tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'ubifs-for-linus-6.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs

Pull JFFS2, UBI and UBIFS updates from Richard Weinberger:
"JFFS2:
- Bug fix for rtime compression
- Various cleanups

UBI:
- Cleanups for fastmap and wear leveling

UBIFS:
- Add support for FS_IOC_GETFSSYSFSPATH
- Remove dead ioctl code
- Fix UAF in ubifs_tnc_end_commit()"

* tag 'ubifs-for-linus-6.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs: (25 commits)
ubifs: Fix uninitialized use of err in ubifs_jnl_write_inode()
jffs2: Prevent rtime decompress memory corruption
jffs2: remove redundant check on outpos > pos
fs: jffs2: Fix inconsistent indentation in jffs2_mark_node_obsolete
jffs2: Correct some typos in comments
jffs2: fix use of uninitialized variable
jffs2: Use str_yes_no() helper function
mtd: ubi: remove redundant check on bytes_left at end of function
mtd: ubi: fix unreleased fwnode_handle in find_volume_fwnode()
ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
ubi: fastmap: Fix duplicate slab cache names while attaching
ubifs: xattr: remove unused anonymous enum
ubifs: Reduce kfree() calls in ubifs_purge_xattrs()
ubifs: Call iput(xino) only once in ubifs_purge_xattrs()
ubi: wl: Close down wear-leveling before nand is suspended
mtd: ubi: Rmove unused declaration in header file
ubifs: Correct the total block count by deducting journal reservation
ubifs: Convert to use ERR_CAST()
ubifs: add support for FS_IOC_GETFSSYSFSPATH
ubifs: remove unused ioctl flags GETFLAGS/SETFLAGS
...

Linus Torvalds 04b43ea3 e864effa

+96 -98
+6 -6
drivers/mtd/ubi/attach.c
··· 1447 1447 return err; 1448 1448 } 1449 1449 1450 - static struct ubi_attach_info *alloc_ai(void) 1450 + static struct ubi_attach_info *alloc_ai(const char *slab_name) 1451 1451 { 1452 1452 struct ubi_attach_info *ai; 1453 1453 ··· 1461 1461 INIT_LIST_HEAD(&ai->alien); 1462 1462 INIT_LIST_HEAD(&ai->fastmap); 1463 1463 ai->volumes = RB_ROOT; 1464 - ai->aeb_slab_cache = kmem_cache_create("ubi_aeb_slab_cache", 1464 + ai->aeb_slab_cache = kmem_cache_create(slab_name, 1465 1465 sizeof(struct ubi_ainf_peb), 1466 1466 0, 0, NULL); 1467 1467 if (!ai->aeb_slab_cache) { ··· 1491 1491 1492 1492 err = -ENOMEM; 1493 1493 1494 - scan_ai = alloc_ai(); 1494 + scan_ai = alloc_ai("ubi_aeb_slab_cache_fastmap"); 1495 1495 if (!scan_ai) 1496 1496 goto out; 1497 1497 ··· 1557 1557 int err; 1558 1558 struct ubi_attach_info *ai; 1559 1559 1560 - ai = alloc_ai(); 1560 + ai = alloc_ai("ubi_aeb_slab_cache"); 1561 1561 if (!ai) 1562 1562 return -ENOMEM; 1563 1563 ··· 1575 1575 if (err > 0 || mtd_is_eccerr(err)) { 1576 1576 if (err != UBI_NO_FASTMAP) { 1577 1577 destroy_ai(ai); 1578 - ai = alloc_ai(); 1578 + ai = alloc_ai("ubi_aeb_slab_cache"); 1579 1579 if (!ai) 1580 1580 return -ENOMEM; 1581 1581 ··· 1614 1614 if (ubi->fm && ubi_dbg_chk_fastmap(ubi)) { 1615 1615 struct ubi_attach_info *scan_ai; 1616 1616 1617 - scan_ai = alloc_ai(); 1617 + scan_ai = alloc_ai("ubi_aeb_slab_cache_dbg_chk_fastmap"); 1618 1618 if (!scan_ai) { 1619 1619 err = -ENOMEM; 1620 1620 goto out_wl;
