Skip to content
Snippets Groups Projects
  1. Mar 12, 2025
    • Jianan Huang's avatar
      UPSTREAM: f2fs: fix inconsistent dirty state of atomic file · 52d776ea
      Jianan Huang authored
      
      When testing the atomic write fix patches, the f2fs_bug_on was
      triggered as below:
      
      ------------[ cut here ]------------
      kernel BUG at fs/f2fs/inode.c:935!
      Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI
      CPU: 3 UID: 0 PID: 257 Comm: bash Not tainted 6.13.0-rc1-00033-gc283a70d3497 #5
      RIP: 0010:f2fs_evict_inode+0x50f/0x520
      Call Trace:
       <TASK>
       ? __die_body+0x65/0xb0
       ? die+0x9f/0xc0
       ? do_trap+0xa1/0x170
       ? f2fs_evict_inode+0x50f/0x520
       ? f2fs_evict_inode+0x50f/0x520
       ? handle_invalid_op+0x65/0x80
       ? f2fs_evict_inode+0x50f/0x520
       ? exc_invalid_op+0x39/0x50
       ? asm_exc_invalid_op+0x1a/0x20
       ? __pfx_f2fs_get_dquots+0x10/0x10
       ? f2fs_evict_inode+0x50f/0x520
       ? f2fs_evict_inode+0x2e5/0x520
       evict+0x186/0x2f0
       prune_icache_sb+0x75/0xb0
       super_cache_scan+0x1a8/0x200
       do_shrink_slab+0x163/0x320
       shrink_slab+0x2fc/0x470
       drop_slab+0x82/0xf0
       drop_caches_sysctl_handler+0x4e/0xb0
       proc_sys_call_handler+0x183/0x280
       vfs_write+0x36d/0x450
       ksys_write+0x68/0xd0
       do_syscall_64+0xc8/0x1a0
       ? arch_exit_to_user_mode_prepare+0x11/0x60
       ? irqentry_exit_to_user_mode+0x7e/0xa0
      
      The root cause is: f2fs uses FI_ATOMIC_DIRTIED to indicate dirty
      atomic files during commit. If the inode is dirtied during commit,
      such as by f2fs_i_pino_write, the vfs inode keeps clean and the
      f2fs inode is set to FI_DIRTY_INODE. The FI_DIRTY_INODE flag cann't
      be cleared by write_inode later due to the clean vfs inode. Finally,
      f2fs_bug_on is triggered due to this inconsistent state when evict.
      
      To reproduce this situation:
      - fd = open("/mnt/test.db", O_WRONLY)
      - ioctl(fd, F2FS_IOC_START_ATOMIC_WRITE)
      - mv /mnt/test.db /mnt/test1.db
      - ioctl(fd, F2FS_IOC_COMMIT_ATOMIC_WRITE)
      - echo 3 > /proc/sys/vm/drop_caches
      
      To fix this problem, clear FI_DIRTY_INODE after commit, then
      f2fs_mark_inode_dirty_sync will ensure a consistent dirty state.
      
      Bug: 402645924
      
      Fixes: fccaa81d ("f2fs: prevent atomic file from being dirtied before commit")
      Change-Id: I2c637b4bc544453b07ab124527efb694da9b757f
      Signed-off-by: default avatarYunlei He <heyunlei@xiaomi.com>
      Signed-off-by: default avatarJianan Huang <huangjianan@xiaomi.com>
      Reviewed-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      (cherry picked from commit 03511e93)
      (cherry picked from commit 0e0c5304)
  2. Mar 05, 2025
  3. Feb 28, 2025
  4. Feb 12, 2025
  5. Feb 07, 2025
  6. Feb 06, 2025
    • Rui Chen's avatar
      ANDROID: ABI: update symbol list for honor · 21ec3a80
      Rui Chen authored
      
