mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
51459 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Nikolay Borisov
|
d4727e485a |
btrfs: Fix flush bio leak
[ Upstream commit beed9263f4000c48a5c48912f26576f6fa091181 ]
Commit e0ae99941423 ("btrfs: preallocate device flush bio") reworked
the way the flush bio is allocated and used. Concretely it allocates
the bio in __alloc_device and then re-uses it multiple times with a
very simple endio routine that just calls complete() without consuming
a reference. Allocated bios by default come with a ref count of 1,
which is then consumed by the endio routine (or not, in which case they
should be bio_put by the caller). The way the impleementation works now
is that the flush bio has a refcount of 2 and we only ever bio_put it
once, leaving it to hang indefinitely. Fix this by removing the extra
bio_get in __alloc_device.
Fixes: e0ae99941423 ("btrfs: preallocate device flush bio")
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
David Howells
|
622ded5841 |
afs: Fix missing error handling in afs_write_end()
[ Upstream commit afae457d874860a7e299d334f59eede5f3ad4b47 ] afs_write_end() is missing page unlock and put if afs_fill_page() fails. Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Al Viro
|
ac4dc9f1af |
sget(): handle failures of register_shrinker()
[ Upstream commit 9ee332d99e4d5a97548943b81c54668450ce641b ] Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Arnd Bergmann
|
7edaa9afb9 |
exec: avoid gcc-8 warning for get_task_comm
[ Upstream commit 3756f6401c302617c5e091081ca4d26ab604bec5 ] gcc-8 warns about using strncpy() with the source size as the limit: fs/exec.c:1223:32: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] This is indeed slightly suspicious, as it protects us from source arguments without NUL-termination, but does not guarantee that the destination is terminated. This keeps the strncpy() to ensure we have properly padded target buffer, but ensures that we use the correct length, by passing the actual length of the destination buffer as well as adding a build-time check to ensure it is exactly TASK_COMM_LEN. There are only 23 callsites which I all reviewed to ensure this is currently the case. We could get away with doing only the check or passing the right length, but it doesn't hurt to do both. Link: http://lkml.kernel.org/r/20171205151724.1764896-1-arnd@arndb.de Signed-off-by: Arnd Bergmann <arnd@arndb.de> Suggested-by: Kees Cook <keescook@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Ingo Molnar <mingo@kernel.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Serge Hallyn <serge@hallyn.com> Cc: James Morris <james.l.morris@oracle.com> Cc: Aleksa Sarai <asarai@suse.de> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Frederic Weisbecker <frederic@kernel.org> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Isaac J. Manjarres
|
9037bcc8ea |
Merge remote-tracking branch 'remotes/origin/tmp-2c71b7c' into msm-4.14
* remotes/origin/tmp-2c71b7c: Linux 4.14.23 microblaze: fix endian handling m32r: fix endianness constraints drm/i915/breadcrumbs: Ignore unsubmitted signalers drm/amdgpu: add new device to use atpx quirk drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) drm/amdgpu: add atpx quirk handling (v2) drm/amdgpu: only check mmBIF_IOV_FUNC_IDENTIFIER on tonga/fiji drm/amdgpu: Add dpm quirk for Jet PRO (v2) drm/amdgpu: disable MMHUB power gating on raven drm: Handle unexpected holes in color-eviction drm/cirrus: Load lut in crtc_commit usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path usb: gadget: f_fs: Use config_ep_by_speed() usb: gadget: f_fs: Process all descriptors during bind Revert "usb: musb: host: don't start next rx urb if current one failed" usb: ldusb: add PIDs for new CASSY devices supported by this driver usb: dwc3: ep0: Reset TRB counter for ep0 IN usb: dwc3: gadget: Set maxpacket size for ep0 IN usb: host: ehci: use correct device pointer for dma ops drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA Add delay-init quirk for Corsair K70 RGB keyboards arm64: cpufeature: Fix CTR_EL0 field definitions arm64: Disable unhandled signal log messages by default arm64: Remove unimplemented syscall log message usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() PCI/cxgb4: Extend T3 PCI quirk to T4+ devices irqchip/mips-gic: Avoid spuriously handling masked interrupts irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() mm, swap, frontswap: fix THP swap if frontswap enabled x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() Kbuild: always define endianess in kconfig.h iio: adis_lib: Initialize trigger before requesting interrupt iio: buffer: check if a buffer has been set up when poll is called iio: srf08: fix link error "devm_iio_triggered_buffer_setup" undefined iio: adc: stm32: fix stm32h7_adc_enable error handling RDMA/uverbs: Sanitize user entered port numbers prior to access it RDMA/uverbs: Fix circular locking dependency RDMA/uverbs: Fix bad unlock balance in ib_uverbs_close_xrcd RDMA/uverbs: Protect from command mask overflow RDMA/uverbs: Protect from races between lookup and destroy of uobjects extcon: int3496: process id-pin first so that we start with the right status PKCS#7: fix certificate blacklisting PKCS#7: fix certificate chain verification X.509: fix NULL dereference when restricting key with unsupported_sig X.509: fix BUG_ON() when hash algorithm is unsupported i2c: bcm2835: Set up the rising/falling edge delays i2c: designware: must wait for enable cfg80211: fix cfg80211_beacon_dup MIPS: Drop spurious __unused in struct compat_flock scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info xtensa: fix high memory/reserved memory collision MIPS: boot: Define __ASSEMBLY__ for its.S build kconfig.h: Include compiler types to avoid missed struct attributes arm64: mm: don't write garbage into TTBR1_EL1 register netfilter: drop outermost socket lock in getsockopt() ANDROID: sched/fair: fix logic error in wake_cap ANDROID: sdcardfs: Set num in extension_details during make_item Conflicts: drivers/usb/gadget/function/f_fs.c kernel/sched/fair.c Change-Id: I381680472605bdee73e7d24722e23bb846667172 Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
Ritesh Harjani
|
b479cddd98 |
ANDROID: sdcardfs: Set num in extension_details during make_item
Without this patch when you delete an extension from configfs it still exists in the hash table data structures and we are unable to delete it or change it's group. This happens because during deletion the key & value is taken from extension_details, and was not properly set. Fix it by this patch. Change-Id: I7c20cb1ab4d99e6aceadcb5ef850f0bb47f18be8 Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org> Signed-off-by: Daniel Rosenberg <drosen@google.com> Bug: 73055997 |
||
|
Isaac J. Manjarres
|
9636a4ea18 |
Merge remote-tracking branch 'remotes/origin/tmp-af3b8e6' into msm-4.14
* remotes/origin/tmp-af3b8e6:
Linux 4.14.22
vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems
mei: me: add cannon point device ids for 4th device
mei: me: add cannon point device ids
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
drm/i915: fix intel_backlight_device_register declaration
crypto: talitos - fix Kernel Oops on hashing an empty file
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
powerpc/perf/imc: Fix nest-imc cpuhotplug callback failure
PCI: rcar: Fix use-after-free in probe error path
xen: XEN_ACPI_PROCESSOR is Dom0-only
platform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
usb: dwc3: of-simple: fix missing clk_disable_unprepare
usb: dwc3: gadget: Wait longer for controller to end command processing
dmaengine: jz4740: disable/unprepare clk if probe fails
drm/vc4: Release fence after signalling
ASoC: rsnd: ssi: fix race condition in rsnd_ssi_pointer_update
drm/armada: fix leak of crtc structure
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
IB/mlx4: Fix RSS hash fields restrictions
spi: sun4i: disable clocks in the remove function
ASoC: rockchip: disable clock on error
staging: ccree: Uninitialized return in ssi_ahash_import()
clk: fix a panic error caused by accessing NULL pointer
netfilter: xt_bpf: add overflow checks
xfrm: Fix xfrm_input() to verify state is valid when (encap_type < 0)
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
dmaengine: ioat: Fix error handling path
scsi: bfa: fix type conversion warning
scsi: bfa: fix access to bfad_im_port_s
scsi: lpfc: Use after free in lpfc_rq_buf_free()
gianfar: Disable EEE autoneg by default
509: fix printing uninitialized stack memory when OID is empty
net: dsa: mv88e6xxx: Unregister MDIO bus on error path
net: dsa: mv88e6xxx: Fix interrupt masking on removal
net: ethernet: arc: fix error handling in emac_rockchip_probe
virtio_net: fix return value check in receive_mergeable()
brcmfmac: Avoid build error with make W=1
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
Btrfs: disable FUA if mounted with nobarrier
btrfs: Fix quota reservation leak on preallocated files
locking/lockdep: Fix possible NULL deref
net: qualcomm: rmnet: Fix leak on transmit failure
KVM: VMX: fix page leak in hardware_setup()
VSOCK: fix outdated sk_state value in hvs_release()
net_sched: red: Avoid illegal values
net_sched: red: Avoid devision by zero
gianfar: fix a flooded alignment reports because of padding issue.
nfp: fix port stats for mac representors
ARM: dts: Fix elm interrupt compiler warning
s390/dasd: prevent prefix I/O error
s390/virtio: add BSD license to virtio-ccw
PM / runtime: Fix handling of suppliers with disabled runtime PM
powerpc/perf: Fix oops when grouping different pmu events
m68k: add missing SOFTIRQENTRY_TEXT linker section
ipvlan: Add the skb->mark as flow4's member to lookup route
bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
iio: fix kernel-doc build errors
iio: proximity: sx9500: Assign interrupt from GpioIo()
md/raid1/10: add missed blk plug
phylink: ensure we take the link down when phylink_stop() is called
sfp: fix RX_LOS signal handling
sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune
md/raid5: correct degraded calculation in raid5_error
IB/core: Init subsys if compiled to vmlinuz-core
RDMA/cma: Make sure that PSN is not over max allowed
i40iw: Correct ARP index mask
i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE
i40iw: Allocate a sdbuf per CQP WQE
KVM: arm/arm64: Fix spinlock acquisition in vgic_set_owner
meson-gx-socinfo: Fix package id parsing
IB/hfi1: Initialize bth1 in 16B rc ack builder
pinctrl: sunxi: Fix A64 UART mux value
pinctrl: sunxi: Fix A80 interrupt pin bank
gpio: davinci: Assign first bank regs for unbanked case
gpio: 74x164: Fix crash during .remove()
net: mvpp2: allocate zeroed tx descriptors
media: ov13858: Select V4L2_FWNODE
media: s5k6aa: describe some function parameters
trace/xdp: fix compile warning: 'struct bpf_map' declared inside parameter list
kvm: arm: don't treat unavailable HYP mode as an error
pinctrl: denverton: Fix UART2 RTS pin mode
perf test: Fix test 21 for s390x
perf bench numa: Fixup discontiguous/sparse numa nodes
perf top: Fix window dimensions change handling
perf: Fix header.size for namespace events
perf test shell: Fix check open filename arg using 'perf trace' on s390x
perf annotate: Do not truncate instruction names at 6 chars
perf help: Fix a bug during strstart() conversion
perf record: Fix -c/-F options for cpu event aliases
ARM: dts: am437x-cm-t43: Correct the dmas property of spi0
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: logicpd-somlv: Fix wl127x pinmux
ARM: dts: logicpd-som-lv: Fix gpmc addresses for NAND and enet
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
serdev: fix receive_buf return value when no callback
usb: build drivers/usb/common/ when USB_SUPPORT is set
usbip: keep usbip_device sockfd state in sync with tcp_socket
staging: iio: ad5933: switch buffer mode to software
staging: iio: adc: ad7192: fix external frequency setting
staging: fsl-mc: fix build testing on x86
binder: replace "%p" with "%pK"
binder: check for binder_thread allocation failure in binder_poll()
staging: android: ashmem: Fix a race condition in pin ioctls
ANDROID: binder: synchronize_rcu() when using POLLFREE.
ANDROID: binder: remove WARN() for redundant txn error
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
arm64: dts: add #cooling-cells to CPU nodes
ARM: 8743/1: bL_switcher: add MODULE_LICENSE tag
video: fbdev/mmp: add MODULE_LICENSE
ASoC: ux500: add MODULE_LICENSE tag
net_sched: gen_estimator: fix lockdep splat
net: avoid skb_warn_bad_offload on IS_ERR
rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete
rds: tcp: correctly sequence cleanup on netns deletion.
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
kcov: detect double association with a single task
KVM: x86: fix escape of guest dr6 to the host
blk_rq_map_user_iov: fix error override
staging: android: ion: Switch from WARN to pr_warn
staging: android: ion: Add __GFP_NOWARN for system contig heap
crypto: x86/twofish-3way - Fix %rbp usage
media: pvrusb2: properly check endpoint types
selinux: skip bounded transition processing if the policy isn't loaded
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
ptr_ring: try vmalloc() when kmalloc() fails
ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
ALSA: bcd2000: Add a sanity check for invalid EPs
ALSA: caiaq: Add a sanity check for invalid EPs
ALSA: line6: Add a sanity check for invalid EPs
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
blktrace: fix unlocked registration of tracepoints
sctp: set frag_point in sctp_setsockopt_maxseg correctly
xfrm: check id proto in validate_tmpl()
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
RDMA/netlink: Fix general protection fault
KVM/x86: Check input paging mode when cs.l is set
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
xfrm: skip policies marked as dead while rehashing
xfrm: fix rcu usage in xfrm_get_type_offload
xfrm: don't call xfrm_policy_cache_flush while holding spinlock
esp: Fix GRO when the headers not fully in the linear part of the skb.
mac80211_hwsim: validate number of different channels
cfg80211: check dev_set_name() return value
bpf: mark dst unknown on inconsistent {s, u}bounds adjustments
kcm: Only allow TCP sockets to be attached to a KCM mux
kcm: Check if sk_user_data already set in kcm_attach
vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
usb: core: Add a helper function to check the validity of EP type in URB
ANDROID: sdcardfs: Hold i_mutex for i_size_write
FROMGIT: crypto: speck - add test vectors for Speck64-XTS
FROMGIT: crypto: speck - add test vectors for Speck128-XTS
FROMGIT: crypto: arm/speck - add NEON-accelerated implementation of Speck-XTS
FROMGIT: crypto: speck - export common helpers
FROMGIT: crypto: speck - add support for the Speck block cipher
f2fs: updates on v4.16-rc1
Conflicts:
drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
Change-Id: I420172cd4438ce010645ceb00a71c4e3f03596d8
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Greg Kroah-Hartman
|
af3b8e683e |
This is the 4.14.22 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqSiwYACgkQONu9yGCS
aT5Z0w//dVBMZvvT1H0J9SzFlyhiGf2UfX1WA5LVPXF/wPVnmAnbVu6R4XosII4T
xqqRPGmwkPaShl+xj775Hqhq/+lGBOT3Hnt7YGLN5Izu8z473mC5VGtYEfRzuUGi
al98aR8jE0TFCX/Jf8hI/JI7ll+oArNaLSMsIz1N2Vb2uE9z+9d2Wis0tfhFyASG
E3WqCDPyq4G4tvUqNhWuDJ587e+KCKyyRbX4XXdKHsidx3deoGvuq3aRypX3FLbA
L6Ee6mmDzCvdwjzL/cVX9xFaOwhYUglz6q55bxOPzLYe7PAu+NL8qou0c+wbuqeG
5COu/jYnsnHyCr3jL2AgkLiKeXcv7i9yEMknndcl/QX7uNv3VHaa+iTHXQOHL01+
xg05SjWHZuK+5WOQ3qCBEUE1Xl9s/snrbe4SSjb496MfFa4XAi93HLa8qVYZvKBS
PziRgXHKrwdUyVHaXlukK+XrxKrkX9MAnFcdCoMAqmAk0IiquhWOi1Rg4wNwqwSd
e3kDnhAIeII7RLE04iaCNVrEE4edFco58TNkxb25MYnaLB1fdZnPL6P4JeYYBKbi
hVdzHYQLHW6hcu+/wO9M94WQlcTV2c4qjXTBmpFTQD8MiUi01FxprlEzq8Z7tsEr
ZsUWlhzWGe0OAJI4ifpxRPF2hiMKaFMKKAKEGGDyAzHj8pSizbs=
=d6BQ
-----END PGP SIGNATURE-----
Merge 4.14.22 into android-4.14
Changes in 4.14.22
usb: core: Add a helper function to check the validity of EP type in URB
vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
kcm: Check if sk_user_data already set in kcm_attach
kcm: Only allow TCP sockets to be attached to a KCM mux
bpf: mark dst unknown on inconsistent {s, u}bounds adjustments
cfg80211: check dev_set_name() return value
mac80211_hwsim: validate number of different channels
esp: Fix GRO when the headers not fully in the linear part of the skb.
xfrm: don't call xfrm_policy_cache_flush while holding spinlock
xfrm: fix rcu usage in xfrm_get_type_offload
xfrm: skip policies marked as dead while rehashing
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
KVM/x86: Check input paging mode when cs.l is set
RDMA/netlink: Fix general protection fault
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
xfrm: check id proto in validate_tmpl()
sctp: set frag_point in sctp_setsockopt_maxseg correctly
blktrace: fix unlocked registration of tracepoints
dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
ALSA: line6: Add a sanity check for invalid EPs
ALSA: caiaq: Add a sanity check for invalid EPs
ALSA: bcd2000: Add a sanity check for invalid EPs
ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
ptr_ring: try vmalloc() when kmalloc() fails
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
selinux: skip bounded transition processing if the policy isn't loaded
media: pvrusb2: properly check endpoint types
crypto: x86/twofish-3way - Fix %rbp usage
staging: android: ion: Add __GFP_NOWARN for system contig heap
staging: android: ion: Switch from WARN to pr_warn
blk_rq_map_user_iov: fix error override
KVM: x86: fix escape of guest dr6 to the host
kcov: detect double association with a single task
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
rds: tcp: correctly sequence cleanup on netns deletion.
rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete
net: avoid skb_warn_bad_offload on IS_ERR
net_sched: gen_estimator: fix lockdep splat
ASoC: ux500: add MODULE_LICENSE tag
video: fbdev/mmp: add MODULE_LICENSE
ARM: 8743/1: bL_switcher: add MODULE_LICENSE tag
arm64: dts: add #cooling-cells to CPU nodes
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
ANDROID: binder: remove WARN() for redundant txn error
ANDROID: binder: synchronize_rcu() when using POLLFREE.
staging: android: ashmem: Fix a race condition in pin ioctls
binder: check for binder_thread allocation failure in binder_poll()
binder: replace "%p" with "%pK"
staging: fsl-mc: fix build testing on x86
staging: iio: adc: ad7192: fix external frequency setting
staging: iio: ad5933: switch buffer mode to software
usbip: keep usbip_device sockfd state in sync with tcp_socket
usb: build drivers/usb/common/ when USB_SUPPORT is set
serdev: fix receive_buf return value when no callback
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: dts: logicpd-som-lv: Fix gpmc addresses for NAND and enet
ARM: dts: logicpd-somlv: Fix wl127x pinmux
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: am437x-cm-t43: Correct the dmas property of spi0
perf record: Fix -c/-F options for cpu event aliases
perf help: Fix a bug during strstart() conversion
perf annotate: Do not truncate instruction names at 6 chars
perf test shell: Fix check open filename arg using 'perf trace' on s390x
perf: Fix header.size for namespace events
perf top: Fix window dimensions change handling
perf bench numa: Fixup discontiguous/sparse numa nodes
perf test: Fix test 21 for s390x
pinctrl: denverton: Fix UART2 RTS pin mode
kvm: arm: don't treat unavailable HYP mode as an error
trace/xdp: fix compile warning: 'struct bpf_map' declared inside parameter list
media: s5k6aa: describe some function parameters
media: ov13858: Select V4L2_FWNODE
net: mvpp2: allocate zeroed tx descriptors
gpio: 74x164: Fix crash during .remove()
gpio: davinci: Assign first bank regs for unbanked case
pinctrl: sunxi: Fix A80 interrupt pin bank
pinctrl: sunxi: Fix A64 UART mux value
IB/hfi1: Initialize bth1 in 16B rc ack builder
meson-gx-socinfo: Fix package id parsing
KVM: arm/arm64: Fix spinlock acquisition in vgic_set_owner
i40iw: Allocate a sdbuf per CQP WQE
i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE
i40iw: Correct ARP index mask
RDMA/cma: Make sure that PSN is not over max allowed
IB/core: Init subsys if compiled to vmlinuz-core
md/raid5: correct degraded calculation in raid5_error
sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune
sfp: fix RX_LOS signal handling
phylink: ensure we take the link down when phylink_stop() is called
md/raid1/10: add missed blk plug
iio: proximity: sx9500: Assign interrupt from GpioIo()
iio: fix kernel-doc build errors
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown
ipvlan: Add the skb->mark as flow4's member to lookup route
m68k: add missing SOFTIRQENTRY_TEXT linker section
powerpc/perf: Fix oops when grouping different pmu events
PM / runtime: Fix handling of suppliers with disabled runtime PM
s390/virtio: add BSD license to virtio-ccw
s390/dasd: prevent prefix I/O error
ARM: dts: Fix elm interrupt compiler warning
nfp: fix port stats for mac representors
gianfar: fix a flooded alignment reports because of padding issue.
net_sched: red: Avoid devision by zero
net_sched: red: Avoid illegal values
VSOCK: fix outdated sk_state value in hvs_release()
KVM: VMX: fix page leak in hardware_setup()
net: qualcomm: rmnet: Fix leak on transmit failure
locking/lockdep: Fix possible NULL deref
btrfs: Fix quota reservation leak on preallocated files
Btrfs: disable FUA if mounted with nobarrier
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
brcmfmac: Avoid build error with make W=1
virtio_net: fix return value check in receive_mergeable()
net: ethernet: arc: fix error handling in emac_rockchip_probe
net: dsa: mv88e6xxx: Fix interrupt masking on removal
net: dsa: mv88e6xxx: Unregister MDIO bus on error path
509: fix printing uninitialized stack memory when OID is empty
gianfar: Disable EEE autoneg by default
scsi: lpfc: Use after free in lpfc_rq_buf_free()
scsi: bfa: fix access to bfad_im_port_s
scsi: bfa: fix type conversion warning
dmaengine: ioat: Fix error handling path
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
xfrm: Fix xfrm_input() to verify state is valid when (encap_type < 0)
netfilter: xt_bpf: add overflow checks
clk: fix a panic error caused by accessing NULL pointer
staging: ccree: Uninitialized return in ssi_ahash_import()
ASoC: rockchip: disable clock on error
spi: sun4i: disable clocks in the remove function
IB/mlx4: Fix RSS hash fields restrictions
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
drm/armada: fix leak of crtc structure
ASoC: rsnd: ssi: fix race condition in rsnd_ssi_pointer_update
drm/vc4: Release fence after signalling
dmaengine: jz4740: disable/unprepare clk if probe fails
usb: dwc3: gadget: Wait longer for controller to end command processing
usb: dwc3: of-simple: fix missing clk_disable_unprepare
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
platform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410
xen: XEN_ACPI_PROCESSOR is Dom0-only
PCI: rcar: Fix use-after-free in probe error path
powerpc/perf/imc: Fix nest-imc cpuhotplug callback failure
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
crypto: talitos - fix Kernel Oops on hashing an empty file
drm/i915: fix intel_backlight_device_register declaration
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
mei: me: add cannon point device ids
mei: me: add cannon point device ids for 4th device
vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems
Linux 4.14.22
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Nikolay Borisov
|
90b0805d60 |
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
[ Upstream commit c8bcbfbd239ed60a6562964b58034ac8a25f4c31 ]
The name char array passed to btrfs_search_path_in_tree is of size
BTRFS_INO_LOOKUP_PATH_MAX (4080). So the actual accessible char indexes
are in the range of [0, 4079]. Currently the code uses the define but this
represents an off-by-one.
Implications:
Size of btrfs_ioctl_ino_lookup_args is 4096, so the new byte will be
written to extra space, not some padding that could be provided by the
allocator.
btrfs-progs store the arguments on stack, but kernel does own copy of
the ioctl buffer and the off-by-one overwrite does not affect userspace,
but the ending 0 might be lost.
Kernel ioctl buffer is allocated dynamically so we're overwriting
somebody else's memory, and the ioctl is privileged if args.objectid is
not 256. Which is in most cases, but resolving a subvolume stored in
another directory will trigger that path.
Before this patch the buffer was one byte larger, but then the -1 was
not added.
Fixes: ac8e9819d71f907 ("Btrfs: add search and inode lookup ioctls")
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ added implications ]
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Omar Sandoval
|
27b0dc3168 |
Btrfs: disable FUA if mounted with nobarrier
[ Upstream commit 1b9e619c5bc8235cfba3dc4ced2fb0e3554a05d4 ]
I was seeing disk flushes still happening when I mounted a Btrfs
filesystem with nobarrier for testing. This is because we use FUA to
write out the first super block, and on devices without FUA support, the
block layer translates FUA to a flush. Even on devices supporting true
FUA, using FUA when we asked for no barriers is surprising.
Fixes: 387125fc722a8ed ("Btrfs: fix barrier flushes")
Signed-off-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Justin Maggard
|
8edc5b9772 |
btrfs: Fix quota reservation leak on preallocated files
[ Upstream commit b430b7751286b3acff2d324553c8cec4f1e87764 ]
Commit c6887cd11149 ("Btrfs: don't do nocow check unless we have to")
changed the behavior of __btrfs_buffered_write() so that it first tries
to get a data space reservation, and then skips the relatively expensive
nocow check if the reservation succeeded.
If we have quotas enabled, the data space reservation also includes a
quota reservation. But in the rewrite case, the space has already been
accounted for in qgroups. So btrfs_check_data_free_space() increases
the quota reservation, but it never gets decreased when the data
actually gets written and overwrites the pre-existing data. So we're
left with both the qgroup and qgroup reservation accounting for the same
space.
This commit adds the missing btrfs_qgroup_free_data() call in the case
of BTRFS_ORDERED_PREALLOC extents.
Fixes: c6887cd11149 ("Btrfs: don't do nocow check unless we have to")
Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Jan Kara
|
3587188ad5 |
dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
commit b3a0066005821acdc0cdb092cb72587182ab583f upstream. fsnotify_add_mark_locked() can fail but we do not check its return value. This didn't matter before commit 9dd813c15b2c "fsnotify: Move mark list head from object into dedicated structure" as none of possible failures could happen for dnotify but after that commit -ENOMEM can be returned. Handle this error properly in fcntl_dirnotify() as otherwise we just hit BUG_ON(dn_mark->dn) in dnotify_free_mark(). Reviewed-by: Amir Goldstein <amir73il@gmail.com> Reported-by: syzkaller Fixes: 9dd813c15b2c101168808d4f5941a29985758973 Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Isaac J. Manjarres
|
2c7009015c |
Merge remote-tracking branch 'remotes/origin/tmp-474d3c4' into msm-4.14
* remotes/origin/tmp-474d3c4:
Linux 4.14.21
ovl: hash directory inodes for fsnotify
ASoC: acpi: fix machine driver selection based on quirk
mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb
mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec
mmc: sdhci-of-esdhc: disable SD clock for clock value 0
media: r820t: fix r820t_write_reg for KASAN
ARM: dts: Delete bogus reference to the charlcd
arm: dts: mt2701: Add reset-cells
arm: dts: mt7623: Update ethsys binding
ARM: dts: s5pv210: add interrupt-parent for ohci
arm64: dts: msm8916: Add missing #phy-cells
ARM: pxa/tosa-bt: add MODULE_LICENSE tag
ARM: dts: exynos: fix RTC interrupt for exynos5410
Bluetooth: BT_HCIUART now depends on SERIAL_DEV_BUS
scsi: core: check for device state in __scsi_remove_target()
x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages
usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
mvpp2: fix multicast address filter
ALSA: seq: Fix racy pool initializations
ALSA: usb: add more device quirks for USB DSD devices
ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
ALSA: hda/realtek - Add headset mode support for Dell laptop
ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
ALSA: hda - Fix headset mic detection problem for two Dell machines
mtd: nand: vf610: set correct ooblayout
9p/trans_virtio: discard zero-length reply
Btrfs: fix unexpected -EEXIST when creating new inode
Btrfs: fix use-after-free on root->orphan_block_rsv
Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly
Btrfs: fix extent state leak from tree log
Btrfs: fix crash due to not cleaning up tree log block's dirty bits
Btrfs: fix deadlock in run_delalloc_nocow
dm: correctly handle chained bios in dec_pending()
iscsi-target: make sure to wake up sleeping login worker
target/iscsi: avoid NULL dereference in CHAP auth error path
blk-wbt: account flush requests correctly
xprtrdma: Fix BUG after a device removal
xprtrdma: Fix calculation of ri_max_send_sges
drm/qxl: reapply cursor after resetting primary
qxl: alloc & use shadow for dumb buffers
arm64: proc: Set PTE_NG for table entries to avoid traversing them twice
rtlwifi: rtl8821ae: Fix connection lost problem correctly
mpls, nospec: Sanitize array index in mpls_label_ok()
tracing: Fix parsing of globs with a wildcard at the beginning
seq_file: fix incomplete reset on read from zero offset
xenbus: track caller request id
xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests
rbd: whitelist RBD_FEATURE_OPERATIONS feature bit
console/dummy: leave .con_font_get set to NULL
video: fbdev: atmel_lcdfb: fix display-timings lookup
PCI: keystone: Fix interrupt-controller-node lookup
PCI: iproc: Fix NULL pointer dereference for BCMA
PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
MIPS: Fix incorrect mem=X@Y handling
MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN
mm: Fix memory size alignment in devm_memremap_pages_release()
mm: hide a #warning for COMPILE_TEST
ext4: correct documentation for grpid mount option
ext4: save error to disk in __ext4_grp_locked_error()
ext4: fix a race in the ext4 shutdown path
jbd2: fix sphinx kernel-doc build warnings
Revert "apple-gmux: lock iGP IO to protect from vgaarb changes"
mlx5: fix mlx5_get_vector_affinity to start from completion vector 0
Revert "mmc: meson-gx: include tx phase in the tuning process"
mmc: bcm2835: Don't overwrite max frequency unconditionally
mmc: sdhci: Implement an SDHCI-specific bounce buffer
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
rtc-opal: Fix handling of firmware error codes, prevent busy loops
drm/radeon: adjust tested variable
drm/radeon: Add dpm quirk for Jet PRO (v2)
arm64: Add missing Falkor part number for branch predictor hardening
drm/ast: Load lut in crtc_commit
drm/amd/powerplay: Fix smu_table_entry.handle type
drm/qxl: unref cursor bo when finished with it
drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap() (v2)
drm/ttm: Don't add swapped BOs to swap-LRU list
x86/entry/64: Fix CR3 restore in paranoid_exit()
x86/cpu: Change type of x86_cache_size variable to unsigned int
x86/spectre: Fix an error message
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
selftests/x86/mpx: Fix incorrect bounds with old _sigfault
x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]()
kmemcheck: rip it out for real
kmemcheck: rip it out
kmemcheck: remove whats left of NOTRACK flags
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
kmemcheck: remove annotations
x86/speculation: Add <asm/msr-index.h> dependency
nospec: Move array_index_nospec() parameter checking into separate macro
x86/speculation: Fix up array_index_nospec_mask() asm constraint
x86/debug: Use UD2 for WARN()
x86/debug, objtool: Annotate WARN()-related UD2 as reachable
objtool: Fix segfault in ignore_unreachable_insn()
selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems
selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c
selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
selftests/x86/pkeys: Remove unused functions
selftests/x86: Clean up and document sscanf() usage
selftests/x86: Fix vDSO selftest segfault for vsyscall=none
x86/entry/64: Remove the unused 'icebp' macro
x86/entry/64: Fix paranoid_entry() frame pointer warning
x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly
x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros
x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases
x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro
x86/entry/64: Interleave XOR register clearing with PUSH instructions
x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro
x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions
x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface
PM: cpuidle: Fix cpuidle_poll_state_init() prototype
PM / runtime: Update links_count also if !CONFIG_SRCU
x86/speculation: Clean up various Spectre related details
KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap
X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods
Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()"
x86/speculation: Correct Speculation Control microcode blacklist again
x86/speculation: Update Speculation Control microcode blacklist
x86/mm/pti: Fix PTI comment in entry_SYSCALL_64()
powerpc/mm/radix: Split linear mapping on hot-unplug
crypto: sun4i_ss_prng - convert lock to _bh in sun4i_ss_prng_generate
crypto: sun4i_ss_prng - fix return value of sun4i_ss_prng_generate
compiler-gcc.h: __nostackprotector needs gcc-4.4 and up
compiler-gcc.h: Introduce __optimize function attribute
x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface
x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface
x86: PM: Make APM idle driver initialize polling state
x86/xen: init %gs very early to avoid page faults with stack protector
x86/kexec: Make kexec (mostly) work in 5-level paging mode
x86/gpu: add CFL to early quirks
drm/i915/kbl: Change a KBL pci id to GT2 from GT1.5
drm/i915: add GT number to intel_device_info
arm: spear13xx: Fix spics gpio controller's warning
arm: spear13xx: Fix dmas cells
arm: spear600: Add missing interrupt-parent of rtc
arm: dts: mt7623: fix card detection issue on bananapi-r2
ARM: dts: nomadik: add interrupt-parent for clcd
ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
ARM: lpc3250: fix uda1380 gpio numbers
arm64: dts: msm8916: Correct ipc references for smsm
s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
dma-buf: fix reservation_object_wait_timeout_rcu once more v2
powerpc: Fix DABR match on hash based systems
powerpc/xive: Use hw CPU ids when configuring the CPU queues
powerpc/mm: Flush radix process translations when setting MMU type
powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
powerpc/radix: Remove trace_tlbie call from radix__flush_tlb_all
ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
mwifiex: resolve reset vs. remove()/shutdown() deadlocks
PM / devfreq: Propagate error from devfreq_add_device()
swiotlb: suppress warning when __GFP_NOWARN is set
cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
RDMA/rxe: Fix rxe_qp_cleanup()
RDMA/rxe: Fix a race condition in rxe_requester()
RDMA/rxe: Fix a race condition related to the QP error state
kselftest: fix OOM in memory compaction test
selftests: seccomp: fix compile error seccomp_bpf
IB/core: Avoid a potential OOPs for an unused optional parameter
IB/core: Fix ib_wc structure size to remain in 64 bytes boundary
IB/core: Fix two kernel warnings triggered by rxe registration
IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
IB/qib: Fix comparison error with qperf compare/swap test
IB/umad: Fix use of unprotected device pointer
scsi: smartpqi: allow static build ("built-in")
tracing: Prevent PROFILE_ALL_BRANCHES when FORTIFY_SOURCE=y
Change-Id: I351a603ea607d9c158727d60c8915981a555044f
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Daniel Rosenberg
|
cc668ff4b6 |
ANDROID: sdcardfs: Hold i_mutex for i_size_write
When we call i_size_write, we must be holding i_mutex to avoid possible lockups on 32 bit/SMP architectures. This is not necessary on 64 bit architectures. Change-Id: Ic3b946507c54d81b5c9046f9b57d25d4b0f9feef Signed-off-by: Daniel Rosenberg <drosen@google.com> Bug: 73287721 |
||
Jaegeuk Kim
|
ce767d9a55 |
f2fs: updates on v4.16-rc1
Pull f2fs updates from Jaegeuk Kim:
"In this round, we've followed up to support some generic features such
as cgroup, block reservation, linking fscrypt_ops, delivering
write_hints, and some ioctls. And, we could fix some corner cases in
terms of power-cut recovery and subtle deadlocks.
