<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-rng/fs/ceph, branch master</title>
<subtitle>Development tree for the kernel CSPRNG</subtitle>
<id>https://git.zx2c4.com/linux-rng/atom/fs/ceph?h=master</id>
<link rel='self' href='https://git.zx2c4.com/linux-rng/atom/fs/ceph?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/'/>
<updated>2025-12-01T17:20:51Z</updated>
<entry>
<title>Merge tag 'vfs-6.19-rc1.writeback' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs</title>
<updated>2025-12-01T17:20:51Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2025-12-01T17:20:51Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=ebaeabfa5ab711a9b69b686d58329e258fdae75f'/>
<id>urn:sha1:ebaeabfa5ab711a9b69b686d58329e258fdae75f</id>
<content type='text'>
Pull writeback updates from Christian Brauner:
 "Features:

   - Allow file systems to increase the minimum writeback chunk size.

     The relatively low minimal writeback size of 4MiB means that
     written back inodes on rotational media are switched a lot. Besides
     introducing additional seeks, this also can lead to extreme file
     fragmentation on zoned devices when a lot of files are cached
     relative to the available writeback bandwidth.

     This adds a superblock field that allows the file system to
     override the default size, and sets it to the zone size for zoned
     XFS.

   - Add logging for slow writeback when it exceeds
     sysctl_hung_task_timeout_secs. This helps identify tasks waiting
     for a long time and pinpoint potential issues. Recording the
     starting jiffies is also useful when debugging a crashed vmcore.

   - Wake up waiting tasks when finishing the writeback of a chunk

  Cleanups:

   - filemap_* writeback interface cleanups.

     Adding filemap_fdatawrite_wbc ended up being a mistake, as all but
     the original btrfs caller should be using better high level
     interfaces instead.

     This series removes all these low-level interfaces, switches btrfs
     to a more specific interface, and cleans up other too low-level
     interfaces. With this the writeback_control that is passed to the
     writeback code is only initialized in three places.

   - Remove __filemap_fdatawrite, __filemap_fdatawrite_range, and
     filemap_fdatawrite_wbc

   - Add filemap_flush_nr helper for btrfs

   - Push struct writeback_control into start_delalloc_inodes in btrfs

   - Rename filemap_fdatawrite_range_kick to filemap_flush_range

   - Stop opencoding filemap_fdatawrite_range in 9p, ocfs2, and mm

   - Make wbc_to_tag() inline and use it in fs"

* tag 'vfs-6.19-rc1.writeback' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
  fs: Make wbc_to_tag() inline and use it in fs.
  xfs: set s_min_writeback_pages for zoned file systems
  writeback: allow the file system to override MIN_WRITEBACK_PAGES
  writeback: cleanup writeback_chunk_size
  mm: rename filemap_fdatawrite_range_kick to filemap_flush_range
  mm: remove __filemap_fdatawrite_range
  mm: remove filemap_fdatawrite_wbc
  mm: remove __filemap_fdatawrite
  mm,btrfs: add a filemap_flush_nr helper
  btrfs: push struct writeback_control into start_delalloc_inodes
  btrfs: use the local tmp_inode variable in start_delalloc_inodes
  ocfs2: don't opencode filemap_fdatawrite_range in ocfs2_journal_submit_inode_data_buffers
  9p: don't opencode filemap_fdatawrite_range in v9fs_mmap_vm_close
  mm: don't opencode filemap_fdatawrite_range in filemap_invalidate_inode
  writeback: Add logging for slow writeback (exceeds sysctl_hung_task_timeout_secs)
  writeback: Wake up waiting tasks when finishing the writeback of a chunk.
</content>
</entry>
<entry>
<title>Merge tag 'vfs-6.19-rc1.inode' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs</title>
<updated>2025-12-01T17:02:34Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2025-12-01T17:02:34Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=9368f0f9419cde028a6e58331065900ff089bc36'/>
<id>urn:sha1:9368f0f9419cde028a6e58331065900ff089bc36</id>
<content type='text'>
Pull vfs inode updates from Christian Brauner:
 "Features:

   - Hide inode-&gt;i_state behind accessors. Open-coded accesses prevent
     asserting they are done correctly. One obvious aspect is locking,
     but significantly more can be checked. For example it can be
     detected when the code is clearing flags which are already missing,
     or is setting flags when it is illegal (e.g., I_FREEING when
     -&gt;i_count &gt; 0)

   - Provide accessors for -&gt;i_state, converts all filesystems using
     coccinelle and manual conversions (btrfs, ceph, smb, f2fs, gfs2,
     overlayfs, nilfs2, xfs), and makes plain -&gt;i_state access fail to
     compile

   - Rework I_NEW handling to operate without fences, simplifying the
     code after the accessor infrastructure is in place

  Cleanups:

   - Move wait_on_inode() from writeback.h to fs.h

   - Spell out fenced -&gt;i_state accesses with explicit smp_wmb/smp_rmb
     for clarity

   - Cosmetic fixes to LRU handling

   - Push list presence check into inode_io_list_del()

   - Touch up predicts in __d_lookup_rcu()

   - ocfs2: retire ocfs2_drop_inode() and I_WILL_FREE usage

   - Assert on -&gt;i_count in iput_final()

   - Assert -&gt;i_lock held in __iget()

  Fixes:

   - Add missing fences to I_NEW handling"

* tag 'vfs-6.19-rc1.inode' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (22 commits)
  dcache: touch up predicts in __d_lookup_rcu()
  fs: push list presence check into inode_io_list_del()
  fs: cosmetic fixes to lru handling
  fs: rework I_NEW handling to operate without fences
  fs: make plain -&gt;i_state access fail to compile
  xfs: use the new -&gt;i_state accessors
  nilfs2: use the new -&gt;i_state accessors
  overlayfs: use the new -&gt;i_state accessors
  gfs2: use the new -&gt;i_state accessors
  f2fs: use the new -&gt;i_state accessors
  smb: use the new -&gt;i_state accessors
  ceph: use the new -&gt;i_state accessors
  btrfs: use the new -&gt;i_state accessors
  Manual conversion to use -&gt;i_state accessors of all places not covered by coccinelle
  Coccinelle-based conversion to use -&gt;i_state accessors
  fs: provide accessors for -&gt;i_state
  fs: spell out fenced -&gt;i_state accesses with explicit smp_wmb/smp_rmb
  fs: move wait_on_inode() from writeback.h to fs.h
  fs: add missing fences to I_NEW handling
  ocfs2: retire ocfs2_drop_inode() and I_WILL_FREE usage
  ...
</content>
</entry>
<entry>
<title>libceph: drop started parameter of __ceph_open_session()</title>
<updated>2025-11-26T22:29:11Z</updated>
<author>
<name>Ilya Dryomov</name>
<email>idryomov@gmail.com</email>
</author>
<published>2025-11-03T20:34:01Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=85f5491d9c6e9662653c8e6e7b70637b98537ecc'/>
<id>urn:sha1:85f5491d9c6e9662653c8e6e7b70637b98537ecc</id>
<content type='text'>
With the previous commit revamping the timeout handling, started isn't
used anymore.  It could be taken into account by adjusting the initial
value of the timeout, but there is little point as both callers capture
the timestamp shortly before calling __ceph_open_session() -- the only
thing of note that happens in the interim is taking client-&gt;mount_mutex
and that isn't expected to take multiple seconds.

Signed-off-by: Ilya Dryomov &lt;idryomov@gmail.com&gt;
Reviewed-by: Viacheslav Dubeyko &lt;Slava.Dubeyko@ibm.com&gt;
</content>
</entry>
<entry>
<title>fs: Make wbc_to_tag() inline and use it in fs.</title>
<updated>2025-10-29T22:33:48Z</updated>
<author>
<name>Julian Sun</name>
<email>sunjunchao@bytedance.com</email>
</author>
<published>2025-09-29T11:13:49Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=4952f35f0545f3b53dab8d5fd727c4827c2a2778'/>
<id>urn:sha1:4952f35f0545f3b53dab8d5fd727c4827c2a2778</id>
<content type='text'>
The logic in wbc_to_tag() is widely used in file systems, so modify this
function to be inline and use it in file systems.

This patch has only passed compilation tests, but it should be fine.

Signed-off-by: Julian Sun &lt;sunjunchao@bytedance.com&gt;
Reviewed-by: Qu Wenruo &lt;wqu@suse.com&gt;
Reviewed-by: Jan Kara &lt;jack@suse.cz&gt;
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
</entry>
<entry>
<title>ceph: use the new -&gt;i_state accessors</title>
<updated>2025-10-20T18:22:27Z</updated>
<author>
<name>Mateusz Guzik</name>
<email>mjguzik@gmail.com</email>
</author>
<published>2025-10-09T07:59:21Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=fa49168ea091b5ede628debe9fa0ff7af770e108'/>
<id>urn:sha1:fa49168ea091b5ede628debe9fa0ff7af770e108</id>
<content type='text'>
Change generated with coccinelle and fixed up by hand as appropriate.

Signed-off-by: Mateusz Guzik &lt;mjguzik@gmail.com&gt;
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
</entry>
<entry>
<title>Merge tag 'ceph-for-6.18-rc1' of https://github.com/ceph/ceph-client</title>
<updated>2025-10-10T18:30:19Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2025-10-10T18:30:19Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=8bd9238e511d02831022ff0270865c54ccc482d6'/>
<id>urn:sha1:8bd9238e511d02831022ff0270865c54ccc482d6</id>
<content type='text'>
Pull ceph updates from Ilya Dryomov:

 - some messenger improvements (Eric and Max)

 - address an issue (also affected userspace) of incorrect permissions
   being granted to users who have access to multiple different CephFS
   instances within the same cluster (Kotresh)

 - a bunch of assorted CephFS fixes (Slava)

* tag 'ceph-for-6.18-rc1' of https://github.com/ceph/ceph-client:
  ceph: add bug tracking system info to MAINTAINERS
  ceph: fix multifs mds auth caps issue
  ceph: cleanup in ceph_alloc_readdir_reply_buffer()
  ceph: fix potential NULL dereference issue in ceph_fill_trace()
  libceph: add empty check to ceph_con_get_out_msg()
  libceph: pass the message pointer instead of loading con-&gt;out_msg
  libceph: make ceph_con_get_out_msg() return the message pointer
  ceph: fix potential race condition on operations with CEPH_I_ODIRECT flag
  ceph: refactor wake_up_bit() pattern of calling
  ceph: fix potential race condition in ceph_ioctl_lazyio()
  ceph: fix overflowed constant issue in ceph_do_objects_copy()
  ceph: fix wrong sizeof argument issue in register_session()
  ceph: add checking of wait_for_completion_killable() return value
  ceph: make ceph_start_io_*() killable
  libceph: Use HMAC-SHA256 library instead of crypto_shash
</content>
</entry>
<entry>
<title>ceph: fix multifs mds auth caps issue</title>
<updated>2025-10-08T21:30:47Z</updated>
<author>
<name>Kotresh HR</name>
<email>khiremat@redhat.com</email>
</author>
<published>2025-09-11T09:32:35Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=22c73d52a6d05c5a2053385c0d6cd9984732799d'/>
<id>urn:sha1:22c73d52a6d05c5a2053385c0d6cd9984732799d</id>
<content type='text'>
The mds auth caps check should also validate the
fsname along with the associated caps. Not doing
so would result in applying the mds auth caps of
one fs on to the other fs in a multifs ceph cluster.
The bug causes multiple issues w.r.t user
authentication, following is one such example.

Steps to Reproduce (on vstart cluster):
1. Create two file systems in a cluster, say 'fsname1' and 'fsname2'
2. Authorize read only permission to the user 'client.usr' on fs 'fsname1'
    $ceph fs authorize fsname1 client.usr / r
3. Authorize read and write permission to the same user 'client.usr' on fs 'fsname2'
    $ceph fs authorize fsname2 client.usr / rw
4. Update the keyring
    $ceph auth get client.usr &gt;&gt; ./keyring

With above permssions for the user 'client.usr', following is the
expectation.
  a. The 'client.usr' should be able to only read the contents
     and not allowed to create or delete files on file system 'fsname1'.
  b. The 'client.usr' should be able to read/write on file system 'fsname2'.

But, with this bug, the 'client.usr' is allowed to read/write on file
system 'fsname1'. See below.

5. Mount the file system 'fsname1' with the user 'client.usr'
     $sudo bin/mount.ceph usr@.fsname1=/ /kmnt_fsname1_usr/
6. Try creating a file on file system 'fsname1' with user 'client.usr'. This
   should fail but passes with this bug.
     $touch /kmnt_fsname1_usr/file1
7. Mount the file system 'fsname1' with the user 'client.admin' and create a
   file.
     $sudo bin/mount.ceph admin@.fsname1=/ /kmnt_fsname1_admin
     $echo "data" &gt; /kmnt_fsname1_admin/admin_file1
8. Try removing an existing file on file system 'fsname1' with the user
   'client.usr'. This shoudn't succeed but succeeds with the bug.
     $rm -f /kmnt_fsname1_usr/admin_file1

For more information, please take a look at the corresponding mds/fuse patch
and tests added by looking into the tracker mentioned below.

v2: Fix a possible null dereference in doutc
v3: Don't store fsname from mdsmap, validate against
    ceph_mount_options's fsname and use it
v4: Code refactor, better warning message and
    fix possible compiler warning

[ Slava.Dubeyko: "fsname check failed" -&gt; "fsname mismatch" ]

Link: https://tracker.ceph.com/issues/72167
Signed-off-by: Kotresh HR &lt;khiremat@redhat.com&gt;
Reviewed-by: Viacheslav Dubeyko &lt;Slava.Dubeyko@ibm.com&gt;
Signed-off-by: Ilya Dryomov &lt;idryomov@gmail.com&gt;
</content>
</entry>
<entry>
<title>ceph: cleanup in ceph_alloc_readdir_reply_buffer()</title>
<updated>2025-10-08T21:30:47Z</updated>
<author>
<name>Viacheslav Dubeyko</name>
<email>Slava.Dubeyko@ibm.com</email>
</author>
<published>2025-09-02T19:08:45Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=c66120c84295a0495eb46dcfba829457acd6ef7d'/>
<id>urn:sha1:c66120c84295a0495eb46dcfba829457acd6ef7d</id>
<content type='text'>
The Coverity Scan service has reported potential issue
in ceph_alloc_readdir_reply_buffer() [1]. If order could
be negative one, then it expects the issue in the logic:

num_entries = (PAGE_SIZE &lt;&lt; order) / size;

Technically speaking, this logic [2] should prevent from
making the order variable negative:

if (!rinfo-&gt;dir_entries)
    return -ENOMEM;

However, the allocation logic requires some cleanup.
This patch makes sure that calculated bytes count
will never exceed ULONG_MAX before get_order()
calculation. And it adds the checking of order
variable on negative value to guarantee that second
half of the function's code will never operate by
negative value of order variable even if something
will be wrong or to be changed in the first half of
the function's logic.

v2
Alex Markuze suggested to add unlikely() macro
for introduced condition checks.

[1] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1198252
[2] https://elixir.bootlin.com/linux/v6.17-rc3/source/fs/ceph/mds_client.c#L2553

Signed-off-by: Viacheslav Dubeyko &lt;Slava.Dubeyko@ibm.com&gt;
Reviewed-by: Alex Markuze &lt;amarkuze@redhat.com&gt;
Signed-off-by: Ilya Dryomov &lt;idryomov@gmail.com&gt;
</content>
</entry>
<entry>
<title>ceph: fix potential NULL dereference issue in ceph_fill_trace()</title>
<updated>2025-10-08T21:30:47Z</updated>
<author>
<name>Viacheslav Dubeyko</name>
<email>Slava.Dubeyko@ibm.com</email>
</author>
<published>2025-08-28T18:44:42Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=98a2850de49c10a1a09642e17978b925f95e6029'/>
<id>urn:sha1:98a2850de49c10a1a09642e17978b925f95e6029</id>
<content type='text'>
The Coverity Scan service has detected a potential dereference of
an explicit NULL value in ceph_fill_trace() [1].

The variable in is declared in the beggining of
ceph_fill_trace() [2]:

struct inode *in = NULL;

However, the initialization of the variable is happening under
condition [3]:

if (rinfo-&gt;head-&gt;is_target) {
    &lt;skipped&gt;
    in = req-&gt;r_target_inode;
    &lt;skipped&gt;
}

Potentially, if rinfo-&gt;head-&gt;is_target == FALSE, then
in variable continues to be NULL and later the dereference of
NULL value could happen in ceph_fill_trace() logic [4,5]:

else if ((req-&gt;r_op == CEPH_MDS_OP_LOOKUPSNAP ||
            req-&gt;r_op == CEPH_MDS_OP_MKSNAP) &amp;&amp;
            test_bit(CEPH_MDS_R_PARENT_LOCKED, &amp;req-&gt;r_req_flags) &amp;&amp;
             !test_bit(CEPH_MDS_R_ABORTED, &amp;req-&gt;r_req_flags)) {
&lt;skipped&gt;
     ihold(in);
     err = splice_dentry(&amp;req-&gt;r_dentry, in);
     if (err &lt; 0)
         goto done;
}

This patch adds the checking of in variable for NULL value
and it returns -EINVAL error code if it has NULL value.

v2
Alex Markuze suggested to add unlikely macro
in the checking condition.

[1] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1141197
[2] https://elixir.bootlin.com/linux/v6.17-rc3/source/fs/ceph/inode.c#L1522
[3] https://elixir.bootlin.com/linux/v6.17-rc3/source/fs/ceph/inode.c#L1629
[4] https://elixir.bootlin.com/linux/v6.17-rc3/source/fs/ceph/inode.c#L1745
[5] https://elixir.bootlin.com/linux/v6.17-rc3/source/fs/ceph/inode.c#L1777

Signed-off-by: Viacheslav Dubeyko &lt;Slava.Dubeyko@ibm.com&gt;
Reviewed-by: Alex Markuze &lt;amarkuze@redhat.com&gt;
Signed-off-by: Ilya Dryomov &lt;idryomov@gmail.com&gt;
</content>
</entry>
<entry>
<title>ceph: fix potential race condition on operations with CEPH_I_ODIRECT flag</title>
<updated>2025-10-08T21:30:46Z</updated>
<author>
<name>Viacheslav Dubeyko</name>
<email>Slava.Dubeyko@ibm.com</email>
</author>
<published>2025-07-16T18:40:49Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=fbeafe782bd986bf75544526fb9c0284e045e0a4'/>
<id>urn:sha1:fbeafe782bd986bf75544526fb9c0284e045e0a4</id>
<content type='text'>
The Coverity Scan service has detected potential
race conditions in ceph_block_o_direct(), ceph_start_io_read(),
ceph_block_buffered(), and ceph_start_io_direct() [1 - 4].

The CID 1590942, 1590665, 1589664, 1590377 contain explanation:
"The value of the shared data will be determined by
the interleaving of thread execution. Thread shared data is accessed
without holding an appropriate lock, possibly causing
a race condition (CWE-366)".

This patch reworks the pattern of accessing/modification of
CEPH_I_ODIRECT flag by means of adding smp_mb__before_atomic()
before reading the status of CEPH_I_ODIRECT flag and
smp_mb__after_atomic() after clearing set/clear this flag.
Also, it was reworked the pattern of using of ci-&gt;i_ceph_lock
in ceph_block_o_direct(), ceph_start_io_read(),
ceph_block_buffered(), and ceph_start_io_direct() methods.

[1] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1590942
[2] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1590665
[3] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1589664
[4] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1590377

Signed-off-by: Viacheslav Dubeyko &lt;Slava.Dubeyko@ibm.com&gt;
Reviewed-by: Alex Markuze &lt;amarkuze@redhat.com&gt;
Signed-off-by: Ilya Dryomov &lt;idryomov@gmail.com&gt;
</content>
</entry>
</feed>
