-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4a/2MACgkQONu9yGCS
aT4BwA//diCficMfLINrc/9bMq3VS2Y+/lnuURMXEM9MJibjQCUS1spc6YhhNFrE
8m3aavAYywjjD3zGHj8KEaKQFDrPQxYQDzPOPK9rxjpxlUFpnYWUGlI2krpwBV6c
8xAekM62sMEIq09EHqqhKVls+WmYi47/pdfGAAt3PUR8c2eTOlxiFsiwq4nuZDdv
rcMkQm87V8Wn1Nq+Dfp6R3U+X9f4DcU5n5cKiGq6ujoalT7h5/jj36JIFxBwMapF
WjpqXMUUeylXxXnNFMUbEMg+lEqJlWfvj1sxdxyMdgS+L9rc9bXk/NTub4TZPaXu
odwMl9RKWjJvFsvn26Pc4s31K2raEhCDYdkVoFTXWsc7vbE4A/h/yAw4Wq+cuBI4
H4fBXYYZ3D0Il9kxYYbfSaki5z1YbI54tkWcrs8f8jli5C0M3Wkkux1TA4HPj2Ja
8zJFH0++cyfpuKRiYXro+H2Tq4KxBwsWEtync8230MEywlTxkz4IIue+SCgVV+WD
jmg/enRjbnkpYBSH1pKOdAAga0kHSxtwWlfLFrjhcgGse8y6sCJhUOPPcQMnf/k0
Jrmc3InHg+mtLiSsJXAp4iGABJlW+W/ouaxaxYoA9wucwQlcgxXpkigl5rOgFTma
153RYc1TSZJAe+cjx42qZxRxcD8/Vg5d6D2tL1otbMSIsD3e7Gk=
=sq63
-----END PGP SIGNATURE-----
Merge 4.14.164 into android-4.14
Changes in 4.14.164
USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein
USB: dummy-hcd: increase max number of devices to 32
locking/spinlock/debug: Fix various data races
netfilter: ctnetlink: netns exit must wait for callbacks
mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
libtraceevent: Fix lib installation with O=
x86/efi: Update e820 with reserved EFI boot services data to fix kexec breakage
efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs
efi/gop: Return EFI_SUCCESS if a usable GOP was found
efi/gop: Fix memory leak in __gop_query32/64()
ARM: vexpress: Set-up shared OPP table instead of individual for each CPU
netfilter: uapi: Avoid undefined left-shift in xt_sctp.h
netfilter: nf_tables: validate NFT_SET_ELEM_INTERVAL_END
ARM: dts: Cygnus: Fix MDIO node address/size cells
spi: spi-cavium-thunderx: Add missing pci_release_regions()
ASoC: topology: Check return value for soc_tplg_pcm_create()
ARM: dts: bcm283x: Fix critical trip point
bpf, mips: Limit to 33 tail calls
ARM: dts: am437x-gp/epos-evm: fix panel compatible
samples: bpf: Replace symbol compare of trace_event
samples: bpf: fix syscall_tp due to unused syscall
powerpc: Ensure that swiotlb buffer is allocated from low memory
bnx2x: Do not handle requests from VFs after parity
bnx2x: Fix logic to get total no. of PFs per engine
net: usb: lan78xx: Fix error message format specifier
rfkill: Fix incorrect check to avoid NULL pointer dereference
ASoC: wm8962: fix lambda value
regulator: rn5t618: fix module aliases
kconfig: don't crash on NULL expressions in expr_eq()
perf/x86/intel: Fix PT PMI handling
fs: avoid softlockups in s_inodes iterators
net: stmmac: Do not accept invalid MTU values
net: stmmac: RX buffer size must be 16 byte aligned
s390/dasd/cio: Interpret ccw_device_get_mdc return value correctly
s390/dasd: fix memleak in path handling error case
block: fix memleak when __blk_rq_map_user_iov() is failed
parisc: Fix compiler warnings in debug_core.c
llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c)
hv_netvsc: Fix unwanted rx_table reset
bpf: reject passing modified ctx to helper functions
bpf: Fix passing modified ctx to ld/abs/ind instruction
PCI/switchtec: Read all 64 bits of part_event_bitmap
mmc: block: Convert RPMB to a character device
mmc: block: Delete mmc_access_rpmb()
mmc: block: Fix bug when removing RPMB chardev
mmc: core: Prevent bus reference leak in mmc_blk_init()
mmc: block: propagate correct returned value in mmc_rpmb_ioctl
gtp: fix bad unlock balance in gtp_encap_enable_socket
macvlan: do not assume mac_header is set in macvlan_broadcast()
net: dsa: mv88e6xxx: Preserve priority when setting CPU port.
net: stmmac: dwmac-sun8i: Allow all RGMII modes
net: stmmac: dwmac-sunxi: Allow all RGMII modes
net: usb: lan78xx: fix possible skb leak
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
USB: core: fix check for duplicate endpoints
USB: serial: option: add Telit ME910G1 0x110a composition
sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
vxlan: fix tos value before xmit
vlan: vlan_changelink() should propagate errors
net: sch_prio: When ungrafting, replace with FIFO
vlan: fix memory leak in vlan_dev_set_egress_priority
Linux 4.14.164
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ifbce6635b5a3df896c29e23dd15098e80ecddeba
[ Upstream commit 04646aebd30b99f2cfa0182435a2ec252fcb16d0 ]
Anything that walks all inodes on sb->s_inodes list without rescheduling
risks softlockups.
Previous efforts were made in 2 functions, see:
c27d82f fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
ac05fbb inode: don't softlockup when evicting inodes
but there hasn't been an audit of all walkers, so do that now. This
also consistently moves the cond_resched() calls to the bottom of each
loop in cases where it already exists.
One loop remains: remove_dquot_ref(), because I'm not quite sure how
to deal with that one w/o taking the i_lock.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Make the anon_inodes facility unconditional so that it can be used by core
VFS code.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit dadd2299ab61fc2b55b95b7b3a8f674cdd3b69c9)
Bug: 135608568
Test: test program using syscall(__NR_sys_pidfd_open,..) and poll()
Change-Id: I2f97bda4f360d8d05bbb603de839717b3d8067ae
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxbC+kACgkQONu9yGCS
aT42nw/+JRU1ek6PaT+4Pzr9HDac3qQP9pQ4WG80X1ZqYdQYGcDkhmoQcHqaXCDe
089OjoPlPToEdjpQhqfmN5i/TNLag4TuZLN6T3LpORWQWEfgnKt3TboSB/MWzCwr
g9qVBEi9xVPU/no/I8M+XshE3v994wf5dhgEFiSxR5kDMwgbq6EdIWQeJZ2OdJg1
x8LRQwqkcvnVns1khKOGweCQAL5GdeXbz+BxNaPs+g1R7li8GUS+UL16yEWvPpMq
+emae6MqKcoyr3leV+dMd1RY+ICJjCPr1RJJlr3M3KYDU5OEfnaih2MxBT1optoI
iABQFs8MNnU/zKt8k2CwMJuXdW6+OnVQq2+gC8ye6aQAQ0dWureyy8zj06vidI7a
eIGDiLGudW8sUtyQOdGko7j9AHmxaTcNPby0voJuj3lJgguThaW+BlIhOct6wBz4
6Em8jnQuaYqA9BG6UChHkf7o8vpfu4r4tI/IY07h7HN4r3HWZJy8F6NszTg531KK
YWEiq6vV+hYHB2t21EEIWy8Ew1sZWo2Nt3Xayk8en23VENaXv7DGxmpQ30Rg6h07
iA1ewCDcps20LlHbROAR73EBF4047R57X1E4TQLyhVncgyPVLvntDodhJSfKe3Ve
UEC+wSWU/eKM11DF/gOjslN/s/JM3EeVmnIeolSkCvRqtIysGFs=
=kskL
-----END PGP SIGNATURE-----
Merge 4.14.98 into android-4.14
Changes in 4.14.98
Fix "net: ipv4: do not handle duplicate fragments as overlapping"
ipv6: Consider sk_bound_dev_if when binding a socket to an address
ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation
l2tp: copy 4 more bytes to linear part if necessary
net/mlx4_core: Add masking for a few queries on HCA caps
netrom: switch to sock timer API
net/rose: fix NULL ax25_cb kernel panic
net: set default network namespace in init_dummy_netdev()
ucc_geth: Reset BQL queue when stopping device
net/mlx5e: Allow MAC invalidation while spoofchk is ON
Revert "net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager"
virtio_net: Don't enable NAPI when interface is down
virtio_net: Don't call free_old_xmit_skbs for xdp_frames
virtio_net: Fix not restoring real_num_rx_queues
sctp: improve the events for sctp stream adding
sctp: improve the events for sctp stream reset
l2tp: remove l2specific_len dependency in l2tp_core
l2tp: fix reading optional fields of L2TPv3
ipvlan, l3mdev: fix broken l3s mode wrt local routes
CIFS: Do not count -ENODATA as failure for query directory
fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions()
selftests/seccomp: Enhance per-arch ptrace syscall skip tests
NFS: Fix up return value on fatal errors in nfs_page_async_flush()
ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
arm64: hyp-stub: Forbid kprobing of the hyp-stub
arm64: hibernate: Clean the __hyp_text to PoC after resume
gpio: altera-a10sr: Set proper output level for direction_output
gpio: pcf857x: Fix interrupts on multiple instances
gfs2: Revert "Fix loop in gfs2_rbm_find"
mmc: bcm2835: Fix DMA channel leak on probe error
ALSA: hda/realtek - Fixed hp_pin no value
IB/hfi1: Remove overly conservative VM_EXEC flag check
platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes
mmc: sdhci-iproc: handle mmc_of_parse() errors during probe
kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
oom, oom_reaper: do not enqueue same task twice
mm, oom: fix use-after-free in oom_kill_process
mm: hwpoison: use do_send_sig_info() instead of force_sig()
mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
md/raid5: fix 'out of memory' during raid cache recovery
cifs: Always resolve hostname before reconnecting
drivers: core: Remove glue dirs from sysfs earlier
fanotify: fix handling of events on child sub-directory
Linux 4.14.98
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit b469e7e47c8a075cc08bcd1e85d4365134bdcdd5 upstream.
When an event is reported on a sub-directory and the parent inode has
a mark mask with FS_EVENT_ON_CHILD|FS_ISDIR, the event will be sent to
fsnotify() even if the event type is not in the parent mark mask
(e.g. FS_OPEN).
Further more, if that event happened on a mount or a filesystem with
a mount/sb mark that does have that event type in their mask, the "on
child" event will be reported on the mount/sb mark. That is not
desired, because user will get a duplicate event for the same action.
Note that the event reported on the victim inode is never merged with
the event reported on the parent inode, because of the check in
should_merge(): old_fsn->inode == new_fsn->inode.
Fix this by looking for a match of an actual event type (i.e. not just
FS_ISDIR) in parent's inode mark mask and by not reporting an "on child"
event to group if event type is only found on mount/sb marks.
[backport hint: The bug seems to have always been in fanotify, but this
patch will only apply cleanly to v4.19.y]
Cc: <stable@vger.kernel.org> # v4.19
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
[amir: backport to v4.9]
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlvm/dUACgkQONu9yGCS
aT6YIg//R0orm3h1s6oX17p8ttPz3SFmC36sOxMfWbmqqdPH2EE7bCHIrAkiKPt/
FTkeD1tSwzpepGrCj4ONG8Se+l2/DuRfMqrAeBmG8XVSyMoVciHdbSL6VUnJWODH
lgmF58pp86a5hssiW2Syd6BZ/bqyubmPx/R7kwFKG76IuUvCBmUZcPSIHO1BtGyJ
NJ5OlbnRJOrE+XOor9segukKhrynQCcQfT7HjOKm3T5PQEtCtsRekO1sPU+Gdhrq
i2PZTOZdDr0YRFac+zqvI/6ufExNffXDYh56MpYyhiRLpDbCnbTxVKlNn5bKmTpA
pPGyn6nSbaqU+BnPDFmApIoQY8UgjZf49n2HhVg4Or3+ArOflqY8z0Jlpu4o7YK7
l+4MUis0uBf67Mbvb8/zuk+N+e0/rFBfHvi1HJ+2Au7o+9Erp7YVLc2plwMUcIAX
6wZzH29Lcl5OrQBEZGmZJ1SWJ7jEHDZrmwRKM1vMqUqZMHG4cE5TLlEcAQTLSWng
QsYF3/cdUzsCA3IeX1ArNIjXeWlitGhRv8tf1aiY238i8oaCKzfF7YbMrahMSk1H
sk1KJzqEGwiLNHG+F7PHjLBmwxfVhQS90Y8kSLjz1MCqx0F3+S7TdZk9JfHI6l3h
7BUMsbc6f/M+IVmmQzlxdw+iMR0PjB+vq4b/pNPoowlXcLvM1qY=
=Ns58
-----END PGP SIGNATURE-----
Merge 4.14.80 into android-4.14
Changes in 4.14.80
eeprom: at24: Add support for address-width property
vfs: swap names of {do,vfs}_clone_file_range()
USB: serial: option: improve Quectel EP06 detection
USB: serial: option: add two-endpoints device-id flag
bpf: fix partial copy of map_ptr when dst is scalar
Revert "ARM: tegra: Fix ULPI regression on Tegra20"
fsnotify: fix ignore mask logic in fsnotify()
gpio: mxs: Get rid of external API call
xfs: truncate transaction does not modify the inobt
cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
ptp: fix Spectre v1 vulnerability
drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl
drm/edid: VSDB yCBCr420 Deep Color mode bit definitions
drm: fb-helper: Reject all pixel format changing requests
RDMA/ucma: Fix Spectre v1 vulnerability
IB/ucm: Fix Spectre v1 vulnerability
cdc-acm: do not reset notification buffer index upon urb unlinking
cdc-acm: correct counting of UART states in serial state notification
cdc-acm: fix race between reset and control messaging
usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()
usb: gadget: storage: Fix Spectre v1 vulnerability
USB: fix the usbfs flag sanitization for control transfers
Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM
sched/fair: Fix throttle_list starvation with low CFS quota
x86/tsc: Force inlining of cyc2ns bits
x86, hibernate: Fix nosave_regions setup for hibernation
x86/percpu: Fix this_cpu_read()
x86/time: Correct the attribute on jiffies' definition
x86/fpu: Fix i486 + no387 boot crash by only saving FPU registers on context switch if there is an FPU
net: fs_enet: do not call phy_stop() in interrupts
Linux 4.14.80
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 9bdda4e9cf2dcecb60a0683b10ffb8cd7e5f2f45 ]
Commit 92183a42898d ("fsnotify: fix ignore mask logic in
send_to_group()") acknoledges the use case of ignoring an event on
an inode mark, because of an ignore mask on a mount mark of the same
group (i.e. I want to get all events on this file, except for the events
that came from that mount).
This change depends on correctly merging the inode marks and mount marks
group lists, so that the mount mark ignore mask would be tested in
send_to_group(). Alas, the merging of the lists did not take into
account the case where event in question is not in the mask of any of
the mount marks.
To fix this, completely remove the tests for inode and mount event masks
from the lists merging code.
Fixes: 92183a42898d ("fsnotify: fix ignore mask logic in send_to_group")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
[amir: backport to v4.14.y]
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsqpOYACgkQONu9yGCS
aT7cZw/+NE0Bmn8BhIyf2h//jWKqQ50epMtuOrROhaB9onBS3gbH00JsH6Aop9jh
9SJdJPveHb+cBEcNGIlx5u/WLvRxG64mDd1GgNcGoFnYOxl9y68XPS+2zlFGI66F
CUqCDQS4DNS5KoXiLBJ48cDtuZNoSdlt8H5bC5qlFs16WIpj41CCG4cbkUk1eDzH
CCR44mw7GxnmsF/44xuswhZZjCzGuOACWnhuYh8/dspGPZYOS0vBCX9RvhjBUFwD
taLu9cm1kq8kQZBwt70+M36+OTwSS/rtVj/2g96l6QrLLCBk+OIjGO0yGaLXcTPx
WA5Lxkt3stQbuttayddNkRsFsE+Cvi0r/wye9zKFxVqhaPad4/87aklHzKAnEehg
Eu1JDR3ds2R4zSjifl7ACo2hWM//xIUcEDz4BvVjJSjVYTQamdsFHatRNl2NEW96
TYgmrbJALdYPIl5AD6hmeCwU2WqjrJPZnV0X5jVcWgVTp07mIag6qxibwUmY0TOa
IfBEXG1zHzAgYycAbQw1OFz0IHavX10tmpmoKZE4ay4vi3Rnt/OIsCZtXnabZbjy
xpiBumMUz3GGdU+5yKT4Iw1Cfg4EEAp9+sWSiJzx+frrB9pn5pafK2/RhdvOCF+8
MGyLOTbjz5v2IvprA5v76lUT1CjXcRbRE+YxmRSemAu1ruetBWY=
=eyGS
-----END PGP SIGNATURE-----
Merge 4.14.51 into android-4.14
Changes in 4.14.51
clocksource/drivers/imx-tpm: Correct some registers operation flow
Input: synaptics-rmi4 - fix an unchecked out of memory error path
KVM: X86: fix incorrect reference of trace_kvm_pi_irte_update
x86: Add check for APIC access address for vmentry of L2 guests
MIPS: io: Prevent compiler reordering writeX()
nfp: ignore signals when communicating with management FW
perf report: Fix switching to another perf.data file
fsnotify: fix ignore mask logic in send_to_group()
MIPS: io: Add barrier after register read in readX()
s390/smsgiucv: disable SMSG on module unload
isofs: fix potential memory leak in mount option parsing
MIPS: dts: Boston: Fix PCI bus dtc warnings:
spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR
doc: Add vendor prefix for Kieback & Peter GmbH
dt-bindings: pinctrl: sunxi: Fix reference to driver
dt-bindings: serial: sh-sci: Add support for r8a77965 (H)SCIF
dt-bindings: dmaengine: rcar-dmac: document R8A77965 support
clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux
ASoC: rt5514: Add the missing register in the readable table
eCryptfs: don't pass up plaintext names when using filename encryption
soc: bcm: raspberrypi-power: Fix use of __packed
soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure
PCI: kirin: Fix reset gpio name
ASoC: topology: Fix bugs of freeing soc topology
xen: xenbus_dev_frontend: Really return response string
ASoC: topology: Check widget kcontrols before deref.
spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo()
blkcg: don't hold blkcg lock when deactivating policy
tipc: fix infinite loop when dumping link monitor summary
scsi: iscsi: respond to netlink with unicast when appropriate
scsi: megaraid_sas: Do not log an error if FW successfully initializes.
scsi: target: fix crash with iscsi target and dvd
netfilter: nf_tables: NAT chain and extensions require NF_TABLES
netfilter: nf_tables: fix out-of-bounds in nft_chain_commit_update
ASoC: msm8916-wcd-analog: use threaded context for mbhc events
drm/msm: Fix possible null dereference on failure of get_pages()
drm/msm/dsi: use correct enum in dsi_get_cmd_fmt
drm/msm: don't deref error pointer in the msm_fbdev_create error path
blkcg: init root blkcg_gq under lock
net: hns: Avoid action name truncation
vfs: Undo an overly zealous MS_RDONLY -> SB_RDONLY conversion
parisc: time: Convert read_persistent_clock() to read_persistent_clock64()
scsi: storvsc: Set up correct queue depth values for IDE devices
scsi: isci: Fix infinite loop in while loop
mm, pagemap: fix swap offset value for PMD migration entry
proc: revalidate kernel thread inodes to root:root
kexec_file: do not add extra alignment to efi memmap
mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create()
usb: typec: ucsi: fix tracepoint related build error
ACPI / PM: Blacklist Low Power S0 Idle _DSM for ThinkPad X1 Tablet(2016)
dt-bindings: meson-uart: DT fix s/clocks-names/clock-names/
powerpc/powernv/memtrace: Let the arch hotunplug code flush cache
net: phy: marvell: clear wol event before setting it
ARM: dts: da850: fix W=1 warnings with pinmux node
ACPI / watchdog: Prefer iTCO_wdt on Lenovo Z50-70
drm/amdkfd: fix clock counter retrieval for node without GPU
thermal: int3403_thermal: Fix NULL pointer deref on module load / probe
net: ethtool: Add missing kernel doc for FEC parameters
arm64: ptrace: remove addr_limit manipulation
HID: lenovo: Add support for IBM/Lenovo Scrollpoint mice
HID: wacom: Release device resource data obtained by devres_alloc()
selftests: ftrace: Add a testcase for multiple actions on trigger
rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp
perf/x86/intel: Don't enable freeze-on-smi for PerfMon V1
remoteproc: qcom: Fix potential device node leaks
rpmsg: added MODULE_ALIAS for rpmsg_char
HID: intel-ish-hid: use put_device() instead of kfree()
blk-mq: fix sysfs inflight counter
arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_mmio_read_apr()
libahci: Allow drivers to override stop_engine
ata: ahci: mvebu: override ahci_stop_engine for mvebu AHCI
x86/cpu/intel: Add missing TLB cpuid values
bpf: fix uninitialized variable in bpf tools
i2c: sprd: Prevent i2c accesses after suspend is called
i2c: sprd: Fix the i2c count issue
tipc: fix bug in function tipc_nl_node_dump_monitor
nvme: depend on INFINIBAND_ADDR_TRANS
nvmet-rdma: depend on INFINIBAND_ADDR_TRANS
ib_srpt: depend on INFINIBAND_ADDR_TRANS
ib_srp: depend on INFINIBAND_ADDR_TRANS
IB: make INFINIBAND_ADDR_TRANS configurable
IB/uverbs: Fix validating mandatory attributes
RDMA/cma: Fix use after destroy access to net namespace for IPoIB
RDMA/iwpm: fix memory leak on map_info
IB/rxe: add RXE_START_MASK for rxe_opcode IB_OPCODE_RC_SEND_ONLY_INV
IB/rxe: avoid double kfree_skb
<linux/stringhash.h>: fix end_name_hash() for 64bit long
IB/core: Make ib_mad_client_id atomic
ARM: davinci: board-da830-evm: fix GPIO lookup for MMC/SD
ARM: davinci: board-da850-evm: fix GPIO lookup for MMC/SD
ARM: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup
ARM: davinci: board-dm355-evm: fix broken networking
dt-bindings: panel: lvds: Fix path to display timing bindings
ARM: OMAP2+: powerdomain: use raw_smp_processor_id() for trace
ARM: dts: logicpd-som-lv: Fix WL127x Startup Issues
ARM: dts: logicpd-som-lv: Fix Audio Mute
Input: atmel_mxt_ts - fix the firmware update
hexagon: add memset_io() helper
hexagon: export csum_partial_copy_nocheck
scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts
bpf, x64: fix memleak when not converging after image
parisc: drivers.c: Fix section mismatches
stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
kthread, sched/wait: Fix kthread_parkme() wait-loop
arm64: tegra: Make BCM89610 PHY interrupt as active low
iommu/vt-d: fix shift-out-of-bounds in bug checking
nvme: fix potential memory leak in option parsing
nvme: Set integrity flag for user passthrough commands
ARM: OMAP1: ams-delta: fix deferred_fiq handler
smc: fix sendpage() call
IB/hfi1 Use correct type for num_user_context
IB/hfi1: Fix memory leak in exception path in get_irq_affinity()
RDMA/cma: Do not query GID during QP state transition to RTR
spi: bcm2835aux: ensure interrupts are enabled for shared handler
sched/core: Introduce set_special_state()
sh: fix build failure for J2 cpu with SMP disabled
tee: check shm references are consistent in offset/size
mac80211: Adjust SAE authentication timeout
drm/omap: silence unititialized variable warning
drm/omap: fix uninitialized ret variable
drm/omap: fix possible NULL ref issue in tiler_reserve_2d
drm/omap: check return value from soc_device_match
drm/omap: handle alloc failures in omap_connector
driver core: add __printf verification to __ata_ehi_pushv_desc
ARM: dts: cygnus: fix irq type for arm global timer
mac80211: use timeout from the AddBA response instead of the request
x86/xen: Reset VCPU0 info pointer after shared_info remap
net: aquantia: driver should correctly declare vlan_features bits
can: dev: increase bus-off message severity
arm64: Add MIDR encoding for NVIDIA CPUs
cifs: smb2ops: Fix listxattr() when there are no EAs
agp: uninorth: make two functions static
tipc: eliminate KMSAN uninit-value in strcmp complaint
qed: Fix l2 initializations over iWARP personality
qede: Fix gfp flags sent to rdma event node allocation
rxrpc: Fix error reception on AF_INET6 sockets
rxrpc: Fix the min security level for kernel calls
KVM: Extend MAX_IRQ_ROUTES to 4096 for all archs
x86: Delay skip of emulated hypercall instruction
ixgbe: return error on unsupported SFP module when resetting
net sched actions: fix invalid pointer dereferencing if skbedit flags missing
init: fix false positives in W+X checking
proc/kcore: don't bounds check against address 0
ocfs2: take inode cluster lock before moving reflinked inode from orphan dir
kprobes/x86: Prohibit probing on exception masking instructions
uprobes/x86: Prohibit probing on MOV SS instruction
objtool, kprobes/x86: Sync the latest <asm/insn.h> header with tools/objtool/arch/x86/include/asm/insn.h
x86/pkeys/selftests: Adjust the self-test to fresh distros that export the pkeys ABI
x86/mpx/selftests: Adjust the self-test to fresh distros that export the MPX ABI
x86/selftests: Add mov_to_ss test
x86/pkeys/selftests: Give better unexpected fault error messages
x86/pkeys/selftests: Stop using assert()
x86/pkeys/selftests: Remove dead debugging code, fix dprint_in_signal
x86/pkeys/selftests: Allow faults on unknown keys
x86/pkeys/selftests: Factor out "instruction page"
x86/pkeys/selftests: Add PROT_EXEC test
x86/pkeys/selftests: Fix pkey exhaustion test off-by-one
x86/pkeys/selftests: Fix pointer math
x86/pkeys/selftests: Save off 'prot' for allocations
x86/pkeys/selftests: Add a test for pkey 0
mtd: Fix comparison in map_word_andequal()
afs: Fix the non-encryption of calls
usb: musb: fix remote wakeup racing with suspend
ARM: keystone: fix platform_domain_notifier array overrun
i2c: pmcmsp: return message count on master_xfer success
i2c: pmcmsp: fix error return from master_xfer
i2c: viperboard: return message count on master_xfer success
ARM: davinci: dm646x: fix timer interrupt generation
ARM: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF
ARM: davinci: board-dm646x-evm: set VPIF capture card name
clk: imx6ull: use OSC clock during AXI rate change
locking/rwsem: Add a new RWSEM_ANONYMOUSLY_OWNED flag
locking/percpu-rwsem: Annotate rwsem ownership transfer by setting RWSEM_OWNER_UNKNOWN
drm/dumb-buffers: Integer overflow in drm_mode_create_ioctl()
sched/debug: Move the print_rt_rq() and print_dl_rq() declarations to kernel/sched/sched.h
sched/deadline: Make the grub_reclaim() function static
parisc: Move setup_profiling_timer() out of init section
efi/libstub/arm64: Handle randomized TEXT_OFFSET
ARM: 8753/1: decompressor: add a missing parameter to the addruart macro
ARM: 8758/1: decompressor: restore r1 and r2 just before jumping to the kernel
ARM: kexec: fix kdump register saving on panic()
Revert "Btrfs: fix scrub to repair raid6 corruption"
Btrfs: fix scrub to repair raid6 corruption
Btrfs: make raid6 rebuild retry more
tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
Linux 4.14.51
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 92183a42898dc400b89da35685d1814ac6acd3d8 ]
The ignore mask logic in send_to_group() does not match the logic
in fanotify_should_send_event(). In the latter, a vfsmount mark ignore
mask precedes an inode mark mask and in the former, it does not.
That difference may cause events to be sent to fanotify backend for no
reason. Fix the logic in send_to_group() to match that of
fanotify_should_send_event().
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlre3ogACgkQONu9yGCS
aT4a8Q//aR1U1nYUiiMwMTgxvWXR5Hic3jtnAxdOkpr6UNa5dDa1tijI5U9poKJW
65EPPQNW29PxIv0UGhLRzdjpL/ac2QhMyW8gmS8ikXMbFPF2JrgvOLSZpWF70cE1
hyFkzbnvavJe0QfWsii7Z+RdrSZMgfZheZMmLh1exv1tEmuYcfAiletdC8f5kTPU
/aS5X9rmJM/Fyw4iQF7NEpYPY4vESsgMd7ZfHifcV07ze6f+lkW+gcKZuVi//eJ1
NJEvSBjSvqbQoHugHvHbV/UM2RwzFFfihm6y94WOurSbToksJ141P/MEBxc9vDae
rCA8Qwq3YZ8vPu5rb8L1UHlpR+CIuanSJnijBhC2Lh6W4CmVA70+lvveqMbZGi/X
Tm9+QlV4F32ogOy+rNvFARoNx7KkWvjZ8kF2a/qgbkqQgPCwSku4anW3abXLQad+
4hYbqAwunq0V1Zi4XoIAjcQWlAokau4jDxfKbpoO7CBUYoia+1vDoK4U1FHsFy77
E4w7LktCecfoqieoBzsD5mZfTG5qrzwNhoxnnZmRGZY81TW9swVZYPkfqamG/Cbk
7HkgOLvtQiwtY5dxsLHvMwbtXzQqxO10KuLBAao6OY9xLEAqamV1v9gGO1WyOzRd
avVUShDL6FQHTRalzcm8K9OLUhOZWDcZLR9XgNwfgxZYjAlfqCA=
=Gbe3
-----END PGP SIGNATURE-----
Merge 4.14.36 into android-4.14
Changes in 4.14.36
tty: make n_tty_read() always abort if hangup is in progress
cpufreq: CPPC: Use transition_delay_us depending transition_latency
ubifs: Check ubifs_wbuf_sync() return code
ubi: fastmap: Don't flush fastmap work on detach
ubi: Fix error for write access
ubi: Reject MLC NAND
mm/ksm.c: fix inconsistent accounting of zero pages
mm/hmm: fix header file if/else/endif maze
mm/hmm: hmm_pfns_bad() was accessing wrong struct
task_struct: only use anon struct under randstruct plugin
fs/reiserfs/journal.c: add missing resierfs_warning() arg
resource: fix integer overflow at reallocation
ipc/shm: fix use-after-free of shm file via remap_file_pages()
mm, slab: reschedule cache_reap() on the same CPU
usb: musb: gadget: misplaced out of bounds check
phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS
usb: gadget: udc: core: update usb_ep_queue() documentation
ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate
KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list
ARM: dts: da850-lego-ev3: Fix battery voltage gpio
ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210
arm: dts: mt7623: fix USB initialization fails on bananapi-r2
ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250
ARM: dts: at91: sama5d4: fix pinctrl compatible string
spi: atmel: init FIFOs before spi enable
spi: Fix scatterlist elements size in spi_map_buf
spi: Fix unregistration of controller with fixed SPI bus number
media: atomisp_fops.c: disable atomisp_compat_ioctl32
media: vivid: check if the cec_adapter is valid
media: vsp1: Fix BRx conditional path in WPF
x86/xen: Delay get_cpu_cap until stack canary is established
xen-netfront: Fix hang on device removal
regmap: Fix reversed bounds check in regmap_raw_write()
ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
USB: gadget: f_midi: fixing a possible double-free in f_midi
USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
usb: dwc3: prevent setting PRTCAP to OTG from debugfs
usb: dwc3: pci: Properly cleanup resource
usb: dwc3: gadget: never call ->complete() from ->ep_queue()
cifs: fix memory leak in SMB2_open()
fix smb3-encryption breakage when CONFIG_DEBUG_SG=y
smb3: Fix root directory when server returns inode number of zero
HID: i2c-hid: fix size check and type usage
i2c: i801: Save register SMBSLVCMD value only once
i2c: i801: Restore configuration at shutdown
CIFS: refactor crypto shash/sdesc allocation&free
CIFS: add sha512 secmech
CIFS: fix sha512 check in cifs_crypto_secmech_release
powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits
powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9
powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
powerpc/kprobes: Fix call trace due to incorrect preempt count
powerpc/kexec_file: Fix error code when trying to load kdump kernel
powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
HID: Fix hid_report_len usage
HID: core: Fix size as type u32
soc: mediatek: fix the mistaken pointer accessed when subdomains are added
ASoC: ssm2602: Replace reg_default_raw with reg_default
ASoC: topology: Fix kcontrol name string handling
thunderbolt: Wait a bit longer for ICM to authenticate the active NVM
thunderbolt: Serialize PCIe tunnel creation with PCI rescan
thunderbolt: Resume control channel after hibernation image is created
thunderbolt: Prevent crash when ICM firmware is not running
irqchip/gic: Take lock when updating irq type
random: use a tighter cap in credit_entropy_bits_safe()
extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO
block: use 32-bit blk_status_t on Alpha
jbd2: if the journal is aborted then don't allow update of the log tail
ext4: shutdown should not prevent get_write_access
ext4: eliminate sleep from shutdown ioctl
ext4: pass -ESHUTDOWN code to jbd2 layer
ext4: don't update checksum of new initialized bitmaps
ext4: protect i_disksize update by i_data_sem in direct write path
ext4: limit xattr size to INT_MAX
ext4: fail ext4_iget for root directory if unallocated
ext4: always initialize the crc32c checksum driver
ext4: don't allow r/w mounts if metadata blocks overlap the superblock
ext4: move call to ext4_error() into ext4_xattr_check_block()
ext4: add bounds checking to ext4_xattr_find_entry()
ext4: add extra checks to ext4_xattr_block_get()
dm crypt: limit the number of allocated pages
RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
RDMA/mlx5: Protect from NULL pointer derefence
RDMA/rxe: Fix an out-of-bounds read
ALSA: pcm: Fix UAF at PCM release via PCM timer access
IB/srp: Fix srp_abort()
IB/srp: Fix completion vector assignment algorithm
dmaengine: at_xdmac: fix rare residue corruption
cxl: Fix possible deadlock when processing page faults from cxllib
tpm: self test failure should not cause suspend to fail
libnvdimm, dimm: fix dpa reservation vs uninitialized label area
libnvdimm, namespace: use a safe lookup for dimm device name
nfit, address-range-scrub: fix scrub in-progress reporting
nfit: skip region registration for incomplete control regions
ring-buffer: Check if memory is available before allocation
um: Compile with modern headers
um: Use POSIX ucontext_t instead of struct ucontext
iommu/vt-d: Fix a potential memory leak
mmc: jz4740: Fix race condition in IRQ mask update
mmc: tmio: Fix error handling when issuing CMD23
PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken
clk: mvebu: armada-38x: add support for missing clocks
clk: fix false-positive Wmaybe-uninitialized warning
clk: mediatek: fix PWM clock source by adding a fixed-factor clock
clk: bcm2835: De-assert/assert PLL reset signal when appropriate
pwm: rcar: Fix a condition to prevent mismatch value setting to duty
thermal: imx: Fix race condition in imx_thermal_probe()
dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4
watchdog: f71808e_wdt: Fix WD_EN register read
vfio/pci: Virtualize Maximum Read Request Size
ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
ALSA: pcm: Avoid potential races between OSS ioctls and read/write
ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
drm/amdgpu: Add an ATPX quirk for hybrid laptop
drm/amdgpu: Fix always_valid bos multiple LRU insertions.
drm/amdgpu/sdma: fix mask in emit_pipeline_sync
drm/amdgpu: Fix PCIe lane width calculation
drm/amdgpu/si: implement get/set pcie_lanes asic callback
drm/rockchip: Clear all interrupts before requesting the IRQ
drm/radeon: add PX quirk for Asus K73TK
drm/radeon: Fix PCIe lane width calculation
ALSA: line6: Use correct endpoint type for midi output
ALSA: rawmidi: Fix missing input substream checks in compat ioctls
ALSA: hda - New VIA controller suppor no-snoop path
ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags
ALSA: hda/realtek - adjust the location of one mic
random: fix crng_ready() test
random: use a different mixing algorithm for add_device_randomness()
random: crng_reseed() should lock the crng instance that it is modifying
random: add new ioctl RNDRESEEDCRNG
HID: input: fix battery level reporting on BT mice
HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
HID: wacom: bluetooth: send exit report for recent Bluetooth devices
MIPS: uaccess: Add micromips clobbers to bzero invocation
MIPS: memset.S: EVA & fault support for small_memset
MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
MIPS: memset.S: Fix clobber of v1 in last_fixup
powerpc/eeh: Fix enabling bridge MMIO windows
powerpc/xive: Fix trying to "push" an already active pool VP
powerpc/lib: Fix off-by-one in alternate feature patching
udf: Fix leak of UTF-16 surrogates into encoded strings
fanotify: fix logic of events on child
mmc: sdhci-pci: Only do AMD tuning for HS200
drm/i915: Correctly handle limited range YCbCr data on VLV/CHV
jffs2_kill_sb(): deal with failed allocations
hypfs_kill_super(): deal with failed allocations
orangefs_kill_sb(): deal with allocation failures
rpc_pipefs: fix double-dput()
Don't leak MNT_INTERNAL away from internal mounts
autofs: mount point create should honour passed in mode
mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
net: dsa: Discard frames from unused ports
iwlwifi: add shared clock PHY config flag for some devices
iwlwifi: add a bunch of new 9000 PCI IDs
Revert "media: lirc_zilog: driver only sends LIRCCODE"
media: staging: lirc_zilog: incorrect reference counting
writeback: safer lock nesting
Linux 4.14.36
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 54a307ba8d3cd00a3902337ffaae28f436eeb1a4 upstream.
When event on child inodes are sent to the parent inode mark and
parent inode mark was not marked with FAN_EVENT_ON_CHILD, the event
will not be delivered to the listener process. However, if the same
process also has a mount mark, the event to the parent inode will be
delivered regadless of the mount mark mask.
This behavior is incorrect in the case where the mount mark mask does
not contain the specific event type. For example, the process adds
a mark on a directory with mask FAN_MODIFY (without FAN_EVENT_ON_CHILD)
and a mount mark with mask FAN_CLOSE_NOWRITE (without FAN_ONDIR).
A modify event on a file inside that directory (and inside that mount)
should not create a FAN_MODIFY event, because neither of the marks
requested to get that event on the file.
Fixes: 1968f5eed54c ("fanotify: use both marks when possible")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqSiwYACgkQONu9yGCS
aT5Z0w//dVBMZvvT1H0J9SzFlyhiGf2UfX1WA5LVPXF/wPVnmAnbVu6R4XosII4T
xqqRPGmwkPaShl+xj775Hqhq/+lGBOT3Hnt7YGLN5Izu8z473mC5VGtYEfRzuUGi
al98aR8jE0TFCX/Jf8hI/JI7ll+oArNaLSMsIz1N2Vb2uE9z+9d2Wis0tfhFyASG
E3WqCDPyq4G4tvUqNhWuDJ587e+KCKyyRbX4XXdKHsidx3deoGvuq3aRypX3FLbA
L6Ee6mmDzCvdwjzL/cVX9xFaOwhYUglz6q55bxOPzLYe7PAu+NL8qou0c+wbuqeG
5COu/jYnsnHyCr3jL2AgkLiKeXcv7i9yEMknndcl/QX7uNv3VHaa+iTHXQOHL01+
xg05SjWHZuK+5WOQ3qCBEUE1Xl9s/snrbe4SSjb496MfFa4XAi93HLa8qVYZvKBS
PziRgXHKrwdUyVHaXlukK+XrxKrkX9MAnFcdCoMAqmAk0IiquhWOi1Rg4wNwqwSd
e3kDnhAIeII7RLE04iaCNVrEE4edFco58TNkxb25MYnaLB1fdZnPL6P4JeYYBKbi
hVdzHYQLHW6hcu+/wO9M94WQlcTV2c4qjXTBmpFTQD8MiUi01FxprlEzq8Z7tsEr
ZsUWlhzWGe0OAJI4ifpxRPF2hiMKaFMKKAKEGGDyAzHj8pSizbs=
=d6BQ
-----END PGP SIGNATURE-----
Merge 4.14.22 into android-4.14
Changes in 4.14.22
usb: core: Add a helper function to check the validity of EP type in URB
vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
kcm: Check if sk_user_data already set in kcm_attach
kcm: Only allow TCP sockets to be attached to a KCM mux
bpf: mark dst unknown on inconsistent {s, u}bounds adjustments
cfg80211: check dev_set_name() return value
mac80211_hwsim: validate number of different channels
esp: Fix GRO when the headers not fully in the linear part of the skb.
xfrm: don't call xfrm_policy_cache_flush while holding spinlock
xfrm: fix rcu usage in xfrm_get_type_offload
xfrm: skip policies marked as dead while rehashing
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
KVM/x86: Check input paging mode when cs.l is set
RDMA/netlink: Fix general protection fault
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
xfrm: check id proto in validate_tmpl()
sctp: set frag_point in sctp_setsockopt_maxseg correctly
blktrace: fix unlocked registration of tracepoints
dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
ALSA: line6: Add a sanity check for invalid EPs
ALSA: caiaq: Add a sanity check for invalid EPs
ALSA: bcd2000: Add a sanity check for invalid EPs
ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
ptr_ring: try vmalloc() when kmalloc() fails
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
selinux: skip bounded transition processing if the policy isn't loaded
media: pvrusb2: properly check endpoint types
crypto: x86/twofish-3way - Fix %rbp usage
staging: android: ion: Add __GFP_NOWARN for system contig heap
staging: android: ion: Switch from WARN to pr_warn
blk_rq_map_user_iov: fix error override
KVM: x86: fix escape of guest dr6 to the host
kcov: detect double association with a single task
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
rds: tcp: correctly sequence cleanup on netns deletion.
rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete
net: avoid skb_warn_bad_offload on IS_ERR
net_sched: gen_estimator: fix lockdep splat
ASoC: ux500: add MODULE_LICENSE tag
video: fbdev/mmp: add MODULE_LICENSE
ARM: 8743/1: bL_switcher: add MODULE_LICENSE tag
arm64: dts: add #cooling-cells to CPU nodes
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
ANDROID: binder: remove WARN() for redundant txn error
ANDROID: binder: synchronize_rcu() when using POLLFREE.
staging: android: ashmem: Fix a race condition in pin ioctls
binder: check for binder_thread allocation failure in binder_poll()
binder: replace "%p" with "%pK"
staging: fsl-mc: fix build testing on x86
staging: iio: adc: ad7192: fix external frequency setting
staging: iio: ad5933: switch buffer mode to software
usbip: keep usbip_device sockfd state in sync with tcp_socket
usb: build drivers/usb/common/ when USB_SUPPORT is set
serdev: fix receive_buf return value when no callback
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: dts: logicpd-som-lv: Fix gpmc addresses for NAND and enet
ARM: dts: logicpd-somlv: Fix wl127x pinmux
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: am437x-cm-t43: Correct the dmas property of spi0
perf record: Fix -c/-F options for cpu event aliases
perf help: Fix a bug during strstart() conversion
perf annotate: Do not truncate instruction names at 6 chars
perf test shell: Fix check open filename arg using 'perf trace' on s390x
perf: Fix header.size for namespace events
perf top: Fix window dimensions change handling
perf bench numa: Fixup discontiguous/sparse numa nodes
perf test: Fix test 21 for s390x
pinctrl: denverton: Fix UART2 RTS pin mode
kvm: arm: don't treat unavailable HYP mode as an error
trace/xdp: fix compile warning: 'struct bpf_map' declared inside parameter list
media: s5k6aa: describe some function parameters
media: ov13858: Select V4L2_FWNODE
net: mvpp2: allocate zeroed tx descriptors
gpio: 74x164: Fix crash during .remove()
gpio: davinci: Assign first bank regs for unbanked case
pinctrl: sunxi: Fix A80 interrupt pin bank
pinctrl: sunxi: Fix A64 UART mux value
IB/hfi1: Initialize bth1 in 16B rc ack builder
meson-gx-socinfo: Fix package id parsing
KVM: arm/arm64: Fix spinlock acquisition in vgic_set_owner
i40iw: Allocate a sdbuf per CQP WQE
i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE
i40iw: Correct ARP index mask
RDMA/cma: Make sure that PSN is not over max allowed
IB/core: Init subsys if compiled to vmlinuz-core
md/raid5: correct degraded calculation in raid5_error
sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune
sfp: fix RX_LOS signal handling
phylink: ensure we take the link down when phylink_stop() is called
md/raid1/10: add missed blk plug
iio: proximity: sx9500: Assign interrupt from GpioIo()
iio: fix kernel-doc build errors
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown
ipvlan: Add the skb->mark as flow4's member to lookup route
m68k: add missing SOFTIRQENTRY_TEXT linker section
powerpc/perf: Fix oops when grouping different pmu events
PM / runtime: Fix handling of suppliers with disabled runtime PM
s390/virtio: add BSD license to virtio-ccw
s390/dasd: prevent prefix I/O error
ARM: dts: Fix elm interrupt compiler warning
nfp: fix port stats for mac representors
gianfar: fix a flooded alignment reports because of padding issue.
net_sched: red: Avoid devision by zero
net_sched: red: Avoid illegal values
VSOCK: fix outdated sk_state value in hvs_release()
KVM: VMX: fix page leak in hardware_setup()
net: qualcomm: rmnet: Fix leak on transmit failure
locking/lockdep: Fix possible NULL deref
btrfs: Fix quota reservation leak on preallocated files
Btrfs: disable FUA if mounted with nobarrier
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
brcmfmac: Avoid build error with make W=1
virtio_net: fix return value check in receive_mergeable()
net: ethernet: arc: fix error handling in emac_rockchip_probe
net: dsa: mv88e6xxx: Fix interrupt masking on removal
net: dsa: mv88e6xxx: Unregister MDIO bus on error path
509: fix printing uninitialized stack memory when OID is empty
gianfar: Disable EEE autoneg by default
scsi: lpfc: Use after free in lpfc_rq_buf_free()
scsi: bfa: fix access to bfad_im_port_s
scsi: bfa: fix type conversion warning
dmaengine: ioat: Fix error handling path
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
xfrm: Fix xfrm_input() to verify state is valid when (encap_type < 0)
netfilter: xt_bpf: add overflow checks
clk: fix a panic error caused by accessing NULL pointer
staging: ccree: Uninitialized return in ssi_ahash_import()
ASoC: rockchip: disable clock on error
spi: sun4i: disable clocks in the remove function
IB/mlx4: Fix RSS hash fields restrictions
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
drm/armada: fix leak of crtc structure
ASoC: rsnd: ssi: fix race condition in rsnd_ssi_pointer_update
drm/vc4: Release fence after signalling
dmaengine: jz4740: disable/unprepare clk if probe fails
usb: dwc3: gadget: Wait longer for controller to end command processing
usb: dwc3: of-simple: fix missing clk_disable_unprepare
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
platform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410
xen: XEN_ACPI_PROCESSOR is Dom0-only
PCI: rcar: Fix use-after-free in probe error path
powerpc/perf/imc: Fix nest-imc cpuhotplug callback failure
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
crypto: talitos - fix Kernel Oops on hashing an empty file
drm/i915: fix intel_backlight_device_register declaration
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
mei: me: add cannon point device ids
mei: me: add cannon point device ids for 4th device
vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems
Linux 4.14.22
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit b3a0066005821acdc0cdb092cb72587182ab583f upstream.
fsnotify_add_mark_locked() can fail but we do not check its return
value. This didn't matter before commit 9dd813c15b2c "fsnotify: Move
mark list head from object into dedicated structure" as none of possible
failures could happen for dnotify but after that commit -ENOMEM can be
returned. Handle this error properly in fcntl_dirnotify() as
otherwise we just hit BUG_ON(dn_mark->dn) in dnotify_free_mark().
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reported-by: syzkaller
Fixes: 9dd813c15b2c101168808d4f5941a29985758973
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This allows filesystems to use their mount private data to
influence the permssions they return in permission2. It has
been separated into a new call to avoid disrupting current
permission users.
Change-Id: I9d416e3b8b6eca84ef3e336bd2af89ddd51df6ca
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Inotify does not currently know when a filesystem
is acting as a wrapper around another fs. This means
that inotify watchers will miss any modifications to
the base file, as well as any made in a separate
stacked fs that points to the same file.
d_canonical_path solves this problem by allowing the fs
to map a dentry to a path in the lower fs. Inotify
can use it to find the appropriate place to watch to
be informed of all changes to a file.
Change-Id: I09563baffad1711a045e45c1bd0bd8713c2cc0b6
Signed-off-by: Daniel Rosenberg <drosen@google.com>
commit 9a31d7ad997f55768c687974ce36b759065b49e5 upstream.
Blind increment of group's user_waits is not enough, we could be far enough
in the group's destruction that it isn't taken into account (i.e. grabbing
the mark ref afterwards doesn't guarantee that it was the ref coming from
the _group_ that was grabbed).
Instead we need to check (under lock) that the mark is still attached to
the group after having obtained a ref to the mark. If not, skip it.
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 9385a84d7e1f ("fsnotify: Pass fsnotify_iter_info into handle_event handler")
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0d6ec079d6aaa098b978d6395973bb027c752a03 upstream.
We may fail to pin one of the marks in fsnotify_prepare_user_wait() when
dropping the srcu read lock, resulting in use after free at the next
iteration.
Solution is to store both marks in iter_info instead of just the one we'll
be sending the event for.
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 9385a84d7e1f ("fsnotify: Pass fsnotify_iter_info into handle_event handler")
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 24c20305c7fc8959836211cb8c50aab93ae0e54f upstream.
This patch doesn't actually fix any bug, just paves the way for fixing mark
and group pinning.
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f37650f1c7c71cf5180b43229d13b421d81e7170 upstream.
If fsnotify_prepare_user_wait() fails, we leave the event on the
notification list. Which will result in a warning in
fsnotify_destroy_event() and later use-after-free.
Instead of adding a new helper to remove the event from the list in this
case, I opted to move the prepare/finish up into fanotify_handle_event().
This will allow these to be moved further out into the generic code later,
and perhaps let us move to non-sleeping RCU.
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 05f0e38724e8 ("fanotify: Release SRCU lock when waiting for userspace response")
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
take_dentry_name_snapshot() takes a safe snapshot of dentry name;
if the name is a short one, it gets copied into caller-supplied
structure, otherwise an extra reference to external name is grabbed
(those are never modified). In either case the pointer to stable
string is stored into the same structure.
dentry must be held by the caller of take_dentry_name_snapshot(),
but may be freely dropped afterwards - the snapshot will stay
until destroyed by release_dentry_name_snapshot().
Intended use:
struct name_snapshot s;
take_dentry_name_snapshot(&s, dentry);
...
access s.name
...
release_dentry_name_snapshot(&s);
Replaces fsnotify_oldname_...(), gets used in fsnotify to obtain the name
to pass down with event.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
When delivering an event to userspace for a file on an NFS share,
if the file is deleted on server side before user reads the event,
user will not get the event.
If the event queue contained several events, the stale event is
quietly dropped and read() returns to user with events read so far
in the buffer.
If the event queue contains a single stale event or if the stale
event is a permission event, read() returns to user with the kernel
internal error code 518 (EOPENSTALE), which is not a POSIX error code.
Check the internal return value -EOPENSTALE in fanotify_read(), just
the same as it is checked in path_openat() and drop the event in the
cases that it is not already dropped.
This is a reproducer from Marko Rauhamaa:
Just take the example program listed under "man fanotify" ("fantest")
and follow these steps:
==============================================================
NFS Server NFS Client(1) NFS Client(2)
==============================================================
# echo foo >/nfsshare/bar.txt
# cat /nfsshare/bar.txt
foo
# ./fantest /nfsshare
Press enter key to terminate.
Listening for events.
# rm -f /nfsshare/bar.txt
# cat /nfsshare/bar.txt
read: Unknown error 518
cat: /nfsshare/bar.txt: Operation not permitted
==============================================================
where NFS Client (1) and (2) are two terminal sessions on a single NFS
Client machine.
Reported-by: Marko Rauhamaa <marko.rauhamaa@f-secure.com>
Tested-by: Marko Rauhamaa <marko.rauhamaa@f-secure.com>
Cc: <linux-api@vger.kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
We recently shifted this code around, so we're no longer holding the
lock on this path.
Fixes: 755b5bc681eb ("fsnotify: Remove indirection from mark list addition")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Pointer to ->free_mark callback unnecessarily occupies one long in each
fsnotify_mark although they are the same for all marks from one
notification group. Move the callback pointer to fsnotify_ops.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Currently we initialize mark->group only in fsnotify_add_mark_lock().
However we will need to access fsnotify_ops of corresponding group from
fsnotify_put_mark() so we need mark->group initialized earlier. Do that
in fsnotify_init_mark() which has a consequence that once
fsnotify_init_mark() is called on a mark, the mark has to be destroyed
by fsnotify_put_mark().
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
inode_mark.c now contains only a single function. Move it to
fs/notify/fsnotify.c and remove inode_mark.c.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
These are very thin wrappers, just remove them. Drop
fs/notify/vfsmount_mark.c as it is empty now.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
The function is already mostly contained in what
fsnotify_clear_marks_by_group() does. Just update that function to not
select marks when all of them should be destroyed and remove
fsnotify_detach_group_marks().
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
The _flags() suffix in the function name was more confusing than
explaining so just remove it. Also rename the argument from 'flags' to
'type' to better explain what the function expects.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Suggested-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Inline these helpers as they are very thin. We still keep them as we
don't want to expose details about how list type is determined.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
These helpers are just very thin wrappers now. Remove them.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
These helpers are now only a simple assignment and just obfuscate
what is going on. Remove them.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
When userspace task processing fanotify permission events screws up and
does not respond, fsnotify_mark_srcu SRCU is held indefinitely which
causes further hangs in the whole notification subsystem. Although we
cannot easily solve the problem of operations blocked waiting for
response from userspace, we can at least somewhat localize the damage by
dropping SRCU lock before waiting for userspace response and reacquiring
it when userspace responds.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Pass fsnotify_iter_info into ->handle_event() handler so that it can
release and reacquire SRCU lock via fsnotify_prepare_user_wait() and
fsnotify_finish_user_wait() functions. These functions also make sure
current marks are appropriately pinned so that iteration protected by
srcu in fsnotify() stays safe.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
fanotify wants to drop fsnotify_mark_srcu lock when waiting for response
from userspace so that the whole notification subsystem is not blocked
during that time. This patch provides a framework for safely getting
mark reference for a mark found in the object list which pins the mark
in that list. We can then drop fsnotify_mark_srcu, wait for userspace
response and then safely continue iteration of the object list once we
reaquire fsnotify_mark_srcu.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Currently we queue all marks for destruction on group shutdown and then
destroy them from fsnotify_destroy_group() instead from a worker thread
which is the usual path. However worker can already be processing some
list of marks to destroy so this does not make 100% all marks are really
destroyed by the time group is shut down. This isn't a big problem as
each mark holds group reference and thus group stays partially alive
until all marks are really freed but there's no point in complicating
our lives - just wait for the delayed work to be finished instead.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Instead of removing mark from object list from fsnotify_detach_mark(),
remove the mark when last reference to the mark is dropped. This will
allow fanotify to wait for userspace response to event without having to
hold onto fsnotify_mark_srcu.
To avoid pinning inodes by elevated refcount (and thus e.g. delaying
file deletion) while someone holds mark reference, we detach connector
from the object also from fsnotify_destroy_marks() and not only after
removing last mark from the list as it was now.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Currently we queue mark into a list of marks for destruction in
__fsnotify_free_mark() and keep the last mark reference dangling. After the
worker waits for SRCU period, it drops the last reference to the mark
which frees it. This scheme has the disadvantage that if we hold
reference to a mark and drop and reacquire SRCU lock, the mark can get
freed immediately which is slightly inconvenient and we will need to
avoid this in the future.
Move to a scheme where queueing of mark into a list of marks for
destruction happens when the last reference to the mark is dropped. Also
drop reference to the mark held by group list already when mark is
removed from that list instead of dropping it only from the destruction
worker.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Dropping mark reference can result in mark being freed. Although it
should not happen in inotify_remove_from_idr() since caller should hold
another reference, just don't risk lock up just after WARN_ON
unnecessarily. Also fold do_inotify_remove_from_idr() into the single
callsite as that function really is just two lines of real code.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Currently we free fsnotify_mark_connector structure only when inode /
vfsmount is getting freed. This can however impose noticeable memory
overhead when marks get attached to inodes only temporarily. So free the
connector structure once the last mark is detached from the object.
Since notification infrastructure can be working with the connector
under the protection of fsnotify_mark_srcu, we have to be careful and
free the fsnotify_mark_connector only after SRCU period passes.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
So far list of marks attached to an object (inode / vfsmount) was
protected by i_lock or mnt_root->d_lock. This dictates that the list
must be empty before the object can be destroyed although the list is
now anchored in the fsnotify_mark_connector structure. Protect the list
by a spinlock in the fsnotify_mark_connector structure to decouple
lifetime of a list of marks from a lifetime of the object. This also
simplifies the code quite a bit since we don't have to differentiate
between inode and vfsmount lists in quite a few places anymore.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
After removing all the indirection it is clear that
hlist_del_init_rcu(&mark->obj_list);
in fsnotify_destroy_marks() is not needed as the mark gets removed from
the list shortly afterwards in fsnotify_destroy_mark() ->
fsnotify_detach_mark() -> fsnotify_detach_from_object(). Also there is
no problem with mark being visible on object list while we call
fsnotify_destroy_mark() as parallel destruction of marks from several
places is properly handled (as mentioned in the comment in
fsnotify_destroy_marks(). So just remove the list removal and also the
stale comment.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
We lock object list lock in fsnotify_detach_from_object() twice - once
to detach mark and second time to recalculate mask. That is unnecessary
and later it will become problematic as we will free the connector as
soon as there is no mark in it. So move recalculation of fsnotify mask
into the same critical section that is detaching mark.
This also removes recalculation of child dentry flags from
fsnotify_detach_from_object(). That is however fine. Those marks will
get recalculated once some event happens on a child.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
fsnotify_detach_mark() calls fsnotify_destroy_inode_mark() or
fsnotify_destroy_vfsmount_mark() to remove mark from object list. These
two functions are however very similar and differ only in the lock they
use to protect the object list of marks. Simplify the code by removing
the indirection and removing mark from the object list in a common
function.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Instead of passing spinlock into fsnotify_destroy_marks() determine it
directly in that function from the connector type. This will reduce code
churn when changing lock protecting list of marks.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Move locking of a mark list into fsnotify_find_mark(). This reduces code
churn in the following patch changing lock protecting the list.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Move locking of locks protecting a list of marks into
fsnotify_recalc_mask(). This reduces code churn in the following patch
which changes the lock protecting the list of marks.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Move fsnotify_destroy_marks() to be later in the fs/notify/mark.c. It
will need some functions that are declared after its current
declaration. No functional change.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Adding notification mark to object list has been currently done through
fsnotify_add_{inode|vfsmount}_mark() helpers from
fsnotify_add_mark_locked() which call fsnotify_add_mark_list(). Remove
this unnecessary indirection to simplify the code.
Pushing all the locking to fsnotify_add_mark_list() also allows us to
allocate the connector structure with GFP_KERNEL mode.
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