      24 function symbol(s) added
      	'int mempool_init(mempool_t *pool, int min_nr, mempool_alloc_t *alloc_fn,
      			mempool_free_t *free_fn, void *pool_data)'
      	'void mempool_exit(mempool_t *pool)'
      	'int dm_register_target(struct target_type *tt)'
      	'void dm_unregister_target(struct target_type *tt)'
      	'int __ref dm_get_device(struct dm_target *ti, const char *path, blk_mode_t mode,
      		struct dm_dev **result)'
      	'void dm_put_device(struct dm_target *ti, struct dm_dev *d)'
      	'int dm_set_target_max_io_len(struct dm_target *ti, sector_t len)'
      	'unsigned int dm_bio_get_target_bio_nr(const struct bio *bio)'
      	'const char *dm_table_device_name(struct dm_table *t)'
      	'void dm_table_event(struct dm_table *t)'
      	'const char *dm_shift_arg(struct dm_arg_set *as)'
      	'int dm_read_arg_group(const struct dm_arg *arg, struct dm_arg_set *arg_set,
      			unsigned int *value, char **error)'
      	'void dm_consume_args(struct dm_arg_set *as, unsigned int num_args)'
      	'void *dm_per_bio_data(struct bio *bio, size_t data_size)'
      	'void dm_submit_bio_remap(struct bio *clone, struct bio *tgt_clone)'
      	'unsigned int dm_get_reserved_bio_based_ios(void)'
      	'int bioset_init(struct bio_set *bs,
       		unsigned int pool_size,
       		unsigned int front_pad,
       		int flags)'
      	'void bioset_exit(struct bio_set *bs)'
      	'void bio_crypt_set_ctx(struct bio *bio, const struct blk_crypto_key *key,
      			const u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE], gfp_t gfp_mask)'
      	'void blk_crypto_evict_key(struct block_device *bdev,
      			const struct blk_crypto_key *key)'
      	'int blk_crypto_derive_sw_secret(struct block_device *bdev,
       				const u8 *eph_key, size_t eph_key_size,
       				u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE])'
      	'void __sched wait_for_completion_io(struct completion *x)'
      	'void zero_fill_bio_iter(struct bio *bio, struct bvec_iter start)'
      	'int __trace_bputs(unsigned long ip, const char *str)'
      1 value symbol added
      	'struct page *empty_zero_page;'
      
      Bug: 391513201
      Bug: 394696922
      Change-Id: I73a25a03489af27392fb04ffe6a83f984c6ae850
      Signed-off-by: default avatarRui Chen <chenrui9@honor.com>
      (cherry picked from commit b49cbb85)
  7. Feb 03, 2025
    • Konstantin Komarov's avatar
      ANDROID: GKI: Add Paragon symbol list · 92480faf
      Konstantin Komarov authored
      
      This list contains symbols for  Paragon UFSD driver for NTFS and exFAT file systems.
      
      18 function symbol(s) added
        'int __cond_resched_lock(spinlock_t*)'
        'struct buffer_head* __find_get_block(struct block_device*, sector_t, unsigned int)'
        'int __posix_acl_create(struct posix_acl**, gfp_t, umode_t*)'
        'int add_to_page_cache_lru(struct page*, struct address_space*, unsigned long, gfp_t)'
        'struct buffer_head* alloc_buffer_head(gfp_t)'
        'void d_rehash(struct dentry*)'
        'int filemap_fdatawrite_wbc(struct address_space*, struct writeback_control*)'
        'void free_buffer_head(struct buffer_head*)'
        'int posix_acl_equiv_mode(const struct posix_acl*, umode_t*)'
        'struct posix_acl* posix_acl_from_xattr(struct user_namespace*, const void*, size_t)'
        'int posix_acl_to_xattr(struct user_namespace*, const struct posix_acl*, void*, size_t)'
        'int posix_acl_valid(struct user_namespace*, const struct posix_acl*)'
        'void set_cached_acl(struct inode*, int, struct posix_acl*)'
        'void shrink_dcache_sb(struct super_block*)'
        'void sync_inodes_sb(struct super_block*)'
        'void wait_for_completion_io(struct completion*)'
        'void write_dirty_buffer(struct buffer_head*, blk_opf_t)'
        'void yield()'
      
      Bug: 393994588
      Signed-off-by: default avatarKonstantin Komarov <Konstantin.Komarov.GKI@paragon-software.com>
      Change-Id: I817b3e0c7ad779c72333cf0e7973eb02873f1cee
      92480faf
  8. Jan 24, 2025
  9. Jan 20, 2025
    • Qun-Wei Lin's avatar
      UPSTREAM: mm: krealloc: Fix MTE false alarm in __do_krealloc · 9f047a51
      Qun-Wei Lin authored
      commit 70457385 upstream.
      
      This patch addresses an issue introduced by commit 1a83a716 ("mm:
      krealloc: consider spare memory for __GFP_ZERO") which causes MTE
      (Memory Tagging Extension) to falsely report a slab-out-of-bounds error.
      
      The problem occurs when zeroing out spare memory in __do_krealloc. The
      original code only considered software-based KASAN and did not account
      for MTE. It does not reset the KASAN tag before calling memset, leading
      to a mismatch between the pointer tag and the memory tag, resulting in a
      false positive.
      
      Example of the error:
      ==================================================================
      swapper/0: BUG: KASAN: slab-out-of-bounds in __memset+0x84/0x188
      swapper/0: Write at addr f4ffff8005f0fdf0 by task swapper/0/1
      swapper/0: Pointer tag: [f4], memory tag: [fe]
      swapper/0:
      swapper/0: CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.
      swapper/0: Hardware name: MT6991(ENG) (DT)
      swapper/0: Call trace:
      swapper/0:  dump_backtrace+0xfc/0x17c
      swapper/0:  show_stack+0x18/0x28
      swapper/0:  dump_stack_lvl+0x40/0xa0
      swapper/0:  print_report+0x1b8/0x71c
      swapper/0:  kasan_report+0xec/0x14c
      swapper/0:  __do_kernel_fault+0x60/0x29c
      swapper/0:  do_bad_area+0x30/0xdc
      swapper/0:  do_tag_check_fault+0x20/0x34
      swapper/0:  do_mem_abort+0x58/0x104
      swapper/0:  el1_abort+0x3c/0x5c
      swapper/0:  el1h_64_sync_handler+0x80/0xcc
      swapper/0:  el1h_64_sync+0x68/0x6c
      swapper/0:  __memset+0x84/0x188
      swapper/0:  btf_populate_kfunc_set+0x280/0x3d8
      swapper/0:  __register_btf_kfunc_id_set+0x43c/0x468
      swapper/0:  register_btf_kfunc_id_set+0x48/0x60
      swapper/0:  register_nf_nat_bpf+0x1c/0x40
      swapper/0:  nf_nat_init+0xc0/0x128
      swapper/0:  do_one_initcall+0x184/0x464
      swapper/0:  do_initcall_level+0xdc/0x1b0
      swapper/0:  do_initcalls+0x70/0xc0
      swapper/0:  do_basic_setup+0x1c/0x28
      swapper/0:  kernel_init_freeable+0x144/0x1b8
      swapper/0:  kernel_init+0x20/0x1a8
      swapper/0:  ret_from_fork+0x10/0x20
      ==================================================================
      
      Bug: 390070977
      Bug: 391031881
      (cherry picked from commit 70457385
      https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
      
      
      linux-6.6.y)
      Fixes: 1a83a716 ("mm: krealloc: consider spare memory for __GFP_ZERO")
      Signed-off-by: default avatarQun-Wei Lin <qun-wei.lin@mediatek.com>
      Acked-by: default avatarDavid Rientjes <rientjes@google.com>
      Signed-off-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Signed-off-by: default avatarSeiya Wang <seiya.wang@mediatek.com>
      Change-Id: Iea0ba629183042d594665ab51b410965963d167e
      (cherry picked from commit 6b18f0b5)
      (cherry picked from commit e087ce9a)
  10. Jan 06, 2025
  11. Jan 04, 2025
  12. Jan 03, 2025
    • Chunhai Guo's avatar
      ANDROID: GKI: update symbol list for vivo · 7c5518bc
      Chunhai Guo authored
      
      1 variable symbol(s) added
        'struct utf8data_table tf8_data_table_new'
      
      Bug: 387229724
      Bug: 382800956
      
      Change-Id: I550db0dad74ff5fcfe34de7708b6b6118d21a477
      Signed-off-by: default avatarChunhai Guo <guochunhai@vivo.corp-partner.google.com>
      7c5518bc
    • Chunhai Guo's avatar
      ANDROID: unicode: Add symbol for utf8 encoding compatibility for file lookup · 59a52ac0
      Chunhai Guo authored
      
      Add symbol utf8_data_table_new to ensure compatibility with both new and
      old utf8 encoding during file lookup.
      
      Bug: 387229724
      Bug: 382800956
      
      Change-Id: I75da2a468ac4a51f7bc907633b9c316a72f2b8c2
      Signed-off-by: default avatarChunhai Guo <guochunhai@vivo.corp-partner.google.com>
      59a52ac0
    • Akash M's avatar
      FROMGIT: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind · a6fbce86
      Akash M authored
      
      This commit addresses an issue related to below kernel panic where
      panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON
      in functionsfs_bind, which easily leads to the following scenarios.
      
      1.adb_write in adbd               2. UDC write via configfs
        =================	             =====================
      
      ->usb_ffs_open_thread()           ->UDC write
       ->open_functionfs()               ->configfs_write_iter()
        ->adb_open()                      ->gadget_dev_desc_UDC_store()
         ->adb_write()                     ->usb_gadget_register_driver_owner
                                            ->driver_register()
      ->StartMonitor()                       ->bus_add_driver()
       ->adb_read()                           ->gadget_bind_driver()
      <times-out without BIND event>           ->configfs_composite_bind()
                                                ->usb_add_function()
      ->open_functionfs()                        ->ffs_func_bind()
       ->adb_open()                               ->functionfs_bind()
                                             <ffs->state !=FFS_ACTIVE>
      
      The adb_open, adb_read, and adb_write operations are invoked from the
      daemon, but trying to bind the function is a process that is invoked by
      UDC write through configfs, which opens up the possibility of a race
      condition between the two paths. In this race scenario, the kernel panic
      occurs due to the WARN_ON from functionfs_bind when panic_on_warn is
      enabled. This commit fixes the kernel panic by removing the unnecessary
      WARN_ON.
      
      Kernel panic - not syncing: kernel: panic_on_warn set ...
      [   14.542395] Call trace:
      [   14.542464]  ffs_func_bind+0x1c8/0x14a8
      [   14.542468]  usb_add_function+0xcc/0x1f0
      [   14.542473]  configfs_composite_bind+0x468/0x588
      [   14.542478]  gadget_bind_driver+0x108/0x27c
      [   14.542483]  really_probe+0x190/0x374
      [   14.542488]  __driver_probe_device+0xa0/0x12c
      [   14.542492]  driver_probe_device+0x3c/0x220
      [   14.542498]  __driver_attach+0x11c/0x1fc
      [   14.542502]  bus_for_each_dev+0x104/0x160
      [   14.542506]  driver_attach+0x24/0x34
      [   14.542510]  bus_add_driver+0x154/0x270
      [   14.542514]  driver_register+0x68/0x104
      [   14.542518]  usb_gadget_register_driver_owner+0x48/0xf4
      [   14.542523]  gadget_dev_desc_UDC_store+0xf8/0x144
      [   14.542526]  configfs_write_iter+0xf0/0x138
      
      Fixes: ddf8abd2 ("USB: f_fs: the FunctionFS driver")
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarAkash M <akash.m5@samsung.com>
      Link: https://lore.kernel.org/r/20241219125221.1679-1-akash.m5@samsung.c
      
      
      om
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      
      Bug: 383235079
      (cherry picked from commit dfc51e48
      https: //git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/
      usb-linus)
      Change-Id: Ib8ec6cbac0ac0601f75ede2911f00baef099cec1
      Signed-off-by: default avatarAkash M <akash.m5@samsung.com>
      a6fbce86
    • Dan Carpenter's avatar
      UPSTREAM: ALSA: usb-audio: Fix a DMA to stack memory bug · 89be8631
      Dan Carpenter authored
      
      commit f7d306b4 upstream.
      
      The usb_get_descriptor() function does DMA so we're not allowed
      to use a stack buffer for that.  Doing DMA to the stack is not portable
      all architectures.  Move the "new_device_descriptor" from being stored
      on the stack and allocate it with kmalloc() instead.
      
      Bug: 382243530
      Fixes: b909df18 ("ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices")
      Cc: stable@kernel.org
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
      Link: https://patch.msgid.link/60e3aa09-039d-46d2-934c-6f123026c2eb@stanley.mountain
      
      
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarBenoît Sevens <bsevens@google.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      (cherry picked from commit 44a7b041)
      Signed-off-by: default avatarLee Jones <joneslee@google.com>
      Change-Id: I469212aa538584e3d8cc5b0087b68c99acf43f64
      89be8631
    • xuyuqing's avatar
      ANDROID: ABI: Update symbol list for xiaomi · dbf1c333
      xuyuqing authored
      
      ERRO:
      3 function symbol(s) added
        'int __traceiter_android_vh_gzvm_destroy_vm_post_process(void*, struct gzvm*)'
        'int __traceiter_android_vh_gzvm_handle_demand_page_post(void*, struct gzvm*, int, u64, u64, u32)'
        'int __traceiter_android_vh_gzvm_handle_demand_page_pre(void*, struct gzvm*, int, u64, u64, u32)'
      
      3 variable symbol(s) added
        'struct tracepoint __tracepoint_android_vh_gzvm_destroy_vm_post_process'
        'struct tracepoint __tracepoint_android_vh_gzvm_handle_demand_page_post'
        'struct tracepoint __tracepoint_android_vh_gzvm_handle_demand_page_pre'
      
      Bug: 386715781
      Change-Id: I84813a4af337b9278e6b4cfc01de53ea3b652d34
      Signed-off-by: default avatarxuyuqing <xuyuqing@xiaomi.corp-partner.google.com>
      dbf1c333
  13. Dec 30, 2024
  14. Dec 27, 2024
  15. Dec 24, 2024
  16. Dec 23, 2024
  17. Dec 21, 2024
    • Minchan Kim's avatar
      ANDROID: ABI: Update pixel symbol list · 86179fae
      Minchan Kim authored
      
      Adding the following symbols:
        - debugfs_lookup_and_remove
        - devm_register_sys_off_handler
        - init_on_free
        - pci_free_irq
        - pci_request_irq
        - __traceiter_android_vh_binder_proc_transaction_finish
        - __traceiter_android_vh_check_new_page
        - __traceiter_android_vh_free_pages_prepare_init
        - __traceiter_android_vh_post_alloc_hook
        - __tracepoint_android_vh_binder_proc_transaction_finish
        - __tracepoint_android_vh_check_new_page
        - __tracepoint_android_vh_free_pages_prepare_init
        - __tracepoint_android_vh_post_alloc_hook
      
      Bug: 383166773
      Change-Id: I2deb32da0193effc1d33a7c4d4b47d016a05840b
      Signed-off-by: default avatarMinchan Kim <minchan@google.com>
      86179fae
    • Minchan Kim's avatar
      ANDROID: defer zeroing to allocation context in init_on_free · 7e1ae40a
      Minchan Kim authored
      
      zeroing on free but defering the zeroing to allocation context
      to avoid slow memory reclaiming
      
      Bug: 383166773
      Change-Id: I746f4fbc20df5cf394d7644ff2cd6f25916c9790
      Signed-off-by: default avatarMinchan Kim <minchan@google.com>
      7e1ae40a
  18. Dec 20, 2024
Loading