# git rev-parse -q --verify 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861^{commit}
# git fetch -q -n -f git://fs.ozlabs.ibm.com/kernel/linus master
# git rev-parse -q --verify 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861^{commit}
64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861
# git checkout -q -f -B kisskb 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861
# git clean -qxdf
# < git log -1
# commit 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861
# Merge: 5d8401be15a9 4eb559dd1567
# Author: Linus Torvalds <torvalds@linux-foundation.org>
# Date:   Fri Nov 4 15:05:42 2022 -0700
# 
#     Merge tag 'xfs-6.1-fixes-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
#     
#     Pull xfs fixes from Darrick Wong:
#      "Dave and I had thought that this would be a very quiet cycle, but we
#       thought wrong.
#     
#       At first there were the usual trickle of minor bugfixes, but then
#       Zorro pulled -rc1 and noticed complaints about the stronger memcpy
#       checks w.r.t. flex arrays.
#     
#       Analyzing how to fix that revealed a bunch of validation gaps in
#       validating ondisk log items during recovery, and then a customer hit
#       an infinite loop in the refcounting code on a corrupt filesystem.
#     
#       So. This largeish batch of fixes addresses all those problems, I hope.
#     
#       Summary:
#     
#        - Fix a UAF bug during log recovery
#     
#        - Fix memory leaks when mount fails
#     
#        - Detect corrupt bestfree information in a directory block
#     
#        - Fix incorrect return value type for the dax page fault handlers
#     
#        - Fix fortify complaints about memcpy of xfs log item objects
#     
#        - Strengthen inadequate validation of recovered log items
#     
#        - Fix incorrectly declared flex array in EFI log item structs
#     
#        - Log corrupt log items for debugging purposes
#     
#        - Fix infinite loop problems in the refcount code if the refcount
#          btree node block keys are corrupt
#     
#        - Fix infinite loop problems in the refcount code if the refcount
#          btree records suffer MSB bitflips
#     
#        - Add more sanity checking to continued defer ops to prevent
#          overflows from one AG to the next or off EOFS"
#     
#     * tag 'xfs-6.1-fixes-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: (28 commits)
#       xfs: rename XFS_REFC_COW_START to _COWFLAG
#       xfs: fix uninitialized list head in struct xfs_refcount_recovery
#       xfs: fix agblocks check in the cow leftover recovery function
#       xfs: check record domain when accessing refcount records
#       xfs: remove XFS_FIND_RCEXT_SHARED and _COW
#       xfs: refactor domain and refcount checking
#       xfs: report refcount domain in tracepoints
#       xfs: track cow/shared record domains explicitly in xfs_refcount_irec
#       xfs: refactor refcount record usage in xchk_refcountbt_rec
#       xfs: dump corrupt recovered log intent items to dmesg consistently
#       xfs: move _irec structs to xfs_types.h
#       xfs: actually abort log recovery on corrupt intent-done log items
#       xfs: check deferred refcount op continuation parameters
#       xfs: refactor all the EFI/EFD log item sizeof logic
#       xfs: create a predicate to verify per-AG extents
#       xfs: fix memcpy fortify errors in EFI log format copying
#       xfs: make sure aglen never goes negative in xfs_refcount_adjust_extents
#       xfs: fix memcpy fortify errors in RUI log format copying
#       xfs: fix memcpy fortify errors in CUI log format copying
#       xfs: fix memcpy fortify errors in BUI log format copying
#       ...
# < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/m68k-linux/bin/m68k-linux-gcc --version
# < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/m68k-linux/bin/m68k-linux-ld --version
# < git log --format=%s --max-count=1 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861
# < make -s -j 120 ARCH=m68k O=/kisskb/build/linus_sun3_defconfig_m68k-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/m68k-linux/bin/m68k-linux-  sun3_defconfig
# < make -s -j 120 ARCH=m68k O=/kisskb/build/linus_sun3_defconfig_m68k-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/m68k-linux/bin/m68k-linux-  help
# make -s -j 120 ARCH=m68k O=/kisskb/build/linus_sun3_defconfig_m68k-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/m68k-linux/bin/m68k-linux-  olddefconfig
# make -s -j 120 ARCH=m68k O=/kisskb/build/linus_sun3_defconfig_m68k-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/m68k-linux/bin/m68k-linux-  
In file included from /kisskb/src/include/linux/string.h:20,
                 from /kisskb/src/include/linux/bitmap.h:11,
                 from /kisskb/src/include/linux/cpumask.h:12,
                 from /kisskb/src/include/linux/mm_types_task.h:14,
                 from /kisskb/src/include/linux/mm_types.h:5,
                 from /kisskb/src/include/linux/buildid.h:5,
                 from /kisskb/src/include/linux/module.h:14,
                 from /kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c:32:
In function 'check586',
    inlined from 'sun3_82586_probe1' at /kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c:365:6,
    inlined from 'sun3_82586_probe' at /kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c:311:8:
/kisskb/src/arch/m68k/include/asm/string.h:68:25: warning: '__builtin_memset' offset [0, 11] is out of the bounds [0, 0] [-Warray-bounds]
   68 | #define memset(d, c, n) __builtin_memset(d, c, n)
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~
/kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c:218:9: note: in expansion of macro 'memset'
  218 |         memset((char *)p->scp,0, sizeof(struct scp_struct));
      |         ^~~~~~
In file included from /kisskb/src/include/linux/swab.h:5,
                 from /kisskb/src/include/uapi/linux/byteorder/big_endian.h:14,
                 from /kisskb/src/include/linux/byteorder/big_endian.h:5,
                 from /kisskb/src/arch/m68k/include/uapi/asm/byteorder.h:5,
                 from /kisskb/src/include/asm-generic/bitops/le.h:6,
                 from /kisskb/src/arch/m68k/include/asm/bitops.h:545,
                 from /kisskb/src/include/linux/bitops.h:68,
                 from /kisskb/src/include/linux/kernel.h:22,
                 from /kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c:31:
/kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c: In function 'sun3_82586_timeout':
/kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c:989:122: warning: array subscript 1 is above array bounds of 'volatile struct transmit_cmd_struct *[1]' [-Warray-bounds]
  989 |                 printk("%s: command-stats: %04x %04x\n",dev->name,swab16(p->xmit_cmds[0]->cmd_status),swab16(p->xmit_cmds[1]->cmd_status));
      |                                                                                                              ~~~~~~~~~~~~^~~
/kisskb/src/include/uapi/linux/swab.h:107:19: note: in definition of macro '__swab16'
  107 |         __fswab16(x))
      |                   ^
/kisskb/src/include/linux/printk.h:457:26: note: in expansion of macro 'printk_index_wrap'
  457 | #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
      |                          ^~~~~~~~~~~~~~~~~
/kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c:989:17: note: in expansion of macro 'printk'
  989 |                 printk("%s: command-stats: %04x %04x\n",dev->name,swab16(p->xmit_cmds[0]->cmd_status),swab16(p->xmit_cmds[1]->cmd_status));
      |                 ^~~~~~
/kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c:155:46: note: while referencing 'xmit_cmds'
  155 |         volatile struct transmit_cmd_struct *xmit_cmds[NUM_XMIT_BUFFS];
      |                                              ^~~~~~~~~
Completed OK
# rm -rf /kisskb/build/linus_sun3_defconfig_m68k-gcc11
# Build took: 0:01:30.154236