Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'block-6.16-20250710' of git://git.kernel.dk/linux

Pull block fixes from Jens Axboe:

- MD changes via Yu:
- fix UAF due to stack memory used for bio mempool (Jinchao)
- fix raid10/raid1 nowait IO error path (Nigel and Qixing)
- fix kernel crash from reading bitmap sysfs entry (Håkon)

- Fix for a UAF in the nbd connect error path

- Fix for blocksize being bigger than pagesize, if THP isn't enabled

* tag 'block-6.16-20250710' of git://git.kernel.dk/linux:
block: reject bs > ps block devices when THP is disabled
nbd: fix uaf in nbd_genl_connect() error path
md/md-bitmap: fix GPF in bitmap_get_stats()
md/raid1,raid10: strip REQ_NOWAIT from member bios
raid10: cleanup memleak at raid10_make_request
md/raid1: Fix stack memory use after return in raid1_reshape

+22 -8
+3 -3
drivers/block/nbd.c
··· 2198 2198 goto out; 2199 2199 } 2200 2200 } 2201 - ret = nbd_start_device(nbd); 2202 - if (ret) 2203 - goto out; 2201 + 2204 2202 if (info->attrs[NBD_ATTR_BACKEND_IDENTIFIER]) { 2205 2203 nbd->backend = nla_strdup(info->attrs[NBD_ATTR_BACKEND_IDENTIFIER], 2206 2204 GFP_KERNEL); ··· 2214 2216 goto out; 2215 2217 } 2216 2218 set_bit(NBD_RT_HAS_BACKEND_FILE, &config->runtime_flags); 2219 + 2220 + ret = nbd_start_device(nbd); 2217 2221 out: 2218 2222 mutex_unlock(&nbd->config_lock); 2219 2223 if (!ret) {
+1 -2
drivers/md/md-bitmap.c
··· 2366 2366 2367 2367 if (!bitmap) 2368 2368 return -ENOENT; 2369 - if (!bitmap->mddev->bitmap_info.external && 2370 - !bitmap->storage.sb_page) 2369 + if (!bitmap->storage.sb_page) 2371 2370 return -EINVAL; 2372 2371 sb = kmap_local_page(bitmap->storage.sb_page); 2373 2372 stats->sync_size = le64_to_cpu(sb->sync_size);
+3 -1
drivers/md/raid1.c
··· 1399 1399 } 1400 1400 read_bio = bio_alloc_clone(mirror->rdev->bdev, bio, gfp, 1401 1401 &mddev->bio_set); 1402 - 1402 + read_bio->bi_opf &= ~REQ_NOWAIT; 1403 1403 r1_bio->bios[rdisk] = read_bio; 1404 1404 1405 1405 read_bio->bi_iter.bi_sector = r1_bio->sector + ··· 1649 1649 wait_for_serialization(rdev, r1_bio); 1650 1650 } 1651 1651 1652 + mbio->bi_opf &= ~REQ_NOWAIT; 1652 1653 r1_bio->bios[i] = mbio; 1653 1654 1654 1655 mbio->bi_iter.bi_sector = (r1_bio->sector + rdev->data_offset); ··· 3429 3428 /* ok, everything is stopped */ 3430 3429 oldpool = conf->r1bio_pool; 3431 3430 conf->r1bio_pool = newpool; 3431 + init_waitqueue_head(&conf->r1bio_pool.wait); 3432 3432 3433 3433 for (d = d2 = 0; d < conf->raid_disks; d++) { 3434 3434 struct md_rdev *rdev = conf->mirrors[d].rdev;
+10 -2
drivers/md/raid10.c
··· 1182 1182 } 1183 1183 } 1184 1184 1185 - if (!regular_request_wait(mddev, conf, bio, r10_bio->sectors)) 1185 + if (!regular_request_wait(mddev, conf, bio, r10_bio->sectors)) { 1186 + raid_end_bio_io(r10_bio); 1186 1187 return; 1188 + } 1189 + 1187 1190 rdev = read_balance(conf, r10_bio, &max_sectors); 1188 1191 if (!rdev) { 1189 1192 if (err_rdev) { ··· 1224 1221 r10_bio->master_bio = bio; 1225 1222 } 1226 1223 read_bio = bio_alloc_clone(rdev->bdev, bio, gfp, &mddev->bio_set); 1224 + read_bio->bi_opf &= ~REQ_NOWAIT; 1227 1225 1228 1226 r10_bio->devs[slot].bio = read_bio; 1229 1227 r10_bio->devs[slot].rdev = rdev; ··· 1260 1256 conf->mirrors[devnum].rdev; 1261 1257 1262 1258 mbio = bio_alloc_clone(rdev->bdev, bio, GFP_NOIO, &mddev->bio_set); 1259 + mbio->bi_opf &= ~REQ_NOWAIT; 1263 1260 if (replacement) 1264 1261 r10_bio->devs[n_copy].repl_bio = mbio; 1265 1262 else ··· 1375 1370 } 1376 1371 1377 1372 sectors = r10_bio->sectors; 1378 - if (!regular_request_wait(mddev, conf, bio, sectors)) 1373 + if (!regular_request_wait(mddev, conf, bio, sectors)) { 1374 + raid_end_bio_io(r10_bio); 1379 1375 return; 1376 + } 1377 + 1380 1378 if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery) && 1381 1379 (mddev->reshape_backwards 1382 1380 ? (bio->bi_iter.bi_sector < conf->reshape_safe &&
+5
include/linux/blkdev.h
··· 269 269 return MKDEV(disk->major, disk->first_minor); 270 270 } 271 271 272 + #ifdef CONFIG_TRANSPARENT_HUGEPAGE 272 273 /* 273 274 * We should strive for 1 << (PAGE_SHIFT + MAX_PAGECACHE_ORDER) 274 275 * however we constrain this to what we can validate and test. 275 276 */ 276 277 #define BLK_MAX_BLOCK_SIZE SZ_64K 278 + #else 279 + #define BLK_MAX_BLOCK_SIZE PAGE_SIZE 280 + #endif 281 + 277 282 278 283 /* blk_validate_limits() validates bsize, so drivers don't usually need to */ 279 284 static inline int blk_validate_block_size(unsigned long bsize)