tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'block-5.17-2022-02-04' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:

- NVMe pull request
- fix use-after-free in rdma and tcp controller reset (Sagi Grimberg)
- fix the state check in nvmf_ctlr_matches_baseopts (Uday Shankar)

- MD nowait null pointer fix (Song)

- blk-integrity seed advance fix (Martin)

- Fix a dio regression in this merge window (Ilya)

* tag 'block-5.17-2022-02-04' of git://git.kernel.dk/linux-block:
block: bio-integrity: Advance seed correctly for larger interval sizes
nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
md: fix NULL pointer deref with nowait but no mddev->queue
block: fix DIO handling regressions in blkdev_read_iter()
nvme-rdma: fix possible use-after-free in transport error_recovery work
nvme-tcp: fix possible use-after-free in transport error_recovery work
nvme: fix a possible use-after-free in controller reset during load

Linus Torvalds 7c4a9459 494a2c2b

+35 -20
+1 -1
block/bio-integrity.c
··· 373 373 struct blk_integrity *bi = blk_get_integrity(bio->bi_bdev->bd_disk); 374 374 unsigned bytes = bio_integrity_bytes(bi, bytes_done >> 9); 375 375 376 - bip->bip_iter.bi_sector += bytes_done >> 9; 376 + bip->bip_iter.bi_sector += bio_integrity_intervals(bi, bytes_done >> 9); 377 377 bvec_iter_advance(bip->bip_vec, &bip->bip_iter, bytes); 378 378 } 379 379
+19 -14
block/fops.c
··· 566 566 { 567 567 struct block_device *bdev = iocb->ki_filp->private_data; 568 568 loff_t size = bdev_nr_bytes(bdev); 569 - size_t count = iov_iter_count(to); 570 569 loff_t pos = iocb->ki_pos; 571 570 size_t shorted = 0; 572 571 ssize_t ret = 0; 572 + size_t count; 573 573 574 - if (unlikely(pos + count > size)) { 574 + if (unlikely(pos + iov_iter_count(to) > size)) { 575 575 if (pos >= size) 576 576 return 0; 577 577 size -= pos; 578 - if (count > size) { 579 - shorted = count - size; 580 - iov_iter_truncate(to, size); 581 - } 578 + shorted = iov_iter_count(to) - size; 579 + iov_iter_truncate(to, size); 582 580 } 581 + 582 + count = iov_iter_count(to); 583 + if (!count) 584 + goto reexpand; /* skip atime */ 583 585 584 586 if (iocb->ki_flags & IOCB_DIRECT) { 585 587 struct address_space *mapping = iocb->ki_filp->f_mapping; 586 588 587 589 if (iocb->ki_flags & IOCB_NOWAIT) { 588 - if (filemap_range_needs_writeback(mapping, iocb->ki_pos, 589 - iocb->ki_pos + count - 1)) 590 - return -EAGAIN; 590 + if (filemap_range_needs_writeback(mapping, pos, 591 + pos + count - 1)) { 592 + ret = -EAGAIN; 593 + goto reexpand; 594 + } 591 595 } else { 592 - ret = filemap_write_and_wait_range(mapping, 593 - iocb->ki_pos, 594 - iocb->ki_pos + count - 1); 596 + ret = filemap_write_and_wait_range(mapping, pos, 597 + pos + count - 1); 595 598 if (ret < 0) 596 - return ret; 599 + goto reexpand; 597 600 } 598 601 599 602 file_accessed(iocb->ki_filp); ··· 606 603 iocb->ki_pos += ret; 607 604 count -= ret; 608 605 } 606 + iov_iter_revert(to, count - iov_iter_count(to)); 609 607 if (ret < 0 || !count) 610 - return ret; 608 + goto reexpand; 611 609 } 612 610 613 611 ret = filemap_read(iocb, to, ret); 614 612 613 + reexpand: 615 614 if (unlikely(shorted)) 616 615 iov_iter_reexpand(to, iov_iter_count(to) + shorted); 617 616 return ret;
+4 -4
drivers/md/md.c
··· 5869 5869 nowait = nowait && blk_queue_nowait(bdev_get_queue(rdev->bdev)); 5870 5870 } 5871 5871 5872 - /* Set the NOWAIT flags if all underlying devices support it */ 5873 - if (nowait) 5874 - blk_queue_flag_set(QUEUE_FLAG_NOWAIT, mddev->queue); 5875 - 5876 5872 if (!bioset_initialized(&mddev->bio_set)) { 5877 5873 err = bioset_init(&mddev->bio_set, BIO_POOL_SIZE, 0, BIOSET_NEED_BVECS); 5878 5874 if (err) ··· 6006 6010 else 6007 6011 blk_queue_flag_clear(QUEUE_FLAG_NONROT, mddev->queue); 6008 6012 blk_queue_flag_set(QUEUE_FLAG_IO_STAT, mddev->queue); 6013 + 6014 + /* Set the NOWAIT flags if all underlying devices support it */ 6015 + if (nowait) 6016 + blk_queue_flag_set(QUEUE_FLAG_NOWAIT, mddev->queue); 6009 6017 } 6010 6018 if (pers->sync_request) { 6011 6019 if (mddev->kobj.sd &&
+8 -1
drivers/nvme/host/core.c
··· 4253 4253 container_of(work, struct nvme_ctrl, async_event_work); 4254 4254 4255 4255 nvme_aen_uevent(ctrl); 4256 - ctrl->ops->submit_async_event(ctrl); 4256 + 4257 + /* 4258 + * The transport drivers must guarantee AER submission here is safe by 4259 + * flushing ctrl async_event_work after changing the controller state 4260 + * from LIVE and before freeing the admin queue. 4261 + */ 4262 + if (ctrl->state == NVME_CTRL_LIVE) 4263 + ctrl->ops->submit_async_event(ctrl); 4257 4264 } 4258 4265 4259 4266 static bool nvme_ctrl_pp_status(struct nvme_ctrl *ctrl)
+1
drivers/nvme/host/fabrics.h
··· 170 170 struct nvmf_ctrl_options *opts) 171 171 { 172 172 if (ctrl->state == NVME_CTRL_DELETING || 173 + ctrl->state == NVME_CTRL_DELETING_NOIO || 173 174 ctrl->state == NVME_CTRL_DEAD || 174 175 strcmp(opts->subsysnqn, ctrl->opts->subsysnqn) || 175 176 strcmp(opts->host->nqn, ctrl->opts->host->nqn) ||
+1
drivers/nvme/host/rdma.c
··· 1200 1200 struct nvme_rdma_ctrl, err_work); 1201 1201 1202 1202 nvme_stop_keep_alive(&ctrl->ctrl); 1203 + flush_work(&ctrl->ctrl.async_event_work); 1203 1204 nvme_rdma_teardown_io_queues(ctrl, false); 1204 1205 nvme_start_queues(&ctrl->ctrl); 1205 1206 nvme_rdma_teardown_admin_queue(ctrl, false);
+1
drivers/nvme/host/tcp.c
··· 2096 2096 struct nvme_ctrl *ctrl = &tcp_ctrl->ctrl; 2097 2097 2098 2098 nvme_stop_keep_alive(ctrl); 2099 + flush_work(&ctrl->async_event_work); 2099 2100 nvme_tcp_teardown_io_queues(ctrl, false); 2100 2101 /* unquiesce to fail fast pending requests */ 2101 2102 nvme_start_queues(ctrl);