Merge tag 'v7.1-rc4-ksmbd-server-fixes' of git://git.samba.org/ksmbd
Pull smb server fixes from Steve French:
- Fix two null pointer dereferences and a memory leak
* tag 'v7.1-rc4-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
ksmbd: fix null pointer dereference in compare_guid_key()
ksmbd: fix null pointer dereference in proc_show_files()
ksmbd: fix SID memory leak in set_posix_acl_entries_dacl() on overflow
Merge tag 'ntfs-for-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs
Pull ntfs fixes from Namjae Jeon:
- Check the index depth limit via ntfs_icx_parent_inc(), avoiding
context corruption from excessively deep child chains
- Switch security descriptor allocation to kzalloc() to avoid leaking
uninitialized memory
- Prevent an inconsistent state where vol->volume_label becomes NULL on
allocation failure
- Validate MFT records by verifying that attrs_offset sits within
bytes_in_use
- Fix an off-by-one boundary comparison, correctly catching the
out-of-range MFT record number
[48 lines not shown]
igmp: Avoid leaving dangling pointers in the state-change queue
When igmp_v3_merge_state_changes() is iterating over state-change
packets, there is a case where it'll free a queued packet but will fail
to remove it from the queue. Fix that.
Reported by: Yuxiang Yang, Yizhou Zhao, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM5.1 from Z.ai
Reviewed by: pouria, glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56947
(cherry picked from commit beab4a237a45aea809e81802b9e1e9ff30f3d929)
if_vxlan: Update *m0 after a pullup
vxlan_input()'s caller is supposed to free *m0 if it is non-NULL after
the function returns. vxlan_input() failed to update *m0 after the
pullup however, so if it hits an error case after the pullup, we'll free
the mbuf twice. Currently this can happen only if the interface is
brought down or due to a packet loop.
Reported by: Yuxiang Yang, Yizhou Zhao, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM5.1 from Z.ai
Reviewed by: pouria, zlei
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56944
(cherry picked from commit a6c4fe2d1a38885914b1c3e85508b965ccdb7874)
tests/timerfd: Serialize
At least one of these tests changes the system clock, which potentially
interferes with concurrently running tests and causes them to fail.
MFC after: 1 week
(cherry picked from commit 001cfc7b8aa38122c4e0fe8ae48fae3556a1f2b6)
routing: Use a better error number in sysctl_fibs()
ENOTCAPABLE is for capsicum and its use here is inappropriate. In
particular, note that syscallret() treats this value specially.
Reviewed by: glebius, pouria, zlei
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56481
(cherry picked from commit 8de0fc10a1c2d65bdb39eff862266ab1f87902c8)
tests/if_lagg: Minor improvements
- Set require.kmods instead of relying on ifconfig to load if_lagg.ko,
as this doesn't work when running within a jail.
- Simplify helper functions which create tap and lagg devices.
MFC after: 1 week
(cherry picked from commit 47ae0135d461854b72b905ac77bf3e1f5b2868bc)
tests/socket_afinet: Fix the bind_connected_port test
The test verifies that a socket can bind to a local address assigned by
connect(2) to a different socket. It was however trying to bind to the
wrong address, and the check of the result was inverted, so this went
unnoticed. It also needs to set SO_REUSEADDR for this to succeed.
Reported by: glebius
MFC after: 1 week
(cherry picked from commit d3d0466cae546254c50c80cf3e0c060bbbbba53c)
tests/posixshm: Check for hardware support in largepage_pkru
MFC after: 3 days
Fixes: ca87c0b8e396 ("pkru: Fix handling of 1GB largepage mappings")
(cherry picked from commit 75c66218401c00f4728d5312e2b933b8d3aefde1)
netbsd-tests: Fix the mmap_truncate_signal test
Add a volatile qualifier in the loop which triggers SIGBUS, as otherwise
the compiler is smart enough to elide it, replacing it with a check for
page != 0.
MFC after: 1 week
(cherry picked from commit e3b8e55e710bf355f371d798aa943281007a7ea9)
routing: Initialize V_rt_numfibs earlier during boot
V_rt_numfibs can be set at compile time (with the ROUTETABLES kernel
config option) or boot time (with the net.fibs tunable).
vnet_rtables_init(), running during SI_PROTO_DOMAIN, was checking the
tunable and updating V_rt_numfibs accordingly, but that means that
earlier SYSINITs, such as vnet_mroute_init(), see the compile-time value
for V_rt_numfibs before it gets corrected in vnet_rtables_init().
Fix this by initializing V_rt_numfibs earlier, so that SYSINITs are less
likely to use the wrong value.
Add a comment describing the weird, preexisting semantic of resetting
rt_numfibs to 1 in VNET jails.
PR: 294510
Reviewed by: glebius, zlei, pouria
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56473
[2 lines not shown]
Merge tag 'kbuild-fixes-7.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux
Pull Kbuild fixes from Nicolas Schier:
- modpost: prevent stack buffer overflow in do_input_entry() and
do_dmi_entry()
Defensively replace unbound sprintf() calls in file2alias to prevent
silent stack overflows and detect alias name overflows with proper
error message.
- kbuild: pacman-pkg: make "rc" releases adhere to pacman versioning
scheme
Enable smooth upgrades from "rc" releases w/ pacman packages.
* tag 'kbuild-fixes-7.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux:
kbuild: pacman-pkg: make "rc" releases adhere to pacman versioning scheme
modpost: prevent stack buffer overflow in do_input_entry() and do_dmi_entry()
[RegisterCoalescer] Don't remat trivial defs without a size benefit
isAsCheapAsAMove doesn't imply "one machine instruction". AArch64 marks
multi-instruction pseudos cheap when their fused latency matches a real
move (MOVaddr = adrp+add, MOVi64imm = MOVZ+MOVK). The trivial remat
duplicates such defs at every COPY use.
[lldb] Make CommandObject::GetTarget filter out the dummy target (#198429)
Follow-up to #197805. Make CommandObject::GetTarget the canonical target
accessor for command code, and tighten its semantics so that DoExecute
methods can't accidentally operate on the dummy target.
GetTarget now returns Target* instead of Target&. The result is the
target from the command's frozen execution context, falling back to the
interpreter's execution context. The dummy target is filtered out and
replaced with nullptr unless the command opts in via one of the
eCommandRequires{Target,Process,Thread,Frame} flags (in which case
CheckRequirements has already guaranteed a real target) or via the new
eCommandAllowsDummyTarget flag.
This is the first half of the cleanup discussed at the end of #197805. A
follow-up will audit DoExecute methods that still reach for
GetSelectedTarget or m_exe_ctx.GetTargetPtr() directly and migrate them
to GetTarget.
[flang][Semantics] Enforce IMPLICIT NONE(EXTERNAL) for dummy procedures (#198398)
## Summary
Fix `CheckImplicitNoneExternal()` to correctly diagnose dummy arguments
used as procedures that lack an explicit `EXTERNAL` attribute when
`IMPLICIT NONE(EXTERNAL)` is in effect.
Fixes #198395
## Problem
Flang silently accepted code where a dummy argument was called as a
procedure under `IMPLICIT NONE(EXTERNAL)` without the required explicit
`EXTERNAL` attribute. The Fortran 2018 standard C895 requires that each
dummy procedure used as a procedure shall explicitly have the `EXTERNAL`
attribute when `IMPLICIT NONE(EXTERNAL)` is specified.
## Changes
[21 lines not shown]
[offload][LIT] Remove XFAIL: intelgpu from 5 virtual function tests (#198559)
Passing on the buildbot now, probably
[this](https://github.com/llvm/llvm-project/pull/197556) change fixed
them.
Signed-off-by: Nick Sarnie <nick.sarnie at intel.com>
Release parked async LUN-replace cleanup after DLM peer eviction
scst.async_lun_replace=1 now also tells the kernel to park the deferred
cleanup of old tgt_devs from each LUN replace until the flag is cleared.
This avoids stalling become_active on scst_dlm_lock_wait inside
scst_clear_reservation while the dead peer is still a DLM lockspace
member.
Add iscsi.scst.disable_async_lun_replace and call it from the end of
iscsi.alua.reset_active, after dlm.reset_active (which evicts the peer)
completes.
