# git rev-parse -q --verify 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861^{commit} 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861 already have revision, skipping fetch # git checkout -q -f -B kisskb 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861 # git clean -qxdf # < git log -1 # commit 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861 # Merge: 5d8401be15a9 4eb559dd1567 # Author: Linus Torvalds # Date: Fri Nov 4 15:05:42 2022 -0700 # # Merge tag 'xfs-6.1-fixes-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux # # Pull xfs fixes from Darrick Wong: # "Dave and I had thought that this would be a very quiet cycle, but we # thought wrong. # # At first there were the usual trickle of minor bugfixes, but then # Zorro pulled -rc1 and noticed complaints about the stronger memcpy # checks w.r.t. flex arrays. # # Analyzing how to fix that revealed a bunch of validation gaps in # validating ondisk log items during recovery, and then a customer hit # an infinite loop in the refcounting code on a corrupt filesystem. # # So. This largeish batch of fixes addresses all those problems, I hope. # # Summary: # # - Fix a UAF bug during log recovery # # - Fix memory leaks when mount fails # # - Detect corrupt bestfree information in a directory block # # - Fix incorrect return value type for the dax page fault handlers # # - Fix fortify complaints about memcpy of xfs log item objects # # - Strengthen inadequate validation of recovered log items # # - Fix incorrectly declared flex array in EFI log item structs # # - Log corrupt log items for debugging purposes # # - Fix infinite loop problems in the refcount code if the refcount # btree node block keys are corrupt # # - Fix infinite loop problems in the refcount code if the refcount # btree records suffer MSB bitflips # # - Add more sanity checking to continued defer ops to prevent # overflows from one AG to the next or off EOFS" # # * tag 'xfs-6.1-fixes-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: (28 commits) # xfs: rename XFS_REFC_COW_START to _COWFLAG # xfs: fix uninitialized list head in struct xfs_refcount_recovery # xfs: fix agblocks check in the cow leftover recovery function # xfs: check record domain when accessing refcount records # xfs: remove XFS_FIND_RCEXT_SHARED and _COW # xfs: refactor domain and refcount checking # xfs: report refcount domain in tracepoints # xfs: track cow/shared record domains explicitly in xfs_refcount_irec # xfs: refactor refcount record usage in xchk_refcountbt_rec # xfs: dump corrupt recovered log intent items to dmesg consistently # xfs: move _irec structs to xfs_types.h # xfs: actually abort log recovery on corrupt intent-done log items # xfs: check deferred refcount op continuation parameters # xfs: refactor all the EFI/EFD log item sizeof logic # xfs: create a predicate to verify per-AG extents # xfs: fix memcpy fortify errors in EFI log format copying # xfs: make sure aglen never goes negative in xfs_refcount_adjust_extents # xfs: fix memcpy fortify errors in RUI log format copying # xfs: fix memcpy fortify errors in CUI log format copying # xfs: fix memcpy fortify errors in BUI log format copying # ... # < /opt/cross/kisskb/korg/gcc-8.5.0-nolibc/m68k-linux/bin/m68k-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-8.5.0-nolibc/m68k-linux/bin/m68k-linux-ld --version # < git log --format=%s --max-count=1 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861 # < make -s -j 120 ARCH=m68k O=/kisskb/build/linus_sun3_defconfig_m68k-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.5.0-nolibc/m68k-linux/bin/m68k-linux- sun3_defconfig # < make -s -j 120 ARCH=m68k O=/kisskb/build/linus_sun3_defconfig_m68k-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.5.0-nolibc/m68k-linux/bin/m68k-linux- help # make -s -j 120 ARCH=m68k O=/kisskb/build/linus_sun3_defconfig_m68k-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.5.0-nolibc/m68k-linux/bin/m68k-linux- olddefconfig # make -s -j 120 ARCH=m68k O=/kisskb/build/linus_sun3_defconfig_m68k-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.5.0-nolibc/m68k-linux/bin/m68k-linux- In file included from /kisskb/src/include/linux/swab.h:5, from /kisskb/src/include/uapi/linux/byteorder/big_endian.h:14, from /kisskb/src/include/linux/byteorder/big_endian.h:5, from /kisskb/src/arch/m68k/include/uapi/asm/byteorder.h:5, from /kisskb/src/include/asm-generic/bitops/le.h:6, from /kisskb/src/arch/m68k/include/asm/bitops.h:545, from /kisskb/src/include/linux/bitops.h:68, from /kisskb/src/include/linux/kernel.h:22, from /kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c:31: /kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c: In function 'sun3_82586_timeout': /kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c:989:108: warning: array subscript 1 is above array bounds of 'volatile struct transmit_cmd_struct *[1]' [-Warray-bounds] printk("%s: command-stats: %04x %04x\n",dev->name,swab16(p->xmit_cmds[0]->cmd_status),swab16(p->xmit_cmds[1]->cmd_status)); ~~~~~~~~~~~~^~~ /kisskb/src/include/uapi/linux/swab.h:107:12: note: in definition of macro '__swab16' __fswab16(x)) ^ /kisskb/src/include/linux/printk.h:457:26: note: in expansion of macro 'printk_index_wrap' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^~~~~~~~~~~~~~~~~ /kisskb/src/drivers/net/ethernet/i825xx/sun3_82586.c:989:3: note: in expansion of macro 'printk' printk("%s: command-stats: %04x %04x\n",dev->name,swab16(p->xmit_cmds[0]->cmd_status),swab16(p->xmit_cmds[1]->cmd_status)); ^~~~~~ Completed OK # rm -rf /kisskb/build/linus_sun3_defconfig_m68k-gcc8 # Build took: 0:01:13.077648