- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "afs: Migrate vlocation fields to 64-bit" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Migrate vlocation fields to 64-bit to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-migrate-vlocation-fields-to-64-bit.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:34 CET 2017 From: Tina Ruchandani <ruchandani.tina(a)gmail.com> Date: Thu, 16 Mar 2017 16:27:46 +0000 Subject: afs: Migrate vlocation fields to 64-bit From: Tina Ruchandani <ruchandani.tina(a)gmail.com> [ Upstream commit 8a79790bf0b7da216627ffb85f52cfb4adbf1e4e ] get_seconds() returns real wall-clock seconds. On 32-bit systems this value will overflow in year 2038 and beyond. This patch changes afs's vlocation record to use ktime_get_real_seconds() instead, for the fields time_of_death and update_at. Signed-off-by: Tina Ruchandani <ruchandani.tina(a)gmail.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/callback.c | 7 ++++--- fs/afs/internal.h | 7 ++++--- fs/afs/server.c | 6 +++--- fs/afs/vlocation.c | 16 +++++++++------- 4 files changed, 20 insertions(+), 16 deletions(-) --- a/fs/afs/callback.c +++ b/fs/afs/callback.c @@ -362,7 +362,7 @@ static void afs_callback_updater(struct { struct afs_server *server; struct afs_vnode *vnode, *xvnode; - time_t now; + time64_t now; long timeout; int ret; @@ -370,7 +370,7 @@ static void afs_callback_updater(struct _enter(""); - now = get_seconds(); + now = ktime_get_real_seconds(); /* find the first vnode to update */ spin_lock(&server->cb_lock); @@ -424,7 +424,8 @@ static void afs_callback_updater(struct /* and then reschedule */ _debug("reschedule"); - vnode->update_at = get_seconds() + afs_vnode_update_timeout; + vnode->update_at = ktime_get_real_seconds() + + afs_vnode_update_timeout; spin_lock(&server->cb_lock); --- a/fs/afs/internal.h +++ b/fs/afs/internal.h @@ -11,6 +11,7 @@ #include <linux/compiler.h> #include <linux/kernel.h> +#include <linux/ktime.h> #include <linux/fs.h> #include <linux/pagemap.h> #include <linux/rxrpc.h> @@ -245,7 +246,7 @@ struct afs_cache_vhash { */ struct afs_vlocation { atomic_t usage; - time_t time_of_death; /* time at which put reduced usage to 0 */ + time64_t time_of_death; /* time at which put reduced usage to 0 */ struct list_head link; /* link in cell volume location list */ struct list_head grave; /* link in master graveyard list */ struct list_head update; /* link in master update list */ @@ -256,7 +257,7 @@ struct afs_vlocation { struct afs_cache_vlocation vldb; /* volume information DB record */ struct afs_volume *vols[3]; /* volume access record pointer (index by type) */ wait_queue_head_t waitq; /* status change waitqueue */ - time_t update_at; /* time at which record should be updated */ + time64_t update_at; /* time at which record should be updated */ spinlock_t lock; /* access lock */ afs_vlocation_state_t state; /* volume location state */ unsigned short upd_rej_cnt; /* ENOMEDIUM count during update */ @@ -269,7 +270,7 @@ struct afs_vlocation { */ struct afs_server { atomic_t usage; - time_t time_of_death; /* time at which put reduced usage to 0 */ + time64_t time_of_death; /* time at which put reduced usage to 0 */ struct in_addr addr; /* server address */ struct afs_cell *cell; /* cell in which server resides */ struct list_head link; /* link in cell's server list */ --- a/fs/afs/server.c +++ b/fs/afs/server.c @@ -242,7 +242,7 @@ void afs_put_server(struct afs_server *s spin_lock(&afs_server_graveyard_lock); if (atomic_read(&server->usage) == 0) { list_move_tail(&server->grave, &afs_server_graveyard); - server->time_of_death = get_seconds(); + server->time_of_death = ktime_get_real_seconds(); queue_delayed_work(afs_wq, &afs_server_reaper, afs_server_timeout * HZ); } @@ -277,9 +277,9 @@ static void afs_reap_server(struct work_ LIST_HEAD(corpses); struct afs_server *server; unsigned long delay, expiry; - time_t now; + time64_t now; - now = get_seconds(); + now = ktime_get_real_seconds(); spin_lock(&afs_server_graveyard_lock); while (!list_empty(&afs_server_graveyard)) { --- a/fs/afs/vlocation.c +++ b/fs/afs/vlocation.c @@ -340,7 +340,8 @@ static void afs_vlocation_queue_for_upda struct afs_vlocation *xvl; /* wait at least 10 minutes before updating... */ - vl->update_at = get_seconds() + afs_vlocation_update_timeout; + vl->update_at = ktime_get_real_seconds() + + afs_vlocation_update_timeout; spin_lock(&afs_vlocation_updates_lock); @@ -506,7 +507,7 @@ void afs_put_vlocation(struct afs_vlocat if (atomic_read(&vl->usage) == 0) { _debug("buried"); list_move_tail(&vl->grave, &afs_vlocation_graveyard); - vl->time_of_death = get_seconds(); + vl->time_of_death = ktime_get_real_seconds(); queue_delayed_work(afs_wq, &afs_vlocation_reap, afs_vlocation_timeout * HZ); @@ -543,11 +544,11 @@ static void afs_vlocation_reaper(struct LIST_HEAD(corpses); struct afs_vlocation *vl; unsigned long delay, expiry; - time_t now; + time64_t now; _enter(""); - now = get_seconds(); + now = ktime_get_real_seconds(); spin_lock(&afs_vlocation_graveyard_lock); while (!list_empty(&afs_vlocation_graveyard)) { @@ -622,13 +623,13 @@ static void afs_vlocation_updater(struct { struct afs_cache_vlocation vldb; struct afs_vlocation *vl, *xvl; - time_t now; + time64_t now; long timeout; int ret; _enter(""); - now = get_seconds(); + now = ktime_get_real_seconds(); /* find a record to update */ spin_lock(&afs_vlocation_updates_lock); @@ -684,7 +685,8 @@ static void afs_vlocation_updater(struct /* and then reschedule */ _debug("reschedule"); - vl->update_at = get_seconds() + afs_vlocation_update_timeout; + vl->update_at = ktime_get_real_seconds() + + afs_vlocation_update_timeout; spin_lock(&afs_vlocation_updates_lock); Patches currently in stable-queue which might be from ruchandani.tina(a)gmail.com are queue-4.9/afs-prevent-callback-expiry-timer-overflow.patch queue-4.9/afs-migrate-vlocation-fields-to-64-bit.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Invalid op ID should abort with RXGEN_OPCODE" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Invalid op ID should abort with RXGEN_OPCODE to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-invalid-op-id-should-abort-with-rxgen_opcode.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:34 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:47 +0000 Subject: afs: Invalid op ID should abort with RXGEN_OPCODE From: David Howells <dhowells(a)redhat.com> [ Upstream commit 1157f153f37a8586765034470e4f00a4a6c4ce6f ] When we are given an invalid operation ID, we should abort that with RXGEN_OPCODE rather than RX_INVALID_OPERATION. Also map RXGEN_OPCODE to -ENOTSUPP. Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/misc.c | 2 ++ fs/afs/rxrpc.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) --- a/fs/afs/misc.c +++ b/fs/afs/misc.c @@ -84,6 +84,8 @@ int afs_abort_to_error(u32 abort_code) case RXKADDATALEN: return -EKEYREJECTED; case RXKADILLEGALLEVEL: return -EKEYREJECTED; + case RXGEN_OPCODE: return -ENOTSUPP; + default: return -EREMOTEIO; } } --- a/fs/afs/rxrpc.c +++ b/fs/afs/rxrpc.c @@ -440,7 +440,7 @@ static void afs_deliver_to_call(struct a abort_code, -ret, "KNC"); goto do_abort; case -ENOTSUPP: - abort_code = RX_INVALID_OPERATION; + abort_code = RXGEN_OPCODE; rxrpc_kernel_abort_call(afs_socket, call->rxcall, abort_code, -ret, "KIV"); goto do_abort; Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.9/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.9/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.9/afs-populate-group-id-from-vnode-status.patch queue-4.9/afs-prevent-callback-expiry-timer-overflow.patch queue-4.9/crypto-rsa-fix-buffer-overread-when-stripping-leading-zeroes.patch queue-4.9/afs-adjust-mode-bits-processing.patch queue-4.9/rxrpc-wake-up-the-transmitter-if-rx-window-size-increases-on-the-peer.patch queue-4.9/afs-invalid-op-id-should-abort-with-rxgen_opcode.patch queue-4.9/afs-fix-page-leak-in-afs_write_begin.patch queue-4.9/afs-better-abort-and-net-error-handling.patch queue-4.9/afs-fix-missing-put_page.patch queue-4.9/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.9/rxrpc-ignore-busy-packets-on-old-calls.patch queue-4.9/afs-populate-and-use-client-modification-time.patch queue-4.9/afs-fix-afs_kill_pages.patch queue-4.9/afs-fix-abort-on-signal-while-waiting-for-call-completion.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Flush outstanding writes when an fd is closed" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Flush outstanding writes when an fd is closed to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-flush-outstanding-writes-when-an-fd-is-closed.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:34 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:45 +0000 Subject: afs: Flush outstanding writes when an fd is closed From: David Howells <dhowells(a)redhat.com> [ Upstream commit 58fed94dfb17e89556b5705f20f90e5b2971b6a1 ] Flush outstanding writes in afs when an fd is closed. This is what NFS and CIFS do. Reported-by: Marc Dionne <marc.c.dionne(a)gmail.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/file.c | 1 + fs/afs/internal.h | 1 + fs/afs/write.c | 14 ++++++++++++++ 3 files changed, 16 insertions(+) --- a/fs/afs/file.c +++ b/fs/afs/file.c @@ -29,6 +29,7 @@ static int afs_readpages(struct file *fi const struct file_operations afs_file_operations = { .open = afs_open, + .flush = afs_flush, .release = afs_release, .llseek = generic_file_llseek, .read_iter = generic_file_read_iter, --- a/fs/afs/internal.h +++ b/fs/afs/internal.h @@ -752,6 +752,7 @@ extern int afs_writepages(struct address extern void afs_pages_written_back(struct afs_vnode *, struct afs_call *); extern ssize_t afs_file_write(struct kiocb *, struct iov_iter *); extern int afs_writeback_all(struct afs_vnode *); +extern int afs_flush(struct file *, fl_owner_t); extern int afs_fsync(struct file *, loff_t, loff_t, int); --- a/fs/afs/write.c +++ b/fs/afs/write.c @@ -736,6 +736,20 @@ out: } /* + * Flush out all outstanding writes on a file opened for writing when it is + * closed. + */ +int afs_flush(struct file *file, fl_owner_t id) +{ + _enter(""); + + if ((file->f_mode & FMODE_WRITE) == 0) + return 0; + + return vfs_fsync(file, 0); +} + +/* * notification that a previously read-only page is about to become writable * - if it returns an error, the caller will deliver a bus error signal */ Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.9/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.9/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.9/afs-populate-group-id-from-vnode-status.patch queue-4.9/afs-prevent-callback-expiry-timer-overflow.patch queue-4.9/crypto-rsa-fix-buffer-overread-when-stripping-leading-zeroes.patch queue-4.9/afs-adjust-mode-bits-processing.patch queue-4.9/rxrpc-wake-up-the-transmitter-if-rx-window-size-increases-on-the-peer.patch queue-4.9/afs-invalid-op-id-should-abort-with-rxgen_opcode.patch queue-4.9/afs-fix-page-leak-in-afs_write_begin.patch queue-4.9/afs-better-abort-and-net-error-handling.patch queue-4.9/afs-fix-missing-put_page.patch queue-4.9/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.9/rxrpc-ignore-busy-packets-on-old-calls.patch queue-4.9/afs-populate-and-use-client-modification-time.patch queue-4.9/afs-fix-afs_kill_pages.patch queue-4.9/afs-fix-abort-on-signal-while-waiting-for-call-completion.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Fix the maths in afs_fs_store_data()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Fix the maths in afs_fs_store_data() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-fix-the-maths-in-afs_fs_store_data.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:34 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:47 +0000 Subject: afs: Fix the maths in afs_fs_store_data() From: David Howells <dhowells(a)redhat.com> [ Upstream commit 146a1192783697810b63a1e41c4d59fc93387340 ] afs_fs_store_data() works out of the size of the write it's going to make, but it uses 32-bit unsigned subtraction in one place that gets automatically cast to loff_t. However, if to < offset, then the number goes negative, but as the result isn't signed, this doesn't get sign-extended to 64-bits when placed in a loff_t. Fix by casting the operands to loff_t. Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/fsclient.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/afs/fsclient.c +++ b/fs/afs/fsclient.c @@ -1178,7 +1178,7 @@ int afs_fs_store_data(struct afs_server _enter(",%x,{%x:%u},,", key_serial(wb->key), vnode->fid.vid, vnode->fid.vnode); - size = to - offset; + size = (loff_t)to - (loff_t)offset; if (first != last) size += (loff_t)(last - first) << PAGE_SHIFT; pos = (loff_t)first << PAGE_SHIFT; Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.9/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.9/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.9/afs-populate-group-id-from-vnode-status.patch queue-4.9/afs-prevent-callback-expiry-timer-overflow.patch queue-4.9/crypto-rsa-fix-buffer-overread-when-stripping-leading-zeroes.patch queue-4.9/afs-adjust-mode-bits-processing.patch queue-4.9/rxrpc-wake-up-the-transmitter-if-rx-window-size-increases-on-the-peer.patch queue-4.9/afs-invalid-op-id-should-abort-with-rxgen_opcode.patch queue-4.9/afs-fix-page-leak-in-afs_write_begin.patch queue-4.9/afs-better-abort-and-net-error-handling.patch queue-4.9/afs-fix-missing-put_page.patch queue-4.9/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.9/rxrpc-ignore-busy-packets-on-old-calls.patch queue-4.9/afs-populate-and-use-client-modification-time.patch queue-4.9/afs-fix-afs_kill_pages.patch queue-4.9/afs-fix-abort-on-signal-while-waiting-for-call-completion.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Fix page leak in afs_write_begin()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Fix page leak in afs_write_begin() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-fix-page-leak-in-afs_write_begin.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:34 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:48 +0000 Subject: afs: Fix page leak in afs_write_begin() From: David Howells <dhowells(a)redhat.com> [ Upstream commit 6d06b0d25209c80e99c1e89700f1e09694a3766b ] afs_write_begin() leaks a ref and a lock on a page if afs_fill_page() fails. Fix the leak by unlocking and releasing the page in the error path. Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/write.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/fs/afs/write.c +++ b/fs/afs/write.c @@ -148,12 +148,12 @@ int afs_write_begin(struct file *file, s kfree(candidate); return -ENOMEM; } - *pagep = page; - /* page won't leak in error case: it eventually gets cleaned off LRU */ if (!PageUptodate(page) && len != PAGE_SIZE) { ret = afs_fill_page(vnode, key, index << PAGE_SHIFT, page); if (ret < 0) { + unlock_page(page); + put_page(page); kfree(candidate); _leave(" = %d [prep]", ret); return ret; @@ -161,6 +161,9 @@ int afs_write_begin(struct file *file, s SetPageUptodate(page); } + /* page won't leak in error case: it eventually gets cleaned off LRU */ + *pagep = page; + try_again: spin_lock(&vnode->writeback_lock); Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.9/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.9/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.9/afs-populate-group-id-from-vnode-status.patch queue-4.9/afs-prevent-callback-expiry-timer-overflow.patch queue-4.9/crypto-rsa-fix-buffer-overread-when-stripping-leading-zeroes.patch queue-4.9/afs-adjust-mode-bits-processing.patch queue-4.9/rxrpc-wake-up-the-transmitter-if-rx-window-size-increases-on-the-peer.patch queue-4.9/afs-invalid-op-id-should-abort-with-rxgen_opcode.patch queue-4.9/afs-fix-page-leak-in-afs_write_begin.patch queue-4.9/afs-better-abort-and-net-error-handling.patch queue-4.9/afs-fix-missing-put_page.patch queue-4.9/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.9/rxrpc-ignore-busy-packets-on-old-calls.patch queue-4.9/afs-populate-and-use-client-modification-time.patch queue-4.9/afs-fix-afs_kill_pages.patch queue-4.9/afs-fix-abort-on-signal-while-waiting-for-call-completion.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Fix missing put_page()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Fix missing put_page() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-fix-missing-put_page.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:34 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:43 +0000 Subject: afs: Fix missing put_page() From: David Howells <dhowells(a)redhat.com> [ Upstream commit 29c8bbbd6e21daa0997d1c3ee886b897ee7ad652 ] In afs_writepages_region(), inside the loop where we find dirty pages to deal with, one of the if-statements is missing a put_page(). Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/write.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/afs/write.c +++ b/fs/afs/write.c @@ -502,6 +502,7 @@ static int afs_writepages_region(struct if (PageWriteback(page) || !PageDirty(page)) { unlock_page(page); + put_page(page); continue; } Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.9/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.9/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.9/afs-populate-group-id-from-vnode-status.patch queue-4.9/afs-prevent-callback-expiry-timer-overflow.patch queue-4.9/crypto-rsa-fix-buffer-overread-when-stripping-leading-zeroes.patch queue-4.9/afs-adjust-mode-bits-processing.patch queue-4.9/rxrpc-wake-up-the-transmitter-if-rx-window-size-increases-on-the-peer.patch queue-4.9/afs-invalid-op-id-should-abort-with-rxgen_opcode.patch queue-4.9/afs-fix-page-leak-in-afs_write_begin.patch queue-4.9/afs-better-abort-and-net-error-handling.patch queue-4.9/afs-fix-missing-put_page.patch queue-4.9/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.9/rxrpc-ignore-busy-packets-on-old-calls.patch queue-4.9/afs-populate-and-use-client-modification-time.patch queue-4.9/afs-fix-afs_kill_pages.patch queue-4.9/afs-fix-abort-on-signal-while-waiting-for-call-completion.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Fix afs_kill_pages()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Fix afs_kill_pages() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-fix-afs_kill_pages.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:34 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:48 +0000 Subject: afs: Fix afs_kill_pages() From: David Howells <dhowells(a)redhat.com> [ Upstream commit 7286a35e893176169b09715096a4aca557e2ccd2 ] Fix afs_kill_pages() in two ways: (1) If a writeback has been partially flushed, then if we try and kill the pages it contains, some of them may no longer be undergoing writeback and end_page_writeback() will assert. Fix this by checking to see whether the page in question is actually undergoing writeback before ending that writeback. (2) The loop that scans for pages to kill doesn't increase the first page index, and so the loop may not terminate, but it will try to process the same pages over and over again. Fix this by increasing the first page index to one after the last page we processed. Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/write.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/fs/afs/write.c +++ b/fs/afs/write.c @@ -299,10 +299,14 @@ static void afs_kill_pages(struct afs_vn ASSERTCMP(pv.nr, ==, count); for (loop = 0; loop < count; loop++) { - ClearPageUptodate(pv.pages[loop]); + struct page *page = pv.pages[loop]; + ClearPageUptodate(page); if (error) - SetPageError(pv.pages[loop]); - end_page_writeback(pv.pages[loop]); + SetPageError(page); + if (PageWriteback(page)) + end_page_writeback(page); + if (page->index >= first) + first = page->index + 1; } __pagevec_release(&pv); Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.9/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.9/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.9/afs-populate-group-id-from-vnode-status.patch queue-4.9/afs-prevent-callback-expiry-timer-overflow.patch queue-4.9/crypto-rsa-fix-buffer-overread-when-stripping-leading-zeroes.patch queue-4.9/afs-adjust-mode-bits-processing.patch queue-4.9/rxrpc-wake-up-the-transmitter-if-rx-window-size-increases-on-the-peer.patch queue-4.9/afs-invalid-op-id-should-abort-with-rxgen_opcode.patch queue-4.9/afs-fix-page-leak-in-afs_write_begin.patch queue-4.9/afs-better-abort-and-net-error-handling.patch queue-4.9/afs-fix-missing-put_page.patch queue-4.9/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.9/rxrpc-ignore-busy-packets-on-old-calls.patch queue-4.9/afs-populate-and-use-client-modification-time.patch queue-4.9/afs-fix-afs_kill_pages.patch queue-4.9/afs-fix-abort-on-signal-while-waiting-for-call-completion.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Fix abort on signal while waiting for call completion" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Fix abort on signal while waiting for call completion to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-fix-abort-on-signal-while-waiting-for-call-completion.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:34 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:49 +0000 Subject: afs: Fix abort on signal while waiting for call completion From: David Howells <dhowells(a)redhat.com> [ Upstream commit 954cd6dc02a65065aecb7150962c0870c5b0e322 ] Fix the way in which a call that's in progress and being waited for is aborted in the case that EINTR is detected. We should be sending RX_USER_ABORT rather than RX_CALL_DEAD as the abort code. Note that since the only two ways out of the loop are if the call completes or if a signal happens, the kill-the-call clause after the loop has finished can only happen in the case of EINTR. This means that we only have one abort case to deal with, not two, and the "KWC" case can never happen and so can be deleted. Note further that simply aborting the call isn't necessarily the best thing here since at this point: the request has been entirely sent and it's likely the server will do the operation anyway - whether we abort it or not. In future, we should punt the handling of the remainder of the call off to a background thread. Reported-by: Marc Dionne <marc.c.dionne(a)auristor.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/rxrpc.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) --- a/fs/afs/rxrpc.c +++ b/fs/afs/rxrpc.c @@ -492,7 +492,6 @@ call_complete: */ static int afs_wait_for_call_to_complete(struct afs_call *call) { - const char *abort_why; int ret; DECLARE_WAITQUEUE(myself, current); @@ -511,13 +510,8 @@ static int afs_wait_for_call_to_complete continue; } - abort_why = "KWC"; - ret = call->error; - if (call->state == AFS_CALL_COMPLETE) - break; - abort_why = "KWI"; - ret = -EINTR; - if (signal_pending(current)) + if (call->state == AFS_CALL_COMPLETE || + signal_pending(current)) break; schedule(); } @@ -525,15 +519,14 @@ static int afs_wait_for_call_to_complete remove_wait_queue(&call->waitq, &myself); __set_current_state(TASK_RUNNING); - /* kill the call */ + /* Kill off the call if it's still live. */ if (call->state < AFS_CALL_COMPLETE) { - _debug("call incomplete"); + _debug("call interrupted"); rxrpc_kernel_abort_call(afs_socket, call->rxcall, - RX_CALL_DEAD, -ret, abort_why); - } else if (call->error < 0) { - ret = call->error; + RX_USER_ABORT, -EINTR, "KWI"); } + ret = call->error; _debug("call complete"); afs_end_call(call); _leave(" = %d", ret); Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.9/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.9/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.9/afs-populate-group-id-from-vnode-status.patch queue-4.9/afs-prevent-callback-expiry-timer-overflow.patch queue-4.9/crypto-rsa-fix-buffer-overread-when-stripping-leading-zeroes.patch queue-4.9/afs-adjust-mode-bits-processing.patch queue-4.9/rxrpc-wake-up-the-transmitter-if-rx-window-size-increases-on-the-peer.patch queue-4.9/afs-invalid-op-id-should-abort-with-rxgen_opcode.patch queue-4.9/afs-fix-page-leak-in-afs_write_begin.patch queue-4.9/afs-better-abort-and-net-error-handling.patch queue-4.9/afs-fix-missing-put_page.patch queue-4.9/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.9/rxrpc-ignore-busy-packets-on-old-calls.patch queue-4.9/afs-populate-and-use-client-modification-time.patch queue-4.9/afs-fix-afs_kill_pages.patch queue-4.9/afs-fix-abort-on-signal-while-waiting-for-call-completion.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Deal with an empty callback array" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Deal with an empty callback array to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-deal-with-an-empty-callback-array.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:34 CET 2017 From: Marc Dionne <marc.dionne(a)auristor.com> Date: Thu, 16 Mar 2017 16:27:44 +0000 Subject: afs: Deal with an empty callback array From: Marc Dionne <marc.dionne(a)auristor.com> [ Upstream commit bcd89270d93b7edebb5de5e5e7dca1a77a33496e ] Servers may send a callback array that is the same size as the FID array, or an empty array. If the callback count is 0, the code would attempt to read (fid_count * 12) bytes of data, which would fail and result in an unmarshalling error. This would lead to stale data for remotely modified files or directories. Store the callback array size in the internal afs_call structure and use that to determine the amount of data to read. Signed-off-by: Marc Dionne <marc.dionne(a)auristor.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/cmservice.c | 11 +++++------ fs/afs/internal.h | 5 ++++- 2 files changed, 9 insertions(+), 7 deletions(-) --- a/fs/afs/cmservice.c +++ b/fs/afs/cmservice.c @@ -168,7 +168,6 @@ static int afs_deliver_cb_callback(struc struct afs_callback *cb; struct afs_server *server; __be32 *bp; - u32 tmp; int ret, loop; _enter("{%u}", call->unmarshall); @@ -230,9 +229,9 @@ static int afs_deliver_cb_callback(struc if (ret < 0) return ret; - tmp = ntohl(call->tmp); - _debug("CB count: %u", tmp); - if (tmp != call->count && tmp != 0) + call->count2 = ntohl(call->tmp); + _debug("CB count: %u", call->count2); + if (call->count2 != call->count && call->count2 != 0) return -EBADMSG; call->offset = 0; call->unmarshall++; @@ -240,14 +239,14 @@ static int afs_deliver_cb_callback(struc case 4: _debug("extract CB array"); ret = afs_extract_data(call, call->buffer, - call->count * 3 * 4, false); + call->count2 * 3 * 4, false); if (ret < 0) return ret; _debug("unmarshall CB array"); cb = call->request; bp = call->buffer; - for (loop = call->count; loop > 0; loop--, cb++) { + for (loop = call->count2; loop > 0; loop--, cb++) { cb->version = ntohl(*bp++); cb->expiry = ntohl(*bp++); cb->type = ntohl(*bp++); --- a/fs/afs/internal.h +++ b/fs/afs/internal.h @@ -105,7 +105,10 @@ struct afs_call { unsigned request_size; /* size of request data */ unsigned reply_max; /* maximum size of reply */ unsigned first_offset; /* offset into mapping[first] */ - unsigned last_to; /* amount of mapping[last] */ + union { + unsigned last_to; /* amount of mapping[last] */ + unsigned count2; /* count used in unmarshalling */ + }; unsigned char unmarshall; /* unmarshalling phase */ bool incoming; /* T if incoming call */ bool send_pages; /* T if data from mapping should be sent */ Patches currently in stable-queue which might be from marc.dionne(a)auristor.com are queue-4.9/afs-populate-group-id-from-vnode-status.patch queue-4.9/afs-adjust-mode-bits-processing.patch queue-4.9/afs-populate-and-use-client-modification-time.patch queue-4.9/afs-deal-with-an-empty-callback-array.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Better abort and net error handling" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Better abort and net error handling to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-better-abort-and-net-error-handling.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:34 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:47 +0000 Subject: afs: Better abort and net error handling From: David Howells <dhowells(a)redhat.com> [ Upstream commit 70af0e3bd65142f9e674961c975451638a7ce1d5 ] If we receive a network error, a remote abort or a protocol error whilst we're still transmitting data, make sure we return an appropriate error to the caller rather than ESHUTDOWN or ECONNABORTED. Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/rxrpc.c | 35 +++++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) --- a/fs/afs/rxrpc.c +++ b/fs/afs/rxrpc.c @@ -321,6 +321,8 @@ int afs_make_call(struct in_addr *addr, struct rxrpc_call *rxcall; struct msghdr msg; struct kvec iov[1]; + size_t offset; + u32 abort_code; int ret; _enter("%x,{%d},", addr->s_addr, ntohs(call->port)); @@ -368,9 +370,11 @@ int afs_make_call(struct in_addr *addr, msg.msg_controllen = 0; msg.msg_flags = (call->send_pages ? MSG_MORE : 0); - /* have to change the state *before* sending the last packet as RxRPC - * might give us the reply before it returns from sending the - * request */ + /* We have to change the state *before* sending the last packet as + * rxrpc might give us the reply before it returns from sending the + * request. Further, if the send fails, we may already have been given + * a notification and may have collected it. + */ if (!call->send_pages) call->state = AFS_CALL_AWAIT_REPLY; ret = rxrpc_kernel_send_data(afs_socket, rxcall, @@ -389,7 +393,17 @@ int afs_make_call(struct in_addr *addr, return wait_mode->wait(call); error_do_abort: - rxrpc_kernel_abort_call(afs_socket, rxcall, RX_USER_ABORT, -ret, "KSD"); + call->state = AFS_CALL_COMPLETE; + if (ret != -ECONNABORTED) { + rxrpc_kernel_abort_call(afs_socket, rxcall, RX_USER_ABORT, + -ret, "KSD"); + } else { + abort_code = 0; + offset = 0; + rxrpc_kernel_recv_data(afs_socket, rxcall, NULL, 0, &offset, + false, &abort_code); + ret = call->type->abort_to_error(abort_code); + } error_kill_call: afs_end_call(call); _leave(" = %d", ret); @@ -434,16 +448,18 @@ static void afs_deliver_to_call(struct a case -EINPROGRESS: case -EAGAIN: goto out; + case -ECONNABORTED: + goto call_complete; case -ENOTCONN: abort_code = RX_CALL_DEAD; rxrpc_kernel_abort_call(afs_socket, call->rxcall, abort_code, -ret, "KNC"); - goto do_abort; + goto save_error; case -ENOTSUPP: abort_code = RXGEN_OPCODE; rxrpc_kernel_abort_call(afs_socket, call->rxcall, abort_code, -ret, "KIV"); - goto do_abort; + goto save_error; case -ENODATA: case -EBADMSG: case -EMSGSIZE: @@ -453,7 +469,7 @@ static void afs_deliver_to_call(struct a abort_code = RXGEN_SS_UNMARSHAL; rxrpc_kernel_abort_call(afs_socket, call->rxcall, abort_code, EBADMSG, "KUM"); - goto do_abort; + goto save_error; } } @@ -464,8 +480,9 @@ out: _leave(""); return; -do_abort: +save_error: call->error = ret; +call_complete: call->state = AFS_CALL_COMPLETE; goto done; } @@ -513,6 +530,8 @@ static int afs_wait_for_call_to_complete _debug("call incomplete"); rxrpc_kernel_abort_call(afs_socket, call->rxcall, RX_CALL_DEAD, -ret, abort_why); + } else if (call->error < 0) { + ret = call->error; } _debug("call complete"); Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.9/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.9/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.9/afs-populate-group-id-from-vnode-status.patch queue-4.9/afs-prevent-callback-expiry-timer-overflow.patch queue-4.9/crypto-rsa-fix-buffer-overread-when-stripping-leading-zeroes.patch queue-4.9/afs-adjust-mode-bits-processing.patch queue-4.9/rxrpc-wake-up-the-transmitter-if-rx-window-size-increases-on-the-peer.patch queue-4.9/afs-invalid-op-id-should-abort-with-rxgen_opcode.patch queue-4.9/afs-fix-page-leak-in-afs_write_begin.patch queue-4.9/afs-better-abort-and-net-error-handling.patch queue-4.9/afs-fix-missing-put_page.patch queue-4.9/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.9/rxrpc-ignore-busy-packets-on-old-calls.patch queue-4.9/afs-populate-and-use-client-modification-time.patch queue-4.9/afs-fix-afs_kill_pages.patch queue-4.9/afs-fix-abort-on-signal-while-waiting-for-call-completion.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Adjust mode bits processing" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Adjust mode bits processing to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-adjust-mode-bits-processing.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:34 CET 2017 From: Marc Dionne <marc.dionne(a)auristor.com> Date: Thu, 16 Mar 2017 16:27:44 +0000 Subject: afs: Adjust mode bits processing From: Marc Dionne <marc.dionne(a)auristor.com> [ Upstream commit 627f46943ff90bcc32ddeb675d881c043c6fa2ae ] Mode bits for an afs file should not be enforced in the usual way. For files, the absence of user bits can restrict file access with respect to what is granted by the server. These bits apply regardless of the owner or the current uid; the rest of the mode bits (group, other) are ignored. Signed-off-by: Marc Dionne <marc.dionne(a)auristor.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/security.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/fs/afs/security.c +++ b/fs/afs/security.c @@ -340,17 +340,22 @@ int afs_permission(struct inode *inode, } else { if (!(access & AFS_ACE_LOOKUP)) goto permission_denied; + if ((mask & MAY_EXEC) && !(inode->i_mode & S_IXUSR)) + goto permission_denied; if (mask & (MAY_EXEC | MAY_READ)) { if (!(access & AFS_ACE_READ)) goto permission_denied; + if (!(inode->i_mode & S_IRUSR)) + goto permission_denied; } else if (mask & MAY_WRITE) { if (!(access & AFS_ACE_WRITE)) goto permission_denied; + if (!(inode->i_mode & S_IWUSR)) + goto permission_denied; } } key_put(key); - ret = generic_permission(inode, mask); _leave(" = %d", ret); return ret; Patches currently in stable-queue which might be from marc.dionne(a)auristor.com are queue-4.9/afs-populate-group-id-from-vnode-status.patch queue-4.9/afs-adjust-mode-bits-processing.patch queue-4.9/afs-populate-and-use-client-modification-time.patch queue-4.9/afs-deal-with-an-empty-callback-array.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] [GIT PULL] commits for Linux 4.14

by alexander.levin＠verizon.com

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 51a2a68fde2035887c0d74aee1c9569c691dfd61: Linux 4.14.4 (2017-12-05 11:26:38 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-14122017 for you to fetch changes up to 439d41e248c2514299ac7e95a43d3072ac9b14ad: x86/intel_rdt: Fix potential deadlock during resctrl unmount (2017-12-14 10:22:24 -0500) - ---------------------------------------------------------------- for-greg-4.14-14122017 - ---------------------------------------------------------------- Adam Sampson (1): media: usbtv: fix brightness and contrast controls Adriana Reus (1): clk: imx: imx7d: Fix parent clock for OCRAM_CLK Alex Vesker (1): IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop Alex Williamson (1): PCI: Detach driver before procfs & sysfs teardown on device remove Alexander Duyck (1): macvlan: Only deliver one copy of the frame to the macvlan interface Alexey Khoroshilov (1): mfd: mxs-lradc: Fix error handling in mxs_lradc_probe() Anand Jain (2): btrfs: fix false EIO for missing device btrfs: undo writable superblocke when sprouting fails Arnd Bergmann (1): scsi: aacraid: use timespec64 instead of timeval Artur Paszkiewicz (1): raid5-ppl: check recovery_offset when performing ppl recovery Arun Kumar Neelakantam (1): rpmsg: glink: Initialize the "intent_req_comp" completion variable Bart Van Assche (4): target/iscsi: Detect conn_cmd_list corruption early target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() IB/core: Fix endianness annotation in rdma_is_multicast_addr() RDMA/cma: Avoid triggering undefined behavior Bartosz Chronowski (1): Bluetooth: btusb: Add new NFA344A entry. Bob Peterson (1): GFS2: Take inode off order_write list when setting jdata flag Breno Leitao (1): powerpc/xmon: Check before calling xive functions Brian Foster (1): xfs: fix log block underflow during recovery cycle verification Brian Norris (2): ath10k: fix core PCI suspend when WoWLAN is supported but disabled ath10k: fix build errors with !CONFIG_PM Chen Zhong (1): clk: mediatek: add the option for determining PLL source clock Christoph Hellwig (2): nvme: use kref_get_unless_zero in nvme_find_get_ns xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real Christophe JAILLET (3): video: fbdev: au1200fb: Release some resources if a memory allocation fails video: fbdev: au1200fb: Return an error code if a memory allocation fails btrfs: tests: Fix a memory leak in error handling path in 'run_test()' Christophe Leroy (1): powerpc/ipic: Fix status get and status clear Chuck Lever (1): xprtrdma: Don't defer fencing an async RPC's chunks Colin Ian King (2): btrfs: avoid null pointer dereference on fs_info when calling btrfs_crit ipmi_si: fix memory leak on new_smi Dan Carpenter (2): misc: pci_endpoint_test: Avoid triggering a BUG() scsi: bfa: integer overflow in debugfs Daniel Lezcano (1): thermal/drivers/step_wise: Fix temperature regulation misbehavior Darrick J. Wong (1): xfs: return a distinct error code value for IGET_INCORE cache misses Don Hiatt (1): IB/hfi1: Mask out A bit from psn trace Douglas Gilbert (1): scsi: scsi_debug: write_same: fix error report Egil Hjelmeland (1): net: dsa: lan9303: Do not disable switch fabric port 0 at .probe Eric Dumazet (1): ipv4: ipv4_default_advmss() should use route mtu Eryu Guan (1): xfs: truncate pagecache before writeback in xfs_setattr_size() Felix Manlunas (1): liquidio: fix kernel panic in VF driver Fuyun Liang (1): net: hns3: fix for getting advertised_caps in hns3_get_link_ksettings Gao Feng (1): ppp: Destroy the mutex when cleanup Gary R Hook (1): iommu/amd: Limit the IOVA page range to the specified addresses Geert Uytterhoeven (2): fbdev: controlfb: Add missing modes to fix out of bounds access mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code Guoqing Jiang (1): md-cluster: fix wrong condition check in raid1_write_request Gustavo A. R. Silva (1): thunderbolt: tb: fix use after free in tb_activate_pcie_devices Guy Levi (1): IB/mlx4: Fix RSS's QPC attributes assignments Hans Holmberg (1): lightnvm: pblk: prevent gc kicks when gc is not operational Hans de Goede (1): staging: rtl8188eu: Revert part of "staging: rtl8188eu: fix comments with lines over 80 characters" Hiroyuki Yokoyama (1): dmaengine: rcar-dmac: use TCRB instead of TCR for residue Jan Kara (2): mm: Handle 0 flags in _calc_vm_trans() macro udf: Avoid overflow when session starts at large offset Javier GonzÃ¡lez (3): lightnvm: pblk: use right flag for GC allocation lightnvm: pblk: initialize debug stat counter lightnvm: pblk: fix min size for page mempool Jia-Ju Bai (3): vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd Jiang Yi (1): target/file: Do not return error for UNMAP if length is zero Jiri Slaby (1): l2tp: cleanup l2tp_tunnel_delete calls Johan Hovold (1): serdev: ttyport: enforce tty-driver open() requirement KUWAZAWA Takuya (1): netfilter: ipvs: Fix inappropriate output of procfs Kishon Vijay Abraham I (1): misc: pci_endpoint_test: Fix failure path return values in probe Kuninori Morimoto (1): ASoC: rsnd: rsnd_ssi_run_mods() needs to care ssi_parent_mod Kuppuswamy Sathyanarayanan (1): platform/x86: intel_punit_ipc: Fix resource ioremap warning Kurt Garloff (1): scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry Ladislav Michl (1): video: udlfb: Fix read EDID timeout Leo Yan (1): clk: hi6220: mark clock cs_atb_syspll as critical Leon Romanovsky (1): RDMA/cxgb4: Declare stag as __be32 Liang Chen (1): bcache: explicitly destroy mutex while exiting Linus Walleij (1): pinctrl: adi2: Fix Kconfig build problem Lipeng (6): net: hns3: fix a bug in hclge_uninit_client_instance net: hns3: add nic_client check when initialize roce base information net: hns3: fix the bug of hns3_set_txbd_baseinfo net: hns3: fix the TX/RX ring.queue_index in hns3_ring_get_cfg net: hns3: fix the bug when map buffer fail net: hns3: fix a bug when alloc new buffer Liu Bo (1): badblocks: fix wrong return value in badblocks_set if badblocks are disabled Markus Elfring (1): platform/x86: sony-laptop: Fix error handling in sony_nc_setup_rfkill() Martin Wilck (2): scsi: hpsa: cleanup sas_phy structures in sysfs when unloading scsi: hpsa: destroy sas transport properties before scsi_host Matteo Croce (1): icmp: don't fail on fragment reassembly time exceeded Matthias Brugger (2): iommu/mediatek: Fix driver name soc: mediatek: pwrap: fix compiler errors Mauro Carvalho Chehab (1): media: camss-vfe: always initialize reg at vfe_set_xbar_cfg() Miaoqing Pan (1): ath9k: fix tx99 potential info leak Michael Ellerman (1): powerpc/perf/hv-24x7: Fix incorrect comparison in memord MichaÅ‚ MirosÅ‚aw (1): clk: tegra: Fix cclk_lp divisor register Mika Westerberg (1): PCI: Do not allocate more buses than available in parent Ming Lei (1): blk-mq-sched: dispatch from scheduler IFF progress is made in ->dispatch Neil Armstrong (1): ARM64: dts: meson-gxbb-odroidc2: fix usb1 power supply NeilBrown (1): raid5: Set R5_Expanded on parity devices as well as data. Nick Desaulniers (1): arm64: prevent regressions in compressed kernel image size when upgrading to binutils 2.27 Nicolin Chen (1): clk: tegra: Use readl_relaxed_poll_timeout_atomic() in tegra210_clock_init() Nikolay Borisov (1): btrfs: Explicitly handle btrfs_update_root failure Osama Khan (1): platform/x86: hp_accel: Add quirk for HP ProBook 440 G4 Pankaj Bharadiya (1): ASoC: Intel: Skylake: Fix uuid_module memory leak in failure case Parav Pandit (2): IB/core: Fix use workqueue without WQ_MEM_RECLAIM IB/core: Fix calculation of maximum RoCE MTU Patel Jay P (1): Ib/hfi1: Return actual operational VLs in port info query Peter Ujfalusi (1): dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type Philipp Zabel (1): rtc: pcf8563: fix output clock rate Pixel Ding (1): drm/amdgpu: bypass lru touch for KIQ ring submission Qiang (1): PCI/PME: Handle invalid data when reading Root Status Rajat Jain (1): PM / s2idle: Clear the events_check_enabled flag Rakesh Pandit (2): lightnvm: pblk: fix changing GC group list for a line lightnvm: pblk: protect line bitmap while submitting meta io Reinette Chatre (1): x86/intel_rdt: Fix potential deadlock during resctrl unmount Robert Baronescu (1): crypto: tcrypt - fix buffer lengths in test_aead_speed() Robert Stonehouse (1): sfc: don't warn on successful change of MAC Ronald TschalÃ¤r (1): Bluetooth: hci_ldisc: Fix another race when closing the tty. Ross Zwisler (1): dev/dax: fix uninitialized variable build warning Sergey Matyukevich (1): qtnfmac: modify full Tx queue error reporting Shriya (1): powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo Suzuki K Poulose (1): arm-ccn: perf: Prevent module unload while PMU is in use SÃ©bastien Szymanski (2): HID: cp2112: fix broken gpio_direction_input callback clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU Tushar Dave (1): samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1 Tyrel Datwyler (1): powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister Wanpeng Li (1): KVM: nVMX: Fix EPT switching advertising Wei Yongjun (2): mlxsw: spectrum: Fix error return code in mlxsw_sp_port_create() nullb: fix error return code in null_init() William A. Kennington III (1): powerpc/opal: Fix EBUSY bug in acquiring tokens Xiaofei Tan (1): scsi: hisi_sas: fix the risk of freeing slot twice nixiaoming (1): tty fix oops when rmmod 8250 qumingguang (1): net: hns3: Fix a misuse to devm_free_irq tang.junhui (1): bcache: fix wrong cache_misses statistics tangwenji (2): iscsi-target: fix memory leak in lio_target_tiqn_addtpg() target:fix condition return in core_pr_dump_initiator_port() weiping zhang (2): scsi: sd: change manage_start_stop to bool in sysfs interface scsi: sd: change allow_restart to bool in sysfs interface arch/arm64/Makefile | 8 +++-- .../arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts | 1 + arch/blackfin/Kconfig | 7 +++-- arch/blackfin/Kconfig.debug | 1 + arch/powerpc/perf/hv-24x7.c | 2 +- arch/powerpc/platforms/powernv/opal-async.c | 6 ++-- arch/powerpc/platforms/powernv/setup.c | 2 +- arch/powerpc/platforms/pseries/vio.c | 2 ++ arch/powerpc/sysdev/ipic.c | 4 +-- arch/powerpc/xmon/xmon.c | 5 +++ arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 10 +++--- arch/x86/kvm/vmx.c | 5 +-- block/badblocks.c | 2 +- block/blk-mq-sched.c | 12 ++++---- crypto/tcrypt.c | 6 ++-- drivers/block/null_blk.c | 4 ++- drivers/bluetooth/btusb.c | 1 + drivers/bluetooth/hci_ldisc.c | 4 +-- drivers/bus/arm-ccn.c | 1 + drivers/char/ipmi/ipmi_si_intf.c | 1 + drivers/clk/hisilicon/clk-hi6220.c | 2 +- drivers/clk/imx/clk-imx6q.c | 2 +- drivers/clk/imx/clk-imx7d.c | 2 +- drivers/clk/mediatek/clk-mtk.h | 1 + drivers/clk/mediatek/clk-pll.c | 5 ++- drivers/clk/tegra/clk-tegra210.c | 4 +-- drivers/clk/tegra/clk-tegra30.c | 2 +- drivers/dax/device.c | 3 +- drivers/dma/sh/rcar-dmac.c | 2 +- drivers/dma/ti-dma-crossbar.c | 8 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 +- drivers/hid/hid-cp2112.c | 8 +++-- drivers/infiniband/core/addr.c | 2 +- drivers/infiniband/core/cma.c | 11 ++++--- drivers/infiniband/hw/cxgb4/t4.h | 2 +- drivers/infiniband/hw/hfi1/chip.c | 2 +- drivers/infiniband/hw/hfi1/trace.c | 4 +-- drivers/infiniband/hw/mlx4/qp.c | 16 +++++----- drivers/infiniband/ulp/ipoib/ipoib_ib.c | 7 ++++- drivers/iommu/amd_iommu.c | 2 +- drivers/iommu/mtk_iommu_v1.c | 2 +- drivers/lightnvm/pblk-core.c | 8 +++-- drivers/lightnvm/pblk-gc.c | 9 +++--- drivers/lightnvm/pblk-init.c | 21 +++++++------ drivers/lightnvm/pblk-read.c | 9 ++++-- drivers/lightnvm/pblk.h | 2 +- drivers/md/bcache/request.c | 6 +++- drivers/md/bcache/super.c | 6 ++-- drivers/md/raid1.c | 10 +++--- drivers/md/raid5-ppl.c | 3 +- drivers/md/raid5.c | 5 ++- drivers/media/platform/qcom/camss-8x16/camss-vfe.c | 3 ++ drivers/media/usb/usbtv/usbtv-video.c | 4 +-- drivers/mfd/mxs-lradc.c | 6 ++-- drivers/misc/pci_endpoint_test.c | 4 +++ drivers/mtd/spi-nor/stm32-quadspi.c | 4 +-- drivers/net/dsa/lan9303-core.c | 2 +- drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 6 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 12 ++++++-- .../net/ethernet/hisilicon/hns3/hns3pf/hns3_enet.c | 15 +++++---- .../ethernet/hisilicon/hns3/hns3pf/hns3_ethtool.c | 3 ++ drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 1 + drivers/net/ethernet/sfc/ef10.c | 2 +- drivers/net/macvlan.c | 2 +- drivers/net/ppp/ppp_generic.c | 1 + drivers/net/wireless/ath/ath10k/pci.c | 29 +++++++++-------- drivers/net/wireless/ath/ath9k/tx99.c | 5 +++ .../net/wireless/quantenna/qtnfmac/pearl/pcie.c | 2 +- drivers/nvme/host/core.c | 3 +- drivers/pci/pcie/pme.c | 5 ++- drivers/pci/probe.c | 7 ++++- drivers/pci/remove.c | 2 +- drivers/pinctrl/Kconfig | 3 +- drivers/platform/x86/hp_accel.c | 1 + drivers/platform/x86/intel_punit_ipc.c | 8 ++--- drivers/platform/x86/sony-laptop.c | 14 +++++---- drivers/rpmsg/qcom_glink_native.c | 1 + drivers/rtc/rtc-pcf8563.c | 2 +- drivers/scsi/aacraid/commsup.c | 26 ++++++++-------- drivers/scsi/bfa/bfad_debugfs.c | 5 +-- drivers/scsi/hisi_sas/hisi_sas_main.c | 9 ++++-- drivers/scsi/hpsa.c | 6 ++-- drivers/scsi/scsi_debug.c | 6 ++-- drivers/scsi/scsi_devinfo.c | 2 +- drivers/scsi/sd.c | 12 ++++++-- drivers/soc/mediatek/mtk-pmic-wrap.c | 2 +- drivers/staging/rtl8188eu/core/rtw_ap.c | 2 +- drivers/staging/rtl8188eu/core/rtw_cmd.c | 4 +-- drivers/staging/vt6655/device_main.c | 3 +- drivers/target/iscsi/iscsi_target.c | 3 +- drivers/target/iscsi/iscsi_target_configfs.c | 3 +- drivers/target/iscsi/iscsi_target_util.c | 4 +++ drivers/target/target_core_file.c | 4 +++ drivers/target/target_core_pr.c | 4 ++- drivers/thermal/step_wise.c | 11 ++++--- drivers/thunderbolt/tb.c | 1 + drivers/tty/serdev/serdev-ttyport.c | 14 ++++++--- drivers/video/fbdev/au1200fb.c | 7 +++-- drivers/video/fbdev/controlfb.h | 2 ++ drivers/video/fbdev/udlfb.c | 10 +++--- fs/btrfs/ioctl.c | 7 ++++- fs/btrfs/super.c | 4 +-- fs/btrfs/tests/free-space-tree-tests.c | 3 +- fs/btrfs/volumes.c | 7 ++++- fs/gfs2/file.c | 4 ++- fs/proc/proc_tty.c | 3 +- fs/udf/super.c | 2 +- fs/xfs/libxfs/xfs_bmap.c | 2 +- fs/xfs/xfs_icache.c | 2 +- fs/xfs/xfs_iops.c | 36 ++++++++++++---------- fs/xfs/xfs_log_recover.c | 2 +- include/linux/mman.h | 3 +- include/rdma/ib_addr.h | 11 ++++--- include/rdma/ib_pack.h | 19 +++++++----- kernel/power/suspend.c | 2 +- net/ipv4/icmp.c | 15 +++++++-- net/ipv4/route.c | 2 +- net/l2tp/l2tp_core.c | 2 +- net/l2tp/l2tp_netlink.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 4 +++ net/sunrpc/xprtrdma/transport.c | 2 +- samples/bpf/xdp1_user.c | 8 +++++ sound/soc/intel/skylake/skl-sst-utils.c | 15 ++++++--- sound/soc/sh/rcar/ssi.c | 11 +++++-- 124 files changed, 451 insertions(+), 257 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJaMqMbAAoJEN6mb/eXdyzcc7EP/2qrNQ4olHsqnUiMqIwO7oYa KUBXgoMV7qtJPXOp206B7M37FxxXtp3gfQYZf2LT8AMSGYL2a5d1pIi0voV94n2d 6RcXzJLihbeEg9IR3xwxltX2Xex4TeO5g1BoQQVakg7wE5TUDU9w2kX7qwUn+ewx Vxuz88DUF6J4C2PtpXoA0pc7LeolDjYc4Ugwz2O9DzhzsSc0cQ8XGFqokaWY/xMM 3wdKnVtIV6UtSI3XqBqGYJVDIXnVGCH8GTt/4HU/m5OXiz+2pLWmD36zL/WZaFIY ikxIvN/UkBn6W08AHXVjMaMryOFGYh++3UQmbCBlUSIQJkwJhdGi28wzouAa4RNt My5TyFMcdnPQCDfF5/1t2n/9CDLVFO1ckliOugkb8PJkj58BdXB4Gk7uIV34Y6vl mm7964MSs/BBJyfGn8RTRRbSFXbJvOH9yaftECX1ZFmrjfQ8UhNVBGc0AX3WouKj aeukJaxtJKWDRWN2XbCv7BSUBb6E8FckNgB9k/fuFWJOvIhY523fmCipGJrx2CW0 HSHF2XGio2w3XWzkaAjjV8ak3yWuQRp3yV+jgAfekhHK2XlBTCEC9JIfDkXS7g5z vRDGGCrAWfSk/AwZOEwAjCsvTggLOD7+WPcTp5/PeqBm9GD2soVB3u7M8DEUYnsq BZzwfU8QKuB78Daa1ZZj =ZnEU -----END PGP SIGNATURE-----

7 years, 9 months

2
1
0 0

[Linux-stable-mirror] Patch "xprtrdma: Don't defer fencing an async RPC's chunks" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xprtrdma: Don't defer fencing an async RPC's chunks to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xprtrdma-don-t-defer-fencing-an-async-rpc-s-chunks.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:29:00 CET 2017 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Mon, 9 Oct 2017 12:03:26 -0400 Subject: xprtrdma: Don't defer fencing an async RPC's chunks From: Chuck Lever <chuck.lever(a)oracle.com> [ Upstream commit 8f66b1a529047a972cb9602a919c53a95f3d7a2b ] In current kernels, waiting in xprt_release appears to be safe to do. I had erroneously believed that for ASYNC RPCs, waiting of any kind in xprt_release->xprt_rdma_free would result in deadlock. I've done injection testing and consulted with Trond to confirm that waiting in the RPC release path is safe. For the very few times where RPC resources haven't yet been released earlier by the reply handler, it is safe to wait synchronously in xprt_rdma_free for invalidation rather than defering it to MR recovery. Note: When the QP is error state, posting a LocalInvalidate should flush and mark the MR as bad. There is no way the remote HCA can access that MR via a QP in error state, so it is effectively already inaccessible and thus safe for the Upper Layer to access. The next time the MR is used it should be recognized and cleaned up properly by frwr_op_map. Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Anna Schumaker <Anna.Schumaker(a)Netapp.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sunrpc/xprtrdma/transport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/sunrpc/xprtrdma/transport.c +++ b/net/sunrpc/xprtrdma/transport.c @@ -686,7 +686,7 @@ xprt_rdma_free(struct rpc_task *task) dprintk("RPC: %s: called on 0x%p\n", __func__, req->rl_reply); if (!list_empty(&req->rl_registered)) - ia->ri_ops->ro_unmap_safe(r_xprt, req, !RPC_IS_ASYNC(task)); + ia->ri_ops->ro_unmap_sync(r_xprt, &req->rl_registered); rpcrdma_unmap_sges(ia, req); rpcrdma_buffer_put(req); } Patches currently in stable-queue which might be from chuck.lever(a)oracle.com are queue-4.14/xprtrdma-don-t-defer-fencing-an-async-rpc-s-chunks.patch queue-4.14/sunrpc-fix-a-race-in-the-receive-code-path.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "xfs: truncate pagecache before writeback in xfs_setattr_size()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: truncate pagecache before writeback in xfs_setattr_size() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-truncate-pagecache-before-writeback-in-xfs_setattr_size.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:28:59 CET 2017 From: Eryu Guan <eguan(a)redhat.com> Date: Wed, 1 Nov 2017 21:43:50 -0700 Subject: xfs: truncate pagecache before writeback in xfs_setattr_size() From: Eryu Guan <eguan(a)redhat.com> [ Upstream commit 350976ae21873b0d36584ea005076356431b8f79 ] On truncate down, if new size is not block size aligned, we zero the rest of block to avoid exposing stale data to user, and iomap_truncate_page() skips zeroing if the range is already in unwritten state or a hole. Then we writeback from on-disk i_size to the new size if this range hasn't been written to disk yet, and truncate page cache beyond new EOF and set in-core i_size. The problem is that we could write data between di_size and newsize before removing the page cache beyond newsize, as the extents may still be in unwritten state right after a buffer write. As such, the page of data that newsize lies in has not been zeroed by page cache invalidation before it is written, and xfs_do_writepage() hasn't triggered it's "zero data beyond EOF" case because we haven't updated in-core i_size yet. Then a subsequent mmap read could see non-zeros past EOF. I occasionally see this in fsx runs in fstests generic/112, a simplified fsx operation sequence is like (assuming 4k block size xfs): fallocate 0x0 0x1000 0x0 keep_size write 0x0 0x1000 0x0 truncate 0x0 0x800 0x1000 punch_hole 0x0 0x800 0x800 mapread 0x0 0x800 0x800 where fallocate allocates unwritten extent but doesn't update i_size, buffer write populates the page cache and extent is still unwritten, truncate skips zeroing page past new EOF and writes the page to disk, punch_hole invalidates the page cache, at last mapread reads the block back and sees non-zero beyond EOF. Fix it by moving truncate_setsize() to before writeback so the page cache invalidation zeros the partial page at the new EOF. This also triggers "zero data beyond EOF" in xfs_do_writepage() at writeback time, because newsize has been set and page straddles the newsize. Also fixed the wrong 'end' param of filemap_write_and_wait_range() call while we're at it, the 'end' is inclusive and should be 'newsize - 1'. Suggested-by: Dave Chinner <dchinner(a)redhat.com> Signed-off-by: Eryu Guan <eguan(a)redhat.com> Acked-by: Dave Chinner <dchinner(a)redhat.com> Reviewed-by: Brian Foster <bfoster(a)redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/xfs_iops.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -886,22 +886,6 @@ xfs_setattr_size( return error; /* - * We are going to log the inode size change in this transaction so - * any previous writes that are beyond the on disk EOF and the new - * EOF that have not been written out need to be written here. If we - * do not write the data out, we expose ourselves to the null files - * problem. Note that this includes any block zeroing we did above; - * otherwise those blocks may not be zeroed after a crash. - */ - if (did_zeroing || - (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) { - error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, - ip->i_d.di_size, newsize); - if (error) - return error; - } - - /* * We've already locked out new page faults, so now we can safely remove * pages from the page cache knowing they won't get refaulted until we * drop the XFS_MMAP_EXCL lock after the extent manipulations are @@ -917,9 +901,29 @@ xfs_setattr_size( * user visible changes). There's not much we can do about this, except * to hope that the caller sees ENOMEM and retries the truncate * operation. + * + * And we update in-core i_size and truncate page cache beyond newsize + * before writeback the [di_size, newsize] range, so we're guaranteed + * not to write stale data past the new EOF on truncate down. */ truncate_setsize(inode, newsize); + /* + * We are going to log the inode size change in this transaction so + * any previous writes that are beyond the on disk EOF and the new + * EOF that have not been written out need to be written here. If we + * do not write the data out, we expose ourselves to the null files + * problem. Note that this includes any block zeroing we did above; + * otherwise those blocks may not be zeroed after a crash. + */ + if (did_zeroing || + (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) { + error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, + ip->i_d.di_size, newsize - 1); + if (error) + return error; + } + error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); if (error) return error; Patches currently in stable-queue which might be from eguan(a)redhat.com are queue-4.14/ext4-fix-fdatasync-2-after-fallocate-2-operation.patch queue-4.14/xfs-truncate-pagecache-before-writeback-in-xfs_setattr_size.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "xfs: return a distinct error code value for IGET_INCORE cache misses" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: return a distinct error code value for IGET_INCORE cache misses to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-return-a-distinct-error-code-value-for-iget_incore-cache-misses.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:28:59 CET 2017 From: "Darrick J. Wong" <darrick.wong(a)oracle.com> Date: Tue, 17 Oct 2017 21:37:32 -0700 Subject: xfs: return a distinct error code value for IGET_INCORE cache misses From: "Darrick J. Wong" <darrick.wong(a)oracle.com> [ Upstream commit ed438b476b611c67089760037139f93ea8ed41d5 ] For an XFS_IGET_INCORE iget operation, if the inode isn't in the cache, return ENODATA so that we don't confuse it with the pre-existing ENOENT cases (inode is in cache, but freed). Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Reviewed-by: Brian Foster <bfoster(a)redhat.com> Reviewed-by: Dave Chinner <dchinner(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/xfs_icache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/xfs/xfs_icache.c +++ b/fs/xfs/xfs_icache.c @@ -610,7 +610,7 @@ again: } else { rcu_read_unlock(); if (flags & XFS_IGET_INCORE) { - error = -ENOENT; + error = -ENODATA; goto out_error_or_again; } XFS_STATS_INC(mp, xs_ig_missed); Patches currently in stable-queue which might be from darrick.wong(a)oracle.com are queue-4.14/xfs-fix-incorrect-extent-state-in-xfs_bmap_add_extent_unwritten_real.patch queue-4.14/xfs-fix-log-block-underflow-during-recovery-cycle-verification.patch queue-4.14/xfs-truncate-pagecache-before-writeback-in-xfs_setattr_size.patch queue-4.14/xfs-return-a-distinct-error-code-value-for-iget_incore-cache-misses.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "xfs: fix log block underflow during recovery cycle verification" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: fix log block underflow during recovery cycle verification to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-fix-log-block-underflow-during-recovery-cycle-verification.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:28:59 CET 2017 From: Brian Foster <bfoster(a)redhat.com> Date: Thu, 26 Oct 2017 09:31:16 -0700 Subject: xfs: fix log block underflow during recovery cycle verification From: Brian Foster <bfoster(a)redhat.com> [ Upstream commit 9f2a4505800607e537e9dd9dea4f55c4b0c30c7a ] It is possible for mkfs to format very small filesystems with too small of an internal log with respect to the various minimum size and block count requirements. If this occurs when the log happens to be smaller than the scan window used for cycle verification and the scan wraps the end of the log, the start_blk calculation in xlog_find_head() underflows and leads to an attempt to scan an invalid range of log blocks. This results in log recovery failure and a failed mount. Since there may be filesystems out in the wild with this kind of geometry, we cannot simply refuse to mount. Instead, cap the scan window for cycle verification to the size of the physical log. This ensures that the cycle verification proceeds as expected when the scan wraps the end of the log. Reported-by: Zorro Lang <zlang(a)redhat.com> Signed-off-by: Brian Foster <bfoster(a)redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/xfs_log_recover.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/xfs/xfs_log_recover.c +++ b/fs/xfs/xfs_log_recover.c @@ -753,7 +753,7 @@ xlog_find_head( * in the in-core log. The following number can be made tighter if * we actually look at the block size of the filesystem. */ - num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log); + num_scan_bblks = min_t(int, log_bbnum, XLOG_TOTAL_REC_SHIFT(log)); if (head_blk >= num_scan_bblks) { /* * We are guaranteed that the entire check can be performed Patches currently in stable-queue which might be from bfoster(a)redhat.com are queue-4.14/xfs-fix-incorrect-extent-state-in-xfs_bmap_add_extent_unwritten_real.patch queue-4.14/xfs-fix-log-block-underflow-during-recovery-cycle-verification.patch queue-4.14/xfs-truncate-pagecache-before-writeback-in-xfs_setattr_size.patch queue-4.14/xfs-return-a-distinct-error-code-value-for-iget_incore-cache-misses.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-fix-incorrect-extent-state-in-xfs_bmap_add_extent_unwritten_real.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:28:59 CET 2017 From: Christoph Hellwig <hch(a)lst.de> Date: Tue, 17 Oct 2017 14:16:19 -0700 Subject: xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real From: Christoph Hellwig <hch(a)lst.de> [ Upstream commit 5e422f5e4fd71d18bc6b851eeb3864477b3d842e ] There was one spot in xfs_bmap_add_extent_unwritten_real that didn't use the passed in new extent state but always converted to normal, leading to wrong behavior when converting from normal to unwritten. Only found by code inspection, it seems like this code path to move partial extent from written to unwritten while merging it with the next extent is rarely exercised. Signed-off-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Brian Foster <bfoster(a)redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/libxfs/xfs_bmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/xfs/libxfs/xfs_bmap.c +++ b/fs/xfs/libxfs/xfs_bmap.c @@ -2560,7 +2560,7 @@ xfs_bmap_add_extent_unwritten_real( &i))) goto done; XFS_WANT_CORRUPTED_GOTO(mp, i == 0, done); - cur->bc_rec.b.br_state = XFS_EXT_NORM; + cur->bc_rec.b.br_state = new->br_state; if ((error = xfs_btree_insert(cur, &i))) goto done; XFS_WANT_CORRUPTED_GOTO(mp, i == 1, done); Patches currently in stable-queue which might be from hch(a)lst.de are queue-4.14/xfs-fix-incorrect-extent-state-in-xfs_bmap_add_extent_unwritten_real.patch queue-4.14/nvme-use-kref_get_unless_zero-in-nvme_find_get_ns.patch queue-4.14/target-iscsi-detect-conn_cmd_list-corruption-early.patch queue-4.14/target-iscsi-fix-a-race-condition-in-iscsit_add_reject_from_cmd.patch queue-4.14/scsi-core-fix-a-scsi_show_rq-null-pointer-dereference.patch queue-4.14/scsi-libsas-fix-length-error-in-sas_smp_handler.patch queue-4.14/blk-mq-sched-dispatch-from-scheduler-iff-progress-is-made-in-dispatch.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vt6655-fix-a-possible-sleep-in-atomic-bug-in-vt6655_suspend.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:29:00 CET 2017 From: Jia-Ju Bai <baijiaju1990(a)163.com> Date: Mon, 9 Oct 2017 16:45:55 +0800 Subject: vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend From: Jia-Ju Bai <baijiaju1990(a)163.com> [ Upstream commit 42c8eb3f6e15367981b274cb79ee4657e2c6949d ] The driver may sleep under a spinlock, and the function call path is: vt6655_suspend (acquire the spinlock) pci_set_power_state __pci_start_power_transition (drivers/pci/pci.c) msleep --> may sleep To fix it, pci_set_power_state is called without having a spinlock. This bug is found by my static analysis tool and my code review. Signed-off-by: Jia-Ju Bai <baijiaju1990(a)163.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/vt6655/device_main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/staging/vt6655/device_main.c +++ b/drivers/staging/vt6655/device_main.c @@ -1693,10 +1693,11 @@ static int vt6655_suspend(struct pci_dev MACbShutdown(priv); pci_disable_device(pcid); - pci_set_power_state(pcid, pci_choose_state(pcid, state)); spin_unlock_irqrestore(&priv->lock, flags); + pci_set_power_state(pcid, pci_choose_state(pcid, state)); + return 0; } Patches currently in stable-queue which might be from baijiaju1990(a)163.com are queue-4.14/rtl8188eu-fix-a-possible-sleep-in-atomic-bug-in-rtw_createbss_cmd.patch queue-4.14/rtl8188eu-fix-a-possible-sleep-in-atomic-bug-in-rtw_disassoc_cmd.patch queue-4.14/vt6655-fix-a-possible-sleep-in-atomic-bug-in-vt6655_suspend.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "video: udlfb: Fix read EDID timeout" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled video: udlfb: Fix read EDID timeout to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: video-udlfb-fix-read-edid-timeout.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:28:59 CET 2017 From: Ladislav Michl <ladis(a)linux-mips.org> Date: Thu, 9 Nov 2017 18:09:30 +0100 Subject: video: udlfb: Fix read EDID timeout From: Ladislav Michl <ladis(a)linux-mips.org> [ Upstream commit c98769475575c8a585f5b3952f4b5f90266f699b ] While usb_control_msg function expects timeout in miliseconds, a value of HZ is used. Replace it with USB_CTRL_GET_TIMEOUT and also fix error message which looks like: udlfb: Read EDID byte 78 failed err ffffff92 as error is either negative errno or number of bytes transferred use %d format specifier. Returned EDID is in second byte, so return error when less than two bytes are received. Fixes: 18dffdf8913a ("staging: udlfb: enhance EDID and mode handling support") Signed-off-by: Ladislav Michl <ladis(a)linux-mips.org> Cc: Bernie Thompson <bernie(a)plugable.com> Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/video/fbdev/udlfb.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- a/drivers/video/fbdev/udlfb.c +++ b/drivers/video/fbdev/udlfb.c @@ -769,11 +769,11 @@ static int dlfb_get_edid(struct dlfb_dat for (i = 0; i < len; i++) { ret = usb_control_msg(dev->udev, - usb_rcvctrlpipe(dev->udev, 0), (0x02), - (0x80 | (0x02 << 5)), i << 8, 0xA1, rbuf, 2, - HZ); - if (ret < 1) { - pr_err("Read EDID byte %d failed err %x\n", i, ret); + usb_rcvctrlpipe(dev->udev, 0), 0x02, + (0x80 | (0x02 << 5)), i << 8, 0xA1, + rbuf, 2, USB_CTRL_GET_TIMEOUT); + if (ret < 2) { + pr_err("Read EDID byte %d failed: %d\n", i, ret); i--; break; } Patches currently in stable-queue which might be from ladis(a)linux-mips.org are queue-4.14/video-udlfb-fix-read-edid-timeout.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "video: fbdev: au1200fb: Return an error code if a memory allocation fails" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled video: fbdev: au1200fb: Return an error code if a memory allocation fails to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: video-fbdev-au1200fb-return-an-error-code-if-a-memory-allocation-fails.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:28:59 CET 2017 From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Date: Thu, 9 Nov 2017 18:09:28 +0100 Subject: video: fbdev: au1200fb: Return an error code if a memory allocation fails From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> [ Upstream commit 8cae353e6b01ac3f18097f631cdbceb5ff28c7f3 ] 'ret' is known to be 0 at this point. In case of memory allocation error in 'framebuffer_alloc()', return -ENOMEM instead. Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Cc: Tejun Heo <tj(a)kernel.org> Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/video/fbdev/au1200fb.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/drivers/video/fbdev/au1200fb.c +++ b/drivers/video/fbdev/au1200fb.c @@ -1681,8 +1681,10 @@ static int au1200fb_drv_probe(struct pla fbi = framebuffer_alloc(sizeof(struct au1200fb_device), &dev->dev); - if (!fbi) + if (!fbi) { + ret = -ENOMEM; goto failed; + } _au1200fb_infos[plane] = fbi; fbdev = fbi->par; Patches currently in stable-queue which might be from christophe.jaillet(a)wanadoo.fr are queue-4.14/video-fbdev-au1200fb-release-some-resources-if-a-memory-allocation-fails.patch queue-4.14/video-fbdev-au1200fb-return-an-error-code-if-a-memory-allocation-fails.patch queue-4.14/btrfs-tests-fix-a-memory-leak-in-error-handling-path-in-run_test.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "video: fbdev: au1200fb: Release some resources if a memory allocation fails" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled video: fbdev: au1200fb: Release some resources if a memory allocation fails to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: video-fbdev-au1200fb-release-some-resources-if-a-memory-allocation-fails.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:28:59 CET 2017 From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Date: Thu, 9 Nov 2017 18:09:28 +0100 Subject: video: fbdev: au1200fb: Release some resources if a memory allocation fails From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> [ Upstream commit 451f130602619a17c8883dd0b71b11624faffd51 ] We should go through the error handling code instead of returning -ENOMEM directly. Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Cc: Tejun Heo <tj(a)kernel.org> Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/video/fbdev/au1200fb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/video/fbdev/au1200fb.c +++ b/drivers/video/fbdev/au1200fb.c @@ -1701,7 +1701,8 @@ static int au1200fb_drv_probe(struct pla if (!fbdev->fb_mem) { print_err("fail to allocate frambuffer (size: %dK))", fbdev->fb_len / 1024); - return -ENOMEM; + ret = -ENOMEM; + goto failed; } /* Patches currently in stable-queue which might be from christophe.jaillet(a)wanadoo.fr are queue-4.14/video-fbdev-au1200fb-release-some-resources-if-a-memory-allocation-fails.patch queue-4.14/video-fbdev-au1200fb-return-an-error-code-if-a-memory-allocation-fails.patch queue-4.14/btrfs-tests-fix-a-memory-leak-in-error-handling-path-in-run_test.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "udf: Avoid overflow when session starts at large offset" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled udf: Avoid overflow when session starts at large offset to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: udf-avoid-overflow-when-session-starts-at-large-offset.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:29:00 CET 2017 From: Jan Kara <jack(a)suse.cz> Date: Mon, 16 Oct 2017 11:38:11 +0200 Subject: udf: Avoid overflow when session starts at large offset From: Jan Kara <jack(a)suse.cz> [ Upstream commit abdc0eb06964fe1d2fea6dd1391b734d0590365d ] When session starts beyond offset 2^31 the arithmetics in udf_check_vsd() would overflow. Make sure the computation is done in large enough type. Reported-by: Cezary Sliwa <sliwa(a)ifpan.edu.pl> Signed-off-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/udf/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/udf/super.c +++ b/fs/udf/super.c @@ -703,7 +703,7 @@ static loff_t udf_check_vsd(struct super else sectorsize = sb->s_blocksize; - sector += (sbi->s_session << sb->s_blocksize_bits); + sector += (((loff_t)sbi->s_session) << sb->s_blocksize_bits); udf_debug("Starting at sector %u (%ld byte sectors)\n", (unsigned int)(sector >> sb->s_blocksize_bits), Patches currently in stable-queue which might be from jack(a)suse.cz are queue-4.14/mm-handle-0-flags-in-_calc_vm_trans-macro.patch queue-4.14/udf-avoid-overflow-when-session-starts-at-large-offset.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "tty fix oops when rmmod 8250" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty fix oops when rmmod 8250 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tty-fix-oops-when-rmmod-8250.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:28:59 CET 2017 From: nixiaoming <nixiaoming(a)huawei.com> Date: Fri, 15 Sep 2017 17:45:56 +0800 Subject: tty fix oops when rmmod 8250 From: nixiaoming <nixiaoming(a)huawei.com> [ Upstream commit c79dde629d2027ca80329c62854a7635e623d527 ] After rmmod 8250.ko tty_kref_put starts kwork (release_one_tty) to release proc interface oops when accessing driver->driver_name in proc_tty_unregister_driver Use jprobe, found driver->driver_name point to 8250.ko static static struct uart_driver serial8250_reg .driver_name= serial, Use name in proc_dir_entry instead of driver->driver_name to fix oops test on linux 4.1.12: BUG: unable to handle kernel paging request at ffffffffa01979de IP: [<ffffffff81310f40>] strchr+0x0/0x30 PGD 1a0d067 PUD 1a0e063 PMD 851c1f067 PTE 0 Oops: 0000 [#1] PREEMPT SMP Modules linked in: ... ... [last unloaded: 8250] CPU: 7 PID: 116 Comm: kworker/7:1 Tainted: G O 4.1.12 #1 Hardware name: Insyde RiverForest/Type2 - Board Product Name1, BIOS NE5KV904 12/21/2015 Workqueue: events release_one_tty task: ffff88085b684960 ti: ffff880852884000 task.ti: ffff880852884000 RIP: 0010:[<ffffffff81310f40>] [<ffffffff81310f40>] strchr+0x0/0x30 RSP: 0018:ffff880852887c90 EFLAGS: 00010282 RAX: ffffffff81a5eca0 RBX: ffffffffa01979de RCX: 0000000000000004 RDX: ffff880852887d10 RSI: 000000000000002f RDI: ffffffffa01979de RBP: ffff880852887cd8 R08: 0000000000000000 R09: ffff88085f5d94d0 R10: 0000000000000195 R11: 0000000000000000 R12: ffffffffa01979de R13: ffff880852887d00 R14: ffffffffa01979de R15: ffff88085f02e840 FS: 0000000000000000(0000) GS:ffff88085f5c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffa01979de CR3: 0000000001a0c000 CR4: 00000000001406e0 Stack: ffffffff812349b1 ffff880852887cb8 ffff880852887d10 ffff88085f5cd6c2 ffff880852800a80 ffffffffa01979de ffff880852800a84 0000000000000010 ffff88085bb28bd8 ffff880852887d38 ffffffff812354f0 ffff880852887d08 Call Trace: [<ffffffff812349b1>] ? __xlate_proc_name+0x71/0xd0 [<ffffffff812354f0>] remove_proc_entry+0x40/0x180 [<ffffffff815f6811>] ? _raw_spin_lock_irqsave+0x41/0x60 [<ffffffff813be520>] ? destruct_tty_driver+0x60/0xe0 [<ffffffff81237c68>] proc_tty_unregister_driver+0x28/0x40 [<ffffffff813be548>] destruct_tty_driver+0x88/0xe0 [<ffffffff813be5bd>] tty_driver_kref_put+0x1d/0x20 [<ffffffff813becca>] release_one_tty+0x5a/0xd0 [<ffffffff81074159>] process_one_work+0x139/0x420 [<ffffffff810745a1>] worker_thread+0x121/0x450 [<ffffffff81074480>] ? process_scheduled_works+0x40/0x40 [<ffffffff8107a16c>] kthread+0xec/0x110 [<ffffffff81080000>] ? tg_rt_schedulable+0x210/0x220 [<ffffffff8107a080>] ? kthread_freezable_should_stop+0x80/0x80 [<ffffffff815f7292>] ret_from_fork+0x42/0x70 [<ffffffff8107a080>] ? kthread_freezable_should_stop+0x80/0x80 Signed-off-by: nixiaoming <nixiaoming(a)huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/proc/proc_tty.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/fs/proc/proc_tty.c +++ b/fs/proc/proc_tty.c @@ -15,6 +15,7 @@ #include <linux/tty.h> #include <linux/seq_file.h> #include <linux/bitops.h> +#include "internal.h" /* * The /proc/tty directory inodes... @@ -165,7 +166,7 @@ void proc_tty_unregister_driver(struct t if (!ent) return; - remove_proc_entry(driver->driver_name, proc_tty_driver); + remove_proc_entry(ent->name, proc_tty_driver); driver->proc_entry = NULL; } Patches currently in stable-queue which might be from nixiaoming(a)huawei.com are queue-4.14/tty-fix-oops-when-rmmod-8250.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "thunderbolt: tb: fix use after free in tb_activate_pcie_devices" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled thunderbolt: tb: fix use after free in tb_activate_pcie_devices to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: thunderbolt-tb-fix-use-after-free-in-tb_activate_pcie_devices.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:28:59 CET 2017 From: "Gustavo A. R. Silva" <garsilva(a)embeddedor.com> Date: Sat, 4 Nov 2017 23:52:54 -0500 Subject: thunderbolt: tb: fix use after free in tb_activate_pcie_devices From: "Gustavo A. R. Silva" <garsilva(a)embeddedor.com> [ Upstream commit a2e373438f72391493a4425efc1b82030b6b4fd5 ] Add a ̣̣continue statement in order to avoid using a previously free'd pointer tunnel in list_add. Addresses-Coverity-ID: 1415336 Fixes: 9d3cce0b6136 ("thunderbolt: Introduce thunderbolt bus and connection manager") Signed-off-by: Gustavo A. R. Silva <garsilva(a)embeddedor.com> Acked-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/thunderbolt/tb.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/thunderbolt/tb.c +++ b/drivers/thunderbolt/tb.c @@ -225,6 +225,7 @@ static void tb_activate_pcie_devices(str tb_port_info(up_port, "PCIe tunnel activation failed, aborting\n"); tb_pci_free(tunnel); + continue; } list_add(&tunnel->list, &tcm->tunnel_list); Patches currently in stable-queue which might be from garsilva(a)embeddedor.com are queue-4.14/thunderbolt-tb-fix-use-after-free-in-tb_activate_pcie_devices.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "thermal/drivers/step_wise: Fix temperature regulation misbehavior" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled thermal/drivers/step_wise: Fix temperature regulation misbehavior to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: thermal-drivers-step_wise-fix-temperature-regulation-misbehavior.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 13:28:59 CET 2017 From: Daniel Lezcano <daniel.lezcano(a)linaro.org> Date: Thu, 19 Oct 2017 19:05:58 +0200 Subject: thermal/drivers/step_wise: Fix temperature regulation misbehavior From: Daniel Lezcano <daniel.lezcano(a)linaro.org> [ Upstream commit 07209fcf33542c1ff1e29df2dbdf8f29cdaacb10 ] There is a particular situation when the cooling device is cpufreq and the heat dissipation is not efficient enough where the temperature increases little by little until reaching the critical threshold and leading to a SoC reset. The behavior is reproducible on a hikey6220 with bad heat dissipation (eg. stacked with other boards). Running a simple C program doing while(1); for each CPU of the SoC makes the temperature to reach the passive regulation trip point and ends up to the maximum allowed temperature followed by a reset. This issue has been also reported by running the libhugetlbfs test suite. What is observed is a ping pong between two cpu frequencies, 1.2GHz and 900MHz while the temperature continues to grow. It appears the step wise governor calls get_target_state() the first time with the throttle set to true and the trend to 'raising'. The code selects logically the next state, so the cpu frequency decreases from 1.2GHz to 900MHz, so far so good. The temperature decreases immediately but still stays greater than the trip point, then get_target_state() is called again, this time with the throttle set to true *and* the trend to 'dropping'. From there the algorithm assumes we have to step down the state and the cpu frequency jumps back to 1.2GHz. But the temperature is still higher than the trip point, so get_target_state() is called with throttle=1 and trend='raising' again, we jump to 900MHz, then get_target_state() is called with throttle=1 and trend='dropping', we jump to 1.2GHz, etc ... but the temperature does not stabilizes and continues to increase. [ 237.922654] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=1,throttle=1 [ 237.922678] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=1,throttle=1 [ 237.922690] thermal cooling_device0: cur_state=0 [ 237.922701] thermal cooling_device0: old_target=0, target=1 [ 238.026656] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=2,throttle=1 [ 238.026680] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=2,throttle=1 [ 238.026694] thermal cooling_device0: cur_state=1 [ 238.026707] thermal cooling_device0: old_target=1, target=0 [ 238.134647] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=1,throttle=1 [ 238.134667] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=1,throttle=1 [ 238.134679] thermal cooling_device0: cur_state=0 [ 238.134690] thermal cooling_device0: old_target=0, target=1 In this situation the temperature continues to increase while the trend is oscillating between 'dropping' and 'raising'. We need to keep the current state untouched if the throttle is set, so the temperature can decrease or a higher state could be selected, thus preventing this oscillation. Keeping the next_target untouched when 'throttle' is true at 'dropping' time fixes the issue. The following traces show the governor does not change the next state if trend==2 (dropping) and throttle==1. [ 2306.127987] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=1,throttle=1 [ 2306.128009] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=1,throttle=1 [ 2306.128021] thermal cooling_device0: cur_state=0 [ 2306.128031] thermal cooling_device0: old_target=0, target=1 [ 2306.231991] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=2,throttle=1 [ 2306.232016] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=2,throttle=1 [ 2306.232030] thermal cooling_device0: cur_state=1 [ 2306.232042] thermal cooling_device0: old_target=1, target=1 [ 2306.335982] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=0,throttle=1 [ 2306.336006] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=0,throttle=1 [ 2306.336021] thermal cooling_device0: cur_state=1 [ 2306.336034] thermal cooling_device0: old_target=1, target=1 [ 2306.439984] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=2,throttle=1 [ 2306.440008] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=2,throttle=0 [ 2306.440022] thermal cooling_device0: cur_state=1 [ 2306.440034] thermal cooling_device0: old_target=1, target=0 [ ... ] After a while, if the temperature continues to increase, the next state becomes 2 which is 720MHz on the hikey. That results in the temperature stabilizing around the trip point. [ 2455.831982] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=1,throttle=1 [ 2455.832006] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=1,throttle=0 [ 2455.832019] thermal cooling_device0: cur_state=1 [ 2455.832032] thermal cooling_device0: old_target=1, target=1 [ 2455.935985] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=0,throttle=1 [ 2455.936013] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=0,throttle=0 [ 2455.936027] thermal cooling_device0: cur_state=1 [ 2455.936040] thermal cooling_device0: old_target=1, target=1 [ 2456.043984] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=0,throttle=1 [ 2456.044009] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=0,throttle=0 [ 2456.044023] thermal cooling_device0: cur_state=1 [ 2456.044036] thermal cooling_device0: old_target=1, target=1 [ 2456.148001] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=1,throttle=1 [ 2456.148028] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=1,throttle=1 [ 2456.148042] thermal cooling_device0: cur_state=1 [ 2456.148055] thermal cooling_device0: old_target=1, target=2 [ 2456.252009] thermal thermal_zone0: Trip0[type=1,temp=65000]:trend=2,throttle=1 [ 2456.252041] thermal thermal_zone0: Trip1[type=1,temp=75000]:trend=2,throttle=0 [ 2456.252058] thermal cooling_device0: cur_state=2 [ 2456.252075] thermal cooling_device0: old_target=2, target=1 IOW, this change is needed to keep the state for a cooling device if the temperature trend is oscillating while the temperature increases slightly. Without this change, the situation above leads to a catastrophic crash by a hardware reset on hikey. This issue has been reported to happen on an OMAP dra7xx also. Signed-off-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> Cc: Keerthy <j-keerthy(a)ti.com> Cc: John Stultz <john.stultz(a)linaro.org> Cc: Leo Yan <leo.yan(a)linaro.org> Tested-by: Keerthy <j-keerthy(a)ti.com> Reviewed-by: Keerthy <j-keerthy(a)ti.com> Signed-off-by: Eduardo Valentin <edubezval(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/thermal/step_wise.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/drivers/thermal/step_wise.c +++ b/drivers/thermal/step_wise.c @@ -31,8 +31,7 @@ * If the temperature is higher than a trip point, * a. if the trend is THERMAL_TREND_RAISING, use higher cooling * state for this trip point - * b. if the trend is THERMAL_TREND_DROPPING, use lower cooling - * state for this trip point + * b. if the trend is THERMAL_TREND_DROPPING, do nothing * c. if the trend is THERMAL_TREND_RAISE_FULL, use upper limit * for this trip point * d. if the trend is THERMAL_TREND_DROP_FULL, use lower limit @@ -94,9 +93,11 @@ static unsigned long get_target_state(st if (!throttle) next_target = THERMAL_NO_TARGET; } else { - next_target = cur_state - 1; - if (next_target > instance->upper) - next_target = instance->upper; + if (!throttle) { + next_target = cur_state - 1; + if (next_target > instance->upper) + next_target = instance->upper; + } } break; case THERMAL_TREND_DROP_FULL: Patches currently in stable-queue which might be from daniel.lezcano(a)linaro.org are queue-4.14/thermal-drivers-step_wise-fix-temperature-regulation-misbehavior.patch

7 years, 9 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror