May 2018 - Linux-stable-mirror

by Greg KH

I'm announcing the release of the 4.4.132 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/s390/kvm/kvm-s390.c | 4 arch/x86/kernel/cpu/perf_event.c | 8 arch/x86/kernel/cpu/perf_event_intel_cstate.c | 2 arch/x86/kernel/cpu/perf_event_msr.c | 9 crypto/af_alg.c | 8 drivers/ata/libata-core.c | 3 drivers/atm/zatm.c | 3 drivers/bluetooth/btusb.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 drivers/infiniband/core/ucma.c | 2 drivers/infiniband/hw/mlx5/qp.c | 22 - drivers/input/input-leds.c | 8 drivers/input/touchscreen/atmel_mxt_ts.c | 9 drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 78 +++ drivers/net/can/usb/kvaser_usb.c | 2 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/ath/ath10k/core.c | 8 drivers/net/wireless/ath/ath10k/core.h | 4 drivers/net/wireless/ath/ath10k/htt_rx.c | 100 ++++ drivers/net/wireless/ath/wcn36xx/txrx.c | 2 drivers/usb/core/config.c | 4 drivers/usb/musb/musb_host.c | 4 drivers/usb/serial/option.c | 448 +++++++--------------- drivers/usb/serial/visor.c | 69 +-- fs/f2fs/data.c | 2 fs/fs-writeback.c | 2 fs/xfs/xfs_file.c | 14 include/net/inet_timewait_sock.h | 1 include/net/mac80211.h | 14 include/net/nexthop.h | 2 kernel/bpf/arraymap.c | 2 kernel/bpf/hashtab.c | 9 kernel/bpf/syscall.c | 20 kernel/events/callchain.c | 10 kernel/events/core.c | 2 kernel/events/ring_buffer.c | 7 kernel/trace/trace_events_filter.c | 3 kernel/trace/trace_uprobe.c | 2 kernel/tracepoint.c | 4 mm/percpu.c | 1 net/atm/lec.c | 9 net/core/dev_addr_lists.c | 4 net/core/skbuff.c | 1 net/dccp/ipv4.c | 1 net/dccp/ipv6.c | 1 net/ipv4/inet_timewait_sock.c | 1 net/ipv4/tcp.c | 2 net/mac80211/util.c | 5 net/mac80211/wep.c | 3 net/mac80211/wpa.c | 45 +- net/netfilter/ipvs/ip_vs_ctl.c | 8 net/netfilter/ipvs/ip_vs_sync.c | 155 +++---- net/netlink/af_netlink.c | 2 net/rfkill/rfkill-gpio.c | 7 net/xfrm/xfrm_user.c | 2 sound/core/pcm_compat.c | 2 sound/core/seq/seq_virmidi.c | 4 sound/drivers/aloop.c | 29 + tools/testing/selftests/firmware/fw_filesystem.sh | 6 60 files changed, 655 insertions(+), 530 deletions(-) Alan Stern (1): USB: Accept bulk endpoints with 1024-byte maxpacket Alexander Yarygin (1): KVM: s390: Enable all facility bits that are known good for passthrough Ben Hutchings (1): test_firmware: fix setting old custom fw path back on exit, second try Bin Liu (1): usb: musb: host: fix potential NULL pointer dereference Danit Goldberg (1): IB/mlx5: Use unlimited rate when static rate is not supported Darrick J. Wong (1): xfs: prevent creating negative-sized file via INSERT_RANGE David Spinadel (1): mac80211: Add RX flag to indicate ICV stripped Dmitry Torokhov (1): Input: leds - fix out of bound access Eric Dumazet (8): crypto: af_alg - fix possible uninit-value in alg_bind() netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() dccp: initialize ireq->ir_mark soreuseport: initialise timewait reuseport field tcp: fix TCP_REPAIR_QUEUE bound checking Greg Kroah-Hartman (2): USB: serial: visor: handle potential invalid device configuration Linux 4.4.132 Gustavo A. R. Silva (2): net: atm: Fix potential Spectre v1 atm: zatm: Fix potential Spectre v1 Hans de Goede (2): libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Jan Kara (1): bdi: Fix oops in wb_workfn() Jimmy Assarsson (1): can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Jiri Olsa (1): perf: Remove superfluous allocation error check Johan Hovold (2): USB: serial: option: reimplement interface masking rfkill: gpio: fix memory leak in probe error path Julian Anastasov (1): ipvs: fix rtnl_lock lockups caused by start_sync_thread Kristian Evensen (1): USB: serial: option: Add support for Quectel EP06 Leon Romanovsky (1): RDMA/mlx5: Protect from shift operand overflow Markus Pargmann (1): gpmi-nand: Handle ECC Errors in erased pages Masami Hiramatsu (1): tracing/uprobe_event: Fix strncpy corner case Mathieu Desnoyers (1): tracepoint: Do not warn on ENOMEM Peter Zijlstra (5): perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Robert Rosengren (1): ALSA: aloop: Mark paused device as inactive Roland Dreier (1): RDMA/ucma: Allow resolving address w/o specifying source address SZ Lin (林上智) (2): NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 USB: serial: option: adding support for ublox R410M Sara Sharon (2): mac80211: allow not sending MIC up from driver for HW crypto mac80211: allow same PN for AMSDU sub-frames Steven Rostedt (VMware) (1): tracing: Fix regex_match_front() to not over compare the test string Takashi Iwai (3): ALSA: pcm: Check PCM state at xfern compat ioctl ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() ALSA: aloop: Add missing cable lock to ctl API callbacks Tan Xiaojun (1): perf/core: Fix the perf_cpu_time_max_percent check Tejun Heo (1): percpu: include linux/sched.h for cond_resched() Teng Qin (1): bpf: map_get_next_key to return first key on NULL Thomas Hellstrom (1): drm/vmwgfx: Fix a buffer object leak Vasanthakumar Thiagarajan (2): ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode ath10k: rebuild crypto header in rx data frames Vittorio Gambaletta (VittGam) (1): Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro Wei Fang (1): f2fs: fix a dead loop in f2fs_fiemap() Yi Zhao (1): xfrm_user: fix return value from xfrm_user_rcv_msg

6 years, 6 months

1
1
0 0

Linux 3.18.109

by Greg KH

I'm announcing the release of the 3.18.109 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/ata/libata-core.c | 3 + drivers/infiniband/hw/mlx5/qp.c | 4 ++ drivers/net/can/usb/kvaser_usb.c | 2 - drivers/net/usb/qmi_wwan.c | 1 drivers/usb/musb/musb_host.c | 4 +- drivers/usb/serial/visor.c | 69 ++++++++++++++++++------------------- include/net/inet_timewait_sock.h | 1 include/net/nexthop.h | 2 - kernel/events/callchain.c | 10 +---- kernel/events/core.c | 2 - kernel/trace/trace_events_filter.c | 3 + kernel/trace/trace_uprobe.c | 2 + mm/percpu.c | 1 net/core/dev_addr_lists.c | 4 +- net/core/skbuff.c | 1 net/ipv4/inet_timewait_sock.c | 1 net/ipv4/tcp.c | 2 - net/netlink/af_netlink.c | 2 + net/rfkill/rfkill-gpio.c | 7 +++ sound/core/pcm_compat.c | 2 + sound/core/seq/seq_virmidi.c | 4 +- sound/drivers/aloop.c | 29 ++++++++++++--- tools/perf/util/session.c | 1 24 files changed, 101 insertions(+), 58 deletions(-) Bin Liu (1): usb: musb: host: fix potential NULL pointer dereference Eric Dumazet (6): netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() soreuseport: initialise timewait reuseport field tcp: fix TCP_REPAIR_QUEUE bound checking Greg Kroah-Hartman (2): USB: serial: visor: handle potential invalid device configuration Linux 3.18.109 Hans de Goede (1): libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Jimmy Assarsson (1): can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Jiri Olsa (1): perf: Remove superfluous allocation error check Johan Hovold (1): rfkill: gpio: fix memory leak in probe error path Leon Romanovsky (1): RDMA/mlx5: Protect from shift operand overflow Masami Hiramatsu (1): tracing/uprobe_event: Fix strncpy corner case Murilo Opsfelder Araujo (1): perf session: Fix undeclared 'oe' Robert Rosengren (1): ALSA: aloop: Mark paused device as inactive SZ Lin (林上智) (1): NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 Steven Rostedt (VMware) (1): tracing: Fix regex_match_front() to not over compare the test string Takashi Iwai (3): ALSA: pcm: Check PCM state at xfern compat ioctl ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() ALSA: aloop: Add missing cable lock to ctl API callbacks Tan Xiaojun (1): perf/core: Fix the perf_cpu_time_max_percent check Tejun Heo (1): percpu: include linux/sched.h for cond_resched()

6 years, 6 months

1
1
0 0

[PATCH] block: fix QEMU crash with scsi-hd and drive_del

by Greg Kurz

Removing a drive with drive_del while it is being used to run an I/O intensive workload can cause QEMU to crash. An AIO flush can yield at some point: blk_aio_flush_entry() blk_co_flush(blk) bdrv_co_flush(blk->root->bs) ... qemu_coroutine_yield() and let the HMP command to run, free blk->root and give control back to the AIO flush: hmp_drive_del() blk_remove_bs() bdrv_root_unref_child(blk->root) child_bs = blk->root->bs bdrv_detach_child(blk->root) bdrv_replace_child(blk->root, NULL) blk->root->bs = NULL g_free(blk->root) <============== blk->root becomes stale bdrv_unref(child_bs) bdrv_delete(child_bs) bdrv_close() bdrv_drained_begin() bdrv_do_drained_begin() bdrv_drain_recurse() aio_poll() ... qemu_coroutine_switch() and the AIO flush completion ends up dereferencing blk->root: blk_aio_complete() scsi_aio_complete() blk_get_aio_context(blk) bs = blk_bs(blk) ie, bs = blk->root ? blk->root->bs : NULL ^^^^^ stale The solution to this user-after-free situation is is to clear blk->root before calling bdrv_unref() in bdrv_detach_child(), and let blk_get_aio_context() fall back to the main loop context since the BDS has been removed. Signed-off-by: Greg Kurz <groug(a)kaod.org> --- The use-after-free condition is easy to reproduce with a stress-ng run in the guest: -device virtio-scsi-pci,id=scsi1 \ -drive file=/home/greg/images/scratch.qcow2,format=qcow2,if=none,id=drive1 \ -device scsi-hd,bus=scsi1.0,drive=drive1,id=scsi-hd1 # stress-ng --hdd 0 --aggressive and doing drive_del from the QEMU monitor while stress-ng is still running: (qemu) drive_del drive1 The crash is less easy to hit though, as it depends on the bs field of the stale blk->root to have a non-NULL value that eventually breaks something when it gets dereferenced. The following patch simulates that, and allows to validate the fix: --- a/block.c +++ b/block.c @@ -2127,6 +2127,8 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs, static void bdrv_detach_child(BdrvChild *child) { + BlockDriverState *bs = child->bs; + if (child->next.le_prev) { QLIST_REMOVE(child, next); child->next.le_prev = NULL; @@ -2135,7 +2137,15 @@ static void bdrv_detach_child(BdrvChild *child) bdrv_replace_child(child, NULL); g_free(child->name); - g_free(child); + /* Poison the BdrvChild instead of freeing it, in order to break blk_bs() + * if the blk still has a pointer to this BdrvChild in blk->root. + */ + if (atomic_read(&bs->in_flight)) { + child->bs = (BlockDriverState *) -1; + fprintf(stderr, "\nPoisonned BdrvChild %p\n", child); + } else { + g_free(child); + } } void bdrv_root_unref_child(BdrvChild *child) --- block/block-backend.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/block/block-backend.c b/block/block-backend.c index 681b240b1268..ed9434e236b9 100644 --- a/block/block-backend.c +++ b/block/block-backend.c @@ -756,6 +756,7 @@ void blk_remove_bs(BlockBackend *blk) { ThrottleGroupMember *tgm = &blk->public.throttle_group_member; BlockDriverState *bs; + BdrvChild *root; notifier_list_notify(&blk->remove_bs_notifiers, blk); if (tgm->throttle_state) { @@ -768,8 +769,9 @@ void blk_remove_bs(BlockBackend *blk) blk_update_root_state(blk); - bdrv_root_unref_child(blk->root); + root = blk->root; blk->root = NULL; + bdrv_root_unref_child(root); } /*

6 years, 6 months

2
1
0 0

[PATCH v3 11/14] ftrace/selftest: Have the reset_trigger code be a bit more careful

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> The trigger code is picky in how it can be disabled as there may be dependencies between different events and synthetic events. Change the order on how triggers are reset. 1) Reset triggers of all synthetic events first 2) Remove triggers with actions attached to them 3) Remove all other triggers If this order isn't followed, then some triggers will not be reset, and an error may happen because a trigger is busy. Cc: stable(a)vger.kernel.org Fixes: cfa0963dc474f ("kselftests/ftrace : Add event trigger testcases") Acked-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- .../testing/selftests/ftrace/test.d/functions | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/ftrace/test.d/functions b/tools/testing/selftests/ftrace/test.d/functions index 2a4f16fc9819..8393b1c06027 100644 --- a/tools/testing/selftests/ftrace/test.d/functions +++ b/tools/testing/selftests/ftrace/test.d/functions @@ -15,14 +15,29 @@ reset_tracer() { # reset the current tracer echo nop > current_tracer } -reset_trigger() { # reset all current setting triggers - grep -v ^# events/*/*/trigger | +reset_trigger_file() { + # remove action triggers first + grep -H ':on[^:]*(' $@ | + while read line; do + cmd=`echo $line | cut -f2- -d: | cut -f1 -d" "` + file=`echo $line | cut -f1 -d:` + echo "!$cmd" >> $file + done + grep -Hv ^# $@ | while read line; do cmd=`echo $line | cut -f2- -d: | cut -f1 -d" "` - echo "!$cmd" > `echo $line | cut -f1 -d:` + file=`echo $line | cut -f1 -d:` + echo "!$cmd" > $file done } +reset_trigger() { # reset all current setting triggers + if [ -d events/synthetic ]; then + reset_trigger_file events/synthetic/*/trigger + fi + reset_trigger_file events/*/*/trigger +} + reset_events_filter() { # reset all current setting filters grep -v ^none events/*/*/filter | while read line; do -- 2.17.0

6 years, 6 months

1
0
0 0

[PATCH v2 1/3] x86/mm: disable ioremap free page handling on x86-PAE

by Toshi Kani

ioremap() supports pmd mappings on x86-PAE. However, kernel's pmd tables are not shared among processes on x86-PAE. Therefore, any update to sync'd pmd entries need re-syncing. Freeing a pte page also leads to a vmalloc fault and hits the BUG_ON in vmalloc_sync_one(). Disable free page handling on x86-PAE. pud_free_pmd_page() and pmd_free_pte_page() simply return 0 if a given pud/pmd entry is present. This assures that ioremap() does not update sync'd pmd entries at the cost of falling back to pte mappings. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Reported-by: Joerg Roedel <joro(a)8bytes.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/x86/mm/pgtable.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index ffc8c13c50e4..08cdd7c13619 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -715,6 +715,7 @@ int pmd_clear_huge(pmd_t *pmd) return 0; } +#ifdef CONFIG_X86_64 /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. @@ -762,4 +763,22 @@ int pmd_free_pte_page(pmd_t *pmd) return 1; } + +#else /* !CONFIG_X86_64 */ + +int pud_free_pmd_page(pud_t *pud, unsigned long addr) +{ + return pud_none(*pud); +} + +/* + * Disable free page handling on x86-PAE. This assures that ioremap() + * does not update sync'd pmd entries. See vmalloc_sync_one(). + */ +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) +{ + return pmd_none(*pmd); +} + +#endif /* CONFIG_X86_64 */ #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */

6 years, 6 months

3
2
0 0

[PATCH] bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n

by Coly Li

Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") returns the return value of debugfs_create_dir() to bcache_init(). When CONFIG_DEBUG_FS=n, bch_debug_init() always returns 1 and makes bcache_init() failedi. This patch makes bch_debug_init() always returns 0 if CONFIG_DEBUG_FS=n, so bcache can continue to work for the kernels which don't have debugfs enanbled. Fixes: Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Reported-by: Massimo B. <massimo.b(a)gmx.net> Reported-by: Kai Krakow <kai(a)kaishome.de> Cc: Kent Overstreet <kent.overstreet(a)gmail.com> --- drivers/md/bcache/bcache.h | 5 +++++ drivers/md/bcache/debug.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 3a0cfb237af9..5b3fe87f32ee 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -994,8 +994,13 @@ void bch_open_buckets_free(struct cache_set *); int bch_cache_allocator_start(struct cache *ca); +#ifdef CONFIG_DEBUG_FS void bch_debug_exit(void); int bch_debug_init(struct kobject *); +#else +static inline void bch_debug_exit(void) {}; +static inline int bch_debug_init(struct kobject *kobj) { return 0; }; +#endif void bch_request_exit(void); int bch_request_init(void); diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c index 4e63c6f6c04d..34a0ed4ed70c 100644 --- a/drivers/md/bcache/debug.c +++ b/drivers/md/bcache/debug.c @@ -240,8 +240,6 @@ void bch_debug_init_cache_set(struct cache_set *c) } } -#endif - void bch_debug_exit(void) { if (!IS_ERR_OR_NULL(bcache_debug)) @@ -254,3 +252,5 @@ int __init bch_debug_init(struct kobject *kobj) return IS_ERR_OR_NULL(bcache_debug); } + +#endif -- 2.16.3

6 years, 6 months

1
0
0 0

[PATCH 0/3] x86/platform/UV: Update Memory Block Size Setting

by mike.travis＠hpe.com

Update support for the UV kernel to accommodate Intel BIOS changes in NVDIMM alignment, which caused UV BIOS to align the memory boundaries on different blocks than the previous UV standard of 2GB. --

6 years, 6 months

4
10
0 0

[PATCH v3 1/4] ovl: use insert_inode_locked4() to hash a newly created inode

by Amir Goldstein

Currently, there is a small window where ovl_obtain_alias() can race with ovl_instantiate() and create two different overlay inodes with the same underlying real non-dir non-hardlink inode. The race requires an adversary to guess the file handle of the yet to be created upper inode and decode the guessed file handle after ovl_creat_real(), but before ovl_instantiate(). This patch fixes the race, by using insert_inode_locked4() to add a newly created inode to icache. If the newly created inode apears to already exist in icache (hashed by the same real upper inode), we export this error to user instead of silently not hashing the new inode. This race does not affect overlay directory inodes, because those are decoded via ovl_lookup_real() and not with ovl_obtain_alias(), so avoid using the new helper d_instantiate_new() to reduce backport dependencies. Backporting only makes sense for v4.16 where NFS export was introduced. Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: <stable(a)vger.kernel.org> #v4.16 Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> --- fs/overlayfs/dir.c | 24 ++++++++++++++++++------ fs/overlayfs/inode.c | 18 ++++++++++++++++++ fs/overlayfs/overlayfs.h | 1 + 3 files changed, 37 insertions(+), 6 deletions(-) diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 47dc980e8b33..62e6733b755c 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -183,14 +183,24 @@ static int ovl_set_opaque(struct dentry *dentry, struct dentry *upperdentry) } /* Common operations required to be done after creation of file on upper */ -static void ovl_instantiate(struct dentry *dentry, struct inode *inode, - struct dentry *newdentry, bool hardlink) +static int ovl_instantiate(struct dentry *dentry, struct inode *inode, + struct dentry *newdentry, bool hardlink) { ovl_dir_modified(dentry->d_parent, false); - ovl_copyattr(d_inode(newdentry), inode); ovl_dentry_set_upper_alias(dentry); if (!hardlink) { - ovl_inode_update(inode, newdentry); + int err; + + ovl_inode_init(inode, newdentry, NULL); + /* + * XXX: if we ever use ovl_obtain_alias() to decode directory + * file handles, need to use ovl_insert_inode_locked() and + * d_instantiate_new() here to prevent ovl_obtain_alias() + * from sneaking in before d_instantiate(). + */ + err = ovl_insert_inode(inode, d_inode(newdentry)); + if (err) + return err; } else { WARN_ON(ovl_inode_real(inode) != d_inode(newdentry)); dput(newdentry); @@ -200,6 +210,8 @@ static void ovl_instantiate(struct dentry *dentry, struct inode *inode, /* Force lookup of new upper hardlink to find its lower */ if (hardlink) d_drop(dentry); + + return 0; } static bool ovl_type_merge(struct dentry *dentry) @@ -238,7 +250,7 @@ static int ovl_create_upper(struct dentry *dentry, struct inode *inode, ovl_set_opaque(dentry, newdentry); } - ovl_instantiate(dentry, inode, newdentry, !!hardlink); + err = ovl_instantiate(dentry, inode, newdentry, !!hardlink); newdentry = NULL; out_dput: dput(newdentry); @@ -439,7 +451,7 @@ static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode, if (err) goto out_cleanup; } - ovl_instantiate(dentry, inode, newdentry, !!hardlink); + err = ovl_instantiate(dentry, inode, newdentry, !!hardlink); newdentry = NULL; out_dput2: dput(upper); diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 7abcf96e94fc..060c534998d1 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -741,6 +741,24 @@ static bool ovl_verify_inode(struct inode *inode, struct dentry *lowerdentry, return true; } +static int ovl_insert_inode_locked(struct inode *inode, struct inode *realinode) +{ + return insert_inode_locked4(inode, (unsigned long) realinode, + ovl_inode_test, realinode); +} + +int ovl_insert_inode(struct inode *inode, struct inode *realinode) +{ + int err; + + err = ovl_insert_inode_locked(inode, realinode); + if (err) + return err; + + unlock_new_inode(inode); + return 0; +} + struct inode *ovl_lookup_inode(struct super_block *sb, struct dentry *real, bool is_upper) { diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index caaa47cea2aa..642b25702092 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -343,6 +343,7 @@ int ovl_update_time(struct inode *inode, struct timespec *ts, int flags); bool ovl_is_private_xattr(const char *name); struct inode *ovl_new_inode(struct super_block *sb, umode_t mode, dev_t rdev); +int ovl_insert_inode(struct inode *inode, struct inode *realinode); struct inode *ovl_lookup_inode(struct super_block *sb, struct dentry *real, bool is_upper); struct inode *ovl_get_inode(struct super_block *sb, struct dentry *upperdentry, -- 2.7.4

6 years, 6 months

3
6
0 0

[PATCHES] Networking

by David Miller

Please queue up the following networking bug fixes for v4.14 and v4.16 -stable, respectively. Thanks!

6 years, 6 months

2
1
0 0

[PATCH 4.14 00/62] 4.14.41-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.41 release. There are 62 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed May 16 06:47:52 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.41-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.41-rc1 Anthoine Bourgeois <anthoine.bourgeois(a)blade-group.com> KVM: x86: remove APIC Timer periodic/oneshot spikes Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler Peter Zijlstra <peterz(a)infradead.org> perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] Peter Zijlstra <peterz(a)infradead.org> perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver Peter Zijlstra <peterz(a)infradead.org> perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr Peter Zijlstra <peterz(a)infradead.org> perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* Masami Hiramatsu <mhiramat(a)kernel.org> tracing/uprobe_event: Fix strncpy corner case Peter Zijlstra <peterz(a)infradead.org> sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] Steve French <smfrench(a)gmail.com> smb3: directory sync should not return an error Jens Axboe <axboe(a)kernel.dk> nvme: add quirk to force medium priority for SQ creation Marek Szyprowski <m.szyprowski(a)samsung.com> thermal: exynos: Propagate error value from tmu_read() Marek Szyprowski <m.szyprowski(a)samsung.com> thermal: exynos: Reading temperature makes sense only when TMU is turned on Hans de Goede <hdegoede(a)redhat.com> Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets Hans de Goede <hdegoede(a)redhat.com> Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table Hans de Goede <hdegoede(a)redhat.com> Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: schedutil: Avoid using invalid next_freq Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI / PM: Check device_may_wakeup() in pci_enable_wake() Kai Heng Feng <kai.heng.feng(a)canonical.com> PCI / PM: Always check PME wakeup capability for runtime wakeup support Gustavo A. R. Silva <gustavo(a)embeddedor.com> atm: zatm: Fix potential Spectre v1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> net: atm: Fix potential Spectre v1 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() Lyude Paul <lyude(a)redhat.com> drm/nouveau: Fix deadlock in nv50_mstm_register_connector() Florent Flament <contact(a)florentflament.com> drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log Boris Brezillon <boris.brezillon(a)bootlin.com> drm/vc4: Fix scaling of uni-planar formats Lukas Wunner <lukas(a)wunner.de> can: hi311x: Work around TX complete interrupt erratum Lukas Wunner <lukas(a)wunner.de> can: hi311x: Acquire SPI lock on ->do_get_berr_counter Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Ilya Dryomov <idryomov(a)gmail.com> ceph: fix rsize/wsize capping in ceph_direct_read_write() David Rientjes <rientjes(a)google.com> mm, oom: fix concurrent munlock and oom reaper unmap, v3 Pavel Tatashin <pasha.tatashin(a)oracle.com> mm: sections are not offlined during memory hotremove Vitaly Wool <vitalywool(a)gmail.com> z3fold: fix reclaim lock-ups Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix regex_match_front() to not over compare the test string Mikulas Patocka <mpatocka(a)redhat.com> dm integrity: use kvfree for kvmalloc'd memory Hans de Goede <hdegoede(a)redhat.com> libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Johan Hovold <johan(a)kernel.org> rfkill: gpio: fix memory leak in probe error path Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> gpio: fix error path in lineevent_create Govert Overgaauw <govert.overgaauw(a)prodrive-technologies.com> gpio: fix aspeed_gpio unmask irq Timur Tabi <timur(a)codeaurora.org> gpioib: do not free unrequested descriptors Jann Horn <jannh(a)google.com> compat: fix 4-byte infoleak via uninitialized struct field Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: Add work around for Arm Cortex-A55 Erratum 1024718 Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing Laurent Vivier <lvivier(a)redhat.com> KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry Jan Kara <jack(a)suse.cz> bdi: Fix oops in wb_workfn() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> bdi: wake up concurrent wb_shutdown() callers. Eric Dumazet <edumazet(a)google.com> tcp: fix TCP_REPAIR_QUEUE bound checking Jiri Olsa <jolsa(a)kernel.org> perf: Remove superfluous allocation error check Michal Hocko <mhocko(a)suse.com> memcg: fix per_node_info cleanup Eric Dumazet <edumazet(a)google.com> inetpeer: fix uninit-value in inet_getpeer Eric Dumazet <edumazet(a)google.com> soreuseport: initialise timewait reuseport field Eric Dumazet <edumazet(a)google.com> ipv4: fix uninit-value in ip_route_output_key_hash_rcu() Eric Dumazet <edumazet(a)google.com> dccp: initialize ireq->ir_mark Eric Dumazet <edumazet(a)google.com> net: fix uninit-value in __hw_addr_add_ex() Eric Dumazet <edumazet(a)google.com> net: initialize skb->peeked when cloning Eric Dumazet <edumazet(a)google.com> net: fix rtnh_ok() Eric Dumazet <edumazet(a)google.com> netlink: fix uninit-value in netlink_sendmsg Eric Dumazet <edumazet(a)google.com> crypto: af_alg - fix possible uninit-value in alg_bind() Tom Herbert <tom(a)quantonium.net> kcm: Call strp_stop before strp_done in kcm_attach Florian Westphal <fw(a)strlen.de> netfilter: ebtables: don't attempt to allocate 0-sized compat array Julian Anastasov <ja(a)ssi.bg> ipvs: fix rtnl_lock lockups caused by start_sync_thread ------------- Diffstat: Documentation/arm64/silicon-errata.txt | 1 + Makefile | 4 +- arch/arm64/Kconfig | 14 +++ arch/arm64/include/asm/assembler.h | 40 +++++++++ arch/arm64/include/asm/cputype.h | 2 + arch/arm64/mm/proc.S | 5 ++ arch/powerpc/kvm/book3s_64_mmu_radix.c | 72 +++++++++------ arch/powerpc/kvm/book3s_hv.c | 17 ++-- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 +- arch/x86/events/core.c | 8 +- arch/x86/events/intel/cstate.c | 2 + arch/x86/events/msr.c | 9 +- arch/x86/kvm/lapic.c | 37 ++++---- crypto/af_alg.c | 8 +- drivers/ata/libata-core.c | 3 + drivers/atm/zatm.c | 3 + drivers/bluetooth/btusb.c | 19 +++- drivers/gpio/gpio-aspeed.c | 2 +- drivers/gpio/gpiolib.c | 7 +- drivers/gpu/drm/drm_atomic.c | 8 ++ drivers/gpu/drm/i915/intel_lvds.c | 3 +- drivers/gpu/drm/nouveau/nv50_display.c | 7 +- drivers/gpu/drm/vc4/vc4_plane.c | 2 +- drivers/md/dm-integrity.c | 2 +- drivers/net/can/spi/hi311x.c | 11 ++- drivers/net/can/usb/kvaser_usb.c | 2 +- drivers/nvme/host/nvme.h | 5 ++ drivers/nvme/host/pci.c | 12 ++- drivers/pci/pci.c | 37 +++++--- drivers/thermal/samsung/exynos_tmu.c | 14 ++- fs/ceph/file.c | 10 +-- fs/cifs/cifsfs.c | 13 +++ fs/fs-writeback.c | 2 +- include/linux/oom.h | 2 + include/linux/wait_bit.h | 17 ++++ include/net/inet_timewait_sock.h | 1 + include/net/nexthop.h | 2 +- kernel/compat.c | 1 + kernel/events/callchain.c | 10 +-- kernel/events/ring_buffer.c | 7 +- kernel/sched/autogroup.c | 7 +- kernel/sched/cpufreq_schedutil.c | 3 +- kernel/trace/trace_events_filter.c | 3 + kernel/trace/trace_uprobe.c | 2 + mm/backing-dev.c | 2 +- mm/memcontrol.c | 3 + mm/mmap.c | 44 +++++---- mm/oom_kill.c | 74 ++++++++------- mm/sparse.c | 2 +- mm/z3fold.c | 42 ++++++--- net/atm/lec.c | 9 +- net/bridge/netfilter/ebtables.c | 11 +-- net/core/dev_addr_lists.c | 4 +- net/core/skbuff.c | 1 + net/dccp/ipv4.c | 1 + net/dccp/ipv6.c | 1 + net/ipv4/inet_timewait_sock.c | 1 + net/ipv4/inetpeer.c | 1 + net/ipv4/route.c | 11 +-- net/ipv4/tcp.c | 2 +- net/kcm/kcmsock.c | 1 + net/netfilter/ipvs/ip_vs_ctl.c | 8 -- net/netfilter/ipvs/ip_vs_sync.c | 155 ++++++++++++++++---------------- net/netlink/af_netlink.c | 2 + net/rfkill/rfkill-gpio.c | 7 +- 65 files changed, 543 insertions(+), 283 deletions(-)

6 years, 6 months

7
63
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2018