- Linux-stable-mirror - lists.linaro.org

[PATCH 4.9+] s390/mm: Check for valid vma before zapping in gmap_discard

by Janosch Frank

From: Janosch Frank <frankja(a)de.ibm.com> Userspace could have munmapped the area before doing unmapping from the gmap. This would leave us with a valid vmaddr, but an invalid vma from which we would try to zap memory. Let's check before using the vma. Fixes: 1e133ab296f3 ("s390/mm: split arch/s390/mm/pgtable.c") Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com> CC: stable(a)vger.kernel.org # 4.6+ --- arch/s390/mm/gmap.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c index cb2cd04..b6c85b7 100644 --- a/arch/s390/mm/gmap.c +++ b/arch/s390/mm/gmap.c @@ -686,6 +686,8 @@ void gmap_discard(struct gmap *gmap, unsigned long from, unsigned long to) vmaddr |= gaddr & ~PMD_MASK; /* Find vma in the parent mm */ vma = find_vma(gmap->mm, vmaddr); + if (!vma) + continue; size = min(to - gaddr, PMD_SIZE - (gaddr & ~PMD_MASK)); zap_page_range(vma, vmaddr, size, NULL); } -- 2.7.4

6 years, 10 months

2
2
0 0

[PATCH] [stable, netdev 4.4+] lan78xx: make sure RX_ADDRL & RX_ADDRH regs are always up to date

by Paolo Pisati

[partial backport upstream 760db29bdc97b73ff60b091315ad787b1deb5cf5] Upon invocation, lan78xx_init_mac_address() checks that the mac address present in the RX_ADDRL & RX_ADDRH registers is a valid address, if not, it first tries to read a new address from an external eeprom or the otp area, and in case both read fail (or the address read back is invalid), it randomly generates a new one. Unfortunately, due to the way the above logic is laid out, if both read_eeprom() and read_otp() fail, a new mac address is correctly generated but is never written back to RX_ADDRL & RX_ADDRH, leaving the chip in an incosistent state and with an invalid mac address (e.g. the nic appears to be completely dead, and doesn't receive any packet, etc): lan78xx_init_mac_address() ... if (lan78xx_read_eeprom(addr ...) || lan78xx_read_otp(addr ...)) { if (is_valid_ether_addr(addr) { // nop... } else { random_ether_addr(addr); } // correctly writes back the new address lan78xx_write_reg(RX_ADDRL, addr ...); lan78xx_write_reg(RX_ADDRH, addr ...); } else { // XXX if both eeprom and otp read fail, we land here and skip // XXX the RX_ADDRL & RX_ADDRH update completely random_ether_addr(addr); } This bug went unnoticed because lan78xx_read_otp() was buggy itself and would never fail, up until 4bfc338 "lan78xx: Correctly indicate invalid OTP" fixed it and as a side effect uncovered this bug. 4.18+ is fine, since the bug was implicitly fixed in 760db29 "lan78xx: Read MAC address from DT if present" when the address change logic was reorganized, but it's still present in all stable trees below that: linux-4.4.y, linux-4.9.y, linux-4.14.y, etc up to linux-4.18.y (not included). Signed-off-by: Paolo Pisati <p.pisati(a)gmail.com> --- drivers/net/usb/lan78xx.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c index 50e2e10a..114dc55 100644 --- a/drivers/net/usb/lan78xx.c +++ b/drivers/net/usb/lan78xx.c @@ -1660,13 +1660,6 @@ static void lan78xx_init_mac_address(struct lan78xx_net *dev) netif_dbg(dev, ifup, dev->net, "MAC address set to random addr"); } - - addr_lo = addr[0] | (addr[1] << 8) | - (addr[2] << 16) | (addr[3] << 24); - addr_hi = addr[4] | (addr[5] << 8); - - ret = lan78xx_write_reg(dev, RX_ADDRL, addr_lo); - ret = lan78xx_write_reg(dev, RX_ADDRH, addr_hi); } else { /* generate random MAC */ random_ether_addr(addr); @@ -1674,6 +1667,11 @@ static void lan78xx_init_mac_address(struct lan78xx_net *dev) "MAC address set to random addr"); } } + addr_lo = addr[0] | (addr[1] << 8) | (addr[2] << 16) | (addr[3] << 24); + addr_hi = addr[4] | (addr[5] << 8); + + ret = lan78xx_write_reg(dev, RX_ADDRL, addr_lo); + ret = lan78xx_write_reg(dev, RX_ADDRH, addr_hi); ret = lan78xx_write_reg(dev, MAF_LO(0), addr_lo); ret = lan78xx_write_reg(dev, MAF_HI(0), addr_hi | MAF_HI_VALID_); -- 2.7.4

6 years, 10 months

4
6
0 0

[For Stable] ima: re-introduce own integrity cache lock

by Aditya Kali

There is a deadlock on linux stable kernels (tested 4.9 and 4.14) when running an executable from an NFS mount when CONFIG_IMA is enabled (default IMA policy used). Repro steps (tested on debian 9 with 4.9 kernel and with 4.14 kernel): $ sudo mkdir -p /mnt/nfs $ sudo mount -o ro,exec,nolock <ip>:/vol /mnt/nfs/ # "test.sh" is an executable on the nfs volume $ /mnt/nfs/test.sh <deadlock> The following stack trace shows the deadlock. [ 2479.260272] bash D 0 25187 25140 0x00000080 [ 2479.267680] ffff93f4d9eec000 0000000000000000 ffff93f4dc211040 ffff93f4ffd18980 [ 2479.278602] ffff93f4dd8370c0 ffffbc2ac386b8f0 ffffffffbde0fed9 0000000000000000 [ 2479.288154] 0000000000000046 ffff93f4ffd18980 ffffffffbd8a2cda ffff93f4dc211040 [ 2479.297712] Call Trace: [ 2479.300311] [<ffffffffbde0fed9>] ? __schedule+0x239/0x6f0 [ 2479.306005] [<ffffffffbd8a2cda>] ? check_preempt_curr+0x7a/0x90 [ 2479.313524] [<ffffffffbde103c2>] ? schedule+0x32/0x80 [ 2479.318801] [<ffffffffbde12d30>] ? rwsem_down_read_failed+0xf0/0x150 [ 2479.326855] [<ffffffffbdb3f054>] ? call_rwsem_down_read_failed+0x14/0x30 [ 2479.333802] [<ffffffffbde125ec>] ? down_read+0x1c/0x30 [ 2479.340542] [<ffffffffc050b6b9>] ? nfs_start_io_read+0x19/0x70 [nfs] [ 2479.348529] [<ffffffffc0502c6f>] ? nfs_file_read+0x2f/0xa0 [nfs] [ 2479.354779] [<ffffffffbda06fed>] ? new_sync_read+0xdd/0x130 [ 2479.361981] [<ffffffffbdae2a43>] ? integrity_kernel_read+0x43/0x60 [ 2479.368606] [<ffffffffbdae484c>] ? ima_calc_file_hash+0x36c/0x710 [ 2479.376312] [<ffffffffbdae453b>] ? ima_calc_file_hash+0x5b/0x710 [ 2479.382550] [<ffffffffbd98aa86>] ? __alloc_pages_nodemask+0xf6/0x260 [ 2479.389124] [<ffffffffbdae5485>] ? ima_collect_measurement+0x145/0x1b0 [ 2479.397258] [<ffffffffbda2e7fb>] ? vfs_getxattr_alloc+0x5b/0x110 [ 2479.403490] [<ffffffffbdae3c73>] ? process_measurement+0x393/0x550 [ 2479.409913] [<ffffffffc04a177f>] ? generic_hash_cred+0x2f/0x60 [sunrpc] [ 2479.418138] [<ffffffffc04a19c0>] ? rpc_lookup_cred_nonblock+0x20/0x20 [sunrpc] [ 2479.426972] [<ffffffffc04a058a>] ? rpcauth_lookup_credcache+0x9a/0x2c0 [sunrpc] [ 2479.434520] [<ffffffffc0465230>] ? nfs3_proc_commit_setup+0x10/0x10 [nfsv3] [ 2479.443082] [<ffffffffc050717f>] ? nfs_attribute_cache_expired+0x2f/0x80 [nfs] [ 2479.450672] [<ffffffffc050749a>] ? nfs_revalidate_inode_rcu+0x1a/0x40 [nfs] [ 2479.459215] [<ffffffffc05002de>] ? nfs_do_access+0x29e/0x350 [nfs] [ 2479.467010] [<ffffffffbda0e13a>] ? search_binary_handler+0x2a/0x1c0 [ 2479.473651] [<ffffffffbda0f8fa>] ? do_execveat_common.isra.37+0x5aa/0x790 [ 2479.482055] [<ffffffffbda0fd05>] ? SyS_execve+0x35/0x40 [ 2479.487508] [<ffffffffbd803b7d>] ? do_syscall_64+0x8d/0xf0 [ 2479.494586] [<ffffffffbde14c4e>] ? entry_SYSCALL_64_after_swapgs+0x58/0xc6 Both process_measurement() and nfs_start_io_read() try to acquire the inode-lock: process_measurement() { ... inode_lock(inode); { down_write(&inode->i_rwsem); } ... nfs_start_io_read { ... down_read(&inode->i_rwsem); ... This deadlock is primarily fixed by following commit in linux master (since 4.15): 0d73a55208e94fc9fb6deaeea61438cd3280d4c0 ima: re-introduce own integrity cache lock The complete list of commits required (with clean cherry-picks) to fix the issue in 4.14 stable kernel is below: e2598077dc6a26c9644393e5c21f22a90dbdccdb ima: re-initialize iint->atomic_flags 0d73a55208e94fc9fb6deaeea61438cd3280d4c0 ima: re-introduce own integrity cache lock 50b977481fce90aa5fbda55e330b9d722733e358 EVM: Add support for portable signature format f3cc6b25dcc5616f0d5c720009b2ac66f97df2ff ima: always measure and audit files in policy For 4.9 kernel, one additional commit is required and there is a minor conflict resolution needed: 19339c251607a3defc7f089511ce8561936fee45 Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" Since the kernel deadlock is trivial to trigger for common default configurations, I would like to request cherry-picking the above commits to linux-stable branches 4.14 and 4.9. Thanks, -- Aditya

6 years, 10 months

2
1
0 0

[PATCH 4.9 00/71] 4.9.134-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.134 release. There are 71 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 18 17:05:18 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.134-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.134-rc1 Dan Carpenter <dan.carpenter(a)oracle.com> ipv4: frags: precedence bug in ip_expire() Taehee Yoo <ap420073(a)gmail.com> ip: frags: fix crash in ip_do_fragment() Peter Oskolkov <posk(a)google.com> ip: process in-order fragments efficiently Peter Oskolkov <posk(a)google.com> ip: add helpers to process in-order fragments faster. Peter Oskolkov <posk(a)google.com> ip: use rb trees for IP frag queue. Eric Dumazet <edumazet(a)google.com> net: add rb_to_skb() and other rb tree helpers Eric Dumazet <edumazet(a)google.com> net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends Florian Westphal <fw(a)strlen.de> ipv6: defrag: drop non-last frags smaller than min mtu Peter Oskolkov <posk(a)google.com> net: modify skb_rbtree_purge to return the truesize of all purged skbs. Eric Dumazet <edumazet(a)google.com> net: speed up skb_rbtree_purge() Peter Oskolkov <posk(a)google.com> ip: discard IPv4 datagrams with overlapping segments. Eric Dumazet <edumazet(a)google.com> inet: frags: fix ip6frag_low_thresh boundary Eric Dumazet <edumazet(a)google.com> inet: frags: get rid of ipfrag_skb_cb/FRAG_CB Eric Dumazet <edumazet(a)google.com> inet: frags: reorganize struct netns_frags Eric Dumazet <edumazet(a)google.com> rhashtable: reorganize struct rhashtable layout Eric Dumazet <edumazet(a)google.com> ipv6: frags: rewrite ip6_expire_frag_queue() Eric Dumazet <edumazet(a)google.com> inet: frags: do not clone skb in ip_expire() Eric Dumazet <edumazet(a)google.com> inet: frags: break the 2GB limit for frags storage Eric Dumazet <edumazet(a)google.com> inet: frags: remove inet_frag_maybe_warn_overflow() Eric Dumazet <edumazet(a)google.com> inet: frags: get rif of inet_frag_evicting() Eric Dumazet <edumazet(a)google.com> inet: frags: remove some helpers Eric Dumazet <edumazet(a)google.com> inet: frags: use rhashtables for reassembly units Eric Dumazet <edumazet(a)google.com> rhashtable: add schedule points Eric Dumazet <edumazet(a)google.com> ipv6: export ip6 fragments sysctl to unprivileged users Eric Dumazet <edumazet(a)google.com> inet: frags: refactor lowpan_net_frag_init() Eric Dumazet <edumazet(a)google.com> inet: frags: refactor ipv6_frag_init() Eric Dumazet <edumazet(a)google.com> inet: frags: refactor ipfrag_init() Eric Dumazet <edumazet(a)google.com> inet: frags: add a pointer to struct netns_frags Eric Dumazet <edumazet(a)google.com> inet: frags: change inet_frags_init_net() return value Eric Dumazet <edumazet(a)google.com> inet: make sure to grab rcu_read_lock before using ireq->ireq_opt Eric Dumazet <edumazet(a)google.com> tcp/dccp: fix lockdep issue when SYN is backlogged Eric Dumazet <edumazet(a)google.com> rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Fix wake-up interrupt race during resume Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Fix unbind ordering Ido Schimmel <idosch(a)mellanox.com> team: Forbid enslaving team device to itself Giacinto Cifelli <gciofono(a)gmail.com> qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Shahed Shaikh <shahed.shaikh(a)cavium.com> qlcnic: fix Tx descriptor corruption on 82xx devices Yu Zhao <yuzhao(a)google.com> net/usb: cancel pending work when unbinding smsc75xx Sean Tranchetti <stranche(a)codeaurora.org> netlabel: check for IPV4MASK in addrinfo_get Jeff Barnhill <0xeffeff(a)gmail.com> net/ipv6: Display all addresses in output of /proc/net/if_inet6 Sabrina Dubroca <sd(a)queasysnail.net> net: ipv4: update fnhe_pmtu when first hop's MTU changes Yunsheng Lin <linyunsheng(a)huawei.com> net: hns: fix for unmapping problem when SMMU is on Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Call setup during switch resume Wei Wang <weiwan(a)google.com> ipv6: take rcu lock in rawv6_send_hdrinc() Eric Dumazet <edumazet(a)google.com> ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() Paolo Abeni <pabeni(a)redhat.com> ip_tunnel: be careful when accessing the inner header Paolo Abeni <pabeni(a)redhat.com> ip6_tunnel: be careful when accessing the inner header Mahesh Bandewar <maheshb(a)google.com> bonding: avoid possible dead-lock Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix TX timeout during netpoll. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Don't print a warning when setting link state for disabled ports Edgar Cherkasov <echerkasov(a)dev.rtsoft.ru> i2c: i2c-scmi: fix for i2c_smbus_write_block_data Jan Kara <jack(a)suse.cz> mm: Preserve _PAGE_DEVMAP across mprotect() calls Adrian Hunter <adrian.hunter(a)intel.com> perf script python: Fix export-to-postgresql.py occasional failure Mikulas Patocka <mpatocka(a)redhat.com> mach64: detect the dot clock divider correctly on sparc Paul Burton <paul.burton(a)mips.com> MIPS: VDSO: Always map near top of user memory Jann Horn <jannh(a)google.com> mm/vmstat.c: fix outdated vmstat_text Daniel Rosenberg <drosen(a)google.com> ext4: Fix error code in ext4_xattr_set_entry() Amber Lin <Amber.Lin(a)amd.com> drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/kvm/lapic: always disable MMIO interface in x2APIC mode Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: at91: add new compatibility string for macb on sama5d3 Nicolas Ferre <nicolas.ferre(a)microchip.com> net: macb: disable scatter-gather for macb on sama5d3 Jongsung Kim <neidhard.kim(a)lge.com> stmmac: fix valid numbers of unicast filter entries Yu Zhao <yuzhao(a)google.com> sound: enable interrupt after dma buffer initialization Dan Carpenter <dan.carpenter(a)oracle.com> scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Laura Abbott <labbott(a)redhat.com> scsi: iscsi: target: Don't use stack buffer for scatterlist Tony Lindgren <tony(a)atomide.com> mfd: omap-usb-host: Fix dts probe of children Lei Yang <Lei.Yang(a)windriver.com> selftests: memory-hotplug: add required configs Lei Yang <Lei.Yang(a)windriver.com> selftests/efivarfs: add required kernel configs Danny Smith <danny.smith(a)axis.com> ASoC: sigmadsp: safeload should not have lower byte limit Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: wm8804: Add ACPI support ------------- Diffstat: Documentation/devicetree/bindings/net/macb.txt | 1 + Documentation/networking/ip-sysctl.txt | 13 +- Makefile | 4 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/mips/include/asm/processor.h | 10 +- arch/mips/kernel/process.c | 25 + arch/mips/kernel/vdso.c | 18 +- arch/powerpc/include/asm/book3s/64/pgtable.h | 4 +- arch/x86/include/asm/pgtable_types.h | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/i2c/busses/i2c-scmi.c | 1 + drivers/mfd/omap-usb-host.c | 11 +- drivers/net/bonding/bond_main.c | 43 +- drivers/net/dsa/bcm_sf2.c | 12 +- drivers/net/ethernet/broadcom/bcmsysport.c | 22 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 +- drivers/net/ethernet/cadence/macb.c | 8 + drivers/net/ethernet/hisilicon/hns/hnae.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 +- drivers/net/ethernet/marvell/mvpp2.c | 10 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 +- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 +- drivers/net/team/team.c | 5 + drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/smsc75xx.c | 1 + drivers/scsi/qla2xxx/qla_target.h | 4 +- drivers/target/iscsi/iscsi_target.c | 22 +- drivers/usb/host/xhci-hub.c | 18 +- drivers/video/fbdev/aty/atyfb.h | 3 +- drivers/video/fbdev/aty/atyfb_base.c | 7 +- drivers/video/fbdev/aty/mach64_ct.c | 10 +- fs/ext4/xattr.c | 2 +- include/linux/netdevice.h | 7 + include/linux/rhashtable.h | 4 +- include/linux/skbuff.h | 34 +- include/net/bonding.h | 7 +- include/net/inet_frag.h | 133 +++-- include/net/inet_sock.h | 6 - include/net/ip.h | 1 - include/net/ip_fib.h | 1 + include/net/ipv6.h | 26 +- include/uapi/linux/snmp.h | 1 + lib/rhashtable.c | 5 +- mm/vmstat.c | 1 - net/core/dev.c | 28 +- net/core/rtnetlink.c | 6 + net/core/skbuff.c | 31 +- net/dccp/input.c | 4 +- net/dccp/ipv4.c | 4 +- net/ieee802154/6lowpan/6lowpan_i.h | 26 +- net/ieee802154/6lowpan/reassembly.c | 148 +++--- net/ipv4/fib_frontend.c | 12 +- net/ipv4/fib_semantics.c | 50 ++ net/ipv4/inet_connection_sock.c | 5 +- net/ipv4/inet_fragment.c | 379 +++----------- net/ipv4/ip_fragment.c | 573 ++++++++++++--------- net/ipv4/ip_sockglue.c | 3 +- net/ipv4/ip_tunnel.c | 9 + net/ipv4/proc.c | 7 +- net/ipv4/tcp_input.c | 37 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ip6_tunnel.c | 13 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 100 ++-- net/ipv6/proc.c | 5 +- net/ipv6/raw.c | 29 +- net/ipv6/reassembly.c | 212 ++++---- net/netlabel/netlabel_unlabeled.c | 3 +- sound/hda/hdac_controller.c | 8 +- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 +- tools/perf/scripts/python/export-to-postgresql.py | 9 + tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/memory-hotplug/config | 1 + 80 files changed, 1185 insertions(+), 1133 deletions(-)

6 years, 10 months

6
81
0 0

[PATCH 4.4] namei: allow restricted O_CREAT of FIFOs and regular files

by Loic

Hello, Please picked up this patch for linux 4.4 (backported version). Indeed, this code will be beneficial to the GNU/Linux distributions that use a longterm kernel. Compiled/tested without problem. Thank. [ Upstream commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 ] From: Salvatore Mesoraca <s.mesoraca16(a)gmail.com> Date: Thu, 23 Aug 2018 17:00:35 -0700 Subject: namei: allow restricted O_CREAT of FIFOs and regular files Disallows open of FIFOs or regular files not owned by the user in world writable sticky directories, unless the owner is the same as that of the directory or the file is opened without the O_CREAT flag. The purpose is to make data spoofing attacks harder. This protection can be turned on and off separately for FIFOs and regular files via sysctl, just like the symlinks/hardlinks protection. This patch is based on Openwall's "HARDEN_FIFO" feature by Solar Designer. This is a brief list of old vulnerabilities that could have been prevented by this feature, some of them even allow for privilege escalation: CVE-2000-1134 CVE-2007-3852 CVE-2008-0525 CVE-2009-0416 CVE-2011-4834 CVE-2015-1838 CVE-2015-7442 CVE-2016-7489 This list is not meant to be complete. It's difficult to track down all vulnerabilities of this kind because they were often reported without any mention of this particular attack vector. In fact, before hardlinks/symlinks restrictions, fifos/regular files weren't the favorite vehicle to exploit them. [s.mesoraca16(a)gmail.com: fix bug reported by Dan Carpenter] Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda Link: http://lkml.kernel.org/r/1524829819-11275-1-git-send-email-s.mesoraca16@gma… [keescook(a)chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future] [keescook(a)chromium.org: adjust commit subjet] Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast Signed-off-by: Salvatore Mesoraca <s.mesoraca16(a)gmail.com> Signed-off-by: Kees Cook <keescook(a)chromium.org> Suggested-by: Solar Designer <solar(a)openwall.com> Suggested-by: Kees Cook <keescook(a)chromium.org> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Dan Carpenter <dan.carpenter(a)oracle.com> [backported to 4.4 by Loic] Cc: Loic <hackurx(a)opensec.fr> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> --- Documentation/sysctl/fs.txt | 36 ++++++++++++++++++++++++++++++ fs/namei.c | 53 ++++++++++++++++++++++++++++++++++++++++++--- include/linux/fs.h | 2 ++ kernel/sysctl.c | 18 +++++++++++++++ 4 files changed, 106 insertions(+), 3 deletions(-) diff -Nurp a/Documentation/sysctl/fs.txt b/Documentation/sysctl/fs.txt --- a/Documentation/sysctl/fs.txt 2018-10-20 09:52:38.000000000 +0200 +++ b/Documentation/sysctl/fs.txt 2018-10-23 18:08:20.398649373 +0200 @@ -34,7 +34,9 @@ Currently, these files are in /proc/sys/ - overflowgid - pipe-user-pages-hard - pipe-user-pages-soft +- protected_fifos - protected_hardlinks +- protected_regular - protected_symlinks - suid_dumpable - super-max @@ -182,6 +184,24 @@ applied. ============================================================== +protected_fifos: + +The intent of this protection is to avoid unintentional writes to +an attacker-controlled FIFO, where a program expected to create a regular +file. + +When set to "0", writing to FIFOs is unrestricted. + +When set to "1" don't allow O_CREAT open on FIFOs that we don't own +in world writable sticky directories, unless they are owned by the +owner of the directory. + +When set to "2" it also applies to group writable sticky directories. + +This protection is based on the restrictions in Openwall. + +============================================================== + protected_hardlinks: A long-standing class of security issues is the hardlink-based @@ -202,6 +222,22 @@ This protection is based on the restrict ============================================================== +protected_regular: + +This protection is similar to protected_fifos, but it +avoids writes to an attacker-controlled regular file, where a program +expected to create one. + +When set to "0", writing to regular files is unrestricted. + +When set to "1" don't allow O_CREAT open on regular files that we +don't own in world writable sticky directories, unless they are +owned by the owner of the directory. + +When set to "2" it also applies to group writable sticky directories. + +============================================================== + protected_symlinks: A long-standing class of security issues is the symlink-based diff -Nurp a/fs/namei.c b/fs/namei.c --- a/fs/namei.c 2018-10-20 09:52:38.000000000 +0200 +++ b/fs/namei.c 2018-10-23 18:09:35.450879869 +0200 @@ -869,6 +869,8 @@ static inline void put_link(struct namei int sysctl_protected_symlinks __read_mostly = 0; int sysctl_protected_hardlinks __read_mostly = 0; +int sysctl_protected_fifos __read_mostly; +int sysctl_protected_regular __read_mostly; /** * may_follow_link - Check symlink following for unsafe situations @@ -982,6 +984,45 @@ static int may_linkat(struct path *link) return -EPERM; } +/** + * may_create_in_sticky - Check whether an O_CREAT open in a sticky directory + * should be allowed, or not, on files that already + * exist. + * @dir: the sticky parent directory + * @inode: the inode of the file to open + * + * Block an O_CREAT open of a FIFO (or a regular file) when: + * - sysctl_protected_fifos (or sysctl_protected_regular) is enabled + * - the file already exists + * - we are in a sticky directory + * - we don't own the file + * - the owner of the directory doesn't own the file + * - the directory is world writable + * If the sysctl_protected_fifos (or sysctl_protected_regular) is set to 2 + * the directory doesn't have to be world writable: being group writable will + * be enough. + * + * Returns 0 if the open is allowed, -ve on error. + */ +static int may_create_in_sticky(struct dentry * const dir, + struct inode * const inode) +{ + if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) || + (!sysctl_protected_regular && S_ISREG(inode->i_mode)) || + likely(!(dir->d_inode->i_mode & S_ISVTX)) || + uid_eq(inode->i_uid, dir->d_inode->i_uid) || + uid_eq(current_fsuid(), inode->i_uid)) + return 0; + + if (likely(dir->d_inode->i_mode & 0002) || + (dir->d_inode->i_mode & 0020 && + ((sysctl_protected_fifos >= 2 && S_ISFIFO(inode->i_mode)) || + (sysctl_protected_regular >= 2 && S_ISREG(inode->i_mode))))) { + return -EACCES; + } + return 0; +} + static __always_inline const char *get_link(struct nameidata *nd) { @@ -3166,9 +3207,15 @@ finish_open: error = -ELOOP; goto out; } - error = -EISDIR; - if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) - goto out; + if (open_flag & O_CREAT) { + error = -EISDIR; + if (d_is_dir(nd->path.dentry)) + goto out; + error = may_create_in_sticky(dir, + d_backing_inode(nd->path.dentry)); + if (unlikely(error)) + goto out; + } error = -ENOTDIR; if ((nd->flags & LOOKUP_DIRECTORY) && !d_can_lookup(nd->path.dentry)) goto out; diff -Nurp a/include/linux/fs.h b/include/linux/fs.h --- a/include/linux/fs.h 2018-10-20 09:52:38.000000000 +0200 +++ b/include/linux/fs.h 2018-10-23 18:08:20.402649386 +0200 @@ -65,6 +65,8 @@ extern struct inodes_stat_t inodes_stat; extern int leases_enable, lease_break_time; extern int sysctl_protected_symlinks; extern int sysctl_protected_hardlinks; +extern int sysctl_protected_fifos; +extern int sysctl_protected_regular; struct buffer_head; typedef int (get_block_t)(struct inode *inode, sector_t iblock, diff -Nurp a/kernel/sysctl.c b/kernel/sysctl.c --- a/kernel/sysctl.c 2018-10-20 09:52:38.000000000 +0200 +++ b/kernel/sysctl.c 2018-10-23 18:08:20.402649386 +0200 @@ -1716,6 +1716,24 @@ static struct ctl_table fs_table[] = { .extra2 = &one, }, { + .procname = "protected_fifos", + .data = &sysctl_protected_fifos, + .maxlen = sizeof(int), + .mode = 0600, + .proc_handler = proc_dointvec_minmax, + .extra1 = &zero, + .extra2 = &two, + }, + { + .procname = "protected_regular", + .data = &sysctl_protected_regular, + .maxlen = sizeof(int), + .mode = 0600, + .proc_handler = proc_dointvec_minmax, + .extra1 = &zero, + .extra2 = &two, + }, + { .procname = "suid_dumpable", .data = &suid_dumpable, .maxlen = sizeof(int),

6 years, 10 months

3
3
0 0

media: ov5640: fix framerate update

by Adam Ford

Please apply 0929983e49c8 (media: ov5640: fix framerate update") to Linux 4.19.y stable along with the list of the following fixes in order from top to bottom. This fixes multiple issues in the 4.19 kernel and allows my imx6q to sample the ov5640 module and stream to the LCD. Thank you, Cc: <stable(a)vger.kernel.org> # 4.19.x: fb98e29ff1ea ("media: ov5640: fix mode change regression") Cc: <stable(a)vger.kernel.org> # 4.19.x: aa4bb8b8838 ("media: ov5640: Re-work MIPI startup sequence") Cc: <stable(a)vger.kernel.org> # 4.19.x: bad1774ed41 ("media: ov5640: Fix timings setup code") Cc: <stable(a)vger.kernel.org> # 4.19.x: dc29a1c187e ("media: ov5640: fix exposure regression") Cc: <stable(a)vger.kernel.org> # 4.19.x: 3cca8ef5f774 ("media: ov5640: fix auto gain & exposure when changing mode") Cc: <stable(a)vger.kernel.org> # 4.19.x: c2c3f42df4dd ("media: ov5640: fix wrong binning value in exposure") Cc: <stable(a)vger.kernel.org> # 4.19.x: a8f438c684ea ("media: ov5640: fix auto controls values when switching to") Cc: <stable(a)vger.kernel.org> # 4.19.x: 985cdcb08a04 ("media: ov5640: fix restore of last mode set") Signed-off-by: Adam Ford <aford173(a)gmail.com>

6 years, 10 months

2
1
0 0

[PATCH RCU -stable] Make need_resched() respond to urgent RCU-QS needs

by Paul E. McKenney

commit 92aa39e9dc77 upstream. The per-CPU rcu_dynticks.rcu_urgent_qs variable communicates an urgent need for an RCU quiescent state from the force-quiescent-state processing within the grace-period kthread to context switches and to cond_resched(). Unfortunately, such urgent needs are not communicated to need_resched(), which is sometimes used to decide when to invoke cond_resched(), for but one example, within the KVM vcpu_run() function. As of v4.15, this can result in synchronize_sched() being delayed by up to ten seconds, which can be problematic, to say nothing of annoying. This commit therefore checks rcu_dynticks.rcu_urgent_qs from within rcu_check_callbacks(), which is invoked from the scheduling-clock interrupt handler. If the current task is not an idle task and is not executing in usermode, a context switch is forced, and either way, the rcu_dynticks.rcu_urgent_qs variable is set to false. If the current task is an idle task, then RCU's dyntick-idle code will detect the quiescent state, so no further action is required. Similarly, if the task is executing in usermode, other code in rcu_check_callbacks() and its called functions will report the corresponding quiescent state. Reported-by: Marius Hillenbrand <mhillenb(a)amazon.de> Reported-by: David Woodhouse <dwmw2(a)infradead.org> Suggested-by: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> [ paulmck: Backported to make patch apply cleanly on older versions. ] Tested-by: Marius Hillenbrand <mhillenb(a)amazon.de> Cc: <stable(a)vger.kernel.org> # 4.12.x - 4.19.x diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c index 0b760c1369f7..15301ed19da6 100644 --- a/kernel/rcu/tree.c +++ b/kernel/rcu/tree.c @@ -2662,6 +2662,15 @@ void rcu_check_callbacks(int user) rcu_bh_qs(); } rcu_preempt_check_callbacks(); + /* The load-acquire pairs with the store-release setting to true. */ + if (smp_load_acquire(this_cpu_ptr(&rcu_dynticks.rcu_urgent_qs))) { + /* Idle and userspace execution already are quiescent states. */ + if (!rcu_is_cpu_rrupt_from_idle() && !user) { + set_tsk_need_resched(current); + set_preempt_need_resched(); + } + __this_cpu_write(rcu_dynticks.rcu_urgent_qs, false); + } if (rcu_pending()) invoke_rcu_core();

6 years, 10 months

2
1
0 0

[PATCH] namei: allow restricted O_CREAT of FIFOs and regular files

by Loic

Hello, Please picked up this patch for linux 4.9 and 4.14 (linux 4.4 needs a small modification). Indeed, this code will be beneficial to the GNU/Linux distributions that use a longterm kernel. Compiled/tested without problem. Thank. [ Upstream commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 ] From: Salvatore Mesoraca <s.mesoraca16(a)gmail.com> Date: Thu, 23 Aug 2018 17:00:35 -0700 Subject: namei: allow restricted O_CREAT of FIFOs and regular files Disallows open of FIFOs or regular files not owned by the user in world writable sticky directories, unless the owner is the same as that of the directory or the file is opened without the O_CREAT flag. The purpose is to make data spoofing attacks harder. This protection can be turned on and off separately for FIFOs and regular files via sysctl, just like the symlinks/hardlinks protection. This patch is based on Openwall's "HARDEN_FIFO" feature by Solar Designer. This is a brief list of old vulnerabilities that could have been prevented by this feature, some of them even allow for privilege escalation: CVE-2000-1134 CVE-2007-3852 CVE-2008-0525 CVE-2009-0416 CVE-2011-4834 CVE-2015-1838 CVE-2015-7442 CVE-2016-7489 This list is not meant to be complete. It's difficult to track down all vulnerabilities of this kind because they were often reported without any mention of this particular attack vector. In fact, before hardlinks/symlinks restrictions, fifos/regular files weren't the favorite vehicle to exploit them. [s.mesoraca16(a)gmail.com: fix bug reported by Dan Carpenter] Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda Link: http://lkml.kernel.org/r/1524829819-11275-1-git-send-email-s.mesoraca16@gma… [keescook(a)chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future] [keescook(a)chromium.org: adjust commit subjet] Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast Signed-off-by: Salvatore Mesoraca <s.mesoraca16(a)gmail.com> Signed-off-by: Kees Cook <keescook(a)chromium.org> Suggested-by: Solar Designer <solar(a)openwall.com> Suggested-by: Kees Cook <keescook(a)chromium.org> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> --- Documentation/sysctl/fs.txt | 36 ++++++++++++++++++++++++++++++ fs/namei.c | 53 ++++++++++++++++++++++++++++++++++++++++++--- include/linux/fs.h | 2 ++ kernel/sysctl.c | 18 +++++++++++++++ 4 files changed, 106 insertions(+), 3 deletions(-) diff --git a/Documentation/sysctl/fs.txt b/Documentation/sysctl/fs.txt index 6c00c1e2743f..819caf8ca05f 100644 --- a/Documentation/sysctl/fs.txt +++ b/Documentation/sysctl/fs.txt @@ -34,7 +34,9 @@ Currently, these files are in /proc/sys/fs: - overflowgid - pipe-user-pages-hard - pipe-user-pages-soft +- protected_fifos - protected_hardlinks +- protected_regular - protected_symlinks - suid_dumpable - super-max @@ -182,6 +184,24 @@ applied. ============================================================== +protected_fifos: + +The intent of this protection is to avoid unintentional writes to +an attacker-controlled FIFO, where a program expected to create a regular +file. + +When set to "0", writing to FIFOs is unrestricted. + +When set to "1" don't allow O_CREAT open on FIFOs that we don't own +in world writable sticky directories, unless they are owned by the +owner of the directory. + +When set to "2" it also applies to group writable sticky directories. + +This protection is based on the restrictions in Openwall. + +============================================================== + protected_hardlinks: A long-standing class of security issues is the hardlink-based @@ -202,6 +222,22 @@ This protection is based on the restrictions in Openwall and grsecurity. ============================================================== +protected_regular: + +This protection is similar to protected_fifos, but it +avoids writes to an attacker-controlled regular file, where a program +expected to create one. + +When set to "0", writing to regular files is unrestricted. + +When set to "1" don't allow O_CREAT open on regular files that we +don't own in world writable sticky directories, unless they are +owned by the owner of the directory. + +When set to "2" it also applies to group writable sticky directories. + +============================================================== + protected_symlinks: A long-standing class of security issues is the symlink-based diff --git a/fs/namei.c b/fs/namei.c index ae6aa9ae757c..0cab6494978c 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -887,6 +887,8 @@ static inline void put_link(struct nameidata *nd) int sysctl_protected_symlinks __read_mostly = 0; int sysctl_protected_hardlinks __read_mostly = 0; +int sysctl_protected_fifos __read_mostly; +int sysctl_protected_regular __read_mostly; /** * may_follow_link - Check symlink following for unsafe situations @@ -1003,6 +1005,45 @@ static int may_linkat(struct path *link) return -EPERM; } +/** + * may_create_in_sticky - Check whether an O_CREAT open in a sticky directory + * should be allowed, or not, on files that already + * exist. + * @dir: the sticky parent directory + * @inode: the inode of the file to open + * + * Block an O_CREAT open of a FIFO (or a regular file) when: + * - sysctl_protected_fifos (or sysctl_protected_regular) is enabled + * - the file already exists + * - we are in a sticky directory + * - we don't own the file + * - the owner of the directory doesn't own the file + * - the directory is world writable + * If the sysctl_protected_fifos (or sysctl_protected_regular) is set to 2 + * the directory doesn't have to be world writable: being group writable will + * be enough. + * + * Returns 0 if the open is allowed, -ve on error. + */ +static int may_create_in_sticky(struct dentry * const dir, + struct inode * const inode) +{ + if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) || + (!sysctl_protected_regular && S_ISREG(inode->i_mode)) || + likely(!(dir->d_inode->i_mode & S_ISVTX)) || + uid_eq(inode->i_uid, dir->d_inode->i_uid) || + uid_eq(current_fsuid(), inode->i_uid)) + return 0; + + if (likely(dir->d_inode->i_mode & 0002) || + (dir->d_inode->i_mode & 0020 && + ((sysctl_protected_fifos >= 2 && S_ISFIFO(inode->i_mode)) || + (sysctl_protected_regular >= 2 && S_ISREG(inode->i_mode))))) { + return -EACCES; + } + return 0; +} + static __always_inline const char *get_link(struct nameidata *nd) { @@ -3348,9 +3389,15 @@ finish_open: if (error) return error; audit_inode(nd->name, nd->path.dentry, 0); - error = -EISDIR; - if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) - goto out; + if (open_flag & O_CREAT) { + error = -EISDIR; + if (d_is_dir(nd->path.dentry)) + goto out; + error = may_create_in_sticky(dir, + d_backing_inode(nd->path.dentry)); + if (unlikely(error)) + goto out; + } error = -ENOTDIR; if ((nd->flags & LOOKUP_DIRECTORY) && !d_can_lookup(nd->path.dentry)) goto out; diff --git a/include/linux/fs.h b/include/linux/fs.h index e5710541183b..33322702c910 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -74,6 +74,8 @@ extern struct inodes_stat_t inodes_stat; extern int leases_enable, lease_break_time; extern int sysctl_protected_symlinks; extern int sysctl_protected_hardlinks; +extern int sysctl_protected_fifos; +extern int sysctl_protected_regular; typedef __kernel_rwf_t rwf_t; diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 71ceb6c13c1a..cc02050fd0c4 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1807,6 +1807,24 @@ static struct ctl_table fs_table[] = { .extra1 = &zero, .extra2 = &one, }, + { + .procname = "protected_fifos", + .data = &sysctl_protected_fifos, + .maxlen = sizeof(int), + .mode = 0600, + .proc_handler = proc_dointvec_minmax, + .extra1 = &zero, + .extra2 = &two, + }, + { + .procname = "protected_regular", + .data = &sysctl_protected_regular, + .maxlen = sizeof(int), + .mode = 0600, + .proc_handler = proc_dointvec_minmax, + .extra1 = &zero, + .extra2 = &two, + }, { .procname = "suid_dumpable", .data = &suid_dumpable, -- cgit 1.2-0.3.lf.el7

6 years, 10 months

4
8
0 0

[PATCH] gfs2: Fix iomap buffer head reference counting bug

by Andreas Gruenbacher

commit c26b5aa8ef0d46035060fded475e6ab957b9f69f upstream. GFS2 passes the inode buffer head (dibh) from gfs2_iomap_begin to gfs2_iomap_end in iomap->private. It sets that private pointer in gfs2_iomap_get. Users of gfs2_iomap_get other than gfs2_iomap_begin would have to release iomap->private, but this isn't done correctly, leading to a leak of buffer head references. To fix this, move the code for setting iomap->private from gfs2_iomap_get to gfs2_iomap_begin. Fixes: 64bc06bb32 ("gfs2: iomap buffered write support") Cc: stable(a)vger.kernel.org # v4.19 Signed-off-by: Andreas Gruenbacher <agruenba(a)redhat.com> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> --- fs/gfs2/bmap.c | 40 +++++++++++++++++----------------------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/fs/gfs2/bmap.c b/fs/gfs2/bmap.c index 84544a4f012d..be9cc9a388a6 100644 --- a/fs/gfs2/bmap.c +++ b/fs/gfs2/bmap.c @@ -826,7 +826,7 @@ static int gfs2_iomap_get(struct inode *inode, loff_t pos, loff_t length, ret = gfs2_meta_inode_buffer(ip, &dibh); if (ret) goto unlock; - iomap->private = dibh; + mp->mp_bh[0] = dibh; if (gfs2_is_stuffed(ip)) { if (flags & IOMAP_WRITE) { @@ -863,9 +863,6 @@ static int gfs2_iomap_get(struct inode *inode, loff_t pos, loff_t length, len = lblock_stop - lblock + 1; iomap->length = len << inode->i_blkbits; - get_bh(dibh); - mp->mp_bh[0] = dibh; - height = ip->i_height; while ((lblock + 1) * sdp->sd_sb.sb_bsize > sdp->sd_heightsize[height]) height++; @@ -898,8 +895,6 @@ static int gfs2_iomap_get(struct inode *inode, loff_t pos, loff_t length, iomap->bdev = inode->i_sb->s_bdev; unlock: up_read(&ip->i_rw_mutex); - if (ret && dibh) - brelse(dibh); return ret; do_alloc: @@ -980,9 +975,9 @@ static void gfs2_iomap_journaled_page_done(struct inode *inode, loff_t pos, static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, loff_t length, unsigned flags, - struct iomap *iomap) + struct iomap *iomap, + struct metapath *mp) { - struct metapath mp = { .mp_aheight = 1, }; struct gfs2_inode *ip = GFS2_I(inode); struct gfs2_sbd *sdp = GFS2_SB(inode); unsigned int data_blocks = 0, ind_blocks = 0, rblocks; @@ -996,9 +991,9 @@ static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, unstuff = gfs2_is_stuffed(ip) && pos + length > gfs2_max_stuffed_size(ip); - ret = gfs2_iomap_get(inode, pos, length, flags, iomap, &mp); + ret = gfs2_iomap_get(inode, pos, length, flags, iomap, mp); if (ret) - goto out_release; + goto out_unlock; alloc_required = unstuff || iomap->type == IOMAP_HOLE; @@ -1013,7 +1008,7 @@ static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, ret = gfs2_quota_lock_check(ip, &ap); if (ret) - goto out_release; + goto out_unlock; ret = gfs2_inplace_reserve(ip, &ap); if (ret) @@ -1038,17 +1033,15 @@ static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, ret = gfs2_unstuff_dinode(ip, NULL); if (ret) goto out_trans_end; - release_metapath(&mp); - brelse(iomap->private); - iomap->private = NULL; + release_metapath(mp); ret = gfs2_iomap_get(inode, iomap->offset, iomap->length, - flags, iomap, &mp); + flags, iomap, mp); if (ret) goto out_trans_end; } if (iomap->type == IOMAP_HOLE) { - ret = gfs2_iomap_alloc(inode, iomap, flags, &mp); + ret = gfs2_iomap_alloc(inode, iomap, flags, mp); if (ret) { gfs2_trans_end(sdp); gfs2_inplace_release(ip); @@ -1056,7 +1049,6 @@ static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, goto out_qunlock; } } - release_metapath(&mp); if (!gfs2_is_stuffed(ip) && gfs2_is_jdata(ip)) iomap->page_done = gfs2_iomap_journaled_page_done; return 0; @@ -1069,10 +1061,7 @@ static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, out_qunlock: if (alloc_required) gfs2_quota_unlock(ip); -out_release: - if (iomap->private) - brelse(iomap->private); - release_metapath(&mp); +out_unlock: gfs2_write_unlock(inode); return ret; } @@ -1088,10 +1077,10 @@ static int gfs2_iomap_begin(struct inode *inode, loff_t pos, loff_t length, trace_gfs2_iomap_start(ip, pos, length, flags); if ((flags & IOMAP_WRITE) && !(flags & IOMAP_DIRECT)) { - ret = gfs2_iomap_begin_write(inode, pos, length, flags, iomap); + ret = gfs2_iomap_begin_write(inode, pos, length, flags, iomap, &mp); } else { ret = gfs2_iomap_get(inode, pos, length, flags, iomap, &mp); - release_metapath(&mp); + /* * Silently fall back to buffered I/O for stuffed files or if * we've hot a hole (see gfs2_file_direct_write). @@ -1100,6 +1089,11 @@ static int gfs2_iomap_begin(struct inode *inode, loff_t pos, loff_t length, iomap->type != IOMAP_MAPPED) ret = -ENOTBLK; } + if (!ret) { + get_bh(mp.mp_bh[0]); + iomap->private = mp.mp_bh[0]; + } + release_metapath(&mp); trace_gfs2_iomap_end(ip, iomap, ret); return ret; } -- 2.19.1.546.g028f9c799.dirty

6 years, 10 months

2
1
0 0

FAILED: patch "[PATCH] btrfs: Ensure btrfs_trim_fs can trim the whole filesystem" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6ba9fc8e628becf0e3ec94083450d089b0dec5f5 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Fri, 7 Sep 2018 14:16:24 +0800 Subject: [PATCH] btrfs: Ensure btrfs_trim_fs can trim the whole filesystem [BUG] fstrim on some btrfs only trims the unallocated space, not trimming any space in existing block groups. [CAUSE] Before fstrim_range passed to btrfs_trim_fs(), it gets truncated to range [0, super->total_bytes). So later btrfs_trim_fs() will only be able to trim block groups in range [0, super->total_bytes). While for btrfs, any bytenr aligned to sectorsize is valid, since btrfs uses its logical address space, there is nothing limiting the location where we put block groups. For filesystem with frequent balance, it's quite easy to relocate all block groups and bytenr of block groups will start beyond super->total_bytes. In that case, btrfs will not trim existing block groups. [FIX] Just remove the truncation in btrfs_ioctl_fitrim(), so btrfs_trim_fs() can get the unmodified range, which is normally set to [0, U64_MAX]. Reported-by: Chris Murphy <lists(a)colorremedies.com> Fixes: f4c697e6406d ("btrfs: return EINVAL if start > total_bytes in fitrim ioctl") CC: <stable(a)vger.kernel.org> # v4.4+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 5dbb3f713125..da3257585e29 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -10851,21 +10851,13 @@ int btrfs_trim_fs(struct btrfs_fs_info *fs_info, struct fstrim_range *range) u64 start; u64 end; u64 trimmed = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); u64 bg_failed = 0; u64 dev_failed = 0; int bg_ret = 0; int dev_ret = 0; int ret = 0; - /* - * try to trim all FS space, our block group may start from non-zero. - */ - if (range->len == total_bytes) - cache = btrfs_lookup_first_block_group(fs_info, range->start); - else - cache = btrfs_lookup_block_group(fs_info, range->start); - + cache = btrfs_lookup_first_block_group(fs_info, range->start); for (; cache; cache = next_block_group(fs_info, cache)) { if (cache->key.objectid >= (range->start + range->len)) { btrfs_put_block_group(cache); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 4905d13dee0a..a990a9045139 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -491,7 +491,6 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) struct fstrim_range range; u64 minlen = ULLONG_MAX; u64 num_devices = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); int ret; if (!capable(CAP_SYS_ADMIN)) @@ -515,11 +514,15 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) return -EOPNOTSUPP; if (copy_from_user(&range, arg, sizeof(range))) return -EFAULT; - if (range.start > total_bytes || - range.len < fs_info->sb->s_blocksize) + + /* + * NOTE: Don't truncate the range using super->total_bytes. Bytenr of + * block group is in the logical address space, which can be any + * sectorsize aligned bytenr in the range [0, U64_MAX]. + */ + if (range.len < fs_info->sb->s_blocksize) return -EINVAL; - range.len = min(range.len, total_bytes - range.start); range.minlen = max(range.minlen, minlen); ret = btrfs_trim_fs(fs_info, &range); if (ret < 0)

6 years, 10 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror