d_make_root will call iput on failure, so we
shouldn't try to do that ourselves.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 77923821
Change-Id: I1abb4afb0f894ab917b7c6be8c833676f436beb7
When an sdcardfs dentry is destroyed, it may not yet
have its fsdata initialized. It must be checked before
we try to access the paths in its private data.
Additionally, when cleaning up the superblock after
a failure, we don't have our sb private data, so
check for that case.
Bug: 77923821
Change-Id: I89caf6e121ed86480b42024664453fe0031bbcf3
Signed-off-by: Daniel Rosenberg <drosen@google.com>
* remotes/origin/tmp-e9a2c5d:
Linux 4.14.36
writeback: safer lock nesting
media: staging: lirc_zilog: incorrect reference counting
Revert "media: lirc_zilog: driver only sends LIRCCODE"
iwlwifi: add a bunch of new 9000 PCI IDs
iwlwifi: add shared clock PHY config flag for some devices
net: dsa: Discard frames from unused ports
mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
autofs: mount point create should honour passed in mode
Don't leak MNT_INTERNAL away from internal mounts
rpc_pipefs: fix double-dput()
orangefs_kill_sb(): deal with allocation failures
hypfs_kill_super(): deal with failed allocations
jffs2_kill_sb(): deal with failed allocations
drm/i915: Correctly handle limited range YCbCr data on VLV/CHV
mmc: sdhci-pci: Only do AMD tuning for HS200
fanotify: fix logic of events on child
udf: Fix leak of UTF-16 surrogates into encoded strings
powerpc/lib: Fix off-by-one in alternate feature patching
powerpc/xive: Fix trying to "push" an already active pool VP
powerpc/eeh: Fix enabling bridge MMIO windows
MIPS: memset.S: Fix clobber of v1 in last_fixup
MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
MIPS: memset.S: EVA & fault support for small_memset
MIPS: uaccess: Add micromips clobbers to bzero invocation
HID: wacom: bluetooth: send exit report for recent Bluetooth devices
HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
HID: input: fix battery level reporting on BT mice
random: add new ioctl RNDRESEEDCRNG
random: crng_reseed() should lock the crng instance that it is modifying
random: use a different mixing algorithm for add_device_randomness()
random: fix crng_ready() test
ALSA: hda/realtek - adjust the location of one mic
ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags
ALSA: hda - New VIA controller suppor no-snoop path
ALSA: rawmidi: Fix missing input substream checks in compat ioctls
ALSA: line6: Use correct endpoint type for midi output
drm/radeon: Fix PCIe lane width calculation
drm/radeon: add PX quirk for Asus K73TK
drm/rockchip: Clear all interrupts before requesting the IRQ
drm/amdgpu/si: implement get/set pcie_lanes asic callback
drm/amdgpu: Fix PCIe lane width calculation
drm/amdgpu/sdma: fix mask in emit_pipeline_sync
drm/amdgpu: Fix always_valid bos multiple LRU insertions.
drm/amdgpu: Add an ATPX quirk for hybrid laptop
ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
ALSA: pcm: Avoid potential races between OSS ioctls and read/write
ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
vfio/pci: Virtualize Maximum Read Request Size
watchdog: f71808e_wdt: Fix WD_EN register read
dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4
thermal: imx: Fix race condition in imx_thermal_probe()
pwm: rcar: Fix a condition to prevent mismatch value setting to duty
clk: bcm2835: De-assert/assert PLL reset signal when appropriate
clk: mediatek: fix PWM clock source by adding a fixed-factor clock
clk: fix false-positive Wmaybe-uninitialized warning
clk: mvebu: armada-38x: add support for missing clocks
PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken
mmc: tmio: Fix error handling when issuing CMD23
mmc: jz4740: Fix race condition in IRQ mask update
iommu/vt-d: Fix a potential memory leak
um: Use POSIX ucontext_t instead of struct ucontext
um: Compile with modern headers
ring-buffer: Check if memory is available before allocation
nfit: skip region registration for incomplete control regions
nfit, address-range-scrub: fix scrub in-progress reporting
libnvdimm, namespace: use a safe lookup for dimm device name
libnvdimm, dimm: fix dpa reservation vs uninitialized label area
tpm: self test failure should not cause suspend to fail
cxl: Fix possible deadlock when processing page faults from cxllib
dmaengine: at_xdmac: fix rare residue corruption
IB/srp: Fix completion vector assignment algorithm
IB/srp: Fix srp_abort()
ALSA: pcm: Fix UAF at PCM release via PCM timer access
RDMA/rxe: Fix an out-of-bounds read
RDMA/mlx5: Protect from NULL pointer derefence
RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
dm crypt: limit the number of allocated pages
ext4: add extra checks to ext4_xattr_block_get()
ext4: add bounds checking to ext4_xattr_find_entry()
ext4: move call to ext4_error() into ext4_xattr_check_block()
ext4: don't allow r/w mounts if metadata blocks overlap the superblock
ext4: always initialize the crc32c checksum driver
ext4: fail ext4_iget for root directory if unallocated
ext4: limit xattr size to INT_MAX
ext4: protect i_disksize update by i_data_sem in direct write path
ext4: don't update checksum of new initialized bitmaps
ext4: pass -ESHUTDOWN code to jbd2 layer
ext4: eliminate sleep from shutdown ioctl
ext4: shutdown should not prevent get_write_access
jbd2: if the journal is aborted then don't allow update of the log tail
block: use 32-bit blk_status_t on Alpha
extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO
random: use a tighter cap in credit_entropy_bits_safe()
irqchip/gic: Take lock when updating irq type
thunderbolt: Prevent crash when ICM firmware is not running
thunderbolt: Resume control channel after hibernation image is created
thunderbolt: Serialize PCIe tunnel creation with PCI rescan
thunderbolt: Wait a bit longer for ICM to authenticate the active NVM
ASoC: topology: Fix kcontrol name string handling
ASoC: ssm2602: Replace reg_default_raw with reg_default
soc: mediatek: fix the mistaken pointer accessed when subdomains are added
HID: core: Fix size as type u32
HID: Fix hid_report_len usage
powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
powerpc/kexec_file: Fix error code when trying to load kdump kernel
powerpc/kprobes: Fix call trace due to incorrect preempt count
powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9
powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits
powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
CIFS: fix sha512 check in cifs_crypto_secmech_release
CIFS: add sha512 secmech
CIFS: refactor crypto shash/sdesc allocation&free
i2c: i801: Restore configuration at shutdown
i2c: i801: Save register SMBSLVCMD value only once
HID: i2c-hid: fix size check and type usage
smb3: Fix root directory when server returns inode number of zero
fix smb3-encryption breakage when CONFIG_DEBUG_SG=y
cifs: fix memory leak in SMB2_open()
usb: dwc3: gadget: never call ->complete() from ->ep_queue()
