* [PATCH 4.10 85/93] Bluetooth: hci_bcm: add missing tty-device sanity check
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Frederic Danis, Johan Hovold,
Marcel Holtmann
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 95065a61e9bf25fb85295127fba893200c2bbbd8 upstream.
Make sure to check the tty-device pointer before looking up the sibling
platform device to avoid dereferencing a NULL-pointer when the tty is
one end of a Unix98 pty.
Fixes: 0395ffc1ee05 ("Bluetooth: hci_bcm: Add PM for BCM devices")
Cc: Frederic Danis <frederic.danis@linux.intel.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/bluetooth/hci_bcm.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/bluetooth/hci_bcm.c
+++ b/drivers/bluetooth/hci_bcm.c
@@ -287,6 +287,9 @@ static int bcm_open(struct hci_uart *hu)
hu->priv = bcm;
+ if (!hu->tty->dev)
+ goto out;
+
mutex_lock(&bcm_device_lock);
list_for_each(p, &bcm_device_list) {
struct bcm_device *dev = list_entry(p, struct bcm_device, list);
@@ -307,7 +310,7 @@ static int bcm_open(struct hci_uart *hu)
}
mutex_unlock(&bcm_device_lock);
-
+out:
return 0;
}
^ permalink raw reply
* [PATCH 4.10 84/93] Bluetooth: Fix user channel for 32bit userspace on 64bit kernel
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Szymon Janc, Marko Kiiskila,
Marcel Holtmann
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Szymon Janc <szymon.janc@codecoup.pl>
commit ab89f0bdd63a3721f7cd3f064f39fc4ac7ca14d4 upstream.
Running 32bit userspace on 64bit kernel results in MSG_CMSG_COMPAT being
defined as 0x80000000. This results in sendmsg failure if used from 32bit
userspace running on 64bit kernel. Fix this by accounting for MSG_CMSG_COMPAT
in flags check in hci_sock_sendmsg.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bluetooth/hci_sock.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -1680,7 +1680,8 @@ static int hci_sock_sendmsg(struct socke
if (msg->msg_flags & MSG_OOB)
return -EOPNOTSUPP;
- if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
+ if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE|
+ MSG_CMSG_COMPAT))
return -EINVAL;
if (len < 4 || len > HCI_MAX_FRAME_SIZE)
^ permalink raw reply
* [PATCH 4.10 82/93] serial: omap: suspend device on probe errors
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shubhrajyoti D, Johan Hovold,
Tony Lindgren
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 77e6fe7fd2b7cba0bf2f2dc8cde51d7b9a35bf74 upstream.
Make sure to actually suspend the device before returning after a failed
(or deferred) probe.
Note that autosuspend must be disabled before runtime pm is disabled in
order to balance the usage count due to a negative autosuspend delay as
well as to make the final put suspend the device synchronously.
Fixes: 388bc2622680 ("omap-serial: Fix the error handling in the omap_serial probe")
Cc: Shubhrajyoti D <shubhrajyoti@ti.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/omap-serial.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/tty/serial/omap-serial.c
+++ b/drivers/tty/serial/omap-serial.c
@@ -1712,7 +1712,8 @@ static int serial_omap_probe(struct plat
return 0;
err_add_port:
- pm_runtime_put(&pdev->dev);
+ pm_runtime_dont_use_autosuspend(&pdev->dev);
+ pm_runtime_put_sync(&pdev->dev);
pm_runtime_disable(&pdev->dev);
pm_qos_remove_request(&up->pm_qos_request);
device_init_wakeup(up->dev, false);
^ permalink raw reply
* [PATCH 4.9 08/80] USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ajay Kaher, Alan Stern
In-Reply-To: <20170518104833.667298773@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ajay Kaher <ajay.kaher@samsung.com>
commit 2f86a96be0ccb1302b7eee7855dbee5ce4dc5dfb upstream.
There is race condition when two USB class drivers try to call
init_usb_class at the same time and leads to crash.
code path: probe->usb_register_dev->init_usb_class
To solve this, mutex locking has been added in init_usb_class() and
destroy_usb_class().
As pointed by Alan, removed "if (usb_class)" test from destroy_usb_class()
because usb_class can never be NULL there.
Signed-off-by: Ajay Kaher <ajay.kaher@samsung.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/file.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/usb/core/file.c
+++ b/drivers/usb/core/file.c
@@ -27,6 +27,7 @@
#define MAX_USB_MINORS 256
static const struct file_operations *usb_minors[MAX_USB_MINORS];
static DECLARE_RWSEM(minor_rwsem);
+static DEFINE_MUTEX(init_usb_class_mutex);
static int usb_open(struct inode *inode, struct file *file)
{
@@ -109,8 +110,9 @@ static void release_usb_class(struct kre
static void destroy_usb_class(void)
{
- if (usb_class)
- kref_put(&usb_class->kref, release_usb_class);
+ mutex_lock(&init_usb_class_mutex);
+ kref_put(&usb_class->kref, release_usb_class);
+ mutex_unlock(&init_usb_class_mutex);
}
int usb_major_init(void)
@@ -171,7 +173,10 @@ int usb_register_dev(struct usb_interfac
if (intf->minor >= 0)
return -EADDRINUSE;
+ mutex_lock(&init_usb_class_mutex);
retval = init_usb_class();
+ mutex_unlock(&init_usb_class_mutex);
+
if (retval)
return retval;
^ permalink raw reply
* [PATCH 4.9 07/80] USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marek Vasut, Johan Hovold
In-Reply-To: <20170518104833.667298773@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Vasut <marex@denx.de>
commit 31c5d1922b90ddc1da6a6ddecef7cd31f17aa32b upstream.
This development kit has an FT4232 on it with a custom USB VID/PID.
The FT4232 provides four UARTs, but only two are used. The UART 0
is used by the FlashPro5 programmer and UART 2 is connected to the
SmartFusion2 CortexM3 SoC UART port.
Note that the USB VID is registered to Actel according to Linux USB
VID database, but that was acquired by Microsemi.
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/ftdi_sio.c | 1 +
drivers/usb/serial/ftdi_sio_ids.h | 6 ++++++
2 files changed, 7 insertions(+)
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -873,6 +873,7 @@ static const struct usb_device_id id_tab
{ USB_DEVICE_AND_INTERFACE_INFO(MICROCHIP_VID, MICROCHIP_USB_BOARD_PID,
USB_CLASS_VENDOR_SPEC,
USB_SUBCLASS_VENDOR_SPEC, 0x00) },
+ { USB_DEVICE_INTERFACE_NUMBER(ACTEL_VID, MICROSEMI_ARROW_SF2PLUS_BOARD_PID, 2) },
{ USB_DEVICE(JETI_VID, JETI_SPC1201_PID) },
{ USB_DEVICE(MARVELL_VID, MARVELL_SHEEVAPLUG_PID),
.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -873,6 +873,12 @@
#define FIC_VID 0x1457
#define FIC_NEO1973_DEBUG_PID 0x5118
+/*
+ * Actel / Microsemi
+ */
+#define ACTEL_VID 0x1514
+#define MICROSEMI_ARROW_SF2PLUS_BOARD_PID 0x2008
+
/* Olimex */
#define OLIMEX_VID 0x15BA
#define OLIMEX_ARM_USB_OCD_PID 0x0003
^ permalink raw reply
* [PATCH 4.10 80/93] serial: samsung: Use right device for DMA-mapping calls
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Seung-Woo Kim, Marek Szyprowski,
Bartlomiej Zolnierkiewicz, Krzysztof Kozlowski, Shuah Khan
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Szyprowski <m.szyprowski@samsung.com>
commit 768d64f491a530062ddad50e016fb27125f8bd7c upstream.
Driver should provide its own struct device for all DMA-mapping calls instead
of extracting device pointer from DMA engine channel. Although this is harmless
from the driver operation perspective on ARM architecture, it is always good
to use the DMA mapping API in a proper way. This patch fixes following DMA API
debug warning:
WARNING: CPU: 0 PID: 0 at lib/dma-debug.c:1241 check_sync+0x520/0x9f4
samsung-uart 12c20000.serial: DMA-API: device driver tries to sync DMA memory it has not allocated [device address=0x000000006df0f580] [size=64 bytes]
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.11.0-rc1-00137-g07ca963 #51
Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[<c011aaa4>] (unwind_backtrace) from [<c01127c0>] (show_stack+0x20/0x24)
[<c01127c0>] (show_stack) from [<c06ba5d8>] (dump_stack+0x84/0xa0)
[<c06ba5d8>] (dump_stack) from [<c0139528>] (__warn+0x14c/0x180)
[<c0139528>] (__warn) from [<c01395a4>] (warn_slowpath_fmt+0x48/0x50)
[<c01395a4>] (warn_slowpath_fmt) from [<c0729058>] (check_sync+0x520/0x9f4)
[<c0729058>] (check_sync) from [<c072967c>] (debug_dma_sync_single_for_device+0x88/0xc8)
[<c072967c>] (debug_dma_sync_single_for_device) from [<c0803c10>] (s3c24xx_serial_start_tx_dma+0x100/0x2f8)
[<c0803c10>] (s3c24xx_serial_start_tx_dma) from [<c0804338>] (s3c24xx_serial_tx_chars+0x198/0x33c)
Reported-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Fixes: 62c37eedb74c8 ("serial: samsung: add dma reqest/release functions")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Reviewed-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/samsung.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
--- a/drivers/tty/serial/samsung.c
+++ b/drivers/tty/serial/samsung.c
@@ -906,14 +906,13 @@ static int s3c24xx_serial_request_dma(st
return -ENOMEM;
}
- dma->rx_addr = dma_map_single(dma->rx_chan->device->dev, dma->rx_buf,
+ dma->rx_addr = dma_map_single(p->port.dev, dma->rx_buf,
dma->rx_size, DMA_FROM_DEVICE);
spin_lock_irqsave(&p->port.lock, flags);
/* TX buffer */
- dma->tx_addr = dma_map_single(dma->tx_chan->device->dev,
- p->port.state->xmit.buf,
+ dma->tx_addr = dma_map_single(p->port.dev, p->port.state->xmit.buf,
UART_XMIT_SIZE, DMA_TO_DEVICE);
spin_unlock_irqrestore(&p->port.lock, flags);
@@ -927,7 +926,7 @@ static void s3c24xx_serial_release_dma(s
if (dma->rx_chan) {
dmaengine_terminate_all(dma->rx_chan);
- dma_unmap_single(dma->rx_chan->device->dev, dma->rx_addr,
+ dma_unmap_single(p->port.dev, dma->rx_addr,
dma->rx_size, DMA_FROM_DEVICE);
kfree(dma->rx_buf);
dma_release_channel(dma->rx_chan);
@@ -936,7 +935,7 @@ static void s3c24xx_serial_release_dma(s
if (dma->tx_chan) {
dmaengine_terminate_all(dma->tx_chan);
- dma_unmap_single(dma->tx_chan->device->dev, dma->tx_addr,
+ dma_unmap_single(p->port.dev, dma->tx_addr,
UART_XMIT_SIZE, DMA_TO_DEVICE);
dma_release_channel(dma->tx_chan);
dma->tx_chan = NULL;
^ permalink raw reply
* [PATCH 4.10 79/93] fscrypt: fix context consistency check when key(s) unavailable
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Biggers, Theodore Tso
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit 272f98f6846277378e1758a49a49d7bf39343c02 upstream.
To mitigate some types of offline attacks, filesystem encryption is
designed to enforce that all files in an encrypted directory tree use
the same encryption policy (i.e. the same encryption context excluding
the nonce). However, the fscrypt_has_permitted_context() function which
enforces this relies on comparing struct fscrypt_info's, which are only
available when we have the encryption keys. This can cause two
incorrect behaviors:
1. If we have the parent directory's key but not the child's key, or
vice versa, then fscrypt_has_permitted_context() returned false,
causing applications to see EPERM or ENOKEY. This is incorrect if
the encryption contexts are in fact consistent. Although we'd
normally have either both keys or neither key in that case since the
master_key_descriptors would be the same, this is not guaranteed
because keys can be added or removed from keyrings at any time.
2. If we have neither the parent's key nor the child's key, then
fscrypt_has_permitted_context() returned true, causing applications
to see no error (or else an error for some other reason). This is
incorrect if the encryption contexts are in fact inconsistent, since
in that case we should deny access.
To fix this, retrieve and compare the fscrypt_contexts if we are unable
to set up both fscrypt_infos.
While this slightly hurts performance when accessing an encrypted
directory tree without the key, this isn't a case we really need to be
optimizing for; access *with* the key is much more important.
Furthermore, the performance hit is barely noticeable given that we are
already retrieving the fscrypt_context and doing two keyring searches in
fscrypt_get_encryption_info(). If we ever actually wanted to optimize
this case we might start by caching the fscrypt_contexts.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/crypto/policy.c | 87 +++++++++++++++++++++++++++++++++++++++++------------
1 file changed, 68 insertions(+), 19 deletions(-)
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -169,27 +169,61 @@ int fscrypt_ioctl_get_policy(struct file
}
EXPORT_SYMBOL(fscrypt_ioctl_get_policy);
+/**
+ * fscrypt_has_permitted_context() - is a file's encryption policy permitted
+ * within its directory?
+ *
+ * @parent: inode for parent directory
+ * @child: inode for file being looked up, opened, or linked into @parent
+ *
+ * Filesystems must call this before permitting access to an inode in a
+ * situation where the parent directory is encrypted (either before allowing
+ * ->lookup() to succeed, or for a regular file before allowing it to be opened)
+ * and before any operation that involves linking an inode into an encrypted
+ * directory, including link, rename, and cross rename. It enforces the
+ * constraint that within a given encrypted directory tree, all files use the
+ * same encryption policy. The pre-access check is needed to detect potentially
+ * malicious offline violations of this constraint, while the link and rename
+ * checks are needed to prevent online violations of this constraint.
+ *
+ * Return: 1 if permitted, 0 if forbidden. If forbidden, the caller must fail
+ * the filesystem operation with EPERM.
+ */
int fscrypt_has_permitted_context(struct inode *parent, struct inode *child)
{
- struct fscrypt_info *parent_ci, *child_ci;
+ const struct fscrypt_operations *cops = parent->i_sb->s_cop;
+ const struct fscrypt_info *parent_ci, *child_ci;
+ struct fscrypt_context parent_ctx, child_ctx;
int res;
- if ((parent == NULL) || (child == NULL)) {
- printk(KERN_ERR "parent %p child %p\n", parent, child);
- BUG_ON(1);
- }
-
/* No restrictions on file types which are never encrypted */
if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) &&
!S_ISLNK(child->i_mode))
return 1;
- /* no restrictions if the parent directory is not encrypted */
- if (!parent->i_sb->s_cop->is_encrypted(parent))
+ /* No restrictions if the parent directory is unencrypted */
+ if (!cops->is_encrypted(parent))
return 1;
- /* if the child directory is not encrypted, this is always a problem */
- if (!parent->i_sb->s_cop->is_encrypted(child))
+
+ /* Encrypted directories must not contain unencrypted files */
+ if (!cops->is_encrypted(child))
return 0;
+
+ /*
+ * Both parent and child are encrypted, so verify they use the same
+ * encryption policy. Compare the fscrypt_info structs if the keys are
+ * available, otherwise retrieve and compare the fscrypt_contexts.
+ *
+ * Note that the fscrypt_context retrieval will be required frequently
+ * when accessing an encrypted directory tree without the key.
+ * Performance-wise this is not a big deal because we already don't
+ * really optimize for file access without the key (to the extent that
+ * such access is even possible), given that any attempted access
+ * already causes a fscrypt_context retrieval and keyring search.
+ *
+ * In any case, if an unexpected error occurs, fall back to "forbidden".
+ */
+
res = fscrypt_get_encryption_info(parent);
if (res)
return 0;
@@ -198,17 +232,32 @@ int fscrypt_has_permitted_context(struct
return 0;
parent_ci = parent->i_crypt_info;
child_ci = child->i_crypt_info;
- if (!parent_ci && !child_ci)
- return 1;
- if (!parent_ci || !child_ci)
+
+ if (parent_ci && child_ci) {
+ return memcmp(parent_ci->ci_master_key, child_ci->ci_master_key,
+ FS_KEY_DESCRIPTOR_SIZE) == 0 &&
+ (parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
+ (parent_ci->ci_filename_mode ==
+ child_ci->ci_filename_mode) &&
+ (parent_ci->ci_flags == child_ci->ci_flags);
+ }
+
+ res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));
+ if (res != sizeof(parent_ctx))
+ return 0;
+
+ res = cops->get_context(child, &child_ctx, sizeof(child_ctx));
+ if (res != sizeof(child_ctx))
return 0;
- return (memcmp(parent_ci->ci_master_key,
- child_ci->ci_master_key,
- FS_KEY_DESCRIPTOR_SIZE) == 0 &&
- (parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
- (parent_ci->ci_filename_mode == child_ci->ci_filename_mode) &&
- (parent_ci->ci_flags == child_ci->ci_flags));
+ return memcmp(parent_ctx.master_key_descriptor,
+ child_ctx.master_key_descriptor,
+ FS_KEY_DESCRIPTOR_SIZE) == 0 &&
+ (parent_ctx.contents_encryption_mode ==
+ child_ctx.contents_encryption_mode) &&
+ (parent_ctx.filenames_encryption_mode ==
+ child_ctx.filenames_encryption_mode) &&
+ (parent_ctx.flags == child_ctx.flags);
}
EXPORT_SYMBOL(fscrypt_has_permitted_context);
^ permalink raw reply
* [PATCH 4.9 05/80] usb: xhci: bInterval quirk for TI TUSB73x0
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Roger Quadros, Mathias Nyman
In-Reply-To: <20170518104833.667298773@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Quadros <rogerq@ti.com>
commit 69307ccb9ad7ccb653e332de68effdeaaab6907d upstream.
As per [1] issue #4,
"The periodic EP scheduler always tries to schedule the EPs
that have large intervals (interval equal to or greater than
128 microframes) into different microframes. So it maintains
an internal counter and increments for each large interval
EP added. When the counter is greater than 128, the scheduler
rejects the new EP. So when the hub re-enumerated 128 times,
it triggers this condition."
This results in Bandwidth error when devices with periodic
endpoints (ISO/INT) having bInterval > 7 are plugged and
unplugged several times on a TUSB73x0 XHCI host.
Workaround this issue by limiting the bInterval to 7
(i.e. interval to 6) for High-speed or faster periodic endpoints.
[1] - http://www.ti.com/lit/er/sllz076/sllz076.pdf
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-mem.c | 11 +++++++++++
drivers/usb/host/xhci-pci.c | 3 +++
drivers/usb/host/xhci.h | 1 +
3 files changed, 15 insertions(+)
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -1494,6 +1494,17 @@ int xhci_endpoint_init(struct xhci_hcd *
*/
max_esit_payload = xhci_get_max_esit_payload(udev, ep);
interval = xhci_get_endpoint_interval(udev, ep);
+
+ /* Periodic endpoint bInterval limit quirk */
+ if (usb_endpoint_xfer_int(&ep->desc) ||
+ usb_endpoint_xfer_isoc(&ep->desc)) {
+ if ((xhci->quirks & XHCI_LIMIT_ENDPOINT_INTERVAL_7) &&
+ udev->speed >= USB_SPEED_HIGH &&
+ interval >= 7) {
+ interval = 6;
+ }
+ }
+
mult = xhci_get_endpoint_mult(udev, ep);
max_packet = GET_MAX_PACKET(usb_endpoint_maxp(&ep->desc));
max_burst = xhci_get_endpoint_max_burst(udev, ep);
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -199,6 +199,9 @@ static void xhci_pci_quirks(struct devic
pdev->device == 0x1042)
xhci->quirks |= XHCI_BROKEN_STREAMS;
+ if (pdev->vendor == PCI_VENDOR_ID_TI && pdev->device == 0x8241)
+ xhci->quirks |= XHCI_LIMIT_ENDPOINT_INTERVAL_7;
+
if (xhci->quirks & XHCI_RESET_ON_RESUME)
xhci_dbg_trace(xhci, trace_xhci_dbg_quirks,
"QUIRK: Resetting on resume");
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1659,6 +1659,7 @@ struct xhci_hcd {
#define XHCI_MISSING_CAS (1 << 24)
/* For controller with a broken Port Disable implementation */
#define XHCI_BROKEN_PORT_PED (1 << 25)
+#define XHCI_LIMIT_ENDPOINT_INTERVAL_7 (1 << 26)
unsigned int num_active_eps;
unsigned int limit_active_eps;
^ permalink raw reply
* [PATCH 4.10 77/93] mm: fix data corruption due to stale mmap reads
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kara, Ross Zwisler, Dan Williams,
Andrew Morton, Linus Torvalds
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit cd656375f94632d7b5af57bf67b7b5c0270c591c upstream.
Currently, we didn't invalidate page tables during invalidate_inode_pages2()
for DAX. That could result in e.g. 2MiB zero page being mapped into
page tables while there were already underlying blocks allocated and
thus data seen through mmap were different from data seen by read(2).
The following sequence reproduces the problem:
- open an mmap over a 2MiB hole
- read from a 2MiB hole, faulting in a 2MiB zero page
- write to the hole with write(3p). The write succeeds but we
incorrectly leave the 2MiB zero page mapping intact.
- via the mmap, read the data that was just written. Since the zero
page mapping is still intact we read back zeroes instead of the new
data.
Fix the problem by unconditionally calling invalidate_inode_pages2_range()
in dax_iomap_actor() for new block allocations and by properly
invalidating page tables in invalidate_inode_pages2_range() for DAX
mappings.
Fixes: c6dcf52c23d2d3fb5235cec42d7dd3f786b87d55
Link: http://lkml.kernel.org/r/20170510085419.27601-3-jack@suse.cz
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dax.c | 2 +-
mm/truncate.c | 11 +++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
--- a/fs/dax.c
+++ b/fs/dax.c
@@ -1000,7 +1000,7 @@ dax_iomap_actor(struct inode *inode, lof
* into page tables. We have to tear down these mappings so that data
* written by write(2) is visible in mmap.
*/
- if ((iomap->flags & IOMAP_F_NEW) && inode->i_mapping->nrpages) {
+ if (iomap->flags & IOMAP_F_NEW) {
invalidate_inode_pages2_range(inode->i_mapping,
pos >> PAGE_SHIFT,
(end - 1) >> PAGE_SHIFT);
--- a/mm/truncate.c
+++ b/mm/truncate.c
@@ -682,6 +682,17 @@ int invalidate_inode_pages2_range(struct
cond_resched();
index++;
}
+ /*
+ * For DAX we invalidate page tables after invalidating radix tree. We
+ * could invalidate page tables while invalidating each entry however
+ * that would be expensive. And doing range unmapping before doesn't
+ * work as we have no cheap way to find whether radix tree entry didn't
+ * get remapped later.
+ */
+ if (dax_mapping(mapping)) {
+ unmap_mapping_range(mapping, (loff_t)start << PAGE_SHIFT,
+ (loff_t)(end - start + 1) << PAGE_SHIFT, 0);
+ }
cleancache_invalidate_inode(mapping);
return ret;
}
^ permalink raw reply
* [PATCH 4.10 76/93] dax: prevent invalidation of mapped DAX entries
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ross Zwisler, Jan Kara, Dan Williams,
Andrew Morton, Linus Torvalds
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ross Zwisler <ross.zwisler@linux.intel.com>
commit 4636e70bb0a8b871998b6841a2e4b205cf2bc863 upstream.
Patch series "mm,dax: Fix data corruption due to mmap inconsistency",
v4.
This series fixes data corruption that can happen for DAX mounts when
page faults race with write(2) and as a result page tables get out of
sync with block mappings in the filesystem and thus data seen through
mmap is different from data seen through read(2).
The series passes testing with t_mmap_stale test program from Ross and
also other mmap related tests on DAX filesystem.
This patch (of 4):
dax_invalidate_mapping_entry() currently removes DAX exceptional entries
only if they are clean and unlocked. This is done via:
invalidate_mapping_pages()
invalidate_exceptional_entry()
dax_invalidate_mapping_entry()
However, for page cache pages removed in invalidate_mapping_pages()
there is an additional criteria which is that the page must not be
mapped. This is noted in the comments above invalidate_mapping_pages()
and is checked in invalidate_inode_page().
For DAX entries this means that we can can end up in a situation where a
DAX exceptional entry, either a huge zero page or a regular DAX entry,
could end up mapped but without an associated radix tree entry. This is
inconsistent with the rest of the DAX code and with what happens in the
page cache case.
We aren't able to unmap the DAX exceptional entry because according to
its comments invalidate_mapping_pages() isn't allowed to block, and
unmap_mapping_range() takes a write lock on the mapping->i_mmap_rwsem.
Since we essentially never have unmapped DAX entries to evict from the
radix tree, just remove dax_invalidate_mapping_entry().
Fixes: c6dcf52c23d2 ("mm: Invalidate DAX radix tree entries only if appropriate")
Link: http://lkml.kernel.org/r/20170510085419.27601-2-jack@suse.cz
Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reported-by: Jan Kara <jack@suse.cz>
Cc: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dax.c | 29 -----------------------------
include/linux/dax.h | 1 -
mm/truncate.c | 9 +++------
3 files changed, 3 insertions(+), 36 deletions(-)
--- a/fs/dax.c
+++ b/fs/dax.c
@@ -503,35 +503,6 @@ int dax_delete_mapping_entry(struct addr
}
/*
- * Invalidate exceptional DAX entry if easily possible. This handles DAX
- * entries for invalidate_inode_pages() so we evict the entry only if we can
- * do so without blocking.
- */
-int dax_invalidate_mapping_entry(struct address_space *mapping, pgoff_t index)
-{
- int ret = 0;
- void *entry, **slot;
- struct radix_tree_root *page_tree = &mapping->page_tree;
-
- spin_lock_irq(&mapping->tree_lock);
- entry = __radix_tree_lookup(page_tree, index, NULL, &slot);
- if (!entry || !radix_tree_exceptional_entry(entry) ||
- slot_locked(mapping, slot))
- goto out;
- if (radix_tree_tag_get(page_tree, index, PAGECACHE_TAG_DIRTY) ||
- radix_tree_tag_get(page_tree, index, PAGECACHE_TAG_TOWRITE))
- goto out;
- radix_tree_delete(page_tree, index);
- mapping->nrexceptional--;
- ret = 1;
-out:
- spin_unlock_irq(&mapping->tree_lock);
- if (ret)
- dax_wake_mapping_entry_waiter(mapping, index, entry, true);
- return ret;
-}
-
-/*
* Invalidate exceptional DAX entry if it is clean.
*/
int dax_invalidate_mapping_entry_sync(struct address_space *mapping,
--- a/include/linux/dax.h
+++ b/include/linux/dax.h
@@ -41,7 +41,6 @@ ssize_t dax_iomap_rw(struct kiocb *iocb,
int dax_iomap_fault(struct vm_area_struct *vma, struct vm_fault *vmf,
struct iomap_ops *ops);
int dax_delete_mapping_entry(struct address_space *mapping, pgoff_t index);
-int dax_invalidate_mapping_entry(struct address_space *mapping, pgoff_t index);
int dax_invalidate_mapping_entry_sync(struct address_space *mapping,
pgoff_t index);
void dax_wake_mapping_entry_waiter(struct address_space *mapping,
--- a/mm/truncate.c
+++ b/mm/truncate.c
@@ -66,17 +66,14 @@ static void truncate_exceptional_entry(s
/*
* Invalidate exceptional entry if easily possible. This handles exceptional
- * entries for invalidate_inode_pages() so for DAX it evicts only unlocked and
- * clean entries.
+ * entries for invalidate_inode_pages().
*/
static int invalidate_exceptional_entry(struct address_space *mapping,
pgoff_t index, void *entry)
{
- /* Handled by shmem itself */
- if (shmem_mapping(mapping))
+ /* Handled by shmem itself, or for DAX we do nothing. */
+ if (shmem_mapping(mapping) || dax_mapping(mapping))
return 1;
- if (dax_mapping(mapping))
- return dax_invalidate_mapping_entry(mapping, index);
clear_shadow_entry(mapping, index, entry);
return 1;
}
^ permalink raw reply
* [PATCH 4.9 01/80] xen: adjust early dom0 p2m handling to xen hypervisor behavior
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Juergen Gross, Jan Beulich
In-Reply-To: <20170518104833.667298773@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
commit 69861e0a52f8733355ce246f0db15e1b240ad667 upstream.
When booted as pv-guest the p2m list presented by the Xen is already
mapped to virtual addresses. In dom0 case the hypervisor might make use
of 2M- or 1G-pages for this mapping. Unfortunately while being properly
aligned in virtual and machine address space, those pages might not be
aligned properly in guest physical address space.
So when trying to obtain the guest physical address of such a page
pud_pfn() and pmd_pfn() must be avoided as those will mask away guest
physical address bits not being zero in this special case.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/xen/mmu.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -2028,7 +2028,8 @@ static unsigned long __init xen_read_phy
/*
* Translate a virtual address to a physical one without relying on mapped
- * page tables.
+ * page tables. Don't rely on big pages being aligned in (guest) physical
+ * space!
*/
static phys_addr_t __init xen_early_virt_to_phys(unsigned long vaddr)
{
@@ -2049,7 +2050,7 @@ static phys_addr_t __init xen_early_virt
sizeof(pud)));
if (!pud_present(pud))
return 0;
- pa = pud_pfn(pud) << PAGE_SHIFT;
+ pa = pud_val(pud) & PTE_PFN_MASK;
if (pud_large(pud))
return pa + (vaddr & ~PUD_MASK);
@@ -2057,7 +2058,7 @@ static phys_addr_t __init xen_early_virt
sizeof(pmd)));
if (!pmd_present(pmd))
return 0;
- pa = pmd_pfn(pmd) << PAGE_SHIFT;
+ pa = pmd_val(pmd) & PTE_PFN_MASK;
if (pmd_large(pmd))
return pa + (vaddr & ~PMD_MASK);
^ permalink raw reply
* [PATCH 4.9 00/80] 4.9.29-stable review
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuahkh, patches,
ben.hutchings, stable
This is the start of the stable review cycle for the 4.9.29 release.
There are 80 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat May 20 10:48:15 UTC 2017.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.29-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.9.29-rc1
Kees Cook <keescook@chromium.org>
pstore: Shut down worker when unregistering
Ankit Kumar <ankit@linux.vnet.ibm.com>
pstore: Fix flags to enable dumps on powerpc
Dan Williams <dan.j.williams@intel.com>
libnvdimm, pfn: fix 'npfns' vs section alignment
Toshi Kani <toshi.kani@hpe.com>
libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify
Dan Williams <dan.j.williams@intel.com>
libnvdimm, region: fix flush hint detection crash
Joeseph Chang <joechang@codeaurora.org>
ipmi: Fix kernel panic at ipmi_ssif_thread()
Johan Hovold <johan@kernel.org>
Bluetooth: hci_intel: add missing tty-device sanity check
Johan Hovold <johan@kernel.org>
Bluetooth: hci_bcm: add missing tty-device sanity check
Szymon Janc <szymon.janc@codecoup.pl>
Bluetooth: Fix user channel for 32bit userspace on 64bit kernel
Wang YanQing <udknight@gmail.com>
tty: pty: Fix ldisc flush after userspace become aware of the data already
Johan Hovold <johan@kernel.org>
serial: omap: suspend device on probe errors
Johan Hovold <johan@kernel.org>
serial: omap: fix runtime-pm handling on unbind
Marek Szyprowski <m.szyprowski@samsung.com>
serial: samsung: Use right device for DMA-mapping calls
Eric Biggers <ebiggers@google.com>
fscrypt: fix context consistency check when key(s) unavailable
Dan Williams <dan.j.williams@intel.com>
device-dax: fix cdev leak
Jason A. Donenfeld <Jason@zx2c4.com>
padata: free correct variable
Björn Jacke <bj@sernet.de>
CIFS: add misssing SFM mapping for doublequote
David Disseldorp <ddiss@suse.de>
cifs: fix CIFS_IOC_GET_MNT_INFO oops
Rabin Vincent <rabinv@axis.com>
CIFS: fix oplock break deadlocks
David Disseldorp <ddiss@suse.de>
cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops
David Disseldorp <ddiss@suse.de>
cifs: fix leak in FSCTL_ENUM_SNAPS response handling
Björn Jacke <bj@sernet.de>
CIFS: fix mapping of SFM_SPACE and SFM_PERIOD
Steve French <smfrench@gmail.com>
SMB3: Work around mount failure when using SMB3 dialect to Macs
Steve French <smfrench@gmail.com>
Set unicode flag on cifs echo request to avoid Mac error
Sachin Prabhu <sprabhu@redhat.com>
Fix match_prepath()
Vlastimil Babka <vbabka@suse.cz>
mm: prevent potential recursive reclaim due to clearing PF_MEMALLOC
Andrey Ryabinin <aryabinin@virtuozzo.com>
fs/block_dev: always invalidate cleancache in invalidate_bdev()
Luis Henriques <lhenriques@suse.com>
ceph: fix memory leak in __ceph_setxattr()
Michal Hocko <mhocko@suse.com>
fs/xattr.c: zero out memory copied to userspace in getxattr
Martin Brandenburg <martin@omnibond.com>
orangefs: do not check possibly stale size on truncate
Martin Brandenburg <martin@omnibond.com>
orangefs: do not set getattr_time on orangefs_lookup
Martin Brandenburg <martin@omnibond.com>
orangefs: clean up oversize xattr validation
Martin Brandenburg <martin@omnibond.com>
orangefs: fix bounds check for listxattr
Eric Biggers <ebiggers@google.com>
ext4: evict inline data when writing to memory map
Adrian Hunter <adrian.hunter@intel.com>
perf auxtrace: Fix no_size logic in addr_filter__resolve_kernel_syms()
Mike Marciniszyn <mike.marciniszyn@intel.com>
IB/hfi1: Prevent kernel QP post send hard lockups
Jack Morgenstein <jackm@dev.mellanox.co.il>
IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
Jack Morgenstein <jackm@dev.mellanox.co.il>
IB/mlx4: Fix ib device initialization error flow
Shamir Rabinovitch <shamir.rabinovitch@oracle.com>
IB/IPoIB: ibX: failed to create mcg debug file
Michael J. Ruhl <michael.j.ruhl@intel.com>
IB/core: For multicast functions, verify that LIDs are multicast LIDs
Jack Morgenstein <jackm@dev.mellanox.co.il>
IB/core: Fix sysfs registration error flow
Ding Tianhong <dingtianhong@huawei.com>
iov_iter: don't revert iov buffer if csum error
Alex Williamson <alex.williamson@redhat.com>
vfio/type1: Remove locked page accounting workqueue
Dennis Yang <dennisyang@qnap.com>
dm thin: fix a memory leak when passing discard bio down
Bart Van Assche <bart.vanassche@sandisk.com>
dm rq: check blk_mq_register_dev() return value in dm_mq_init_request_queue()
Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
dm era: save spacemap metadata root after the pre-commit
Gary R Hook <gary.hook@amd.com>
crypto: ccp - Change ISR handler method for a v5 CCP
Gary R Hook <gary.hook@amd.com>
crypto: ccp - Change ISR handler method for a v3 CCP
Gary R Hook <ghook@amd.com>
crypto: ccp - Disable interrupts early on unload
Gary R Hook <gary.hook@amd.com>
crypto: ccp - Use only the relevant interrupt bits
Stephan Mueller <smueller@chronox.de>
crypto: algif_aead - Require setkey before accept(2)
Mike Snitzer <snitzer@redhat.com>
block: fix blk_integrity_register to use template's interval_exp if not 0
Marc Zyngier <marc.zyngier@arm.com>
arm64: KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses
Andrew Jones <drjones@redhat.com>
KVM: arm/arm64: fix races in kvm_psci_vcpu_on
David Hildenbrand <david@redhat.com>
KVM: x86: fix user triggerable warning in kvm_apic_accept_events()
Vince Weaver <vincent.weaver@maine.edu>
perf/x86: Fix Broadwell-EP DRAM RAPL events
Richard Weinberger <richard@nod.at>
um: Fix PTRACE_POKEUSER on x86_64
Ben Hutchings <ben.hutchings@codethink.co.uk>
x86, pmem: Fix cache flushing for iovec write < 8 bytes
Andy Lutomirski <luto@kernel.org>
selftests/x86/ldt_gdt_32: Work around a glibc sigaction() bug
Ashish Kalra <ashish@bluestacks.com>
x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup
Maksim Salau <maksim.salau@gmail.com>
usb: misc: legousbtower: Fix buffers on stack
Guenter Roeck <linux@roeck-us.net>
usb: hub: Do not attempt to autosuspend disconnected devices
Guenter Roeck <linux@roeck-us.net>
usb: hub: Fix error loop seen after hub communication errors
Alexey Brodkin <Alexey.Brodkin@synopsys.com>
usb: Make sure usb/phy/of gets built-in
Romain Izard <romain.izard.pro@gmail.com>
usb: gadget: legacy gadgets are optional
Gustavo A. R. Silva <garsilva@embeddedor.com>
usb: misc: add missing continue in switch
Ian Abbott <abbotti@mev.co.uk>
staging: comedi: jr3_pci: cope with jiffies wraparound
Ian Abbott <abbotti@mev.co.uk>
staging: comedi: jr3_pci: fix possible null pointer dereference
Johan Hovold <johan@kernel.org>
staging: gdm724x: gdm_mux: fix use-after-free on module unload
Malcolm Priestley <tvboxspy@gmail.com>
staging: vt6656: use off stack for out buffer USB transfers.
Malcolm Priestley <tvboxspy@gmail.com>
staging: vt6656: use off stack for in buffer USB transfers.
Bjørn Mork <bjorn@mork.no>
USB: Revert "cdc-wdm: fix "out-of-sync" due to missing notifications"
Ajay Kaher <ajay.kaher@samsung.com>
USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously
Marek Vasut <marex@denx.de>
USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit
Peter Chen <peter.chen@nxp.com>
usb: host: xhci: print correct command ring address
Roger Quadros <rogerq@ti.com>
usb: xhci: bInterval quirk for TI TUSB73x0
Nicholas Bellinger <nab@linux-iscsi.org>
iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement
Bart Van Assche <bart.vanassche@sandisk.com>
target/fileio: Fix zero-length READ and WRITE handling
Nicholas Bellinger <nab@linux-iscsi.org>
target: Fix compare_and_write_callback handling for non GOOD status
Juergen Gross <jgross@suse.com>
xen: adjust early dom0 p2m handling to xen hypervisor behavior
-------------
Diffstat:
Makefile | 4 +-
arch/arm/kvm/psci.c | 8 +-
arch/arm64/include/asm/kvm_emulate.h | 6 +
arch/arm64/kvm/sys_regs.c | 8 +-
arch/powerpc/kernel/nvram_64.c | 1 +
arch/x86/boot/boot.h | 2 +-
arch/x86/events/intel/rapl.c | 2 +-
arch/x86/include/asm/pmem.h | 2 +-
arch/x86/kvm/x86.c | 12 ++
arch/x86/um/ptrace_64.c | 2 +-
arch/x86/xen/mmu.c | 7 +-
block/blk-integrity.c | 3 +-
crypto/algif_aead.c | 157 +++++++++++++++++++++++++--
drivers/Makefile | 1 +
drivers/bluetooth/hci_bcm.c | 5 +-
drivers/bluetooth/hci_intel.c | 13 ++-
drivers/char/ipmi/ipmi_ssif.c | 4 +-
drivers/crypto/ccp/ccp-dev-v3.c | 120 +++++++++++---------
drivers/crypto/ccp/ccp-dev-v5.c | 114 +++++++++++--------
drivers/crypto/ccp/ccp-dev.h | 8 +-
drivers/crypto/ccp/ccp-pci.c | 2 +
drivers/dax/dax.c | 15 ++-
drivers/infiniband/core/sysfs.c | 2 +-
drivers/infiniband/core/verbs.c | 8 +-
drivers/infiniband/hw/hfi1/ruc.c | 26 +++--
drivers/infiniband/hw/hfi1/verbs.c | 4 +-
drivers/infiniband/hw/hfi1/verbs.h | 6 +-
drivers/infiniband/hw/mlx4/main.c | 1 +
drivers/infiniband/hw/mlx4/mcg.c | 3 +-
drivers/infiniband/ulp/ipoib/ipoib_fs.c | 3 +
drivers/infiniband/ulp/ipoib/ipoib_main.c | 44 +++++++-
drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 3 -
drivers/md/dm-era-target.c | 8 +-
drivers/md/dm-rq.c | 6 +-
drivers/md/dm-thin.c | 1 +
drivers/nvdimm/pfn_devs.c | 6 +-
drivers/nvdimm/pmem.c | 37 +++++--
drivers/nvdimm/region_devs.c | 11 +-
drivers/staging/comedi/drivers/jr3_pci.c | 13 ++-
drivers/staging/gdm724x/gdm_mux.c | 3 +-
drivers/staging/vt6656/usbpipe.c | 31 +++++-
drivers/target/iscsi/iscsi_target.c | 1 +
drivers/target/iscsi/iscsi_target_configfs.c | 1 +
drivers/target/iscsi/iscsi_target_login.c | 1 +
drivers/target/target_core_file.c | 3 +-
drivers/target/target_core_sbc.c | 5 +-
drivers/tty/pty.c | 7 +-
drivers/tty/serial/omap-serial.c | 9 +-
drivers/tty/serial/samsung.c | 9 +-
drivers/usb/class/cdc-wdm.c | 103 +-----------------
drivers/usb/core/driver.c | 21 ++++
drivers/usb/core/file.c | 9 +-
drivers/usb/core/hub.c | 11 +-
drivers/usb/gadget/Kconfig | 1 +
drivers/usb/host/xhci-mem.c | 13 ++-
drivers/usb/host/xhci-pci.c | 3 +
drivers/usb/host/xhci.h | 1 +
drivers/usb/misc/legousbtower.c | 37 +++++--
drivers/usb/misc/usbtest.c | 1 +
drivers/usb/serial/ftdi_sio.c | 1 +
drivers/usb/serial/ftdi_sio_ids.h | 6 +
drivers/vfio/vfio_iommu_type1.c | 102 ++++++++---------
fs/block_dev.c | 11 +-
fs/ceph/xattr.c | 3 +
fs/cifs/cifs_unicode.c | 6 +
fs/cifs/cifs_unicode.h | 5 +-
fs/cifs/cifsfs.c | 15 ++-
fs/cifs/cifsglob.h | 1 +
fs/cifs/cifssmb.c | 3 +
fs/cifs/connect.c | 14 +--
fs/cifs/ioctl.c | 4 +
fs/cifs/misc.c | 2 +-
fs/cifs/smb2misc.c | 5 +-
fs/cifs/smb2ops.c | 1 +
fs/cifs/smb2pdu.c | 14 ++-
fs/crypto/policy.c | 87 +++++++++++----
fs/ext4/inode.c | 5 +
fs/orangefs/inode.c | 3 +-
fs/orangefs/namei.c | 2 -
fs/orangefs/xattr.c | 26 ++---
fs/pstore/platform.c | 10 +-
fs/xattr.c | 2 +-
kernel/padata.c | 2 +-
mm/page_alloc.c | 3 +-
net/bluetooth/hci_sock.c | 3 +-
net/core/datagram.c | 13 ++-
tools/perf/util/auxtrace.c | 4 +-
tools/testing/selftests/x86/ldt_gdt.c | 46 ++++++++
88 files changed, 893 insertions(+), 454 deletions(-)
^ permalink raw reply
* [PATCH 4.10 73/93] md/raid1: avoid reusing a resync bio after error handling.
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, NeilBrown, Shaohua Li
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neilb@suse.com>
commit 0c9d5b127f695818c2c5a3868c1f28ca2969e905 upstream.
fix_sync_read_error() modifies a bio on a newly faulty
device by setting bi_end_io to end_sync_write.
This ensure that put_buf() will still call rdev_dec_pending()
as required, but makes sure that subsequent code in
fix_sync_read_error() doesn't try to read from the device.
Unfortunately this interacts badly with sync_request_write()
which assumes that any bio with bi_end_io set to non-NULL
other than end_sync_read is safe to write to.
As the device is now faulty it doesn't make sense to write.
As the bio was recently used for a read, it is "dirty"
and not suitable for immediate submission.
In particular, ->bi_next might be non-NULL, which will cause
generic_make_request() to complain.
Break this interaction by refusing to write to devices
which are marked as Faulty.
Reported-and-tested-by: Michael Wang <yun.wang@profitbricks.com>
Fixes: 2e52d449bcec ("md/raid1: add failfast handling for reads.")
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid1.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -2094,6 +2094,8 @@ static void sync_request_write(struct md
(i == r1_bio->read_disk ||
!test_bit(MD_RECOVERY_SYNC, &mddev->recovery))))
continue;
+ if (test_bit(Faulty, &conf->mirrors[i].rdev->flags))
+ continue;
bio_set_op_attrs(wbio, REQ_OP_WRITE, 0);
if (test_bit(FailFast, &conf->mirrors[i].rdev->flags))
^ permalink raw reply
* [PATCH 4.10 72/93] padata: free correct variable
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld, Herbert Xu
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason A. Donenfeld <Jason@zx2c4.com>
commit 07a77929ba672d93642a56dc2255dd21e6e2290b upstream.
The author meant to free the variable that was just allocated, instead
of the one that failed to be allocated, but made a simple typo. This
patch rectifies that.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/padata.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -354,7 +354,7 @@ static int padata_setup_cpumasks(struct
cpumask_and(pd->cpumask.pcpu, pcpumask, cpu_online_mask);
if (!alloc_cpumask_var(&pd->cpumask.cbcpu, GFP_KERNEL)) {
- free_cpumask_var(pd->cpumask.cbcpu);
+ free_cpumask_var(pd->cpumask.pcpu);
return -ENOMEM;
}
^ permalink raw reply
* [PATCH 4.10 71/93] ovl: do not set overlay.opaque on non-dir create
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Amir Goldstein, Miklos Szeredi
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Amir Goldstein <amir73il@gmail.com>
commit 4a99f3c83dc493c8ea84693d78cd792839c8aa64 upstream.
The optimization for opaque dir create was wrongly being applied
also to non-dir create.
Fixes: 97c684cc9110 ("ovl: create directories inside merged parent opaque")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/overlayfs/dir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -209,7 +209,7 @@ static int ovl_create_upper(struct dentr
if (err)
goto out_dput;
- if (ovl_type_merge(dentry->d_parent)) {
+ if (ovl_type_merge(dentry->d_parent) && d_is_dir(newdentry)) {
/* Setting opaque here is just an optimization, allow to fail */
ovl_set_opaque(dentry, newdentry);
}
^ permalink raw reply
* [PATCH 4.10 69/93] cifs: fix CIFS_IOC_GET_MNT_INFO oops
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Disseldorp, Steve French
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Disseldorp <ddiss@suse.de>
commit d8a6e505d6bba2250852fbc1c1c86fe68aaf9af3 upstream.
An open directory may have a NULL private_data pointer prior to readdir.
Fixes: 0de1f4c6f6c0 ("Add way to query server fs info for smb3")
Signed-off-by: David Disseldorp <ddiss@suse.de>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/ioctl.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/cifs/ioctl.c
+++ b/fs/cifs/ioctl.c
@@ -264,6 +264,8 @@ long cifs_ioctl(struct file *filep, unsi
rc = -EOPNOTSUPP;
break;
case CIFS_IOC_GET_MNT_INFO:
+ if (pSMBFile == NULL)
+ break;
tcon = tlink_tcon(pSMBFile->tlink);
rc = smb_mnt_get_fsinfo(xid, tcon, (void __user *)arg);
break;
^ permalink raw reply
* [PATCH 4.10 67/93] cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Disseldorp, Steve French
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Disseldorp <ddiss@suse.de>
commit 6026685de33b0db5b2b6b0e9b41b3a1a3261033c upstream.
As with 618763958b22, an open directory may have a NULL private_data
pointer prior to readdir. CIFS_ENUMERATE_SNAPSHOTS must check for this
before dereference.
Fixes: 834170c85978 ("Enable previous version support")
Signed-off-by: David Disseldorp <ddiss@suse.de>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/ioctl.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/cifs/ioctl.c
+++ b/fs/cifs/ioctl.c
@@ -268,6 +268,8 @@ long cifs_ioctl(struct file *filep, unsi
rc = smb_mnt_get_fsinfo(xid, tcon, (void __user *)arg);
break;
case CIFS_ENUMERATE_SNAPSHOTS:
+ if (pSMBFile == NULL)
+ break;
if (arg == 0) {
rc = -EINVAL;
goto cifs_ioc_exit;
^ permalink raw reply
* [PATCH 4.10 66/93] cifs: fix leak in FSCTL_ENUM_SNAPS response handling
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Disseldorp, Steve French
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Disseldorp <ddiss@suse.de>
commit 0e5c795592930d51fd30d53a2e7b73cba022a29b upstream.
The server may respond with success, and an output buffer less than
sizeof(struct smb_snapshot_array) in length. Do not leak the output
buffer in this case.
Fixes: 834170c85978 ("Enable previous version support")
Signed-off-by: David Disseldorp <ddiss@suse.de>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2ops.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -924,6 +924,7 @@ smb3_enum_snapshots(const unsigned int x
}
if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) {
rc = -ERANGE;
+ kfree(retbuf);
return rc;
}
^ permalink raw reply
* [PATCH 4.10 64/93] SMB3: Work around mount failure when using SMB3 dialect to Macs
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steve French
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve French <smfrench@gmail.com>
commit 7db0a6efdc3e990cdfd4b24820d010e9eb7890ad upstream.
Macs send the maximum buffer size in response on ioctl to validate
negotiate security information, which causes us to fail the mount
as the response buffer is larger than the expected response.
Changed ioctl response processing to allow for padding of validate
negotiate ioctl response and limit the maximum response size to
maximum buffer size.
Signed-off-by: Steve French <steve.french@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2pdu.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -569,8 +569,12 @@ int smb3_validate_negotiate(const unsign
}
if (rsplen != sizeof(struct validate_negotiate_info_rsp)) {
- cifs_dbg(VFS, "invalid size of protocol negotiate response\n");
- return -EIO;
+ cifs_dbg(VFS, "invalid protocol negotiate response size: %d\n",
+ rsplen);
+
+ /* relax check since Mac returns max bufsize allowed on ioctl */
+ if (rsplen > CIFSMaxBufSize)
+ return -EIO;
}
/* check validate negotiate info response matches what we got earlier */
@@ -1670,8 +1674,12 @@ SMB2_ioctl(const unsigned int xid, struc
* than one credit. Windows typically sets this smaller, but for some
* ioctls it may be useful to allow server to send more. No point
* limiting what the server can send as long as fits in one credit
+ * Unfortunately - we can not handle more than CIFS_MAX_MSG_SIZE
+ * (by default, note that it can be overridden to make max larger)
+ * in responses (except for read responses which can be bigger.
+ * We may want to bump this limit up
*/
- req->MaxOutputResponse = cpu_to_le32(0xFF00); /* < 64K uses 1 credit */
+ req->MaxOutputResponse = cpu_to_le32(CIFSMaxBufSize);
if (is_fsctl)
req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL);
^ permalink raw reply
* [PATCH 4.10 63/93] Set unicode flag on cifs echo request to avoid Mac error
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steve French
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve French <smfrench@gmail.com>
commit 26c9cb668c7fbf9830516b75d8bee70b699ed449 upstream.
Mac requires the unicode flag to be set for cifs, even for the smb
echo request (which doesn't have strings).
Without this Mac rejects the periodic echo requests (when mounting
with cifs) that we use to check if server is down
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifssmb.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -717,6 +717,9 @@ CIFSSMBEcho(struct TCP_Server_Info *serv
if (rc)
return rc;
+ if (server->capabilities & CAP_UNICODE)
+ smb->hdr.Flags2 |= SMBFLG2_UNICODE;
+
/* set up echo request */
smb->hdr.Tid = 0xffff;
smb->hdr.WordCount = 1;
^ permalink raw reply
* [PATCH 4.10 60/93] fs/block_dev: always invalidate cleancache in invalidate_bdev()
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrey Ryabinin, Jan Kara,
Konrad Rzeszutek Wilk, Alexander Viro, Ross Zwisler, Jens Axboe,
Johannes Weiner, Alexey Kuznetsov, Christoph Hellwig,
Nikolay Borisov, Andrew Morton, Linus Torvalds
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Ryabinin <aryabinin@virtuozzo.com>
commit a5f6a6a9c72eac38a7fadd1a038532bc8516337c upstream.
invalidate_bdev() calls cleancache_invalidate_inode() iff ->nrpages != 0
which doen't make any sense.
Make sure that invalidate_bdev() always calls cleancache_invalidate_inode()
regardless of mapping->nrpages value.
Fixes: c515e1fd361c ("mm/fs: add hooks to support cleancache")
Link: http://lkml.kernel.org/r/20170424164135.22350-3-aryabinin@virtuozzo.com
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Alexey Kuznetsov <kuznet@virtuozzo.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Nikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/block_dev.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -103,12 +103,11 @@ void invalidate_bdev(struct block_device
{
struct address_space *mapping = bdev->bd_inode->i_mapping;
- if (mapping->nrpages == 0)
- return;
-
- invalidate_bh_lrus();
- lru_add_drain_all(); /* make sure all lru add caches are flushed */
- invalidate_mapping_pages(mapping, 0, -1);
+ if (mapping->nrpages) {
+ invalidate_bh_lrus();
+ lru_add_drain_all(); /* make sure all lru add caches are flushed */
+ invalidate_mapping_pages(mapping, 0, -1);
+ }
/* 99% of the time, we don't need to flush the cleancache on the bdev.
* But, for the strange corners, lets be cautious
*/
^ permalink raw reply
* [PATCH 4.10 58/93] fs/xattr.c: zero out memory copied to userspace in getxattr
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Vlastimil Babka,
Michal Hocko, Andrew Morton, Linus Torvalds
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Hocko <mhocko@suse.com>
commit 81be3dee96346fbe08c31be5ef74f03f6b63cf68 upstream.
getxattr uses vmalloc to allocate memory if kzalloc fails. This is
filled by vfs_getxattr and then copied to the userspace. vmalloc,
however, doesn't zero out the memory so if the specific implementation
of the xattr handler is sloppy we can theoretically expose a kernel
memory. There is no real sign this is really the case but let's make
sure this will not happen and use vzalloc instead.
Fixes: 779302e67835 ("fs/xattr.c:getxattr(): improve handling of allocation failures")
Link: http://lkml.kernel.org/r/20170306103327.2766-1-mhocko@kernel.org
Acked-by: Kees Cook <keescook@chromium.org>
Reported-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -530,7 +530,7 @@ getxattr(struct dentry *d, const char __
size = XATTR_SIZE_MAX;
kvalue = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
if (!kvalue) {
- kvalue = vmalloc(size);
+ kvalue = vzalloc(size);
if (!kvalue)
return -ENOMEM;
}
^ permalink raw reply
* [PATCH 4.10 56/93] orangefs: do not set getattr_time on orangefs_lookup
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Brandenburg, Mike Marshall
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Brandenburg <martin@omnibond.com>
commit 17930b252cd6f31163c259eaa99dd8aa630fb9ba upstream.
Since orangefs_lookup calls orangefs_iget which calls
orangefs_inode_getattr, getattr_time will get set.
Signed-off-by: Martin Brandenburg <martin@omnibond.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/orangefs/namei.c | 2 --
1 file changed, 2 deletions(-)
--- a/fs/orangefs/namei.c
+++ b/fs/orangefs/namei.c
@@ -193,8 +193,6 @@ static struct dentry *orangefs_lookup(st
goto out;
}
- ORANGEFS_I(inode)->getattr_time = jiffies - 1;
-
gossip_debug(GOSSIP_NAME_DEBUG,
"%s:%s:%d "
"Found good inode [%lu] with count [%d]\n",
^ permalink raw reply
* [PATCH 4.10 55/93] orangefs: clean up oversize xattr validation
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Brandenburg, Mike Marshall
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Brandenburg <martin@omnibond.com>
commit e675c5ec51fe2554719a7b6bcdbef0a770f2c19b upstream.
Also don't check flags as this has been validated by the VFS already.
Fix an off-by-one error in the max size checking.
Stop logging just because userspace wants to write attributes which do
not fit.
This and the previous commit fix xfstests generic/020.
Signed-off-by: Martin Brandenburg <martin@omnibond.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/orangefs/xattr.c | 24 +++++++-----------------
1 file changed, 7 insertions(+), 17 deletions(-)
--- a/fs/orangefs/xattr.c
+++ b/fs/orangefs/xattr.c
@@ -76,11 +76,8 @@ ssize_t orangefs_inode_getxattr(struct i
if (S_ISLNK(inode->i_mode))
return -EOPNOTSUPP;
- if (strlen(name) >= ORANGEFS_MAX_XATTR_NAMELEN) {
- gossip_err("Invalid key length (%d)\n",
- (int)strlen(name));
+ if (strlen(name) > ORANGEFS_MAX_XATTR_NAMELEN)
return -EINVAL;
- }
fsuid = from_kuid(&init_user_ns, current_fsuid());
fsgid = from_kgid(&init_user_ns, current_fsgid());
@@ -172,6 +169,9 @@ static int orangefs_inode_removexattr(st
struct orangefs_kernel_op_s *new_op = NULL;
int ret = -ENOMEM;
+ if (strlen(name) > ORANGEFS_MAX_XATTR_NAMELEN)
+ return -EINVAL;
+
down_write(&orangefs_inode->xattr_sem);
new_op = op_alloc(ORANGEFS_VFS_OP_REMOVEXATTR);
if (!new_op)
@@ -231,23 +231,13 @@ int orangefs_inode_setxattr(struct inode
"%s: name %s, buffer_size %zd\n",
__func__, name, size);
- if (size >= ORANGEFS_MAX_XATTR_VALUELEN ||
- flags < 0) {
- gossip_err("orangefs_inode_setxattr: bogus values of size(%d), flags(%d)\n",
- (int)size,
- flags);
+ if (size > ORANGEFS_MAX_XATTR_VALUELEN)
+ return -EINVAL;
+ if (strlen(name) > ORANGEFS_MAX_XATTR_NAMELEN)
return -EINVAL;
- }
internal_flag = convert_to_internal_xattr_flags(flags);
- if (strlen(name) >= ORANGEFS_MAX_XATTR_NAMELEN) {
- gossip_err
- ("orangefs_inode_setxattr: bogus key size (%d)\n",
- (int)(strlen(name)));
- return -EINVAL;
- }
-
/* This is equivalent to a removexattr */
if (size == 0 && value == NULL) {
gossip_debug(GOSSIP_XATTR_DEBUG,
^ permalink raw reply
* [PATCH 4.10 53/93] ext4: evict inline data when writing to memory map
From: Greg Kroah-Hartman @ 2017-05-18 10:47 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nick Alcock, Andreas Dilger,
Eric Biggers, Theodore Tso
In-Reply-To: <20170518104743.163522815@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit 7b4cc9787fe35b3ee2dfb1c35e22eafc32e00c33 upstream.
Currently the case of writing via mmap to a file with inline data is not
handled. This is maybe a rare case since it requires a writable memory
map of a very small file, but it is trivial to trigger with on
inline_data filesystem, and it causes the
'BUG_ON(ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA));' in
ext4_writepages() to be hit:
mkfs.ext4 -O inline_data /dev/vdb
mount /dev/vdb /mnt
xfs_io -f /mnt/file \
-c 'pwrite 0 1' \
-c 'mmap -w 0 1m' \
-c 'mwrite 0 1' \
-c 'fsync'
kernel BUG at fs/ext4/inode.c:2723!
invalid opcode: 0000 [#1] SMP
CPU: 1 PID: 2532 Comm: xfs_io Not tainted 4.11.0-rc1-xfstests-00301-g071d9acf3d1f #633
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-20170228_101828-anatol 04/01/2014
task: ffff88003d3a8040 task.stack: ffffc90000300000
RIP: 0010:ext4_writepages+0xc89/0xf8a
RSP: 0018:ffffc90000303ca0 EFLAGS: 00010283
RAX: 0000028410000000 RBX: ffff8800383fa3b0 RCX: ffffffff812afcdc
RDX: 00000a9d00000246 RSI: ffffffff81e660e0 RDI: 0000000000000246
RBP: ffffc90000303dc0 R08: 0000000000000002 R09: 869618e8f99b4fa5
R10: 00000000852287a2 R11: 00000000a03b49f4 R12: ffff88003808e698
R13: 0000000000000000 R14: 7fffffffffffffff R15: 7fffffffffffffff
FS: 00007fd3e53094c0(0000) GS:ffff88003e400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd3e4c51000 CR3: 000000003d554000 CR4: 00000000003406e0
Call Trace:
? _raw_spin_unlock+0x27/0x2a
? kvm_clock_read+0x1e/0x20
do_writepages+0x23/0x2c
? do_writepages+0x23/0x2c
__filemap_fdatawrite_range+0x80/0x87
filemap_write_and_wait_range+0x67/0x8c
ext4_sync_file+0x20e/0x472
vfs_fsync_range+0x8e/0x9f
? syscall_trace_enter+0x25b/0x2d0
vfs_fsync+0x1c/0x1e
do_fsync+0x31/0x4a
SyS_fsync+0x10/0x14
do_syscall_64+0x69/0x131
entry_SYSCALL64_slow_path+0x25/0x25
We could try to be smart and keep the inline data in this case, or at
least support delayed allocation when allocating the block, but these
solutions would be more complicated and don't seem worthwhile given how
rare this case seems to be. So just fix the bug by calling
ext4_convert_inline_data() when we're asked to make a page writable, so
that any inline data gets evicted, with the block allocated immediately.
Reported-by: Nick Alcock <nick.alcock@oracle.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5810,6 +5810,11 @@ int ext4_page_mkwrite(struct vm_area_str
file_update_time(vma->vm_file);
down_read(&EXT4_I(inode)->i_mmap_sem);
+
+ ret = ext4_convert_inline_data(inode);
+ if (ret)
+ goto out_ret;
+
/* Delalloc case is easy... */
if (test_opt(inode->i_sb, DELALLOC) &&
!ext4_should_journal_data(inode) &&
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox