * for kstrdup. ++ * The caller is responsible for freeing the original. + */ + #define IS_DELIM(c) ((c) == '/' || (c) == '\\') +-static char *sanitize_path(char *path) ++char *cifs_sanitize_prepath(char *prepath, gfp_t gfp) + { +- char *cursor1 = path, *cursor2 = path; ++ char *cursor1 = prepath, *cursor2 = prepath; + + /* skip all prepended delimiters */ + while (IS_DELIM(*cursor1)) +@@ -469,7 +470,7 @@ static char *sanitize_path(char *path) + cursor2--; + + *(cursor2) = '\0'; +- return kstrdup(path, GFP_KERNEL); ++ return kstrdup(prepath, gfp); + } + + /* +@@ -531,7 +532,7 @@ smb3_parse_devname(const char *devname, struct smb3_fs_context *ctx) + if (!*pos) + return 0; + +- ctx->prepath = sanitize_path(pos); ++ ctx->prepath = cifs_sanitize_prepath(pos, GFP_KERNEL); + if (!ctx->prepath) + return -ENOMEM; + +diff --git a/fs/cifs/fs_context.h b/fs/cifs/fs_context.h +index 3de00e7127ec4..f4eaf85589022 100644 +--- a/fs/cifs/fs_context.h ++++ b/fs/cifs/fs_context.h +@@ -287,4 +287,7 @@ extern void smb3_update_mnt_flags(struct cifs_sb_info *cifs_sb); + */ + #define SMB3_MAX_DCLOSETIMEO (1 << 30) + #define SMB3_DEF_DCLOSETIMEO (1 * HZ) /* even 1 sec enough to help eg open/write/close/open/read */ ++ ++extern char *cifs_sanitize_prepath(char *prepath, gfp_t gfp); ++ + #endif +diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c +index 5542893ef03f7..2fae6b08314d9 100644 +--- a/fs/cifs/misc.c ++++ b/fs/cifs/misc.c +@@ -1297,7 +1297,7 @@ int cifs_update_super_prepath(struct cifs_sb_info *cifs_sb, char *prefix) + kfree(cifs_sb->prepath); + + if (prefix && *prefix) { +- cifs_sb->prepath = kstrdup(prefix, GFP_ATOMIC); ++ cifs_sb->prepath = cifs_sanitize_prepath(prefix, GFP_ATOMIC); + if (!cifs_sb->prepath) + return -ENOMEM; + +-- +2.39.2 + diff --git a/queue-6.2/iio-adc-ad7791-fix-irq-flags.patch b/queue-6.2/iio-adc-ad7791-fix-irq-flags.patch new file mode 100644 index 00000000000..89f940fd559 --- /dev/null +++ b/queue-6.2/iio-adc-ad7791-fix-irq-flags.patch @@ -0,0 +1,40 @@ +From 945773f3f905cb41aef6284e84ff9ecbf740adf2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 20 Jan 2023 13:46:45 +0100 +Subject: iio: adc: ad7791: fix IRQ flags +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Nuno Sá + +[ Upstream commit 0c6ef985a1fd8a74dcb5cad941ddcadd55cb8697 ] + +The interrupt is triggered on the falling edge rather than being a level +low interrupt. + +Fixes: da4d3d6bb9f6 ("iio: adc: ad-sigma-delta: Allow custom IRQ flags") +Signed-off-by: Nuno Sá +Link: https://lore.kernel.org/r/20230120124645.819910-1-nuno.sa@analog.com +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/adc/ad7791.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/ad7791.c b/drivers/iio/adc/ad7791.c +index fee8d129a5f08..86effe8501b44 100644 +--- a/drivers/iio/adc/ad7791.c ++++ b/drivers/iio/adc/ad7791.c +@@ -253,7 +253,7 @@ static const struct ad_sigma_delta_info ad7791_sigma_delta_info = { + .has_registers = true, + .addr_shift = 4, + .read_mask = BIT(3), +- .irq_flags = IRQF_TRIGGER_LOW, ++ .irq_flags = IRQF_TRIGGER_FALLING, + }; + + static int ad7791_read_raw(struct iio_dev *indio_dev, +-- +2.39.2 + diff --git a/queue-6.2/io_uring-fix-memory-leak-when-removing-provided-buff.patch b/queue-6.2/io_uring-fix-memory-leak-when-removing-provided-buff.patch new file mode 100644 index 00000000000..e5263f30353 --- /dev/null +++ b/queue-6.2/io_uring-fix-memory-leak-when-removing-provided-buff.patch @@ -0,0 +1,63 @@ +From 0ed00dcb0c795efc0722ccd715affe4370038f66 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 1 Apr 2023 20:50:39 +0100 +Subject: io_uring: fix memory leak when removing provided buffers + +From: Wojciech Lukowicz + +[ Upstream commit b4a72c0589fdea6259720375426179888969d6a2 ] + +When removing provided buffers, io_buffer structs are not being disposed +of, leading to a memory leak. They can't be freed individually, because +they are allocated in page-sized groups. They need to be added to some +free list instead, such as io_buffers_cache. All callers already hold +the lock protecting it, apart from when destroying buffers, so had to +extend the lock there. + +Fixes: cc3cec8367cb ("io_uring: speedup provided buffer handling") +Signed-off-by: Wojciech Lukowicz +Link: https://lore.kernel.org/r/20230401195039.404909-2-wlukowicz01@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + io_uring/io_uring.c | 2 +- + io_uring/kbuf.c | 5 ++++- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c +index a4e9dbc7b67a8..add5cff7952c5 100644 +--- a/io_uring/io_uring.c ++++ b/io_uring/io_uring.c +@@ -2722,8 +2722,8 @@ static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx) + io_eventfd_unregister(ctx); + io_alloc_cache_free(&ctx->apoll_cache, io_apoll_cache_free); + io_alloc_cache_free(&ctx->netmsg_cache, io_netmsg_cache_free); +- mutex_unlock(&ctx->uring_lock); + io_destroy_buffers(ctx); ++ mutex_unlock(&ctx->uring_lock); + if (ctx->sq_creds) + put_cred(ctx->sq_creds); + if (ctx->submitter_task) +diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c +index 0fdcc0adbdbcc..a90c820ce99e1 100644 +--- a/io_uring/kbuf.c ++++ b/io_uring/kbuf.c +@@ -228,11 +228,14 @@ static int __io_remove_buffers(struct io_ring_ctx *ctx, + return i; + } + ++ /* protects io_buffers_cache */ ++ lockdep_assert_held(&ctx->uring_lock); ++ + while (!list_empty(&bl->buf_list)) { + struct io_buffer *nxt; + + nxt = list_first_entry(&bl->buf_list, struct io_buffer, list); +- list_del(&nxt->list); ++ list_move(&nxt->list, &ctx->io_buffers_cache); + if (++i == nbufs) + return i; + cond_resched(); +-- +2.39.2 + diff --git a/queue-6.2/io_uring-fix-return-value-when-removing-provided-buf.patch b/queue-6.2/io_uring-fix-return-value-when-removing-provided-buf.patch new file mode 100644 index 00000000000..b24ccbbc041 --- /dev/null +++ b/queue-6.2/io_uring-fix-return-value-when-removing-provided-buf.patch @@ -0,0 +1,50 @@ +From 1178eb563633769ee3789faceb33d3c9254fb859 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 1 Apr 2023 20:50:38 +0100 +Subject: io_uring: fix return value when removing provided buffers + +From: Wojciech Lukowicz + +[ Upstream commit c0921e51dab767ef5adf6175c4a0ba3c6e1074a3 ] + +When a request to remove buffers is submitted, and the given number to be +removed is larger than available in the specified buffer group, the +resulting CQE result will be the number of removed buffers + 1, which is +1 more than it should be. + +Previously, the head was part of the list and it got removed after the +loop, so the increment was needed. Now, the head is not an element of +the list, so the increment shouldn't be there anymore. + +Fixes: dbc7d452e7cf ("io_uring: manage provided buffers strictly ordered") +Signed-off-by: Wojciech Lukowicz +Link: https://lore.kernel.org/r/20230401195039.404909-2-wlukowicz01@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + io_uring/kbuf.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c +index 3002dc8271959..0fdcc0adbdbcc 100644 +--- a/io_uring/kbuf.c ++++ b/io_uring/kbuf.c +@@ -228,7 +228,6 @@ static int __io_remove_buffers(struct io_ring_ctx *ctx, + return i; + } + +- /* the head kbuf is the list itself */ + while (!list_empty(&bl->buf_list)) { + struct io_buffer *nxt; + +@@ -238,7 +237,6 @@ static int __io_remove_buffers(struct io_ring_ctx *ctx, + return i; + cond_resched(); + } +- i++; + + return i; + } +-- +2.39.2 + diff --git a/queue-6.2/nvme-fix-discard-support-without-oncs.patch b/queue-6.2/nvme-fix-discard-support-without-oncs.patch new file mode 100644 index 00000000000..cc64497aef9 --- /dev/null +++ b/queue-6.2/nvme-fix-discard-support-without-oncs.patch @@ -0,0 +1,57 @@ +From d867fed2083361a158a1b7340f6b21ff7fd58caa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 3 Apr 2023 13:09:25 -0700 +Subject: nvme: fix discard support without oncs + +From: Keith Busch + +[ Upstream commit d3205ab75e99a47539ec91ef85ba488f4ddfeaa9 ] + +The device can report discard support without setting the ONCS DSM bit. +When not set, the driver clears max_discard_size expecting it to be set +later. We don't know the size until we have the namespace format, +though, so setting it is deferred until configuring one, but the driver +was abandoning the discard settings due to that initial clearing. + +Move the max_discard_size calculation above the check for a '0' discard +size. + +Fixes: 1a86924e4f46475 ("nvme: fix interpretation of DMRSL") +Reported-by: Laurence Oberman +Signed-off-by: Keith Busch +Reviewed-by: Niklas Cassel +Reviewed-by: Sagi Grimberg +Tested-by: Laurence Oberman +Signed-off-by: Christoph Hellwig +Signed-off-by: Sasha Levin +--- + drivers/nvme/host/core.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c +index 70b5e891f6b3b..ee1b075d12cfc 100644 +--- a/drivers/nvme/host/core.c ++++ b/drivers/nvme/host/core.c +@@ -1717,6 +1717,9 @@ static void nvme_config_discard(struct gendisk *disk, struct nvme_ns *ns) + struct request_queue *queue = disk->queue; + u32 size = queue_logical_block_size(queue); + ++ if (ctrl->dmrsl && ctrl->dmrsl <= nvme_sect_to_lba(ns, UINT_MAX)) ++ ctrl->max_discard_sectors = nvme_lba_to_sect(ns, ctrl->dmrsl); ++ + if (ctrl->max_discard_sectors == 0) { + blk_queue_max_discard_sectors(queue, 0); + return; +@@ -1731,9 +1734,6 @@ static void nvme_config_discard(struct gendisk *disk, struct nvme_ns *ns) + if (queue->limits.max_discard_sectors) + return; + +- if (ctrl->dmrsl && ctrl->dmrsl <= nvme_sect_to_lba(ns, UINT_MAX)) +- ctrl->max_discard_sectors = nvme_lba_to_sect(ns, ctrl->dmrsl); +- + blk_queue_max_discard_sectors(queue, ctrl->max_discard_sectors); + blk_queue_max_discard_segments(queue, ctrl->max_discard_segments); + +-- +2.39.2 + diff --git a/queue-6.2/perf-core-fix-the-same-task-check-in-perf_event_set_.patch b/queue-6.2/perf-core-fix-the-same-task-check-in-perf_event_set_.patch new file mode 100644 index 00000000000..f4d13c71c29 --- /dev/null +++ b/queue-6.2/perf-core-fix-the-same-task-check-in-perf_event_set_.patch @@ -0,0 +1,73 @@ +From 080a36991cb793bcbeeb6807510648f780414ef6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 22 Mar 2023 13:24:49 -0700 +Subject: perf/core: Fix the same task check in perf_event_set_output +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Kan Liang + +[ Upstream commit 24d3ae2f37d8bc3c14b31d353c5d27baf582b6a6 ] + +The same task check in perf_event_set_output has some potential issues +for some usages. + +For the current perf code, there is a problem if using of +perf_event_open() to have multiple samples getting into the same mmap’d +memory when they are both attached to the same process. +https://lore.kernel.org/all/92645262-D319-4068-9C44-2409EF44888E@gmail.com/ +Because the event->ctx is not ready when the perf_event_set_output() is +invoked in the perf_event_open(). + +Besides the above issue, before the commit bd2756811766 ("perf: Rewrite +core context handling"), perf record can errors out when sampling with +a hardware event and a software event as below. + $ perf record -e cycles,dummy --per-thread ls + failed to mmap with 22 (Invalid argument) +That's because that prior to the commit a hardware event and a software +event are from different task context. + +The problem should be a long time issue since commit c3f00c70276d +("perk: Separate find_get_context() from event initialization"). + +The task struct is stored in the event->hw.target for each per-thread +event. It is a more reliable way to determine whether two events are +attached to the same task. + +The event->hw.target was also introduced several years ago by the +commit 50f16a8bf9d7 ("perf: Remove type specific target pointers"). It +can not only be used to fix the issue with the current code, but also +back port to fix the issues with an older kernel. + +Note: The event->hw.target was introduced later than commit +c3f00c70276d. The patch may cannot be applied between the commit +c3f00c70276d and commit 50f16a8bf9d7. Anybody that wants to back-port +this at that period may have to find other solutions. + +Fixes: c3f00c70276d ("perf: Separate find_get_context() from event initialization") +Signed-off-by: Kan Liang +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Zhengjun Xing +Link: https://lkml.kernel.org/r/20230322202449.512091-1-kan.liang@linux.intel.com +Signed-off-by: Sasha Levin +--- + kernel/events/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index 4b3205f6bed5e..daecb8c9126b0 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -12155,7 +12155,7 @@ perf_event_set_output(struct perf_event *event, struct perf_event *output_event) + /* + * If its not a per-cpu rb, it must be the same task. + */ +- if (output_event->cpu == -1 && output_event->ctx != event->ctx) ++ if (output_event->cpu == -1 && output_event->hw.target != event->hw.target) + goto out; + + /* +-- +2.39.2 + diff --git a/queue-6.2/perf-optimize-perf_pmu_migrate_context.patch b/queue-6.2/perf-optimize-perf_pmu_migrate_context.patch new file mode 100644 index 00000000000..7151d93f7e6 --- /dev/null +++ b/queue-6.2/perf-optimize-perf_pmu_migrate_context.patch @@ -0,0 +1,55 @@ +From 24a51b8ceb8373226899a73bebc5be99d14b18d6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 3 Apr 2023 11:08:58 +0200 +Subject: perf: Optimize perf_pmu_migrate_context() + +From: Peter Zijlstra + +[ Upstream commit b168098912926236bbeebaf7795eb7aab76d2b45 ] + +Thomas reported that offlining CPUs spends a lot of time in +synchronize_rcu() as called from perf_pmu_migrate_context() even though +he's not actually using uncore events. + +Turns out, the thing is unconditionally waiting for RCU, even if there's +no actual events to migrate. + +Fixes: 0cda4c023132 ("perf: Introduce perf_pmu_migrate_context()") +Reported-by: Thomas Gleixner +Signed-off-by: Peter Zijlstra (Intel) +Tested-by: Thomas Gleixner +Reviewed-by: Thomas Gleixner +Reviewed-by: Paul E. McKenney +Link: https://lkml.kernel.org/r/20230403090858.GT4253@hirez.programming.kicks-ass.net +Signed-off-by: Sasha Levin +--- + kernel/events/core.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index fad170b475921..4b3205f6bed5e 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -12875,12 +12875,14 @@ void perf_pmu_migrate_context(struct pmu *pmu, int src_cpu, int dst_cpu) + __perf_pmu_remove(src_ctx, src_cpu, pmu, &src_ctx->pinned_groups, &events); + __perf_pmu_remove(src_ctx, src_cpu, pmu, &src_ctx->flexible_groups, &events); + +- /* +- * Wait for the events to quiesce before re-instating them. +- */ +- synchronize_rcu(); ++ if (!list_empty(&events)) { ++ /* ++ * Wait for the events to quiesce before re-instating them. ++ */ ++ synchronize_rcu(); + +- __perf_pmu_install(dst_ctx, dst_cpu, pmu, &events); ++ __perf_pmu_install(dst_ctx, dst_cpu, pmu, &events); ++ } + + mutex_unlock(&dst_ctx->mutex); + mutex_unlock(&src_ctx->mutex); +-- +2.39.2 + diff --git a/queue-6.2/scsi-iscsi_tcp-check-that-sock-is-valid-before-iscsi.patch b/queue-6.2/scsi-iscsi_tcp-check-that-sock-is-valid-before-iscsi.patch new file mode 100644 index 00000000000..384bd61d84c --- /dev/null +++ b/queue-6.2/scsi-iscsi_tcp-check-that-sock-is-valid-before-iscsi.patch @@ -0,0 +1,48 @@ +From bbfcd189c0c6df3a212c53c3ffbfa6a1bc5336e6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 29 Mar 2023 15:17:39 +0800 +Subject: scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() + +From: Zhong Jinghua + +[ Upstream commit 48b19b79cfa37b1e50da3b5a8af529f994c08901 ] + +The validity of sock should be checked before assignment to avoid incorrect +values. Commit 57569c37f0ad ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref +while calling getpeername()") introduced this change which may lead to +inconsistent values of tcp_sw_conn->sendpage and conn->datadgst_en. + +Fix the issue by moving the position of the assignment. + +Fixes: 57569c37f0ad ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()") +Signed-off-by: Zhong Jinghua +Link: https://lore.kernel.org/r/20230329071739.2175268-1-zhongjinghua@huaweicloud.com +Reviewed-by: Mike Christie +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/iscsi_tcp.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c +index 0454d94e8cf0d..e7a6fc01d9ca8 100644 +--- a/drivers/scsi/iscsi_tcp.c ++++ b/drivers/scsi/iscsi_tcp.c +@@ -768,13 +768,12 @@ static int iscsi_sw_tcp_conn_set_param(struct iscsi_cls_conn *cls_conn, + iscsi_set_param(cls_conn, param, buf, buflen); + break; + case ISCSI_PARAM_DATADGST_EN: +- iscsi_set_param(cls_conn, param, buf, buflen); +- + mutex_lock(&tcp_sw_conn->sock_lock); + if (!tcp_sw_conn->sock) { + mutex_unlock(&tcp_sw_conn->sock_lock); + return -ENOTCONN; + } ++ iscsi_set_param(cls_conn, param, buf, buflen); + tcp_sw_conn->sendpage = conn->datadgst_en ? + sock_no_sendpage : tcp_sw_conn->sock->ops->sendpage; + mutex_unlock(&tcp_sw_conn->sock_lock); +-- +2.39.2 + diff --git a/queue-6.2/scsi-qla2xxx-fix-memory-leak-in-qla2x00_probe_one.patch b/queue-6.2/scsi-qla2xxx-fix-memory-leak-in-qla2x00_probe_one.patch new file mode 100644 index 00000000000..71de7de07a7 --- /dev/null +++ b/queue-6.2/scsi-qla2xxx-fix-memory-leak-in-qla2x00_probe_one.patch @@ -0,0 +1,58 @@ +From ff6af1b0f9cd174d28c05e68258f9623cc865b3c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 25 Mar 2023 11:00:04 +0000 +Subject: scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() + +From: Li Zetao + +[ Upstream commit 85ade4010e13ef152ea925c74d94253db92e5428 ] + +There is a memory leak reported by kmemleak: + + unreferenced object 0xffffc900003f0000 (size 12288): + comm "modprobe", pid 19117, jiffies 4299751452 (age 42490.264s) + hex dump (first 32 bytes): + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [<00000000629261a8>] __vmalloc_node_range+0xe56/0x1110 + [<0000000001906886>] __vmalloc_node+0xbd/0x150 + [<000000005bb4dc34>] vmalloc+0x25/0x30 + [<00000000a2dc1194>] qla2x00_create_host+0x7a0/0xe30 [qla2xxx] + [<0000000062b14b47>] qla2x00_probe_one+0x2eb8/0xd160 [qla2xxx] + [<00000000641ccc04>] local_pci_probe+0xeb/0x1a0 + +The root cause is traced to an error-handling path in qla2x00_probe_one() +when the adapter "base_vha" initialize failed. The fab_scan_rp "scan.l" is +used to record the port information and it is allocated in +qla2x00_create_host(). However, it is not released in the error handling +path "probe_failed". + +Fix this by freeing the memory of "scan.l" when an error occurs in the +adapter initialization process. + +Fixes: a4239945b8ad ("scsi: qla2xxx: Add switch command to simplify fabric discovery") +Signed-off-by: Li Zetao +Link: https://lore.kernel.org/r/20230325110004.363898-1-lizetao1@huawei.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/qla2xxx/qla_os.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index 02913cc75195b..901c5c8035ef2 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -3607,6 +3607,7 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) + probe_failed: + qla_enode_stop(base_vha); + qla_edb_stop(base_vha); ++ vfree(base_vha->scan.l); + if (base_vha->gnl.l) { + dma_free_coherent(&ha->pdev->dev, base_vha->gnl.size, + base_vha->gnl.l, base_vha->gnl.ldma); +-- +2.39.2 + diff --git a/queue-6.2/series b/queue-6.2/series index e393d10fc13..26d8df727ae 100644 --- a/queue-6.2/series +++ b/queue-6.2/series @@ -94,3 +94,14 @@ ksmbd-do-not-call-kvmalloc-with-__gfp_noretry-__gfp_no_warn.patch ksmbd-fix-slab-out-of-bounds-in-init_smb2_rsp_hdr.patch alsa-hda-realtek-add-quirk-for-clevo-x370snw.patch alsa-hda-realtek-fix-mute-micmute-leds-for-a-hp-probook.patch +iio-adc-ad7791-fix-irq-flags.patch +io_uring-fix-return-value-when-removing-provided-buf.patch +io_uring-fix-memory-leak-when-removing-provided-buff.patch +scsi-qla2xxx-fix-memory-leak-in-qla2x00_probe_one.patch +scsi-iscsi_tcp-check-that-sock-is-valid-before-iscsi.patch +nvme-fix-discard-support-without-oncs.patch +cifs-sanitize-paths-in-cifs_update_super_prepath.patch +block-ublk-make-sure-that-block-size-is-set-correctl.patch +block-don-t-set-gd_need_part_scan-if-scan-partition-.patch +perf-optimize-perf_pmu_migrate_context.patch +perf-core-fix-the-same-task-check-in-perf_event_set_.patch -- 2.47.2