usb: dwc3: pci: Properly cleanup resource
usb: dwc3: prevent setting PRTCAP to OTG from debugfs
USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
USB: gadget: f_midi: fixing a possible double-free in f_midi
ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
regmap: Fix reversed bounds check in regmap_raw_write()
xen-netfront: Fix hang on device removal
x86/xen: Delay get_cpu_cap until stack canary is established
media: vsp1: Fix BRx conditional path in WPF
media: vivid: check if the cec_adapter is valid
media: atomisp_fops.c: disable atomisp_compat_ioctl32
spi: Fix unregistration of controller with fixed SPI bus number
spi: Fix scatterlist elements size in spi_map_buf
spi: atmel: init FIFOs before spi enable
ARM: dts: at91: sama5d4: fix pinctrl compatible string
ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250
ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
arm: dts: mt7623: fix USB initialization fails on bananapi-r2
ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210
ARM: dts: da850-lego-ev3: Fix battery voltage gpio
KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list
ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate
usb: gadget: udc: core: update usb_ep_queue() documentation
phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS
usb: musb: gadget: misplaced out of bounds check
mm, slab: reschedule cache_reap() on the same CPU
ipc/shm: fix use-after-free of shm file via remap_file_pages()
resource: fix integer overflow at reallocation
fs/reiserfs/journal.c: add missing resierfs_warning() arg
task_struct: only use anon struct under randstruct plugin
mm/hmm: hmm_pfns_bad() was accessing wrong struct
mm/hmm: fix header file if/else/endif maze
mm/ksm.c: fix inconsistent accounting of zero pages
ubi: Reject MLC NAND
ubi: Fix error for write access
ubi: fastmap: Don't flush fastmap work on detach
ubifs: Check ubifs_wbuf_sync() return code
cpufreq: CPPC: Use transition_delay_us depending transition_latency
tty: make n_tty_read() always abort if hangup is in progress
f2fs: check cap_resource only for data blocks
Revert "f2fs: introduce f2fs_set_page_dirty_nobuffer"
f2fs: clear PageError on writepage
BACKPORT: dm verity: add 'check_at_most_once' option to only validate hashes once
f2fs: call unlock_new_inode() before d_instantiate()
f2fs: refactor read path to allow multiple postprocessing steps
fscrypt: allow synchronous bio decryption
FROMLIST: arm64: kvm: use -fno-jump-tables with clang
Conflicts:
drivers/usb/dwc3/core.c
drivers/usb/dwc3/gadget.c
Change-Id: I1fa31836c6eac9b700c8c7899d741fddc26b24f8
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlre3ogACgkQONu9yGCS
aT4a8Q//aR1U1nYUiiMwMTgxvWXR5Hic3jtnAxdOkpr6UNa5dDa1tijI5U9poKJW
65EPPQNW29PxIv0UGhLRzdjpL/ac2QhMyW8gmS8ikXMbFPF2JrgvOLSZpWF70cE1
hyFkzbnvavJe0QfWsii7Z+RdrSZMgfZheZMmLh1exv1tEmuYcfAiletdC8f5kTPU
/aS5X9rmJM/Fyw4iQF7NEpYPY4vESsgMd7ZfHifcV07ze6f+lkW+gcKZuVi//eJ1
NJEvSBjSvqbQoHugHvHbV/UM2RwzFFfihm6y94WOurSbToksJ141P/MEBxc9vDae
rCA8Qwq3YZ8vPu5rb8L1UHlpR+CIuanSJnijBhC2Lh6W4CmVA70+lvveqMbZGi/X
Tm9+QlV4F32ogOy+rNvFARoNx7KkWvjZ8kF2a/qgbkqQgPCwSku4anW3abXLQad+
4hYbqAwunq0V1Zi4XoIAjcQWlAokau4jDxfKbpoO7CBUYoia+1vDoK4U1FHsFy77
E4w7LktCecfoqieoBzsD5mZfTG5qrzwNhoxnnZmRGZY81TW9swVZYPkfqamG/Cbk
7HkgOLvtQiwtY5dxsLHvMwbtXzQqxO10KuLBAao6OY9xLEAqamV1v9gGO1WyOzRd
avVUShDL6FQHTRalzcm8K9OLUhOZWDcZLR9XgNwfgxZYjAlfqCA=
=Gbe3
-----END PGP SIGNATURE-----
Merge 4.14.36 into android-4.14
Changes in 4.14.36
tty: make n_tty_read() always abort if hangup is in progress
cpufreq: CPPC: Use transition_delay_us depending transition_latency
ubifs: Check ubifs_wbuf_sync() return code
ubi: fastmap: Don't flush fastmap work on detach
ubi: Fix error for write access
ubi: Reject MLC NAND
mm/ksm.c: fix inconsistent accounting of zero pages
mm/hmm: fix header file if/else/endif maze
mm/hmm: hmm_pfns_bad() was accessing wrong struct
task_struct: only use anon struct under randstruct plugin
fs/reiserfs/journal.c: add missing resierfs_warning() arg
resource: fix integer overflow at reallocation
ipc/shm: fix use-after-free of shm file via remap_file_pages()
mm, slab: reschedule cache_reap() on the same CPU
usb: musb: gadget: misplaced out of bounds check
phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS
usb: gadget: udc: core: update usb_ep_queue() documentation
ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate
KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list
ARM: dts: da850-lego-ev3: Fix battery voltage gpio
ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210
arm: dts: mt7623: fix USB initialization fails on bananapi-r2
ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250
ARM: dts: at91: sama5d4: fix pinctrl compatible string
spi: atmel: init FIFOs before spi enable
spi: Fix scatterlist elements size in spi_map_buf
spi: Fix unregistration of controller with fixed SPI bus number
media: atomisp_fops.c: disable atomisp_compat_ioctl32
media: vivid: check if the cec_adapter is valid
media: vsp1: Fix BRx conditional path in WPF
x86/xen: Delay get_cpu_cap until stack canary is established
xen-netfront: Fix hang on device removal
regmap: Fix reversed bounds check in regmap_raw_write()
ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
USB: gadget: f_midi: fixing a possible double-free in f_midi
USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
usb: dwc3: prevent setting PRTCAP to OTG from debugfs
usb: dwc3: pci: Properly cleanup resource
usb: dwc3: gadget: never call ->complete() from ->ep_queue()
cifs: fix memory leak in SMB2_open()
fix smb3-encryption breakage when CONFIG_DEBUG_SG=y
smb3: Fix root directory when server returns inode number of zero
HID: i2c-hid: fix size check and type usage
i2c: i801: Save register SMBSLVCMD value only once
i2c: i801: Restore configuration at shutdown
CIFS: refactor crypto shash/sdesc allocation&free
CIFS: add sha512 secmech
CIFS: fix sha512 check in cifs_crypto_secmech_release
powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits
powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9
powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
powerpc/kprobes: Fix call trace due to incorrect preempt count
powerpc/kexec_file: Fix error code when trying to load kdump kernel
powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
HID: Fix hid_report_len usage
HID: core: Fix size as type u32
soc: mediatek: fix the mistaken pointer accessed when subdomains are added
ASoC: ssm2602: Replace reg_default_raw with reg_default
ASoC: topology: Fix kcontrol name string handling
thunderbolt: Wait a bit longer for ICM to authenticate the active NVM
thunderbolt: Serialize PCIe tunnel creation with PCI rescan
thunderbolt: Resume control channel after hibernation image is created
thunderbolt: Prevent crash when ICM firmware is not running
irqchip/gic: Take lock when updating irq type
random: use a tighter cap in credit_entropy_bits_safe()
extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO
block: use 32-bit blk_status_t on Alpha
jbd2: if the journal is aborted then don't allow update of the log tail
ext4: shutdown should not prevent get_write_access
ext4: eliminate sleep from shutdown ioctl
ext4: pass -ESHUTDOWN code to jbd2 layer
ext4: don't update checksum of new initialized bitmaps
ext4: protect i_disksize update by i_data_sem in direct write path
ext4: limit xattr size to INT_MAX
ext4: fail ext4_iget for root directory if unallocated
ext4: always initialize the crc32c checksum driver
ext4: don't allow r/w mounts if metadata blocks overlap the superblock
ext4: move call to ext4_error() into ext4_xattr_check_block()
ext4: add bounds checking to ext4_xattr_find_entry()
ext4: add extra checks to ext4_xattr_block_get()
dm crypt: limit the number of allocated pages
RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
RDMA/mlx5: Protect from NULL pointer derefence
RDMA/rxe: Fix an out-of-bounds read
ALSA: pcm: Fix UAF at PCM release via PCM timer access
IB/srp: Fix srp_abort()
IB/srp: Fix completion vector assignment algorithm
dmaengine: at_xdmac: fix rare residue corruption
cxl: Fix possible deadlock when processing page faults from cxllib
tpm: self test failure should not cause suspend to fail
libnvdimm, dimm: fix dpa reservation vs uninitialized label area
libnvdimm, namespace: use a safe lookup for dimm device name
nfit, address-range-scrub: fix scrub in-progress reporting
nfit: skip region registration for incomplete control regions
ring-buffer: Check if memory is available before allocation
um: Compile with modern headers
um: Use POSIX ucontext_t instead of struct ucontext
iommu/vt-d: Fix a potential memory leak
mmc: jz4740: Fix race condition in IRQ mask update
mmc: tmio: Fix error handling when issuing CMD23
PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken
clk: mvebu: armada-38x: add support for missing clocks
clk: fix false-positive Wmaybe-uninitialized warning
clk: mediatek: fix PWM clock source by adding a fixed-factor clock
clk: bcm2835: De-assert/assert PLL reset signal when appropriate
pwm: rcar: Fix a condition to prevent mismatch value setting to duty
thermal: imx: Fix race condition in imx_thermal_probe()
dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4
watchdog: f71808e_wdt: Fix WD_EN register read
vfio/pci: Virtualize Maximum Read Request Size
ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
ALSA: pcm: Avoid potential races between OSS ioctls and read/write
ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
drm/amdgpu: Add an ATPX quirk for hybrid laptop
drm/amdgpu: Fix always_valid bos multiple LRU insertions.
drm/amdgpu/sdma: fix mask in emit_pipeline_sync
drm/amdgpu: Fix PCIe lane width calculation
drm/amdgpu/si: implement get/set pcie_lanes asic callback
drm/rockchip: Clear all interrupts before requesting the IRQ
drm/radeon: add PX quirk for Asus K73TK
drm/radeon: Fix PCIe lane width calculation
ALSA: line6: Use correct endpoint type for midi output
ALSA: rawmidi: Fix missing input substream checks in compat ioctls
ALSA: hda - New VIA controller suppor no-snoop path
ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags
ALSA: hda/realtek - adjust the location of one mic
random: fix crng_ready() test
random: use a different mixing algorithm for add_device_randomness()
random: crng_reseed() should lock the crng instance that it is modifying
random: add new ioctl RNDRESEEDCRNG
HID: input: fix battery level reporting on BT mice
HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
HID: wacom: bluetooth: send exit report for recent Bluetooth devices
MIPS: uaccess: Add micromips clobbers to bzero invocation
MIPS: memset.S: EVA & fault support for small_memset
MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
MIPS: memset.S: Fix clobber of v1 in last_fixup
powerpc/eeh: Fix enabling bridge MMIO windows
powerpc/xive: Fix trying to "push" an already active pool VP
powerpc/lib: Fix off-by-one in alternate feature patching
udf: Fix leak of UTF-16 surrogates into encoded strings
fanotify: fix logic of events on child
mmc: sdhci-pci: Only do AMD tuning for HS200
drm/i915: Correctly handle limited range YCbCr data on VLV/CHV
jffs2_kill_sb(): deal with failed allocations
hypfs_kill_super(): deal with failed allocations
orangefs_kill_sb(): deal with allocation failures
rpc_pipefs: fix double-dput()
Don't leak MNT_INTERNAL away from internal mounts
autofs: mount point create should honour passed in mode
mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
net: dsa: Discard frames from unused ports
iwlwifi: add shared clock PHY config flag for some devices
iwlwifi: add a bunch of new 9000 PCI IDs
Revert "media: lirc_zilog: driver only sends LIRCCODE"
media: staging: lirc_zilog: incorrect reference counting
writeback: safer lock nesting
Linux 4.14.36
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 2e898e4c0a3897ccd434adac5abb8330194f527b upstream.
lock_page_memcg()/unlock_page_memcg() use spin_lock_irqsave/restore() if
the page's memcg is undergoing move accounting, which occurs when a
process leaves its memcg for a new one that has
memory.move_charge_at_immigrate set.
unlocked_inode_to_wb_begin,end() use spin_lock_irq/spin_unlock_irq() if
the given inode is switching writeback domains. Switches occur when
enough writes are issued from a new domain.
This existing pattern is thus suspicious:
lock_page_memcg(page);
unlocked_inode_to_wb_begin(inode, &locked);
...
unlocked_inode_to_wb_end(inode, locked);
unlock_page_memcg(page);
If both inode switch and process memcg migration are both in-flight then
unlocked_inode_to_wb_end() will unconditionally enable interrupts while
still holding the lock_page_memcg() irq spinlock. This suggests the
possibility of deadlock if an interrupt occurs before unlock_page_memcg().
truncate
__cancel_dirty_page
lock_page_memcg
unlocked_inode_to_wb_begin
unlocked_inode_to_wb_end
<interrupts mistakenly enabled>
<interrupt>
end_page_writeback
test_clear_page_writeback
lock_page_memcg
<deadlock>
unlock_page_memcg
Due to configuration limitations this deadlock is not currently possible
because we don't mix cgroup writeback (a cgroupv2 feature) and
memory.move_charge_at_immigrate (a cgroupv1 feature).
If the kernel is hacked to always claim inode switching and memcg
moving_account, then this script triggers lockup in less than a minute:
cd /mnt/cgroup/memory
mkdir a b
echo 1 > a/memory.move_charge_at_immigrate
echo 1 > b/memory.move_charge_at_immigrate
(
echo $BASHPID > a/cgroup.procs
while true; do
dd if=/dev/zero of=/mnt/big bs=1M count=256
done
) &
while true; do
sync
done &
sleep 1h &
SLEEP=$!
while true; do
echo $SLEEP > a/cgroup.procs
echo $SLEEP > b/cgroup.procs
done
The deadlock does not seem possible, so it's debatable if there's any
reason to modify the kernel. I suggest we should to prevent future
surprises. And Wang Long said "this deadlock occurs three times in our
environment", so there's more reason to apply this, even to stable.
Stable 4.4 has minor conflicts applying this patch. For a clean 4.4 patch
see "[PATCH for-4.4] writeback: safer lock nesting"
https://lkml.org/lkml/2018/4/11/146
Wang Long said "this deadlock occurs three times in our environment"
[gthelen@google.com: v4]
Link: http://lkml.kernel.org/r/20180411084653.254724-1-gthelen@google.com
[akpm@linux-foundation.org: comment tweaks, struct initialization simplification]
Change-Id: Ibb773e8045852978f6207074491d262f1b3fb613
Link: http://lkml.kernel.org/r/20180410005908.167976-1-gthelen@google.com
Fixes: 682aa8e1a6a1 ("writeback: implement unlocked_inode_to_wb transaction and use it for stat updates")
Signed-off-by: Greg Thelen <gthelen@google.com>
Reported-by: Wang Long <wanglong19@meituan.com>
Acked-by: Wang Long <wanglong19@meituan.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: <stable@vger.kernel.org> [v4.2+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[natechancellor: Adjust context due to lack of b93b016313b3b]
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1e6306652ba18723015d1b4967fe9de55f042499 upstream.
The autofs file system mkdir inode operation blindly sets the created
directory mode to S_IFDIR | 0555, ingoring the passed in mode, which can
cause selinux dac_override denials.
But the function also checks if the caller is the daemon (as no-one else
should be able to do anything here) so there's no point in not honouring
the passed in mode, allowing the daemon to set appropriate mode when
required.
Link: http://lkml.kernel.org/r/152361593601.8051.14014139124905996173.stgit@pluto.themaw.net
Signed-off-by: Ian Kent <raven@themaw.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 16a34adb9392b2fe4195267475ab5b472e55292c upstream.
We want it only for the stuff created by SB_KERNMOUNT mounts, *not* for
their copies. As it is, creating a deep stack of bindings of /proc/*/ns/*
somewhere in a new namespace and exiting yields a stack overflow.
Cc: stable@kernel.org
Reported-by: Alexander Aring <aring@mojatatu.com>
Bisected-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Tested-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Tested-by: Alexander Aring <aring@mojatatu.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 54a307ba8d3cd00a3902337ffaae28f436eeb1a4 upstream.
When event on child inodes are sent to the parent inode mark and
parent inode mark was not marked with FAN_EVENT_ON_CHILD, the event
will not be delivered to the listener process. However, if the same
process also has a mount mark, the event to the parent inode will be
delivered regadless of the mount mark mask.
This behavior is incorrect in the case where the mount mark mask does
not contain the specific event type. For example, the process adds
a mark on a directory with mask FAN_MODIFY (without FAN_EVENT_ON_CHILD)
and a mount mark with mask FAN_CLOSE_NOWRITE (without FAN_ONDIR).
A modify event on a file inside that directory (and inside that mount)
should not create a FAN_MODIFY event, because neither of the marks
requested to get that event on the file.
Fixes: 1968f5eed54c ("fanotify: use both marks when possible")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 44f06ba8297c7e9dfd0e49b40cbe119113cca094 upstream.
OSTA UDF specification does not mention whether the CS0 charset in case
of two bytes per character encoding should be treated in UTF-16 or
UCS-2. The sample code in the standard does not treat UTF-16 surrogates
in any special way but on systems such as Windows which work in UTF-16
internally, filenames would be treated as being in UTF-16 effectively.
In Linux it is more difficult to handle characters outside of Base
Multilingual plane (beyond 0xffff) as NLS framework works with 2-byte
characters only. Just make sure we don't leak UTF-16 surrogates into the
resulting string when loading names from the filesystem for now.
CC: stable@vger.kernel.org # >= v4.6
Reported-by: Mingye Wang <arthur200126@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 54dd0e0a1b255f115f8647fc6fb93273251b01b9 upstream.
Add explicit checks in ext4_xattr_block_get() just in case the
e_value_offs and e_value_size fields in the the xattr block are
corrupted in memory after the buffer_verified bit is set on the xattr
block.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9496005d6ca4cf8f5ee8f828165a8956872dc59d upstream.
Add some paranoia checks to make sure we don't stray beyond the end of
the valid memory region containing ext4 xattr entries while we are
scanning for a match.
Also rename the function to xattr_find_entry() since it is static and
thus only used in fs/ext4/xattr.c
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit de05ca8526796c7e9f7c7282b7f89a818af19818 upstream.
Refactor the call to EXT4_ERROR_INODE() into ext4_xattr_check_block().
This simplifies the code, and fixes a problem where not all callers of
ext4_xattr_check_block() were not resulting in ext4_error() getting
called when the xattr block is corrupted.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 18db4b4e6fc31eda838dd1c1296d67dbcb3dc957 upstream.
If some metadata block, such as an allocation bitmap, overlaps the
superblock, it's very likely that if the file system is mounted
read/write, the results will not be pretty. So disallow r/w mounts
for file systems corrupted in this particular way.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a45403b51582a87872927a3e0fc0a389c26867f1 upstream.
The extended attribute code now uses the crc32c checksum for hashing
purposes, so we should just always always initialize it. We also want
to prevent NULL pointer dereferences if one of the metadata checksum
features is enabled after the file sytsem is originally mounted.
This issue has been assigned CVE-2018-1094.
https://bugzilla.kernel.org/show_bug.cgi?id=199183https://bugzilla.redhat.com/show_bug.cgi?id=1560788
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44 upstream.
If the root directory has an i_links_count of zero, then when the file
system is mounted, then when ext4_fill_super() notices the problem and
tries to call iput() the root directory in the error return path,
ext4_evict_inode() will try to free the inode on disk, before all of
the file system structures are set up, and this will result in an OOPS
caused by a NULL pointer dereference.
This issue has been assigned CVE-2018-1092.
https://bugzilla.kernel.org/show_bug.cgi?id=199179https://bugzilla.redhat.com/show_bug.cgi?id=1560777
Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ce3fd194fcc6fbdc00ce095a852f22df97baa401 upstream.
ext4 isn't validating the sizes of xattrs where the value of the xattr
is stored in an external inode. This is problematic because
->e_value_size is a u32, but ext4_xattr_get() returns an int. A very
large size is misinterpreted as an error code, which ext4_get_acl()
translates into a bogus ERR_PTR() for which IS_ERR() returns false,
causing a crash.
Fix this by validating that all xattrs are <= INT_MAX bytes.
This issue has been assigned CVE-2018-1095.
https://bugzilla.kernel.org/show_bug.cgi?id=199185https://bugzilla.redhat.com/show_bug.cgi?id=1560793
Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Fixes: e50e5129f384 ("ext4: xattr-in-inode support")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 73fdad00b208b139cf43f3163fbc0f67e4c6047c upstream.
i_disksize update should be protected by i_data_sem, by either taking
the lock explicitly or by using ext4_update_i_disksize() helper. But the
i_disksize updates in ext4_direct_IO_write() are not protected at all,
which may be racing with i_disksize updates in writeback path in
delalloc buffer write path.
This is found by code inspection, and I didn't hit any i_disksize
corruption due to this bug. Thanks to Jan Kara for catching this bug and
suggesting the fix!
Reported-by: Jan Kara <jack@suse.cz>
Suggested-by: Jan Kara <jack@suse.cz>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 044e6e3d74a3d7103a0c8a9305dfd94d64000660 upstream.
When reading the inode or block allocation bitmap, if the bitmap needs
to be initialized, do not update the checksum in the block group
descriptor. That's because we're not set up to journal those changes.
Instead, just set the verified bit on the bitmap block, so that it's
not necessary to validate the checksum.
When a block or inode allocation actually happens, at that point the
checksum will be calculated, and update of the bg descriptor block
will be properly journalled.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit fb7c02445c497943e7296cd3deee04422b63acb8 upstream.
Previously the jbd2 layer assumed that a file system check would be
required after a journal abort. In the case of the deliberate file
system shutdown, this should not be necessary. Allow the jbd2 layer
to distinguish between these two cases by using the ESHUTDOWN errno.
Also add proper locking to __journal_abort_soft().
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a6d9946bb925293fda9f5ed6d33d8580b001f006 upstream.
The msleep() when processing EXT4_GOING_FLAGS_NOLOGFLUSH was a hack to
avoid some races (that are now fixed), but in fact it introduced its
own race.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 576d18ed60f5465110087c5e0eb1010de13e374d upstream.
The ext4 forced shutdown flag needs to prevent new handles from being
started, but it needs to allow existing handles to complete. So the
forced shutdown flag should not force ext4_journal_get_write_access to
fail.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 85e0c4e89c1b864e763c4e3bb15d0b6d501ad5d9 upstream.
This updates the jbd2 superblock unnecessarily, and on an abort we
shouldn't truncate the log.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 70e80655f58e17a2e38e577e1b4fa7a8c99619a0 upstream.
It seems this is a copy-paste error and that the proper variable to use
in this particular case is _sha512_ instead of _md5_.
Addresses-Coverity-ID: 1465358 ("Copy-paste error")
Fixes: 1c6614d229e7 ("CIFS: add sha512 secmech")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5fcd7f3f966f37f3f9a215af4cc1597fe338d0d5 upstream.
* prepare for SMB3.11 pre-auth integrity
* enable sha512 when SMB311 is enabled in Kconfig
* add sha512 as a soft dependency
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 82fb82be05585426405667dd5f0510aa953ba439 upstream.
shash and sdesc and always allocated and freed together.
* abstract this in new functions cifs_alloc_hash() and cifs_free_hash().
* make smb2/3 crypto allocation independent from each other.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7ea884c77e5c97f1e0a1a422d961d27f78ca2745 upstream.
Some servers return inode number zero for the root directory, which
causes ls to display incorrect data (missing "." and "..").
If the server returns zero for the inode number of the root directory,
fake an inode number for it.
Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 262916bc69faf90104aa784d55e10760a4199594 upstream.
We can not use the standard sg_set_buf() fucntion since when
CONFIG_DEBUG_SG=y this adds a check that will BUG_ON for cifs.ko
when we pass it an object from the stack.
Create a new wrapper smb2_sg_set_buf() which avoids doing that particular check
and use it for smb3 encryption instead.
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9ad553abe66f8be3f4755e9fa0a6ba137ce76341 upstream.
One use of the reiserfs_warning() macro in journal_init_dev() is missing
a parameter, causing the following warning:
REISERFS warning (device loop0): journal_init_dev: Cannot open '%s': %i journal_init_dev:
This also causes a WARN_ONCE() warning in the vsprintf code, and then a
panic if panic_on_warn is set.
Please remove unsupported %/ in format string
WARNING: CPU: 1 PID: 4480 at lib/vsprintf.c:2138 format_decode+0x77f/0x830 lib/vsprintf.c:2138
Kernel panic - not syncing: panic_on_warn set ...
Just add another string argument to the macro invocation.
Addresses https://syzkaller.appspot.com/bug?id=0627d4551fdc39bf1ef5d82cd9eef587047f7718
Link: http://lkml.kernel.org/r/d678ebe1-6f54-8090-df4c-b9affad62293@infradead.org
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: <syzbot+6bd77b88c1977c03f584@syzkaller.appspotmail.com>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Jeff Mahoney <jeffm@suse.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Jan Kara <jack@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit aac17948a7ce01fb60b9ee6cf902967a47b3ce26 upstream.
If ubifs_wbuf_sync() fails we must not write a master node with the
dirty marker cleared.
Otherwise it is possible that in case of an IO error while syncing we
mark the filesystem as clean and UBIFS refuses to recover upon next
mount.
Cc: <stable@vger.kernel.org>
Fixes: 1e51764a3c2a ("UBIFS: add new flash file system")
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cherry-pick from origin/upstream-f2fs-stable-linux-4.14.y:
commit ca17de437834 ("f2fs: check cap_resource only for data blocks")
This patch changes the rule to check cap_resource for data blocks, not inode
or node blocks in order to avoid selinux denial.
Change-Id: Icf0ce297701d20d288f3f08cd94f3b7c9348f79c
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Cherry-pick from origin/upstream-f2fs-stable-linux-4.14.y:
commit 4c3540173ab2 ("Revert "f2fs: introduce f2fs_set_page_dirty_nobuffer"")
This patch reverts copied f2fs_set_page_dirty_nobuffer to use generic function
for stability.
This reverts commit fe76b796fc5194cc3d57265002e3a748566d073f.
Change-Id: Ie3636c90336986cfe3a0ee79d32d8669a82efcc2
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Cherry-pick from origin/upstream-f2fs-stable-linux-4.14.y:
commit 0d05d5b2391a ("f2fs: clear PageError on writepage")
This patch clears PageError in some pages tagged by read path, but when we
write the pages with valid contents, writepage should clear the bit likewise
ext4.
Change-Id: I2b089495a565e6ae78e16fec4b81eb2306fcf3c7
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Cherry-pick from origin/upstream-f2fs-stable-linux-4.14.y:
b9a28b16e93d ("f2fs: call unlock_new_inode() before d_instantiate()")
xfstest generic/429 sometimes hangs on f2fs, caused by a thread being
unable to take a directory's i_rwsem for write in vfs_rmdir(). In the
test, one thread repeatedly creates and removes a directory, and other
threads repeatedly look up a file in the directory. The bug is that
f2fs_mkdir() calls d_instantiate() before unlock_new_inode(), resulting
in the directory inode being exposed to lookups before it has been fully
initialized. And with CONFIG_DEBUG_LOCK_ALLOC, unlock_new_inode()
reinitializes ->i_rwsem, corrupting its state when it is already held.
Fix it by calling unlock_new_inode() before d_instantiate(). This
matches what other filesystems do.
Fixes: 57397d86c62d ("f2fs: add inode operations for special inodes")
Change-Id: I908ef971703907f9903e75071694595a8742601d
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Cherry-pick from origin/upstream-f2fs-stable-linux-4.14.y:
e1f299357c3e ("f2fs: refactor read path to allow multiple postprocessing steps")
Currently f2fs's ->readpage() and ->readpages() assume that either the
data undergoes no postprocessing, or decryption only. But with
fs-verity, there will be an additional authenticity verification step,
and it may be needed either by itself, or combined with decryption.
To support this, store a 'struct bio_post_read_ctx' in ->bi_private
which contains a work struct, a bitmask of postprocessing steps that are
enabled, and an indicator of the current step. The bio completion
routine, if there was no I/O error, enqueues the first postprocessing
step. When that completes, it continues to the next step. Pages that
fail any postprocessing step have PageError set. Once all steps have
completed, pages without PageError set are set Uptodate, and all pages
are unlocked.
Also replace f2fs_encrypted_file() with a new function
f2fs_post_read_required() in places like direct I/O and garbage
collection that really should be testing whether the file needs special
I/O processing, not whether it is encrypted specifically.
This may also be useful for other future f2fs features such as
compression.
Change-Id: I8178e0fa7ae0171e5894b32a692cc8b1fb45a149
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Cherry-pick from origin/upstream-f2fs-stable-linux-4.14.y:
fac0e4a8acde ("fscrypt: allow synchronous bio decryption")
Currently, fscrypt provides fscrypt_decrypt_bio_pages() which decrypts a
bio's pages asynchronously, then unlocks them afterwards. But, this
assumes that decryption is the last "postprocessing step" for the bio,
so it's incompatible with additional postprocessing steps such as
authenticity verification after decryption.
Therefore, rename the existing fscrypt_decrypt_bio_pages() to
fscrypt_enqueue_decrypt_bio(). Then, add fscrypt_decrypt_bio() which
decrypts the pages in the bio synchronously without unlocking the pages,
nor setting them Uptodate; and add fscrypt_enqueue_decrypt_work(), which
enqueues work on the fscrypt_read_workqueue. The new functions will be
used by filesystems that support both fscrypt and fs-verity.
Change-Id: I87514f59bcf1d2cec858bb44f6e27652ba0e93eb
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
* refs/heads/tmp-07e1389
Linux 4.14.35
nfsd: fix incorrect umasks
hugetlbfs: fix bug in pgoff overflow checking
xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling
ovl: fix lookup with middle layer opaque dir and absolute path redirects
blk-mq: don't keep offline CPUs mapped to hctx 0
lib: fix stall in __bitmap_parselist()
f2fs: fix heap mode to reset it back
sunrpc: remove incorrect HMAC request initialization
ath9k: Protect queue draining by rcu_read_lock()
hwmon: (ina2xx) Fix access to uninitialized mutex
x86/mce/AMD: Get address from already initialized block
x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type
x86/mce/AMD: Pass the bank number to smca_get_bank_type()
x86/MCE: Report only DRAM ECC as memory errors on AMD systems
rtl8187: Fix NULL pointer dereference in priv->conf_mutex
Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being active-low
Bluetooth: Fix connection if directed advertising and privacy is used
getname_kernel() needs to make sure that ->name != ->iname in long case
get_user_pages_fast(): return -EFAULT on access_ok failure
s390/ipl: ensure loadparm valid flag is set
s390/qdio: don't merge ERROR output buffers
s390/qdio: don't retry EQBS after CCQ 96
nfit: fix region registration vs block-data-window ranges
block/loop: fix deadlock after loop_set_status
apparmor: fix resource audit messages when auditing peer
apparmor: fix display of .ns_name for containers
apparmor: fix logging of the existence test for signals
scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure
x86/MCE/AMD: Define a function to get SMCA bank type
radeon: hide pointless #warning when compile testing
perf/core: Fix use-after-free in uprobe_perf_close()
perf intel-pt: Fix timestamp following overflow
perf intel-pt: Fix error recovery from missing TIP packet
perf intel-pt: Fix sync_switch
perf intel-pt: Fix overlap detection to identify consecutive buffers correctly
KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode
PCI: hv: Serialize the present and eject work items
Drivers: hv: vmbus: do not mark HV_PCIE as perf_device
parisc: Fix HPMC handler by increasing size to multiple of 16 bytes
parisc: Fix out of array access in match_pci_device()
media: v4l: vsp1: Fix header display list status check in continuous mode
media: v4l2-compat-ioctl32: don't oops on overlay
lan78xx: Correctly indicate invalid OTP
vhost: Fix vhost_copy_to_user()
vhost: fix vhost_vq_access_ok() log check
slip: Check if rstate is initialized before uncompressing
rds: MP-RDS may use an invalid c_path
cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN
netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit()
ANDROID: Add build server config for cuttlefish.
ANDROID: Add defconfig for cuttlefish.
FROMLIST: staging: Android: Add 'vsoc' driver for cuttlefish.
ANDROID: cpufreq: Add time_in_state to /proc/uid directories
ANDROID: proc: Add /proc/uid directory
ANDROID: cpufreq: times: track per-uid time in state
ANDROID: cpufreq: track per-task time in state
f2fs/fscrypt: updates to v4.17-rc1
Change-Id: I0fdc9762e63ff9a9abb25e6adea0c723e517a2a6
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlrYPacACgkQONu9yGCS
aT7Q4A//Q+1ytBiWunPksqjKyIUN10wvvic7KMUsXWoO0V0IamiuTQBcwfDdn9w7
ilIrPkMfW48r0gpLYyrmhQ/u6VDOaTRdAz5t9veStsr3p58e40uzhoCBqlOGaQYO
yCa7YZ1AWKAHkgfeLUevRd1oHq7eQ6BgtIzB6XBzxO8WhKa4EU6GuxvrbGdn1YNR
tCkfHkwyp0OoPt8mbxw46A7+40nrGSWqp+ubFFrr2I0xd4gJJ1Xadj5DTxAf2uQS
H0wbUqYHOoT94eB6QfwM/uBYQQV6QYFRItQsMb4zZM9/9uTjWug25PXCXvaR/Hsg
ek2WPtHxW62suiHDi2vt+GqrlswD4vQ0FJvLBGSmyzpLuVE8281Jm0C23KFI+4lR
gcXrtrdYNnKc5OSc0f7qqg66amBQJ14diLPxmfWMhou/3cCsn9bRnU7GIimnrD/Z
fzlDi3fQcgpbiC38FnfLXy8spcYNwiul3YNgVSS0B8pjLNmq3RFiYrBF3GR4y7dZ
bcNer1QhmNT1grutUXmTPdXI0BGXWjNTT6kxzNqv70YE56mQgXNXIljGZ3LptXMn
nCHkKyGEQlTxR5lsiZ4nmcwvdAdcCMfMfNpMftrmp8tBzMGgcGyIqwhhNnkommon
Q5sV5ND1qAd+OdWLP42bqMIN84khxynACzYNBN/ukrWHglcWEoo=
=2Q90
-----END PGP SIGNATURE-----
Merge 4.14.35 into android-4.14
Changes in 4.14.35
netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit()
cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN
rds: MP-RDS may use an invalid c_path
slip: Check if rstate is initialized before uncompressing
vhost: fix vhost_vq_access_ok() log check
vhost: Fix vhost_copy_to_user()
lan78xx: Correctly indicate invalid OTP
media: v4l2-compat-ioctl32: don't oops on overlay
media: v4l: vsp1: Fix header display list status check in continuous mode
parisc: Fix out of array access in match_pci_device()
parisc: Fix HPMC handler by increasing size to multiple of 16 bytes
Drivers: hv: vmbus: do not mark HV_PCIE as perf_device
PCI: hv: Serialize the present and eject work items
KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode
perf intel-pt: Fix overlap detection to identify consecutive buffers correctly
perf intel-pt: Fix sync_switch
perf intel-pt: Fix error recovery from missing TIP packet
perf intel-pt: Fix timestamp following overflow
perf/core: Fix use-after-free in uprobe_perf_close()
radeon: hide pointless #warning when compile testing
x86/MCE/AMD: Define a function to get SMCA bank type
scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure
apparmor: fix logging of the existence test for signals
apparmor: fix display of .ns_name for containers
apparmor: fix resource audit messages when auditing peer
block/loop: fix deadlock after loop_set_status
nfit: fix region registration vs block-data-window ranges
s390/qdio: don't retry EQBS after CCQ 96
s390/qdio: don't merge ERROR output buffers
s390/ipl: ensure loadparm valid flag is set
get_user_pages_fast(): return -EFAULT on access_ok failure
getname_kernel() needs to make sure that ->name != ->iname in long case
Bluetooth: Fix connection if directed advertising and privacy is used
Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being active-low
rtl8187: Fix NULL pointer dereference in priv->conf_mutex
x86/MCE: Report only DRAM ECC as memory errors on AMD systems
x86/mce/AMD: Pass the bank number to smca_get_bank_type()
x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type
x86/mce/AMD: Get address from already initialized block
hwmon: (ina2xx) Fix access to uninitialized mutex
ath9k: Protect queue draining by rcu_read_lock()
sunrpc: remove incorrect HMAC request initialization
f2fs: fix heap mode to reset it back
lib: fix stall in __bitmap_parselist()
blk-mq: don't keep offline CPUs mapped to hctx 0
ovl: fix lookup with middle layer opaque dir and absolute path redirects
xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling
hugetlbfs: fix bug in pgoff overflow checking
nfsd: fix incorrect umasks
Linux 4.14.35
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 880a3a5325489a143269a8e172e7563ebf9897bc upstream.
We're neglecting to clear the umask after it's set, which can cause a
later unrelated rpc to (incorrectly) use the same umask if it happens to
be processed by the same thread.
There's a more subtle problem here too:
An NFSv4 compound request is decoded all in one pass before any
operations are executed.
Currently we're setting current->fs->umask at the time we decode the
compound. In theory a single compound could contain multiple creates
each setting a umask. In that case we'd end up using whichever umask
was passed in the *last* operation as the umask for all the creates,
whether that was correct or not.
So, we should just be saving the umask at decode time and waiting to set
it until we actually process the corresponding operation.
In practice it's unlikely any client would do multiple creates in a
single compound. And even if it did they'd likely be from the same
process (hence carry the same umask). So this is a little academic, but
we should get it right anyway.
Fixes: 47057abde515 (nfsd: add support for the umask attribute)
Cc: stable@vger.kernel.org
Reported-by: Lucash Stach <l.stach@pengutronix.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5df63c2a149ae65a9ec239e7c2af44efa6f79beb upstream.
This is a fix for a regression in 32 bit kernels caused by an invalid
check for pgoff overflow in hugetlbfs mmap setup. The check incorrectly
specified that the size of a loff_t was the same as the size of a long.
The regression prevents mapping hugetlbfs files at offsets greater than
4GB on 32 bit kernels.
On 32 bit kernels conversion from a page based unsigned long can not
overflow a loff_t byte offset. Therefore, skip this check if
sizeof(unsigned long) != sizeof(loff_t).
Link: http://lkml.kernel.org/r/20180330145402.5053-1-mike.kravetz@oracle.com
Fixes: 63489f8e8211 ("hugetlbfs: check for pgoff value overflow")
Reported-by: Dan Rue <dan.rue@linaro.org>
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Tested-by: Anders Roxell <anders.roxell@linaro.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Yisheng Xie <xieyisheng1@huawei.com>
Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Nic Losby <blurbdust@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3ec9b3fafcaf441cc4d46b9742cd6ec0c79f8df0 upstream.
As of now if we encounter an opaque dir while looking for a dentry, we set
d->last=true. This means that there is no need to look further in any of
the lower layers. This works fine as long as there are no redirets or
relative redircts. But what if there is an absolute redirect on the
children dentry of opaque directory. We still need to continue to look into
next lower layer. This patch fixes it.
Here is an example to demonstrate the issue. Say you have following setup.
upper: /redirect (redirect=/a/b/c)
lower1: /a/[b]/c ([b] is opaque) (c has absolute redirect=/a/b/d/)
lower0: /a/b/d/foo
Now "redirect" dir should merge with lower1:/a/b/c/ and lower0:/a/b/d.
Note, despite the fact lower1:/a/[b] is opaque, we need to continue to look
into lower0 because children c has an absolute redirect.
Following is a reproducer.
Watch me make foo disappear:
$ mkdir lower middle upper work work2 merged
$ mkdir lower/origin
$ touch lower/origin/foo
$ mount -t overlay none merged/ \
-olowerdir=lower,upperdir=middle,workdir=work2
$ mkdir merged/pure
$ mv merged/origin merged/pure/redirect
$ umount merged
$ mount -t overlay none merged/ \
-olowerdir=middle:lower,upperdir=upper,workdir=work
$ mv merged/pure/redirect merged/redirect
Now you see foo inside a twice redirected merged dir:
$ ls merged/redirect
foo
$ umount merged
$ mount -t overlay none merged/ \
-olowerdir=middle:lower,upperdir=upper,workdir=work
After mount cycle you don't see foo inside the same dir:
$ ls merged/redirect
During middle layer lookup, the opaqueness of middle/pure is left in
the lookup state and then middle/pure/redirect is wrongly treated as
opaque.
Fixes: 02b69b284cd7 ("ovl: lookup redirects")
Cc: <stable@vger.kernel.org> #v4.10
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b94929d975c8423defc9aededb0f499ff936b509 upstream.
Commit 7a20b8a61eff81bdb7097a578752a74860e9d142 ("f2fs: allocate node
and hot data in the beginning of partition") introduces another mount
option, heap, to reset it back. But it does not do anything for heap
mode, so fix it.
Cc: stable@vger.kernel.org
Signed-off-by: Yunlong Song <yunlong.song@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 30ce4d1903e1d8a7ccd110860a5eef3c638ed8be upstream.
missed it in "kill struct filename.separate" several years ago.
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add per-uid files that report the data in binary format rather than
text, to allow faster reading & parsing by userspace.
Signed-off-by: Connor O'Brien <connoro@google.com>
Bug: 72339335
Test: compare values to those reported in /proc/uid_time_in_state
Change-Id: I463039ea7f17b842be4c70024fe772539fe2ce02
Add support for reporting per-uid information through procfs, roughly
following the approach used for per-tid and per-tgid directories in
fs/proc/base.c.
This also entails some new tracking of which uids have been used, to
avoid losing information when the last task with a given uid exits.
Signed-off-by: Connor O'Brien <connoro@google.com>
Bug: 72339335
Test: ls /proc/uid/; compare with UIDs in /proc/uid_time_in_state
Change-Id: I0908f0c04438b11ceb673d860e58441bf503d478
Add time in state data to task structs, and create
/proc/<pid>/time_in_state files to show how long each individual task
has run at each frequency.
Create a CONFIG_CPU_FREQ_TIMES option to enable/disable this tracking.
Signed-off-by: Connor O'Brien <connoro@google.com>
Bug: 72339335
Test: Read /proc/<pid>/time_in_state
Change-Id: Ia6456754f4cb1e83b2bc35efa8fbe9f8696febc8
* remotes/origin/tmp-7e76ead:
Linux 4.14.34
net/mlx4_core: Fix memory leak while delete slave's resources
vhost_net: add missing lock nesting notation
team: move dev_mc_sync after master_upper_dev_link in team_port_add
route: check sysctl_fib_multipath_use_neigh earlier than hash
vhost: validate log when IOTLB is enabled
net/mlx5e: Fix traffic being dropped on VF representor
net/mlx4_en: Fix mixed PFC and Global pause user control requests
strparser: Fix sign of err codes
net/sched: fix NULL dereference on the error path of tcf_skbmod_init()
net/sched: fix NULL dereference in the error path of tunnel_key_init()
net/mlx5e: Sync netdev vxlan ports at open
net/mlx5e: Don't override vport admin link state in switchdev mode
ipv6: sr: fix seg6 encap performances with TSO enabled
nfp: use full 40 bits of the NSP buffer address
net/mlx5e: Fix memory usage issues in offloading TC flows
net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path
vti6: better validate user provided tunnel names
ip6_tunnel: better validate user provided tunnel names
ip6_gre: better validate user provided tunnel names
ipv6: sit: better validate user provided tunnel names
ip_tunnel: better validate user provided tunnel names
net: fool proof dev_valid_name()
bonding: process the err returned by dev_set_allmulti properly in bond_enslave
bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
bonding: fix the err path for dev hwaddr sync in bond_enslave
vrf: Fix use after free and double free in vrf_finish_output
vlan: also check phy_driver ts_info for vlan's real device
vhost: correctly remove wait queue during poll failure
sky2: Increase D3 delay to sky2 stops working after suspend
sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
sctp: do not leak kernel memory to user space
r8169: fix setting driver_data after register_netdev
pptp: remove a buggy dst release in pptp_connect()
net/sched: fix NULL dereference in the error path of tcf_bpf_init()
net sched actions: fix dumping which requires several messages to user space
netlink: make sure nladdr has correct size in netlink_connect()
net/ipv6: Increment OUTxxx counters after netfilter hook
net/ipv6: Fix route leaking between VRFs
net: fix possible out-of-bound read in skb_network_protocol()
lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write)
ipv6: the entire IPv6 header chain must fit the first fragment
arp: fix arp_filter on l3slave devices
x86/microcode: Fix CPU synchronization routine
x86/microcode: Attempt late loading only when new microcode is present
x86/microcode: Synchronize late microcode loading
x86/microcode: Request microcode on the BSP
x86/microcode/intel: Look into the patch cache first
x86/microcode: Do not upload microcode if CPUs are offline
x86/microcode/intel: Writeback and invalidate caches before updating microcode
x86/microcode/intel: Check microcode revision before updating sibling threads
x86/microcode: Get rid of struct apply_microcode_ctx
x86/CPU: Check CPU feature bits after microcode upgrade
x86/CPU: Add a microcode loader callback
x86/microcode: Propagate return value from updating functions
crypto: arm64/aes-ce-cipher - move assembler code to .S file
objtool: Add Clang support
thermal: int3400_thermal: fix error handling in int3400_thermal_probe()
tcmu: release blocks for partially setup cmds
perf tools: Fix copyfile_offset update of output offset
crypto: aes-generic - build with -Os on gcc-7+
mtd: mtd_oobtest: Handle bitflips during reads
Input: goodix - disable IRQs while suspended
ibmvnic: Don't handle RX interrupts when not up.
sdhci: Advertise 2.0v supply on SDIO host controller
x86/gart: Exclude GART aperture from vmcore
gpio: thunderx: fix error return code in thunderx_gpio_probe()
RDMA/cma: Fix rdma_cm path querying for RoCE
scsi: megaraid_sas: unload flag should be set after scsi_remove_host is called
scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map
cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
i40evf: don't rely on netif_running() outside rtnl_lock()
uio_hv_generic: check that host supports monitor page
EDAC, mv64x60: Fix an error handling path
block, bfq: put async queues for root bfq groups too
tty: n_gsm: Allow ADM response in addition to UA for control dlci
blk-mq: fix kernel oops in blk_mq_tag_idle()
scsi: libsas: initialize sas_phy status according to response of DISCOVER
scsi: libsas: fix error when getting phy events
scsi: libsas: fix memory leak in sas_smp_get_phy_events()
bcache: segregate flash only volume write streams
bcache: stop writeback thread after detaching
bcache: ret IOERR when read meets metadata error
net: hns3: fix for changing MTU
net: hns3: Fix an error macro definition of HNS3_TQP_STAT
net: hns3: Fix a loop index error of tqp statistics query
net: hns3: Fix an error of total drop packet statistics
net/mlx5: Fix race for multiple RoCE enable
wl1251: check return from call to wl1251_acx_arp_ip_filter
rt2x00: do not pause queue unconditionally on error path
power: supply: axp288_charger: Properly stop work on probe-error / remove
ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
staging: lustre: disable preempt while sampling processor id.
perf report: Fix a no annotate browser displayed issue
tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented
nvme_fcloop: fix abort race condition
nvme_fcloop: disassocate local port structs
pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts
backlight: tdo24m: Fix the SPI CS between transfers
blk-mq: fix race between updating nr_hw_queues and switching io sched
blk-mq: avoid to map CPU into stale hw queue
IB/rdmavt: Allocate CQ memory on the correct node
powernv-cpufreq: Add helper to extract pstate from PMSR
gpio: label descriptors using the device name
vfb: fix video mode and line_length being set when loaded
mac80211: Fix setting TX power on monitor interfaces
ACPI: EC: Fix debugfs_create_*() usage
irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry
scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag.
scsi: libiscsi: Allow sd_shutdown on bad transport
spi: sh-msiof: Fix timeout failures for TX-only DMA transfers
ASoC: Intel: cht_bsw_rt5645: Analog Mic support
ASoC: Intel: Skylake: Disable clock gating during firmware and library download
media: videobuf2-core: don't go out of the buffer range
clk: sunxi-ng: a83t: Add M divider to TCON1 clock
hwmon: (ina2xx) Make calibration register value fixed
RDMA/cma: Mark end of CMA ID messages
selftests/net: fix bugs in address and port initialization
PM / devfreq: Fix potential NULL pointer dereference in governor_store
clk: divider: fix incorrect usage of container_of
watchdog: dw_wdt: add stop watchdog operation
VFS: close race between getcwd() and d_move()
net/mlx4_en: Change default QoS settings
ACPI / video: Default lcd_only to true on Win8-ready and newer machines
rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
l2tp: fix missing print session offset info
net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg
net: hns3: free the ring_data structrue when change tqps
perf evsel: Enable ignore_missing_thread for pid option
perf probe: Add warning message if there is unexpected event name
perf probe: Find versioned symbols from map
thermal: power_allocator: fix one race condition issue for thermal_instances list
ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT
Bluetooth: Add a new 04ca:3015 QCA_ROME device
ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node
clk: meson: mpll: use 64-bit maths in params_from_rate
i40iw: Validate correct IRD/ORD connection parameters
i40iw: Correct Q1/XF object count equation
i40iw: Fix sequence number for the first partial FPDU
Revert "ANDROID: sched/tune: Initialize raw_spin_lock in boosted_groups"
Conflicts:
arch/arm64/crypto/Makefile
drivers/clk/qcom/clk-regmap-divider.c
Change-Id: I7d83113e6d6d943804051a983d73067184b9fb39
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
