linux-dev/fs/jffs2, branch master Linux kernel development work - see feature branches https://git.zx2c4.com/linux-dev/atom/fs/jffs2?h=master 2022-09-21T08:38:07Z mtd: always initialize 'stats' in struct mtd_oob_ops 2022-09-21T08:38:07Z Michał Kępień kernel@kempniu.pl 2022-06-29T12:57:35Z urn:sha1:745df17906029cc683b8b5ac8bcb08f82860baff As the 'stats' field in struct mtd_oob_ops is used in conditional expressions, ensure it is always zero-initialized in all such structures to prevent random stack garbage from being interpreted as a pointer. Strictly speaking, this problem currently only needs to be fixed for struct mtd_oob_ops structures subsequently passed to mtd_read_oob(). However, this commit goes a step further and makes all instances of struct mtd_oob_ops in the tree zero-initialized, in hope of preventing future problems, e.g. if struct mtd_req_stats gets extended with write statistics at some point. Signed-off-by: Michał Kępień <kernel@kempniu.pl> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20220629125737.14418-3-kernel@kempniu.pl Merge tag 'for-linus-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs 2022-06-03T21:42:24Z Linus Torvalds torvalds@linux-foundation.org 2022-06-03T21:42:24Z urn:sha1:744983d8784214c4f184be7448efb216315b48ae Pull JFFS2, UBI and UBIFS updates from Richard Weinberger: "JFFS2: - Fixes for a memory leak UBI: - Fixes for fastmap (UAF, high CPU usage) UBIFS: - Minor cleanups" * tag 'for-linus-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs: ubi: ubi_create_volume: Fix use-after-free when volume creation failed ubi: fastmap: Check wl_pool for free peb before wear leveling ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty ubifs: Use NULL instead of using plain integer as pointer ubifs: Simplify the return expression of run_gc() jffs2: fix memory leak in jffs2_do_fill_super jffs2: Use kzalloc instead of kmalloc/memset jffs2: fix memory leak in jffs2_do_fill_super 2022-05-27T14:17:11Z Baokun Li libaokun1@huawei.com 2022-04-12T09:38:16Z urn:sha1:c14adb1cf70a984ed081c67e9d27bc3caad9537c If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object 0xffff888105a65340 (size 64): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff859c45e5>] kmem_cache_alloc_trace+0x475/0x8a0 [<ffffffff86160146>] jffs2_sum_init+0x96/0x1a0 [<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120 [<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810 [<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0 [...] unreferenced object 0xffff8881bd7f0000 (size 65536): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ backtrace: [<ffffffff858579ba>] kmalloc_order+0xda/0x110 [<ffffffff85857a11>] kmalloc_order_trace+0x21/0x130 [<ffffffff859c2ed1>] __kmalloc+0x711/0x8a0 [<ffffffff86160189>] jffs2_sum_init+0xd9/0x1a0 [<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120 [<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810 [<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0 [...] -------------------------------------------- This is because the resources allocated in jffs2_sum_init() are not released. Call jffs2_sum_exit() to release these resources to solve the problem. Fixes: e631ddba5887 ("[JFFS2] Add erase block summary support (mount time improvement)") Signed-off-by: Baokun Li <libaokun1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at> jffs2: Use kzalloc instead of kmalloc/memset 2022-05-27T14:12:55Z Haowen Bai baihaowen@meizu.com 2022-04-18T10:18:07Z urn:sha1:22abf318c35bcf642625e4eff56cfec1df361f3b Use kzalloc rather than duplicating its implementation, which makes code simple and easy to understand. Signed-off-by: Haowen Bai <baihaowen@meizu.com> [rw: Fixed printk string] Signed-off-by: Richard Weinberger <richard@nod.at> fs: Change the type of filler_t 2022-05-09T20:36:48Z Matthew Wilcox (Oracle) willy@infradead.org 2022-05-02T01:39:29Z urn:sha1:e9b5b23e957ef9260fec811d8d8081125889308a By making filler_t the same as read_folio, we can use the same function for both in gfs2. We can push the use of folios down one more level in jffs2 and nfs. We also increase type safety for future users of the various read_cache_page() family of functions by forcing the parameter to be a pointer to struct file (or NULL). Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Andreas Gruenbacher <agruenba@redhat.com> jffs2: Pass the file pointer to jffs2_do_readpage_unlock() 2022-05-09T20:28:41Z Matthew Wilcox (Oracle) willy@infradead.org 2022-05-01T23:39:03Z urn:sha1:2294f9b8793d02b265423207e55ce5b26d8960cd In preparation for unifying the read_cache_page() and read_folio() implementations, make jffs2_do_readpage_unlock() get the inode from the page instead of passing it in from read_cache_page(). Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Christoph Hellwig <hch@lst.de> jffs2: Convert jffs2 to read_folio 2022-05-09T20:21:45Z Matthew Wilcox (Oracle) willy@infradead.org 2022-04-29T15:12:16Z urn:sha1:75a47803b8e118a2af4f9498acd40d9b4d4b0dff This is a "weak" conversion which converts straight back to using pages. A full conversion should be performed at some point, hopefully by someone familiar with the filesystem. Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> fs: Remove flags parameter from aops->write_begin 2022-05-08T18:28:19Z Matthew Wilcox (Oracle) willy@infradead.org 2022-02-22T19:31:43Z urn:sha1:9d6b0cd7579844761ed68926eb3073bab1dca87b There are no more aop flags left, so remove the parameter. Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Christoph Hellwig <hch@lst.de> fs: Remove aop flags parameter from grab_cache_page_write_begin() 2022-05-08T18:28:19Z Matthew Wilcox (Oracle) willy@infradead.org 2022-02-22T16:25:12Z urn:sha1:b7446e7cf15f0926866c8e5de90ab278998bf8c8 There are no more aop flags left, so remove the parameter. Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Merge tag 'for-linus-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs 2022-03-31T23:09:41Z Linus Torvalds torvalds@linux-foundation.org 2022-03-31T23:09:41Z urn:sha1:a87a08e3bf2decaed29c4dfde3916676f9b966a8 Pull JFFS2, UBI and UBIFS updates from Richard Weinberger: "JFFS2: - Fixes for various memory issues UBI: - Fix for a race condition in cdev ioctl handler UBIFS: - Fixes for O_TMPFILE and whiteout handling - Fixes for various memory issues" * tag 'for-linus-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs: ubifs: rename_whiteout: correct old_dir size computing jffs2: fix memory leak in jffs2_scan_medium jffs2: fix memory leak in jffs2_do_mount_fs jffs2: fix use-after-free in jffs2_clear_xattr_subsystem fs/jffs2: fix comments mentioning i_mutex ubi: fastmap: Return error code if memory allocation fails in add_aeb() ubifs: Fix to add refcount once page is set private ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() ubifs: setflags: Make dirtied_ino_d 8 bytes aligned ubifs: Rectify space amount budget for mkdir/tmpfile operations ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work ubifs: Rename whiteout atomically ubifs: Add missing iput if do_tmpfile() failed in rename whiteout ubifs: Fix wrong number of inodes locked by ui_mutex in ubifs_inode comment ubifs: Fix deadlock in concurrent rename whiteout and inode writeback ubifs: rename_whiteout: Fix double free for whiteout_ui->data ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl