-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kernel Update ST v5.15.145 #26
Kernel Update ST v5.15.145 #26
Commits on Dec 20, 2023
-
bcache: add code comments for bch_btree_node_get() and __bch_btree_no…
…de_alloc() [ Upstream commit 31f5b95 ] This patch adds code comments to bch_btree_node_get() and __bch_btree_node_alloc() that NULL pointer will not be returned and it is unnecessary to check NULL pointer by the callers of these routines. Signed-off-by: Coly Li <colyli@suse.de> Link: https://lore.kernel.org/r/20231120052503.6122-10-colyli@suse.de Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>
Configuration menu - View commit details
-
Copy full SHA for f891bbf - Browse repository at this point
Copy the full SHA f891bbfView commit details -
bcache: avoid NULL checking to c->root in run_cache_set()
[ Upstream commit 3eba5e0 ] In run_cache_set() after c->root returned from bch_btree_node_get(), it is checked by IS_ERR_OR_NULL(). Indeed it is unncessary to check NULL because bch_btree_node_get() will not return NULL pointer to caller. This patch replaces IS_ERR_OR_NULL() by IS_ERR() for the above reason. Signed-off-by: Coly Li <colyli@suse.de> Link: https://lore.kernel.org/r/20231120052503.6122-11-colyli@suse.de Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>
Configuration menu - View commit details
-
Copy full SHA for 7020385 - Browse repository at this point
Copy the full SHA 7020385View commit details -
platform/x86: intel_telemetry: Fix kernel doc descriptions
[ Upstream commit a658471 ] LKP found issues with a kernel doc in the driver: core.c:116: warning: Function parameter or member 'ioss_evtconfig' not described in 'telemetry_update_events' core.c:188: warning: Function parameter or member 'ioss_evtconfig' not described in 'telemetry_get_eventconfig' It looks like it were copy'n'paste typos when these descriptions had been introduced. Fix the typos. Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202310070743.WALmRGSY-lkp@intel.com/ Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/20231120150756.1661425-1-andriy.shevchenko@linux.intel.com Reviewed-by: Rajneesh Bhardwaj <irenic.rajneesh@gmail.com> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
Configuration menu - View commit details
-
Copy full SHA for 23b0853 - Browse repository at this point
Copy the full SHA 23b0853View commit details -
HID: glorious: fix Glorious Model I HID report
[ Upstream commit a5e913c ] The Glorious Model I mouse has a buggy HID report descriptor for its keyboard endpoint (used for programmable buttons). For report ID 2, there is a mismatch between Logical Minimum and Usage Minimum in the array that reports keycodes. The offending portion of the descriptor: (from hid-decode) 0x95, 0x05, // Report Count (5) 30 0x75, 0x08, // Report Size (8) 32 0x15, 0x00, // Logical Minimum (0) 34 0x25, 0x65, // Logical Maximum (101) 36 0x05, 0x07, // Usage Page (Keyboard) 38 0x19, 0x01, // Usage Minimum (1) 40 0x29, 0x65, // Usage Maximum (101) 42 0x81, 0x00, // Input (Data,Arr,Abs) 44 This bug shifts all programmed keycodes up by 1. Importantly, this causes "empty" array indexes of 0x00 to be interpreted as 0x01, ErrorRollOver. The presence of ErrorRollOver causes the system to ignore all keypresses from the endpoint and breaks the ability to use the programmable buttons. Setting byte 41 to 0x00 fixes this, and causes keycodes to be interpreted correctly. Also, USB_VENDOR_ID_GLORIOUS is changed to USB_VENDOR_ID_SINOWEALTH, and a new ID for Laview Technology is added. Glorious seems to be white-labeling controller boards or mice from these vendors. There isn't a single canonical vendor ID for Glorious products. Signed-off-by: Brett Raye <braye@fastmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Sasha Levin <sashal@kernel.org>
Configuration menu - View commit details
-
Copy full SHA for 61fc877 - Browse repository at this point
Copy the full SHA 61fc877View commit details -
HID: add ALWAYS_POLL quirk for Apple kb
[ Upstream commit c550921 ] These devices disconnect if suspended without remote wakeup. They can operate with the standard driver. Signed-off-by: Oliver Neukum <oneukum@suse.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Sasha Levin <sashal@kernel.org>
Configuration menu - View commit details
-
Copy full SHA for 9f093e1 - Browse repository at this point
Copy the full SHA 9f093e1View commit details -
HID: hid-asus: reset the backlight brightness level on resume
[ Upstream commit 546edbd ] Some devices managed by this driver automatically set brightness to 0 before entering a suspended state and reset it back to a default brightness level after the resume: this has the effect of having the kernel report wrong brightness status after a sleep, and on some devices (like the Asus RC71L) that brightness is the intensity of LEDs directly facing the user. Fix the above issue by setting back brightness to the level it had before entering a sleep state. Signed-off-by: Denis Benato <benato.denis96@gmail.com> Signed-off-by: Luke D. Jones <luke@ljones.dev> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Sasha Levin <sashal@kernel.org>
Configuration menu - View commit details
-
Copy full SHA for 41759fa - Browse repository at this point
Copy the full SHA 41759faView commit details -
HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad
[ Upstream commit 9ffccb6 ] Honor MagicBook 13 2023 has a touchpad which do not switch to the multitouch mode until the input mode feature is written by the host. The touchpad do report the input mode at touchpad(3), while itself working under mouse mode. As a workaround, it is possible to call MT_QUIRE_FORCE_GET_FEATURE to force set feature in mt_set_input_mode for such device. The touchpad reports as BLTP7853, which cannot retrive any useful manufacture information on the internel by this string at present. As the serial number of the laptop is GLO-G52, while DMI info reports the laptop serial number as GLO-GXXX, this workaround should applied to all models which has the GLO-GXXX. Signed-off-by: Aoba K <nexp_0x17@outlook.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Sasha Levin <sashal@kernel.org>
Configuration menu - View commit details
-
Copy full SHA for 0a3f27d - Browse repository at this point
Copy the full SHA 0a3f27dView commit details -
asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation
[ Upstream commit 125b0bb ] We really don't want to do atomic_read() or anything like that, since we already have the value, not the lock. The whole point of this is that we've loaded the lock from memory, and we want to check whether the value we loaded was a locked one or not. The main use of this is the lockref code, which loads both the lock and the reference count in one atomic operation, and then works on that combined value. With the atomic_read(), the compiler would pointlessly spill the value to the stack, in order to then be able to read it back "atomically". This is the qspinlock version of commit c6f4a90 ("asm-generic: ticket-lock: Optimize arch_spin_value_unlocked()") which fixed this same bug for ticket locks. Cc: Guo Ren <guoren@kernel.org> Cc: Ingo Molnar <mingo@kernel.org> Cc: Waiman Long <longman@redhat.com> Link: https://lore.kernel.org/all/CAHk-=whNRv0v6kQiV5QO6DJhjH4KEL36vWQ6Re8Csrnh4zbRkQ@mail.gmail.com/ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
Configuration menu - View commit details
-
Copy full SHA for ca15561 - Browse repository at this point
Copy the full SHA ca15561View commit details -
net: usb: qmi_wwan: claim interface 4 for ZTE MF290
[ Upstream commit 99360d9 ] Interface 4 is used by for QMI interface in stock firmware of MF28D, the router which uses MF290 modem. Rebind it to qmi_wwan after freeing it up from option driver. The proper configuration is: Interface mapping is: 0: QCDM, 1: (unknown), 2: AT (PCUI), 2: AT (Modem), 4: QMI T: Bus=01 Lev=02 Prnt=02 Port=00 Cnt=01 Dev#= 4 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=19d2 ProdID=0189 Rev= 0.00 S: Manufacturer=ZTE, Incorporated S: Product=ZTE LTE Technologies MSM C:* #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=84(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=86(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms Cc: Bjørn Mork <bjorn@mork.no> Signed-off-by: Lech Perczak <lech.perczak@gmail.com> Link: https://lore.kernel.org/r/20231117231918.100278-3-lech.perczak@gmail.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
Configuration menu - View commit details
-
Copy full SHA for 11c17f4 - Browse repository at this point
Copy the full SHA 11c17f4View commit details -
HID: hid-asus: add const to read-only outgoing usb buffer
[ Upstream commit 06ae5af ] In the function asus_kbd_set_report the parameter buf is read-only as it gets copied in a memory portion suitable for USB transfer, but the parameter is not marked as const: add the missing const and mark const immutable buffers passed to that function. Signed-off-by: Denis Benato <benato.denis96@gmail.com> Signed-off-by: Luke D. Jones <luke@ljones.dev> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Sasha Levin <sashal@kernel.org>
Configuration menu - View commit details
-
Copy full SHA for 27714a2 - Browse repository at this point
Copy the full SHA 27714a2View commit details -
perf: Fix perf_event_validate_size() lockdep splat
commit 7e2c1e4 upstream. When lockdep is enabled, the for_each_sibling_event(sibling, event) macro checks that event->ctx->mutex is held. When creating a new group leader event, we call perf_event_validate_size() on a partially initialized event where event->ctx is NULL, and so when for_each_sibling_event() attempts to check event->ctx->mutex, we get a splat, as reported by Lucas De Marchi: WARNING: CPU: 8 PID: 1471 at kernel/events/core.c:1950 __do_sys_perf_event_open+0xf37/0x1080 This only happens for a new event which is its own group_leader, and in this case there cannot be any sibling events. Thus it's safe to skip the check for siblings, which avoids having to make invasive and ugly changes to for_each_sibling_event(). Avoid the splat by bailing out early when the new event is its own group_leader. Fixes: 382c27f ("perf: Fix perf_event_validate_size()") Closes: https://lore.kernel.org/lkml/20231214000620.3081018-1-lucas.demarchi@intel.com/ Closes: https://lore.kernel.org/lkml/ZXpm6gQ%2Fd59jGsuW@xpf.sh.intel.com/ Reported-by: Lucas De Marchi <lucas.demarchi@intel.com> Reported-by: Pengfei Xu <pengfei.xu@intel.com> Signed-off-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20231215112450.3972309-1-mark.rutland@arm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 7b427d8 - Browse repository at this point
Copy the full SHA 7b427d8View commit details -
btrfs: do not allow non subvolume root targets for snapshot
commit a8892fd upstream. Our btrfs subvolume snapshot <source> <destination> utility enforces that <source> is the root of the subvolume, however this isn't enforced in the kernel. Update the kernel to also enforce this limitation to avoid problems with other users of this ioctl that don't have the appropriate checks in place. Reported-by: Martin Michaelis <code@mgjm.de> CC: stable@vger.kernel.org # 4.14+ Reviewed-by: Neal Gompa <neal@gompa.dev> Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 5a95499 - Browse repository at this point
Copy the full SHA 5a95499View commit details -
soundwire: stream: fix NULL pointer dereference for multi_link
commit e199bf5 upstream. If bus is marked as multi_link, but number of masters in the stream is not higher than bus->hw_sync_min_links (bus->multi_link && m_rt_count >= bus->hw_sync_min_links), bank switching should not happen. The first part of do_bank_switch() code properly takes these conditions into account, but second part (sdw_ml_sync_bank_switch()) relies purely on bus->multi_link property. This is not balanced and leads to NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ... Call trace: wait_for_completion_timeout+0x124/0x1f0 do_bank_switch+0x370/0x6f8 sdw_prepare_stream+0x2d0/0x438 qcom_snd_sdw_prepare+0xa0/0x118 sm8450_snd_prepare+0x128/0x148 snd_soc_link_prepare+0x5c/0xe8 __soc_pcm_prepare+0x28/0x1ec dpcm_be_dai_prepare+0x1e0/0x2c0 dpcm_fe_dai_prepare+0x108/0x28c snd_pcm_do_prepare+0x44/0x68 snd_pcm_action_single+0x54/0xc0 snd_pcm_action_nonatomic+0xe4/0xec snd_pcm_prepare+0xc4/0x114 snd_pcm_common_ioctl+0x1154/0x1cc0 snd_pcm_ioctl+0x54/0x74 Fixes: ce6e74d ("soundwire: Add support for multi link bank switch") Cc: stable@vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com> Link: https://lore.kernel.org/r/20231124180136.390621-1-krzysztof.kozlowski@linaro.org Signed-off-by: Vinod Koul <vkoul@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 1a4da77 - Browse repository at this point
Copy the full SHA 1a4da77View commit details -
ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS
commit 2dcf5fd upstream. For files with logical blocks close to EXT_MAX_BLOCKS, the file size predicted in ext4_mb_normalize_request() may exceed EXT_MAX_BLOCKS. This can cause some blocks to be preallocated that will not be used. And after [Fixes], the following issue may be triggered: ========================================================= kernel BUG at fs/ext4/mballoc.c:4653! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 1 PID: 2357 Comm: xfs_io 6.7.0-rc2-00195-g0f5cc96c367f Hardware name: linux,dummy-virt (DT) pc : ext4_mb_use_inode_pa+0x148/0x208 lr : ext4_mb_use_inode_pa+0x98/0x208 Call trace: ext4_mb_use_inode_pa+0x148/0x208 ext4_mb_new_inode_pa+0x240/0x4a8 ext4_mb_use_best_found+0x1d4/0x208 ext4_mb_try_best_found+0xc8/0x110 ext4_mb_regular_allocator+0x11c/0xf48 ext4_mb_new_blocks+0x790/0xaa8 ext4_ext_map_blocks+0x7cc/0xd20 ext4_map_blocks+0x170/0x600 ext4_iomap_begin+0x1c0/0x348 ========================================================= Here is a calculation when adjusting ac_b_ex in ext4_mb_new_inode_pa(): ex.fe_logical = orig_goal_end - EXT4_C2B(sbi, ex.fe_len); if (ac->ac_o_ex.fe_logical >= ex.fe_logical) goto adjust_bex; The problem is that when orig_goal_end is subtracted from ac_b_ex.fe_len it is still greater than EXT_MAX_BLOCKS, which causes ex.fe_logical to overflow to a very small value, which ultimately triggers a BUG_ON in ext4_mb_new_inode_pa() because pa->pa_free < len. The last logical block of an actual write request does not exceed EXT_MAX_BLOCKS, so in ext4_mb_normalize_request() also avoids normalizing the last logical block to exceed EXT_MAX_BLOCKS to avoid the above issue. The test case in [Link] can reproduce the above issue with 64k block size. Link: https://patchwork.kernel.org/project/fstests/list/?series=804003 Cc: <stable@kernel.org> # 6.4 Fixes: 93cdf49 ("ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()") Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20231127063313.3734294-1-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 1bc9191 - Browse repository at this point
Copy the full SHA 1bc9191View commit details -
arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify
commit 3c06960 upstream. It is currently possible for a userspace application to enter an infinite page fault loop when using HugeTLB pages implemented with contiguous PTEs when HAFDBS is not available. This happens because: 1. The kernel may sometimes write PTEs that are sw-dirty but hw-clean (PTE_DIRTY | PTE_RDONLY | PTE_WRITE). 2. If, during a write, the CPU uses a sw-dirty, hw-clean PTE in handling the memory access on a system without HAFDBS, we will get a page fault. 3. HugeTLB will check if it needs to update the dirty bits on the PTE. For contiguous PTEs, it will check to see if the pgprot bits need updating. In this case, HugeTLB wants to write a sequence of sw-dirty, hw-dirty PTEs, but it finds that all the PTEs it is about to overwrite are all pte_dirty() (pte_sw_dirty() => pte_dirty()), so it thinks no update is necessary. We can get the kernel to write a sw-dirty, hw-clean PTE with the following steps (showing the relevant VMA flags and pgprot bits): i. Create a valid, writable contiguous PTE. VMA vmflags: VM_SHARED | VM_READ | VM_WRITE VMA pgprot bits: PTE_RDONLY | PTE_WRITE PTE pgprot bits: PTE_DIRTY | PTE_WRITE ii. mprotect the VMA to PROT_NONE. VMA vmflags: VM_SHARED VMA pgprot bits: PTE_RDONLY PTE pgprot bits: PTE_DIRTY | PTE_RDONLY iii. mprotect the VMA back to PROT_READ | PROT_WRITE. VMA vmflags: VM_SHARED | VM_READ | VM_WRITE VMA pgprot bits: PTE_RDONLY | PTE_WRITE PTE pgprot bits: PTE_DIRTY | PTE_WRITE | PTE_RDONLY Make it impossible to create a writeable sw-dirty, hw-clean PTE with pte_modify(). Such a PTE should be impossible to create, and there may be places that assume that pte_dirty() implies pte_hw_dirty(). Signed-off-by: James Houghton <jthoughton@google.com> Fixes: 031e6e6 ("arm64: hugetlb: Avoid unnecessary clearing in huge_ptep_set_access_flags") Cc: <stable@vger.kernel.org> Acked-by: Will Deacon <will@kernel.org> Reviewed-by: Ryan Roberts <ryan.roberts@arm.com> Link: https://lore.kernel.org/r/20231204172646.2541916-3-jthoughton@google.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for c2134ed - Browse repository at this point
Copy the full SHA c2134edView commit details -
team: Fix use-after-free when an option instance allocation fails
commit c12296b upstream. In __team_options_register, team_options are allocated and appended to the team's option_list. If one option instance allocation fails, the "inst_rollback" cleanup path frees the previously allocated options but doesn't remove them from the team's option_list. This leaves dangling pointers that can be dereferenced later by other parts of the team driver that iterate over options. This patch fixes the cleanup path to remove the dangling pointers from the list. As far as I can tell, this uaf doesn't have much security implications since it would be fairly hard to exploit (an attacker would need to make the allocation of that specific small object fail) but it's still nice to fix. Cc: stable@vger.kernel.org Fixes: 80f7c66 ("team: add support for per-port options") Signed-off-by: Florent Revest <revest@chromium.org> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Reviewed-by: Hangbin Liu <liuhangbin@gmail.com> Link: https://lore.kernel.org/r/20231206123719.1963153-1-revest@chromium.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 8175dad - Browse repository at this point
Copy the full SHA 8175dadView commit details -
drm/amdgpu/sdma5.2: add begin/end_use ring callbacks
commit ab47503 upstream. Add begin/end_use ring callbacks to disallow GFXOFF when SDMA work is submitted and allow it again afterward. This should avoid corner cases where GFXOFF is erroneously entered when SDMA is still active. For now just allow/disallow GFXOFF in the begin and end helpers until we root cause the issue. This should not impact power as SDMA usage is pretty minimal and GFXOSS should not be active when SDMA is active anyway, this just makes it explicit. v2: move everything into sdma5.2 code. No reason for this to be generic at this point. v3: Add comments in new code Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2220 Reviewed-by: Mario Limonciello <mario.limonciello@amd.com> (v1) Tested-by: Mario Limonciello <mario.limonciello@amd.com> (v1) Reviewed-by: Christian König <christian.koenig@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Cc: stable@vger.kernel.org # 5.15+ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for f949428 - Browse repository at this point
Copy the full SHA f949428View commit details -
ring-buffer: Fix memory leak of free page
commit 17d8017 upstream. Reading the ring buffer does a swap of a sub-buffer within the ring buffer with a empty sub-buffer. This allows the reader to have full access to the content of the sub-buffer that was swapped out without having to worry about contention with the writer. The readers call ring_buffer_alloc_read_page() to allocate a page that will be used to swap with the ring buffer. When the code is finished with the reader page, it calls ring_buffer_free_read_page(). Instead of freeing the page, it stores it as a spare. Then next call to ring_buffer_alloc_read_page() will return this spare instead of calling into the memory management system to allocate a new page. Unfortunately, on freeing of the ring buffer, this spare page is not freed, and causes a memory leak. Link: https://lore.kernel.org/linux-trace-kernel/20231210221250.7b9cc83c@rorschach.local.home Cc: stable@vger.kernel.org Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Fixes: 73a757e ("ring-buffer: Return reader page back into existing ring buffer") Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 97e70d6 - Browse repository at this point
Copy the full SHA 97e70d6View commit details -
tracing: Update snapshot buffer on resize if it is allocated
commit d06aff1 upstream. The snapshot buffer is to mimic the main buffer so that when a snapshot is needed, the snapshot and main buffer are swapped. When the snapshot buffer is allocated, it is set to the minimal size that the ring buffer may be at and still functional. When it is allocated it becomes the same size as the main ring buffer, and when the main ring buffer changes in size, it should do. Currently, the resize only updates the snapshot buffer if it's used by the current tracer (ie. the preemptirqsoff tracer). But it needs to be updated anytime it is allocated. When changing the size of the main buffer, instead of looking to see if the current tracer is utilizing the snapshot buffer, just check if it is allocated to know if it should be updated or not. Also fix typo in comment just above the code change. Link: https://lore.kernel.org/linux-trace-kernel/20231210225447.48476a6a@rorschach.local.home Cc: stable@vger.kernel.org Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Fixes: ad909e2 ("tracing: Add internal tracing_snapshot() functions") Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 5479374 - Browse repository at this point
Copy the full SHA 5479374View commit details -
ring-buffer: Do not update before stamp when switching sub-buffers
commit 9e45e39 upstream. The ring buffer timestamps are synchronized by two timestamp placeholders. One is the "before_stamp" and the other is the "write_stamp" (sometimes referred to as the "after stamp" but only in the comments. These two stamps are key to knowing how to handle nested events coming in with a lockless system. When moving across sub-buffers, the before stamp is updated but the write stamp is not. There's an effort to put back the before stamp to something that seems logical in case there's nested events. But as the current event is about to cross sub-buffers, and so will any new nested event that happens, updating the before stamp is useless, and could even introduce new race conditions. The first event on a sub-buffer simply uses the sub-buffer's timestamp and keeps a "delta" of zero. The "before_stamp" and "write_stamp" are not used in the algorithm in this case. There's no reason to try to fix the before_stamp when this happens. As a bonus, it removes a cmpxchg() when crossing sub-buffers! Link: https://lore.kernel.org/linux-trace-kernel/20231211114420.36dde01b@gandalf.local.home Cc: stable@vger.kernel.org Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Fixes: a389d86 ("ring-buffer: Have nested events still record running time stamp") Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 8ed7d28 - Browse repository at this point
Copy the full SHA 8ed7d28View commit details -
ring-buffer: Have saved event hold the entire event
commit b049525 upstream. For the ring buffer iterator (non-consuming read), the event needs to be copied into the iterator buffer to make sure that a writer does not overwrite it while the user is reading it. If a write happens during the copy, the buffer is simply discarded. But the temp buffer itself was not big enough. The allocation of the buffer was only BUF_MAX_DATA_SIZE, which is the maximum data size that can be passed into the ring buffer and saved. But the temp buffer needs to hold the meta data as well. That would be BUF_PAGE_SIZE and not BUF_MAX_DATA_SIZE. Link: https://lore.kernel.org/linux-trace-kernel/20231212072558.61f76493@gandalf.local.home Cc: stable@vger.kernel.org Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Fixes: 785888c ("ring-buffer: Have rb_iter_head_event() handle concurrent writer") Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for e958731 - Browse repository at this point
Copy the full SHA e958731View commit details -
ring-buffer: Fix writing to the buffer with max_data_size
commit b3ae7b6 upstream. The maximum ring buffer data size is the maximum size of data that can be recorded on the ring buffer. Events must be smaller than the sub buffer data size minus any meta data. This size is checked before trying to allocate from the ring buffer because the allocation assumes that the size will fit on the sub buffer. The maximum size was calculated as the size of a sub buffer page (which is currently PAGE_SIZE minus the sub buffer header) minus the size of the meta data of an individual event. But it missed the possible adding of a time stamp for events that are added long enough apart that the event meta data can't hold the time delta. When an event is added that is greater than the current BUF_MAX_DATA_SIZE minus the size of a time stamp, but still less than or equal to BUF_MAX_DATA_SIZE, the ring buffer would go into an infinite loop, looking for a page that can hold the event. Luckily, there's a check for this loop and after 1000 iterations and a warning is emitted and the ring buffer is disabled. But this should never happen. This can happen when a large event is added first, or after a long period where an absolute timestamp is prefixed to the event, increasing its size by 8 bytes. This passes the check and then goes into the algorithm that causes the infinite loop. For events that are the first event on the sub-buffer, it does not need to add a timestamp, because the sub-buffer itself contains an absolute timestamp, and adding one is redundant. The fix is to check if the event is to be the first event on the sub-buffer, and if it is, then do not add a timestamp. This also fixes 32 bit adding a timestamp when a read of before_stamp or write_stamp is interrupted. There's still no need to add that timestamp if the event is going to be the first event on the sub buffer. Also, if the buffer has "time_stamp_abs" set, then also check if the length plus the timestamp is greater than the BUF_MAX_DATA_SIZE. Link: https://lore.kernel.org/all/20231212104549.58863438@gandalf.local.home/ Link: https://lore.kernel.org/linux-trace-kernel/20231212071837.5fdd6c13@gandalf.local.home Link: https://lore.kernel.org/linux-trace-kernel/20231212111617.39e02849@gandalf.local.home Cc: stable@vger.kernel.org Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Fixes: a4543a2 ("ring-buffer: Get timestamp after event is allocated") Fixes: 58fbc3c ("ring-buffer: Consolidate add_timestamp to remove some branches") Reported-by: Kent Overstreet <kent.overstreet@linux.dev> # (on IRC) Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for fb63b1f - Browse repository at this point
Copy the full SHA fb63b1fView commit details -
ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs
commit fff88fa upstream. Mathieu Desnoyers pointed out an issue in the rb_time_cmpxchg() for 32 bit architectures. That is: static bool rb_time_cmpxchg(rb_time_t *t, u64 expect, u64 set) { unsigned long cnt, top, bottom, msb; unsigned long cnt2, top2, bottom2, msb2; u64 val; /* The cmpxchg always fails if it interrupted an update */ if (!__rb_time_read(t, &val, &cnt2)) return false; if (val != expect) return false; <<<< interrupted here! cnt = local_read(&t->cnt); The problem is that the synchronization counter in the rb_time_t is read *after* the value of the timestamp is read. That means if an interrupt were to come in between the value being read and the counter being read, it can change the value and the counter and the interrupted process would be clueless about it! The counter needs to be read first and then the value. That way it is easy to tell if the value is stale or not. If the counter hasn't been updated, then the value is still good. Link: https://lore.kernel.org/linux-trace-kernel/20231211201324.652870-1-mathieu.desnoyers@efficios.com/ Link: https://lore.kernel.org/linux-trace-kernel/20231212115301.7a9c9a64@gandalf.local.home Cc: stable@vger.kernel.org Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Fixes: 10464b4 ("ring-buffer: Add rb_time_t 64 bit operations for speeding up 32 bit") Reported-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for b8d59ea - Browse repository at this point
Copy the full SHA b8d59eaView commit details -
ring-buffer: Do not try to put back write_stamp
commit dd93942 upstream. If an update to an event is interrupted by another event between the time the initial event allocated its buffer and where it wrote to the write_stamp, the code try to reset the write stamp back to the what it had just overwritten. It knows that it was overwritten via checking the before_stamp, and if it didn't match what it wrote to the before_stamp before it allocated its space, it knows it was overwritten. To put back the write_stamp, it uses the before_stamp it read. The problem here is that by writing the before_stamp to the write_stamp it makes the two equal again, which means that the write_stamp can be considered valid as the last timestamp written to the ring buffer. But this is not necessarily true. The event that interrupted the event could have been interrupted in a way that it was interrupted as well, and can end up leaving with an invalid write_stamp. But if this happens and returns to this context that uses the before_stamp to update the write_stamp again, it can possibly incorrectly make it valid, causing later events to have in correct time stamps. As it is OK to leave this function with an invalid write_stamp (one that doesn't match the before_stamp), there's no reason to try to make it valid again in this case. If this race happens, then just leave with the invalid write_stamp and the next event to come along will just add a absolute timestamp and validate everything again. Bonus points: This gets rid of another cmpxchg64! Link: https://lore.kernel.org/linux-trace-kernel/20231214222921.193037a7@gandalf.local.home Cc: stable@vger.kernel.org Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Cc: Joel Fernandes <joel@joelfernandes.org> Cc: Vincent Donnefort <vdonnefort@google.com> Fixes: a389d86 ("ring-buffer: Have nested events still record running time stamp") Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 529f020 - Browse repository at this point
Copy the full SHA 529f020View commit details -
USB: gadget: core: adjust uevent timing on gadget unbind
commit 73ea73a upstream. The KOBJ_CHANGE uevent is sent before gadget unbind is actually executed, resulting in inaccurate uevent emitted at incorrect timing (the uevent would have USB_UDC_DRIVER variable set while it would soon be removed). Move the KOBJ_CHANGE uevent to the end of the unbind function so that uevent is sent only after the change has been made. Fixes: 2ccea03 ("usb: gadget: introduce UDC Class") Cc: stable@vger.kernel.org Signed-off-by: Roy Luo <royluo@google.com> Link: https://lore.kernel.org/r/20231128221756.2591158-1-royluo@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 93e7655 - Browse repository at this point
Copy the full SHA 93e7655View commit details -
RDMA/irdma: Prevent zero-length STAG registration
commit bb6d73d upstream. Currently irdma allows zero-length STAGs to be programmed in HW during the kernel mode fast register flow. Zero-length MR or STAG registration disable HW memory length checks. Improve gaps in bounds checking in irdma by preventing zero-length STAG or MR registrations except if the IB_PD_UNSAFE_GLOBAL_RKEY is set. This addresses the disclosure CVE-2023-25775. Fixes: b48c24c ("RDMA/irdma: Implement device supported verb APIs") Signed-off-by: Christopher Bednarz <christopher.n.bednarz@intel.com> Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com> Link: https://lore.kernel.org/r/20230818144838.1758-1-shiraz.saleem@intel.com Signed-off-by: Leon Romanovsky <leon@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 410c05b - Browse repository at this point
Copy the full SHA 410c05bView commit details -
powerpc/ftrace: Create a dummy stackframe to fix stack unwind
commit 41a506e upstream. With ppc64 -mprofile-kernel and ppc32 -pg, profiling instructions to call into ftrace are emitted right at function entry. The instruction sequence used is minimal to reduce overhead. Crucially, a stackframe is not created for the function being traced. This breaks stack unwinding since the function being traced does not have a stackframe for itself. As such, it never shows up in the backtrace: /sys/kernel/debug/tracing # echo 1 > /proc/sys/kernel/stack_tracer_enabled /sys/kernel/debug/tracing # cat stack_trace Depth Size Location (17 entries) ----- ---- -------- 0) 4144 32 ftrace_call+0x4/0x44 1) 4112 432 get_page_from_freelist+0x26c/0x1ad0 2) 3680 496 __alloc_pages+0x290/0x1280 3) 3184 336 __folio_alloc+0x34/0x90 4) 2848 176 vma_alloc_folio+0xd8/0x540 5) 2672 272 __handle_mm_fault+0x700/0x1cc0 6) 2400 208 handle_mm_fault+0xf0/0x3f0 7) 2192 80 ___do_page_fault+0x3e4/0xbe0 8) 2112 160 do_page_fault+0x30/0xc0 9) 1952 256 data_access_common_virt+0x210/0x220 10) 1696 400 0xc00000000f16b100 11) 1296 384 load_elf_binary+0x804/0x1b80 12) 912 208 bprm_execve+0x2d8/0x7e0 13) 704 64 do_execveat_common+0x1d0/0x2f0 14) 640 160 sys_execve+0x54/0x70 15) 480 64 system_call_exception+0x138/0x350 16) 416 416 system_call_common+0x160/0x2c4 Fix this by having ftrace create a dummy stackframe for the function being traced. With this, backtraces now capture the function being traced: /sys/kernel/debug/tracing # cat stack_trace Depth Size Location (17 entries) ----- ---- -------- 0) 3888 32 _raw_spin_trylock+0x8/0x70 1) 3856 576 get_page_from_freelist+0x26c/0x1ad0 2) 3280 64 __alloc_pages+0x290/0x1280 3) 3216 336 __folio_alloc+0x34/0x90 4) 2880 176 vma_alloc_folio+0xd8/0x540 5) 2704 416 __handle_mm_fault+0x700/0x1cc0 6) 2288 96 handle_mm_fault+0xf0/0x3f0 7) 2192 48 ___do_page_fault+0x3e4/0xbe0 8) 2144 192 do_page_fault+0x30/0xc0 9) 1952 608 data_access_common_virt+0x210/0x220 10) 1344 16 0xc0000000334bbb50 11) 1328 416 load_elf_binary+0x804/0x1b80 12) 912 64 bprm_execve+0x2d8/0x7e0 13) 848 176 do_execveat_common+0x1d0/0x2f0 14) 672 192 sys_execve+0x54/0x70 15) 480 64 system_call_exception+0x138/0x350 16) 416 416 system_call_common+0x160/0x2c4 This results in two additional stores in the ftrace entry code, but produces reliable backtraces. Fixes: 1530866 ("powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI") Cc: stable@vger.kernel.org Signed-off-by: Naveen N Rao <naveen@kernel.org> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://msgid.link/20230621051349.759567-1-naveen@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 4624f5f - Browse repository at this point
Copy the full SHA 4624f5fView commit details -
powerpc/ftrace: Fix stack teardown in ftrace_no_trace
commit 4b3338a upstream. Commit 41a506e ("powerpc/ftrace: Create a dummy stackframe to fix stack unwind") added use of a new stack frame on ftrace entry to fix stack unwind. However, the commit missed updating the offset used while tearing down the ftrace stack when ftrace is disabled. Fix the same. In addition, the commit missed saving the correct stack pointer in pt_regs. Update the same. Fixes: 41a506e ("powerpc/ftrace: Create a dummy stackframe to fix stack unwind") Cc: stable@vger.kernel.org # v6.5+ Signed-off-by: Naveen N Rao <naveen@kernel.org> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://msgid.link/20231130065947.2188860-1-naveen@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for fa5f992 - Browse repository at this point
Copy the full SHA fa5f992View commit details -
r8152: avoid to change cfg for all devices
commit 0d4cda8 upstream. The rtl8152_cfgselector_probe() should set the USB configuration to the vendor mode only for the devices which the driver (r8152) supports. Otherwise, no driver would be used for such devices. Fixes: ec51fbd ("r8152: add USB device driver for config selection") Signed-off-by: Hayes Wang <hayeswang@realtek.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 07ba216 - Browse repository at this point
Copy the full SHA 07ba216View commit details -
r8152: remove rtl_vendor_mode function
commit 95a4c1d upstream. After commit ec51fbd ("r8152: add USB device driver for config selection"), the code about changing USB configuration in rtl_vendor_mode() wouldn't be run anymore. Therefore, the function could be removed. Signed-off-by: Hayes Wang <hayeswang@realtek.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for aa3cc80 - Browse repository at this point
Copy the full SHA aa3cc80View commit details -
r8152: fix the autosuspend doesn't work
commit 0fbd79c upstream. Set supports_autosuspend = 1 for the rtl8152_cfgselector_driver. Fixes: ec51fbd ("r8152: add USB device driver for config selection") Signed-off-by: Hayes Wang <hayeswang@realtek.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 4c11798 - Browse repository at this point
Copy the full SHA 4c11798View commit details -
Link: https://lore.kernel.org/r/20231218135049.738602288@linuxfoundation.org Tested-by: SeongJae Park <sj@kernel.org> Tested-by: Shuah Khan <skhan@linuxfoundation.org> Tested-by: Kelsey Steele <kelseysteele@linux.microsoft.com> Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> Tested-by: Allen Pais <apais@linux.microsoft.com> Tested-by: Florian Fainelli <florian.fainelli@broadcom.com> Tested-by: Ron Economos <re@w6rz.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 1d146b1 - Browse repository at this point
Copy the full SHA 1d146b1View commit details
Commits on Dec 23, 2023
-
ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message()
[ Upstream commit a088ac8 ] Use ksmbd_req_buf_next() in ksmbd_verify_smb_message(). Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 5fed9cb - Browse repository at this point
Copy the full SHA 5fed9cbView commit details -
ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()
[ Upstream commit 341b160 ] Use cmd helper variable in smb2_get_ksmbd_tcon(). Cc: Tom Talpey <tom@talpey.com> Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com> Cc: Steve French <smfrench@gmail.com> Cc: Hyunchul Lee <hyc.lee@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for a33bb60 - Browse repository at this point
Copy the full SHA a33bb60View commit details -
ksmbd: Remove redundant 'flush_workqueue()' calls
[ Upstream commit e8d585b ] 'destroy_workqueue()' already drains the queue before destroying it, so there is no need to flush it explicitly. Remove the redundant 'flush_workqueue()' calls. This was generated with coccinelle: @@ expression E; @@ - flush_workqueue(E); destroy_workqueue(E); Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 84af59b - Browse repository at this point
Copy the full SHA 84af59bView commit details -
[ Upstream commit 561a1cf ] As NTLM authentication is removed, md4 is no longer used. ksmbd remove md4 leftovers, i.e. select CRYPTO_MD4, MODULE_SOFTDEP md4. Acked-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 6cd90c0 - Browse repository at this point
Copy the full SHA 6cd90c0View commit details -
ksmbd: remove smb2_buf_length in smb2_hdr
[ Upstream commit cb45172 ] To move smb2_hdr to smbfs_common, This patch remove smb2_buf_length variable in smb2_hdr. Also, declare smb2_get_msg function to get smb2 request/response from ->request/response_buf. Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for e0c5842 - Browse repository at this point
Copy the full SHA e0c5842View commit details -
ksmbd: remove smb2_buf_length in smb2_transform_hdr
[ Upstream commit 2dd9129 ] To move smb2_transform_hdr to smbfs_common, This patch remove smb2_buf_length variable in smb2_transform_hdr. Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 199b8b5 - Browse repository at this point
Copy the full SHA 199b8b5View commit details -
ksmbd: change LeaseKey data type to u8 array
[ Upstream commit 2734b69 ] cifs define LeaseKey as u8 array in structure. To move lease structure to smbfs_common, ksmbd change LeaseKey data type to u8 array. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 7833bd3 - Browse repository at this point
Copy the full SHA 7833bd3View commit details -
ksmbd: use oid registry functions to decode OIDs
[ Upstream commit 2942774 ] Use look_up_OID to decode OIDs rather than implementing functions. Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 82ae5fe - Browse repository at this point
Copy the full SHA 82ae5feView commit details -
ksmbd: Remove unused parameter from smb2_get_name()
[ Upstream commit 80917f1 ] The 'share' parameter is no longer used by smb2_get_name() since commit 265fd19 ("ksmbd: use LOOKUP_BENEATH to prevent the out of share access"). Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for de203cd - Browse repository at this point
Copy the full SHA de203cdView commit details -
ksmbd: Remove unused fields from ksmbd_file struct definition
[ Upstream commit 305f8bd ] These fields are remnants of the not upstreamed SMB1 code. Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for a632567 - Browse repository at this point
Copy the full SHA a632567View commit details -
ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO
[ Upstream commit a58b45a ] Set ipv4 and ipv6 address in FSCTL_QUERY_NETWORK_INTERFACE_INFO. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for e5b0497 - Browse repository at this point
Copy the full SHA e5b0497View commit details -
ksmbd: Fix buffer_check_err() kernel-doc comment
[ Upstream commit e230d01 ] Add the description of @rsp_org in buffer_check_err() kernel-doc comment to remove a warning found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/smb2pdu.c:4028: warning: Function parameter or member 'rsp_org' not described in 'buffer_check_err' Reported-by: Abaci Robot <abaci@linux.alibaba.com> Fixes: cb45172 ("ksmbd: remove smb2_buf_length in smb2_hdr") Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 2fa426c - Browse repository at this point
Copy the full SHA 2fa426cView commit details -
ksmbd: Fix smb2_set_info_file() kernel-doc comment
[ Upstream commit 4bfd9ee ] Fix argument list that the kdoc format and script verified in smb2_set_info_file(). The warnings were found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/smb2pdu.c:5862: warning: Function parameter or member 'req' not described in 'smb2_set_info_file' fs/ksmbd/smb2pdu.c:5862: warning: Excess function parameter 'info_class' description in 'smb2_set_info_file' Reported-by: Abaci Robot <abaci@linux.alibaba.com> Fixes: 9496e26 ("ksmbd: add request buffer validation in smb2_set_info") Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 3616744 - Browse repository at this point
Copy the full SHA 3616744View commit details -
ksmbd: Delete an invalid argument description in smb2_populate_readdi…
…r_entry() [ Upstream commit f5c3813 ] A warning is reported because an invalid argument description, it is found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/smb2pdu.c:3406: warning: Excess function parameter 'user_ns' description in 'smb2_populate_readdir_entry' Reported-by: Abaci Robot <abaci@linux.alibaba.com> Fixes: 475d6f9 ("ksmbd: fix translation in smb2_populate_readdir_entry()") Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for dd56eb3 - Browse repository at this point
Copy the full SHA dd56eb3View commit details -
ksmbd: Fix smb2_get_name() kernel-doc comment
[ Upstream commit d4eeb82 ] Remove some warnings found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/smb2pdu.c:623: warning: Function parameter or member 'local_nls' not described in 'smb2_get_name' fs/ksmbd/smb2pdu.c:623: warning: Excess function parameter 'nls_table' description in 'smb2_get_name' Reported-by: Abaci Robot <abaci@linux.alibaba.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 91d7307 - Browse repository at this point
Copy the full SHA 91d7307View commit details -
ksmbd: register ksmbd ib client with ib_register_client()
[ Upstream commit 31928a0 ] Register ksmbd ib client with ib_register_client() to find the rdma capable network adapter. If ops.get_netdev(Chelsio NICs) is NULL, ksmbd will find it using ib_device_get_by_netdev in old way. Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 178ecc3 - Browse repository at this point
Copy the full SHA 178ecc3View commit details -
ksmbd: set 445 port to smbdirect port by default
[ Upstream commit cb097b3 ] When SMB Direct is used with iWARP, Windows use 5445 port for smb direct port, 445 port for SMB. This patch check ib_device using ib_client to know if NICs type is iWARP or Infiniband. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 8a49ab3 - Browse repository at this point
Copy the full SHA 8a49ab3View commit details -
ksmbd: smbd: call rdma_accept() under CM handler
[ Upstream commit 99b7650 ] if CONFIG_LOCKDEP is enabled, the following kernel warning message is generated because rdma_accept() checks whehter the handler_mutex is held by lockdep_assert_held. CM(Connection Manager) holds the mutex before CM handler callback is called. [ 63.211405 ] WARNING: CPU: 1 PID: 345 at drivers/infiniband/core/cma.c:4405 rdma_accept+0x17a/0x350 [ 63.212080 ] RIP: 0010:rdma_accept+0x17a/0x350 ... [ 63.214036 ] Call Trace: [ 63.214098 ] <TASK> [ 63.214185 ] smb_direct_accept_client+0xb4/0x170 [ksmbd] [ 63.214412 ] smb_direct_prepare+0x322/0x8c0 [ksmbd] [ 63.214555 ] ? rcu_read_lock_sched_held+0x3a/0x70 [ 63.214700 ] ksmbd_conn_handler_loop+0x63/0x270 [ksmbd] [ 63.214826 ] ? ksmbd_conn_alive+0x80/0x80 [ksmbd] [ 63.214952 ] kthread+0x171/0x1a0 [ 63.215039 ] ? set_kthread_struct+0x40/0x40 [ 63.215128 ] ret_from_fork+0x22/0x30 To avoid this, move creating a queue pair and accepting a client from transport_ops->prepare() to smb_direct_handle_connect_request(). Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 97b3a08 - Browse repository at this point
Copy the full SHA 97b3a08View commit details -
[ Upstream commit c9f1892 ] Create a memory region pool because rdma_rw_ctx_init() uses memory registration if memory registration yields better performance than using multiple SGE entries. Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for ba7c3ff - Browse repository at this point
Copy the full SHA ba7c3ffView commit details -
ksmbd: smbd: change the default maximum read/write, receive size
[ Upstream commit 4d02c4f ] Due to restriction that cannot handle multiple buffer descriptor structures, decrease the maximum read/write size for Windows clients. And set the maximum fragmented receive size in consideration of the receive queue size. Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for d15077a - Browse repository at this point
Copy the full SHA d15077aView commit details -
ksmbd: add smb-direct shutdown
[ Upstream commit 136dff3 ] When killing ksmbd server after connecting rdma, ksmbd threads does not terminate properly because the rdma connection is still alive. This patch add shutdown operation to disconnect rdma connection while ksmbd threads terminate. Signed-off-by: Yufan Chen <wiz.chen@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 51d0b87 - Browse repository at this point
Copy the full SHA 51d0b87View commit details -
ksmbd: smbd: fix missing client's memory region invalidation
[ Upstream commit 2fd5dcb ] if the Channel of a SMB2 WRITE request is SMB2_CHANNEL_RDMA_V1_INVALIDTE, a client does not invalidate its memory regions but ksmbd must do it by sending a SMB2 WRITE response with IB_WR_SEND_WITH_INV. But if errors occur while processing a SMB2 READ/WRITE request, ksmbd sends a response with IB_WR_SEND. So a client could use memory regions already in use. Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 858b964 - Browse repository at this point
Copy the full SHA 858b964View commit details -
ksmbd: smbd: validate buffer descriptor structures
[ Upstream commit 6d896d3 ] Check ChannelInfoOffset and ChannelInfoLength to validate buffer descriptor structures. And add a debug log to print the structures' content. Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 09b4c60 - Browse repository at this point
Copy the full SHA 09b4c60View commit details -
ksmbd: add support for key exchange
[ Upstream commit f9929ef ] When mounting cifs client, can see the following warning message. CIFS: decode_ntlmssp_challenge: authentication has been weakened as server does not support key exchange To remove this warning message, Add support for key exchange feature to ksmbd. This patch decrypts 16-byte ciphertext value sent by the client using RC4 with session key. The decrypted value is the recovered secondary key that will use instead of the session key for signing and sealing. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for c5049d2 - Browse repository at this point
Copy the full SHA c5049d2View commit details -
ksmbd: use netif_is_bridge_port
[ Upstream commit 1b699bf ] Use netif_is_bridge_port defined in <linux/netdevice.h> instead of open-coding it. Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 170598b - Browse repository at this point
Copy the full SHA 170598bView commit details -
ksmbd: store fids as opaque u64 integers
[ Upstream commit 2d004c6 ] There is no need to store the fids as le64 integers as they are opaque to the client and only used for equality. Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz> Reviewed-by: Tom Talpey <tom@talpey.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for a5a8c91 - Browse repository at this point
Copy the full SHA a5a8c91View commit details -
ksmbd: shorten experimental warning on loading the module
[ Upstream commit adc3282 ] ksmbd is continuing to improve. Shorten the warning message logged the first time it is loaded to: "The ksmbd server is experimental" Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 7ee6f9b - Browse repository at this point
Copy the full SHA 7ee6f9bView commit details -
ksmbd: Remove a redundant zeroing of memory
[ Upstream commit 56b401f ] fill_transform_hdr() has only one caller that already clears tr_buf (it is kzalloc'ed). So there is no need to clear it another time here. Remove the superfluous memset() and add a comment to remind that the caller must clear the buffer. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Acked-by: Hyunchul Lee <hyc.lee@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for a521386 - Browse repository at this point
Copy the full SHA a521386View commit details -
ksmbd: replace usage of found with dedicated list iterator variable
[ Upstream commit edf5f05 ] To move the list iterator variable into the list_for_each_entry_*() macro in the future it should be avoided to use the list iterator variable after the loop body. To *never* use the list iterator variable after the loop it was concluded to use a separate iterator variable instead of a found boolean [1]. This removes the need to use a found variable and simply checking if the variable was set, can determine if the break/goto was hit. Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/ Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for dc23294 - Browse repository at this point
Copy the full SHA dc23294View commit details -
smb3: fix ksmbd bigendian bug in oplock break, and move its struct to…
… smbfs_common [ Upstream commit c7803b0 ] Fix an endian bug in ksmbd for one remaining use of Persistent/VolatileFid that unnecessarily converted it (it is an opaque endian field that does not need to be and should not be converted) in oplock_break for ksmbd, and move the definitions for the oplock and lease break protocol requests and responses to fs/smbfs_common/smb2pdu.h Also move a few more definitions for various protocol requests that were duplicated (in fs/cifs/smb2pdu.h and fs/ksmbd/smb2pdu.h) into fs/smbfs_common/smb2pdu.h including: - various ioctls and reparse structures - validate negotiate request and response structs - duplicate extents structs Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz> Reviewed-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for e9a3251 - Browse repository at this point
Copy the full SHA e9a3251View commit details -
ksmbd: remove filename in ksmbd_file
[ Upstream commit 50f500b ] If the filename is change by underlying rename the server, fp->filename and real filename can be different. This patch remove the uses of fp->filename in ksmbd and replace it with d_path(). Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 8e32e15 - Browse repository at this point
Copy the full SHA 8e32e15View commit details -
ksmbd: validate length in smb2_write()
[ Upstream commit 158a66b ] The SMB2 Write packet contains data that is to be written to a file or to a pipe. Depending on the client, there may be padding between the header and the data field. Currently, the length is validated only in the case padding is present. Since the DataOffset field always points to the beginning of the data, there is no need to have a special case for padding. By removing this, the length is validated in both cases. Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 6bb4399 - Browse repository at this point
Copy the full SHA 6bb4399View commit details -
ksmbd: smbd: change prototypes of RDMA read/write related functions
[ Upstream commit 1807abc ] Change the prototypes of RDMA read/write operations to accept a pointer and length of buffer descriptors. Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 982fcde - Browse repository at this point
Copy the full SHA 982fcdeView commit details -
ksmbd: smbd: introduce read/write credits for RDMA read/write
[ Upstream commit ddbdc86 ] SMB2_READ/SMB2_WRITE request has to be granted the number of rw credits, the pages the request wants to transfer / the maximum pages which can be registered with one MR to read and write a file. And allocate enough RDMA resources for the maximum number of rw credits allowed by ksmbd. Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for f17ed7b - Browse repository at this point
Copy the full SHA f17ed7bView commit details -
ksmbd: smbd: simplify tracking pending packets
[ Upstream commit 11659a8 ] Because we don't have to tracking pending packets by dividing these into packets with payload and packets without payload, merge the tracking code. Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 30bd0df - Browse repository at this point
Copy the full SHA 30bd0dfView commit details -
ksmbd: smbd: change the return value of get_sg_list
[ Upstream commit 4e3edd0 ] Make get_sg_list return EINVAL if there aren't mapped scatterlists. Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 673c186 - Browse repository at this point
Copy the full SHA 673c186View commit details -
ksmbd: smbd: handle multiple Buffer descriptors
[ Upstream commit ee1b055 ] Make ksmbd handle multiple buffer descriptors when reading and writing files using SMB direct: Post the work requests of rdma_rw_ctx for RDMA read/write in smb_direct_rdma_xmit(), and the work request for the READ/WRITE response with a remote invalidation in smb_direct_writev(). Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 918a690 - Browse repository at this point
Copy the full SHA 918a690View commit details -
ksmbd: fix wrong smbd max read/write size check
[ Upstream commit 7a84399 ] smb-direct max read/write size can be different with smb2 max read/write size. So smb2_read() can return error by wrong max read/write size check. This patch use smb_direct_max_read_write_size for this check in smb-direct read/write(). Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 81602ee - Browse repository at this point
Copy the full SHA 81602eeView commit details -
ksmbd: Fix some kernel-doc comments
[ Upstream commit 7820c6e ] Remove some warnings found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/misc.c:30: warning: Function parameter or member 'str' not described in 'match_pattern' fs/ksmbd/misc.c:30: warning: Excess function parameter 'string' description in 'match_pattern' fs/ksmbd/misc.c:163: warning: Function parameter or member 'share' not described in 'convert_to_nt_pathname' fs/ksmbd/misc.c:163: warning: Function parameter or member 'path' not described in 'convert_to_nt_pathname' fs/ksmbd/misc.c:163: warning: Excess function parameter 'filename' description in 'convert_to_nt_pathname' fs/ksmbd/misc.c:163: warning: Excess function parameter 'sharepath' description in 'convert_to_nt_pathname' fs/ksmbd/misc.c:259: warning: Function parameter or member 'share' not described in 'convert_to_unix_name' fs/ksmbd/misc.c:259: warning: Function parameter or member 'name' not described in 'convert_to_unix_name' fs/ksmbd/misc.c:259: warning: Excess function parameter 'path' description in 'convert_to_unix_name' fs/ksmbd/misc.c:259: warning: Excess function parameter 'tid' description in 'convert_to_unix_name' Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 32af379 - Browse repository at this point
Copy the full SHA 32af379View commit details -
ksmbd: smbd: fix connection dropped issue
[ Upstream commit 5366afc ] When there are bursty connection requests, RDMA connection event handler is deferred and Negotiation requests are received even if connection status is NEW. To handle it, set the status to CONNECTED if Negotiation requests are received. Reported-by: Yufan Chen <wiz.chen@gmail.com> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Tested-by: Yufan Chen <wiz.chen@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 9d609b5 - Browse repository at this point
Copy the full SHA 9d609b5View commit details -
ksmbd: smbd: relax the count of sges required
[ Upstream commit 621433b ] Remove the condition that the count of sges must be greater than or equal to SMB_DIRECT_MAX_SEND_SGES(8). Because ksmbd needs sges only for SMB direct header, SMB2 transform header, SMB2 response, and optional payload. Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Tom Talpey <tom@talpey.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for ff403db - Browse repository at this point
Copy the full SHA ff403dbView commit details -
ksmbd: smbd: Remove useless license text when SPDX-License-Identifier…
… is already used [ Upstream commit 06ee1c0 ] An SPDX-License-Identifier is already in place. There is no need to duplicate part of the corresponding license. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for d4b374f - Browse repository at this point
Copy the full SHA d4b374fView commit details -
ksmbd: remove duplicate flag set in smb2_write
[ Upstream commit 745bbc0 ] The writethrough flag is set again if is_rdma_channel is false. Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 8d0f823 - Browse repository at this point
Copy the full SHA 8d0f823View commit details -
ksmbd: remove unused ksmbd_share_configs_cleanup function
[ Upstream commit 1c90b54 ] remove unused ksmbd_share_configs_cleanup function. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 1f82ecb - Browse repository at this point
Copy the full SHA 1f82ecbView commit details -
ksmbd: use wait_event instead of schedule_timeout()
[ Upstream commit a14c573 ] ksmbd threads eating masses of cputime when connection is disconnected. If connection is disconnected, ksmbd thread waits for pending requests to be processed using schedule_timeout. schedule_timeout() incorrectly is used, and it is more efficient to use wait_event/wake_up than to check r_count every time with timeout. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for c7aff8b - Browse repository at this point
Copy the full SHA c7aff8bView commit details -
ksmbd: request update to stale share config
[ Upstream commit 4963d74 ] ksmbd_share_config_get() retrieves the cached share config as long as there is at least one connection to the share. This is an issue when the user space utilities are used to update share configs. In that case there is a need to inform ksmbd that it should not use the cached share config for a new connection to the share. With these changes the tree connection flag KSMBD_TREE_CONN_FLAG_UPDATE indicates this. When this flag is set, ksmbd removes the share config from the shares hash table meaning that ksmbd_share_config_get() ends up requesting a share config from user space. Signed-off-by: Atte Heikkilä <atteh.mailbox@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for ebb8c61 - Browse repository at this point
Copy the full SHA ebb8c61View commit details -
ksmbd: remove unnecessary generic_fillattr in smb2_open
[ Upstream commit c90b31e ] Remove unnecessary generic_fillattr to fix wrong AllocationSize of SMB2_CREATE response, And Move the call of ksmbd_vfs_getattr above the place where stat is needed because of truncate. This patch fixes wrong AllocationSize of SMB2_CREATE response. Because ext4 updates inode->i_blocks only when disk space is allocated, generic_fillattr does not set stat.blocks properly for delayed allocation. But ext4 returns the blocks that include the delayed allocation blocks when getattr is called. The issue can be reproduced with commands below: touch ${FILENAME} xfs_io -c "pwrite -S 0xAB 0 40k" ${FILENAME} xfs_io -c "stat" ${FILENAME} 40KB are written, but the count of blocks is 8. Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for a7ddc49 - Browse repository at this point
Copy the full SHA a7ddc49View commit details -
ksmbd: don't open-code file_path()
[ Upstream commit 2f5930c ] Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for d6686d5 - Browse repository at this point
Copy the full SHA d6686d5View commit details -
[ Upstream commit 369c163 ] a bunch of places used %pd with file->f_path.dentry; shorter (and saner) way to spell that is %pD with file... Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for b79a9f9 - Browse repository at this point
Copy the full SHA b79a9f9View commit details -
[ Upstream commit c22180a ] ... in particular, there should never be a non-const pointers to any file->f_path. Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for aa77fc8 - Browse repository at this point
Copy the full SHA aa77fc8View commit details -
ksmbd: remove generic_fillattr use in smb2_open()
[ Upstream commit 823d0d3 ] Removed the use of unneeded generic_fillattr() in smb2_open(). Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 43e2963 - Browse repository at this point
Copy the full SHA 43e2963View commit details -
ksmbd: casefold utf-8 share names and fix ascii lowercase conversion
[ Upstream commit 16b5f54 ] strtolower() corrupts all UTF-8 share names that have a byte in the C0 (À ISO8859-1) to DE (Þ ISO8859-1) range, since the non-ASCII part of ISO8859-1 is incompatible with UTF-8. Prevent this by checking that a byte is in the ASCII range with isascii(), before the conversion to lowercase with tolower(). Properly handle case-insensitivity of UTF-8 share names by casefolding them, but fallback to ASCII lowercase conversion on failure or if CONFIG_UNICODE is not set. Refactor to move the share name casefolding immediately after the share name extraction. Also, make the associated constness corrections. Signed-off-by: Atte Heikkilä <atteh.mailbox@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 62e6846 - Browse repository at this point
Copy the full SHA 62e6846View commit details -
ksmbd: change security id to the one samba used for posix extension
[ Upstream commit 5609bdd ] Samba set SIDOWNER and SIDUNIX_GROUP in create posix context and set SIDUNIX_USER/GROUP in other sids for posix extension. This patch change security id to the one samba used. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 813ef06 - Browse repository at this point
Copy the full SHA 813ef06View commit details -
ksmbd: set file permission mode to match Samba server posix extension…
… behavior [ Upstream commit f6c2b20 ] Set file permission mode to match Samba server posix extension behavior. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 95b72ed - Browse repository at this point
Copy the full SHA 95b72edView commit details -
ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response
[ Upstream commit d5919f2 ] This patch fill missing sids in SMB_FIND_FILE_POSIX_INFO response. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for e925de7 - Browse repository at this point
Copy the full SHA e925de7View commit details -
ksmbd: fix encryption failure issue for session logoff response
[ Upstream commit af705ef ] If client send encrypted session logoff request on seal mount, Encryption for that response fails. ksmbd: Could not get encryption key CIFS: VFS: cifs_put_smb_ses: Session Logoff failure rc=-512 Session lookup fails in ksmbd_get_encryption_key() because sess->state is set to SMB2_SESSION_EXPIRED in session logoff. There is no need to do session lookup again to encrypt the response. This patch change to use ksmbd_session in ksmbd_work. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 4d796ff - Browse repository at this point
Copy the full SHA 4d796ffView commit details -
ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob
[ Upstream commit 5bedae9 ] If NTLMSSP_NEGOTIATE_SEAL flags is set in negotiate blob from client, Set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for d5a3b10 - Browse repository at this point
Copy the full SHA d5a3b10View commit details -
ksmbd: decrease the number of SMB3 smbdirect server SGEs
[ Upstream commit 2b4eeea ] The server-side SMBDirect layer requires no more than 6 send SGEs The previous default of 8 causes ksmbd to fail on the SoftiWARP (siw) provider, and possibly others. Additionally, large numbers of SGEs reduces performance significantly on adapter implementations. Signed-off-by: Tom Talpey <tom@talpey.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for fe4d097 - Browse repository at this point
Copy the full SHA fe4d097View commit details -
ksmbd: reduce server smbdirect max send/receive segment sizes
[ Upstream commit 78af146 ] Reduce ksmbd smbdirect max segment send and receive size to 1364 to match protocol norms. Larger buffers are unnecessary and add significant memory overhead. Signed-off-by: Tom Talpey <tom@talpey.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 507cb10 - Browse repository at this point
Copy the full SHA 507cb10View commit details -
ksmbd: hide socket error message when ipv6 config is disable
[ Upstream commit 5876e99 ] When ipv6 config is disable(CONFIG_IPV6 is not set), ksmbd fallback to create ipv4 socket. User reported that this error message lead to misunderstood some issue. Users have requested not to print this error message that occurs even though there is no problem. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Acked-by: Tom Talpey <tom@talpey.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 131e308 - Browse repository at this point
Copy the full SHA 131e308View commit details -
ksmbd: make utf-8 file name comparison work in __caseless_lookup()
[ Upstream commit dbab80e ] Case-insensitive file name lookups with __caseless_lookup() use strncasecmp() for file name comparison. strncasecmp() assumes an ISO8859-1-compatible encoding, which is not the case here as UTF-8 is always used. As such, use of strncasecmp() here produces correct results only if both strings use characters in the ASCII range only. Fix this by using utf8_strncasecmp() if CONFIG_UNICODE is set. On failure or if CONFIG_UNICODE is not set, fallback to strncasecmp(). Also, as we are adding an include for `linux/unicode.h', include it in `fs/ksmbd/connection.h' as well since it should be explicit there. Signed-off-by: Atte Heikkilä <atteh.mailbox@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for b3e852b - Browse repository at this point
Copy the full SHA b3e852bView commit details -
ksmbd: call ib_drain_qp when disconnected
[ Upstream commit 141fa98 ] When disconnected, call ib_drain_qp to cancel all pending work requests and prevent ksmbd_conn_handler_loop from waiting for a long time for those work requests to compelete. Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Tom Talpey <tom@talpey.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for ef97ccd - Browse repository at this point
Copy the full SHA ef97ccdView commit details -
ksmbd: validate share name from share config response
[ Upstream commit f5ba1cd ] Share config response may contain the share name without casefolding as it is known to the user space daemon. When it is present, casefold and compare it to the share name the share config request was made with. If they differ, we have a share config which is incompatible with the way share config caching is done. This is the case when CONFIG_UNICODE is not set, the share name contains non-ASCII characters, and those non- ASCII characters do not match those in the share name known to user space. In other words, when CONFIG_UNICODE is not set, UTF-8 share names now work but are only case-insensitive in the ASCII range. Signed-off-by: Atte Heikkilä <atteh.mailbox@gmail.com> Acked-by: Tom Talpey <tom@talpey.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 2bdd995 - Browse repository at this point
Copy the full SHA 2bdd995View commit details -
ksmbd: replace one-element arrays with flexible-array members
[ Upstream commit d272e01 ] One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element arrays with flexible-array members in multiple structs in fs/ksmbd/smb_common.h and one in fs/ksmbd/smb2pdu.h. Important to mention is that doing a build before/after this patch results in no binary output differences. This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines on memcpy() and help us make progress towards globally enabling -fstrict-flex-arrays=3 [1]. Link: KSPP#242 Link: KSPP#79 Link: https://gcc.gnu.org/pipermail/gcc-patches/2022-October/602902.html [1] Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/Y3OxronfaPYv9qGP@work Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 64b4d72 - Browse repository at this point
Copy the full SHA 64b4d72View commit details -
ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encrypt…
…ion for this share [ Upstream commit 37ba7b0 ] Currently, SMB2_SESSION_FLAG_ENCRYPT_DATA is always set session setup response. Since this forces data encryption from the client, there is a problem that data is always encrypted regardless of the use of the cifs seal mount option. SMB2_SESSION_FLAG_ENCRYPT_DATA should be set according to KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION flags, and in case of KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION_OFF, encryption mode is turned off for all connections. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 8263acd - Browse repository at this point
Copy the full SHA 8263acdView commit details -
ksmbd: use F_SETLK when unlocking a file
[ Upstream commit 7ecbe92 ] ksmbd seems to be trying to use a cmd value of 0 when unlocking a file. That activity requires a type of F_UNLCK with a cmd of F_SETLK. For local POSIX locking, it doesn't matter much since vfs_lock_file ignores @cmd, but filesystems that define their own ->lock operation expect to see it set sanely. Cc: David Howells <dhowells@redhat.com> Signed-off-by: Jeff Layton <jlayton@kernel.org> Reviewed-by: David Howells <dhowells@redhat.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 9ea6b43 - Browse repository at this point
Copy the full SHA 9ea6b43View commit details -
ksmbd: Fix resource leak in smb2_lock()
[ Upstream commit 01f6c61 ] "flock" is leaked if an error happens before smb2_lock_init(), as the lock is not added to the lock_list to be cleaned up. Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 46c517b - Browse repository at this point
Copy the full SHA 46c517bView commit details -
ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs
[ Upstream commit 72ee45f ] Follow the advice of the Documentation/filesystems/sysfs.rst and show() should only use sysfs_emit() or sysfs_emit_at() when formatting the value to be returned to user space. Signed-off-by: ye xingchen <ye.xingchen@zte.com.cn> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for bcab5c8 - Browse repository at this point
Copy the full SHA bcab5c8View commit details -
ksmbd: send proper error response in smb2_tree_connect()
[ Upstream commit cdfb2fe ] Currently, smb2_tree_connect doesn't send an error response packet on error. This causes libsmb2 to skip the specific error code and fail with the following: smb2_service failed with : Failed to parse fixed part of command payload. Unexpected size of Error reply. Expected 9, got 8 Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for d7f088d - Browse repository at this point
Copy the full SHA d7f088dView commit details -
ksmbd: Implements sess->ksmbd_chann_list as xarray
[ Upstream commit 1d9c417 ] For some ops on channel: 1. lookup_chann_list(), possibly on high frequency. 2. ksmbd_chann_del(). Connection is used as indexing key to lookup channel, in that case, linear search based on list may suffer a bit for performance. Implements sess->ksmbd_chann_list as xarray. Signed-off-by: Dawei Li <set_pte_at@outlook.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for b1caecb - Browse repository at this point
Copy the full SHA b1caecbView commit details -
ksmbd: Implements sess->rpc_handle_list as xarray
[ Upstream commit b685757 ] For some ops on rpc handle: 1. ksmbd_session_rpc_method(), possibly on high frequency. 2. ksmbd_session_rpc_close(). id is used as indexing key to lookup channel, in that case, linear search based on list may suffer a bit for performance. Implements sess->rpc_handle_list as xarray. Signed-off-by: Dawei Li <set_pte_at@outlook.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 1f485b5 - Browse repository at this point
Copy the full SHA 1f485b5View commit details -
ksmbd: fix typo, syncronous->synchronous
[ Upstream commit f8d6e74 ] syncronous->synchronous Signed-off-by: Dawei Li <set_pte_at@outlook.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for b15734e - Browse repository at this point
Copy the full SHA b15734eView commit details -
ksmbd: Remove duplicated codes
[ Upstream commit 7010357 ] ksmbd_neg_token_init_mech_token() and ksmbd_neg_token_targ_resp_token() share same implementation, unify them. Signed-off-by: Dawei Li <set_pte_at@outlook.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for a35ebf6 - Browse repository at this point
Copy the full SHA a35ebf6View commit details -
ksmbd: update Kconfig to note Kerberos support and fix indentation
[ Upstream commit d280a95 ] Fix indentation of server config options, and also since support for very old, less secure, NTLM authentication was removed (and quite a while ago), remove the mention of that in Kconfig, but do note Kerberos (not just NTLMv2) which are supported and much more secure. Acked-by: Namjae Jeon <linkinjeon@kernel.org> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 1f1aca1 - Browse repository at this point
Copy the full SHA 1f1aca1View commit details -
ksmbd: Fix spelling mistake "excceed" -> "exceeded"
[ Upstream commit 7a17c61 ] There is a spelling mistake in an error message. Fix it. Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 0d3f06f - Browse repository at this point
Copy the full SHA 0d3f06fView commit details -
ksmbd: Fix parameter name and comment mismatch
[ Upstream commit 63f09a9 ] fs/ksmbd/vfs.c:965: warning: Function parameter or member 'attr_value' not described in 'ksmbd_vfs_setxattr'. Reported-by: Abaci Robot <abaci@linux.alibaba.com> Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=3946 Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for d625db8 - Browse repository at this point
Copy the full SHA d625db8View commit details -
ksmbd: fix possible memory leak in smb2_lock()
[ Upstream commit d3ca9f7 ] argv needs to be free when setup_async_work fails or when the current process is woken up. Fixes: e2f3448 ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Signed-off-by: Hangyu Hua <hbh25y@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for bfe8372 - Browse repository at this point
Copy the full SHA bfe8372View commit details -
ksmbd: fix wrong signingkey creation when encryption is AES256
[ Upstream commit 7a891d4 ] MacOS and Win11 support AES256 encrytion and it is included in the cipher array of encryption context. Especially on macOS, The most preferred cipher is AES256. Connecting to ksmbd fails on newer MacOS clients that support AES256 encryption. MacOS send disconnect request after receiving final session setup response from ksmbd. Because final session setup is signed with signing key was generated incorrectly. For signging key, 'L' value should be initialized to 128 if key size is 16bytes. Cc: stable@vger.kernel.org Reported-by: Miao Lihua <441884205@qq.com> Tested-by: Miao Lihua <441884205@qq.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 289b46f - Browse repository at this point
Copy the full SHA 289b46fView commit details -
ksmbd: remove unused is_char_allowed function
[ Upstream commit 2824861 ] clang with W=1 reports fs/ksmbd/unicode.c:122:19: error: unused function 'is_char_allowed' [-Werror,-Wunused-function] static inline int is_char_allowed(char *ch) ^ This function is not used so remove it. Signed-off-by: Tom Rix <trix@redhat.com> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 427caad - Browse repository at this point
Copy the full SHA 427caadView commit details -
ksmbd: delete asynchronous work from list
[ Upstream commit 3a9b557 ] When smb2_lock request is canceled by smb2_cancel or smb2_close(), ksmbd is missing deleting async_request_entry async_requests list. Because calling init_smb2_rsp_hdr() in smb2_lock() mark ->synchronous as true and then it will not be deleted in ksmbd_conn_try_dequeue_request(). This patch add release_async_work() to release the ones allocated for async work. Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 9494242 - Browse repository at this point
Copy the full SHA 9494242View commit details -
ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
[ Upstream commit dc8289f ] When smb1 mount fails, KASAN detect slab-out-of-bounds in init_smb2_rsp_hdr like the following one. For smb1 negotiate(56bytes) , init_smb2_rsp_hdr() for smb2 is called. The issue occurs while handling smb1 negotiate as smb2 server operations. Add smb server operations for smb1 (get_cmd_val, init_rsp_hdr, allocate_rsp_buf, check_user_session) to handle smb1 negotiate so that smb2 server operation does not handle it. [ 411.400423] CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers [ 411.400452] CIFS: Attempting to mount \\192.168.45.139\homes [ 411.479312] ksmbd: init_smb2_rsp_hdr : 492 [ 411.479323] ================================================================== [ 411.479327] BUG: KASAN: slab-out-of-bounds in init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd] [ 411.479369] Read of size 16 at addr ffff888488ed0734 by task kworker/14:1/199 [ 411.479379] CPU: 14 PID: 199 Comm: kworker/14:1 Tainted: G OE 6.1.21 #3 [ 411.479386] Hardware name: ASUSTeK COMPUTER INC. Z10PA-D8 Series/Z10PA-D8 Series, BIOS 3801 08/23/2019 [ 411.479390] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] [ 411.479425] Call Trace: [ 411.479428] <TASK> [ 411.479432] dump_stack_lvl+0x49/0x63 [ 411.479444] print_report+0x171/0x4a8 [ 411.479452] ? kasan_complete_mode_report_info+0x3c/0x200 [ 411.479463] ? init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd] [ 411.479497] kasan_report+0xb4/0x130 [ 411.479503] ? init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd] [ 411.479537] kasan_check_range+0x149/0x1e0 [ 411.479543] memcpy+0x24/0x70 [ 411.479550] init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd] [ 411.479585] handle_ksmbd_work+0x109/0x760 [ksmbd] [ 411.479616] ? _raw_spin_unlock_irqrestore+0x50/0x50 [ 411.479624] ? smb3_encrypt_resp+0x340/0x340 [ksmbd] [ 411.479656] process_one_work+0x49c/0x790 [ 411.479667] worker_thread+0x2b1/0x6e0 [ 411.479674] ? process_one_work+0x790/0x790 [ 411.479680] kthread+0x177/0x1b0 [ 411.479686] ? kthread_complete_and_exit+0x30/0x30 [ 411.479692] ret_from_fork+0x22/0x30 [ 411.479702] </TASK> Fixes: 39b291b ("ksmbd: return unsupported error on smb1 mount") Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 9215360 - Browse repository at this point
Copy the full SHA 9215360View commit details -
ksmbd: avoid out of bounds access in decode_preauth_ctxt()
[ Upstream commit e7067a4 ] Confirm that the accessed pneg_ctxt->HashAlgorithms address sits within the SMB request boundary; deassemble_neg_contexts() only checks that the eight byte smb2_neg_context header + (client controlled) DataLength are within the packet boundary, which is insufficient. Checking for sizeof(struct smb2_preauth_neg_context) is overkill given that the type currently assumes SMB311_SALT_SIZE bytes of trailing Salt. Signed-off-by: David Disseldorp <ddiss@suse.de> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Cc: <stable@vger.kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 39f5b4b - Browse repository at this point
Copy the full SHA 39f5b4bView commit details -
ksmbd: set NegotiateContextCount once instead of every inc
[ Upstream commit 34e8ccf ] There are no early returns, so marshalling the incremented NegotiateContextCount with every context is unnecessary. Signed-off-by: David Disseldorp <ddiss@suse.de> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 2ca2394 - Browse repository at this point
Copy the full SHA 2ca2394View commit details -
ksmbd: avoid duplicate negotiate ctx offset increments
[ Upstream commit a12a07a ] Both pneg_ctxt and ctxt_size change in unison, with each adding the length of the previously added context, rounded up to an eight byte boundary. Drop pneg_ctxt increments and instead use the ctxt_size offset when passing output pointers to per-context helper functions. This slightly simplifies offset tracking and shaves off a few text bytes. Before (x86-64 gcc 7.5): text data bss dec hex filename 213234 8677 672 222583 36577 ksmbd.ko After: text data bss dec hex filename 213218 8677 672 222567 36567 ksmbd.ko Signed-off-by: David Disseldorp <ddiss@suse.de> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 0dbfcc3 - Browse repository at this point
Copy the full SHA 0dbfcc3View commit details -
ksmbd: remove unused compression negotiate ctx packing
[ Upstream commit af36c51 ] build_compression_ctxt() is currently unreachable due to conn.compress_algorithm remaining zero (SMB3_COMPRESS_NONE). It appears to have been broken in a couple of subtle ways over the years: - prior to d6c9ad2 ("ksmbd: use the common definitions for NEGOTIATE_PROTOCOL") smb2_compression_ctx.DataLength was set to 8, which didn't account for the single CompressionAlgorithms flexible array member. - post d6c9ad2 smb2_compression_capabilities_context CompressionAlgorithms is a three member array, while CompressionAlgorithmCount is set to indicate only one member. assemble_neg_contexts() ctxt_size is also incorrectly incremented by sizeof(struct smb2_compression_capabilities_context) + 2, which assumes one flexible array member. Signed-off-by: David Disseldorp <ddiss@suse.de> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 380a0fe - Browse repository at this point
Copy the full SHA 380a0feView commit details -
fs: introduce lock_rename_child() helper
[ Upstream commit 9bc37e0 ] Pass the dentry of a source file and the dentry of a destination directory to lock parent inodes for rename. As soon as this function returns, ->d_parent of the source file dentry is stable and inodes are properly locked for calling vfs-rename. This helper is needed for ksmbd server. rename request of SMB protocol has to rename an opened file, no matter which directory it's in. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for b31e1ef - Browse repository at this point
Copy the full SHA b31e1efView commit details -
ksmbd: fix racy issue from using ->d_parent and ->d_name
[ Upstream commit 74d7970 ] Al pointed out that ksmbd has racy issue from using ->d_parent and ->d_name in ksmbd_vfs_unlink and smb2_vfs_rename(). and use new lock_rename_child() to lock stable parent while underlying rename racy. Introduce vfs_path_parent_lookup helper to avoid out of share access and export vfs functions like the following ones to use vfs_path_parent_lookup(). - rename __lookup_hash() to lookup_one_qstr_excl(). - export lookup_one_qstr_excl(). - export getname_kernel() and putname(). vfs_path_parent_lookup() is used for parent lookup of destination file using absolute pathname given from FILE_RENAME_INFORMATION request. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 019aae4 - Browse repository at this point
Copy the full SHA 019aae4View commit details -
ksmbd: fix racy issue from session setup and logoff
[ Upstream commit f5c779b ] This racy issue is triggered by sending concurrent session setup and logoff requests. This patch does not set connection status as KSMBD_SESS_GOOD if state is KSMBD_SESS_NEED_RECONNECT in session setup. And relookup session to validate if session is deleted in logoff. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20481, ZDI-CAN-20590, ZDI-CAN-20596 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 708c304 - Browse repository at this point
Copy the full SHA 708c304View commit details -
ksmbd: destroy expired sessions
[ Upstream commit ea174a9 ] client can indefinitely send smb2 session setup requests with the SessionId set to 0, thus indefinitely spawning new sessions, and causing indefinite memory usage. This patch limit to the number of sessions using expired timeout and session state. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20478 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for a6a9601 - Browse repository at this point
Copy the full SHA a6a9601View commit details -
ksmbd: block asynchronous requests when making a delay on session setup
[ Upstream commit b096d97 ] ksmbd make a delay of 5 seconds on session setup to avoid dictionary attacks. But the 5 seconds delay can be bypassed by using asynchronous requests. This patch block all requests on current connection when making a delay on sesstion setup failure. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20482 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for dff8790 - Browse repository at this point
Copy the full SHA dff8790View commit details -
ksmbd: fix racy issue from smb2 close and logoff with multichannel
[ Upstream commit abcc506 ] When smb client send concurrent smb2 close and logoff request with multichannel connection, It can cause racy issue. logoff request free tcon and can cause UAF issues in smb2 close. When receiving logoff request with multichannel, ksmbd should wait until all remaning requests complete as well as ones in the current connection, and then make session expired. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20796 ZDI-CAN-20595 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for ae06b79 - Browse repository at this point
Copy the full SHA ae06b79View commit details -
ksmbd: fix racy issue under cocurrent smb2 tree disconnect
[ Upstream commit 3021094 ] There is UAF issue under cocurrent smb2 tree disconnect. This patch introduce TREE_CONN_EXPIRE flags for tcon to avoid cocurrent access. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20592 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for b36295c - Browse repository at this point
Copy the full SHA b36295cView commit details -
ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename()
[ Upstream commit 48b47f0 ] Uninitialized rd.delegated_inode can be used in vfs_rename(). Fix this by setting rd.delegated_inode to NULL to avoid the uninitialized read. Fixes: 74d7970 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") Reported-by: Coverity Scan <scan-admin@coverity.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for ea799dd - Browse repository at this point
Copy the full SHA ea799ddView commit details -
ksmbd: fix uninitialized pointer read in smb2_create_link()
[ Upstream commit df14afe ] There is a case that file_present is true and path is uninitialized. This patch change file_present is set to false by default and set to true when patch is initialized. Fixes: 74d7970 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") Reported-by: Coverity Scan <scan-admin@coverity.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 61a306c - Browse repository at this point
Copy the full SHA 61a306cView commit details -
ksmbd: fix multiple out-of-bounds read during context decoding
[ Upstream commit 0512a5f ] Check the remaining data length before accessing the context structure to ensure that the entire structure is contained within the packet. Additionally, since the context data length `ctxt_len` has already been checked against the total packet length `len_of_ctxts`, update the comparison to use `ctxt_len`. Cc: stable@vger.kernel.org Signed-off-by: Kuan-Ting Chen <h3xrabbit@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 19b2b9a - Browse repository at this point
Copy the full SHA 19b2b9aView commit details -
ksmbd: fix UAF issue from opinfo->conn
[ Upstream commit 3632252 ] If opinfo->conn is another connection and while ksmbd send oplock break request to cient on current connection, The connection for opinfo->conn can be disconnect and conn could be freed. When sending oplock break request, this ksmbd_conn can be used and cause user-after-free issue. When getting opinfo from the list, ksmbd check connection is being released. If it is not released, Increase ->r_count to wait that connection is freed. Cc: stable@vger.kernel.org Reported-by: Per Forlin <per.forlin@axis.com> Tested-by: Per Forlin <per.forlin@axis.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for b423dda - Browse repository at this point
Copy the full SHA b423ddaView commit details -
ksmbd: call putname after using the last component
[ Upstream commit 6fe55c2 ] last component point filename struct. Currently putname is called after vfs_path_parent_lookup(). And then last component is used for lookup_one_qstr_excl(). name in last component is freed by previous calling putname(). And It cause file lookup failure when testing generic/464 test of xfstest. Fixes: 74d7970 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 049ed0f - Browse repository at this point
Copy the full SHA 049ed0fView commit details -
ksmbd: fix out-of-bound read in deassemble_neg_contexts()
[ Upstream commit f1a4118 ] The check in the beginning is `clen + sizeof(struct smb2_neg_context) <= len_of_ctxts`, but in the end of loop, `len_of_ctxts` will subtract `((clen + 7) & ~0x7) + sizeof(struct smb2_neg_context)`, which causes integer underflow when clen does the 8 alignment. We should use `(clen + 7) & ~0x7` in the check to avoid underflow from happening. Then there are some variables that need to be declared unsigned instead of signed. [ 11.671070] BUG: KASAN: slab-out-of-bounds in smb2_handle_negotiate+0x799/0x1610 [ 11.671533] Read of size 2 at addr ffff888005e86cf2 by task kworker/0:0/7 ... [ 11.673383] Call Trace: [ 11.673541] <TASK> [ 11.673679] dump_stack_lvl+0x33/0x50 [ 11.673913] print_report+0xcc/0x620 [ 11.674671] kasan_report+0xae/0xe0 [ 11.675171] kasan_check_range+0x35/0x1b0 [ 11.675412] smb2_handle_negotiate+0x799/0x1610 [ 11.676217] ksmbd_smb_negotiate_common+0x526/0x770 [ 11.676795] handle_ksmbd_work+0x274/0x810 ... Cc: stable@vger.kernel.org Signed-off-by: Chih-Yen Chang <cc85nod@gmail.com> Tested-by: Chih-Yen Chang <cc85nod@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 4adb4fb - Browse repository at this point
Copy the full SHA 4adb4fbView commit details -
ksmbd: fix out-of-bound read in parse_lease_state()
[ Upstream commit fc6c6a3 ] This bug is in parse_lease_state, and it is caused by the missing check of `struct create_context`. When the ksmbd traverses the create_contexts, it doesn't check if the field of `NameOffset` and `Next` is valid, The KASAN message is following: [ 6.664323] BUG: KASAN: slab-out-of-bounds in parse_lease_state+0x7d/0x280 [ 6.664738] Read of size 2 at addr ffff888005c08988 by task kworker/0:3/103 ... [ 6.666644] Call Trace: [ 6.666796] <TASK> [ 6.666933] dump_stack_lvl+0x33/0x50 [ 6.667167] print_report+0xcc/0x620 [ 6.667903] kasan_report+0xae/0xe0 [ 6.668374] kasan_check_range+0x35/0x1b0 [ 6.668621] parse_lease_state+0x7d/0x280 [ 6.668868] smb2_open+0xbe8/0x4420 [ 6.675137] handle_ksmbd_work+0x282/0x820 Use smb2_find_context_vals() to find smb2 create request lease context. smb2_find_context_vals validate create context fields. Cc: stable@vger.kernel.org Reported-by: Chih-Yen Chang <cc85nod@gmail.com> Tested-by: Chih-Yen Chang <cc85nod@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 55ceeb4 - Browse repository at this point
Copy the full SHA 55ceeb4View commit details -
ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()
[ Upstream commit 2593357 ] Dan reported the following error message: fs/smb/server/smbacl.c:1296 smb_check_perm_dacl() error: 'posix_acls' dereferencing possible ERR_PTR() fs/smb/server/vfs.c:1323 ksmbd_vfs_make_xattr_posix_acl() error: 'posix_acls' dereferencing possible ERR_PTR() fs/smb/server/vfs.c:1830 ksmbd_vfs_inherit_posix_acl() error: 'acls' dereferencing possible ERR_PTR() __get_acl() returns a mix of error pointers and NULL. This change it with IS_ERR_OR_NULL(). Fixes: e2f3448 ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for ae33f07 - Browse repository at this point
Copy the full SHA ae33f07View commit details -
ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
[ Upstream commit 368ba06 ] The length field of netbios header must be greater than the SMB header sizes(smb1 or smb2 header), otherwise the packet is an invalid SMB packet. If `pdu_size` is 0, ksmbd allocates a 4 bytes chunk to `conn->request_buf`. In the function `get_smb2_cmd_val` ksmbd will read cmd from `rcv_hdr->Command`, which is `conn->request_buf + 12`, causing the KASAN detector to print the following error message: [ 7.205018] BUG: KASAN: slab-out-of-bounds in get_smb2_cmd_val+0x45/0x60 [ 7.205423] Read of size 2 at addr ffff8880062d8b50 by task ksmbd:42632/248 ... [ 7.207125] <TASK> [ 7.209191] get_smb2_cmd_val+0x45/0x60 [ 7.209426] ksmbd_conn_enqueue_request+0x3a/0x100 [ 7.209712] ksmbd_server_process_request+0x72/0x160 [ 7.210295] ksmbd_conn_handler_loop+0x30c/0x550 [ 7.212280] kthread+0x160/0x190 [ 7.212762] ret_from_fork+0x1f/0x30 [ 7.212981] </TASK> Cc: stable@vger.kernel.org Reported-by: Chih-Yen Chang <cc85nod@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for df3a451 - Browse repository at this point
Copy the full SHA df3a451View commit details -
ksmbd: validate smb request protocol id
[ Upstream commit 1c1bcf2 ] This patch add the validation for smb request protocol id. If it is not one of the four ids(SMB1_PROTO_NUMBER, SMB2_PROTO_NUMBER, SMB2_TRANSFORM_PROTO_NUM, SMB2_COMPRESSION_TRANSFORM_ID), don't allow processing the request. And this will fix the following KASAN warning also. [ 13.905265] BUG: KASAN: slab-out-of-bounds in init_smb2_rsp_hdr+0x1b9/0x1f0 [ 13.905900] Read of size 16 at addr ffff888005fd2f34 by task kworker/0:2/44 ... [ 13.908553] Call Trace: [ 13.908793] <TASK> [ 13.908995] dump_stack_lvl+0x33/0x50 [ 13.909369] print_report+0xcc/0x620 [ 13.910870] kasan_report+0xae/0xe0 [ 13.911519] kasan_check_range+0x35/0x1b0 [ 13.911796] init_smb2_rsp_hdr+0x1b9/0x1f0 [ 13.912492] handle_ksmbd_work+0xe5/0x820 Cc: stable@vger.kernel.org Reported-by: Chih-Yen Chang <cc85nod@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 0d1a3f9 - Browse repository at this point
Copy the full SHA 0d1a3f9View commit details -
ksmbd: add mnt_want_write to ksmbd vfs functions
[ Upstream commit 40b268d ] ksmbd is doing write access using vfs helpers. There are the cases that mnt_want_write() is not called in vfs helper. This patch add missing mnt_want_write() to ksmbd vfs functions. Cc: stable@vger.kernel.org Cc: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for ce95f7d - Browse repository at this point
Copy the full SHA ce95f7dView commit details -
ksmbd: remove unused ksmbd_tree_conn_share function
[ Upstream commit 7bd9f08 ] Remove unused ksmbd_tree_conn_share function. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for b657622 - Browse repository at this point
Copy the full SHA b657622View commit details -
ksmbd: use kzalloc() instead of __GFP_ZERO
[ Upstream commit f87d4f8 ] Use kzalloc() instead of __GFP_ZERO. Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 4910a79 - Browse repository at this point
Copy the full SHA 4910a79View commit details -
ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked()
[ Upstream commit cf5e7f7 ] Return a literal instead of 'err' in ksmbd_vfs_kern_path_locked(). Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 7585898 - Browse repository at this point
Copy the full SHA 7585898View commit details -
ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void
[ Upstream commit ccb5889 ] The return value of ksmbd_vfs_query_maximal_access is meaningless, it is better to modify it to void. Signed-off-by: Lu Hongfei <luhongfei@vivo.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 638043b - Browse repository at this point
Copy the full SHA 638043bView commit details -
ksmbd: use kvzalloc instead of kvmalloc
[ Upstream commit 81a94b2 ] Use kvzalloc instead of kvmalloc. Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 2222ada - Browse repository at this point
Copy the full SHA 2222adaView commit details -
ksmbd: Replace the ternary conditional operator with min()
[ Upstream commit f65fadb ] It would be better to replace the traditional ternary conditional operator with min() in compare_sids. Signed-off-by: Lu Hongfei <luhongfei@vivo.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for d91ba80 - Browse repository at this point
Copy the full SHA d91ba80View commit details -
ksmbd: fix out of bounds read in smb2_sess_setup
[ Upstream commit 98422bd ] ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first payload in the smb2_sess_setup(). Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21355 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 6763921 - Browse repository at this point
Copy the full SHA 6763921View commit details -
ksmbd: add missing compound request handing in some commands
[ Upstream commit 7b7d709 ] This patch add the compound request handling to the some commands. Existing clients do not send these commands as compound requests, but ksmbd should consider that they may come. Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 97f5c1e - Browse repository at this point
Copy the full SHA 97f5c1eView commit details -
ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()
[ Upstream commit 5211cc8 ] Prefer struct_size() over open-coded versions. Link: KSPP#160 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for d9902ad - Browse repository at this point
Copy the full SHA d9902adView commit details -
ksmbd: Replace one-element array with flexible-array member
[ Upstream commit 11d5e20 ] One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in struct smb_negotiate_req. This results in no differences in binary output. Link: KSPP#79 Link: KSPP#317 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 5f36e22 - Browse repository at this point
Copy the full SHA 5f36e22View commit details -
ksmbd: Fix unsigned expression compared with zero
[ Upstream commit 0266a2f ] The return value of the ksmbd_vfs_getcasexattr() is signed. However, the return value is being assigned to an unsigned variable and subsequently recasted, causing warnings. Use a signed type. Signed-off-by: Wang Ming <machel@vivo.com> Acked-by: Tom Talpey <tom@talpey.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for cf63b94 - Browse repository at this point
Copy the full SHA cf63b94View commit details -
ksmbd: check if a mount point is crossed during path lookup
[ Upstream commit 2b57a43 ] Since commit 74d7970 ("ksmbd: fix racy issue from using ->d_parent and ->d_name"), ksmbd can not lookup cross mount points. If last component is a cross mount point during path lookup, check if it is crossed to follow it down. And allow path lookup to cross a mount point when a crossmnt parameter is set to 'yes' in smb.conf. Cc: stable@vger.kernel.org Fixes: 74d7970 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 4a027b9 - Browse repository at this point
Copy the full SHA 4a027b9View commit details -
ksmbd: validate session id and tree id in compound request
[ Upstream commit 3df0411 ] `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound. Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21506 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 017d85c - Browse repository at this point
Copy the full SHA 017d85cView commit details -
ksmbd: fix out of bounds in init_smb2_rsp_hdr()
[ Upstream commit 536bb49 ] If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false. Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21541 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 5c0df9d - Browse repository at this point
Copy the full SHA 5c0df9dView commit details -
ksmbd: switch to use kmemdup_nul() helper
[ Upstream commit 084ba46 ] Use kmemdup_nul() helper instead of open-coding to simplify the code. Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for d7ad0ac - Browse repository at this point
Copy the full SHA d7ad0acView commit details -
ksmbd: add support for read compound
[ Upstream commit e2b76ab ] MacOS sends a compound request including read to the server (e.g. open-read-close). So far, ksmbd has not handled read as a compound request. For compatibility between ksmbd and an OS that supports SMB, This patch provides compound support for read requests. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for f228368 - Browse repository at this point
Copy the full SHA f228368View commit details -
ksmbd: fix wrong interim response on compound
[ Upstream commit 041bba4 ] If smb2_lock or smb2_open request is compound, ksmbd could send wrong interim response to client. ksmbd allocate new interim buffer instead of using resonse buffer to support compound request. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 6f02072 - Browse repository at this point
Copy the full SHA 6f02072View commit details -
ksmbd: fix
force create mode' and
force directory mode'[ Upstream commit 65656f5 ] `force create mode' and `force directory mode' should be bitwise ORed with the perms after `create mask' and `directory mask' have been applied, respectively. Signed-off-by: Atte Heikkilä <atteh.mailbox@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for e12b092 - Browse repository at this point
Copy the full SHA e12b092View commit details -
ksmbd: reduce descriptor size if remaining bytes is less than request…
… size [ Upstream commit e628bf9 ] Create 3 kinds of files to reproduce this problem. dd if=/dev/urandom of=127k.bin bs=1024 count=127 dd if=/dev/urandom of=128k.bin bs=1024 count=128 dd if=/dev/urandom of=129k.bin bs=1024 count=129 When copying files from ksmbd share to windows or cifs.ko, The following error message happen from windows client. "The file '129k.bin' is too large for the destination filesystem." We can see the error logs from ksmbd debug prints [48394.611537] ksmbd: RDMA r/w request 0x0: token 0x669d, length 0x20000 [48394.612054] ksmbd: smb_direct: RDMA write, len 0x20000, needed credits 0x1 [48394.612572] ksmbd: filename 129k.bin, offset 131072, len 131072 [48394.614189] ksmbd: nbytes 1024, offset 132096 mincount 0 [48394.614585] ksmbd: Failed to process 8 [-22] And we can reproduce it with cifs.ko, e.g. dd if=129k.bin of=/dev/null bs=128KB count=2 This problem is that ksmbd rdma return error if remaining bytes is less than Length of Buffer Descriptor V1 Structure. smb_direct_rdma_xmit() ... if (desc_buf_len == 0 || total_length > buf_len || total_length > t->max_rdma_rw_size) return -EINVAL; This patch reduce descriptor size with remaining bytes and remove the check for total_length and buf_len. Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for c5aa744 - Browse repository at this point
Copy the full SHA c5aa744View commit details -
ksmbd: Fix one kernel-doc comment
[ Upstream commit bf26f1b ] Fix one kernel-doc comment to silence the warning: fs/smb/server/smb2pdu.c:4160: warning: Excess function parameter 'infoclass_size' description in 'buffer_check_err' Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 7019440 - Browse repository at this point
Copy the full SHA 7019440View commit details -
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
[ Upstream commit 4b081ce ] If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21940 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for bd554ed - Browse repository at this point
Copy the full SHA bd554edView commit details -
ksmbd: add missing calling smb2_set_err_rsp() on error
[ Upstream commit 0e2378e ] If some error happen on smb2_sess_setup(), Need to call smb2_set_err_rsp() to set error response. This patch add missing calling smb2_set_err_rsp() on error. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 6997fa6 - Browse repository at this point
Copy the full SHA 6997fa6View commit details -
ksmbd: remove experimental warning
[ Upstream commit f506915 ] ksmbd has made significant improvements over the past two years and is regularly tested and used. Remove the experimental warning. Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for a9128c4 - Browse repository at this point
Copy the full SHA a9128c4View commit details -
ksmbd: remove unneeded mark_inode_dirty in set_info_sec()
[ Upstream commit e4e1409 ] mark_inode_dirty will be called in notify_change(). This patch remove unneeded mark_inode_dirty in set_info_sec(). Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for fbed0ad - Browse repository at this point
Copy the full SHA fbed0adView commit details -
ksmbd: fix passing freed memory 'aux_payload_buf'
[ Upstream commit 59d8d24 ] The patch e2b76ab: "ksmbd: add support for read compound" leads to the following Smatch static checker warning: fs/smb/server/smb2pdu.c:6329 smb2_read() warn: passing freed memory 'aux_payload_buf' It doesn't matter that we're passing a freed variable because nbytes is zero. This patch set "aux_payload_buf = NULL" to make smatch silence. Fixes: e2b76ab ("ksmbd: add support for read compound") Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 4a67467 - Browse repository at this point
Copy the full SHA 4a67467View commit details -
ksmbd: return invalid parameter error response if smb2 request is inv…
…alid [ Upstream commit f2f11fc ] If smb2 request from client is invalid, The following kernel oops could happen. The patch e2b76ab: "ksmbd: add support for read compound" leads this issue. When request is invalid, It doesn't set anything in the response buffer. This patch add missing set invalid parameter error response. [ 673.085542] ksmbd: cli req too short, len 184 not 142. cmd:5 mid:109 [ 673.085580] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 673.085591] #PF: supervisor read access in kernel mode [ 673.085600] #PF: error_code(0x0000) - not-present page [ 673.085608] PGD 0 P4D 0 [ 673.085620] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 673.085631] CPU: 3 PID: 1039 Comm: kworker/3:0 Not tainted 6.6.0-rc2-tmt STMicroelectronics#16 [ 673.085643] Hardware name: AZW U59/U59, BIOS JTKT001 05/05/2022 [ 673.085651] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] [ 673.085719] RIP: 0010:ksmbd_conn_write+0x68/0xc0 [ksmbd] [ 673.085808] RAX: 0000000000000000 RBX: ffff88811ade4f00 RCX: 0000000000000000 [ 673.085817] RDX: 0000000000000000 RSI: ffff88810c2a9780 RDI: ffff88810c2a9ac0 [ 673.085826] RBP: ffffc900005e3e00 R08: 0000000000000000 R09: 0000000000000000 [ 673.085834] R10: ffffffffa3168160 R11: 63203a64626d736b R12: ffff8881057c8800 [ 673.085842] R13: ffff8881057c8820 R14: ffff8882781b2380 R15: ffff8881057c8800 [ 673.085852] FS: 0000000000000000(0000) GS:ffff888278180000(0000) knlGS:0000000000000000 [ 673.085864] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 673.085872] CR2: 0000000000000000 CR3: 000000015b63c000 CR4: 0000000000350ee0 [ 673.085883] Call Trace: [ 673.085890] <TASK> [ 673.085900] ? show_regs+0x6a/0x80 [ 673.085916] ? __die+0x25/0x70 [ 673.085926] ? page_fault_oops+0x154/0x4b0 [ 673.085938] ? tick_nohz_tick_stopped+0x18/0x50 [ 673.085954] ? __irq_work_queue_local+0xba/0x140 [ 673.085967] ? do_user_addr_fault+0x30f/0x6c0 [ 673.085979] ? exc_page_fault+0x79/0x180 [ 673.085992] ? asm_exc_page_fault+0x27/0x30 [ 673.086009] ? ksmbd_conn_write+0x68/0xc0 [ksmbd] [ 673.086067] ? ksmbd_conn_write+0x46/0xc0 [ksmbd] [ 673.086123] handle_ksmbd_work+0x28d/0x4b0 [ksmbd] [ 673.086177] process_one_work+0x178/0x350 [ 673.086193] ? __pfx_worker_thread+0x10/0x10 [ 673.086202] worker_thread+0x2f3/0x420 [ 673.086210] ? _raw_spin_unlock_irqrestore+0x27/0x50 [ 673.086222] ? __pfx_worker_thread+0x10/0x10 [ 673.086230] kthread+0x103/0x140 [ 673.086242] ? __pfx_kthread+0x10/0x10 [ 673.086253] ret_from_fork+0x39/0x60 [ 673.086263] ? __pfx_kthread+0x10/0x10 [ 673.086274] ret_from_fork_asm+0x1b/0x30 Fixes: e2b76ab ("ksmbd: add support for read compound") Reported-by: Tom Talpey <tom@talpey.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 01df133 - Browse repository at this point
Copy the full SHA 01df133View commit details -
ksmbd: check iov vector index in ksmbd_conn_write()
[ Upstream commit 73f949e ] If ->iov_idx is zero, This means that the iov vector for the response was not added during the request process. In other words, it means that there is a problem in generating a response, So this patch return as an error to avoid NULL pointer dereferencing problem. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for b9a3e45 - Browse repository at this point
Copy the full SHA b9a3e45View commit details -
ksmbd: fix race condition between session lookup and expire
[ Upstream commit 53ff5cf ] Thread A + Thread B ksmbd_session_lookup | smb2_sess_setup sess = xa_load | | | xa_erase(&conn->sessions, sess->id); | | ksmbd_session_destroy(sess) --> kfree(sess) | // UAF! | sess->last_active = jiffies | + This patch add rwsem to fix race condition between ksmbd_session_lookup and ksmbd_expire_session. Reported-by: luosili <rootlab@huawei.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for c77fd3e - Browse repository at this point
Copy the full SHA c77fd3eView commit details -
ksmbd: fix race condition with fp
[ Upstream commit 5a7ee91 ] fp can used in each command. If smb2_close command is coming at the same time, UAF issue can happen by race condition. Time + Thread A | Thread B1 B2 .... B5 smb2_open | smb2_close | __open_id | insert fp to file_table | | | atomic_dec_and_test(&fp->refcount) | if fp->refcount == 0, free fp by kfree. // UAF! | use fp | + This patch add f_state not to use freed fp is used and not to free fp in use. Reported-by: luosili <rootlab@huawei.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for f99d5d1 - Browse repository at this point
Copy the full SHA f99d5d1View commit details -
ksmbd: fix race condition from parallel smb2 logoff requests
[ Upstream commit 7ca9da7 ] If parallel smb2 logoff requests come in before closing door, running request count becomes more than 1 even though connection status is set to KSMBD_SESS_NEED_RECONNECT. It can't get condition true, and sleep forever. This patch fix race condition problem by returning error if connection status was already set to KSMBD_SESS_NEED_RECONNECT. Reported-by: luosili <rootlab@huawei.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 50e1393 - Browse repository at this point
Copy the full SHA 50e1393View commit details -
ksmbd: fix race condition from parallel smb2 lock requests
[ Upstream commit 75ac9a3 ] There is a race condition issue between parallel smb2 lock request. Time + Thread A | Thread A smb2_lock | smb2_lock | insert smb_lock to lock_list | spin_unlock(&work->conn->llist_lock) | | | spin_lock(&conn->llist_lock); | kfree(cmp_lock); | // UAF! | list_add(&smb_lock->llist, &rollback_list) + This patch swaps the line for adding the smb lock to the rollback list and adding the lock list of connection to fix the race issue. Reported-by: luosili <rootlab@huawei.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 0901be8 - Browse repository at this point
Copy the full SHA 0901be8View commit details -
ksmbd: fix race condition between tree conn lookup and disconnect
[ Upstream commit 33b235a ] if thread A in smb2_write is using work-tcon, other thread B use smb2_tree_disconnect free the tcon, then thread A will use free'd tcon. Time + Thread A | Thread A smb2_write | smb2_tree_disconnect | | | kfree(tree_conn) | // UAF! | work->tcon->share_conf | + This patch add state, reference count and lock for tree conn to fix race condition issue. Reported-by: luosili <rootlab@huawei.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for dd45db4 - Browse repository at this point
Copy the full SHA dd45db4View commit details -
ksmbd: fix wrong error response status by using set_smb2_rsp_status()
[ Upstream commit be0f89d ] set_smb2_rsp_status() after __process_request() sets the wrong error status. This patch resets all iov vectors and sets the error status on clean one. Fixes: e2b76ab ("ksmbd: add support for read compound") Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 4b9b7ea - Browse repository at this point
Copy the full SHA 4b9b7eaView commit details -
ksmbd: fix Null pointer dereferences in ksmbd_update_fstate()
[ Upstream commit 4148490 ] Coverity Scan report the following one. This report is a false alarm. Because fp is never NULL when rc is zero. This patch add null check for fp in ksmbd_update_fstate to make alarm silence. *** CID 1568583: Null pointer dereferences (FORWARD_NULL) /fs/smb/server/smb2pdu.c: 3408 in smb2_open() 3402 path_put(&path); 3403 path_put(&parent_path); 3404 } 3405 ksmbd_revert_fsids(work); 3406 err_out1: 3407 if (!rc) { >>> CID 1568583: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "fp" to "ksmbd_update_fstate", which dereferences it. 3408 ksmbd_update_fstate(&work->sess->file_table, fp, FP_INITED); 3409 rc = ksmbd_iov_pin_rsp(work, (void *)rsp, iov_len); 3410 } 3411 if (rc) { 3412 if (rc == -EINVAL) 3413 rsp->hdr.Status = STATUS_INVALID_PARAMETER; Fixes: e2b76ab ("ksmbd: add support for read compound") Reported-by: Coverity Scan <scan-admin@coverity.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for ef435de - Browse repository at this point
Copy the full SHA ef435deView commit details -
ksmbd: fix potential double free on smb2_read_pipe() error path
[ Upstream commit 1903e6d ] Fix new smatch warnings: fs/smb/server/smb2pdu.c:6131 smb2_read_pipe() error: double free of 'rpc_resp' Fixes: e2b76ab ("ksmbd: add support for read compound") Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for fab0175 - Browse repository at this point
Copy the full SHA fab0175View commit details -
ksmbd: Remove unused field in ksmbd_user struct
[ Upstream commit eacc655 ] fs/smb/server/mgmt/user_config.h:21: Remove the unused field 'failed_login_count' from the ksmbd_user struct. Signed-off-by: Cheng-Han Wu <hank20010209@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 845837f - Browse repository at this point
Copy the full SHA 845837fView commit details -
ksmbd: reorganize ksmbd_iov_pin_rsp()
[ Upstream commit 1819a90 ] If ksmbd_iov_pin_rsp fail, io vertor should be rollback. This patch moves memory allocations to before setting the io vector to avoid rollbacks. Fixes: e2b76ab ("ksmbd: add support for read compound") Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for df79244 - Browse repository at this point
Copy the full SHA df79244View commit details -
ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr()
[ Upstream commit 3354db6 ] Fix argument list that the kdoc format and script verified in ksmbd_vfs_setxattr(). fs/smb/server/vfs.c:929: warning: Function parameter or member 'path' not described in 'ksmbd_vfs_setxattr' Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for f30a2ff - Browse repository at this point
Copy the full SHA f30a2ffView commit details -
ksmbd: fix recursive locking in vfs helpers
[ Upstream commit 807252f ] Running smb2.rename test from Samba smbtorture suite against a kernel built with lockdep triggers a "possible recursive locking detected" warning. This is because mnt_want_write() is called twice with no mnt_drop_write() in between: -> ksmbd_vfs_mkdir() -> ksmbd_vfs_kern_path_create() -> kern_path_create() -> filename_create() -> mnt_want_write() -> mnt_want_write() Fix this by removing the mnt_want_write/mnt_drop_write calls from vfs helpers that call kern_path_create(). Full lockdep trace below: ============================================ WARNING: possible recursive locking detected 6.6.0-rc5 torvalds#775 Not tainted -------------------------------------------- kworker/1:1/32 is trying to acquire lock: ffff888005ac83f8 (sb_writers#5){.+.+}-{0:0}, at: ksmbd_vfs_mkdir+0xe1/0x410 but task is already holding lock: ffff888005ac83f8 (sb_writers#5){.+.+}-{0:0}, at: filename_create+0xb6/0x260 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(sb_writers#5); lock(sb_writers#5); *** DEADLOCK *** May be due to missing lock nesting notation 4 locks held by kworker/1:1/32: #0: ffff8880064e4138 ((wq_completion)ksmbd-io){+.+.}-{0:0}, at: process_one_work+0x40e/0x980 #1: ffff888005b0fdd0 ((work_completion)(&work->work)){+.+.}-{0:0}, at: process_one_work+0x40e/0x980 #2: ffff888005ac83f8 (sb_writers#5){.+.+}-{0:0}, at: filename_create+0xb6/0x260 #3: ffff8880057ce760 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: filename_create+0x123/0x260 Cc: stable@vger.kernel.org Fixes: 40b268d ("ksmbd: add mnt_want_write to ksmbd vfs functions") Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 20b4f6b - Browse repository at this point
Copy the full SHA 20b4f6bView commit details -
ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_c…
…apable_netdev() [ Upstream commit ecce70c ] Physical ib_device does not have an underlying net_device, thus its association with IPoIB net_device cannot be retrieved via ops.get_netdev() or ib_device_get_by_netdev(). ksmbd reads physical ib_device port GUID from the lower 16 bytes of the hardware addresses on IPoIB net_device and match its underlying ib_device using ib_find_gid() Signed-off-by: Kangjing Huang <huangkangjing@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Tom Talpey <tom@talpey.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 0eaeb8a - Browse repository at this point
Copy the full SHA 0eaeb8aView commit details -
ksmbd: add support for surrogate pair conversion
[ Upstream commit 0c18031 ] ksmbd is missing supporting to convert filename included surrogate pair characters. It triggers a "file or folder does not exist" error in Windows client. [Steps to Reproduce for bug] 1. Create surrogate pair file touch $(echo -e '\xf0\x9d\x9f\xa3') touch $(echo -e '\xf0\x9d\x9f\xa4') 2. Try to open these files in ksmbd share through Windows client. This patch update unicode functions not to consider about surrogate pair (and IVS). Reviewed-by: Marios Makassikis <mmakassikis@freebox.fr> Tested-by: Marios Makassikis <mmakassikis@freebox.fr> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 841bcad - Browse repository at this point
Copy the full SHA 841bcadView commit details -
ksmbd: no need to wait for binded connection termination at logoff
[ Upstream commit 67797da ] The connection could be binded to the existing session for Multichannel. session will be destroyed when binded connections are released. So no need to wait for that's connection at logoff. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 3fecda5 - Browse repository at this point
Copy the full SHA 3fecda5View commit details -
ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked()
[ Upstream commit f604971 ] Fix argument list that the kdoc format and script verified in ksmbd_vfs_kern_path_locked(). fs/smb/server/vfs.c:1207: warning: Function parameter or member 'parent_path' not described in 'ksmbd_vfs_kern_path_locked' Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 1f50c41 - Browse repository at this point
Copy the full SHA 1f50c41View commit details -
ksmbd: handle malformed smb1 message
[ Upstream commit 5a5409d ] If set_smb1_rsp_status() is not implemented, It will cause NULL pointer dereferece error when client send malformed smb1 message. This patch add set_smb1_rsp_status() to ignore malformed smb1 message. Cc: stable@vger.kernel.org Reported-by: Robert Morris <rtm@csail.mit.edu> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 8dc9eb7 - Browse repository at this point
Copy the full SHA 8dc9eb7View commit details -
ksmbd: prevent memory leak on error return
[ Upstream commit 9004448 ] When allocated memory for 'new' failed,just return will cause memory leak of 'ar'. Fixes: 1819a90 ("ksmbd: reorganize ksmbd_iov_pin_rsp()") Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <error27@gmail.com> Closes: https://lore.kernel.org/r/202311031837.H3yo7JVl-lkp@intel.com/ Signed-off-by: Zongmin Zhou<zhouzongmin@kylinos.cn> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for ae3356c - Browse repository at this point
Copy the full SHA ae3356cView commit details -
ksmbd: fix possible deadlock in smb2_open
[ Upstream commit 864fb5d ] [ 8743.393379] ====================================================== [ 8743.393385] WARNING: possible circular locking dependency detected [ 8743.393391] 6.4.0-rc1+ #11 Tainted: G OE [ 8743.393397] ------------------------------------------------------ [ 8743.393402] kworker/0:2/12921 is trying to acquire lock: [ 8743.393408] ffff888127a14460 (sb_writers#8){.+.+}-{0:0}, at: ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd] [ 8743.393510] but task is already holding lock: [ 8743.393515] ffff8880360d97f0 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: ksmbd_vfs_kern_path_locked+0x181/0x670 [ksmbd] [ 8743.393618] which lock already depends on the new lock. [ 8743.393623] the existing dependency chain (in reverse order) is: [ 8743.393628] -> #1 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}: [ 8743.393648] down_write_nested+0x9a/0x1b0 [ 8743.393660] filename_create+0x128/0x270 [ 8743.393670] do_mkdirat+0xab/0x1f0 [ 8743.393680] __x64_sys_mkdir+0x47/0x60 [ 8743.393690] do_syscall_64+0x5d/0x90 [ 8743.393701] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 8743.393711] -> #0 (sb_writers#8){.+.+}-{0:0}: [ 8743.393728] __lock_acquire+0x2201/0x3b80 [ 8743.393737] lock_acquire+0x18f/0x440 [ 8743.393746] mnt_want_write+0x5f/0x240 [ 8743.393755] ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd] [ 8743.393839] ksmbd_vfs_set_dos_attrib_xattr+0xcc/0x110 [ksmbd] [ 8743.393924] compat_ksmbd_vfs_set_dos_attrib_xattr+0x39/0x50 [ksmbd] [ 8743.394010] smb2_open+0x3432/0x3cc0 [ksmbd] [ 8743.394099] handle_ksmbd_work+0x2c9/0x7b0 [ksmbd] [ 8743.394187] process_one_work+0x65a/0xb30 [ 8743.394198] worker_thread+0x2cf/0x700 [ 8743.394209] kthread+0x1ad/0x1f0 [ 8743.394218] ret_from_fork+0x29/0x50 This patch add mnt_want_write() above parent inode lock and remove nested mnt_want_write calls in smb2_open(). Fixes: 40b268d ("ksmbd: add mnt_want_write to ksmbd vfs functions") Cc: stable@vger.kernel.org Reported-by: Marios Makassikis <mmakassikis@freebox.fr> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 8ed1118 - Browse repository at this point
Copy the full SHA 8ed1118View commit details -
ksmbd: separately allocate ci per dentry
[ Upstream commit 4274a9d ] xfstests generic/002 test fail when enabling smb2 leases feature. This test create hard link file, but removeal failed. ci has a file open count to count file open through the smb client, but in the case of hard link files, The allocation of ci per inode cause incorrectly open count for file deletion. This patch allocate ci per dentry to counts open counts for hard link. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 772d81a - Browse repository at this point
Copy the full SHA 772d81aView commit details -
ksmbd: move oplock handling after unlock parent dir
[ Upstream commit 2e45092 ] ksmbd should process secound parallel smb2 create request during waiting oplock break ack. parent lock range that is too large in smb2_open() causes smb2_open() to be serialized. Move the oplock handling to the bottom of smb2_open() and make it called after parent unlock. This fixes the failure of smb2.lease.breaking1 testcase. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for c21d044 - Browse repository at this point
Copy the full SHA c21d044View commit details -
ksmbd: release interim response after sending status pending response
[ Upstream commit 2a3f785 ] Add missing release async id and delete interim response entry after sending status pending response. This only cause when smb2 lease is enable. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 5e1f313 - Browse repository at this point
Copy the full SHA 5e1f313View commit details -
ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId
[ Upstream commit 9ac45ac ] Directly set SMB2_FLAGS_ASYNC_COMMAND flags and AsyncId in smb2 header of interim response instead of current response header. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for bd47f9c - Browse repository at this point
Copy the full SHA bd47f9cView commit details -
ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error
[ Upstream commit cd80ce7 ] ksmbd set ->op_state as OPLOCK_STATE_NONE on lease break ack error. op_state of lease should not be updated because client can send lease break ack again. This patch fix smb2.lease.breaking2 test failure. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 811b5ea - Browse repository at this point
Copy the full SHA 811b5eaView commit details -
Revert "drm/bridge: lt9611uxc: fix the race in the error path"
This reverts commit d0d01bb. This and the dependent fixes broke display on RB5. Signed-off-by: Amit Pundir <amit.pundir@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for e21817c - Browse repository at this point
Copy the full SHA e21817cView commit details -
Revert "drm/bridge: lt9611uxc: Register and attach our DSI device at …
…probe" This reverts commit 29aba28. This and the dependent fixes broke display on RB5. Signed-off-by: Amit Pundir <amit.pundir@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 4a8350a - Browse repository at this point
Copy the full SHA 4a8350aView commit details -
Revert "drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers"
This reverts commit f53a045. This and the dependent fixes broke display on RB5. Signed-off-by: Amit Pundir <amit.pundir@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for 7aa33c9 - Browse repository at this point
Copy the full SHA 7aa33c9View commit details -
tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
commit b022f0c upstream. When a kprobe is attached to a function that's name is not unique (is static and shares the name with other functions in the kernel), the kprobe is attached to the first function it finds. This is a bug as the function that it is attaching to is not necessarily the one that the user wants to attach to. Instead of blindly picking a function to attach to what is ambiguous, error with EADDRNOTAVAIL to let the user know that this function is not unique, and that the user must use another unique function with an address offset to get to the function they want to attach to. Link: https://lore.kernel.org/all/20231020104250.9537-2-flaniel@linux.microsoft.com/ Cc: stable@vger.kernel.org Fixes: 413d37d ("tracing: Add kprobe-based event tracer") Suggested-by: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com> Link: https://lore.kernel.org/lkml/20230819101105.b0c104ae4494a7d1f2eea742@kernel.org/ Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for f30f893 - Browse repository at this point
Copy the full SHA f30f893View commit details -
kasan: disable kasan_non_canonical_hook() for HW tags
commit 17c1756 upstream. On arm64, building with CONFIG_KASAN_HW_TAGS now causes a compile-time error: mm/kasan/report.c: In function 'kasan_non_canonical_hook': mm/kasan/report.c:637:20: error: 'KASAN_SHADOW_OFFSET' undeclared (first use in this function) 637 | if (addr < KASAN_SHADOW_OFFSET) | ^~~~~~~~~~~~~~~~~~~ mm/kasan/report.c:637:20: note: each undeclared identifier is reported only once for each function it appears in mm/kasan/report.c:640:77: error: expected expression before ';' token 640 | orig_addr = (addr - KASAN_SHADOW_OFFSET) << KASAN_SHADOW_SCALE_SHIFT; This was caused by removing the dependency on CONFIG_KASAN_INLINE that used to prevent this from happening. Use the more specific dependency on KASAN_SW_TAGS || KASAN_GENERIC to only ignore the function for hwasan mode. Link: https://lkml.kernel.org/r/20231016200925.984439-1-arnd@kernel.org Fixes: 12ec6a9 ("kasan: print the original fault addr when access invalid shadow") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Cc: Alexander Potapenko <glider@google.com> Cc: Andrey Konovalov <andreyknvl@gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Haibo Li <haibo.li@mediatek.com> Cc: Kees Cook <keescook@chromium.org> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> Cc: Matthias Brugger <matthias.bgg@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Amit Pundir <amit.pundir@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for ee41f66 - Browse repository at this point
Copy the full SHA ee41f66View commit details -
Link: https://lore.kernel.org/r/20231220160931.251686445@linuxfoundation.org Tested-by: Florian Fainelli <florian.fainelli@broadcom.com> Tested-by: Allen Pais <apais@linux.microsoft.com> Tested-by: Shuah Khan <skhan@linuxfoundation.org> Tested-by: Namjae Jeon <linkinjeon@kernel.org> Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> Tested-by: Ron Economos <re@w6rz.net> Tested-by: Guenter Roeck <linux@roeck-us.net> Tested-by: SeongJae Park <sj@kernel.org> Tested-by: Jon Hunter <jonathanh@nvidia.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Configuration menu - View commit details
-
Copy full SHA for d93fa2c - Browse repository at this point
Copy the full SHA d93fa2cView commit details
Commits on Dec 31, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 7733190 - Browse repository at this point
Copy the full SHA 7733190View commit details -
Configuration menu - View commit details
-
Copy full SHA for b55db17 - Browse repository at this point
Copy the full SHA b55db17View commit details
Commits on Jan 1, 2024
-
Configuration menu - View commit details
-
Copy full SHA for a800888 - Browse repository at this point
Copy the full SHA a800888View commit details
Commits on Jan 10, 2024
-
The cpu RGMII port is now working. Need to pull out debug code and ma…
…ke sure bridging is working properly. Note tags are disabled in this version, and a lot of register values are hacked in.
Configuration menu - View commit details
-
Copy full SHA for ea0993a - Browse repository at this point
Copy the full SHA ea0993aView commit details -
Configuration menu - View commit details
-
Copy full SHA for fc8c491 - Browse repository at this point
Copy the full SHA fc8c491View commit details
Commits on Jan 21, 2024
-
Checkpointing here as the port-based vlans are working on the driver …
…level. Still need to test if they are maintained through port enables/disables. Also need to do lots of cleanup, there's a lot a test code in there.
Configuration menu - View commit details
-
Copy full SHA for 4b78427 - Browse repository at this point
Copy the full SHA 4b78427View commit details -
Configuration menu - View commit details
-
Copy full SHA for 608bb0f - Browse repository at this point
Copy the full SHA 608bb0fView commit details
Commits on Jan 22, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 4e22902 - Browse repository at this point
Copy the full SHA 4e22902View commit details
Commits on Jan 25, 2024
-
On powerup, cpu has no headers / imp has headers. PVLANs all set to zero (no connections between ports) Port0-Port4 PHY and MACs disabled.
Configuration menu - View commit details
-
Copy full SHA for bb74c15 - Browse repository at this point
Copy the full SHA bb74c15View commit details -
Configuration menu - View commit details
-
Copy full SHA for 31ad629 - Browse repository at this point
Copy the full SHA 31ad629View commit details
Commits on Jan 26, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 2ab6c9f - Browse repository at this point
Copy the full SHA 2ab6c9fView commit details
Commits on Feb 9, 2024
-
Add brcm header enable/disable for imp port only in sysfs. Enable VLA…
…Ns for all ports.
Configuration menu - View commit details
-
Copy full SHA for e0c75f1 - Browse repository at this point
Copy the full SHA e0c75f1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6714729 - Browse repository at this point
Copy the full SHA 6714729View commit details
Commits on Feb 12, 2024
-
Configuration menu - View commit details
-
Copy full SHA for efbebbe - Browse repository at this point
Copy the full SHA efbebbeView commit details
Commits on Feb 20, 2024
-
Add code to read BCM53154 device tree and properly set RGMII internal…
… delays. Version 5.15.107-datum.6
Configuration menu - View commit details
-
Copy full SHA for b0d3395 - Browse repository at this point
Copy the full SHA b0d3395View commit details
Commits on Feb 21, 2024
-
Add imp port back into netdev. This will allow us to gather statistic…
…s, monitor RMGII link status, etc. Version 5.15.107-datum.7
Configuration menu - View commit details
-
Copy full SHA for 57c45cc - Browse repository at this point
Copy the full SHA 57c45ccView commit details
Commits on Feb 23, 2024
-
Merge tag 'v5.15.145' into v5.15-stm32mp
This is the 5.15.145 stable release Change-Id: Icd0edfb48d6719f05c7ce79ee1fa76a280a93fc5
Configuration menu - View commit details
-
Copy full SHA for 6c4b3db - Browse repository at this point
Copy the full SHA 6c4b3dbView commit details -
serial: stm32: Ignore return value of uart_remove_one_port() in .remo…
…ve() Returning early from stm32_usart_serial_remove() results in a resource leak as several cleanup functions are not called. The driver core ignores the return value and there is no possibility to clean up later. uart_remove_one_port() only returns non-zero if there is some inconsistency (i.e. stm32_usart_driver.state[port->line].uart_port == NULL). This should never happen, and even if it does it's a bad idea to exit early in the remove callback without cleaning up. This prepares changing the prototype of struct platform_driver::remove to return void. See commit 5c5a768 ("platform: Provide a remove callback that returns no value") for further details about this quest. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Link: https://lore.kernel.org/r/20230512173810.131447-2-u.kleine-koenig@pengutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Change-Id: If141ed3467082ece0015da2d2e857e4e2f97b188 Signed-off-by: Deepak Kumar <deepak.kumar01@st.com> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/340822 Reviewed-by: Amelie DELAUNAY <amelie.delaunay@foss.st.com> Domain-Review: Amelie DELAUNAY <amelie.delaunay@foss.st.com> Reviewed-by: Valentin CARON <valentin.caron@foss.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com>
Configuration menu - View commit details
-
Copy full SHA for 9c6093f - Browse repository at this point
Copy the full SHA 9c6093fView commit details -
crypto: stm32/cryp - add CRYPTO_ALG_KERN_DRIVER_ONLY flag
This flag is needed to make the driver visible from openssl and cryptodev. Change-Id: I8a992d369d58effd62ff0bc1f0c073478e1c34a0 Signed-off-by: Maxime Méré <maxime.mere@st.com> Signed-off-by: Amit MITTAL <amit.mittal@st.com> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/345343 Reviewed-by: Maxime MERE <maxime.mere@foss.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Domain-Review: Yann GAUTIER <yann.gautier@foss.st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> Reviewed-by: Yann GAUTIER <yann.gautier@foss.st.com>
Configuration menu - View commit details
-
Copy full SHA for 6f13fad - Browse repository at this point
Copy the full SHA 6f13fadView commit details -
spi: stm32: fix Overrun issue at < 8bpw
When SPI communication is suspended by hardware automatically, it could happen that few bits of next frame are already clocked out due to internal synchronization delay. To achieve a safe suspension, we need to ensure that each word must be at least 8 SPI clock cycles long. That's why, if bpw is less than 8 bits, we need to use midi to reach 8 SPI clock cycles at least. This will ensure that each word achieve safe suspension and prevent overrun condition. Change-Id: I1371d0020230b9a98fdf60e2a3bca8f74a147343 Signed-off-by: Deepak Kumar <deepak.kumar01@st.com> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/355224 Domain-Review: Amelie DELAUNAY <amelie.delaunay@foss.st.com> Reviewed-by: Amelie DELAUNAY <amelie.delaunay@foss.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com>
Configuration menu - View commit details
-
Copy full SHA for 8550ec0 - Browse repository at this point
Copy the full SHA 8550ec0View commit details -
ARM: configs: enable USB_HIDDEV in fragment-02-multiv7_addons.config
Enable devices with a separate event interface on /dev/usb/hiddevX Change-Id: I42242a321efbf8cdf2ab070616b643eadff441d3 Signed-off-by: Rahul Kumar <rahul.kumar05@st.com> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/355227 Domain-Review: Fabrice GASNIER <fabrice.gasnier@foss.st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Reviewed-by: Fabrice GASNIER <fabrice.gasnier@foss.st.com>
Configuration menu - View commit details
-
Copy full SHA for 82e6132 - Browse repository at this point
Copy the full SHA 82e6132View commit details
Commits on Mar 2, 2024
-
Allow jumbo frame configuration on a per-port basis. Initialise PVLAN…
… vectors for each port to include self on driver init.
Configuration menu - View commit details
-
Copy full SHA for 060a108 - Browse repository at this point
Copy the full SHA 060a108View commit details
Commits on Mar 11, 2024
-
hwrng: stm32 - move max RNG clock rate to compatible data
The max_clock_rate should be moved to compatible data to adapt the constraint to the different platforms. STM32MP13 constraint is updated to 48MHz as it has been NIST-certified this way. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Change-Id: I472ac68a8d3670fe1a7c082036011b53bb9a9b47 Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/359566 Tested-by: Amit MITTAL <amit.mittal@st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> Reviewed-by: Yann GAUTIER <yann.gautier@foss.st.com> Domain-Review: Yann GAUTIER <yann.gautier@foss.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Reviewed-by: Gatien CHEVALLIER <gatien.chevallier@st.com>
Configuration menu - View commit details
-
Copy full SHA for abb8819 - Browse repository at this point
Copy the full SHA abb8819View commit details -
hwrng: stm32 - update STM32MP15 max RNG clock frequency
RNG max clock frequency can be updated to 48MHz according to latest tests. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Change-Id: I04c4242e051fe60bf2ff8edfdbff523743ff4298 Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/359567 ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Reviewed-by: Gatien CHEVALLIER <gatien.chevallier@st.com> Domain-Review: Yann GAUTIER <yann.gautier@foss.st.com> Tested-by: Amit MITTAL <amit.mittal@st.com> Reviewed-by: Yann GAUTIER <yann.gautier@foss.st.com>
Configuration menu - View commit details
-
Copy full SHA for d420da6 - Browse repository at this point
Copy the full SHA d420da6View commit details
Commits on Mar 21, 2024
-
hwrng: stm32 - fix clock division application
Fix clock division application that was not shifted, corrupting the configuration register. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Change-Id: I0594f5343e9e2ee541951b26b6930e1f11b006b2 Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/315194 ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> Reviewed-by: Yann GAUTIER <yann.gautier@foss.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Domain-Review: Yann GAUTIER <yann.gautier@foss.st.com> Tested-by: Sandhya SHARMA <sandhya.sharma@st.com> Reviewed-by: Gatien CHEVALLIER <gatien.chevallier@st.com>
Configuration menu - View commit details
-
Copy full SHA for aad8be7 - Browse repository at this point
Copy the full SHA aad8be7View commit details -
hwrng: stm32 - use devm_platform_get_and_ioremap_resource() API
Use devm_platform_get_and_ioremap_resource() to get and ioremap a resource. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Change-Id: I4a2067ace1074af11ab0da16ae0d263b5a5edff6 Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/367168 Domain-Review: Yann GAUTIER <yann.gautier@foss.st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Reviewed-by: Gatien CHEVALLIER <gatien.chevallier@st.com> Reviewed-by: Yann GAUTIER <yann.gautier@foss.st.com> Tested-by: Sandhya SHARMA <sandhya.sharma@st.com>
Configuration menu - View commit details
-
Copy full SHA for ff85423 - Browse repository at this point
Copy the full SHA ff85423View commit details -
hwrng: stm32 - implement error concealment
The RNG driver should be capable of recovering from an error. Implement an error concealment API. This avoids irrecoverable RNG state. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Change-Id: Idddc08f6a35b67cdeb26ed37a3020d444d6f8231 Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/367169 Reviewed-by: Yann GAUTIER <yann.gautier@foss.st.com> Domain-Review: Yann GAUTIER <yann.gautier@foss.st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Tested-by: Sandhya SHARMA <sandhya.sharma@st.com> Reviewed-by: Gatien CHEVALLIER <gatien.chevallier@st.com>
Configuration menu - View commit details
-
Copy full SHA for 24b67f8 - Browse repository at this point
Copy the full SHA 24b67f8View commit details -
hwrng: stm32 - rework error handling in stm32_rng_read()
Try to conceal seed errors when possible. If, despite the error concealing tries, a seed error is still present, then return an error. A clock error does not compromise the hardware block and data can still be read from RNG_DR. Just warn that the RNG clock is too slow and clear RNG_SR. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Change-Id: If018a0aae6011585a7772dd13c4969978d84b801 Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/367170 ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> Tested-by: Sandhya SHARMA <sandhya.sharma@st.com> Reviewed-by: Yann GAUTIER <yann.gautier@foss.st.com> Reviewed-by: Gatien CHEVALLIER <gatien.chevallier@st.com> Domain-Review: Yann GAUTIER <yann.gautier@foss.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com>
Configuration menu - View commit details
-
Copy full SHA for a523673 - Browse repository at this point
Copy the full SHA a523673View commit details -
hwrng: stm32 - add missing clk_disable_unprepare() in stm32_rng_init()
Add clk_disable_unprepare() in the error path in stm32_rng_init(). Fixes: 6b85a7e ("hwrng: stm32 - implement STM32MP13x support") Change-Id: I8adf5d5f2e8fa35055fecaf6ddd03c84e6e954e2 Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/367184 Tested-by: Sandhya SHARMA <sandhya.sharma@st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Reviewed-by: Gatien CHEVALLIER <gatien.chevallier@st.com> Domain-Review: Gatien CHEVALLIER <gatien.chevallier@st.com>
Configuration menu - View commit details
-
Copy full SHA for d41acc7 - Browse repository at this point
Copy the full SHA d41acc7View commit details
Commits on Mar 25, 2024
-
Change mpc9902 driver timeout to update on i2c bus when 30 ms stale, …
…not 2 seconds. Add mutex between i2c devices and spi Broadcom switch to use a mutex to lock access to the schematic error that links the clock pins on i2c3 and spi2.
Configuration menu - View commit details
-
Copy full SHA for 7b3affd - Browse repository at this point
Copy the full SHA 7b3affdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 90c3e26 - Browse repository at this point
Copy the full SHA 90c3e26View commit details
Commits on Apr 13, 2024
-
Change phy polling interval and temp sensor memory time to increash s…
…pi/i2c actrivity in an attempt to get the spi crash to occur more often.
Configuration menu - View commit details
-
Copy full SHA for eed87eb - Browse repository at this point
Copy the full SHA eed87ebView commit details
Commits on Apr 15, 2024
-
Configuration menu - View commit details
-
Copy full SHA for a49bf76 - Browse repository at this point
Copy the full SHA a49bf76View commit details
Commits on Apr 17, 2024
-
Checkpoint commit. less likely, but spi crash still happens. Put in c…
…ode to insure the device using the bus is asleep before releasing mutex.
Configuration menu - View commit details
-
Copy full SHA for aeebc89 - Browse repository at this point
Copy the full SHA aeebc89View commit details
Commits on Apr 18, 2024
-
Fix the i2c bus device pm_runtime devices. Add debugging. Use pm_runt…
…ime_suspended() instead of pm_runtime_active to exclude states where device is becoming active or becoming suspended.
Configuration menu - View commit details
-
Copy full SHA for fc02f3d - Browse repository at this point
Copy the full SHA fc02f3dView commit details
Commits on Apr 19, 2024
-
Clean up mutex handling and use correct PM device for B53 driver. Sti…
…ll has the problem.
Configuration menu - View commit details
-
Copy full SHA for 09fc103 - Browse repository at this point
Copy the full SHA 09fc103View commit details
Commits on Apr 20, 2024
-
Change use of datum_b53_spi_mutex in the b53 switch driver to only lo…
…ck and unlock the mutex during a complete read or write transaction. Each read/write transaction contains multiple SPI bus accesses.
Configuration menu - View commit details
-
Copy full SHA for 734aeea - Browse repository at this point
Copy the full SHA 734aeeaView commit details
Commits on Apr 21, 2024
-
User correct device in ina2xx driver to wait for powerdown. Remove so…
…me debug code. This appears to work, need to setup the pm autodisable for only the spi/i2c busses with the problem, then separate the i2c drivers into unmodified for the m7xc and modified for the t7xc.
Configuration menu - View commit details
-
Copy full SHA for dc26a92 - Browse repository at this point
Copy the full SHA dc26a92View commit details -
Remove most debugging output. Still need to retore phy poll interval …
…and i2c device memory (only use i2c if timer expired).
Configuration menu - View commit details
-
Copy full SHA for aa8953c - Browse repository at this point
Copy the full SHA aa8953cView commit details -
v5.15.107-datum.10-eng.4: Duplicate and separate I2C ina2xx and mcp99…
…02 drivers into those that supports I2C/SPI clock short and those that don't. Needed for one kernel to support both the T7XC and M7XC. This version still has increased BR53134, INA2236 and MCP9902 bus activity for testing.
Configuration menu - View commit details
-
Copy full SHA for 3c0fe67 - Browse repository at this point
Copy the full SHA 3c0fe67View commit details -
v4.15.107-datum.10-eng.5: Tweak the mcp9902-datum driver reg reads to…
… only grab/release the mutex once during multiple register reads.
Configuration menu - View commit details
-
Copy full SHA for 88b2936 - Browse repository at this point
Copy the full SHA 88b2936View commit details -
v5.15.107-datum.10: Remove extra bus activity for mcp9902 and spi phy…
… driver. Ready for release.
Configuration menu - View commit details
-
Copy full SHA for 6217f32 - Browse repository at this point
Copy the full SHA 6217f32View commit details
Commits on Jun 24, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 6581dd9 - Browse repository at this point
Copy the full SHA 6581dd9View commit details
Commits on Jun 26, 2024
-
Add sysfs control or enabling/disabling mutex check for the SPI2/I2C3…
… clock net short error in the DSS23-001 (rev A/B) PCBs. Will be used to disable the mutex check on Rev C and later boards.
Configuration menu - View commit details
-
Copy full SHA for 43aceef - Browse repository at this point
Copy the full SHA 43aceefView commit details -
Fix sysfs write command to force mutex unlock when disabling the mute…
…x resource share for i2c3 and spi2.
Configuration menu - View commit details
-
Copy full SHA for 0508b62 - Browse repository at this point
Copy the full SHA 0508b62View commit details -
Merge pull request #10 from DatumSystems/mutex-ctrl
Add sysfs enable/disable control for SPI2/I2C mutex, for use when PCB is fixed.
Configuration menu - View commit details
-
Copy full SHA for 6114b34 - Browse repository at this point
Copy the full SHA 6114b34View commit details
Commits on Jul 3, 2024
-
Merge branch 'v5.15-stm32mp' into v5.15-datum
# Conflicts: # Makefile # arch/arm64/boot/dts/qcom/ipq8074.dtsi # arch/arm64/mm/copypage.c # arch/riscv/mm/init.c # arch/x86/include/asm/intel-family.h # drivers/acpi/resource.c # drivers/android/binder_alloc.c # drivers/char/ipmi/ipmi_ssif.c # drivers/counter/microchip-tcb-capture.c # drivers/firmware/efi/sysfb_efi.c # drivers/gpu/drm/bridge/adv7511/adv7533.c # drivers/gpu/drm/drm_panel_orientation_quirks.c # drivers/gpu/drm/msm/dp/dp_aux.c # drivers/input/joystick/xpad.c # drivers/media/usb/uvc/uvc_driver.c # drivers/net/bonding/bond_main.c # drivers/net/ethernet/mellanox/mlx5/core/en_tx.c # drivers/net/ipvlan/ipvlan_l3s.c # drivers/net/phy/phy_device.c # drivers/net/phy/smsc.c # drivers/net/virtio_net.c # drivers/net/wireless/marvell/mwifiex/sdio.c # drivers/nvme/host/hwmon.c # drivers/nvme/host/pci.c # drivers/regulator/core.c # drivers/scsi/ses.c # drivers/tee/amdtee/core.c # drivers/thunderbolt/nhi.c # drivers/tty/serial/8250/8250_exar.c # drivers/tty/serial/fsl_lpuart.c # drivers/usb/dwc2/platform.c # drivers/usb/serial/option.c # drivers/vdpa/vdpa_user/vduse_dev.c # fs/ext4/ext4.h # fs/ext4/extents.c # fs/ext4/inode.c # fs/ext4/xattr.c # fs/hfsplus/inode.c # fs/ksmbd/smb2misc.c # fs/ntfs3/bitmap.c # fs/ubifs/tnc.c # fs/xfs/libxfs/xfs_sb.c # include/linux/trace.h # include/media/dvbdev.h # kernel/bpf/verifier.c # kernel/sched/fair.c # mm/page_alloc.c # net/bridge/br_netfilter_hooks.c # net/ipv4/tcp_ipv4.c # net/ipv6/sit.c # net/netfilter/nft_set_rbtree.c # net/packet/af_packet.c # net/sched/act_pedit.c # sound/pci/hda/patch_ca0132.c # sound/pci/hda/patch_realtek.c # sound/soc/intel/boards/sof_sdw.c # tools/lib/bpf/btf_dump.c
Configuration menu - View commit details
-
Copy full SHA for 7d731bb - Browse repository at this point
Copy the full SHA 7d731bbView commit details
Commits on Jul 4, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 1cf49cd - Browse repository at this point
Copy the full SHA 1cf49cdView commit details
Commits on Jul 19, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 48aba23 - Browse repository at this point
Copy the full SHA 48aba23View commit details
Commits on Jul 25, 2024
-
spi: stm32: perform small transfer in polling mode
In case of interrupt based transfer, when the transfer is very small, relying on interrupts leads to lower performances than if the transfer were done using polling on the registers. Add a module parameter "polling_limit_us" to indicate the threshold in us from which a transfer would be done polling the registers rather than relying on interrupts. Change-Id: I21588fdd2c1f123c245959fff719af2256e9dd19 Signed-off-by: Alain Volmat <alain.volmat@foss.st.com> Signed-off-by: Deepak Kumar <deepak.kumar01@st.com> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/360873 ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> Domain-Review: Amelie DELAUNAY <amelie.delaunay@foss.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Reviewed-by: Amelie DELAUNAY <amelie.delaunay@foss.st.com>
Configuration menu - View commit details
-
Copy full SHA for 814b78d - Browse repository at this point
Copy the full SHA 814b78dView commit details -
remoteproc: stm32_rproc: Fix mailbox interrupts queuing
Manage interrupt coming from coprocessor also when state is ATTACHED. Change-Id: Id64480e538db3fb86ae73a34606ec61c483369ba Fixes: 35bdafd ("remoteproc: stm32_rproc: Add mutex protection for workqueue") Signed-off-by: Gwenael Treuveur <gwenael.treuveur@foss.st.com> Acked-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/370055 Reviewed-by: Arnaud POULIQUEN <arnaud.pouliquen@st.com> Tested-by: Gwenael TREUVEUR <gwenael.treuveur@st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> Domain-Review: Arnaud POULIQUEN <arnaud.pouliquen@st.com> Reviewed-by: Gwenael TREUVEUR <gwenael.treuveur@st.com>
Configuration menu - View commit details
-
Copy full SHA for 8e3e0ee - Browse repository at this point
Copy the full SHA 8e3e0eeView commit details -
mfd: stmfx: wait boot time after a regulator enable
STMFX has a boot time of 10ms between reset and first register access. But this delay is not yet respected after a regulator_enable, and sometimes register access could failed with -ENXIO. As we cannot get the time since the regulator was enabled, we poll every 1ms the STMFX_REG_FW_VERSION_MSB, to wait the completed boot of chip. A timeout is set to 10ms. Change-Id: I2eeeccac00fc6087d60cd30dbb7fad4c30a72e1b Signed-off-by: Valentin Caron <valentin.caron@foss.st.com> Signed-off-by: Deepak kumar <deepak.kumar01@st.com> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/369823 Domain-Review: Amelie DELAUNAY <amelie.delaunay@foss.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> Reviewed-by: Amelie DELAUNAY <amelie.delaunay@foss.st.com>
Configuration menu - View commit details
-
Copy full SHA for 74cc379 - Browse repository at this point
Copy the full SHA 74cc379View commit details
Commits on Sep 11, 2024
-
dmaengine: stm32-dma: Fix MDMA channel complete callback
In stm32_mdma_chan_complete moved the assignment of channel busy and channel status flags before queuing the work, as this can lead to change in behaviour. If there are any asynchronous DMA terminate calls before the work is queued, it might indicate that the chan->busy is still true which may lead in unexpected behaviour to terminate the DMA. Change-Id: I100826e8c0180e37cd692b91f2b9024e903a3442 Signed-off-by: Sandhya Sharma <sandhya.sharma@st.com> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/402673 Reviewed-by: Alain VOLMAT <alain.volmat@st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Domain-Review: Alain VOLMAT <alain.volmat@st.com>
Configuration menu - View commit details
-
Copy full SHA for 660c5fd - Browse repository at this point
Copy the full SHA 660c5fdView commit details -
dmaengine: stm32-dma: use one workqueue per channel for DMA/MDMA chai…
…ning The workqueue name was not unique for the DMA controllers. Assigning unique names to avoid pushing works from 2 different channels into the same workqueue. Also as dma device is not initialised with the device id, moving all mchan stuff after dma_async_device_register Change-Id: Ia2dcbd2e9f4ad69a1c0d43ea5f7be55bcb0e7b68 Signed-off-by: Sandhya Sharma <sandhya.sharma@st.com> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/402672 ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Domain-Review: Alain VOLMAT <alain.volmat@st.com> Reviewed-by: Alain VOLMAT <alain.volmat@st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com>
Configuration menu - View commit details
-
Copy full SHA for eae4295 - Browse repository at this point
Copy the full SHA eae4295View commit details -
dmaengine: stm32-dma: Fix MDMA worker complete callback
Added NULL check in stm32_mdma_chan_complete_worker to ensure that the chan->desc is not NULL. This is necessary because the desc can be deleted by an asynchronous call made to stm32_dma_terminate_all. In this scenario, when the stm32_mdma_chan_complete_worker is executed the chan->desc becomes NULL and the Kernel crashes. Change-Id: I8b2bd18a4f9dff2151ff9b170a6e67970441a8fb Signed-off-by: Sandhya Sharma <sandhya.sharma@st.com> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/402667 ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> Reviewed-by: Alain VOLMAT <alain.volmat@st.com> Domain-Review: Alain VOLMAT <alain.volmat@st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com>
Configuration menu - View commit details
-
Copy full SHA for bf7464f - Browse repository at this point
Copy the full SHA bf7464fView commit details -
spi: stm32: perform small transfer in polling mode
Correct condition to call stm32h7_spi_read_rxfifo function within the function stm32h7_spi_transfer_one_poll. Add STM32H7_SPI_SR_RXPLVL within the mask allowing to read the very last data frame within the FIFO even when there is less than 4 data frame remaining. Change-Id: I76894f46e0139ff2c45f1fb6180a999aa294e1dd Signed-off-by: Alain Volmat <alain.volmat@foss.st.com> Signed-off-by: Deepak Kumar <deepak.kumar01@st.com> Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/linux-stm32/+/391401 ACI: CIBUILD <MDG-smet-aci-builds@list.st.com> ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com> Domain-Review: Alain VOLMAT <alain.volmat@st.com> Reviewed-by: Alain VOLMAT <alain.volmat@st.com>
Configuration menu - View commit details
-
Copy full SHA for d6ab414 - Browse repository at this point
Copy the full SHA d6ab414View commit details -
Merge tag 'v5.15-stm32mp-r2.2' into kernel-update-st-v5.15.145
The following changes since commit v5.15-stm32mp-r2.1: Merge tag 'v5.15.145' into v5.15-stm32mp (2024-02-23 11:33:42 +0530) are available in the Git repository at: https://gerrit.st.com/mpu/oe/st/linux-stm32 v5.15-stm32mp for you to fetch changes up to v5.15-stm32mp-r2.2: mfd: stmfx: wait boot time after a regulator enable (2024-07-25 14:42:13 +0530) ---------------------------------------------------------------- Merge tag 'v5.15.145' into v5.15-stm32mp (2024-02-23 11:33:42 +0530) ---------------------------------------------------------------- Alain Volmat (1): spi: stm32: perform small transfer in polling mode Deepak Kumar (1): spi: stm32: fix Overrun issue at < 8bpw Gatien Chevallier (6): hwrng: stm32 - move max RNG clock rate to compatible data hwrng: stm32 - update STM32MP15 max RNG clock frequency hwrng: stm32 - fix clock division application hwrng: stm32 - use devm_platform_get_and_ioremap_resource() API hwrng: stm32 - implement error concealment hwrng: stm32 - rework error handling in stm32_rng_read() Gwenael Treuveur (1): remoteproc: stm32_rproc: Fix mailbox interrupts queuing Maxime Méré (1): crypto: stm32/cryp - add CRYPTO_ALG_KERN_DRIVER_ONLY flag Rahul Kumar (1): ARM: configs: enable USB_HIDDEV in fragment-02-multiv7_addons.config Uwe Kleine-König (1): serial: stm32: Ignore return value of uart_remove_one_port() in .remove() Valentin Caron (1): mfd: stmfx: wait boot time after a regulator enable Yang Yingliang (1): hwrng: stm32 - add missing clk_disable_unprepare() in stm32_rng_init() # Conflicts: # Makefile # drivers/pinctrl/pinctrl-amd.c
Configuration menu - View commit details
-
Copy full SHA for 8cb6928 - Browse repository at this point
Copy the full SHA 8cb6928View commit details
Commits on Sep 13, 2024
-
Merge remote-tracking branch 'upstream/v5.15-stm32mp' into kernel-upd…
…ate-st-v5.15.145
Configuration menu - View commit details
-
Copy full SHA for 2952b0b - Browse repository at this point
Copy the full SHA 2952b0bView commit details