+16 -3
drivers/mtd/ubi/fastmap-wl.c
··· 346 346 * WL sub-system. 347 347 * 348 348 * @ubi: UBI device description object 349 + * @need_fill: whether to fill wear-leveling pool when no PEBs are found 349 350 */ 350 - static struct ubi_wl_entry *next_peb_for_wl(struct ubi_device *ubi) 351 + static struct ubi_wl_entry *next_peb_for_wl(struct ubi_device *ubi, 352 + bool need_fill) 351 353 { 352 354 struct ubi_fm_pool *pool = &ubi->fm_wl_pool; 353 355 int pnum; 354 356 355 - if (pool->used == pool->size) 357 + if (pool->used == pool->size) { 358 + if (need_fill && !ubi->fm_work_scheduled) { 359 + /* 360 + * We cannot update the fastmap here because this 361 + * function is called in atomic context. 362 + * Let's fail here and refill/update it as soon as 363 + * possible. 364 + */ 365 + ubi->fm_work_scheduled = 1; 366 + schedule_work(&ubi->fm_work); 367 + } 356 368 return NULL; 369 + } 357 370 358 371 pnum = pool->pebs[pool->used]; 359 372 return ubi->lookuptbl[pnum]; ··· 388 375 if (!ubi->used.rb_node) 389 376 return false; 390 377 391 - e = next_peb_for_wl(ubi); 378 + e = next_peb_for_wl(ubi, false); 392 379 if (!e) { 393 380 if (!ubi->free.rb_node) 394 381 return false;
+1 -1
drivers/mtd/ubi/nvmem.c
··· 55 55 if (err) 56 56 return err; 57 57 58 - return bytes_left == 0 ? 0 : -EIO; 58 + return 0; 59 59 } 60 60 61 61 static int ubi_nvmem_add(struct ubi_volume_info *vi)
+2 -1
drivers/mtd/ubi/ubi.h
··· 549 549 * @peb_buf: a buffer of PEB size used for different purposes 550 550 * @buf_mutex: protects @peb_buf 551 551 * @ckvol_mutex: serializes static volume checking when opening 552 + * @wl_reboot_notifier: close all wear-leveling work before reboot 552 553 * 553 554 * @dbg: debugging information for this UBI device 554 555 */ ··· 652 651 void *peb_buf; 653 652 struct mutex buf_mutex; 654 653 struct mutex ckvol_mutex; 654 + struct notifier_block wl_reboot_notifier; 655 655 656 656 struct ubi_debug_info dbg; 657 657 }; ··· 833 831 struct ubi_ainf_peb *ubi_early_get_peb(struct ubi_device *ubi, 834 832 struct ubi_attach_info *ai); 835 833 int ubi_attach(struct ubi_device *ubi, int force_scan); 836 - void ubi_destroy_ai(struct ubi_attach_info *ai); 837 834 838 835 /* vtbl.c */ 839 836 int ubi_change_vtbl_record(struct ubi_device *ubi, int idx,
+2
drivers/mtd/ubi/vmt.c
··· 143 143 vol->vol_id != volid) 144 144 continue; 145 145 146 + fwnode_handle_put(fw_vols); 146 147 return fw_vol; 147 148 } 149 + fwnode_handle_put(fw_vols); 148 150 149 151 return NULL; 150 152 }
+30 -2
drivers/mtd/ubi/wl.c
··· 89 89 #include <linux/crc32.h> 90 90 #include <linux/freezer.h> 91 91 #include <linux/kthread.h> 92 + #include <linux/reboot.h> 92 93 #include "ubi.h" 93 94 #include "wl.h" 94 95 ··· 128 127 struct ubi_wl_entry *e, struct rb_root *root); 129 128 static int self_check_in_pq(const struct ubi_device *ubi, 130 129 struct ubi_wl_entry *e); 130 + static int ubi_wl_reboot_notifier(struct notifier_block *n, 131 + unsigned long state, void *cmd); 131 132 132 133 /** 133 134 * wl_tree_add - add a wear-leveling entry to a WL RB-tree. ··· 686 683 ubi_assert(!ubi->move_to_put); 687 684 688 685 #ifdef CONFIG_MTD_UBI_FASTMAP 689 - if (!next_peb_for_wl(ubi) || 686 + if (!next_peb_for_wl(ubi, true) || 690 687 #else 691 688 if (!ubi->free.rb_node || 692 689 #endif ··· 849 846 goto out_not_moved; 850 847 } 851 848 if (err == MOVE_RETRY) { 852 - scrubbing = 1; 849 + /* 850 + * For source PEB: 851 + * 1. The scrubbing is set for scrub type PEB, it will 852 + * be put back into ubi->scrub list. 853 + * 2. Non-scrub type PEB will be put back into ubi->used 854 + * list. 855 + */ 856 + keep = 1; 853 857 dst_leb_clean = 1; 854 858 goto out_not_moved; 855 859 } ··· 1953 1943 if (!ubi->ro_mode && !ubi->fm_disabled) 1954 1944 ubi_ensure_anchor_pebs(ubi); 1955 1945 #endif 1946 + 1947 + if (!ubi->wl_reboot_notifier.notifier_call) { 1948 + ubi->wl_reboot_notifier.notifier_call = ubi_wl_reboot_notifier; 1949 + ubi->wl_reboot_notifier.priority = 1; /* Higher than MTD */ 1950 + register_reboot_notifier(&ubi->wl_reboot_notifier); 1951 + } 1952 + 1956 1953 return 0; 1957 1954 1958 1955 out_free: ··· 2003 1986 tree_destroy(ubi, &ubi->free); 2004 1987 tree_destroy(ubi, &ubi->scrub); 2005 1988 kfree(ubi->lookuptbl); 1989 + } 1990 + 1991 + static int ubi_wl_reboot_notifier(struct notifier_block *n, 1992 + unsigned long state, void *cmd) 1993 + { 1994 + struct ubi_device *ubi; 1995 + 1996 + ubi = container_of(n, struct ubi_device, wl_reboot_notifier); 1997 + ubi_wl_close(ubi); 1998 + 1999 + return NOTIFY_DONE; 2006 2000 } 2007 2001 2008 2002 /**
+2 -1
drivers/mtd/ubi/wl.h
··· 5 5 static void update_fastmap_work_fn(struct work_struct *wrk); 6 6 static struct ubi_wl_entry *find_anchor_wl_entry(struct rb_root *root); 7 7 static struct ubi_wl_entry *get_peb_for_wl(struct ubi_device *ubi); 8 - static struct ubi_wl_entry *next_peb_for_wl(struct ubi_device *ubi); 8 + static struct ubi_wl_entry *next_peb_for_wl(struct ubi_device *ubi, 9 + bool need_fill); 9 10 static bool need_wear_leveling(struct ubi_device *ubi); 10 11 static void ubi_fastmap_close(struct ubi_device *ubi); 11 12 static inline void ubi_fastmap_init(struct ubi_device *ubi, int *count)
+3
fs/jffs2/compr_rtime.c
··· 95 95 96 96 positions[value]=outpos; 97 97 if (repeat) { 98 + if ((outpos + repeat) >= destlen) { 99 + return 1; 100 + } 98 101 if (backoffs + repeat >= outpos) { 99 102 while(repeat) { 100 103 cpage_out[outpos++] = cpage_out[backoffs++];
-5
fs/jffs2/compr_rubin.c
··· 276 276 277 277 end_rubin(&rs); 278 278 279 - if (outpos > pos) { 280 - /* We failed */ 281 - return -1; 282 - } 283 - 284 279 /* Tell the caller how much we managed to compress, 285 280 * and how much space it took */ 286 281
+3 -4
fs/jffs2/erase.c
··· 338 338 } while(--retlen); 339 339 mtd_unpoint(c->mtd, jeb->offset, c->sector_size); 340 340 if (retlen) { 341 - pr_warn("Newly-erased block contained word 0x%lx at offset 0x%08tx\n", 342 - *wordebuf, 343 - jeb->offset + 344 - c->sector_size-retlen * sizeof(*wordebuf)); 341 + *bad_offset = jeb->offset + c->sector_size - retlen * sizeof(*wordebuf); 342 + pr_warn("Newly-erased block contained word 0x%lx at offset 0x%08x\n", 343 + *wordebuf, *bad_offset); 345 344 return -EIO; 346 345 } 347 346 return 0;
+1 -1
fs/jffs2/gc.c
··· 82 82 83 83 nextlist = &c->erasable_list; 84 84 } else if (!list_empty(&c->erasable_pending_wbuf_list)) { 85 - /* There are blocks are wating for the wbuf sync */ 85 + /* There are blocks are waiting for the wbuf sync */ 86 86 jffs2_dbg(1, "Synching wbuf in order to reuse erasable_pending_wbuf_list blocks\n"); 87 87 spin_unlock(&c->erase_completion_lock); 88 88 jffs2_flush_wbuf_pad(c);
+9 -8
fs/jffs2/nodemgmt.c
··· 15 15 #include <linux/mtd/mtd.h> 16 16 #include <linux/compiler.h> 17 17 #include <linux/sched/signal.h> 18 + #include <linux/string_choices.h> 18 19 #include "nodelist.h" 19 20 #include "debug.h" 20 21 ··· 318 317 And there's no space left. At all. */ 319 318 pr_crit("Argh. No free space left for GC. nr_erasing_blocks is %d. nr_free_blocks is %d. (erasableempty: %s, erasingempty: %s, erasependingempty: %s)\n", 320 319 c->nr_erasing_blocks, c->nr_free_blocks, 321 - list_empty(&c->erasable_list) ? "yes" : "no", 322 - list_empty(&c->erasing_list) ? "yes" : "no", 323 - list_empty(&c->erase_pending_list) ? "yes" : "no"); 320 + str_yes_no(list_empty(&c->erasable_list)), 321 + str_yes_no(list_empty(&c->erasing_list)), 322 + str_yes_no(list_empty(&c->erase_pending_list))); 324 323 return -ENOSPC; 325 324 } 326 325 ··· 631 630 ref->flash_offset, jeb->used_size); 632 631 BUG(); 633 632 }) 634 - jffs2_dbg(1, "Obsoleting previously unchecked node at 0x%08x of len %x\n", 635 - ref_offset(ref), freed_len); 633 + jffs2_dbg(1, "Obsoleting previously unchecked node at 0x%08x of len %x\n", 634 + ref_offset(ref), freed_len); 636 635 jeb->unchecked_size -= freed_len; 637 636 c->unchecked_size -= freed_len; 638 637 } else { ··· 642 641 ref->flash_offset, jeb->used_size); 643 642 BUG(); 644 643 }) 645 - jffs2_dbg(1, "Obsoleting node at 0x%08x of len %#x: ", 646 - ref_offset(ref), freed_len); 644 + jffs2_dbg(1, "Obsoleting node at 0x%08x of len %#x: ", 645 + ref_offset(ref), freed_len); 647 646 jeb->used_size -= freed_len; 648 647 c->used_size -= freed_len; 649 648 } ··· 884 883 885 884 jffs2_dbg(1, "%s(): nr_free_blocks %d, nr_erasing_blocks %d, dirty_size 0x%x, vdirty_blocks %d: %s\n", 886 885 __func__, c->nr_free_blocks, c->nr_erasing_blocks, 887 - c->dirty_size, nr_very_dirty, ret ? "yes" : "no"); 886 + c->dirty_size, nr_very_dirty, str_yes_no(ret)); 888 887 889 888 return ret; 890 889 }
+1 -1
fs/jffs2/readinode.c
··· 72 72 if (err != -EOPNOTSUPP) 73 73 JFFS2_WARNING("MTD point failed: error code %d.\n", err); 74 74 } else 75 - pointed = 1; /* succefully pointed to device */ 75 + pointed = 1; /* successfully pointed to device */ 76 76 #endif 77 77 78 78 if (!pointed) {
-6
fs/ubifs/ioctl.c
··· 213 213 long ubifs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 214 214 { 215 215 switch (cmd) { 216 - case FS_IOC32_GETFLAGS: 217 - cmd = FS_IOC_GETFLAGS; 218 - break; 219 - case FS_IOC32_SETFLAGS: 220 - cmd = FS_IOC_SETFLAGS; 221 - break; 222 216 case FS_IOC_SET_ENCRYPTION_POLICY: 223 217 case FS_IOC_GET_ENCRYPTION_POLICY: 224 218 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
+7 -6
fs/ubifs/journal.c
··· 981 981 982 982 dbg_jnl("ino %lu, nlink %u", inode->i_ino, inode->i_nlink); 983 983 984 + if (kill_xattrs && ui->xattr_cnt > ubifs_xattr_max_cnt(c)) { 985 + ubifs_err(c, "Cannot delete inode, it has too much xattrs!"); 986 + err = -EPERM; 987 + ubifs_ro_mode(c, err); 988 + return err; 989 + } 990 + 984 991 /* 985 992 * If the inode is being deleted, do not write the attached data. No 986 993 * need to synchronize the write-buffer either. ··· 1018 1011 struct fscrypt_name nm = {0}; 1019 1012 struct inode *xino; 1020 1013 struct ubifs_dent_node *xent, *pxent = NULL; 1021 - 1022 - if (ui->xattr_cnt > ubifs_xattr_max_cnt(c)) { 1023 - err = -EPERM; 1024 - ubifs_err(c, "Cannot delete inode, it has too much xattrs!"); 1025 - goto out_release; 1026 - } 1027 1014 1028 1015 lowest_xent_key(c, &key, inode->i_ino); 1029 1016 while (1) {
+2 -2
fs/ubifs/lpt_commit.c
··· 577 577 /* Go right */ 578 578 nnode = ubifs_get_nnode(c, nnode, iip); 579 579 if (IS_ERR(nnode)) 580 - return (void *)nnode; 580 + return ERR_CAST(nnode); 581 581 582 582 /* Go down to level 1 */ 583 583 while (nnode->level > 1) { ··· 594 594 } 595 595 nnode = ubifs_get_nnode(c, nnode, iip); 596 596 if (IS_ERR(nnode)) 597 - return (void *)nnode; 597 + return ERR_CAST(nnode); 598 598 } 599 599 600 600 for (iip = 0; iip < UBIFS_LPT_FANOUT; iip++)
+1 -1
fs/ubifs/orphan.c
··· 76 76 else if (inum > o->inum) 77 77 p = &(*p)->rb_right; 78 78 else { 79 - ubifs_err(c, "orphaned twice"); 79 + ubifs_err(c, "ino %lu orphaned twice", (unsigned long)inum); 80 80 spin_unlock(&c->orphan_lock); 81 81 kfree(orphan); 82 82 return -EINVAL;
+5 -3
fs/ubifs/super.c
··· 773 773 * necessary to report something for the 'statfs()' call. 774 774 * 775 775 * Subtract the LEB reserved for GC, the LEB which is reserved for 776 - * deletions, minimum LEBs for the index, and assume only one journal 777 - * head is available. 776 + * deletions, minimum LEBs for the index, the LEBs which are reserved 777 + * for each journal head. 778 778 */ 779 - tmp64 = c->main_lebs - 1 - 1 - MIN_INDEX_LEBS - c->jhead_cnt + 1; 779 + tmp64 = c->main_lebs - 1 - 1 - MIN_INDEX_LEBS - c->jhead_cnt; 780 780 tmp64 *= (long long)c->leb_size - c->leb_overhead; 781 781 tmp64 = ubifs_reported_space(c, tmp64); 782 782 c->block_cnt = tmp64 >> UBIFS_BLOCK_SHIFT; ··· 2206 2206 } 2207 2207 2208 2208 super_set_uuid(sb, c->uuid, sizeof(c->uuid)); 2209 + super_set_sysfs_name_generic(sb, UBIFS_DFS_DIR_NAME, 2210 + c->vi.ubi_num, c->vi.vol_id); 2209 2211 2210 2212 mutex_unlock(&c->umount_mutex); 2211 2213 return 0;
-2
fs/ubifs/tnc.c
··· 2930 2930 dbg_tnc("xent '%s', ino %lu", xent->name, 2931 2931 (unsigned long)xattr_inum); 2932 2932 2933 - ubifs_evict_xattr_inode(c, xattr_inum); 2934 - 2935 2933 fname_name(&nm) = xent->name; 2936 2934 fname_len(&nm) = le16_to_cpu(xent->nlen); 2937 2935 err = ubifs_tnc_remove_nm(c, &key1, &nm);
+2
fs/ubifs/tnc_commit.c
··· 657 657 znode->alt = 0; 658 658 cnext = find_next_dirty(znode); 659 659 if (!cnext) { 660 + ubifs_assert(c, !znode->parent); 661 + znode->cparent = NULL; 660 662 znode->cnext = c->cnext; 661 663 break; 662 664 }
-3
fs/ubifs/ubifs.h
··· 2040 2040 #ifdef CONFIG_UBIFS_FS_XATTR 2041 2041 extern const struct xattr_handler * const ubifs_xattr_handlers[]; 2042 2042 ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size); 2043 - void ubifs_evict_xattr_inode(struct ubifs_info *c, ino_t xattr_inum); 2044 2043 int ubifs_purge_xattrs(struct inode *host); 2045 2044 #else 2046 2045 #define ubifs_listxattr NULL 2047 2046 #define ubifs_xattr_handlers NULL 2048 - static inline void ubifs_evict_xattr_inode(struct ubifs_info *c, 2049 - ino_t xattr_inum) { } 2050 2047 static inline int ubifs_purge_xattrs(struct inode *host) 2051 2048 { 2052 2049 return 0;
+3 -42
fs/ubifs/xattr.c
··· 48 48 #include <linux/slab.h> 49 49 #include <linux/xattr.h> 50 50 51 - /* 52 - * Extended attribute type constants. 53 - * 54 - * USER_XATTR: user extended attribute ("user.*") 55 - * TRUSTED_XATTR: trusted extended attribute ("trusted.*) 56 - * SECURITY_XATTR: security extended attribute ("security.*") 57 - */ 58 - enum { 59 - USER_XATTR, 60 - TRUSTED_XATTR, 61 - SECURITY_XATTR, 62 - }; 63 - 64 51 static const struct inode_operations empty_iops; 65 52 static const struct file_operations empty_fops; 66 53 ··· 519 532 ubifs_err(c, "dead directory entry '%s', error %d", 520 533 xent->name, err); 521 534 ubifs_ro_mode(c, err); 522 - kfree(pxent); 523 - kfree(xent); 524 535 goto out_err; 525 536 } 526 537 ··· 526 541 527 542 clear_nlink(xino); 528 543 err = remove_xattr(c, host, xino, &nm); 544 + iput(xino); 529 545 if (err) { 530 - kfree(pxent); 531 - kfree(xent); 532 - iput(xino); 533 546 ubifs_err(c, "cannot remove xattr, error %d", err); 534 547 goto out_err; 535 548 } 536 - 537 - iput(xino); 538 549 539 550 kfree(pxent); 540 551 pxent = xent; ··· 547 566 return 0; 548 567 549 568 out_err: 569 + kfree(pxent); 570 + kfree(xent); 550 571 up_write(&ubifs_inode(host)->xattr_sem); 551 572 return err; 552 - } 553 - 554 - /** 555 - * ubifs_evict_xattr_inode - Evict an xattr inode. 556 - * @c: UBIFS file-system description object 557 - * @xattr_inum: xattr inode number 558 - * 559 - * When an inode that hosts xattrs is being removed we have to make sure 560 - * that cached inodes of the xattrs also get removed from the inode cache 561 - * otherwise we'd waste memory. This function looks up an inode from the 562 - * inode cache and clears the link counter such that iput() will evict 563 - * the inode. 564 - */ 565 - void ubifs_evict_xattr_inode(struct ubifs_info *c, ino_t xattr_inum) 566 - { 567 - struct inode *inode; 568 - 569 - inode = ilookup(c->vfs_sb, xattr_inum); 570 - if (inode) { 571 - clear_nlink(inode); 572 - iput(inode); 573 - } 574 573 } 575 574 576 575 static int ubifs_xattr_remove(struct inode *host, const char *name)