| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit e4648309b85a78f8c787457832269a8712a8673e upstream.
Make sure cached writes are not reordered around open(..., O_TRUNC), with
the obvious wrong results.
Fixes: 4d99ff8f12eb ("fuse: Turn writeback cache on")
Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit b24e7598db62386a95a3c8b9c75630c5d56fe077 upstream.
If writeback cache is enabled, then writes might get reordered with
chmod/chown/utimes. The problem with this is that performing the write in
the fuse daemon might itself change some of these attributes. In such case
the following sequence of operations will result in file ending up with the
wrong mode, for example:
int fd = open ("suid", O_WRONLY|O_CREAT|O_EXCL);
write (fd, "1", 1);
fchown (fd, 0, 0);
fchmod (fd, 04755);
close (fd);
This patch fixes this by flushing pending writes before performing
chown/chmod/utimes.
Reported-by: Giuseppe Scrivano <gscrivan@redhat.com>
Tested-by: Giuseppe Scrivano <gscrivan@redhat.com>
Fixes: 4d99ff8f12eb ("fuse: Turn writeback cache on")
Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 1047ec868332034d1fbcb2fae19fe6d4cb869ff2 ]
Our client can issue multiple SETCLIENTID operations to the same
server in some circumstances. Ensure that calls to
nfs4_proc_setclientid() after the first one do not overwrite the
previously allocated cl_acceptor string.
unreferenced object 0xffff888461031800 (size 32):
comm "mount.nfs", pid 2227, jiffies 4294822467 (age 1407.749s)
hex dump (first 32 bytes):
6e 66 73 40 6b 6c 69 6d 74 2e 69 62 2e 31 30 31 nfs@klimt.ib.101
35 67 72 61 6e 67 65 72 2e 6e 65 74 00 00 00 00 5granger.net....
backtrace:
[<00000000ab820188>] __kmalloc+0x128/0x176
[<00000000eeaf4ec8>] gss_stringify_acceptor+0xbd/0x1a7 [auth_rpcgss]
[<00000000e85e3382>] nfs4_proc_setclientid+0x34e/0x46c [nfsv4]
[<000000003d9cf1fa>] nfs40_discover_server_trunking+0x7a/0xed [nfsv4]
[<00000000b81c3787>] nfs4_discover_server_trunking+0x81/0x244 [nfsv4]
[<000000000801b55f>] nfs4_init_client+0x1b0/0x238 [nfsv4]
[<00000000977daf7f>] nfs4_set_client+0xfe/0x14d [nfsv4]
[<0000000053a68a2a>] nfs4_create_server+0x107/0x1db [nfsv4]
[<0000000088262019>] nfs4_remote_mount+0x2c/0x59 [nfsv4]
[<00000000e84a2fd0>] legacy_get_tree+0x2d/0x4c
[<00000000797e947c>] vfs_get_tree+0x20/0xc7
[<00000000ecabaaa8>] fc_mount+0xe/0x36
[<00000000f15fafc2>] vfs_kern_mount+0x74/0x8d
[<00000000a3ff4e26>] nfs_do_root_mount+0x8a/0xa3 [nfsv4]
[<00000000d1c2b337>] nfs4_try_mount+0x58/0xad [nfsv4]
[<000000004c9bddee>] nfs_fs_mount+0x820/0x869 [nfs]
Fixes: f11b2a1cfbf5 ("nfs4: copy acceptor name from context ... ")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
ocfs2_info_scan_inode_alloc()
[ Upstream commit 2abb7d3b12d007c30193f48bebed781009bebdd2 ]
In ocfs2_info_scan_inode_alloc(), there is an if statement on line 283
to check whether inode_alloc is NULL:
if (inode_alloc)
When inode_alloc is NULL, it is used on line 287:
ocfs2_inode_lock(inode_alloc, &bh, 0);
ocfs2_inode_lock_full_nested(inode, ...)
struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
Thus, a possible null-pointer dereference may occur.
To fix this bug, inode_alloc is checked on line 286.
This bug is found by a static analysis tool STCheck written by us.
Link: http://lkml.kernel.org/r/20190726033717.32359-1-baijiaju1990@gmail.com
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 56e94ea132bb5c2c1d0b60a6aeb34dcb7d71a53d ]
In ocfs2_xa_prepare_entry(), there is an if statement on line 2136 to
check whether loc->xl_entry is NULL:
if (loc->xl_entry)
When loc->xl_entry is NULL, it is used on line 2158:
ocfs2_xa_add_entry(loc, name_hash);
loc->xl_entry->xe_name_hash = cpu_to_le32(name_hash);
loc->xl_entry->xe_name_offset = cpu_to_le16(loc->xl_size);
and line 2164:
ocfs2_xa_add_namevalue(loc, xi);
loc->xl_entry->xe_value_size = cpu_to_le64(xi->xi_value_len);
loc->xl_entry->xe_name_len = xi->xi_name_len;
Thus, possible null-pointer dereferences may occur.
To fix these bugs, if loc-xl_entry is NULL, ocfs2_xa_prepare_entry()
abnormally returns with -EINVAL.
These bugs are found by a static analysis tool STCheck written by us.
[akpm@linux-foundation.org: remove now-unused ocfs2_xa_add_entry()]
Link: http://lkml.kernel.org/r/20190726101447.9153-1-baijiaju1990@gmail.com
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit dd19c106a36690b47bb1acc68372f2b472b495b8 ]
After 'Initial git repository build' commit,
'mapping_table_ERRHRD' variable has not been used.
So 'mapping_table_ERRHRD' const variable could be removed
to mute below warning message:
fs/cifs/netmisc.c:120:40: warning: unused variable 'mapping_table_ERRHRD' [-Wunused-const-variable]
static const struct smb_to_posix_error mapping_table_ERRHRD[] = {
^
Signed-off-by: Austin Kim <austindh.kim@gmail.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit b5372fe5dc84235dbe04998efdede3c4daa866a9 ]
Commit 8099b047ecc4 ("exec: load_script: don't blindly truncate
shebang string") was trying to protect against a confused exec of a
truncated interpreter path. However, it was overeager and also refused
to truncate arguments as well, which broke userspace, and it was
reverted. This attempts the protection again, but allows arguments to
remain truncated. In an effort to improve readability, helper functions
and comments have been added.
Co-developed-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Samuel Dionne-Riel <samuel@dionne-riel.com>
Cc: Richard Weinberger <richard.weinberger@gmail.com>
Cc: Graham Christensen <graham@grahamc.com>
Cc: Michal Hocko <mhocko@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* refs/heads/tmp-dbd0162
Linux 4.4.198
RDMA/cxgb4: Do not dma memory off of the stack
net: sched: Fix memory exposure from short TCA_U32_SEL
PCI: PM: Fix pci_power_up()
xen/netback: fix error path of xenvif_connect_data()
cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
CIFS: avoid using MID 0xFFFF
parisc: Fix vmap memory leak in ioremap()/iounmap()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
mm/slub: fix a deadlock in show_slab_objects()
scsi: zfcp: fix reaction on bit error threshold notification
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
mac80211: Reject malformed SSID elements
cfg80211: wext: avoid copying malformed SSIDs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
scsi: core: try to get module before removing device
USB: ldusb: fix read info leaks
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix memleak on disconnect
USB: serial: ti_usb_3410_5052: fix port-close races
usb: udc: lpc32xx: fix bad bit shift operation
USB: legousbtower: fix memleak on disconnect
memfd: Fix locking when tagging pins
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
net: avoid potential infinite loop in tc_ctl_action()
sctp: change sctp_prot .no_autobind with true
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
namespace: fix namespace.pl script to support relative paths
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
nl80211: fix null pointer dereference
ARM: dts: am4372: Set memory bandwidth limit for DISPC
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
scsi: megaraid: disable device when probe failed after enabled device
scsi: ufs: skip shutdown if hba is not powered
rtlwifi: Fix potential overflow on P2P code
ANDROID: clang: update to 9.0.8 based on r365631c
ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
ANDROID: refactor build.config files to remove duplication
Conflicts:
drivers/block/loop.c
Change-Id: I68d2106c6480b9a2573f31302b0c75922f427732
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.198
scsi: ufs: skip shutdown if hba is not powered
scsi: megaraid: disable device when probe failed after enabled device
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
ARM: dts: am4372: Set memory bandwidth limit for DISPC
nl80211: fix null pointer dereference
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
namespace: fix namespace.pl script to support relative paths
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
sctp: change sctp_prot .no_autobind with true
net: avoid potential infinite loop in tc_ctl_action()
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
memfd: Fix locking when tagging pins
USB: legousbtower: fix memleak on disconnect
usb: udc: lpc32xx: fix bad bit shift operation
USB: serial: ti_usb_3410_5052: fix port-close races
USB: ldusb: fix memleak on disconnect
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix read info leaks
scsi: core: try to get module before removing device
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
cfg80211: wext: avoid copying malformed SSIDs
mac80211: Reject malformed SSID elements
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
scsi: zfcp: fix reaction on bit error threshold notification
mm/slub: fix a deadlock in show_slab_objects()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
parisc: Fix vmap memory leak in ioremap()/iounmap()
CIFS: avoid using MID 0xFFFF
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
xen/netback: fix error path of xenvif_connect_data()
PCI: PM: Fix pci_power_up()
net: sched: Fix memory exposure from short TCA_U32_SEL
RDMA/cxgb4: Do not dma memory off of the stack
Linux 4.4.198
Change-Id: Ibaaa507ab0873375f5ad9ef2d53982aa8d346599
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 4b654acdae850f48b8250b9a578a4eaa518c7a6f upstream.
In btrfs_read_block_groups(), if we have an invalid block group which
has mixed type (DATA|METADATA) while the fs doesn't have MIXED_GROUPS
feature, we error out without freeing the block group cache.
This patch will add the missing btrfs_put_block_group() to prevent
memory leak.
Note for stable backports: the file to patch in versions <= 5.3 is
fs/btrfs/extent-tree.c
Fixes: 49303381f19a ("Btrfs: bail out if block group has different mixed flag")
CC: stable@vger.kernel.org # 4.9+
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 03d9a9fe3f3aec508e485dd3dcfa1e99933b4bdb upstream.
According to MS-CIFS specification MID 0xFFFF should not be used by the
CIFS client, but we actually do. Besides, this has proven to cause races
leading to oops between SendReceive2/cifs_demultiplex_thread. On SMB1,
MID is a 2 byte value easy to reach in CurrentMid which may conflict with
an oplock break notification request coming from server
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* refs/heads/tmp-93ec8fb
Linux 4.4.197
xfs: clear sb->s_fs_info on mount failure
x86/asm: Fix MWAITX C-state hint value
tracing: Get trace_array reference for available_tracers files
media: stkwebcam: fix runtime PM after driver unbind
CIFS: Force revalidate inode when dentry is stale
cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
arm64: Rename cpuid_feature field extract routines
arm64: capabilities: Handle sign of the feature bit
kernel/sysctl.c: do not override max_threads provided by userspace
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
CIFS: Gracefully handle QueryInfo errors during open
perf llvm: Don't access out-of-scope array
iio: light: opt3001: fix mutex unlock race
iio: adc: ad799x: fix probe error handling
staging: vt6655: Fix memory leak in vt6655_probe
USB: legousbtower: fix use-after-free on release
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix slab info leak at probe
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
USB: dummy-hcd: fix power budget for SuperSpeed mode
USB: microtek: fix info-leak at probe
USB: usblcd: fix I/O after disconnect
USB: serial: fix runtime PM after driver unbind
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: option: add Telit FN980 compositions
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: keyspan: fix NULL-derefs on open() and write()
serial: uartlite: fix exit path null pointer
USB: ldusb: fix NULL-derefs on driver unbind
USB: chaoskey: fix use-after-free on release
USB: usblp: fix runtime PM after driver unbind
USB: iowarrior: fix use-after-free after driver unbind
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: adutux: fix use-after-free on release
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on disconnect
USB: adutux: remove redundant variable minor
xhci: Increase STS_SAVE timeout in xhci_suspend()
usb: xhci: wait for CNR controller not ready bit in xhci resume
xhci: Check all endpoints for LPM timeout
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
USB: usb-skeleton: fix NULL-deref on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: yurex: fix NULL-derefs on disconnect
USB: yurex: Don't retry on unexpected errors
USB: rio500: Remove Rio 500 kernel driver
panic: ensure preemption is disabled during panic()
ASoC: sgtl5000: Improve VAG power and mute control
nl80211: validate beacon head
cfg80211: Use const more consistently in for_each_element macros
cfg80211: add and use strongly typed element iteration macros
crypto: caam - fix concurrency issue in givencrypt descriptor
perf stat: Fix a segmentation fault when using repeat forever
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
kernel/elfcore.c: include proper prototypes
fuse: fix memleak in cuse_channel_open
thermal: Fix use-after-free when unregistering thermal zone device
drm/amdgpu: Check for valid number of registers to read
ceph: fix directories inode i_blkbits initialization
xen/pci: reserve MCFG areas earlier
9p: avoid attaching writeback_fid on mmap with type PRIVATE
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
ima: always return negative code for error
cfg80211: initialize on-stack chandefs
ieee802154: atusb: fix use-after-free at disconnect
crypto: qat - Silence smp_processor_id() warning
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
ASoC: Define a set of DAPM pre/post-up events
KVM: nVMX: handle page fault in vmread fix
s390/cio: exclude subchannels with no parent from pseudo check
s390/cio: avoid calling strlen on null pointer
s390/topology: avoid firing events before kobjs are created
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
Change-Id: I948ef653eafcff32197e1886e13548b32be2d0ad
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.197
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
s390/topology: avoid firing events before kobjs are created
s390/cio: avoid calling strlen on null pointer
s390/cio: exclude subchannels with no parent from pseudo check
KVM: nVMX: handle page fault in vmread fix
ASoC: Define a set of DAPM pre/post-up events
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
crypto: qat - Silence smp_processor_id() warning
ieee802154: atusb: fix use-after-free at disconnect
cfg80211: initialize on-stack chandefs
ima: always return negative code for error
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
9p: avoid attaching writeback_fid on mmap with type PRIVATE
xen/pci: reserve MCFG areas earlier
ceph: fix directories inode i_blkbits initialization
drm/amdgpu: Check for valid number of registers to read
thermal: Fix use-after-free when unregistering thermal zone device
fuse: fix memleak in cuse_channel_open
kernel/elfcore.c: include proper prototypes
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
perf stat: Fix a segmentation fault when using repeat forever
crypto: caam - fix concurrency issue in givencrypt descriptor
cfg80211: add and use strongly typed element iteration macros
cfg80211: Use const more consistently in for_each_element macros
nl80211: validate beacon head
ASoC: sgtl5000: Improve VAG power and mute control
panic: ensure preemption is disabled during panic()
USB: rio500: Remove Rio 500 kernel driver
USB: yurex: Don't retry on unexpected errors
USB: yurex: fix NULL-derefs on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: usb-skeleton: fix NULL-deref on disconnect
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
xhci: Check all endpoints for LPM timeout
usb: xhci: wait for CNR controller not ready bit in xhci resume
xhci: Increase STS_SAVE timeout in xhci_suspend()
USB: adutux: remove redundant variable minor
USB: adutux: fix use-after-free on disconnect
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free after driver unbind
USB: usblp: fix runtime PM after driver unbind
USB: chaoskey: fix use-after-free on release
USB: ldusb: fix NULL-derefs on driver unbind
serial: uartlite: fix exit path null pointer
USB: serial: keyspan: fix NULL-derefs on open() and write()
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: option: add Telit FN980 compositions
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: fix runtime PM after driver unbind
USB: usblcd: fix I/O after disconnect
USB: microtek: fix info-leak at probe
USB: dummy-hcd: fix power budget for SuperSpeed mode
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
USB: legousbtower: fix slab info leak at probe
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix use-after-free on release
staging: vt6655: Fix memory leak in vt6655_probe
iio: adc: ad799x: fix probe error handling
iio: light: opt3001: fix mutex unlock race
perf llvm: Don't access out-of-scope array
CIFS: Gracefully handle QueryInfo errors during open
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
kernel/sysctl.c: do not override max_threads provided by userspace
arm64: capabilities: Handle sign of the feature bit
arm64: Rename cpuid_feature field extract routines
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
CIFS: Force revalidate inode when dentry is stale
media: stkwebcam: fix runtime PM after driver unbind
tracing: Get trace_array reference for available_tracers files
x86/asm: Fix MWAITX C-state hint value
xfs: clear sb->s_fs_info on mount failure
Linux 4.4.197
Change-Id: I0879b08629040431c71dae0d8b5474863d5e0391
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82 upstream.
We recently had an oops reported on a 4.14 kernel in
xfs_reclaim_inodes_count() where sb->s_fs_info pointed to garbage
and so the m_perag_tree lookup walked into lala land.
Essentially, the machine was under memory pressure when the mount
was being run, xfs_fs_fill_super() failed after allocating the
xfs_mount and attaching it to sb->s_fs_info. It then cleaned up and
freed the xfs_mount, but the sb->s_fs_info field still pointed to
the freed memory. Hence when the superblock shrinker then ran
it fell off the bad pointer.
With the superblock shrinker problem fixed at teh VFS level, this
stale s_fs_info pointer is still a problem - we use it
unconditionally in ->put_super when the superblock is being torn
down, and hence we can still trip over it after a ->fill_super
call failure. Hence we need to clear s_fs_info if
xfs-fs_fill_super() fails, and we need to check if it's valid in
the places it can potentially be dereferenced after a ->fill_super
failure.
Signed-Off-By: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Ajay Kaher <akaher@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit c82e5ac7fe3570a269c0929bf7899f62048e7dbc ]
Currently the client indicates that a dentry is stale when inode
numbers or type types between a local inode and a remote file
don't match. If this is the case attributes is not being copied
from remote to local, so, it is already known that the local copy
has stale metadata. That's why the inode needs to be marked for
revalidation in order to tell the VFS to lookup the dentry again
before openning a file. This prevents unexpected stale errors
to be returned to the user space when openning a file.
Cc: <stable@vger.kernel.org>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit a108471b5730b52017e73b58c9f486319d2ac308 ]
Commit 7196ac113a4f ("Fix to check Unique id and FileType when client
refer file directly.") checks whether the uniqueid of an inode has
changed when getting the inode info, but only when using the UNIX
extensions. Add a similar check for SMB2+, since this can be done
without an extra network roundtrip.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 0b3d0ef9840f7be202393ca9116b857f6f793715 upstream.
Mark inode for force revalidation if LOOKUP_REVAL flag is set.
This tells the client to actually send a QueryInfo request to
the server to obtain the latest metadata in case a directory
or a file were changed remotely. Only do that if the client
doesn't have a lease for the file to avoid unneeded round
trips to the server.
Cc: <stable@vger.kernel.org>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 30573a82fb179420b8aac30a3a3595aa96a93156 upstream.
Currently if the client identifies problems when processing
metadata returned in CREATE response, the open handle is being
leaked. This causes multiple problems like a file missing a lease
break by that client which causes high latencies to other clients
accessing the file. Another side-effect of this is that the file
can't be deleted.
Fix this by closing the file after the client hits an error after
the file was opened and the open descriptor wasn't returned to
the user space. Also convert -ESTALE to -EOPENSTALE to allow
the VFS to revalidate a dentry and retry the open.
Cc: <stable@vger.kernel.org>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 9ad09b1976c562061636ff1e01bfc3a57aebe56b ]
If cuse_send_init fails, need to fuse_conn_put cc->fc.
cuse_channel_open->fuse_conn_init->refcount_set(&fc->count, 1)
->fuse_dev_alloc->fuse_conn_get
->fuse_dev_free->fuse_conn_put
Fixes: cc080e9e9be1 ("fuse: introduce per-instance fuse_dev structure")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 750670341a24cb714e624e0fd7da30900ad93752 ]
When filling an inode with info from the MDS, i_blkbits is being
initialized using fl_stripe_unit, which contains the stripe unit in
bytes. Unfortunately, this doesn't make sense for directories as they
have fl_stripe_unit set to '0'. This means that i_blkbits will be set
to 0xff, causing an UBSAN undefined behaviour in i_blocksize():
UBSAN: Undefined behaviour in ./include/linux/fs.h:731:12
shift exponent 255 is too large for 32-bit type 'int'
Fix this by initializing i_blkbits to CEPH_BLOCK_SHIFT if fl_stripe_unit
is zero.
Signed-off-by: Luis Henriques <lhenriques@suse.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit c87a37ebd40b889178664c2c09cc187334146292 ]
Currently on mmap cache policy, we always attach writeback_fid
whether mmap type is SHARED or PRIVATE. However, in the use case
of kata-container which combines 9p(Guest OS) with overlayfs(Host OS),
this behavior will trigger overlayfs' copy-up when excute command
inside container.
Link: http://lkml.kernel.org/r/20190820100325.10313-1-cgxu519@zoho.com.cn
Signed-off-by: Chengguang Xu <cgxu519@zoho.com.cn>
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit e2751463eaa6f9fec8fea80abbdc62dbc487b3c5 ]
In encode_attrs(), there is an if statement on line 1145 to check
whether label is NULL:
if (label && (attrmask[2] & FATTR4_WORD2_SECURITY_LABEL))
When label is NULL, it is used on lines 1178-1181:
*p++ = cpu_to_be32(label->lfs);
*p++ = cpu_to_be32(label->pi);
*p++ = cpu_to_be32(label->len);
p = xdr_encode_opaque_fixed(p, label->label, label->len);
To fix these bugs, label is checked before being used.
These bugs are found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* refs/heads/tmp-736005d
Linux 4.4.196
NFC: fix attrs checks in netlink interface
smack: use GFP_NOFS while holding inode_smack::smk_lock
Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
net/rds: Fix error handling in rds_ib_add_one()
xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
sch_dsmark: fix potential NULL deref in dsmark_init()
nfc: fix memory leak in llcp_sock_bind()
net: qlogic: Fix memory leak in ql_alloc_large_buffers
net: ipv4: avoid mixed n_redirects and rate_tokens usage
ipv6: drop incoming packets having a v4mapped source address
hso: fix NULL-deref on tty open
ANDROID: binder: synchronize_rcu() when using POLLFREE.
ANDROID: binder: remove waitqueue when thread exits.
kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
ocfs2: wait for recovering done after direct unlock request
hypfs: Fix error number left in struct pointer member
fat: work around race with userspace's read via blockdev while mounting
security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
HID: apple: Fix stuck function keys when using FN
ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
mfd: intel-lpss: Remove D3cold delay
scsi: core: Reduce memory required for SCSI logging
powerpc/pseries: correctly track irq state in default idle
powerpc/64s/exception: machine check use correct cfar for late handler
vfio_pci: Restore original state on release
pinctrl: tegra: Fix write barrier placement in pmx_writel
powerpc/pseries/mobility: use cond_resched when updating device tree
powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
powerpc/rtas: use device model APIs and serialization during LPM
clk: sirf: Don't reference clk_init_data after registration
clk: qoriq: Fix -Wunused-const-variable
ipmi_si: Only schedule continuously in the thread in maintenance mode
gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
video: ssd1307fb: Start page range at page_offset
Change-Id: If2b47b65954e56510e7a8b963a7110ebc9a4f1cc
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.196
video: ssd1307fb: Start page range at page_offset
gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
ipmi_si: Only schedule continuously in the thread in maintenance mode
clk: qoriq: Fix -Wunused-const-variable
clk: sirf: Don't reference clk_init_data after registration
powerpc/rtas: use device model APIs and serialization during LPM
powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
powerpc/pseries/mobility: use cond_resched when updating device tree
pinctrl: tegra: Fix write barrier placement in pmx_writel
vfio_pci: Restore original state on release
powerpc/64s/exception: machine check use correct cfar for late handler
powerpc/pseries: correctly track irq state in default idle
scsi: core: Reduce memory required for SCSI logging
mfd: intel-lpss: Remove D3cold delay
ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
HID: apple: Fix stuck function keys when using FN
security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
fat: work around race with userspace's read via blockdev while mounting
hypfs: Fix error number left in struct pointer member
ocfs2: wait for recovering done after direct unlock request
kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
ANDROID: binder: remove waitqueue when thread exits.
ANDROID: binder: synchronize_rcu() when using POLLFREE.
hso: fix NULL-deref on tty open
ipv6: drop incoming packets having a v4mapped source address
net: ipv4: avoid mixed n_redirects and rate_tokens usage
net: qlogic: Fix memory leak in ql_alloc_large_buffers
nfc: fix memory leak in llcp_sock_bind()
sch_dsmark: fix potential NULL deref in dsmark_init()
xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
net/rds: Fix error handling in rds_ib_add_one()
sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
smack: use GFP_NOFS while holding inode_smack::smk_lock
NFC: fix attrs checks in netlink interface
Linux 4.4.196
Change-Id: I7e03bb3ca1865988df014b8e38336b76430842a9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 0a3775e4f883912944481cf2ef36eb6383a9cc74 ]
There is a scenario causing ocfs2 umount hang when multiple hosts are
rebooting at the same time.
NODE1 NODE2 NODE3
send unlock requset to NODE2
dies
become recovery master
recover NODE2
find NODE2 dead
mark resource RECOVERING
directly remove lock from grant list
calculate usage but RECOVERING marked
**miss the window of purging
clear RECOVERING
To reproduce this issue, crash a host and then umount ocfs2
from another node.
To solve this, just let unlock progress wait for recovery done.
Link: http://lkml.kernel.org/r/1550124866-20367-1-git-send-email-gechangwei@live.cn
Signed-off-by: Changwei Ge <gechangwei@live.cn>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 07bfa4415ab607e459b69bd86aa7e7602ce10b4f ]
If userspace reads the buffer via blockdev while mounting,
sb_getblk()+modify can race with buffer read via blockdev.
For example,
FS userspace
bh = sb_getblk()
modify bh->b_data
read
ll_rw_block(bh)
fill bh->b_data by on-disk data
/* lost modified data by FS */
set_buffer_uptodate(bh)
set_buffer_uptodate(bh)
Userspace should not use the blockdev while mounting though, the udev
seems to be already doing this. Although I think the udev should try to
avoid this, workaround the race by small overhead.
Link: http://lkml.kernel.org/r/87pnk7l3sw.fsf_-_@mail.parknet.co.jp
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Reported-by: Jan Stancek <jstancek@redhat.com>
Tested-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* refs/heads/tmp-4af3204
Linux 4.4.195
Btrfs: fix race setting up and completing qgroup rescan workers
btrfs: Relinquish CPUs in btrfs_compare_trees
Btrfs: fix use-after-free when using the tree modification log
ovl: filter of trusted xattr results in audit
CIFS: Fix oplock handling for SMB 2.1+ protocols
i2c: riic: Clear NACK in tend isr
hwrng: core - don't wait on add_early_randomness()
quota: fix wrong condition in is_quota_modification()
ext4: fix punch hole for inline_data file systems
/dev/mem: Bail out upon SIGKILL.
cfg80211: Purge frame registrations on iftype change
md/raid6: Set R5_ReadError when there is read failure on parity disk
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
ASoC: Intel: Fix use of potentially uninitialized variable
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
KVM: x86: Manually calculate reserved bits when loading PDPTRS
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: always stop emulation on page fault
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
fuse: fix missing unlock_page in fuse_writepage()
printk: Do not lose last line in kmsg buffer dump
ALSA: firewire-tascam: check intermediate state of clock status and retry
ALSA: firewire-tascam: handle error code when getting current source of clock
media: omap3isp: Set device on omap3isp subdevs
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
libertas: Add missing sentinel at end of if_usb.c fw_table
mmc: sdhci: Fix incorrect switch to HS mode
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
kprobes: Prohibit probing on BUG() and WARN() address
dmaengine: ti: edma: Do not reset reserved paRAM slots
md/raid1: fail run raid1 array when active disk less than one
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
ACPI: custom_method: fix memory leaks
libtraceevent: Change users plugin directory
ACPI / CPPC: do not require the _PSD method
media: ov9650: add a sanity check
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
media: cpia2_usb: fix memory leaks
media: saa7146: add cleanup in hexium_attach()
media: hdpvr: add terminating 0 at end of string
media: radio/si470x: kill urb on error
net: lpc-enet: fix printk format strings
media: omap3isp: Don't set streaming state on random subdevs
dmaengine: iop-adma: use correct printk format strings
media: gspca: zero usb_buf on error
efi: cper: print AER info of PCIe fatal error
md: don't set In_sync if array is frozen
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
ia64:unwind: fix double free for mod->arch.init_unw_table
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
base: soc: Export soc_device_register/unregister APIs
media: iguanair: add sanity checks
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
ALSA: hda - Show the fatal CORB/RIRB error more clearly
x86/apic: Soft disable APIC before initializing it
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
sched/core: Fix CPU controller for !RT_GROUP_SCHED
sched/fair: Fix imbalance due to CPU affinity
media: hdpvr: Add device num check and handling
media: dib0700: fix link error for dibx000_i2c_set_speed
leds: leds-lp5562 allow firmware files up to the maximum length
dmaengine: bcm2835: Print error in case setting DMA mask fails
ASoC: sgtl5000: Fix charge pump source assignment
ALSA: hda: Flush interrupts on disabling
nfc: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
mISDN: enforce CAP_NET_RAW for raw sockets
usbnet: sanity checking of packet sizes and device mtu
usbnet: ignore endpoints with invalid wMaxPacketSize
skge: fix checksum byte order
sch_netem: fix a divide by zero in tabledist()
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
net/phy: fix DP83865 10 Mbps HDX loopback disable function
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
arcnet: provide a buffer big enough to actually receive packets
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
drm: Flush output polling on shutdown
f2fs: fix to do sanity check on segment bitmap of LFS curseg
Revert "f2fs: avoid out-of-range memory access"
f2fs: check all the data segments against all node ones
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
locking/lockdep: Add debug_locks check in __lock_downgrade()
mac80211: handle deauthentication/disassociation from TDLS peer
mac80211: Print text for disassociation reason
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
net: rds: Fix NULL ptr use in rds_tcp_kill_sock
crypto: talitos - fix missing break in switch statement
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
HID: hidraw: Fix invalid read in hidraw_ioctl
HID: logitech: Fix general protection fault caused by Logitech driver
HID: lg: make transfer buffers DMA capable
HID: prodikeys: Fix general protection fault during probe
Revert "Bluetooth: validate BLE connection interval updates"
ANDROID: usb: gadget: Fix dependency for f_accessory
Remove taskname from lowmemorykiller kill reports
ANDROID: Fixes to locking around handle_lmk_event
Conflicts:
drivers/staging/android/lowmemorykiller.c
fs/f2fs/segment.c
fs/f2fs/super.c
Change-Id: Id4b74ec2b0512aa13bc4392d61d5092f633fed0e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.195
Revert "Bluetooth: validate BLE connection interval updates"
HID: prodikeys: Fix general protection fault during probe
HID: lg: make transfer buffers DMA capable
HID: logitech: Fix general protection fault caused by Logitech driver
HID: hidraw: Fix invalid read in hidraw_ioctl
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
crypto: talitos - fix missing break in switch statement
net: rds: Fix NULL ptr use in rds_tcp_kill_sock
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
mac80211: Print text for disassociation reason
mac80211: handle deauthentication/disassociation from TDLS peer
locking/lockdep: Add debug_locks check in __lock_downgrade()
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
f2fs: check all the data segments against all node ones
Revert "f2fs: avoid out-of-range memory access"
f2fs: fix to do sanity check on segment bitmap of LFS curseg
drm: Flush output polling on shutdown
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
arcnet: provide a buffer big enough to actually receive packets
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
net/phy: fix DP83865 10 Mbps HDX loopback disable function
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
sch_netem: fix a divide by zero in tabledist()
skge: fix checksum byte order
usbnet: ignore endpoints with invalid wMaxPacketSize
usbnet: sanity checking of packet sizes and device mtu
mISDN: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
nfc: enforce CAP_NET_RAW for raw sockets
ALSA: hda: Flush interrupts on disabling
ASoC: sgtl5000: Fix charge pump source assignment
dmaengine: bcm2835: Print error in case setting DMA mask fails
leds: leds-lp5562 allow firmware files up to the maximum length
media: dib0700: fix link error for dibx000_i2c_set_speed
media: hdpvr: Add device num check and handling
sched/fair: Fix imbalance due to CPU affinity
sched/core: Fix CPU controller for !RT_GROUP_SCHED
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
x86/apic: Soft disable APIC before initializing it
ALSA: hda - Show the fatal CORB/RIRB error more clearly
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
media: iguanair: add sanity checks
base: soc: Export soc_device_register/unregister APIs
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
ia64:unwind: fix double free for mod->arch.init_unw_table
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md: don't set In_sync if array is frozen
efi: cper: print AER info of PCIe fatal error
media: gspca: zero usb_buf on error
dmaengine: iop-adma: use correct printk format strings
media: omap3isp: Don't set streaming state on random subdevs
net: lpc-enet: fix printk format strings
media: radio/si470x: kill urb on error
media: hdpvr: add terminating 0 at end of string
media: saa7146: add cleanup in hexium_attach()
media: cpia2_usb: fix memory leaks
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
media: ov9650: add a sanity check
ACPI / CPPC: do not require the _PSD method
libtraceevent: Change users plugin directory
ACPI: custom_method: fix memory leaks
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
md/raid1: fail run raid1 array when active disk less than one
dmaengine: ti: edma: Do not reset reserved paRAM slots
kprobes: Prohibit probing on BUG() and WARN() address
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
mmc: sdhci: Fix incorrect switch to HS mode
libertas: Add missing sentinel at end of if_usb.c fw_table
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
media: omap3isp: Set device on omap3isp subdevs
ALSA: firewire-tascam: handle error code when getting current source of clock
ALSA: firewire-tascam: check intermediate state of clock status and retry
printk: Do not lose last line in kmsg buffer dump
fuse: fix missing unlock_page in fuse_writepage()
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
KVM: x86: always stop emulation on page fault
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: Manually calculate reserved bits when loading PDPTRS
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
ASoC: Intel: Fix use of potentially uninitialized variable
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
md/raid6: Set R5_ReadError when there is read failure on parity disk
cfg80211: Purge frame registrations on iftype change
/dev/mem: Bail out upon SIGKILL.
ext4: fix punch hole for inline_data file systems
quota: fix wrong condition in is_quota_modification()
hwrng: core - don't wait on add_early_randomness()
i2c: riic: Clear NACK in tend isr
CIFS: Fix oplock handling for SMB 2.1+ protocols
ovl: filter of trusted xattr results in audit
Btrfs: fix use-after-free when using the tree modification log
btrfs: Relinquish CPUs in btrfs_compare_trees
Btrfs: fix race setting up and completing qgroup rescan workers
Linux 4.4.195
Change-Id: I0a333f55c8fd4273b37044e4e4e89ac1fb0fad1a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 13fc1d271a2e3ab8a02071e711add01fab9271f6 ]
There is a race between setting up a qgroup rescan worker and completing
a qgroup rescan worker that can lead to callers of the qgroup rescan wait
ioctl to either not wait for the rescan worker to complete or to hang
forever due to missing wake ups. The following diagram shows a sequence
of steps that illustrates the race.
CPU 1 CPU 2 CPU 3
btrfs_ioctl_quota_rescan()
btrfs_qgroup_rescan()
qgroup_rescan_init()
mutex_lock(&fs_info->qgroup_rescan_lock)
spin_lock(&fs_info->qgroup_lock)
fs_info->qgroup_flags |=
BTRFS_QGROUP_STATUS_FLAG_RESCAN
init_completion(
&fs_info->qgroup_rescan_completion)
fs_info->qgroup_rescan_running = true
mutex_unlock(&fs_info->qgroup_rescan_lock)
spin_unlock(&fs_info->qgroup_lock)
btrfs_init_work()
--> starts the worker
btrfs_qgroup_rescan_worker()
mutex_lock(&fs_info->qgroup_rescan_lock)
fs_info->qgroup_flags &=
~BTRFS_QGROUP_STATUS_FLAG_RESCAN
mutex_unlock(&fs_info->qgroup_rescan_lock)
starts transaction, updates qgroup status
item, etc
btrfs_ioctl_quota_rescan()
btrfs_qgroup_rescan()
qgroup_rescan_init()
mutex_lock(&fs_info->qgroup_rescan_lock)
spin_lock(&fs_info->qgroup_lock)
fs_info->qgroup_flags |=
BTRFS_QGROUP_STATUS_FLAG_RESCAN
init_completion(
&fs_info->qgroup_rescan_completion)
fs_info->qgroup_rescan_running = true
mutex_unlock(&fs_info->qgroup_rescan_lock)
spin_unlock(&fs_info->qgroup_lock)
btrfs_init_work()
--> starts another worker
mutex_lock(&fs_info->qgroup_rescan_lock)
fs_info->qgroup_rescan_running = false
mutex_unlock(&fs_info->qgroup_rescan_lock)
complete_all(&fs_info->qgroup_rescan_completion)
Before the rescan worker started by the task at CPU 3 completes, if
another task calls btrfs_ioctl_quota_rescan(), it will get -EINPROGRESS
because the flag BTRFS_QGROUP_STATUS_FLAG_RESCAN is set at
fs_info->qgroup_flags, which is expected and correct behaviour.
However if other task calls btrfs_ioctl_quota_rescan_wait() before the
rescan worker started by the task at CPU 3 completes, it will return
immediately without waiting for the new rescan worker to complete,
because fs_info->qgroup_rescan_running is set to false by CPU 2.
This race is making test case btrfs/171 (from fstests) to fail often:
btrfs/171 9s ... - output mismatch (see /home/fdmanana/git/hub/xfstests/results//btrfs/171.out.bad)
# --- tests/btrfs/171.out 2018-09-16 21:30:48.505104287 +0100
# +++ /home/fdmanana/git/hub/xfstests/results//btrfs/171.out.bad 2019-09-19 02:01:36.938486039 +0100
# @@ -1,2 +1,3 @@
# QA output created by 171
# +ERROR: quota rescan failed: Operation now in progress
# Silence is golden
# ...
# (Run 'diff -u /home/fdmanana/git/hub/xfstests/tests/btrfs/171.out /home/fdmanana/git/hub/xfstests/results//btrfs/171.out.bad' to see the entire diff)
That is because the test calls the btrfs-progs commands "qgroup quota
rescan -w", "qgroup assign" and "qgroup remove" in a sequence that makes
calls to the rescan start ioctl fail with -EINPROGRESS (note the "btrfs"
commands 'qgroup assign' and 'qgroup remove' often call the rescan start
ioctl after calling the qgroup assign ioctl,
btrfs_ioctl_qgroup_assign()), since previous waits didn't actually wait
for a rescan worker to complete.
Another problem the race can cause is missing wake ups for waiters,
since the call to complete_all() happens outside a critical section and
after clearing the flag BTRFS_QGROUP_STATUS_FLAG_RESCAN. In the sequence
diagram above, if we have a waiter for the first rescan task (executed
by CPU 2), then fs_info->qgroup_rescan_completion.wait is not empty, and
if after the rescan worker clears BTRFS_QGROUP_STATUS_FLAG_RESCAN and
before it calls complete_all() against
fs_info->qgroup_rescan_completion, the task at CPU 3 calls
init_completion() against fs_info->qgroup_rescan_completion which
re-initilizes its wait queue to an empty queue, therefore causing the
rescan worker at CPU 2 to call complete_all() against an empty queue,
never waking up the task waiting for that rescan worker.
Fix this by clearing BTRFS_QGROUP_STATUS_FLAG_RESCAN and setting
fs_info->qgroup_rescan_running to false in the same critical section,
delimited by the mutex fs_info->qgroup_rescan_lock, as well as doing the
call to complete_all() in that same critical section. This gives the
protection needed to avoid rescan wait ioctl callers not waiting for a
running rescan worker and the lost wake ups problem, since setting that
rescan flag and boolean as well as initializing the wait queue is done
already in a critical section delimited by that mutex (at
qgroup_rescan_init()).
Fixes: 57254b6ebce4ce ("Btrfs: add ioctl to wait for qgroup rescan completion")
Fixes: d2c609b834d62f ("btrfs: properly track when rescan worker is running")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 6af112b11a4bc1b560f60a618ac9c1dcefe9836e upstream.
When doing any form of incremental send the parent and the child trees
need to be compared via btrfs_compare_trees. This can result in long
loop chains without ever relinquishing the CPU. This causes softlockup
detector to trigger when comparing trees with a lot of items. Example
report:
watchdog: BUG: soft lockup - CPU#0 stuck for 24s! [snapperd:16153]
CPU: 0 PID: 16153 Comm: snapperd Not tainted 5.2.9-1-default #1 openSUSE Tumbleweed (unreleased)
Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
pstate: 40000005 (nZcv daif -PAN -UAO)
pc : __ll_sc_arch_atomic_sub_return+0x14/0x20
lr : btrfs_release_extent_buffer_pages+0xe0/0x1e8 [btrfs]
sp : ffff00001273b7e0
Call trace:
__ll_sc_arch_atomic_sub_return+0x14/0x20
release_extent_buffer+0xdc/0x120 [btrfs]
free_extent_buffer.part.0+0xb0/0x118 [btrfs]
free_extent_buffer+0x24/0x30 [btrfs]
btrfs_release_path+0x4c/0xa0 [btrfs]
btrfs_free_path.part.0+0x20/0x40 [btrfs]
btrfs_free_path+0x24/0x30 [btrfs]
get_inode_info+0xa8/0xf8 [btrfs]
finish_inode_if_needed+0xe0/0x6d8 [btrfs]
changed_cb+0x9c/0x410 [btrfs]
btrfs_compare_trees+0x284/0x648 [btrfs]
send_subvol+0x33c/0x520 [btrfs]
btrfs_ioctl_send+0x8a0/0xaf0 [btrfs]
btrfs_ioctl+0x199c/0x2288 [btrfs]
do_vfs_ioctl+0x4b0/0x820
ksys_ioctl+0x84/0xb8
__arm64_sys_ioctl+0x28/0x38
el0_svc_common.constprop.0+0x7c/0x188
el0_svc_handler+0x34/0x90
el0_svc+0x8/0xc
Fix this by adding a call to cond_resched at the beginning of the main
loop in btrfs_compare_trees.
Fixes: 7069830a9e38 ("Btrfs: add btrfs_compare_trees function")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit efad8a853ad2057f96664328a0d327a05ce39c76 upstream.
At ctree.c:get_old_root(), we are accessing a root's header owner field
after we have freed the respective extent buffer. This results in an
use-after-free that can lead to crashes, and when CONFIG_DEBUG_PAGEALLOC
is set, results in a stack trace like the following:
[ 3876.799331] stack segment: 0000 [#1] SMP DEBUG_PAGEALLOC PTI
[ 3876.799363] CPU: 0 PID: 15436 Comm: pool Not tainted 5.3.0-rc3-btrfs-next-54 #1
[ 3876.799385] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
[ 3876.799433] RIP: 0010:btrfs_search_old_slot+0x652/0xd80 [btrfs]
(...)
[ 3876.799502] RSP: 0018:ffff9f08c1a2f9f0 EFLAGS: 00010286
[ 3876.799518] RAX: ffff8dd300000000 RBX: ffff8dd85a7a9348 RCX: 000000038da26000
[ 3876.799538] RDX: 0000000000000000 RSI: ffffe522ce368980 RDI: 0000000000000246
[ 3876.799559] RBP: dae1922adadad000 R08: 0000000008020000 R09: ffffe522c0000000
[ 3876.799579] R10: ffff8dd57fd788c8 R11: 000000007511b030 R12: ffff8dd781ddc000
[ 3876.799599] R13: ffff8dd9e6240578 R14: ffff8dd6896f7a88 R15: ffff8dd688cf90b8
[ 3876.799620] FS: 00007f23ddd97700(0000) GS:ffff8dda20200000(0000) knlGS:0000000000000000
[ 3876.799643] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3876.799660] CR2: 00007f23d4024000 CR3: 0000000710bb0005 CR4: 00000000003606f0
[ 3876.799682] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3876.799703] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3876.799723] Call Trace:
[ 3876.799735] ? do_raw_spin_unlock+0x49/0xc0
[ 3876.799749] ? _raw_spin_unlock+0x24/0x30
[ 3876.799779] resolve_indirect_refs+0x1eb/0xc80 [btrfs]
[ 3876.799810] find_parent_nodes+0x38d/0x1180 [btrfs]
[ 3876.799841] btrfs_check_shared+0x11a/0x1d0 [btrfs]
[ 3876.799870] ? extent_fiemap+0x598/0x6e0 [btrfs]
[ 3876.799895] extent_fiemap+0x598/0x6e0 [btrfs]
[ 3876.799913] do_vfs_ioctl+0x45a/0x700
[ 3876.799926] ksys_ioctl+0x70/0x80
[ 3876.799938] ? trace_hardirqs_off_thunk+0x1a/0x20
[ 3876.799953] __x64_sys_ioctl+0x16/0x20
[ 3876.799965] do_syscall_64+0x62/0x220
[ 3876.799977] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3876.799993] RIP: 0033:0x7f23e0013dd7
(...)
[ 3876.800056] RSP: 002b:00007f23ddd96ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3876.800078] RAX: ffffffffffffffda RBX: 00007f23d80210f8 RCX: 00007f23e0013dd7
[ 3876.800099] RDX: 00007f23d80210f8 RSI: 00000000c020660b RDI: 0000000000000003
[ 3876.800626] RBP: 000055fa2a2a2440 R08: 0000000000000000 R09: 00007f23ddd96d7c
[ 3876.801143] R10: 00007f23d8022000 R11: 0000000000000246 R12: 00007f23ddd96d80
[ 3876.801662] R13: 00007f23ddd96d78 R14: 00007f23d80210f0 R15: 00007f23ddd96d80
(...)
[ 3876.805107] ---[ end trace e53161e179ef04f9 ]---
Fix that by saving the root's header owner field into a local variable
before freeing the root's extent buffer, and then use that local variable
when needed.
Fixes: 30b0463a9394d9 ("Btrfs: fix accessing the root pointer in tree mod log functions")
CC: stable@vger.kernel.org # 3.10+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 5c2e9f346b815841f9bed6029ebcb06415caf640 upstream.
When filtering xattr list for reading, presence of trusted xattr
results in a security audit log. However, if there is other content
no errno will be set, and if there isn't, the errno will be -ENODATA
and not -EPERM as is usually associated with a lack of capability.
The check does not block the request to list the xattrs present.
Switch to ns_capable_noaudit to reflect a more appropriate check.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Cc: linux-security-module@vger.kernel.org
Cc: kernel-team@android.com
Cc: stable@vger.kernel.org # v3.18+
Fixes: a082c6f680da ("ovl: filter trusted xattr for non-admin")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit a016e2794fc3a245a91946038dd8f34d65e53cc3 upstream.
There may be situations when a server negotiates SMB 2.1
protocol version or higher but responds to a CREATE request
with an oplock rather than a lease.
Currently the client doesn't handle such a case correctly:
when another CREATE comes in the server sends an oplock
break to the initial CREATE and the client doesn't send
an ack back due to a wrong caching level being set (READ
instead of RWH). Missing an oplock break ack makes the
server wait until the break times out which dramatically
increases the latency of the second CREATE.
Fix this by properly detecting oplocks when using SMB 2.1
protocol version and higher.
Cc: <stable@vger.kernel.org>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit c1e8220bd316d8ae8e524df39534b8a412a45d5e upstream.
If a program attempts to punch a hole on an inline data file, we need
to convert it to a normal file first.
This was detected using ext4/032 using the adv configuration. Simple
reproducer:
mke2fs -Fq -t ext4 -O inline_data /dev/vdc
mount /vdc
echo "" > /vdc/testfile
xfs_io -c 'truncate 33554432' /vdc/testfile
xfs_io -c 'fpunch 0 1048576' /vdc/testfile
umount /vdc
e2fsck -fy /dev/vdc
Cc: stable@vger.kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit d5880c7a8620290a6c90ced7a0e8bd0ad9419601 upstream.
unlock_page() was missing in case of an already in-flight write against the
same page.
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Fixes: ff17be086477 ("fuse: writepage: skip already in flight")
Cc: <stable@vger.kernel.org> # v3.13
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
with the same type
[ Upstream commit 2a28468e525f3924efed7f29f2bc5a2926e7e19a ]
[BUG]
With fuzzed image and MIXED_GROUPS super flag, we can hit the following
BUG_ON():
kernel BUG at fs/btrfs/delayed-ref.c:491!
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 1849 Comm: sync Tainted: G O 5.2.0-custom #27
RIP: 0010:update_existing_head_ref.cold+0x44/0x46 [btrfs]
Call Trace:
add_delayed_ref_head+0x20c/0x2d0 [btrfs]
btrfs_add_delayed_tree_ref+0x1fc/0x490 [btrfs]
btrfs_free_tree_block+0x123/0x380 [btrfs]
__btrfs_cow_block+0x435/0x500 [btrfs]
btrfs_cow_block+0x110/0x240 [btrfs]
btrfs_search_slot+0x230/0xa00 [btrfs]
? __lock_acquire+0x105e/0x1e20
btrfs_insert_empty_items+0x67/0xc0 [btrfs]
alloc_reserved_file_extent+0x9e/0x340 [btrfs]
__btrfs_run_delayed_refs+0x78e/0x1240 [btrfs]
? kvm_clock_read+0x18/0x30
? __sched_clock_gtod_offset+0x21/0x50
btrfs_run_delayed_refs.part.0+0x4e/0x180 [btrfs]
btrfs_run_delayed_refs+0x23/0x30 [btrfs]
btrfs_commit_transaction+0x53/0x9f0 [btrfs]
btrfs_sync_fs+0x7c/0x1c0 [btrfs]
? __ia32_sys_fdatasync+0x20/0x20
sync_fs_one_sb+0x23/0x30
iterate_supers+0x95/0x100
ksys_sync+0x62/0xb0
__ia32_sys_sync+0xe/0x20
do_syscall_64+0x65/0x240
entry_SYSCALL_64_after_hwframe+0x49/0xbe
[CAUSE]
This situation is caused by several factors:
- Fuzzed image
The extent tree of this fs missed one backref for extent tree root.
So we can allocated space from that slot.
- MIXED_BG feature
Super block has MIXED_BG flag.
- No mixed block groups exists
All block groups are just regular ones.
This makes data space_info->block_groups[] contains metadata block
groups. And when we reserve space for data, we can use space in
metadata block group.
Then we hit the following file operations:
- fallocate
We need to allocate data extents.
find_free_extent() choose to use the metadata block to allocate space
from, and choose the space of extent tree root, since its backref is
missing.
This generate one delayed ref head with is_data = 1.
- extent tree update
We need to update extent tree at run_delayed_ref time.
This generate one delayed ref head with is_data = 0, for the same
bytenr of old extent tree root.
Then we trigger the BUG_ON().
[FIX]
The quick fix here is to check block_group->flags before using it.
The problem can only happen for MIXED_GROUPS fs. Regular filesystems
won't have space_info with DATA|METADATA flag, and no way to hit the
bug.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203255
Reported-by: Jungyeon Yoon <jungyeon.yoon@gmail.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit c854f4d681365498f53ba07843a16423625aa7e9 ]
As Jungyeon Reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=203233
- Reproduces
gcc poc_13.c
./run.sh f2fs
- Kernel messages
F2FS-fs (sdb): Bitmap was wrongly set, blk:4608
kernel BUG at fs/f2fs/segment.c:2133!
RIP: 0010:update_sit_entry+0x35d/0x3e0
Call Trace:
f2fs_allocate_data_block+0x16c/0x5a0
do_write_page+0x57/0x100
f2fs_do_write_node_page+0x33/0xa0
__write_node_page+0x270/0x4e0
f2fs_sync_node_pages+0x5df/0x670
f2fs_write_checkpoint+0x364/0x13a0
f2fs_sync_fs+0xa3/0x130
f2fs_do_sync_file+0x1a6/0x810
do_fsync+0x33/0x60
__x64_sys_fsync+0xb/0x10
do_syscall_64+0x43/0x110
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The testcase fails because that, in fuzzed image, current segment was
allocated with LFS type, its .next_blkoff should point to an unused
block address, but actually, its bitmap shows it's not. So during
allocation, f2fs crash when setting bitmap.
Introducing sanity_check_curseg() to check such inconsistence of
current in-used segment.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit a37d0862d17411edb67677a580a6f505ec2225f6 ]
As Pavel Machek reported:
"We normally use -EUCLEAN to signal filesystem corruption. Plus, it is
good idea to report it to the syslog and mark filesystem as "needing
fsck" if filesystem can do that."
Still we need improve the original patch with:
- use unlikely keyword
- add message print
- return EUCLEAN
However, after rethink this patch, I don't think we should add such
condition check here as below reasons:
- We have already checked the field in f2fs_sanity_check_ckpt(),
- If there is fs corrupt or security vulnerability, there is nothing
to guarantee the field is integrated after the check, unless we do
the check before each of its use, however no filesystem does that.
- We only have similar check for bitmap, which was added due to there
is bitmap corruption happened on f2fs' runtime in product.
- There are so many key fields in SB/CP/NAT did have such check
after f2fs_sanity_check_{sb,cp,..}.
So I propose to revert this unneeded check.
This reverts commit 56f3ce675103e3fb9e631cfb4131fc768bc23e9a.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 1166c1f2f69117ad254189ca781287afa6e550b6 ]
As a part of the sanity checking while mounting, distinct segment number
assignment to data and node segments is verified. Fixing a small bug in
this verification between node and data segments. We need to check all
the data segments with all the node segments.
Fixes: 042be0f849e5f ("f2fs: fix to do sanity check with current segment number")
Signed-off-by: Surbhi Palande <csurbhi@gmail.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* refs/heads/tmp-2b29211
Revert "ANDROID: regression introduced override_creds=off"
ANDROID: regression introduced override_creds=off
Fix fallout from changes to bootparam_utils.h
ANDROID: sched: Disallow WALT with CFS bandwidth control
ANDROID: fiq_debugger: remove
ANDROID: arm64: fix leftover RWX when using CONFIG_UNMAP_KERNEL_AT_EL0
ANDROID: fix kernelci build-break in lowmemorykiller
ANDROID: Avoid taking multiple locks in handle_lmk_event
UPSTREAM: net-ipv6-ndisc: add support for RFC7710 RA Captive Portal Identifier
ANDROID: fix binder change in merge of 4.4.183
Fix overlayfs build break
binder: binder: fix possible UAF when freeing buffer
ANDROID: Revert "f2fs: avoid out-of-range memory access"
ANDROID: overlayfs: Fix a regression in commit b24be4acd
ANDROID: enable CONFIG_RTC_DRV_TEST on cuttlefish
ANDROID: xfrm: remove in_compat_syscall() checks
BACKPORT: binder: Set end of SG buffer area properly.
UPSTREAM: binder: check for overflow when alloc for security context
BACKPORT: binder: fix race between munmap() and direct reclaim
ANDROID: cuttlefish 4.4: enable CONFIG_CRYPTO_AES_NI_INTEL=y
ANDROID: cuttlefish_defconfig: Disable DEVTMPFS
ANDROID: cuttlefish_defconfig: Enable CONFIG_CPUSETS and CONFIG_CGROUP_SCHEDTUNE
ANDROID: cuttlefish_defconfig: Drop dead CRYPTO options
UPSTREAM: virtio: new feature to detect IOMMU device quirk
UPSTREAM: vring: Use the DMA API on Xen
UPSTREAM: virtio_ring: Support DMA APIs
UPSTREAM: vring: Introduce vring_use_dma_api()
ANDROID: cuttlefish_defconfig: L2TP/PPTP to OLAC/OPNS
ANDROID: cuttlefish_defconfig: Enable DEBUG_SET_MODULE_RONX
ANDROID: Fix cuttlefish redundant vsock connection.
ANDROID: cuttlefish_defconfig: Enable CONFIG_RTC_HCTOSYS
ANDROID: Move from clang r349610 to r353983c.
Make arm64 serial port config compatible with crosvm
UPSTREAM: virt_wifi: Remove REGULATORY_WIPHY_SELF_MANAGED
ANDROID: cuttlefish_defconfig: Add support for AC97 audio
ANDROID: Move from clang r346389b to r349610.
ANDROID: cuttlefish_defconfig: Enable vsock options
UPSTREAM: vhost/vsock: fix reset orphans race with close timeout
UPSTREAM: vhost/vsock: fix use-after-free in network stack callers
UPSTREAM: vhost: correctly check the iova range when waking virtqueue
UPSTREAM: vhost: synchronize IOTLB message with dev cleanup
UPSTREAM: vhost: fix info leak due to uninitialized memory
UPSTREAM: vhost: fix vhost_vq_access_ok() log check
UPSTREAM: vhost: validate log when IOTLB is enabled
UPSTREAM: vhost_net: add missing lock nesting notation
UPSTREAM: vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
UPSTREAM: vhost/vsock: fix uninitialized vhost_vsock->guest_cid
UPSTREAM: vhost_net: correctly check tx avail during rx busy polling
UPSTREAM: vsock: use new wait API for vsock_stream_sendmsg()
UPSTREAM: vsock: cancel packets when failing to connect
UPSTREAM: vhost-vsock: add pkt cancel capability
UPSTREAM: vsock: track pkt owner vsock
UPSTREAM: vhost: fix initialization for vq->is_le
UPSTREAM: vhost/vsock: handle vhost_vq_init_access() error
UPSTREAM: vsock: lookup and setup guest_cid inside vhost_vsock_lock
UPSTREAM: vhost-vsock: fix orphan connection reset
UPSTREAM: vsock/virtio: fix src/dst cid format
UPSTREAM: VSOCK: Don't dec ack backlog twice for rejected connections
UPSTREAM: vhost/vsock: drop space available check for TX vq
UPSTREAM: virtio-vsock: fix include guard typo
UPSTREAM: vhost/vsock: fix vhost virtio_vsock_pkt use-after-free
UPSTREAM: VSOCK: Use kvfree()
BACKPORT: vhost: split out vringh Kconfig
UPSTREAM: vhost: drop vringh dependency
UPSTREAM: vhost: drop vringh dependency
UPSTREAM: vhost: detect 32 bit integer wrap around
UPSTREAM: VSOCK: Add Makefile and Kconfig
UPSTREAM: VSOCK: Introduce vhost_vsock.ko
UPSTREAM: VSOCK: Introduce virtio_transport.ko
BACKPORT: VSOCK: Introduce virtio_vsock_common.ko
UPSTREAM: VSOCK: defer sock removal to transports
UPSTREAM: VSOCK: transport-specific vsock_transport functions
UPSTREAM: vsock: make listener child lock ordering explicit
UPSTREAM: vhost: new device IOTLB API
BACKPORT: vhost: convert pre sorted vhost memory array to interval tree
UPSTREAM: vhost: introduce vhost memory accessors
UPSTREAM: vhost_net: stop polling socket during rx processing
UPSTREAM: VSOCK: constify vsock_transport structure
UPSTREAM: vhost: lockless enqueuing
UPSTREAM: vhost: simplify work flushing
UPSTREAM: VSOCK: Only check error on skb_recv_datagram when skb is NULL
BACKPORT: AF_VSOCK: Shrink the area influenced by prepare_to_wait
UPSTREAM: vhost_net: basic polling support
UPSTREAM: vhost: introduce vhost_vq_avail_empty()
UPSTREAM: vhost: introduce vhost_has_work()
UPSTREAM: vhost: rename vhost_init_used()
UPSTREAM: vhost: rename cross-endian helpers
UPSTREAM: vhost: fix error path in vhost_init_used()
UPSTREAM: virtio: make find_vqs() checkpatch.pl-friendly
UPSTREAM: net: move napi_hash[] into read mostly section
ANDROID: cuttlefish_defconfig: Enable VIRTIO_INPUT
ANDROID: cuttlefish_defconfig: Enable VIRT_WIFI
FROMGIT, BACKPORT: mac80211-next: rtnetlink wifi simulation device
ANDROID: Move from clang r328903 to r346389b.
ANDROID: arm64 defconfig / build config for cuttlefish
ANDROID: Communicates LMK events to userland where they can be logged
Fix merge issue with 4.4.178
Fix merge issue with 4.4.177
FROMGIT: binder: create node flag to request sender's security context
ion: Disable ION_HEAP_TYPE_SYSTEM_CONTIG
ANDROID: uid_sys_stats: Copy task_struct comm field to bigger buffer
UPSTREAM: binder: fix race that allows malicious free of live buffer
Makefile: Tidy up 4.4.165 merge
ANDROID: sdcardfs: Change current->fs under lock
ANDROID: sdcardfs: Don't use OVERRIDE_CRED macro
arm64/vdso: Fix nsec handling for CLOCK_MONOTONIC_RAW
ANDROID: arm64: mm: fix 4.4.154 merge
Fix backport of "tcp: detect malicious patterns in tcp_collapse_ofo_queue()"
tcp: detect malicious patterns in tcp_collapse_ofo_queue()
tcp: avoid collapses in tcp_prune_queue() if possible
Conflicts:
Makefile
arch/arm64/configs/cuttlefish_defconfig
arch/arm64/include/asm/cpufeature.h
arch/x86/configs/x86_64_cuttlefish_defconfig
arch/x86/include/asm/uaccess_32.h
drivers/net/wireless/virt_wifi.c
drivers/staging/android/lowmemorykiller.c
fs/f2fs/checkpoint.c
fs/f2fs/data.c
fs/f2fs/dir.c
fs/f2fs/f2fs.h
fs/f2fs/file.c
fs/f2fs/inline.c
fs/f2fs/inode.c
fs/f2fs/node.c
fs/f2fs/recovery.c
fs/f2fs/segment.c
fs/f2fs/segment.h
fs/f2fs/super.c
fs/squashfs/block.c
include/linux/f2fs_fs.h
include/linux/msm_mdp.h
include/uapi/linux/android/binder.h
include/uapi/linux/virtio_ids.h
kernel/cpu.c
Change-Id: I3d8da865a81161d356b11f84344c27e172c3add3
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.194
bridge/mdb: remove wrong use of NLM_F_MULTI
cdc_ether: fix rndis support for Mediatek based smartphones
ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
isdn/capi: check message length in capi_write()
net: Fix null de-reference of device refcount
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
tipc: add NULL pointer check before calling kfree_rcu
tun: fix use-after-free when register netdev failed
Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
Btrfs: fix assertion failure during fsync and use of stale transaction
genirq: Prevent NULL pointer dereference in resend_irqs()
KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
KVM: x86: work around leak of uninitialized stack contents
KVM: nVMX: handle page fault in vmread
MIPS: VDSO: Prevent use of smp_processor_id()
MIPS: VDSO: Use same -m%-float cflag as the kernel proper
clk: rockchip: Don't yell about bad mmc phases when getting
driver core: Fix use-after-free and double free on glue directory
crypto: talitos - check AES key size
crypto: talitos - check data blocksize in ablkcipher.
x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning
MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
USB: usbcore: Fix slab-out-of-bounds bug during device reset
media: tm6000: double free if usb disconnect while streaming
x86/boot: Add missing bootparam that breaks boot on some platforms
xen-netfront: do not assume sk_buff_head list is empty in error handling
KVM: coalesced_mmio: add bounds checking
serial: sprd: correct the wrong sequence of arguments
tty/serial: atmel: reschedule TX after RX was started
mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
s390/bpf: fix lcgr instruction encoding
ARM: OMAP2+: Fix omap4 errata warning on other SoCs
s390/bpf: use 32-bit index for tail calls
NFSv4: Fix return values for nfs4_file_open()
NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105
ARM: 8874/1: mm: only adjust sections of valid mm structures
r8152: Set memory to all 0xFFs on failed reg reads
x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
netfilter: nf_conntrack_ftp: Fix debug output
NFSv2: Fix eof handling
NFSv2: Fix write regression
cifs: set domainName when a domain-key is used in multiuser
cifs: Use kzfree() to zero out the password
sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
tools/power turbostat: fix buffer overrun
net: seeq: Fix the function used to release some memory in an error handling path
dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
keys: Fix missing null pointer check in request_key_auth_describe()
floppy: fix usercopy direction
media: technisat-usb2: break out of loop at end of buffer
ARC: export "abort" for modules
net_sched: let qdisc_put() accept NULL pointer
Linux 4.4.194
Change-Id: I680ac71d33ab7a4fd239de6333ea5b76376521b6
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 72c5343cdbc5ec257e45d5387ed7220065c2ecff.
Reason for revert: android-4.4 is for 'q' security updates, it is not dead.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 140816499
Change-Id: Ia99c0b420db306631e669428bb71eb8a2493ddc1
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes a regression introduced by the series of commits:
commit 272fcd1ca7ceb252b1c3a2961110c7c1722707cf
("ANDROID: overlayfs: override_creds=off option bypass creator_cred"),
commit aab9adb4b81bcce107dd1783f6ac41dc1abe9f15
("Merge 4.4.179 into android-4.4") that took in an incomplete,
backport of commit 54a07fff4b217607e862b2e1e3fcec32919ad583
("ovl: fix uid/gid when creating over whiteout") (or upstream
commit d0e13f5bbe4be7c8f27736fc40503dcec04b7de0
("ovl: fix uid/gid when creating over whiteout"))
where a crash is observed in ovl_create_or_link() when a
simple re-direction command in vendor directory.
/vendor/bin/<Any test> > /vendor/bin/test_log.txt 2>&1&
After further debugging we see that if the output is redirected to a
file which doesn’t exist we see this stack:
[ 377.382745] ovl_create_or_link+0xac/0x710
[ 377.382745] ovl_create_object+0xb8/0x110
[ 377.382745] ovl_create+0x34/0x40
[ 377.382745] path_openat+0xd44/0x15a8
[ 377.382745] do_filp_open+0x80/0x128
[ 377.382745] do_sys_open+0x140/0x250
[ 377.382745] __arm64_sys_openat+0x2c/0x38
ovl_override_creds returns NULL because the override_cred flag is set
to false. This causes ovl_revert_creds also to fail.
There is another call to check override_cred in override_cred call
which overrides the creds permanently as there no revert_creds
associated. So whenever next commit_cred is called we see the crash
as the credentials are permanently overridden.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Tested-by: Rishabh/Jeevan <jshriram@qualcomm.corp-partner.google.com>
Bug: 140816499
Bug: 109821005
Bug: 112955896
Bug: 127298877
Bug: 137541192
Change-Id: Icd0d9be82fc57af5ead1eeab99f79adf3adf62ef
|
| | |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Changes in 4.4.192
net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
Bluetooth: btqca: Add a short delay before downloading the NVM
ibmveth: Convert multicast list size for little-endian system
gpio: Fix build error of function redefinition
cxgb4: fix a memory leak bug
net: myri10ge: fix memory leaks
cx82310_eth: fix a memory leak bug
net: kalmia: fix memory leaks
wimax/i2400m: fix a memory leak bug
ravb: Fix use-after-free ravb_tstamp_skb
Tools: hv: kvp: eliminate 'may be used uninitialized' warning
IB/mlx4: Fix memory leaks
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
KVM: arm/arm64: Only skip MMIO insn once
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
spi: bcm2835aux: ensure interrupts are enabled for shared handler
spi: bcm2835aux: unifying code between polling and interrupt driven code
spi: bcm2835aux: remove dangerous uncontrolled read of fifo
spi: bcm2835aux: fix corruptions for longer spi transfers
Revert "x86/apic: Include the LDR when clearing out APIC registers"
net: fix skb use after free in netpoll
net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
Linux 4.4.192
Change-Id: I73a2337767b648944825b8b920c2aeee83239c41
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Changes in 4.4.191
HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
MIPS: kernel: only use i8253 clocksource with periodic clockevent
netfilter: ebtables: fix a memory leak bug in compat
bonding: Force slave speed check after link state recovery for 802.3ad
can: dev: call netif_carrier_off() in register_candev()
st21nfca_connectivity_event_received: null check the allocation
st_nci_hci_connectivity_event_received: null check the allocation
ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
net: usb: qmi_wwan: Add the BroadMobi BM818 card
isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain()
isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
perf bench numa: Fix cpu0 binding
can: sja1000: force the string buffer NULL-terminated
can: peak_usb: force the string buffer NULL-terminated
NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
net: hisilicon: make hip04_tx_reclaim non-reentrant
net: hisilicon: fix hip04-xmit never return TX_BUSY
net: hisilicon: Fix dma_map_single failed on arm64
libata: add SG safety checks in SFF pio transfers
selftests: kvm: Adding config fragments
HID: wacom: correct misreported EKR ring values
Revert "dm bufio: fix deadlock with loop device"
userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
x86/apic: Handle missing global clockevent gracefully
x86/boot: Save fields explicitly, zero out everything else
x86/boot: Fix boot regression caused by bootparam sanitizing
dm btree: fix order of block initialization in btree_split_beneath
dm space map metadata: fix missing store of apply_bops() return value
dm table: fix invalid memory accesses with too high sector number
cgroup: Disable IRQs while holding css_set_lock
GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
net: arc_emac: fix koops caused by sk_buff free
vhost-net: set packet weight of tx polling to 2 * vq size
vhost_net: use packet weight for rx handler, too
vhost_net: introduce vhost_exceeds_weight()
vhost: introduce vhost_exceeds_weight()
vhost_net: fix possible infinite loop
vhost: scsi: add weight support
siphash: add cryptographically secure PRF
siphash: implement HalfSipHash1-3 for hash tables
inet: switch IP ID generator to siphash
netfilter: ctnetlink: don't use conntrack/expect object addresses as id
netfilter: conntrack: Use consistent ct id hash calculation
Revert "perf test 6: Fix missing kvm module load for s390"
x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume
x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm()
dmaengine: ste_dma40: fix unneeded variable warning
usb: gadget: composite: Clear "suspended" on reset/disconnect
usb: host: fotg2: restart hcd after port reset
tools: hv: fix KVP and VSS daemons exit code
watchdog: bcm2835_wdt: Fix module autoload
tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
tcp: make sure EPOLLOUT wont be missed
ALSA: seq: Fix potential concurrent access to the deleted pool
KVM: x86: Don't update RIP or do single-step on faulting emulation
x86/apic: Do not initialize LDR and DFR for bigsmp
x86/apic: Include the LDR when clearing out APIC registers
usb-storage: Add new JMS567 revision to unusual_devs
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
usb: host: ohci: fix a race condition between shutdown and irq
USB: storage: ums-realtek: Update module parameter description for auto_delink_en
USB: storage: ums-realtek: Whitelist auto-delink support
ptrace,x86: Make user_64bit_mode() available to 32-bit builds
uprobes/x86: Fix detection of 32-bit user mode
mmc: sdhci-of-at91: add quirk for broken HS200
mmc: core: Fix init of SD cards reporting an invalid VDD range
stm class: Fix a double free of stm_source_device
VMCI: Release resource if the work is already queued
Revert "cfg80211: fix processing world regdomain when non modular"
mac80211: fix possible sta leak
x86/ptrace: fix up botched merge of spectrev1 fix
Linux 4.4.191
Change-Id: Ic9a2554d2ba45f9c17478f1dfb5115e1a3bc3bd7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Changes in 4.4.190
usb: iowarrior: fix deadlock on disconnect
sound: fix a memory leak bug
x86/mm: Check for pfn instead of page in vmalloc_sync_one()
x86/mm: Sync also unmappings in vmalloc_sync_all()
mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
perf db-export: Fix thread__exec_comm()
usb: yurex: Fix use-after-free in yurex_delete
can: peak_usb: fix potential double kfree_skb()
netfilter: nfnetlink: avoid deadlock due to synchronous request_module
iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
mac80211: don't warn about CW params when not using them
hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
s390/qdio: add sanity checks to the fast-requeue path
ALSA: compress: Fix regression on compressed capture streams
ALSA: compress: Prevent bypasses of set_params
ALSA: compress: Be more restrictive about when a drain is allowed
perf probe: Avoid calling freeing routine multiple times for same pointer
ARM: davinci: fix sleep.S build error on ARMv4
scsi: megaraid_sas: fix panic on loading firmware crashdump
scsi: ibmvfc: fix WARN_ON during event pool release
tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
perf/core: Fix creating kernel counters for PMUs that override event->cpu
can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
hwmon: (nct7802) Fix wrong detection of in4 presence
ALSA: firewire: fix a memory leak bug
mac80211: don't WARN on short WMM parameters from AP
SMB3: Fix deadlock in validate negotiate hits reconnect
smb3: send CAP_DFS capability during session setup
mwifiex: fix 802.11n/WPA detection
scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
sh: kernel: hw_breakpoint: Fix missing break in switch statement
usb: gadget: f_midi: fail if set_alt fails to allocate requests
USB: gadget: f_midi: fixing a possible double-free in f_midi
mm/memcontrol.c: fix use after free in mem_cgroup_iter()
ALSA: hda - Fix a memory leak bug
HID: holtek: test for sanity of intfdata
HID: hiddev: avoid opening a disconnected device
HID: hiddev: do cleanup in failure of opening a device
Input: kbtab - sanity check for endpoint type
Input: iforce - add sanity checks
net: usb: pegasus: fix improper read if get_registers() fail
xen/pciback: remove set but not used variable 'old_state'
irqchip/irq-imx-gpcv2: Forward irq type to parent
perf header: Fix divide by zero error if f_header.attr_size==0
perf header: Fix use of unitialized value warning
libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
scsi: hpsa: correct scsi command status issue after reset
ata: libahci: do not complain in case of deferred probe
kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
IB/core: Add mitigation for Spectre V1
ocfs2: remove set but not used variable 'last_hash'
asm-generic: fix -Wtype-limits compiler warnings
staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
staging: comedi: dt3000: Fix rounding up of timer divisor
USB: core: Fix races in character device registration and deregistraion
usb: cdc-acm: make sure a refcount is taken early enough
USB: serial: option: add D-Link DWM-222 device ID
USB: serial: option: Add support for ZTE MF871A
USB: serial: option: add the BroadMobi BM818 card
USB: serial: option: Add Motorola modem UARTs
Backport minimal compiler_attributes.h to support GCC 9
include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
arm64: compat: Allow single-byte watchpoints on all addresses
Input: psmouse - fix build error of multiple definition
asm-generic: default BUG_ON(x) to if(x)BUG()
scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
RDMA: Directly cast the sockaddr union to sockaddr
IB/mlx5: Make coding style more consistent
x86/vdso: Remove direct HPET access through the vDSO
iommu/amd: Move iommu_init_pci() to .init section
x86/boot: Disable the address-of-packed-member compiler warning
net/packet: fix race in tpacket_snd()
xen/netback: Reset nr_frags before freeing skb
net/mlx5e: Only support tx/rx pause setting for port owner
sctp: fix the transport error_count check
bonding: Add vlan tx offload to hw_enc_features
Linux 4.4.190
Change-Id: Ic4094fbac2f9b8f6d4a9b4397e82471f40424332
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Changes in 4.4.189
arm64: cpufeature: Fix CTR_EL0 field definitions
arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
HID: Add quirk for HP X1200 PIXART OEM mouse
tcp: be more careful in tcp_fragment()
atm: iphase: Fix Spectre v1 vulnerability
net: bridge: delete local fdb on device init failure
net: fix ifindex collision during namespace removal
tipc: compat: allow tipc commands without arguments
net: sched: Fix a possible null-pointer dereference in dequeue_func()
net/mlx5: Use reversed order when unregister devices
bnx2x: Disable multi-cos feature.
compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
spi: bcm2835: Fix 3-wire mode if DMA is enabled
x86: cpufeatures: Sort feature word 7
x86/entry/64: Fix context tracking state warning when load_gs_index fails
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/entry/64: Use JMP instead of JMPQ
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
Linux 4.4.189
Change-Id: Ie53dff8ad9602a66a8c52c3fcbba354c1b7d06e5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Change call from ovl_revert_creds to revert_creds in
fs/overlayfs/inode.c, which is consistent with other
usage. This fixes a build break.
Signed-off-by: Tom Gall <tom.gall@linaro.org>
Change-Id: I052ed3510a19aa85a1857fb0978ff2966243cb0b
|
| | |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Changes in 4.4.188
ARM: riscpc: fix DMA
ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
kernel/module.c: Only return -EEXIST for modules that have finished loading
MIPS: lantiq: Fix bitfield masking
dmaengine: rcar-dmac: Reject zero-length slave DMA requests
fs/adfs: super: fix use-after-free bug
btrfs: fix minimum number of chunk errors for DUP
ceph: fix improper use of smp_mb__before_atomic()
scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
ACPI: fix false-positive -Wuninitialized warning
be2net: Signal that the device cannot transmit during reconfiguration
x86/apic: Silence -Wtype-limits compiler warnings
x86: math-emu: Hide clang warnings for 16-bit overflow
mm/cma.c: fail if fixed declaration can't be honored
coda: add error handling for fget
coda: fix build using bare-metal toolchain
uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
ipc/mqueue.c: only perform resource calculation if user valid
x86/kvm: Don't call kvm_spurious_fault() from .fixup
selinux: fix memory leak in policydb_init()
s390/dasd: fix endless loop after read unit address configuration
xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
Linux 4.4.188
Change-Id: I6ed0db8e205744849b0242a9fd12b38f728077e0
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This reverts commit 77bd558b2a02356a43b6e38de5168c6bb2afe9e8 which is
commit 56f3ce675103e3fb9e631cfb4131fc768bc23e9a upstream.
This is being done because segment.c is a bit "different" in this
branch, and we should keep the f2fs fixes away from here for now.
Otherwise the build breaks.
Change-Id: I014e3381acb1112825f305d47bdf88848ee6fb7f
Cc: Ocean Chen <oceanchen@google.com>
Cc: Jaegeuk Kim <jaegeuk@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