Enhancements:
- bitmap operations to handle NAT blocks
- readahead to improve readdir speed
- switch to use fscrypt_*
- apply write hints for direct IO
- add reserve_root=%u,resuid=%u,resgid=%u to reserve blocks for root/uid/gid
- modify b_avail and b_free to consider root reserved blocks
- support cgroup writeback
- support FIEMAP_FLAG_XATTR for fibmap
- add F2FS_IOC_PRECACHE_EXTENTS to pre-cache extents
- add F2FS_IOC_{GET/SET}_PIN_FILE to pin LBAs for data blocks
- support inode creation time
Bug fixs:
- sysfile-based quota operations
- memory footprint accounting
- allow to write data on partial preallocation case
- fix deadlock case on fallocate
- fix to handle fill_super errors
- fix missing inode updates of fsync'ed file
- recover renamed file which was fsycn'ed before
- drop inmemory pages in corner error case
- keep last_disk_size correctly
- recover missing i_inline flags during roll-forward
Various clean-up patches were added as well"
Cherry-pick from origin/upstream-f2fs-stable-linux-4.14.y:
00f0eaaadfe0 f2fs: support inode creation time
3e7444adf953 f2fs: rebuild sit page from sit info in mem
76688790c3bf f2fs: stop issuing discard if fs is readonly
ae93dca26413 f2fs: clean up duplicated assignment in init_discard_policy
0052bba1313e f2fs: use GFP_F2FS_ZERO for cleanup
6271336cfa80 f2fs: allow to recover node blocks given updated checkpoint
e003a2d15352 f2fs: recover some i_inline flags
3cafae53f3ef f2fs: correct removexattr behavior for null valued extended attribute
78d7fa9ac21f f2fs: drop page cache after fs shutdown
150b61cee574 f2fs: stop gc/discard thread after fs shutdown
cf27ccc41e86 f2fs: hanlde error case in f2fs_ioc_shutdown
1526117cdaa6 f2fs: split need_inplace_update
cd576d7b7a95 f2fs: fix to update last_disk_size correctly
7a57bd3313c2 f2fs: kill F2FS_INLINE_XATTR_ADDRS for cleanup
95eb6a6ceb04 f2fs: clean up error path of fill_super
63c949c97384 f2fs: avoid hungtask when GC encrypted block if io_bits is set
583d13d10c8a f2fs: allow quota to use reserved blocks
fbe371d3cdb2 f2fs: fix to drop all inmem pages correctly
7e08ce43562d f2fs: speed up defragment on sparse file
0f914cab8ce3 f2fs: support F2FS_IOC_PRECACHE_EXTENTS
ed1311e58555 f2fs: add an ioctl to disable GC for specific file
b08974ab5e0a f2fs: prevent newly created inode from being dirtied incorrectly
e8a8acf602a3 f2fs: support FIEMAP_FLAG_XATTR
042aeed690a3 f2fs: fix to cover f2fs_inline_data_fiemap with inode_lock
9cf9c37ebe90 f2fs: check node page again in write end io
b9eedb48132e f2fs: fix to caclulate required free section correctly
75ae50cf1539 f2fs: handle newly created page when revoking inmem pages
871b97493627 f2fs: add resgid and resuid to reserve root blocks
0cf361acdb47 f2fs: implement cgroup writeback support
196d52cf4ebe f2fs: remove unused pend_list_tag
6e899a83f5e0 f2fs: avoid high cpu usage in discard thread
bb1af976c2a2 f2fs: make local functions static
ad658936ea9d f2fs: add reserved blocks for root user
c6e64f1ff11c f2fs: check segment type in __f2fs_replace_block
88cdc60b7308 f2fs: update inode info to inode page for new file
4203e9fbd857 f2fs: show precise # of blocks that user/root can use
47dc137291e3 f2fs: clean up unneeded declaration
27f9e55195b1 f2fs: continue to do direct IO if we only preallocate partial blocks
f2f137831464 f2fs: enable quota at remount from r to w
d507f30065b3 f2fs: skip stop_checkpoint for user data writes
4b242ffcdb1f f2fs: fix missing error number for xattr operation
c6c76a0e6154 f2fs: recover directory operations by fsync
5943e3992eed f2fs: return error during fill_super
93579c97259b f2fs: fix an error case of missing update inode page
3d753c15af04 f2fs: fix potential hangtask in f2fs_trace_pid
625f066c5d18 f2fs: no need return value in restore summary process
f76c831abdd7 f2fs: use unlikely for release case
0408ad5efb28 f2fs: don't return value in truncate_data_blocks_range
62e507cd2b91 f2fs: clean up f2fs_map_blocks
233b197757c0 f2fs: clean up hash codes
58d550e5da7c f2fs: fix error handling in fill_super
35d78e6fc851 f2fs: spread f2fs_k{m,z}alloc
fecf31ce115a f2fs: inject fault to kvmalloc
41af39db9fd0 f2fs: inject fault to kzalloc
9fecb4159dc1 f2fs: remove a redundant conditional expression
8e56c02ee9fa f2fs: apply write hints to select the type of segment for direct write
a4015f91473e f2fs: switch to fscrypt_prepare_setattr()
56351ec774b8 f2fs: switch to fscrypt_prepare_lookup()
51f2caabf9a8 f2fs: switch to fscrypt_prepare_rename()
f9a35b22b914 f2fs: switch to fscrypt_prepare_link()
787bd2632d66 f2fs: switch to fscrypt_file_open()
eb9d8ee0fdb8 posix_acl: convert posix_acl.a_refcount from atomic_t to refcount_t
bd0bb8ab0c90 f2fs: remove repeated f2fs_bug_on
d1c0441c02cb f2fs: remove an excess variable
3f12c94d1b3c f2fs: fix lock dependency in between dio_rwsem & i_mmap_sem
39685b35e80a f2fs: remove unused parameter
b83577043a48 f2fs: still write data if preallocate only partial blocks
b61cf217182b f2fs: introduce sysfs readdir_ra to readahead inode block in readdir
44ed9b2d125c f2fs: fix concurrent problem for updating free bitmap
08be3792ef4b f2fs: remove unneeded memory footprint accounting
33362399b3fc f2fs: no need to read nat block if nat_block_bitmap is set
01bb5c8b1f32 f2fs: reserve nid resource for quota sysfile
Change-Id: Ie0beb18a04fc300d1591d64c7ae542a478644e26
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
|
||
|
Greg Kroah-Hartman
|
474d3c467b |
This is the 4.14.21 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqO1toACgkQONu9yGCS
aT49JhAAjKxDe1PA6lq51uyWHlR73vJ93SvtDCHuM8s6aj/rb880vjeZumWcEAdR
nl2Yj/T0z9yZkBrw8Om/3BX4PfsF6hqq1TAufxYeKs08nVQ60v3/a4Mz9CYu8e0A
mXdK6DvSEQRS6S0vc83W2+fj5e05Vfvv23FlsngtH6IxaOL7mnRTxNmP5/PMP3QX
xtOKRBB7ghqqfV8U+yAJ0fbTKu0a+ztPLxCe2Lk+7U7yFpqLudzBfTV06QpcqwSF
fXdRWv8319c24585qubm2N1zDJ8PsxlcFWmvgbcZgO+lk1Zf4XuzxjsElg6PpYvT
m+8L1/Qo4k+L3eXJJiwLPqd6LP9VtspvRItZKMFMPZJNWLdk9tnjcLuA/HpTUvo9
EO/fXBP3YrX48TrjGIu9K4ToZvLFWGcDno5Vges0fb2MkixWF5b2naEdeS+B7SF2
ckYAWuoZPErmmNo6bhIkdizube6k8t+Ch7JxkxWgZh+Jw80drqSBzfdWKTLMl3k0
Nvo8RdbuSrDSg40NHT/d46tBguMp9n/J8eu6f/poN1VZRdqZkgqZ7xHjl7vgRRkg
nfcVndDTw099hhC0OuWVHJMpk62wVz+tRPNOR/yCucDPH1//HuEZ62sQzcjpPQ9l
ML2MD4zrTORK9VuztJFET8feWQ4KrqoSdE8HMD+TtMhhShcZcJA=
=vnDS
-----END PGP SIGNATURE-----
Merge 4.14.21 into android-4.14
Changes in 4.14.21
tracing: Prevent PROFILE_ALL_BRANCHES when FORTIFY_SOURCE=y
scsi: smartpqi: allow static build ("built-in")
IB/umad: Fix use of unprotected device pointer
IB/qib: Fix comparison error with qperf compare/swap test
IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
IB/core: Fix two kernel warnings triggered by rxe registration
IB/core: Fix ib_wc structure size to remain in 64 bytes boundary
IB/core: Avoid a potential OOPs for an unused optional parameter
selftests: seccomp: fix compile error seccomp_bpf
kselftest: fix OOM in memory compaction test
RDMA/rxe: Fix a race condition related to the QP error state
RDMA/rxe: Fix a race condition in rxe_requester()
RDMA/rxe: Fix rxe_qp_cleanup()
cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
swiotlb: suppress warning when __GFP_NOWARN is set
PM / devfreq: Propagate error from devfreq_add_device()
mwifiex: resolve reset vs. remove()/shutdown() deadlocks
ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
powerpc/radix: Remove trace_tlbie call from radix__flush_tlb_all
powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
powerpc/mm: Flush radix process translations when setting MMU type
powerpc/xive: Use hw CPU ids when configuring the CPU queues
powerpc: Fix DABR match on hash based systems
dma-buf: fix reservation_object_wait_timeout_rcu once more v2
s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
arm64: dts: msm8916: Correct ipc references for smsm
ARM: lpc3250: fix uda1380 gpio numbers
ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
ARM: dts: nomadik: add interrupt-parent for clcd
arm: dts: mt7623: fix card detection issue on bananapi-r2
arm: spear600: Add missing interrupt-parent of rtc
arm: spear13xx: Fix dmas cells
arm: spear13xx: Fix spics gpio controller's warning
drm/i915: add GT number to intel_device_info
drm/i915/kbl: Change a KBL pci id to GT2 from GT1.5
x86/gpu: add CFL to early quirks
x86/kexec: Make kexec (mostly) work in 5-level paging mode
x86/xen: init %gs very early to avoid page faults with stack protector
x86: PM: Make APM idle driver initialize polling state
x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface
x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface
compiler-gcc.h: Introduce __optimize function attribute
compiler-gcc.h: __nostackprotector needs gcc-4.4 and up
crypto: sun4i_ss_prng - fix return value of sun4i_ss_prng_generate
crypto: sun4i_ss_prng - convert lock to _bh in sun4i_ss_prng_generate
powerpc/mm/radix: Split linear mapping on hot-unplug
x86/mm/pti: Fix PTI comment in entry_SYSCALL_64()
x86/speculation: Update Speculation Control microcode blacklist
x86/speculation: Correct Speculation Control microcode blacklist again
Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()"
KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods
X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap
x86/speculation: Clean up various Spectre related details
PM / runtime: Update links_count also if !CONFIG_SRCU
PM: cpuidle: Fix cpuidle_poll_state_init() prototype
x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface
x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions
x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro
x86/entry/64: Interleave XOR register clearing with PUSH instructions
x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro
x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases
x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros
x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly
x86/entry/64: Fix paranoid_entry() frame pointer warning
x86/entry/64: Remove the unused 'icebp' macro
selftests/x86: Fix vDSO selftest segfault for vsyscall=none
selftests/x86: Clean up and document sscanf() usage
selftests/x86/pkeys: Remove unused functions
selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c
selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems
objtool: Fix segfault in ignore_unreachable_insn()
x86/debug, objtool: Annotate WARN()-related UD2 as reachable
x86/debug: Use UD2 for WARN()
x86/speculation: Fix up array_index_nospec_mask() asm constraint
nospec: Move array_index_nospec() parameter checking into separate macro
x86/speculation: Add <asm/msr-index.h> dependency
kmemcheck: remove annotations
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
kmemcheck: remove whats left of NOTRACK flags
kmemcheck: rip it out
kmemcheck: rip it out for real
x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]()
selftests/x86/mpx: Fix incorrect bounds with old _sigfault
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
x86/spectre: Fix an error message
x86/cpu: Change type of x86_cache_size variable to unsigned int
x86/entry/64: Fix CR3 restore in paranoid_exit()
drm/ttm: Don't add swapped BOs to swap-LRU list
drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap() (v2)
drm/qxl: unref cursor bo when finished with it
drm/amd/powerplay: Fix smu_table_entry.handle type
drm/ast: Load lut in crtc_commit
arm64: Add missing Falkor part number for branch predictor hardening
drm/radeon: Add dpm quirk for Jet PRO (v2)
drm/radeon: adjust tested variable
rtc-opal: Fix handling of firmware error codes, prevent busy loops
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
mmc: sdhci: Implement an SDHCI-specific bounce buffer
mmc: bcm2835: Don't overwrite max frequency unconditionally
Revert "mmc: meson-gx: include tx phase in the tuning process"
mlx5: fix mlx5_get_vector_affinity to start from completion vector 0
Revert "apple-gmux: lock iGP IO to protect from vgaarb changes"
jbd2: fix sphinx kernel-doc build warnings
ext4: fix a race in the ext4 shutdown path
ext4: save error to disk in __ext4_grp_locked_error()
ext4: correct documentation for grpid mount option
mm: hide a #warning for COMPILE_TEST
mm: Fix memory size alignment in devm_memremap_pages_release()
MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN
MIPS: Fix incorrect mem=X@Y handling
PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
PCI: iproc: Fix NULL pointer dereference for BCMA
PCI: keystone: Fix interrupt-controller-node lookup
video: fbdev: atmel_lcdfb: fix display-timings lookup
console/dummy: leave .con_font_get set to NULL
rbd: whitelist RBD_FEATURE_OPERATIONS feature bit
xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests
xenbus: track caller request id
seq_file: fix incomplete reset on read from zero offset
tracing: Fix parsing of globs with a wildcard at the beginning
mpls, nospec: Sanitize array index in mpls_label_ok()
rtlwifi: rtl8821ae: Fix connection lost problem correctly
arm64: proc: Set PTE_NG for table entries to avoid traversing them twice
qxl: alloc & use shadow for dumb buffers
drm/qxl: reapply cursor after resetting primary
xprtrdma: Fix calculation of ri_max_send_sges
xprtrdma: Fix BUG after a device removal
blk-wbt: account flush requests correctly
target/iscsi: avoid NULL dereference in CHAP auth error path
iscsi-target: make sure to wake up sleeping login worker
dm: correctly handle chained bios in dec_pending()
Btrfs: fix deadlock in run_delalloc_nocow
Btrfs: fix crash due to not cleaning up tree log block's dirty bits
Btrfs: fix extent state leak from tree log
Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly
Btrfs: fix use-after-free on root->orphan_block_rsv
Btrfs: fix unexpected -EEXIST when creating new inode
9p/trans_virtio: discard zero-length reply
mtd: nand: vf610: set correct ooblayout
ALSA: hda - Fix headset mic detection problem for two Dell machines
ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
ALSA: hda/realtek - Add headset mode support for Dell laptop
ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
ALSA: usb: add more device quirks for USB DSD devices
ALSA: seq: Fix racy pool initializations
mvpp2: fix multicast address filter
usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages
scsi: core: check for device state in __scsi_remove_target()
Bluetooth: BT_HCIUART now depends on SERIAL_DEV_BUS
ARM: dts: exynos: fix RTC interrupt for exynos5410
ARM: pxa/tosa-bt: add MODULE_LICENSE tag
arm64: dts: msm8916: Add missing #phy-cells
ARM: dts: s5pv210: add interrupt-parent for ohci
arm: dts: mt7623: Update ethsys binding
arm: dts: mt2701: Add reset-cells
ARM: dts: Delete bogus reference to the charlcd
media: r820t: fix r820t_write_reg for KASAN
mmc: sdhci-of-esdhc: disable SD clock for clock value 0
mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec
mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb
ASoC: acpi: fix machine driver selection based on quirk
ovl: hash directory inodes for fsnotify
Linux 4.14.21
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Amir Goldstein
|
e506ac1dab |
ovl: hash directory inodes for fsnotify
commit 31747eda41ef3c30c09c5c096b380bf54013746a upstream. fsnotify pins a watched directory inode in cache, but if directory dentry is released, new lookup will allocate a new dentry and a new inode. Directory events will be notified on the new inode, while fsnotify listener is watching the old pinned inode. Hash all directory inodes to reuse the pinned inode on lookup. Pure upper dirs are hashes by real upper inode, merge and lower dirs are hashed by real lower inode. The reference to lower inode was being held by the lower dentry object in the overlay dentry (oe->lowerstack[0]). Releasing the overlay dentry may drop lower inode refcount to zero. Add a refcount on behalf of the overlay inode to prevent that. As a by-product, hashing directory inodes also detects multiple redirected dirs to the same lower dir and uncovered redirected dir target on and returns -ESTALE on lookup. The reported issue dates back to initial version of overlayfs, but this patch depends on ovl_inode code that was introduced in kernel v4.13. Cc: <stable@vger.kernel.org> #v4.13 Reported-by: Niklas Cassel <niklas.cassel@axis.com> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Tested-by: Niklas Cassel <niklas.cassel@axis.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Liu Bo
|
61c07810bf |
Btrfs: fix unexpected -EEXIST when creating new inode
commit 900c9981680067573671ecc5cbfa7c5770be3a40 upstream.
The highest objectid, which is assigned to new inode, is decided at
the time of initializing fs roots. However, in cases where log replay
gets processed, the btree which fs root owns might be changed, so we
have to search it again for the highest objectid, otherwise creating
new inode would end up with -EEXIST.
cc: <stable@vger.kernel.org> v4.4-rc6+
Fixes: f32e48e92596 ("Btrfs: Initialize btrfs_root->highest_objectid when loading tree root and subvolume roots")
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Liu Bo
|
f30c7d95b4 |
Btrfs: fix use-after-free on root->orphan_block_rsv
commit 1a932ef4e47984dee227834667b5ff5a334e4805 upstream.
I got these from running generic/475,
WARNING: CPU: 0 PID: 26384 at fs/btrfs/inode.c:3326 btrfs_orphan_commit_root+0x1ac/0x2b0 [btrfs]
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
IP: btrfs_block_rsv_release+0x1c/0x70 [btrfs]
Call Trace:
btrfs_orphan_release_metadata+0x9f/0x200 [btrfs]
btrfs_orphan_del+0x10d/0x170 [btrfs]
btrfs_setattr+0x500/0x640 [btrfs]
notify_change+0x7ae/0x870
do_truncate+0xca/0x130
vfs_truncate+0x2ee/0x3d0
do_sys_truncate+0xaf/0xf0
SyS_truncate+0xe/0x10
entry_SYSCALL_64_fastpath+0x1f/0x96
The race is between btrfs_orphan_commit_root and btrfs_orphan_del,
t1 t2
btrfs_orphan_commit_root btrfs_orphan_del
spin_lock
check (&root->orphan_inodes)
root->orphan_block_rsv = NULL;
spin_unlock
atomic_dec(&root->orphan_inodes);
access root->orphan_block_rsv
Accessing root->orphan_block_rsv must be done before decreasing
root->orphan_inodes.
cc: <stable@vger.kernel.org> v3.12+
Fixes: 703c88e03524 ("Btrfs: fix tracking of orphan inode count")
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Liu Bo
|
1371798b92 |
Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly
commit e8f1bc1493855e32b7a2a019decc3c353d94daf6 upstream.
This regression is introduced in
commit 3d48d9810de4 ("btrfs: Handle uninitialised inode eviction").
There are two problems,
a) it is ->destroy_inode() that does the final free on inode, not
->evict_inode(),
b) clear_inode() must be called before ->evict_inode() returns.
This could end up hitting BUG_ON(inode->i_state != (I_FREEING | I_CLEAR));
in evict() because I_CLEAR is set in clear_inode().
Fixes: commit 3d48d9810de4 ("btrfs: Handle uninitialised inode eviction")
Cc: <stable@vger.kernel.org> # v4.7-rc6+
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Liu Bo
|
9a701c4fa5 |
Btrfs: fix extent state leak from tree log
commit 55237a5f2431a72435e3ed39e4306e973c0446b7 upstream. It's possible that btrfs_sync_log() bails out after one of the two btrfs_write_marked_extents() which convert extent state's state bit into EXTENT_NEED_WAIT from EXTENT_DIRTY/EXTENT_NEW, however only EXTENT_DIRTY and EXTENT_NEW are searched by free_log_tree() so that those extent states with EXTENT_NEED_WAIT lead to memory leak. cc: <stable@vger.kernel.org> Signed-off-by: Liu Bo <bo.li.liu@oracle.com> Reviewed-by: Josef Bacik <jbacik@fb.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Liu Bo
|
fda3bb933b |
Btrfs: fix crash due to not cleaning up tree log block's dirty bits
commit 1846430c24d66e85cc58286b3319c82cd54debb2 upstream.
In cases that the whole fs flips into readonly status due to failures in
critical sections, then log tree's blocks are still dirty, and this leads
to a crash during umount time, the crash is about use-after-free,
umount
-> close_ctree
-> stop workers
-> iput(btree_inode)
-> iput_final
-> write_inode_now
-> ...
-> queue job on stop'd workers
cc: <stable@vger.kernel.org> v3.12+
Fixes: 681ae50917df ("Btrfs: cleanup reserved space when freeing tree log on error")
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Liu Bo
|
c766cb4877 |
Btrfs: fix deadlock in run_delalloc_nocow
commit e89166990f11c3f21e1649d760dd35f9e410321c upstream. @cur_offset is not set back to what it should be (@cow_start) if btrfs_next_leaf() returns something wrong, and the range [cow_start, cur_offset) remains locked forever. cc: <stable@vger.kernel.org> Signed-off-by: Liu Bo <bo.li.liu@oracle.com> Reviewed-by: Josef Bacik <jbacik@fb.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Miklos Szeredi
|
29b4af7040 |
seq_file: fix incomplete reset on read from zero offset
commit cf5eebae2cd28d37581507668605f4d23cd7218d upstream.
When resetting iterator on a zero offset we need to discard any data
already in the buffer (count), and private state of the iterator (version).
For example this bug results in first line being repeated in /proc/mounts
if doing a zero size read before a non-zero size read.
Reported-by: Rich Felker <dalias@libc.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: e522751d605d ("seq_file: reset iterator to first record for zero offset")
Cc: <stable@vger.kernel.org> # v4.10
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Zhouyi Zhou
|
2e38988253 |
ext4: save error to disk in __ext4_grp_locked_error()
commit 06f29cc81f0350261f59643a505010531130eea0 upstream. In the function __ext4_grp_locked_error(), __save_error_info() is called to save error info in super block block, but does not sync that information to disk to info the subsequence fsck after reboot. This patch writes the error information to disk. After this patch, I think there is no obvious EXT4 error handle branches which leads to "Remounting filesystem read-only" will leave the disk partition miss the subsequence fsck. Signed-off-by: Zhouyi Zhou <zhouzhouyi@gmail.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Harshad Shirwadkar
|
4d4d103a1b |
ext4: fix a race in the ext4 shutdown path
commit abbc3f9395c76d554a9ed27d4b1ebfb5d9b0e4ca upstream. This patch fixes a race between the shutdown path and bio completion handling. In the ext4 direct io path with async io, after submitting a bio to the block layer, if journal starting fails, ext4_direct_IO_write() would bail out pretending that the IO failed. The caller would have had no way of knowing whether or not the IO was successfully submitted. So instead, we return -EIOCBQUEUED in this case. Now, the caller knows that the IO was submitted. The bio completion handler takes care of the error. Tested: Ran the shutdown xfstest test 461 in loop for over 2 hours across 4 machines resulting in over 400 runs. Verified that the race didn't occur. Usually the race was seen in about 20-30 iterations. Signed-off-by: Harshad Shirwadkar <harshads@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Tobin C. Harding
|
879bcbe091 |
jbd2: fix sphinx kernel-doc build warnings
commit f69120ce6c024aa634a8fc25787205e42f0ccbe6 upstream. Sphinx emits various (26) warnings when building make target 'htmldocs'. Currently struct definitions contain duplicate documentation, some as kernel-docs and some as standard c89 comments. We can reduce duplication while cleaning up the kernel docs. Move all kernel-docs to right above each struct member. Use the set of all existing comments (kernel-doc and c89). Add documentation for missing struct members and function arguments. Signed-off-by: Tobin C. Harding <me@tobin.cc> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Alexander Potapenko
|
e96a219899 |
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
commit 3876bbe27d04b848750d5310a37d6b76b593f648 upstream. KMSAN reported use of uninitialized |entry->e_referenced| in a condition in mb_cache_shrink(): ================================================================== BUG: KMSAN: use of uninitialized memory in mb_cache_shrink+0x3b4/0xc50 fs/mbcache.c:287 CPU: 2 PID: 816 Comm: kswapd1 Not tainted 4.11.0-rc5+ #2877 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x172/0x1c0 lib/dump_stack.c:52 kmsan_report+0x12a/0x180 mm/kmsan/kmsan.c:927 __msan_warning_32+0x61/0xb0 mm/kmsan/kmsan_instr.c:469 mb_cache_shrink+0x3b4/0xc50 fs/mbcache.c:287 mb_cache_scan+0x67/0x80 fs/mbcache.c:321 do_shrink_slab mm/vmscan.c:397 [inline] shrink_slab+0xc3d/0x12d0 mm/vmscan.c:500 shrink_node+0x208f/0x2fd0 mm/vmscan.c:2603 kswapd_shrink_node mm/vmscan.c:3172 [inline] balance_pgdat mm/vmscan.c:3289 [inline] kswapd+0x160f/0x2850 mm/vmscan.c:3478 kthread+0x46c/0x5f0 kernel/kthread.c:230 ret_from_fork+0x29/0x40 arch/x86/entry/entry_64.S:430 chained origin: save_stack_trace+0x37/0x40 arch/x86/kernel/stacktrace.c:59 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:302 [inline] kmsan_save_stack mm/kmsan/kmsan.c:317 [inline] kmsan_internal_chain_origin+0x12a/0x1f0 mm/kmsan/kmsan.c:547 __msan_store_shadow_origin_1+0xac/0x110 mm/kmsan/kmsan_instr.c:257 mb_cache_entry_create+0x3b3/0xc60 fs/mbcache.c:95 ext4_xattr_cache_insert fs/ext4/xattr.c:1647 [inline] ext4_xattr_block_set+0x4c82/0x5530 fs/ext4/xattr.c:1022 ext4_xattr_set_handle+0x1332/0x20a0 fs/ext4/xattr.c:1252 ext4_xattr_set+0x4d2/0x680 fs/ext4/xattr.c:1306 ext4_xattr_trusted_set+0x8d/0xa0 fs/ext4/xattr_trusted.c:36 __vfs_setxattr+0x703/0x790 fs/xattr.c:149 __vfs_setxattr_noperm+0x27a/0x6f0 fs/xattr.c:180 vfs_setxattr fs/xattr.c:223 [inline] setxattr+0x6ae/0x790 fs/xattr.c:449 path_setxattr+0x1eb/0x380 fs/xattr.c:468 SYSC_lsetxattr+0x8d/0xb0 fs/xattr.c:490 SyS_lsetxattr+0x77/0xa0 fs/xattr.c:486 entry_SYSCALL_64_fastpath+0x13/0x94 origin: save_stack_trace+0x37/0x40 arch/x86/kernel/stacktrace.c:59 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:302 [inline] kmsan_internal_poison_shadow+0xb1/0x1a0 mm/kmsan/kmsan.c:198 kmsan_kmalloc+0x7f/0xe0 mm/kmsan/kmsan.c:337 kmem_cache_alloc+0x1c2/0x1e0 mm/slub.c:2766 mb_cache_entry_create+0x283/0xc60 fs/mbcache.c:86 ext4_xattr_cache_insert fs/ext4/xattr.c:1647 [inline] ext4_xattr_block_set+0x4c82/0x5530 fs/ext4/xattr.c:1022 ext4_xattr_set_handle+0x1332/0x20a0 fs/ext4/xattr.c:1252 ext4_xattr_set+0x4d2/0x680 fs/ext4/xattr.c:1306 ext4_xattr_trusted_set+0x8d/0xa0 fs/ext4/xattr_trusted.c:36 __vfs_setxattr+0x703/0x790 fs/xattr.c:149 __vfs_setxattr_noperm+0x27a/0x6f0 fs/xattr.c:180 vfs_setxattr fs/xattr.c:223 [inline] setxattr+0x6ae/0x790 fs/xattr.c:449 path_setxattr+0x1eb/0x380 fs/xattr.c:468 SYSC_lsetxattr+0x8d/0xb0 fs/xattr.c:490 SyS_lsetxattr+0x77/0xa0 fs/xattr.c:486 entry_SYSCALL_64_fastpath+0x13/0x94 ================================================================== Signed-off-by: Alexander Potapenko <glider@google.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Cc: stable@vger.kernel.org # v4.6 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Levin, Alexander (Sasha Levin)
|
2abfcdf8e7 |
kmemcheck: remove annotations
commit 4950276672fce5c241857540f8561c440663673d upstream. Patch series "kmemcheck: kill kmemcheck", v2. As discussed at LSF/MM, kill kmemcheck. KASan is a replacement that is able to work without the limitation of kmemcheck (single CPU, slow). KASan is already upstream. We are also not aware of any users of kmemcheck (or users who don't consider KASan as a suitable replacement). The only objection was that since KASAN wasn't supported by all GCC versions provided by distros at that time we should hold off for 2 years, and try again. Now that 2 years have passed, and all distros provide gcc that supports KASAN, kill kmemcheck again for the very same reasons. This patch (of 4): Remove kmemcheck annotations, and calls to kmemcheck from the kernel. [alexander.levin@verizon.com: correctly remove kmemcheck call from dma_map_sg_attrs] Link: http://lkml.kernel.org/r/20171012192151.26531-1-alexander.levin@verizon.com Link: http://lkml.kernel.org/r/20171007030159.22241-2-alexander.levin@verizon.com Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Cc: Alexander Potapenko <glider@google.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Pekka Enberg <penberg@kernel.org> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Tim Hansen <devtimhansen@gmail.com> Cc: Vegard Nossum <vegardno@ifi.uio.no> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Gang He
|
2e7e8bd8f1 |
ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
commit ff26cc10aec128c3f86b5611fd5f59c71d49c0e3 upstream. If we can't get inode lock immediately in the function ocfs2_inode_lock_with_page() when reading a page, we should not return directly here, since this will lead to a softlockup problem when the kernel is configured with CONFIG_PREEMPT is not set. The method is to get a blocking lock and immediately unlock before returning, this can avoid CPU resource waste due to lots of retries, and benefits fairness in getting lock among multiple nodes, increase efficiency in case modifying the same file frequently from multiple nodes. The softlockup crash (when set /proc/sys/kernel/softlockup_panic to 1) looks like: Kernel panic - not syncing: softlockup: hung tasks CPU: 0 PID: 885 Comm: multi_mmap Tainted: G L 4.12.14-6.1-default #1 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Call Trace: <IRQ> dump_stack+0x5c/0x82 panic+0xd5/0x21e watchdog_timer_fn+0x208/0x210 __hrtimer_run_queues+0xcc/0x200 hrtimer_interrupt+0xa6/0x1f0 smp_apic_timer_interrupt+0x34/0x50 apic_timer_interrupt+0x96/0xa0 </IRQ> RIP: 0010:unlock_page+0x17/0x30 RSP: 0000:ffffaf154080bc88 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: dead000000000100 RBX: fffff21e009f5300 RCX: 0000000000000004 RDX: dead0000000000ff RSI: 0000000000000202 RDI: fffff21e009f5300 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffaf154080bb00 R10: ffffaf154080bc30 R11: 0000000000000040 R12: ffff993749a39518 R13: 0000000000000000 R14: fffff21e009f5300 R15: fffff21e009f5300 ocfs2_inode_lock_with_page+0x25/0x30 [ocfs2] ocfs2_readpage+0x41/0x2d0 [ocfs2] filemap_fault+0x12b/0x5c0 ocfs2_fault+0x29/0xb0 [ocfs2] __do_fault+0x1a/0xa0 __handle_mm_fault+0xbe8/0x1090 handle_mm_fault+0xaa/0x1f0 __do_page_fault+0x235/0x4b0 trace_do_page_fault+0x3c/0x110 async_page_fault+0x28/0x30 RIP: 0033:0x7fa75ded638e RSP: 002b:00007ffd6657db18 EFLAGS: 00010287 RAX: 000055c7662fb700 RBX: 0000000000000001 RCX: 000055c7662fb700 RDX: 0000000000001770 RSI: 00007fa75e909000 RDI: 000055c7662fb700 RBP: 0000000000000003 R08: 000000000000000e R09: 0000000000000000 R10: 0000000000000483 R11: 00007fa75ded61b0 R12: 00007fa75e90a770 R13: 000000000000000e R14: 0000000000001770 R15: 0000000000000000 About performance improvement, we can see the testing time is reduced, and CPU utilization decreases, the detailed data is as follows. I ran multi_mmap test case in ocfs2-test package in a three nodes cluster. Before applying this patch: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2754 ocfs2te+ 20 0 170248 6980 4856 D 80.73 0.341 0:18.71 multi_mmap 1505 root rt 0 222236 123060 97224 S 2.658 6.015 0:01.44 corosync 5 root 20 0 0 0 0 S 1.329 0.000 0:00.19 kworker/u8:0 95 root 20 0 0 0 0 S 1.329 0.000 0:00.25 kworker/u8:1 2728 root 20 0 0 0 0 S 0.997 0.000 0:00.24 jbd2/sda1-33 2721 root 20 0 0 0 0 S 0.664 0.000 0:00.07 ocfs2dc-3C8CFD4 2750 ocfs2te+ 20 0 142976 4652 3532 S 0.664 0.227 0:00.28 mpirun ocfs2test@tb-node2:~>multiple_run.sh -i ens3 -k ~/linux-4.4.21-69.tar.gz -o ~/ocfs2mullog -C hacluster -s pcmk -n tb-node2,tb-node1,tb-node3 -d /dev/sda1 -b 4096 -c 32768 -t multi_mmap /mnt/shared Tests with "-b 4096 -C 32768" Thu Dec 28 14:44:52 CST 2017 multi_mmap..................................................Passed. Runtime 783 seconds. After apply this patch: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2508 ocfs2te+ 20 0 170248 6804 4680 R 54.00 0.333 0:55.37 multi_mmap 155 root 20 0 0 0 0 S 2.667 0.000 0:01.20 kworker/u8:3 95 root 20 0 0 0 0 S 2.000 0.000 0:01.58 kworker/u8:1 2504 ocfs2te+ 20 0 142976 4604 3480 R 1.667 0.225 0:01.65 mpirun 5 root 20 0 0 0 0 S 1.000 0.000 0:01.36 kworker/u8:0 2482 root 20 0 0 0 0 S 1.000 0.000 0:00.86 jbd2/sda1-33 299 root 0 -20 0 0 0 S 0.333 0.000 0:00.13 kworker/2:1H 335 root 0 -20 0 0 0 S 0.333 0.000 0:00.17 kworker/1:1H 535 root 20 0 12140 7268 1456 S 0.333 0.355 0:00.34 haveged 1282 root rt 0 222284 123108 97224 S 0.333 6.017 0:01.33 corosync ocfs2test@tb-node2:~>multiple_run.sh -i ens3 -k ~/linux-4.4.21-69.tar.gz -o ~/ocfs2mullog -C hacluster -s pcmk -n tb-node2,tb-node1,tb-node3 -d /dev/sda1 -b 4096 -c 32768 -t multi_mmap /mnt/shared Tests with "-b 4096 -C 32768" Thu Dec 28 15:04:12 CST 2017 multi_mmap..................................................Passed. Runtime 487 seconds. Link: http://lkml.kernel.org/r/1514447305-30814-1-git-send-email-ghe@suse.com Fixes: 1cce4df04f37 ("ocfs2: do not lock/unlock() inode DLM lock") Signed-off-by: Gang He <ghe@suse.com> Reviewed-by: Eric Ren <zren@suse.com> Acked-by: alex chen <alex.chen@huawei.com> Acked-by: piaojun <piaojun@huawei.com> Cc: Mark Fasheh <mfasheh@versity.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Joseph Qi <jiangqi903@gmail.com> Cc: Changwei Ge <ge.changwei@h3c.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Isaac J. Manjarres
|
2ba985d87a |
Merge remote-tracking branch 'remotes/origin/tmp-0a91e84' into msm-4.14
* remotes/origin/tmp-0a91e84:
Linux 4.14.20
scsi: cxlflash: Reset command ioasc
scsi: lpfc: Fix crash after bad bar setup on driver attachment
rcu: Export init_rcu_head() and destroy_rcu_head() to GPL modules
scsi: core: Ensure that the SCSI error handler gets woken up
ftrace: Remove incorrect setting of glob search field
devpts: fix error handling in devpts_mntget()
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
ovl: take mnt_want_write() for removing impure xattr
ovl: fix failure to fsync lower dir
acpi, nfit: fix register dimm error handling
ACPI: sbshc: remove raw pointer from printk() message
drm/i915: Avoid PPS HW/SW state mismatch due to rounding
arm64: dts: marvell: add Ethernet aliases
objtool: Fix switch-table detection
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
lib/ubsan: add type mismatch handler for new GCC/Clang
lib/ubsan.c: s/missaligned/misaligned/
clocksource/drivers/stm32: Fix kernel panic with multiple timers
blk-mq: quiesce queue before freeing queue
pktcdvd: Fix a recently introduced NULL pointer dereference
pktcdvd: Fix pkt_setup_dev() error path
pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping
pinctrl: sx150x: Register pinctrl before adding the gpiochip
pinctrl: sx150x: Unregister the pinctrl on release
pinctrl: mcp23s08: fix irq setup order
pinctrl: intel: Initialize GPIO properly when used through irqchip
EDAC, octeon: Fix an uninitialized variable warning
xtensa: fix futex_atomic_cmpxchg_inatomic
alpha: fix formating of stack content
alpha: fix reboot on Avanti platform
alpha: Fix mixed up args in EXC macro in futex operations
alpha: osf_sys.c: fix put_tv32 regression
alpha: fix crash if pthread_create races with signal delivery
signal/sh: Ensure si_signo is initialized in do_divide_error
signal/openrisc: Fix do_unaligned_access to send the proper signal
ipmi: use dynamic memory for DMI driver override
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btsdio: Do not bind to non-removable BCM43341
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
pipe: fix off-by-one error when checking buffer limits
pipe: actually allow root to exceed the pipe buffer limits
kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
kernel/async.c: revert "async: simplify lowest_in_progress()"
fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
media: ts2020: avoid integer overflows on 32 bit machines
media: dvb-frontends: fix i2c access helpers for KASAN
kasan: rework Kconfig settings
kasan: don't emit builtin calls when sanitization is off
Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all
watchdog: imx2_wdt: restore previous timeout after suspend+resume
ASoC: skl: Fix kernel warning due to zero NHTL entry
ASoC: rockchip: i2s: fix playback after runtime resume
KVM: PPC: Book3S PR: Fix broken select due to misspelling
KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED
KVM: PPC: Book3S HV: Drop locks before reading guest memory
KVM: PPC: Book3S HV: Make sure we don't re-enter guest without XIVE loaded
KVM: nVMX: Fix bug of injecting L2 exception into L1
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
crypto: sha512-mb - initialize pending lengths correctly
crypto: caam - fix endless loop when DECO acquire fails
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
crypto: hash - prevent using keyed hashes without setting key
crypto: hash - annotate algorithms taking optional key
crypto: poly1305 - remove ->setkey() method
crypto: mcryptd - pass through absence of ->setkey()
crypto: cryptd - pass through absence of ->setkey()
crypto: hash - introduce crypto_hash_alg_has_setkey()
ahci: Add Intel Cannon Lake PCH-H PCI ID
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Annotate PCI ids for mobile Intel chipsets as such
kernfs: fix regression in kernfs_fop_write caused by wrong type
NFS: Fix a race between mmap() and O_DIRECT
NFS: reject request for id_legacy key without auxdata
NFS: commit direct writes even if they fail partially
NFS: Fix nfsstat breakage due to LOOKUPP
NFS: Add a cond_resched() to nfs_commit_release_pages()
nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
ubifs: free the encrypted symlink target
ubi: block: Fix locking for idr_alloc/idr_remove
ubi: fastmap: Erase outdated anchor PEBs during attach
ubi: Fix race condition between ubi volume creation and udev
mtd: nand: sunxi: Fix ECC strength choice
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: brcmnand: Disable prefetch by default
mtd: cfi: convert inline functions to macros
arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
arm/arm64: smccc: Make function identifiers an unsigned quantity
firmware/psci: Expose SMCCC version through psci_ops
firmware/psci: Expose PSCI conduit
arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm/arm64: KVM: Turn kvm_psci_version into a static inline
arm64: KVM: Make PSCI_VERSION a fast path
arm/arm64: KVM: Advertise SMCCC v1.1
arm/arm64: KVM: Implement PSCI 1.0 support
arm/arm64: KVM: Add smccc accessors to PSCI code
arm/arm64: KVM: Add PSCI_VERSION helper
arm/arm64: KVM: Consolidate the PSCI include files
arm64: KVM: Increment PC after handling an SMC trap
arm64: Branch predictor hardening for Cavium ThunderX2
arm64: Implement branch predictor hardening for Falkor
arm64: Implement branch predictor hardening for affected Cortex-A CPUs
arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
arm64: entry: Apply BP hardening for suspicious interrupts from EL0
arm64: entry: Apply BP hardening for high-priority synchronous exceptions
arm64: KVM: Use per-CPU vector when BP hardening is enabled
arm64: Move BP hardening to check_and_switch_context
arm64: Add skeleton to harden the branch predictor against aliasing attacks
arm64: Move post_ttbr_update_workaround to C code
drivers/firmware: Expose psci_get_version through psci_ops structure
arm64: cpufeature: Pass capability structure to ->enable callback
arm64: Run enable method for errata work arounds on late CPUs
arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
arm64: futex: Mask __user pointers prior to dereference
arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
arm64: uaccess: Prevent speculative use of the current addr_limit
arm64: entry: Ensure branch through syscall table is bounded under speculation
arm64: Use pointer masking to limit uaccess speculation
arm64: Make USER_DS an inclusive limit
arm64: Implement array_index_mask_nospec()
arm64: barrier: Add CSDB macros to control data-value prediction
arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
arm64: entry: Reword comment about post_ttbr_update_workaround
arm64: Force KPTI to be disabled on Cavium ThunderX
arm64: kpti: Add ->enable callback to remap swapper using nG mappings
arm64: mm: Permit transitioning from Global to Non-Global without BBM
arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
arm64: Turn on KPTI only on CPUs that need it
arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
arm64: kpti: Fix the interaction between ASID switching and software PAN
arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
arm64: capabilities: Handle duplicate entries for a capability
arm64: Take into account ID_AA64PFR0_EL1.CSV3
arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
arm64: use RET instruction for exiting the trampoline
arm64: kaslr: Put kernel vectors address in separate data page
arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
arm64: cpu_errata: Add Kryo to Falkor 1003 errata
arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
arm64: entry: Hook up entry trampoline to exception vectors
arm64: entry: Explicitly pass exception level to kernel_ventry macro
arm64: mm: Map entry trampoline into trampoline and kernel page tables
arm64: entry: Add exception trampoline page for exceptions from EL0
arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
arm64: mm: Allocate ASIDs in pairs
arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
arm64: mm: Rename post_ttbr0_update_workaround
arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
arm64: mm: Move ASID from TTBR0 to TTBR1
arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
arm64: mm: Use non-global mappings for kernel space
arm64: move TASK_* definitions to <asm/processor.h>
media: hdpvr: Fix an error handling path in hdpvr_probe()
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
dccp: CVE-2017-8824: use-after-free in DCCP code
drm/i915: Fix deadlock in i830_disable_pipe()
drm/i915: Redo plane sanitation during readout
drm/i915: Add .get_hw_state() method for planes
sched/rt: Up the root domain ref count when passing it around via IPIs
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
KVM MMU: check pending exception before injecting APF
arm64: Add software workaround for Falkor erratum 1041
arm64: Define cputype macros for Falkor CPU
watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop
sched/wait: Fix add_wait_queue() behavioral change
dmaengine: dmatest: fix container_of member in dmatest_callback
cpufreq: mediatek: add mediatek related projects into blacklist
CIFS: zero sensitive data when freeing
cifs: Fix autonegotiate security settings mismatch
cifs: Fix missing put_xid in cifs_file_strict_mmap
powerpc/pseries: include linux/types.h in asm/hvcall.h
watchdog: indydog: Add dependency on SGI_HAS_INDYDOG
ANDROID: Fixup 64/32-bit divide confusion for WALT configs
Conflicts:
include/trace/events/sched.h
kernel/sched/sched.h
lib/ubsan.c
lib/ubsan.h
arch/arm64/configs/sdm855_defconfig
arch/arm64/configs/sdm855-perf_defconfig
Change-Id: I034588046a45f3d8be0615bed40d2ddd334ebd74
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
0a91e84c5c |
This is the 4.14.20 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqHL6UACgkQONu9yGCS
aT47Lg/+Mbq1s2Vu+ZZ0Qt0fTsZeNE9GcM5tPgb0rcsoaBZUWncSCaFwI3M3RUPb
tQDrq+Fqmi/mloSuNFw1nGajWoilUB5KJOeRRXpPkS3Zzc92z8GW+12erHAiYXGt
XVK54PzIQNSeoBVJrtP+AYH7TSisj9cVJqe6Dz/GYIXY4aBA2xn1EvN/dkp/4YOX
S7w+RDS7BnNwqxpGy4l+/3m84j/IwG44kKG8RLiF1IPItK5BvlQJQDiUUDX0nLx+
1Tr2kMDN10YdrLV4dNGRZg54Va7wvmJ17ecN7F3JaIKOlJ+hvpoLndOR/mMVuj84
cixnr5ATug1RJmjrqloA95//jqecMzfn4ogATi8KiY6O7adnH0+/DcpQ14LXuRJx
WGP1S2xsvrSqqs2io0yWv+WFIhKBAE6RAa7gjMdz9I+/dy3eNMbzCS3y4q7VcYOB
xAT478ZtuZYEmseYM2lPNK51AkobO2pGC+TCBst6VQvbMN5BETdI4irj6yBOLez5
rgTVXJfogEUUhLFGNR26sytFbT1+RfEqQwe9EZlm2b/Aa5RB7MBOKSk82Jw/IQ9g
4TG0DNvakhWnJwfIHjraJ8uiB+uAGYfSRarIlle/Xb9WtNhfvhudUISlbPVHBh10
Z7rQpt52/xx0io5lg7d3VSbg/4mQQ2VYY6O5Y/6Ilqda51UVt9M=
=+7+H
-----END PGP SIGNATURE-----
Merge 4.14.20 into android-4.14
Changes in 4.14.20
watchdog: indydog: Add dependency on SGI_HAS_INDYDOG
powerpc/pseries: include linux/types.h in asm/hvcall.h
cifs: Fix missing put_xid in cifs_file_strict_mmap
cifs: Fix autonegotiate security settings mismatch
CIFS: zero sensitive data when freeing
cpufreq: mediatek: add mediatek related projects into blacklist
dmaengine: dmatest: fix container_of member in dmatest_callback
sched/wait: Fix add_wait_queue() behavioral change
watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop
arm64: Define cputype macros for Falkor CPU
arm64: Add software workaround for Falkor erratum 1041
KVM MMU: check pending exception before injecting APF
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
sched/rt: Up the root domain ref count when passing it around via IPIs
drm/i915: Add .get_hw_state() method for planes
drm/i915: Redo plane sanitation during readout
drm/i915: Fix deadlock in i830_disable_pipe()
dccp: CVE-2017-8824: use-after-free in DCCP code
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: hdpvr: Fix an error handling path in hdpvr_probe()
arm64: move TASK_* definitions to <asm/processor.h>
arm64: mm: Use non-global mappings for kernel space
arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
arm64: mm: Move ASID from TTBR0 to TTBR1
arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
arm64: mm: Rename post_ttbr0_update_workaround
arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
arm64: mm: Allocate ASIDs in pairs
arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
arm64: entry: Add exception trampoline page for exceptions from EL0
arm64: mm: Map entry trampoline into trampoline and kernel page tables
arm64: entry: Explicitly pass exception level to kernel_ventry macro
arm64: entry: Hook up entry trampoline to exception vectors
arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
arm64: cpu_errata: Add Kryo to Falkor 1003 errata
arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
arm64: kaslr: Put kernel vectors address in separate data page
arm64: use RET instruction for exiting the trampoline
arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
arm64: Take into account ID_AA64PFR0_EL1.CSV3
arm64: capabilities: Handle duplicate entries for a capability
arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
arm64: kpti: Fix the interaction between ASID switching and software PAN
arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
arm64: Turn on KPTI only on CPUs that need it
arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
arm64: mm: Permit transitioning from Global to Non-Global without BBM
arm64: kpti: Add ->enable callback to remap swapper using nG mappings
arm64: Force KPTI to be disabled on Cavium ThunderX
arm64: entry: Reword comment about post_ttbr_update_workaround
arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
arm64: barrier: Add CSDB macros to control data-value prediction
arm64: Implement array_index_mask_nospec()
arm64: Make USER_DS an inclusive limit
arm64: Use pointer masking to limit uaccess speculation
arm64: entry: Ensure branch through syscall table is bounded under speculation
arm64: uaccess: Prevent speculative use of the current addr_limit
arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
arm64: futex: Mask __user pointers prior to dereference
arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
arm64: Run enable method for errata work arounds on late CPUs
arm64: cpufeature: Pass capability structure to ->enable callback
drivers/firmware: Expose psci_get_version through psci_ops structure
arm64: Move post_ttbr_update_workaround to C code
arm64: Add skeleton to harden the branch predictor against aliasing attacks
arm64: Move BP hardening to check_and_switch_context
arm64: KVM: Use per-CPU vector when BP hardening is enabled
arm64: entry: Apply BP hardening for high-priority synchronous exceptions
arm64: entry: Apply BP hardening for suspicious interrupts from EL0
arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
arm64: Implement branch predictor hardening for affected Cortex-A CPUs
arm64: Implement branch predictor hardening for Falkor
arm64: Branch predictor hardening for Cavium ThunderX2
arm64: KVM: Increment PC after handling an SMC trap
arm/arm64: KVM: Consolidate the PSCI include files
arm/arm64: KVM: Add PSCI_VERSION helper
arm/arm64: KVM: Add smccc accessors to PSCI code
arm/arm64: KVM: Implement PSCI 1.0 support
arm/arm64: KVM: Advertise SMCCC v1.1
arm64: KVM: Make PSCI_VERSION a fast path
arm/arm64: KVM: Turn kvm_psci_version into a static inline
arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
firmware/psci: Expose PSCI conduit
firmware/psci: Expose SMCCC version through psci_ops
arm/arm64: smccc: Make function identifiers an unsigned quantity
arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
mtd: cfi: convert inline functions to macros
mtd: nand: brcmnand: Disable prefetch by default
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: sunxi: Fix ECC strength choice
ubi: Fix race condition between ubi volume creation and udev
ubi: fastmap: Erase outdated anchor PEBs during attach
ubi: block: Fix locking for idr_alloc/idr_remove
ubifs: free the encrypted symlink target
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE
NFS: Add a cond_resched() to nfs_commit_release_pages()
NFS: Fix nfsstat breakage due to LOOKUPP
NFS: commit direct writes even if they fail partially
NFS: reject request for id_legacy key without auxdata
NFS: Fix a race between mmap() and O_DIRECT
kernfs: fix regression in kernfs_fop_write caused by wrong type
ahci: Annotate PCI ids for mobile Intel chipsets as such
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Add Intel Cannon Lake PCH-H PCI ID
crypto: hash - introduce crypto_hash_alg_has_setkey()
crypto: cryptd - pass through absence of ->setkey()
crypto: mcryptd - pass through absence of ->setkey()
crypto: poly1305 - remove ->setkey() method
crypto: hash - annotate algorithms taking optional key
crypto: hash - prevent using keyed hashes without setting key
media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
crypto: caam - fix endless loop when DECO acquire fails
crypto: sha512-mb - initialize pending lengths correctly
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
KVM: nVMX: Fix bug of injecting L2 exception into L1
KVM: PPC: Book3S HV: Make sure we don't re-enter guest without XIVE loaded
KVM: PPC: Book3S HV: Drop locks before reading guest memory
KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED
KVM: PPC: Book3S PR: Fix broken select due to misspelling
ASoC: rockchip: i2s: fix playback after runtime resume
ASoC: skl: Fix kernel warning due to zero NHTL entry
watchdog: imx2_wdt: restore previous timeout after suspend+resume
Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all
kasan: don't emit builtin calls when sanitization is off
kasan: rework Kconfig settings
media: dvb-frontends: fix i2c access helpers for KASAN
media: ts2020: avoid integer overflows on 32 bit machines
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
kernel/async.c: revert "async: simplify lowest_in_progress()"
kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
pipe: actually allow root to exceed the pipe buffer limits
pipe: fix off-by-one error when checking buffer limits
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
Bluetooth: btsdio: Do not bind to non-removable BCM43341
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
ipmi: use dynamic memory for DMI driver override
signal/openrisc: Fix do_unaligned_access to send the proper signal
signal/sh: Ensure si_signo is initialized in do_divide_error
alpha: fix crash if pthread_create races with signal delivery
alpha: osf_sys.c: fix put_tv32 regression
alpha: Fix mixed up args in EXC macro in futex operations
alpha: fix reboot on Avanti platform
alpha: fix formating of stack content
xtensa: fix futex_atomic_cmpxchg_inatomic
EDAC, octeon: Fix an uninitialized variable warning
pinctrl: intel: Initialize GPIO properly when used through irqchip
pinctrl: mcp23s08: fix irq setup order
pinctrl: sx150x: Unregister the pinctrl on release
pinctrl: sx150x: Register pinctrl before adding the gpiochip
pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping
pktcdvd: Fix pkt_setup_dev() error path
pktcdvd: Fix a recently introduced NULL pointer dereference
blk-mq: quiesce queue before freeing queue
clocksource/drivers/stm32: Fix kernel panic with multiple timers
lib/ubsan.c: s/missaligned/misaligned/
lib/ubsan: add type mismatch handler for new GCC/Clang
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
objtool: Fix switch-table detection
arm64: dts: marvell: add Ethernet aliases
drm/i915: Avoid PPS HW/SW state mismatch due to rounding
ACPI: sbshc: remove raw pointer from printk() message
acpi, nfit: fix register dimm error handling
ovl: fix failure to fsync lower dir
ovl: take mnt_want_write() for removing impure xattr
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
devpts: fix error handling in devpts_mntget()
ftrace: Remove incorrect setting of glob search field
scsi: core: Ensure that the SCSI error handler gets woken up
rcu: Export init_rcu_head() and destroy_rcu_head() to GPL modules
scsi: lpfc: Fix crash after bad bar setup on driver attachment
scsi: cxlflash: Reset command ioasc
Linux 4.14.20
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Eric Biggers
|
d9ef400374 |
devpts: fix error handling in devpts_mntget()
commit c9cc8d01fb04117928830449388512a5047569c9 upstream.
If devpts_ptmx_path() returns an error code, then devpts_mntget()
dereferences an ERR_PTR():
BUG: unable to handle kernel paging request at fffffffffffffff5
IP: devpts_mntget+0x13f/0x280 fs/devpts/inode.c:173
Fix it by returning early in the error paths.
Reproducer:
#define _GNU_SOURCE
#include <fcntl.h>
#include <sched.h>
#include <sys/ioctl.h>
#define TIOCGPTPEER _IO('T', 0x41)
int main()
{
for (;;) {
int fd = open("/dev/ptmx", 0);
unshare(CLONE_NEWNS);
ioctl(fd, TIOCGPTPEER, 0);
}
}
Fixes: 311fc65c9fb9 ("pty: Repair TIOCGPTPEER")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Amir Goldstein
|
c7aee3941e |
ovl: take mnt_want_write() for removing impure xattr
commit a5a927a7c82e28ea76599dee4019c41e372c911f upstream.
The optimization in ovl_cache_get_impure() that tries to remove an
unneeded "impure" xattr needs to take mnt_want_write() on upper fs.
Fixes: 4edb83bb1041 ("ovl: constant d_ino for non-merge dirs")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Amir Goldstein
|
e822be7502 |
ovl: fix failure to fsync lower dir
commit d796e77f1dd541fe34481af2eee6454688d13982 upstream. As a writable mount, it is not expected for overlayfs to return EINVAL/EROFS for fsync, even if dir/file is not changed. This commit fixes the case of fsync of directory, which is easier to address, because overlayfs already implements fsync file operation for directories. The problem reported by Raphael is that new PostgreSQL 10.0 with a database in overlayfs where lower layer in squashfs fails to start. The failure is due to fsync error, when PostgreSQL does fsync on all existing db directories on startup and a specific directory exists lower layer with no changes. Reported-by: Raphael Hertzog <raphael@ouaza.com> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Tested-by: Raphaël Hertzog <hertzog@debian.org> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Nikolay Borisov
|
4063cd5683 |
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
commit f3038ee3a3f1017a1cbe9907e31fa12d366c5dcb upstream.
This function was introduced by 247e743cbe6e ("Btrfs: Use async helpers
to deal with pages that have been improperly dirtied") and it didn't do
any error handling then. This function might very well fail in ENOMEM
situation, yet it's not handled, this could lead to inconsistent state.
So let's handle the failure by setting the mapping error bit.
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
703b37d845 |
pipe: fix off-by-one error when checking buffer limits
commit 9903a91c763ecdae333a04a9d89d79d2b8966503 upstream. With pipe-user-pages-hard set to 'N', users were actually only allowed up to 'N - 1' buffers; and likewise for pipe-user-pages-soft. Fix this to allow up to 'N' buffers, as would be expected. Link: http://lkml.kernel.org/r/20180111052902.14409-5-ebiggers3@gmail.com Fixes: b0b91d18e2e9 ("pipe: fix limit checking in pipe_set_size()") Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Willy Tarreau <w@1wt.eu> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Joe Lawrence <joe.lawrence@redhat.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: "Luis R . Rodriguez" <mcgrof@kernel.org> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Cc: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
a125e9a423 |
pipe: actually allow root to exceed the pipe buffer limits
commit 85c2dd5473b2718b4b63e74bfeb1ca876868e11f upstream. pipe-user-pages-hard and pipe-user-pages-soft are only supposed to apply to unprivileged users, as documented in both Documentation/sysctl/fs.txt and the pipe(7) man page. However, the capabilities are actually only checked when increasing a pipe's size using F_SETPIPE_SZ, not when creating a new pipe. Therefore, if pipe-user-pages-hard has been set, the root user can run into it and be unable to create pipes. Similarly, if pipe-user-pages-soft has been set, the root user can run into it and have their pipes limited to 1 page each. Fix this by allowing the privileged override in both cases. Link: http://lkml.kernel.org/r/20180111052902.14409-4-ebiggers3@gmail.com Fixes: 759c01142a5d ("pipe: limit the per-user amount of pages allocated in pipes") Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Joe Lawrence <joe.lawrence@redhat.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: "Luis R . Rodriguez" <mcgrof@kernel.org> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Cc: Mikulas Patocka <mpatocka@redhat.com> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Heiko Carstens
|
7e54b58285 |
fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
commit d0290bc20d4739b7a900ae37eb5d4cc3be2b393f upstream.
Commit df04abfd181a ("fs/proc/kcore.c: Add bounce buffer for ktext
data") added a bounce buffer to avoid hardened usercopy checks. Copying
to the bounce buffer was implemented with a simple memcpy() assuming
that it is always valid to read from kernel memory iff the
kern_addr_valid() check passed.
A simple, but pointless, test case like "dd if=/proc/kcore of=/dev/null"
now can easily crash the kernel, since the former execption handling on
invalid kernel addresses now doesn't work anymore.
Also adding a kern_addr_valid() implementation wouldn't help here. Most
architectures simply return 1 here, while a couple implemented a page
table walk to figure out if something is mapped at the address in
question.
With DEBUG_PAGEALLOC active mappings are established and removed all the
time, so that relying on the result of kern_addr_valid() before
executing the memcpy() also doesn't work.
Therefore simply use probe_kernel_read() to copy to the bounce buffer.
This also allows to simplify read_kcore().
At least on s390 this fixes the observed crashes and doesn't introduce
warnings that were removed with df04abfd181a ("fs/proc/kcore.c: Add
bounce buffer for ktext data"), even though the generic
probe_kernel_read() implementation uses uaccess functions.
While looking into this I'm also wondering if kern_addr_valid() could be
completely removed...(?)
Link: http://lkml.kernel.org/r/20171202132739.99971-1-heiko.carstens@de.ibm.com
Fixes: df04abfd181a ("fs/proc/kcore.c: Add bounce buffer for ktext data")
Fixes: f5509cc18daa ("mm: Hardened usercopy")
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Liu Bo
|
d16919a3fe |
Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all
commit 0198e5b707cfeb5defbd1b71b1ec6e71580d7db9 upstream.
Bio iterated by set_bio_pages_uptodate() is raid56 internal one, so it
will never be a BIO_CLONED bio, and since this is called by end_io
functions, bio->bi_iter.bi_size is zero, we mustn't use
bio_for_each_segment() as that is a no-op if bi_size is zero.
Fixes: 6592e58c6b68e61f003a01ba29a3716e7e2e9484 ("Btrfs: fix write corruption due to bio cloning on raid5/6")
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Ivan Vecera
|
650d3d8512 |
kernfs: fix regression in kernfs_fop_write caused by wrong type
commit ba87977a49913129962af8ac35b0e13e0fa4382d upstream.
Commit b7ce40cff0b9 ("kernfs: cache atomic_write_len in
kernfs_open_file") changes type of local variable 'len' from ssize_t
to size_t. This change caused that the *ppos value is updated also
when the previous write callback failed.
Mentioned snippet:
...
len = ops->write(...); <- return value can be negative
...
if (len > 0) <- true here in this case
*ppos += len;
...
Fixes: b7ce40cff0b9 ("kernfs: cache atomic_write_len in kernfs_open_file")
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Trond Myklebust
|
f1e31607e7 |
NFS: Fix a race between mmap() and O_DIRECT
commit e231c6879cfd44e4fffd384bb6dd7d313249a523 upstream.
When locking the file in order to do O_DIRECT on it, we must unmap
any mmapped ranges on the pagecache so that we can flush out the
dirty data.
Fixes: a5864c999de67 ("NFS: Do not serialise O_DIRECT reads and writes")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
1c38ad2f26 |
NFS: reject request for id_legacy key without auxdata
commit 49686cbbb3ebafe42e63868222f269d8053ead00 upstream.
nfs_idmap_legacy_upcall() is supposed to be called with 'aux' pointing
to a 'struct idmap', via the call to request_key_with_auxdata() in
nfs_idmap_request_key().
However it can also be reached via the request_key() system call in
which case 'aux' will be NULL, causing a NULL pointer dereference in
nfs_idmap_prepare_pipe_upcall(), assuming that the key description is
valid enough to get that far.
Fix this by making nfs_idmap_legacy_upcall() negate the key if no
auxdata is provided.
As usual, this bug was found by syzkaller. A simple reproducer using
the command-line keyctl program is:
keyctl request2 id_legacy uid:0 '' @s
Fixes: 57e62324e469 ("NFS: Store the legacy idmapper result in the keyring")
Reported-by: syzbot+5dfdbcf7b3eb5912abbb@syzkaller.appspotmail.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Trond Myklebust <trondmy@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
J. Bruce Fields
|
60017643c2 |
NFS: commit direct writes even if they fail partially
commit 1b8d97b0a837beaf48a8449955b52c650a7114b4 upstream. If some of the WRITE calls making up an O_DIRECT write syscall fail, we neglect to commit, even if some of the WRITEs succeed. We also depend on the commit code to free the reference count on the nfs_page taken in the "if (request_commit)" case at the end of nfs_direct_write_completion(). The problem was originally noticed because ENOSPC's encountered partway through a write would result in a closed file being sillyrenamed when it should have been unlinked. Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Trond Myklebust
|
6421f29eb8 |
NFS: Fix nfsstat breakage due to LOOKUPP
commit 8634ef5e05311f32d7f2aee06f6b27a8834a3bd6 upstream.
The LOOKUPP operation was inserted into the nfs4_procedures array
rather than being appended, which put /proc/net/rpc/nfs out of
whack, and broke the nfsstat utility.
Fix by moving the LOOKUPP operation to the end of the array, and
by ensuring that it keeps the same length whether or not NFSV4.1
and NFSv4.2 are compiled in.
Fixes: 5b5faaf6df734 ("nfs4: add NFSv4 LOOKUPP handlers")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Trond Myklebust
|
3d03af0064 |
NFS: Add a cond_resched() to nfs_commit_release_pages()
commit 7f1bda447c9bd48b415acedba6b830f61591601f upstream. The commit list can get very large, and so we need a cond_resched() in nfs_commit_release_pages() in order to ensure we don't hog the CPU for excessive periods of time. Reported-by: Mike Galbraith <efault@gmx.de> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Tigran Mkrtchyan
|
3ac2d17a6e |
nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE
commit 7ff4cff637aa0bd2abbd81f53b2a6206c50afd95 upstream.
A pNFS server may return LAYOUTUNAVAILABLE error on LAYOUTGET for files
which don't have any layout. In this situation pnfs_update_layout
currently returns NULL. As this NULL is converted into ENOMEM, IO
requests fails instead of falling back to MDS.
Do not return ENOMEM on LAYOUTUNAVAILABLE and let client retry through
MDS.
Fixes 8d40b0f14846f. I will suggest to backport this fix to affected
stable branches.
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
[trondmy: Use IS_ERR_OR_NULL()]
Fixes: 8d40b0f14846 ("NFS filelayout:call GETDEVICEINFO after...")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Scott Mayhew
|
ace34428fa |
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
commit ba4a76f703ab7eb72941fdaac848502073d6e9ee upstream.
Currently when falling back to doing I/O through the MDS (via
pnfs_{read|write}_through_mds), the client frees the nfs_pgio_header
without releasing the reference taken on the dreq
via pnfs_generic_pg_{read|write}pages -> nfs_pgheader_init ->
nfs_direct_pgio_init. It then takes another reference on the dreq via
nfs_generic_pg_pgios -> nfs_pgheader_init -> nfs_direct_pgio_init and
as a result the requester will become stuck in inode_dio_wait. Once
that happens, other processes accessing the inode will become stuck as
well.
Ensure that pnfs_read_through_mds() and pnfs_write_through_mds() clean
up correctly by calling hdr->completion_ops->completion() instead of
calling hdr->release() directly.
This can be reproduced (sometimes) by performing "storage failover
takeover" commands on NetApp filer while doing direct I/O from a client.
This can also be reproduced using SystemTap to simulate a failure while
doing direct I/O from a client (from Dave Wysochanski
<dwysocha@redhat.com>):
stap -v -g -e 'probe module("nfs_layout_nfsv41_files").function("nfs4_fl_prepare_ds").return { $return=NULL; exit(); }'
Suggested-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Fixes: 1ca018d28d ("pNFS: Fix a memory leak when attempted pnfs fails")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
068e53f9b1 |
ubifs: free the encrypted symlink target
commit 6b46d444146eb8d0b99562795cea8086639d7282 upstream.
ubifs_symlink() forgot to free the kmalloc()'ed buffer holding the
encrypted symlink target, creating a memory leak. Fix it.
(UBIFS could actually encrypt directly into ui->data, removing the
temporary buffer, but that is left for the patch that switches to use
the symlink helper functions.)
Fixes: ca7f85be8d6c ("ubifs: Add support for encrypted symlinks")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Aurelien Aptel
|
4126cdb731 |
CIFS: zero sensitive data when freeing
commit 97f4b7276b829a8927ac903a119bef2f963ccc58 upstream. also replaces memset()+kfree() by kzfree(). Signed-off-by: Aurelien Aptel <aaptel@suse.com> Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |