READ/WRITE_ONCE are for atomic data types, not for structures. Fix this
up by doing a memcpy to make it explicit just how messy this copy is...
This fixes a build error on 5.8-rc1, as things are more strict, odds are
it's also wrong in other kernel versions as well...
Cc: Daniel Mentz <danielmentz@google.com>
Cc: Paul Lawrence <paullawrence@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7ecd3d05bd94c936dd5e69c63028458786f37a78
Git-commit: 197d678a0e
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
Enable legacy method to generate aes keys derived
from nonce and master key. In private mode the keys
will be used as file encryption keys and set into
Inline Crypto Engine hardware.
This will be used to support OTA upgrades where
device were launched using legacy PFK generation
method.
Test:
1) Flashed P meta, create multiple files under /data.
2) Set PIN
3) Build R (include OTA changes) and flash
APPS images of R except userdata and boot the device.
4) Device booted upto UI.
5) Unlock device by PIN set on P build.
6) Files created with Q build retained.
7) Created new files under /data and checked retention across
multiple re-boots.
Change-Id: I6b4e49ed4549bf4f27ea63ab33016b00dca9fcf0
Signed-off-by: Jiten Patel <jitepate@codeaurora.org>
Pass pid struct instead of tgid to the reclaim notifier so that
notifier users need not worry on pid reuse issues.
Change-Id: Ifd11937da75547c3b0ddecc19ecad1e488a86962
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
Skip using target_vma for address space reclaim. Shared pages
are not reclaimed by this interface and thus there isn't a need
to perform targeted reclaim.
Change-Id: I17cc0452c1179786ac64f0dd1ee81b2b71bb7caa
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
* refs/heads/tmp-8ee67bc
Revert "nl80211: fix non-split wiphy information"
Reverting usb changes
Linux 4.19.157
powercap: restrict energy meter to root access
Revert "ANDROID: Kbuild, LLVMLinux: allow overriding clang target triple"
Linux 4.19.156
arm64: dts: marvell: espressobin: Add ethernet switch aliases
net: dsa: read mac address from DT for slave device
tools: perf: Fix build error in v4.19.y
perf/core: Fix a memory leak in perf_event_parse_addr_filter()
PM: runtime: Resume the device earlier in __device_release_driver()
Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
ARC: stack unwinding: avoid indefinite looping
usb: mtu3: fix panic in mtu3_gadget_stop()
USB: Add NO_LPM quirk for Kingston flash drive
USB: serial: option: add Telit FN980 composition 0x1055
USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
USB: serial: option: add Quectel EC200T module support
USB: serial: cyberjack: fix write-URB completion race
serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
serial: 8250_mtk: Fix uart_get_baud_rate warning
fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
vt: Disable KD_FONT_OP_COPY
ACPI: NFIT: Fix comparison to '-ENXIO'
drm/vc4: drv: Add error handding for bind
vsock: use ns_capable_noaudit() on socket create
scsi: core: Don't start concurrent async scan on same host
blk-cgroup: Pre-allocate tree node on blkg_conf_prep
blk-cgroup: Fix memleak on error path
of: Fix reserved-memory overlap detection
x86/kexec: Use up-to-dated screen_info copy to fill boot params
ARM: dts: sun4i-a10: fix cpu_alert temperature
futex: Handle transient "ownerless" rtmutex state correctly
tracing: Fix out of bounds write in get_trace_buf
ftrace: Handle tracing when switching between context
ftrace: Fix recursion check for NMI test
ring-buffer: Fix recursion protection transitions between interrupt context
gfs2: Wake up when sd_glock_disposal becomes zero
mm: always have io_remap_pfn_range() set pgprot_decrypted()
kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled
lib/crc32test: remove extra local_irq_disable/enable
mm: mempolicy: fix potential pte_unmap_unlock pte error
ALSA: usb-audio: Add implicit feedback quirk for MODX
ALSA: usb-audio: Add implicit feedback quirk for Qu-16
ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices
ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2
Fonts: Replace discarded const qualifier
btrfs: tree-checker: fix the error message for transid error
btrfs: tree-checker: Verify inode item
btrfs: tree-checker: Enhance chunk checker to validate chunk profile
btrfs: tree-checker: Fix wrong check on max devid
btrfs: tree-checker: Verify dev item
btrfs: tree-checker: Check chunk item at tree block read time
btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO
btrfs: tree-checker: Make chunk item checker messages more readable
btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
btrfs: Don't submit any btree write bio if the fs has errors
Btrfs: fix unwritten extent buffers and hangs on future writeback attempts
btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io()
btrfs: extent_io: Handle errors better in btree_write_cache_pages()
btrfs: extent_io: Handle errors better in extent_write_full_page()
btrfs: flush write bio if we loop in extent_write_cache_pages
Revert "btrfs: flush write bio if we loop in extent_write_cache_pages"
btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
btrfs: extent_io: Kill the forward declaration of flush_write_bio
blktrace: fix debugfs use after free
sfp: Fix error handing in sfp_probe()
sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms
net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition
gianfar: Account for Tx PTP timestamp in the skb headroom
gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
chelsio/chtls: fix always leaking ctrl_skb
chelsio/chtls: fix memory leaks caused by a race
cadence: force nonlinear buffers to be cloned
ptrace: fix task_join_group_stop() for the case when current is traced
tipc: fix use-after-free in tipc_bcast_get_mode
drm/i915: Break up error capture compression loops with cond_resched()
ANDROID: fuse: Add support for d_canonical_path
ANDROID: vfs: add d_canonical_path for stacked filesystem support
ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
Linux 4.19.155
staging: octeon: Drop on uncorrectable alignment or FCS error
staging: octeon: repair "fixed-link" support
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
device property: Don't clear secondary pointer for shared primary firmware node
device property: Keep secondary firmware node secondary by type
ARM: s3c24xx: fix missing system reset
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
arm: dts: mt7623: add missing pause for switchport
hil/parisc: Disable HIL driver when it gets stuck
cachefiles: Handle readpage error correctly
arm64: berlin: Select DW_APB_TIMER_OF
tty: make FONTX ioctl use the tty pointer they were actually passed
rtc: rx8010: don't modify the global rtc ops
drm/ttm: fix eviction valuable range check.
ext4: fix invalid inode checksum
ext4: fix error handling code in add_new_gdb
ext4: fix leaking sysfs kobject after failed mount
vringh: fix __vringh_iov() when riov and wiov are different
ring-buffer: Return 0 on success from ring_buffer_resize()
9P: Cast to loff_t before multiplying
libceph: clear con->out_msg on Policy::stateful_server faults
ceph: promote to unsigned long long before shifting
drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally
drm/amdgpu: don't map BO in reserved region
i2c: imx: Fix external abort on interrupt in exit paths
ia64: fix build error with !COREDUMP
ubi: check kthread_should_stop() after the setting of task state
perf python scripting: Fix printable strings in python3 scripts
ubifs: dent: Fix some potential memory leaks while iterating entries
NFSD: Add missing NFSv2 .pc_func methods
NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation
powerpc/powernv/elog: Fix race while processing OPAL error log event.
powerpc: Warn about use of smt_snooze_delay
powerpc/rtas: Restrict RTAS requests from userspace
s390/stp: add locking to sysfs functions
powerpc/drmem: Make lmb_size 64 bit
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc12138 Fix alignment issue with timestamp
iio:adc:ti-adc0832 Fix alignment issue with timestamp
iio:light:si1145: Fix timestamp alignment and prevent data leak.
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
udf: Fix memory leak when mounting
HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery
vt: keyboard, extend func_buf_lock to readers
vt: keyboard, simplify vt_kdgkbsent
drm/i915: Force VT'd workarounds when running as a guest OS
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
usb: typec: tcpm: reset hard_reset_count for any disconnect
usb: cdc-acm: fix cooldown mechanism
usb: dwc3: core: don't trigger runtime pm when remove driver
usb: dwc3: core: add phy cleanup for probe error handling
usb: dwc3: gadget: Check MPS of the request length
usb: dwc3: ep0: Fix ZLP for OUT ep0 requests
usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC
btrfs: fix use-after-free on readahead extent after failure to create it
btrfs: cleanup cow block on error
btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send()
btrfs: send, recompute reference path after orphanization of a directory
btrfs: reschedule if necessary when logging directory items
btrfs: improve device scanning messages
btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode
scsi: qla2xxx: Fix crash on session cleanup with unload
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
w1: mxc_w1: Fix timeout resolution problem leading to bus error
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
ACPI: debug: don't allow debugging when ACPI is disabled
ACPI: video: use ACPI backlight for HP 635 Notebook
ACPI / extlog: Check for RDMSR failure
ACPI: button: fix handling lid state changes when input device closed
NFS: fix nfs_path in case of a rename retry
fs: Don't invalidate page buffers in block_write_full_page()
media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect
leds: bcm6328, bcm6358: use devres LED registering function
perf/x86/amd/ibs: Fix raw sample data accumulation
perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN
md/raid5: fix oops during stripe resizing
nvme-rdma: fix crash when connect rejected
sgl_alloc_order: fix memory leak
nbd: make the config put is called before the notifying the waiter
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
memory: emif: Remove bogus debugfs error handling
ARM: dts: omap4: Fix sgx clock rate for 4430
arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes
cifs: handle -EINTR in cifs_setattr
gfs2: add validation checks for size of superblock
ext4: Detect already used quota file early
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
clk: ti: clockdomain: fix static checker warning
rpmsg: glink: Use complete_all for open states
bnxt_en: Log unknown link speed appropriately.
md/bitmap: md_bitmap_get_counter returns wrong blocks
btrfs: fix replace of seed device
drm/amd/display: HDMI remote sink need mode validation for Linux
power: supply: test_power: add missing newlines when printing parameters by sysfs
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
ACPI: Add out of bounds and numa_off protections to pxm_to_node()
xfs: don't free rt blocks when we're doing a REMAP bunmapi call
arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
usb: xhci: omit duplicate actions when suspending a runtime suspended host.
uio: free uio id after uio file node is freed
USB: adutux: fix debugging
cpufreq: sti-cpufreq: add stih418 support
riscv: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
media: uvcvideo: Fix dereference of out-of-bound list iterator
kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
ia64: kprobes: Use generic kretprobe trampoline handler
printk: reduce LOG_BUF_SHIFT range for H8300
arm64: topology: Stop using MPIDR for topology information
drm/bridge/synopsys: dsi: add support for non-continuous HS clock
mmc: via-sdmmc: Fix data race bug
media: imx274: fix frame interval handling
media: tw5864: check status of tw5864_frameinterval_get
usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart
media: platform: Improve queue set up flow for bug fixing
media: videodev2.h: RGB BT2020 and HSV are always full range
drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly
ath10k: fix VHT NSS calculation when STBC is enabled
ath10k: start recovery process when payload length exceeds max htc length for sdio
video: fbdev: pvr2fb: initialize variables
xfs: fix realtime bitmap/summary file truncation when growing rt volume
power: supply: bq27xxx: report "not charging" on all types
ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
um: change sigio_spinlock to a mutex
f2fs: fix to check segment boundary during SIT page readahead
f2fs: fix uninit-value in f2fs_lookup
f2fs: add trace exit in exception path
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM
mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
powerpc/powernv/smp: Fix spurious DBG() warning
futex: Fix incorrect should_fail_futex() handling
ata: sata_nv: Fix retrieving of active qcs
RDMA/qedr: Fix memory leak in iWARP CM
mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
xen/events: block rogue events for some time
xen/events: defer eoi in case of excessive number of events
xen/events: use a common cpu hotplug hook for event channels
xen/events: switch user event channels to lateeoi model
xen/pciback: use lateeoi irq binding
xen/pvcallsback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/blkback: use lateeoi irq binding
xen/events: add a new "late EOI" evtchn framework
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: avoid removing an event channel while handling it
xen/events: don't use chip_data for legacy IRQs
Revert "block: ratelimit handle_bad_sector() message"
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
fscrypt: only set dentry_operations on ciphertext dentries
fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory
fscrypt: fix race allowing rename() and link() of ciphertext dentries
fscrypt: clean up and improve dentry revalidation
fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
ata: sata_rcar: Fix DMA boundary mask
serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt
mtd: lpddr: Fix bad logic in print_drs_error
RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel()
cxl: Rework error message for incompatible slots
p54: avoid accessing the data mapped to streaming DMA
evm: Check size of security.evm before using it
bpf: Fix comment for helper bpf_current_task_under_cgroup()
fuse: fix page dereference after free
x86/xen: disable Firmware First mode for correctable memory errors
arch/x86/amd/ibs: Fix re-arming IBS Fetch
cxgb4: set up filter action after rewrites
r8169: fix issue with forced threading in combination with shared interrupts
tipc: fix memory leak caused by tipc_buf_append()
tcp: Prevent low rmem stalls with SO_RCVLOWAT.
ravb: Fix bit fields checking in ravb_hwtstamp_get()
netem: fix zero division in tabledist
mlxsw: core: Fix memory leak on module removal
gtp: fix an use-before-init in gtp_newlink()
chelsio/chtls: fix tls record info to user
chelsio/chtls: fix memory leaks in CPL handlers
chelsio/chtls: fix deadlock issue
efivarfs: Replace invalid slashes with exclamation marks in dentries.
x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled
arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs
scripts/setlocalversion: make git describe output more reliable
objtool: Support Clang non-section symbols in ORC generation
ANDROID: GKI: Enable DEBUG_INFO_DWARF4
UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
UPSTREAM: xfrm/compat: Add 64=>32-bit messages translator
BACKPORT: xfrm: Provide API to register translator module
ANDROID: Publish uncompressed Image on aarch64
FROMLIST: crypto: arm64/poly1305-neon - reorder PAC authentication with SP update
UPSTREAM: crypto: arm64/chacha - fix chacha_4block_xor_neon() for big endian
UPSTREAM: crypto: arm64/chacha - fix hchacha_block_neon() for big endian
Linux 4.19.154
usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
eeprom: at25: set minimum read/write access stride to 1
USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
tty: serial: fsl_lpuart: fix lpuart32_poll_get_char
net: korina: cast KSEG0 address to pointer in kfree
ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config()
usb: core: Solve race condition in anchor cleanup functions
brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
mwifiex: don't call del_timer_sync() on uninitialized timer
reiserfs: Fix memory leak in reiserfs_parse_options()
ipvs: Fix uninit-value in do_ip_vs_set_ctl()
tty: ipwireless: fix error handling
scsi: qedi: Fix list_del corruption while removing active I/O
scsi: qedi: Protect active command list to avoid list corruption
Fix use after free in get_capset_info callback.
rtl8xxxu: prevent potential memory leak
brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
scsi: ibmvfc: Fix error return in ibmvfc_probe()
Bluetooth: Only mark socket zapped after unlocking
usb: ohci: Default to per-port over-current protection
xfs: make sure the rt allocator doesn't run off the end
reiserfs: only call unlock_new_inode() if I_NEW
misc: rtsx: Fix memory leak in rtsx_pci_probe
ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
can: flexcan: flexcan_chip_stop(): add error handling and propagate error value
usb: dwc3: simple: add support for Hikey 970
USB: cdc-acm: handle broken union descriptors
udf: Avoid accessing uninitialized data on failed inode read
udf: Limit sparing table size
usb: gadget: function: printer: fix use-after-free in __lock_acquire
misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
mic: vop: copy data to kernel space then write to io memory
scsi: target: core: Add CONTROL field for trace events
scsi: mvumi: Fix error return in mvumi_io_attach()
PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
mac80211: handle lack of sband->bitrates in rates
ip_gre: set dev->hard_header_len and dev->needed_headroom properly
ntfs: add check for mft record size in superblock
media: venus: core: Fix runtime PM imbalance in venus_probe
fs: dlm: fix configfs memory leak
media: saa7134: avoid a shift overflow
mmc: sdio: Check for CISTPL_VERS_1 buffer size
media: uvcvideo: Ensure all probed info is returned to v4l2
media: media/pci: prevent memory leak in bttv_probe
media: bdisp: Fix runtime PM imbalance on error
media: platform: sti: hva: Fix runtime PM imbalance on error
media: platform: s3c-camif: Fix runtime PM imbalance on error
media: vsp1: Fix runtime PM imbalance on error
media: exynos4-is: Fix a reference count leak
media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
media: sti: Fix reference count leaks
media: st-delta: Fix reference count leak in delta_run_work
media: ati_remote: sanity check for both endpoints
media: firewire: fix memory leak
crypto: ccp - fix error handling
block: ratelimit handle_bad_sector() message
i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs
perf: correct SNOOPX field offset
sched/features: Fix !CONFIG_JUMP_LABEL case
NTB: hw: amd: fix an issue about leak system resources
nvmet: fix uninitialized work for zero kato
powerpc/powernv/dump: Fix race while processing OPAL dump
arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers
arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts
arm64: dts: qcom: pm8916: Remove invalid reg size from wcd_codec
memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
memory: omap-gpmc: Fix build error without CONFIG_OF
memory: omap-gpmc: Fix a couple off by ones
ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator
ARM: dts: imx6sl: fix rng node
netfilter: nf_fwd_netdev: clear timestamp in forwarding path
netfilter: conntrack: connection timeout after re-register
KVM: x86: emulating RDPID failure shall return #UD rather than #GP
Input: sun4i-ps2 - fix handling of platform_get_irq() error
Input: twl4030_keypad - fix handling of platform_get_irq() error
Input: omap4-keypad - fix handling of platform_get_irq() error
Input: ep93xx_keypad - fix handling of platform_get_irq() error
Input: stmfts - fix a & vs && typo
Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
SUNRPC: fix copying of multiple pages in gss_read_proxy_verf()
vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages
vfio/pci: Clear token on bypass registration failure
ext4: limit entries returned when counting fsmap records
svcrdma: fix bounce buffers for unaligned offsets and multiple pages
watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3
watchdog: Use put_device on error
watchdog: Fix memleak in watchdog_cdev_register
clk: bcm2835: add missing release if devm_clk_hw_register fails
clk: at91: clk-main: update key before writing AT91_CKGR_MOR
clk: rockchip: Initialize hw to error to avoid undefined behavior
pwm: img: Fix null pointer access in probe
rpmsg: smd: Fix a kobj leak in in qcom_smd_parse_edge()
PCI: iproc: Set affinity mask on MSI interrupts
i2c: rcar: Auto select RESET_CONTROLLER
mailbox: avoid timer start from callback
rapidio: fix the missed put_device() for rio_mport_add_riodev
rapidio: fix error handling path
ramfs: fix nommu mmap with gaps in the page cache
lib/crc32.c: fix trivial typo in preprocessor condition
f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info
IB/rdmavt: Fix sizeof mismatch
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
powerpc/perf/hv-gpci: Fix starting index value
powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints
overflow: Include header file with SIZE_MAX declaration
kdb: Fix pager search for multi-line strings
RDMA/hns: Fix missing sq_sig_type when querying QP
RDMA/hns: Set the unsupported wr opcode
perf intel-pt: Fix "context_switch event has no tid" error
RDMA/cma: Consolidate the destruction of a cma_multicast in one place
RDMA/cma: Remove dead code for kernel rdmacm multicast
powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm
powerpc/tau: Disable TAU between measurements
powerpc/tau: Check processor type before enabling TAU interrupt
ANDROID: GKI: update the ABI xml
Linux 4.19.153
powerpc/tau: Remove duplicated set_thresholds() call
powerpc/tau: Convert from timer to workqueue
powerpc/tau: Use appropriate temperature sample interval
RDMA/qedr: Fix inline size returned for iWARP
RDMA/qedr: Fix use of uninitialized field
xfs: fix high key handling in the rt allocator's query_range function
xfs: limit entries returned when counting fsmap records
arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER
ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
mtd: mtdoops: Don't write panic data twice
powerpc/pseries: explicitly reschedule during drmem_lmb list traversal
mtd: lpddr: fix excessive stack usage with clang
RDMA/ucma: Add missing locking around rdma_leave_multicast()
RDMA/ucma: Fix locking for ctx->events_reported
powerpc/icp-hv: Fix missing of_node_put() in success path
powerpc/pseries: Fix missing of_node_put() in rng_init()
IB/mlx4: Adjust delayed work when a dup is observed
IB/mlx4: Fix starvation in paravirt mux/demux
mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary
mm/memcg: fix device private memcg accounting
netfilter: nf_log: missing vlan offload tag and proto
net: korina: fix kfree of rx/tx descriptor array
ipvs: clear skb->tstamp in forwarding path
mwifiex: fix double free
platform/x86: mlx-platform: Remove PSU EEPROM configuration
scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
scsi: target: tcmu: Fix warning: 'page' may be used uninitialized
usb: dwc2: Fix INTR OUT transfers in DDMA mode.
nl80211: fix non-split wiphy information
usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above.
iwlwifi: mvm: split a print to avoid a WARNING in ROC
mfd: sm501: Fix leaks in probe()
net: enic: Cure the enic api locking trainwreck
qtnfmac: fix resource leaks on unsupported iftype error return path
HID: hid-input: fix stylus battery reporting
slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback
slimbus: core: do not enter to clock pause mode in core
slimbus: core: check get_addr before removing laddr ida
quota: clear padding in v2r1_mem2diskdqb()
usb: dwc2: Fix parameter type in function pointer prototype
ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
misc: mic: scif: Fix error handling path
ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
net: dsa: rtl8366rb: Support all 4096 VLANs
net: dsa: rtl8366: Skip PVID setting if not requested
net: dsa: rtl8366: Refactor VLAN/PVID init
net: dsa: rtl8366: Check validity of passed VLANs
cpufreq: armada-37xx: Add missing MODULE_DEVICE_TABLE
net: stmmac: use netif_tx_start|stop_all_queues() function
net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow
pinctrl: mcp23s08: Fix mcp23x17 precious range
pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser
HID: roccat: add bounds checking in kone_sysfs_write_settings()
video: fbdev: radeon: Fix memleak in radeonfb_pci_register
video: fbdev: sis: fix null ptr dereference
video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
drivers/virt/fsl_hypervisor: Fix error handling path
pwm: lpss: Add range limit check for the base_unit register value
pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare()
pty: do tty_flip_buffer_push without port->lock in pty_write
tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
tty: serial: earlycon dependency
VMCI: check return value of get_user_pages_fast() for errors
backlight: sky81452-backlight: Fix refcount imbalance on error
scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba()
scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
drm/gma500: fix error check
staging: rtl8192u: Do not use GFP_KERNEL in atomic context
mwifiex: Do not use GFP_KERNEL in atomic context
brcmfmac: check ndev pointer
ASoC: qcom: lpass-cpu: fix concurrency issue
ASoC: qcom: lpass-platform: fix memory leak
wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path
ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
Bluetooth: hci_uart: Cancel init work before unregistering
ath10k: provide survey info as accumulated data
spi: spi-s3c64xx: Check return values
spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath()
pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB
regulator: resolve supply after creating regulator
media: ti-vpe: Fix a missing check and reference count leak
media: stm32-dcmi: Fix a reference count leak
media: s5p-mfc: Fix a reference count leak
media: camss: Fix a reference count leak.
media: platform: fcp: Fix a reference count leak.
media: rockchip/rga: Fix a reference count leak.
media: rcar-vin: Fix a reference count leak.
media: tc358743: cleanup tc358743_cec_isr
media: tc358743: initialize variable
media: mx2_emmaprp: Fix memleak in emmaprp_probe
cypto: mediatek - fix leaks in mtk_desc_ring_alloc
hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61}
crypto: omap-sham - fix digcnt register handling with export/import
media: omap3isp: Fix memleak in isp_probe
media: uvcvideo: Silence shift-out-of-bounds warning
media: uvcvideo: Set media controller entity functions
media: m5mols: Check function pointer in m5mols_sensor_power
media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()"
media: tuner-simple: fix regression in simple_set_radio_freq
crypto: picoxcell - Fix potential race condition bug
crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc()
crypto: algif_skcipher - EBUSY on aio should be an error
x86/events/amd/iommu: Fix sizeof mismatch
x86/nmi: Fix nmi_handle() duration miscalculation
drivers/perf: xgene_pmu: Fix uninitialized resource struct
x86/fpu: Allow multiple bits in clearcpuid= parameter
EDAC/ti: Fix handling of platform_get_irq() error
EDAC/i5100: Fix error handling order in i5100_init_one()
crypto: algif_aead - Do not set MAY_BACKLOG on the async path
ima: Don't ignore errors from crypto_shash_update()
KVM: SVM: Initialize prev_ga_tag before use
KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
cifs: Return the error from crypt_message when enc/dec key not found.
cifs: remove bogus debug code
ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
icmp: randomize the global rate limiter
r8169: fix operation under forced interrupt threading
tcp: fix to update snd_wl1 in bulk receiver fast path
nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels
net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup
net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
chelsio/chtls: correct function return and return type
chelsio/chtls: correct netdevice for vlan interface
chelsio/chtls: fix socket lock
ALSA: bebob: potential info leak in hwdep_read()
binder: fix UAF when releasing todo list
net/tls: sendfile fails with ktls offload
r8169: fix data corruption issue on RTL8402
net/ipv4: always honour route mtu during forwarding
tipc: fix the skb_unshare() in tipc_buf_append()
net: usb: qmi_wwan: add Cellient MPL200 card
net/smc: fix valid DMBE buffer sizes
net: fix pos incrementment in ipv6_route_seq_next
net: fec: Fix PHY init after phy_reset_after_clk_enable()
net: fec: Fix phy_device lookup for phy_reset_after_clk_enable()
mlx4: handle non-napi callers to napi_poll
ipv4: Restore flowi4_oif update before call to xfrm_lookup_route
ibmveth: Identify ingress large send packets.
ibmveth: Switch order of ibmveth_helper calls.
ANDROID: clang: update to 11.0.5
FROMLIST: arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
ANDROID: GKI: enable CONFIG_WIREGUARD
UPSTREAM: wireguard: peerlookup: take lock before checking hash in replace operation
UPSTREAM: wireguard: noise: take lock when removing handshake entry from table
UPSTREAM: wireguard: queueing: make use of ip_tunnel_parse_protocol
UPSTREAM: net: ip_tunnel: add header_ops for layer 3 devices
UPSTREAM: wireguard: receive: account for napi_gro_receive never returning GRO_DROP
UPSTREAM: wireguard: device: avoid circular netns references
UPSTREAM: wireguard: noise: do not assign initiation time in if condition
UPSTREAM: wireguard: noise: separate receive counter from send counter
UPSTREAM: wireguard: queueing: preserve flow hash across packet scrubbing
UPSTREAM: wireguard: noise: read preshared key while taking lock
UPSTREAM: wireguard: selftests: use newer iproute2 for gcc-10
UPSTREAM: wireguard: send/receive: use explicit unlikely branch instead of implicit coalescing
UPSTREAM: wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning
UPSTREAM: wireguard: send/receive: cond_resched() when processing worker ringbuffers
UPSTREAM: wireguard: socket: remove errant restriction on looping to self
UPSTREAM: wireguard: selftests: use normal kernel stack size on ppc64
UPSTREAM: wireguard: receive: use tunnel helpers for decapsulating ECN markings
UPSTREAM: wireguard: queueing: cleanup ptr_ring in error path of packet_queue_init
UPSTREAM: wireguard: send: remove errant newline from packet_encrypt_worker
UPSTREAM: wireguard: noise: error out precomputed DH during handshake rather than config
UPSTREAM: wireguard: receive: remove dead code from default packet type case
UPSTREAM: wireguard: queueing: account for skb->protocol==0
UPSTREAM: wireguard: selftests: remove duplicated include <sys/types.h>
UPSTREAM: wireguard: socket: remove extra call to synchronize_net
UPSTREAM: wireguard: send: account for mtu=0 devices
UPSTREAM: wireguard: receive: reset last_under_load to zero
UPSTREAM: wireguard: selftests: reduce complexity and fix make races
UPSTREAM: wireguard: device: use icmp_ndo_send helper
UPSTREAM: wireguard: selftests: tie socket waiting to target pid
UPSTREAM: wireguard: selftests: ensure non-addition of peers with failed precomputation
UPSTREAM: wireguard: noise: reject peers with low order public keys
UPSTREAM: wireguard: allowedips: fix use-after-free in root_remove_peer_lists
UPSTREAM: net: skbuff: disambiguate argument and member for skb_list_walk_safe helper
UPSTREAM: net: introduce skb_list_walk_safe for skb segment walking
UPSTREAM: wireguard: socket: mark skbs as not on list when receiving via gro
UPSTREAM: wireguard: queueing: do not account for pfmemalloc when clearing skb header
UPSTREAM: wireguard: selftests: remove ancient kernel compatibility code
UPSTREAM: wireguard: allowedips: use kfree_rcu() instead of call_rcu()
UPSTREAM: wireguard: main: remove unused include <linux/version.h>
UPSTREAM: wireguard: global: fix spelling mistakes in comments
UPSTREAM: wireguard: Kconfig: select parent dependency for crypto
UPSTREAM: wireguard: selftests: import harness makefile for test suite
UPSTREAM: net: WireGuard secure network tunnel
UPSTREAM: timekeeping: Boot should be boottime for coarse ns accessor
UPSTREAM: timekeeping: Add missing _ns functions for coarse accessors
UPSTREAM: icmp: introduce helper for nat'd source address in network device context
UPSTREAM: crypto: poly1305-x86_64 - Use XORL r32,32
UPSTREAM: crypto: curve25519-x86_64 - Use XORL r32,32
UPSTREAM: crypto: arm/poly1305 - Add prototype for poly1305_blocks_neon
UPSTREAM: crypto: arm/curve25519 - include <linux/scatterlist.h>
UPSTREAM: crypto: x86/curve25519 - Remove unused carry variables
UPSTREAM: crypto: x86/chacha-sse3 - use unaligned loads for state array
UPSTREAM: crypto: lib/chacha20poly1305 - Add missing function declaration
UPSTREAM: crypto: arch/lib - limit simd usage to 4k chunks
UPSTREAM: crypto: arm[64]/poly1305 - add artifact to .gitignore files
UPSTREAM: crypto: x86/curve25519 - leave r12 as spare register
UPSTREAM: crypto: x86/curve25519 - replace with formally verified implementation
UPSTREAM: crypto: arm64/chacha - correctly walk through blocks
UPSTREAM: crypto: x86/curve25519 - support assemblers with no adx support
UPSTREAM: crypto: chacha20poly1305 - prevent integer overflow on large input
UPSTREAM: crypto: Kconfig - allow tests to be disabled when manager is disabled
UPSTREAM: crypto: arm/chacha - fix build failured when kernel mode NEON is disabled
UPSTREAM: crypto: x86/poly1305 - emit does base conversion itself
UPSTREAM: crypto: chacha20poly1305 - add back missing test vectors and test chunking
UPSTREAM: crypto: x86/poly1305 - fix .gitignore typo
UPSTREAM: crypto: curve25519 - Fix selftest build error
UPSTREAM: crypto: {arm,arm64,mips}/poly1305 - remove redundant non-reduction from emit
UPSTREAM: crypto: x86/poly1305 - wire up faster implementations for kernel
UPSTREAM: crypto: x86/poly1305 - import unmodified cryptogams implementation
UPSTREAM: crypto: poly1305 - add new 32 and 64-bit generic versions
UPSTREAM: crypto: lib/curve25519 - re-add selftests
UPSTREAM: crypto: arm/curve25519 - add arch-specific key generation function
UPSTREAM: crypto: chacha - fix warning message in header file
UPSTREAM: crypto: arch - conditionalize crypto api in arch glue for lib code
UPSTREAM: crypto: lib/chacha20poly1305 - use chacha20_crypt()
UPSTREAM: crypto: x86/chacha - only unregister algorithms if registered
UPSTREAM: crypto: chacha_generic - remove unnecessary setkey() functions
UPSTREAM: crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine
UPSTREAM: crypto: chacha20poly1305 - import construction and selftest from Zinc
UPSTREAM: crypto: arm/curve25519 - wire up NEON implementation
UPSTREAM: crypto: arm/curve25519 - import Bernstein and Schwabe's Curve25519 ARM implementation
UPSTREAM: crypto: curve25519 - x86_64 library and KPP implementations
UPSTREAM: crypto: lib/curve25519 - work around Clang stack spilling issue
UPSTREAM: crypto: curve25519 - implement generic KPP driver
UPSTREAM: crypto: curve25519 - add kpp selftest
UPSTREAM: crypto: curve25519 - generic C library implementations
UPSTREAM: crypto: blake2s - x86_64 SIMD implementation
UPSTREAM: crypto: blake2s - implement generic shash driver
UPSTREAM: crypto: testmgr - add test cases for Blake2s
UPSTREAM: crypto: blake2s - generic C library implementation and selftest
UPSTREAM: crypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation
UPSTREAM: crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
UPSTREAM: crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
UPSTREAM: crypto: x86/poly1305 - expose existing driver as poly1305 library
UPSTREAM: crypto: x86/poly1305 - depend on generic library not generic shash
UPSTREAM: crypto: poly1305 - expose init/update/final library interface
UPSTREAM: crypto: x86/poly1305 - unify Poly1305 state struct with generic code
UPSTREAM: crypto: poly1305 - move core routines into a separate library
UPSTREAM: crypto: chacha - unexport chacha_generic routines
UPSTREAM: crypto: mips/chacha - wire up accelerated 32r2 code from Zinc
UPSTREAM: crypto: mips/chacha - import 32r2 ChaCha code from Zinc
UPSTREAM: crypto: arm/chacha - expose ARM ChaCha routine as library function
UPSTREAM: crypto: arm/chacha - remove dependency on generic ChaCha driver
UPSTREAM: crypto: arm/chacha - import Eric Biggers's scalar accelerated ChaCha code
UPSTREAM: crypto: arm64/chacha - expose arm64 ChaCha routine as library function
UPSTREAM: crypto: arm64/chacha - depend on generic chacha library instead of crypto driver
UPSTREAM: crypto: arm64/chacha - use combined SIMD/ALU routine for more speed
UPSTREAM: crypto: arm64/chacha - optimize for arbitrary length inputs
UPSTREAM: crypto: x86/chacha - expose SIMD ChaCha routine as library function
UPSTREAM: crypto: x86/chacha - depend on generic chacha library instead of crypto driver
UPSTREAM: crypto: chacha - move existing library code into lib/crypto
UPSTREAM: crypto: lib - tidy up lib/crypto Kconfig and Makefile
UPSTREAM: crypto: chacha - constify ctx and iv arguments
UPSTREAM: crypto: x86/poly1305 - Clear key material from stack in SSE2 variant
UPSTREAM: crypto: xchacha20 - fix comments for test vectors
UPSTREAM: crypto: xchacha - add test vector from XChaCha20 draft RFC
UPSTREAM: crypto: arm64/chacha - add XChaCha12 support
UPSTREAM: crypto: arm64/chacha20 - refactor to allow varying number of rounds
UPSTREAM: crypto: arm64/chacha20 - add XChaCha20 support
UPSTREAM: crypto: x86/chacha - avoid sleeping under kernel_fpu_begin()
UPSTREAM: crypto: x86/chacha - yield the FPU occasionally
UPSTREAM: crypto: x86/chacha - add XChaCha12 support
UPSTREAM: crypto: x86/chacha20 - refactor to allow varying number of rounds
UPSTREAM: crypto: x86/chacha20 - add XChaCha20 support
UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 8-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Use larger block functions more aggressively
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 8-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 4-block SSSE3 variant
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 1-block SSSE3 variant
ANDROID: GKI: Enable CONFIG_USB_ANNOUNCE_NEW_DEVICES
ANDROID: GKI: Enable CONFIG_X86_X2APIC
ANDROID: move builds to use gas prebuilts
UPSTREAM: binder: fix UAF when releasing todo list
Conflicts:
crypto/algif_aead.c
drivers/rpmsg/qcom_glink_native.c
drivers/scsi/ufs/ufs-qcom.c
drivers/slimbus/qcom-ngd-ctrl.c
fs/notify/inotify/inotify_user.c
include/linux/dcache.h
include/linux/fsnotify.h
mm/oom_kill.c
Fixed build errors:
fs/fuse/dir.c
Change-Id: I95bdbb1b183fa2c569023f18e09799d9cb96fc9f
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
New file encryption V2 format suports IV_INO_LBLK_32 but this is
needed in V1 to support over the air upgrade which uses
FS_ENCRYPTION_MODE_PRIVATE data encryption mode. Also randomness of
encrypted data for eMMC devices is fixed.
Test: vts-kernel-encryption-test after Q to R OTA.
Change-Id: Idb9f5a140e755a9f5c9aa26d5f0e900252f441e8
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
https://bugzilla.kernel.org/show_bug.cgi?id=208565
PID: 257 TASK: ecdd0000 CPU: 0 COMMAND: "init"
#0 [<c0b420ec>] (__schedule) from [<c0b423c8>]
#1 [<c0b423c8>] (schedule) from [<c0b459d4>]
#2 [<c0b459d4>] (rwsem_down_read_failed) from [<c0b44fa0>]
#3 [<c0b44fa0>] (down_read) from [<c044233c>]
#4 [<c044233c>] (f2fs_truncate_blocks) from [<c0442890>]
#5 [<c0442890>] (f2fs_truncate) from [<c044d408>]
#6 [<c044d408>] (f2fs_evict_inode) from [<c030be18>]
#7 [<c030be18>] (evict) from [<c030a558>]
#8 [<c030a558>] (iput) from [<c047c600>]
#9 [<c047c600>] (f2fs_sync_node_pages) from [<c0465414>]
#10 [<c0465414>] (f2fs_write_checkpoint) from [<c04575f4>]
#11 [<c04575f4>] (f2fs_sync_fs) from [<c0441918>]
#12 [<c0441918>] (f2fs_do_sync_file) from [<c0441098>]
#13 [<c0441098>] (f2fs_sync_file) from [<c0323fa0>]
#14 [<c0323fa0>] (vfs_fsync_range) from [<c0324294>]
#15 [<c0324294>] (do_fsync) from [<c0324014>]
#16 [<c0324014>] (sys_fsync) from [<c0108bc0>]
This can be caused by flush_dirty_inode() in f2fs_sync_node_pages() where
iput() requires f2fs_lock_op() again resulting in livelock.
Change-Id: I5d7ef35a21cdb074e7bf5288371f579bfc0eb19d
Reported-by: Zhiguo Niu <Zhiguo.Niu@unisoc.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Git-commit: b0f3b87fb3abc42c81d76c6c5795f26dbdb2f04b
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+qe0EACgkQONu9yGCS
aT6MSw//TZRP6iLK2RhIrZu2jKD8jfYbHMT9JgKV2QCw7meg9q0JMj+SNP9CPbiL
oOYtsXsRFRnAh98aBXNMFmzV7Zm0uUu0XGeFGxnf8y2X7EI1nZ6plvrCUYD8dCiF
IPR67yyc5MojNQTfm0XDvQ3C7bKx5PuheRCLwhSuKclnrDxi8FNjS2NSBxi5G32j
B7NzateeG7m/zE9fG1RkiJzfwu8/k0PKKecEYFwjRSC5QrXwvtEKdz/X/HkoXsck
345wWHCTObpcDbDWkkUF5VuR36kCWMP+uYT4lNihZTV9+9b8Gz9ghhanDIuVCoU1
biEsJnCORe/PV/xcgGJNkpEtabbDQNJ5Dn3wLKSuRAbBOkN2/nwzZa4EDoXWQSTv
PDhzbLDjFjMu8Yb9PKrylhYGTmlNS4mA3hMszF4QNszhRyxTyDGln4MbUkpKg4sO
HgU4JLvDOCfkCsGTBJ4XGTBcH+6ZxZwm1b+e4uy3FFZW2CEqSetZ3TCyIBxdLupa
8JYmfqQjmaj0KUiUV9l1SJ6uHcIyg/FoNuCAdtDl7mLuzZdwtEhk3TeaZn4iwxWJ
Ku+2qY0X6wsePOTfIA7puWBbK+IonM24Q3oIDVqjA+2yrmLJGlYuaQJrSPzEJHoh
upHznwsU2W7MIfA6hJIcQeWIvzM4w5GSKUr3YeknVPIStP1ZqRg=
=trRk
-----END PGP SIGNATURE-----
Merge 4.19.156 into android-4.19-stable
Changes in 4.19.156
drm/i915: Break up error capture compression loops with cond_resched()
tipc: fix use-after-free in tipc_bcast_get_mode
ptrace: fix task_join_group_stop() for the case when current is traced
cadence: force nonlinear buffers to be cloned
chelsio/chtls: fix memory leaks caused by a race
chelsio/chtls: fix always leaking ctrl_skb
gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
gianfar: Account for Tx PTP timestamp in the skb headroom
net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition
sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms
sfp: Fix error handing in sfp_probe()
blktrace: fix debugfs use after free
btrfs: extent_io: Kill the forward declaration of flush_write_bio
btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
Revert "btrfs: flush write bio if we loop in extent_write_cache_pages"
btrfs: flush write bio if we loop in extent_write_cache_pages
btrfs: extent_io: Handle errors better in extent_write_full_page()
btrfs: extent_io: Handle errors better in btree_write_cache_pages()
btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io()
Btrfs: fix unwritten extent buffers and hangs on future writeback attempts
btrfs: Don't submit any btree write bio if the fs has errors
btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
btrfs: tree-checker: Make chunk item checker messages more readable
btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO
btrfs: tree-checker: Check chunk item at tree block read time
btrfs: tree-checker: Verify dev item
btrfs: tree-checker: Fix wrong check on max devid
btrfs: tree-checker: Enhance chunk checker to validate chunk profile
btrfs: tree-checker: Verify inode item
btrfs: tree-checker: fix the error message for transid error
Fonts: Replace discarded const qualifier
ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2
ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices
ALSA: usb-audio: Add implicit feedback quirk for Qu-16
ALSA: usb-audio: Add implicit feedback quirk for MODX
mm: mempolicy: fix potential pte_unmap_unlock pte error
lib/crc32test: remove extra local_irq_disable/enable
kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled
mm: always have io_remap_pfn_range() set pgprot_decrypted()
gfs2: Wake up when sd_glock_disposal becomes zero
ring-buffer: Fix recursion protection transitions between interrupt context
ftrace: Fix recursion check for NMI test
ftrace: Handle tracing when switching between context
tracing: Fix out of bounds write in get_trace_buf
futex: Handle transient "ownerless" rtmutex state correctly
ARM: dts: sun4i-a10: fix cpu_alert temperature
x86/kexec: Use up-to-dated screen_info copy to fill boot params
of: Fix reserved-memory overlap detection
blk-cgroup: Fix memleak on error path
blk-cgroup: Pre-allocate tree node on blkg_conf_prep
scsi: core: Don't start concurrent async scan on same host
vsock: use ns_capable_noaudit() on socket create
drm/vc4: drv: Add error handding for bind
ACPI: NFIT: Fix comparison to '-ENXIO'
vt: Disable KD_FONT_OP_COPY
fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
serial: 8250_mtk: Fix uart_get_baud_rate warning
serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
USB: serial: cyberjack: fix write-URB completion race
USB: serial: option: add Quectel EC200T module support
USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
USB: serial: option: add Telit FN980 composition 0x1055
USB: Add NO_LPM quirk for Kingston flash drive
usb: mtu3: fix panic in mtu3_gadget_stop()
ARC: stack unwinding: avoid indefinite looping
Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
PM: runtime: Resume the device earlier in __device_release_driver()
perf/core: Fix a memory leak in perf_event_parse_addr_filter()
tools: perf: Fix build error in v4.19.y
net: dsa: read mac address from DT for slave device
arm64: dts: marvell: espressobin: Add ethernet switch aliases
Linux 4.19.156
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I87af8871465f54de0332fa74bc1f342b7fe99061
commit da7d554f7c62d0c17c1ac3cc2586473c2d99f0bd upstream.
Commit fc0e38dae6 ("GFS2: Fix glock deallocation race") fixed a
sd_glock_disposal accounting bug by adding a missing atomic_dec
statement, but it failed to wake up sd_glock_wait when that decrement
causes sd_glock_disposal to reach zero. As a consequence,
gfs2_gl_hash_clear can now run into a 10-minute timeout instead of
being woken up. Add the missing wakeup.
Fixes: fc0e38dae6 ("GFS2: Fix glock deallocation race")
Cc: stable@vger.kernel.org # v2.6.39+
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f96d6960abbc52e26ad124e69e6815283d3e1674 upstream.
The error message for inode transid is the same as for inode generation,
which makes us unable to detect the real problem.
Reported-by: Tyler Richmond <t.d.richmond@gmail.com>
Fixes: 496245cac57e ("btrfs: tree-checker: Verify inode item")
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Marcos Paulo de Souza <mpdesouza@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.19: adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 496245cac57e26d8b738d85c7a29cf9a47610f3f upstream.
There is a report in kernel bugzilla about mismatch file type in dir
item and inode item.
This inspires us to check inode mode in inode item.
This patch will check the following members:
- inode key objectid
Should be ROOT_DIR_DIR or [256, (u64)-256] or FREE_INO.
- inode key offset
Should be 0
- inode item generation
- inode item transid
No newer than sb generation + 1.
The +1 is for log tree.
- inode item mode
No unknown bits.
No invalid S_IF* bit.
NOTE: S_IFMT check is not enough, need to check every know type.
- inode item nlink
Dir should have no more link than 1.
- inode item flags
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 80e46cf22ba0bcb57b39c7c3b52961ab3a0fd5f2 upstream.
Btrfs-progs already have a comprehensive type checker, to ensure there
is only 0 (SINGLE profile) or 1 (DUP/RAID0/1/5/6/10) bit set for chunk
profile bits.
Do the same work for kernel.
Reported-by: Yoon Jungyeon <jungyeon@gatech.edu>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202765
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8bb177d18f114358a57d8ae7e206861b48b8b4de upstream.
[BUG]
The following script will cause false alert on devid check.
#!/bin/bash
dev1=/dev/test/test
dev2=/dev/test/scratch1
mnt=/mnt/btrfs
umount $dev1 &> /dev/null
umount $dev2 &> /dev/null
umount $mnt &> /dev/null
mkfs.btrfs -f $dev1
mount $dev1 $mnt
_fail()
{
echo "!!! FAILED !!!"
exit 1
}
for ((i = 0; i < 4096; i++)); do
btrfs dev add -f $dev2 $mnt || _fail
btrfs dev del $dev1 $mnt || _fail
dev_tmp=$dev1
dev1=$dev2
dev2=$dev_tmp
done
[CAUSE]
Tree-checker uses BTRFS_MAX_DEVS() and BTRFS_MAX_DEVS_SYS_CHUNK() as
upper limit for devid. But we can have devid holes just like above
script.
So the check for devid is incorrect and could cause false alert.
[FIX]
Just remove the whole devid check. We don't have any hard requirement
for devid assignment.
Furthermore, even devid could get corrupted by a bitflip, we still have
dev extents verification at mount time, so corrupted data won't sneak
in.
This fixes fstests btrfs/194.
Reported-by: Anand Jain <anand.jain@oracle.com>
Fixes: ab4ba2e13346 ("btrfs: tree-checker: Verify dev item")
CC: stable@vger.kernel.org # 5.2+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.19: adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ab4ba2e133463c702b37242560d7fabedd2dc750 upstream.
[BUG]
For fuzzed image whose DEV_ITEM has invalid total_bytes as 0, then
kernel will just panic:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000098
#PF error: [normal kernel read fault]
PGD 800000022b2bd067 P4D 800000022b2bd067 PUD 22b2bc067 PMD 0
Oops: 0000 [#1] SMP PTI
CPU: 0 PID: 1106 Comm: mount Not tainted 5.0.0-rc8+ #9
RIP: 0010:btrfs_verify_dev_extents+0x2a5/0x5a0
Call Trace:
open_ctree+0x160d/0x2149
btrfs_mount_root+0x5b2/0x680
[CAUSE]
If device extent verification finds a deivce with 0 total_bytes, then it
assumes it's a seed dummy, then search for seed devices.
But in this case, there is no seed device at all, causing NULL pointer.
[FIX]
Since this is caused by fuzzed image, let's go the tree-check way, just
add a new verification for device item.
Reported-by: Yoon Jungyeon <jungyeon@gatech.edu>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202691
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 075cb3c78fe7976c9f29ca1fa23f9728634ecefc upstream.
Since we have btrfs_check_chunk_valid() in tree-checker, let's do
chunk item verification in tree-checker too.
Since the tree-checker is run at endio time, if one chunk leaf fails
chunk verification, we can still retry the other copy, making btrfs more
robust to fuzzed image as we may still get a good chunk item.
Also since we have done chunk verification in tree block read time, skip
the btrfs_check_chunk_valid() call in read_one_chunk() if we're reading
chunk items from leaf.
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bf871c3b43b1dcc3f2a076ff39a8f1ce7959d958 upstream.
To follow the standard behavior of tree-checker.
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Cherry-picked for 4.19 to ease backporting later fixes]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f114024376bceb1c0f61a7bad4a72a0f978767af upstream.
Old error message would be something like:
BTRFS error (device dm-3): invalid chunk num_stipres: 0
New error message would be:
Btrfs critical (device dm-3): corrupt superblock syschunk array: chunk_start=2097152, invalid chunk num_stripes: 0
Or
Btrfs critical (device dm-3): corrupt leaf: root=3 block=8388608 slot=3 chunk_start=2097152, invalid chunk num_stripes: 0
And for certain error message, also output expected value.
The error message levels are changed from error to critical.
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Cherry-picked for 4.19 to ease backporting later fixes]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 82fc28fbedbb59642f05215db3b0ef4eb91aa31d upstream.
By function, chunk item verification is more suitable to be done inside
tree-checker.
So move btrfs_check_chunk_valid() to tree-checker.c and export it.
And since it's now moved to tree-checker, also add a better comment for
what this function is doing.
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Cherry-picked for 4.19 to ease backporting later fixes]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b3ff8f1d380e65dddd772542aa9bff6c86bf715a upstream.
[BUG]
There is a fuzzed image which could cause KASAN report at unmount time.
BUG: KASAN: use-after-free in btrfs_queue_work+0x2c1/0x390
Read of size 8 at addr ffff888067cf6848 by task umount/1922
CPU: 0 PID: 1922 Comm: umount Tainted: G W 5.0.21 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace:
dump_stack+0x5b/0x8b
print_address_description+0x70/0x280
kasan_report+0x13a/0x19b
btrfs_queue_work+0x2c1/0x390
btrfs_wq_submit_bio+0x1cd/0x240
btree_submit_bio_hook+0x18c/0x2a0
submit_one_bio+0x1be/0x320
flush_write_bio.isra.41+0x2c/0x70
btree_write_cache_pages+0x3bb/0x7f0
do_writepages+0x5c/0x130
__writeback_single_inode+0xa3/0x9a0
writeback_single_inode+0x23d/0x390
write_inode_now+0x1b5/0x280
iput+0x2ef/0x600
close_ctree+0x341/0x750
generic_shutdown_super+0x126/0x370
kill_anon_super+0x31/0x50
btrfs_kill_super+0x36/0x2b0
deactivate_locked_super+0x80/0xc0
deactivate_super+0x13c/0x150
cleanup_mnt+0x9a/0x130
task_work_run+0x11a/0x1b0
exit_to_usermode_loop+0x107/0x130
do_syscall_64+0x1e5/0x280
entry_SYSCALL_64_after_hwframe+0x44/0xa9
[CAUSE]
The fuzzed image has a completely screwd up extent tree:
leaf 29421568 gen 8 total ptrs 6 free space 3587 owner EXTENT_TREE
refs 2 lock (w:0 r:0 bw:0 br:0 sw:0 sr:0) lock_owner 0 current 5938
item 0 key (12587008 168 4096) itemoff 3942 itemsize 53
extent refs 1 gen 9 flags 1
ref#0: extent data backref root 5 objectid 259 offset 0 count 1
item 1 key (12591104 168 8192) itemoff 3889 itemsize 53
extent refs 1 gen 9 flags 1
ref#0: extent data backref root 5 objectid 271 offset 0 count 1
item 2 key (12599296 168 4096) itemoff 3836 itemsize 53
extent refs 1 gen 9 flags 1
ref#0: extent data backref root 5 objectid 259 offset 4096 count 1
item 3 key (29360128 169 0) itemoff 3803 itemsize 33
extent refs 1 gen 9 flags 2
ref#0: tree block backref root 5
item 4 key (29368320 169 1) itemoff 3770 itemsize 33
extent refs 1 gen 9 flags 2
ref#0: tree block backref root 5
item 5 key (29372416 169 0) itemoff 3737 itemsize 33
extent refs 1 gen 9 flags 2
ref#0: tree block backref root 5
Note that leaf 29421568 doesn't have its backref in the extent tree.
Thus extent allocator can re-allocate leaf 29421568 for other trees.
In short, the bug is caused by:
- Existing tree block gets allocated to log tree
This got its generation bumped.
- Log tree balance cleaned dirty bit of offending tree block
It will not be written back to disk, thus no WRITTEN flag.
- Original owner of the tree block gets COWed
Since the tree block has higher transid, no WRITTEN flag, it's reused,
and not traced by transaction::dirty_pages.
- Transaction aborted
Tree blocks get cleaned according to transaction::dirty_pages. But the
offending tree block is not recorded at all.
- Filesystem unmount
All pages are assumed to be are clean, destroying all workqueue, then
call iput(btree_inode).
But offending tree block is still dirty, which triggers writeback, and
causes use-after-free bug.
The detailed sequence looks like this:
- Initial status
eb: 29421568, header=WRITTEN bflags_dirty=0, page_dirty=0, gen=8,
not traced by any dirty extent_iot_tree.
- New tree block is allocated
Since there is no backref for 29421568, it's re-allocated as new tree
block.
Keep in mind that tree block 29421568 is still referred by extent
tree.
- Tree block 29421568 is filled for log tree
eb: 29421568, header=0 bflags_dirty=1, page_dirty=1, gen=9 << (gen bumped)
traced by btrfs_root::dirty_log_pages
- Some log tree operations
Since the fs is using node size 4096, the log tree can easily go a
level higher.
- Log tree needs balance
Tree block 29421568 gets all its content pushed to right, thus now
it is empty, and we don't need it.
btrfs_clean_tree_block() from __push_leaf_right() get called.
eb: 29421568, header=0 bflags_dirty=0, page_dirty=0, gen=9
traced by btrfs_root::dirty_log_pages
- Log tree write back
btree_write_cache_pages() goes through dirty pages ranges, but since
page of tree block 29421568 gets cleaned already, it's not written
back to disk. Thus it doesn't have WRITTEN bit set.
But ranges in dirty_log_pages are cleared.
eb: 29421568, header=0 bflags_dirty=0, page_dirty=0, gen=9
not traced by any dirty extent_iot_tree.
- Extent tree update when committing transaction
Since tree block 29421568 has transid equal to running trans, and has
no WRITTEN bit, should_cow_block() will use it directly without adding
it to btrfs_transaction::dirty_pages.
eb: 29421568, header=0 bflags_dirty=1, page_dirty=1, gen=9
not traced by any dirty extent_iot_tree.
At this stage, we're doomed. We have a dirty eb not tracked by any
extent io tree.
- Transaction gets aborted due to corrupted extent tree
Btrfs cleans up dirty pages according to transaction::dirty_pages and
btrfs_root::dirty_log_pages.
But since tree block 29421568 is not tracked by neither of them, it's
still dirty.
eb: 29421568, header=0 bflags_dirty=1, page_dirty=1, gen=9
not traced by any dirty extent_iot_tree.
- Filesystem unmount
Since all cleanup is assumed to be done, all workqueus are destroyed.
Then iput(btree_inode) is called, expecting no dirty pages.
But tree 29421568 is still dirty, thus triggering writeback.
Since all workqueues are already freed, we cause use-after-free.
This shows us that, log tree blocks + bad extent tree can cause wild
dirty pages.
[FIX]
To fix the problem, don't submit any btree write bio if the filesytem
has any error. This is the last safe net, just in case other cleanup
haven't caught catch it.
Link: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.19: fs_info variable already exists in
btree_write_cache_pages()]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 18dfa7117a3f379862dcd3f67cadd678013bb9dd upstream.
The lock_extent_buffer_io() returns 1 to the caller to tell it everything
went fine and the callers needs to start writeback for the extent buffer
(submit a bio, etc), 0 to tell the caller everything went fine but it does
not need to start writeback for the extent buffer, and a negative value if
some error happened.
When it's about to return 1 it tries to lock all pages, and if a try lock
on a page fails, and we didn't flush any existing bio in our "epd", it
calls flush_write_bio(epd) and overwrites the return value of 1 to 0 or
an error. The page might have been locked elsewhere, not with the goal
of starting writeback of the extent buffer, and even by some code other
than btrfs, like page migration for example, so it does not mean the
writeback of the extent buffer was already started by some other task,
so returning a 0 tells the caller (btree_write_cache_pages()) to not
start writeback for the extent buffer. Note that epd might currently have
either no bio, so flush_write_bio() returns 0 (success) or it might have
a bio for another extent buffer with a lower index (logical address).
Since we return 0 with the EXTENT_BUFFER_WRITEBACK bit set on the
extent buffer and writeback is never started for the extent buffer,
future attempts to writeback the extent buffer will hang forever waiting
on that bit to be cleared, since it can only be cleared after writeback
completes. Such hang is reported with a trace like the following:
[49887.347053] INFO: task btrfs-transacti:1752 blocked for more than 122 seconds.
[49887.347059] Not tainted 5.2.13-gentoo #2
[49887.347060] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[49887.347062] btrfs-transacti D 0 1752 2 0x80004000
[49887.347064] Call Trace:
[49887.347069] ? __schedule+0x265/0x830
[49887.347071] ? bit_wait+0x50/0x50
[49887.347072] ? bit_wait+0x50/0x50
[49887.347074] schedule+0x24/0x90
[49887.347075] io_schedule+0x3c/0x60
[49887.347077] bit_wait_io+0x8/0x50
[49887.347079] __wait_on_bit+0x6c/0x80
[49887.347081] ? __lock_release.isra.29+0x155/0x2d0
[49887.347083] out_of_line_wait_on_bit+0x7b/0x80
[49887.347084] ? var_wake_function+0x20/0x20
[49887.347087] lock_extent_buffer_for_io+0x28c/0x390
[49887.347089] btree_write_cache_pages+0x18e/0x340
[49887.347091] do_writepages+0x29/0xb0
[49887.347093] ? kmem_cache_free+0x132/0x160
[49887.347095] ? convert_extent_bit+0x544/0x680
[49887.347097] filemap_fdatawrite_range+0x70/0x90
[49887.347099] btrfs_write_marked_extents+0x53/0x120
[49887.347100] btrfs_write_and_wait_transaction.isra.4+0x38/0xa0
[49887.347102] btrfs_commit_transaction+0x6bb/0x990
[49887.347103] ? start_transaction+0x33e/0x500
[49887.347105] transaction_kthread+0x139/0x15c
So fix this by not overwriting the return value (ret) with the result
from flush_write_bio(). We also need to clear the EXTENT_BUFFER_WRITEBACK
bit in case flush_write_bio() returns an error, otherwise it will hang
any future attempts to writeback the extent buffer, and undo all work
done before (set back EXTENT_BUFFER_DIRTY, etc).
This is a regression introduced in the 5.2 kernel.
Fixes: 2e3c25136adfb ("btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io()")
Fixes: f4340622e0226 ("btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up")
Reported-by: Zdenek Sojka <zsojka@seznam.cz>
Link: https://lore.kernel.org/linux-btrfs/GpO.2yos.3WGDOLpx6t%7D.1TUDYM@seznam.cz/T/#u
Reported-by: Stefan Priebe - Profihost AG <s.priebe@profihost.ag>
Link: https://lore.kernel.org/linux-btrfs/5c4688ac-10a7-fb07-70e8-c5d31a3fbb38@profihost.ag/T/#t
Reported-by: Drazen Kacar <drazen.kacar@oradian.com>
Link: https://lore.kernel.org/linux-btrfs/DB8PR03MB562876ECE2319B3E579590F799C80@DB8PR03MB5628.eurprd03.prod.outlook.com/
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204377
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2e3c25136adfb293d517e17f761d3b8a43a8fc22 upstream.
This function needs some extra checks on locked pages and eb. For error
handling we need to unlock locked pages and the eb.
There is a rare >0 return value branch, where all pages get locked
while write bio is not flushed.
Thankfully it's handled by the only caller, btree_write_cache_pages(),
as later write_one_eb() call will trigger submit_one_bio(). So there
shouldn't be any problem.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2b952eea813b1f7e7d4b9782271acd91625b9bb9 upstream.
In btree_write_cache_pages(), we can only get @ret <= 0.
Add an ASSERT() for it just in case.
Then instead of submitting the write bio even we got some error, check
the return value first.
If we have already hit some error, just clean up the corrupted or
half-baked bio, and return error.
If there is no error so far, then call flush_write_bio() and return the
result.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3065976b045f77a910809fa7699f99a1e7c0dbbb upstream.
Since now flush_write_bio() could return error, kill the BUG_ON() first.
Then don't call flush_write_bio() unconditionally, instead we check the
return value from __extent_writepage() first.
If __extent_writepage() fails, we do cleanup, and return error without
submitting the possible corrupted or half-baked bio.
If __extent_writepage() successes, then we call flush_write_bio() and
return the result.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 42ffb0bf584ae5b6b38f72259af1e0ee417ac77f upstream.
There exists a deadlock with range_cyclic that has existed forever. If
we loop around with a bio already built we could deadlock with a writer
who has the page locked that we're attempting to write but is waiting on
a page in our bio to be written out. The task traces are as follows
PID: 1329874 TASK: ffff889ebcdf3800 CPU: 33 COMMAND: "kworker/u113:5"
#0 [ffffc900297bb658] __schedule at ffffffff81a4c33f
#1 [ffffc900297bb6e0] schedule at ffffffff81a4c6e3
#2 [ffffc900297bb6f8] io_schedule at ffffffff81a4ca42
#3 [ffffc900297bb708] __lock_page at ffffffff811f145b
#4 [ffffc900297bb798] __process_pages_contig at ffffffff814bc502
#5 [ffffc900297bb8c8] lock_delalloc_pages at ffffffff814bc684
#6 [ffffc900297bb900] find_lock_delalloc_range at ffffffff814be9ff
#7 [ffffc900297bb9a0] writepage_delalloc at ffffffff814bebd0
#8 [ffffc900297bba18] __extent_writepage at ffffffff814bfbf2
#9 [ffffc900297bba98] extent_write_cache_pages at ffffffff814bffbd
PID: 2167901 TASK: ffff889dc6a59c00 CPU: 14 COMMAND:
"aio-dio-invalid"
#0 [ffffc9003b50bb18] __schedule at ffffffff81a4c33f
#1 [ffffc9003b50bba0] schedule at ffffffff81a4c6e3
#2 [ffffc9003b50bbb8] io_schedule at ffffffff81a4ca42
#3 [ffffc9003b50bbc8] wait_on_page_bit at ffffffff811f24d6
#4 [ffffc9003b50bc60] prepare_pages at ffffffff814b05a7
#5 [ffffc9003b50bcd8] btrfs_buffered_write at ffffffff814b1359
#6 [ffffc9003b50bdb0] btrfs_file_write_iter at ffffffff814b5933
#7 [ffffc9003b50be38] new_sync_write at ffffffff8128f6a8
#8 [ffffc9003b50bec8] vfs_write at ffffffff81292b9d
#9 [ffffc9003b50bf00] ksys_pwrite64 at ffffffff81293032
I used drgn to find the respective pages we were stuck on
page_entry.page 0xffffea00fbfc7500 index 8148 bit 15 pid 2167901
page_entry.page 0xffffea00f9bb7400 index 7680 bit 0 pid 1329874
As you can see the kworker is waiting for bit 0 (PG_locked) on index
7680, and aio-dio-invalid is waiting for bit 15 (PG_writeback) on index
8148. aio-dio-invalid has 7680, and the kworker epd looks like the
following
crash> struct extent_page_data ffffc900297bbbb0
struct extent_page_data {
bio = 0xffff889f747ed830,
tree = 0xffff889eed6ba448,
extent_locked = 0,
sync_io = 0
}
Probably worth mentioning as well that it waits for writeback of the
page to complete while holding a lock on it (at prepare_pages()).
Using drgn I walked the bio pages looking for page
0xffffea00fbfc7500 which is the one we're waiting for writeback on
bio = Object(prog, 'struct bio', address=0xffff889f747ed830)
for i in range(0, bio.bi_vcnt.value_()):
bv = bio.bi_io_vec[i]
if bv.bv_page.value_() == 0xffffea00fbfc7500:
print("FOUND IT")
which validated what I suspected.
The fix for this is simple, flush the epd before we loop back around to
the beginning of the file during writeout.
Fixes: b293f02e14 ("Btrfs: Add writepages support")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 860473714c. That
has an incorrect upstream commit reference, and was modified in a way
that conflicts with some older fixes. We can cleanly cherry-pick the
upstream commit *after* those fixes.
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f4340622e02261fae599e3da936ff4808b418173 upstream.
We have a BUG_ON() in flush_write_bio() to handle the return value of
submit_one_bio().
Move the BUG_ON() one level up to all its callers.
This patch will introduce temporary variable, @flush_ret to keep code
change minimal in this patch. That variable will be cleaned up when
enhancing the error handling later.
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Cherry-picked for 4.19 to ease backporting later fixes]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bb58eb9e167d087cc518f7a71c3c00f1671958da upstream.
There is no need to forward declare flush_write_bio(), as it only
depends on submit_one_bio(). Both of them are pretty small, just move
them to kill the forward declaration.
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Cherry-picked for 4.19 to ease backporting later fixes]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Allows FUSE to report to inotify that it is acting as a layered filesystem.
The userspace component returns a string representing the location of the
underlying file. If the string cannot be resolved into a path, the top
level path is returned instead.
Bug: 23904372
Bug: 171780975
Test: Pixel 4.19
Change-Id: Iabdca0bbedfbff59e9c820c58636a68ef9683d9f
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Alessio Balsini <balsini@google.com>
Inotify does not currently know when a filesystem is acting as a wrapper
around another fs. This means that inotify watchers will miss any
modifications to the base file, as well as any made in a separate stacked
fs that points to the same file.
d_canonical_path solves this problem by allowing the fs to map a dentry to
a path in the lower fs. Inotify can use it to find the appropriate place to
watch to be informed of all changes to a file.
Test: Pixel 4.19
Bug: 171780975
Change-Id: I09563baffad1711a045e45c1bd0bd8713c2cc0b6
Signed-off-by: Daniel Rosenberg <drosen@google.com>
[astrachan: Folded 34df4102216e ("ANDROID: fsnotify: Notify lower fs of
open") into this patch]
Signed-off-by: Alistair Strachan <astrachan@google.com>
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Signed-off-by: Alessio Balsini <balsini@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+jz0oACgkQONu9yGCS
aT4hPA//Xp0LuMofylz77cZMkWiagSQ5k/4oKn2O2iEISKfdcFMzjcJbRBMmTFFP
r1T0Uu5N2gZQ8ZAV67itpaA/KV9YlytbDrwRBKQ/mxNMP7xaX+hC43hbPrx72Qc5
on6v3z9xTxMB2+HwFlJZpsmYrrjqg1ruGtxR5UMZ37Jt7KUYDRbHDbqMEXRkKHko
pWtZ/8GkY8UG3GNpiPlka9BfDK9X0k5m65r3vscbmgCd7bQFQi9rbp930N0y7MMX
e/YIBss699EZp6r7hpH1+ETBP6Z2qHxRFY86kcL9I3NcZnI3NrX0pKql0hWlqPOm
CeR3z6fpW9Xyf1CqQOkyDBCMfvMLsMarwQ+bb8d+zIQD/I4W12whPhGM4eh6rYcu
2WL4gwiyhju0OuPK7ZcCzMOEPUwWQYvyvwoBnoywZfN5L8702Xi4eN8QqP5l7Hcd
lcZH5gv/v1z0Xb6pU4AMthbLB+VcQ5w5g3DfvF/A9kOyzmP0YvKa39y8J379mwdJ
6DXu8DRvee5bYW8LObszzKqshnF79eia+xcf7YFJn1Y2cwh63AQgOcSzaEc5q7/2
kuWNfrZJCyvt41j48bO7MtTEULeCAtPkuKvVrZuCO7Q4J2wFSWuGCUQTg3bm8dQd
5B9V6jQKaCIOn3+/dPXg5N6yaRKZR4dHIUsWpKOs1tOQuucpVmw=
=2s9n
-----END PGP SIGNATURE-----
Merge 4.19.155 into android-4.19-stable
Changes in 4.19.155
objtool: Support Clang non-section symbols in ORC generation
scripts/setlocalversion: make git describe output more reliable
arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs
arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled
efivarfs: Replace invalid slashes with exclamation marks in dentries.
chelsio/chtls: fix deadlock issue
chelsio/chtls: fix memory leaks in CPL handlers
chelsio/chtls: fix tls record info to user
gtp: fix an use-before-init in gtp_newlink()
mlxsw: core: Fix memory leak on module removal
netem: fix zero division in tabledist
ravb: Fix bit fields checking in ravb_hwtstamp_get()
tcp: Prevent low rmem stalls with SO_RCVLOWAT.
tipc: fix memory leak caused by tipc_buf_append()
r8169: fix issue with forced threading in combination with shared interrupts
cxgb4: set up filter action after rewrites
arch/x86/amd/ibs: Fix re-arming IBS Fetch
x86/xen: disable Firmware First mode for correctable memory errors
fuse: fix page dereference after free
bpf: Fix comment for helper bpf_current_task_under_cgroup()
evm: Check size of security.evm before using it
p54: avoid accessing the data mapped to streaming DMA
cxl: Rework error message for incompatible slots
RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel()
mtd: lpddr: Fix bad logic in print_drs_error
serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt
ata: sata_rcar: Fix DMA boundary mask
fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
fscrypt: clean up and improve dentry revalidation
fscrypt: fix race allowing rename() and link() of ciphertext dentries
fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory
fscrypt: only set dentry_operations on ciphertext dentries
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
Revert "block: ratelimit handle_bad_sector() message"
xen/events: don't use chip_data for legacy IRQs
xen/events: avoid removing an event channel while handling it
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a new "late EOI" evtchn framework
xen/blkback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/pvcallsback: use lateeoi irq binding
xen/pciback: use lateeoi irq binding
xen/events: switch user event channels to lateeoi model
xen/events: use a common cpu hotplug hook for event channels
xen/events: defer eoi in case of excessive number of events
xen/events: block rogue events for some time
x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
RDMA/qedr: Fix memory leak in iWARP CM
ata: sata_nv: Fix retrieving of active qcs
futex: Fix incorrect should_fail_futex() handling
powerpc/powernv/smp: Fix spurious DBG() warning
mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
f2fs: add trace exit in exception path
f2fs: fix uninit-value in f2fs_lookup
f2fs: fix to check segment boundary during SIT page readahead
um: change sigio_spinlock to a mutex
ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
power: supply: bq27xxx: report "not charging" on all types
xfs: fix realtime bitmap/summary file truncation when growing rt volume
video: fbdev: pvr2fb: initialize variables
ath10k: start recovery process when payload length exceeds max htc length for sdio
ath10k: fix VHT NSS calculation when STBC is enabled
drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly
media: videodev2.h: RGB BT2020 and HSV are always full range
media: platform: Improve queue set up flow for bug fixing
usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart
media: tw5864: check status of tw5864_frameinterval_get
media: imx274: fix frame interval handling
mmc: via-sdmmc: Fix data race bug
drm/bridge/synopsys: dsi: add support for non-continuous HS clock
arm64: topology: Stop using MPIDR for topology information
printk: reduce LOG_BUF_SHIFT range for H8300
ia64: kprobes: Use generic kretprobe trampoline handler
kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
media: uvcvideo: Fix dereference of out-of-bound list iterator
riscv: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
cpufreq: sti-cpufreq: add stih418 support
USB: adutux: fix debugging
uio: free uio id after uio file node is freed
usb: xhci: omit duplicate actions when suspending a runtime suspended host.
arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
xfs: don't free rt blocks when we're doing a REMAP bunmapi call
ACPI: Add out of bounds and numa_off protections to pxm_to_node()
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
power: supply: test_power: add missing newlines when printing parameters by sysfs
drm/amd/display: HDMI remote sink need mode validation for Linux
btrfs: fix replace of seed device
md/bitmap: md_bitmap_get_counter returns wrong blocks
bnxt_en: Log unknown link speed appropriately.
rpmsg: glink: Use complete_all for open states
clk: ti: clockdomain: fix static checker warning
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
ext4: Detect already used quota file early
gfs2: add validation checks for size of superblock
cifs: handle -EINTR in cifs_setattr
arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes
ARM: dts: omap4: Fix sgx clock rate for 4430
memory: emif: Remove bogus debugfs error handling
ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
nbd: make the config put is called before the notifying the waiter
sgl_alloc_order: fix memory leak
nvme-rdma: fix crash when connect rejected
md/raid5: fix oops during stripe resizing
mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN
perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
perf/x86/amd/ibs: Fix raw sample data accumulation
leds: bcm6328, bcm6358: use devres LED registering function
media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect
fs: Don't invalidate page buffers in block_write_full_page()
NFS: fix nfs_path in case of a rename retry
ACPI: button: fix handling lid state changes when input device closed
ACPI / extlog: Check for RDMSR failure
ACPI: video: use ACPI backlight for HP 635 Notebook
ACPI: debug: don't allow debugging when ACPI is disabled
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
w1: mxc_w1: Fix timeout resolution problem leading to bus error
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
scsi: qla2xxx: Fix crash on session cleanup with unload
btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode
btrfs: improve device scanning messages
btrfs: reschedule if necessary when logging directory items
btrfs: send, recompute reference path after orphanization of a directory
btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send()
btrfs: cleanup cow block on error
btrfs: fix use-after-free on readahead extent after failure to create it
usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC
usb: dwc3: ep0: Fix ZLP for OUT ep0 requests
usb: dwc3: gadget: Check MPS of the request length
usb: dwc3: core: add phy cleanup for probe error handling
usb: dwc3: core: don't trigger runtime pm when remove driver
usb: cdc-acm: fix cooldown mechanism
usb: typec: tcpm: reset hard_reset_count for any disconnect
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
drm/i915: Force VT'd workarounds when running as a guest OS
vt: keyboard, simplify vt_kdgkbsent
vt: keyboard, extend func_buf_lock to readers
HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery
udf: Fix memory leak when mounting
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
iio:light:si1145: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc0832 Fix alignment issue with timestamp
iio:adc:ti-adc12138 Fix alignment issue with timestamp
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
powerpc/drmem: Make lmb_size 64 bit
s390/stp: add locking to sysfs functions
powerpc/rtas: Restrict RTAS requests from userspace
powerpc: Warn about use of smt_snooze_delay
powerpc/powernv/elog: Fix race while processing OPAL error log event.
powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation
NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
NFSD: Add missing NFSv2 .pc_func methods
ubifs: dent: Fix some potential memory leaks while iterating entries
perf python scripting: Fix printable strings in python3 scripts
ubi: check kthread_should_stop() after the setting of task state
ia64: fix build error with !COREDUMP
i2c: imx: Fix external abort on interrupt in exit paths
drm/amdgpu: don't map BO in reserved region
drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally
ceph: promote to unsigned long long before shifting
libceph: clear con->out_msg on Policy::stateful_server faults
9P: Cast to loff_t before multiplying
ring-buffer: Return 0 on success from ring_buffer_resize()
vringh: fix __vringh_iov() when riov and wiov are different
ext4: fix leaking sysfs kobject after failed mount
ext4: fix error handling code in add_new_gdb
ext4: fix invalid inode checksum
drm/ttm: fix eviction valuable range check.
rtc: rx8010: don't modify the global rtc ops
tty: make FONTX ioctl use the tty pointer they were actually passed
arm64: berlin: Select DW_APB_TIMER_OF
cachefiles: Handle readpage error correctly
hil/parisc: Disable HIL driver when it gets stuck
arm: dts: mt7623: add missing pause for switchport
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
ARM: s3c24xx: fix missing system reset
device property: Keep secondary firmware node secondary by type
device property: Don't clear secondary pointer for shared primary firmware node
KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
staging: octeon: repair "fixed-link" support
staging: octeon: Drop on uncorrectable alignment or FCS error
Linux 4.19.155
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I18fefb5bfaa4d05772c61c2975340d0f089b8e3e
commit 1322181170bb01bce3c228b82ae3d5c6b793164f upstream.
During the stability test, there are some errors:
ext4_lookup:1590: inode #6967: comm fsstress: iget: checksum invalid.
If the inode->i_iblocks too big and doesn't set huge file flag, checksum
will not be recalculated when update the inode information to it's buffer.
If other inode marks the buffer dirty, then the inconsistent inode will
be flushed to disk.
Fix this problem by checking i_blocks in advance.
Cc: stable@kernel.org
Signed-off-by: Luo Meng <luomeng12@huawei.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Link: https://lore.kernel.org/r/20201020013631.3796673-1-luomeng12@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c9e87161cc621cbdcfc472fa0b2d81c63780c8f5 upstream.
When ext4_journal_get_write_access() fails, we should
terminate the execution flow and release n_group_desc,
iloc.bh, dind and gdb_bh.
Cc: stable@kernel.org
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20200829025403.3139-1-dinghao.liu@zju.edu.cn
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f5f7ab168b9a60e12a4b8f2bb6fcc91321dc23c1 upstream.
On 32-bit systems, this multiplication will overflow for files larger
than 4GB.
Link: http://lkml.kernel.org/r/20201004180428.14494-2-willy@infradead.org
Cc: stable@vger.kernel.org
Fixes: fb89b45cdf ("9P: introduction of a new cache=mmap model.")
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c403c3a2fbe24d4ed33e10cabad048583ebd4edf upstream.
On 32-bit systems, this shift will overflow for files larger than 4GB.
Cc: stable@vger.kernel.org
Fixes: 61f6881621 ("ceph: check caps in filemap_fault and page_mkwrite")
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 58f6e78a65f1fcbf732f60a7478ccc99873ff3ba upstream.
Fix some potential memory leaks in error handling branches while
iterating dent entries. For example, function dbg_check_dir()
forgets to free pdent if it exists.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Cc: <stable@vger.kernel.org>
Fixes: 1e51764a3c ("UBIFS: add new flash file system")
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6b3dccd48de8a4c650b01499a0b09d1e2279649e upstream.
There's no protection in nfsd_dispatch() against a NULL .pc_func
helpers. A malicious NFS client can trigger a crash by invoking the
unused/unsupported NFSv2 ROOT or WRITECACHE procedures.
The current NFSD dispatcher does not support returning a void reply
to a non-NULL procedure, so the reply to both of these is wrong, for
the moment.
Cc: <stable@vger.kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8c39076c276be0b31982e44654e2c2357473258a upstream.
RFC 7862 introduced a new flag that either client or server is
allowed to set: EXCHGID4_FLAG_SUPP_FENCE_OPS.
Client needs to update its bitmask to allow for this flag value.
v2: changed minor version argument to unsigned int
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a7be300de800e755714c71103ae4a0d205e41e99 upstream.
udf_process_sequence() allocates temporary array for processing
partition descriptors on volume which it fails to free. Free the array
when it is not needed anymore.
Fixes: 7b78fd02fb ("udf: Fix handling of Partition Descriptors")
CC: stable@vger.kernel.org
Reported-by: syzbot+128f4dd6e796c98b3760@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 83bc1560e02e25c6439341352024ebe8488f4fbd upstream.
If we fail to find suitable zones for a new readahead extent, we end up
leaving a stale pointer in the global readahead extents radix tree
(fs_info->reada_tree), which can trigger the following trace later on:
[13367.696354] BUG: kernel NULL pointer dereference, address: 00000000000000b0
[13367.696802] #PF: supervisor read access in kernel mode
[13367.697249] #PF: error_code(0x0000) - not-present page
[13367.697721] PGD 0 P4D 0
[13367.698171] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
[13367.698632] CPU: 6 PID: 851214 Comm: btrfs Tainted: G W 5.9.0-rc6-btrfs-next-69 #1
[13367.699100] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
[13367.700069] RIP: 0010:__lock_acquire+0x20a/0x3970
[13367.700562] Code: ff 1f 0f b7 c0 48 0f (...)
[13367.701609] RSP: 0018:ffffb14448f57790 EFLAGS: 00010046
[13367.702140] RAX: 0000000000000000 RBX: 29b935140c15e8cf RCX: 0000000000000000
[13367.702698] RDX: 0000000000000002 RSI: ffffffffb3d66bd0 RDI: 0000000000000046
[13367.703240] RBP: ffff8a52ba8ac040 R08: 00000c2866ad9288 R09: 0000000000000001
[13367.703783] R10: 0000000000000001 R11: 00000000b66d9b53 R12: ffff8a52ba8ac9b0
[13367.704330] R13: 0000000000000000 R14: ffff8a532b6333e8 R15: 0000000000000000
[13367.704880] FS: 00007fe1df6b5700(0000) GS:ffff8a5376600000(0000) knlGS:0000000000000000
[13367.705438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[13367.705995] CR2: 00000000000000b0 CR3: 000000022cca8004 CR4: 00000000003706e0
[13367.706565] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[13367.707127] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[13367.707686] Call Trace:
[13367.708246] ? ___slab_alloc+0x395/0x740
[13367.708820] ? reada_add_block+0xae/0xee0 [btrfs]
[13367.709383] lock_acquire+0xb1/0x480
[13367.709955] ? reada_add_block+0xe0/0xee0 [btrfs]
[13367.710537] ? reada_add_block+0xae/0xee0 [btrfs]
[13367.711097] ? rcu_read_lock_sched_held+0x5d/0x90
[13367.711659] ? kmem_cache_alloc_trace+0x8d2/0x990
[13367.712221] ? lock_acquired+0x33b/0x470
[13367.712784] _raw_spin_lock+0x34/0x80
[13367.713356] ? reada_add_block+0xe0/0xee0 [btrfs]
[13367.713966] reada_add_block+0xe0/0xee0 [btrfs]
[13367.714529] ? btrfs_root_node+0x15/0x1f0 [btrfs]
[13367.715077] btrfs_reada_add+0x117/0x170 [btrfs]
[13367.715620] scrub_stripe+0x21e/0x10d0 [btrfs]
[13367.716141] ? kvm_sched_clock_read+0x5/0x10
[13367.716657] ? __lock_acquire+0x41e/0x3970
[13367.717184] ? scrub_chunk+0x60/0x140 [btrfs]
[13367.717697] ? find_held_lock+0x32/0x90
[13367.718254] ? scrub_chunk+0x60/0x140 [btrfs]
[13367.718773] ? lock_acquired+0x33b/0x470
[13367.719278] ? scrub_chunk+0xcd/0x140 [btrfs]
[13367.719786] scrub_chunk+0xcd/0x140 [btrfs]
[13367.720291] scrub_enumerate_chunks+0x270/0x5c0 [btrfs]
[13367.720787] ? finish_wait+0x90/0x90
[13367.721281] btrfs_scrub_dev+0x1ee/0x620 [btrfs]
[13367.721762] ? rcu_read_lock_any_held+0x8e/0xb0
[13367.722235] ? preempt_count_add+0x49/0xa0
[13367.722710] ? __sb_start_write+0x19b/0x290
[13367.723192] btrfs_ioctl+0x7f5/0x36f0 [btrfs]
[13367.723660] ? __fget_files+0x101/0x1d0
[13367.724118] ? find_held_lock+0x32/0x90
[13367.724559] ? __fget_files+0x101/0x1d0
[13367.724982] ? __x64_sys_ioctl+0x83/0xb0
[13367.725399] __x64_sys_ioctl+0x83/0xb0
[13367.725802] do_syscall_64+0x33/0x80
[13367.726188] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[13367.726574] RIP: 0033:0x7fe1df7add87
[13367.726948] Code: 00 00 00 48 8b 05 09 91 (...)
[13367.727763] RSP: 002b:00007fe1df6b4d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[13367.728179] RAX: ffffffffffffffda RBX: 000055ce1fb596a0 RCX: 00007fe1df7add87
[13367.728604] RDX: 000055ce1fb596a0 RSI: 00000000c400941b RDI: 0000000000000003
[13367.729021] RBP: 0000000000000000 R08: 00007fe1df6b5700 R09: 0000000000000000
[13367.729431] R10: 00007fe1df6b5700 R11: 0000000000000246 R12: 00007ffd922b07de
[13367.729842] R13: 00007ffd922b07df R14: 00007fe1df6b4e40 R15: 0000000000802000
[13367.730275] Modules linked in: btrfs blake2b_generic xor (...)
[13367.732638] CR2: 00000000000000b0
[13367.733166] ---[ end trace d298b6805556acd9 ]---
What happens is the following:
1) At reada_find_extent() we don't find any existing readahead extent for
the metadata extent starting at logical address X;
2) So we proceed to create a new one. We then call btrfs_map_block() to get
information about which stripes contain extent X;
3) After that we iterate over the stripes and create only one zone for the
readahead extent - only one because reada_find_zone() returned NULL for
all iterations except for one, either because a memory allocation failed
or it couldn't find the block group of the extent (it may have just been
deleted);
4) We then add the new readahead extent to the readahead extents radix
tree at fs_info->reada_tree;
5) Then we iterate over each zone of the new readahead extent, and find
that the device used for that zone no longer exists, because it was
removed or it was the source device of a device replace operation.
Since this left 'have_zone' set to 0, after finishing the loop we jump
to the 'error' label, call kfree() on the new readahead extent and
return without removing it from the radix tree at fs_info->reada_tree;
6) Any future call to reada_find_extent() for the logical address X will
find the stale pointer in the readahead extents radix tree, increment
its reference counter, which can trigger the use-after-free right
away or return it to the caller reada_add_block() that results in the
use-after-free of the example trace above.
So fix this by making sure we delete the readahead extent from the radix
tree if we fail to setup zones for it (when 'have_zone = 0').
Fixes: 3194502118 ("btrfs: reada: bypass adding extent when all zone failed")
CC: stable@vger.kernel.org # 4.9+
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 572c83acdcdafeb04e70aa46be1fa539310be20c upstream.
In fstest btrfs/064 a transaction abort in __btrfs_cow_block could lead
to a system lockup. It gets stuck trying to write back inodes, and the
write back thread was trying to lock an extent buffer:
$ cat /proc/2143497/stack
[<0>] __btrfs_tree_lock+0x108/0x250
[<0>] lock_extent_buffer_for_io+0x35e/0x3a0
[<0>] btree_write_cache_pages+0x15a/0x3b0
[<0>] do_writepages+0x28/0xb0
[<0>] __writeback_single_inode+0x54/0x5c0
[<0>] writeback_sb_inodes+0x1e8/0x510
[<0>] wb_writeback+0xcc/0x440
[<0>] wb_workfn+0xd7/0x650
[<0>] process_one_work+0x236/0x560
[<0>] worker_thread+0x55/0x3c0
[<0>] kthread+0x13a/0x150
[<0>] ret_from_fork+0x1f/0x30
This is because we got an error while COWing a block, specifically here
if (test_bit(BTRFS_ROOT_SHAREABLE, &root->state)) {
ret = btrfs_reloc_cow_block(trans, root, buf, cow);
if (ret) {
btrfs_abort_transaction(trans, ret);
return ret;
}
}
[16402.241552] BTRFS: Transaction aborted (error -2)
[16402.242362] WARNING: CPU: 1 PID: 2563188 at fs/btrfs/ctree.c:1074 __btrfs_cow_block+0x376/0x540
[16402.249469] CPU: 1 PID: 2563188 Comm: fsstress Not tainted 5.9.0-rc6+ #8
[16402.249936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014
[16402.250525] RIP: 0010:__btrfs_cow_block+0x376/0x540
[16402.252417] RSP: 0018:ffff9cca40e578b0 EFLAGS: 00010282
[16402.252787] RAX: 0000000000000025 RBX: 0000000000000002 RCX: ffff9132bbd19388
[16402.253278] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9132bbd19380
[16402.254063] RBP: ffff9132b41a49c0 R08: 0000000000000000 R09: 0000000000000000
[16402.254887] R10: 0000000000000000 R11: ffff91324758b080 R12: ffff91326ef17ce0
[16402.255694] R13: ffff91325fc0f000 R14: ffff91326ef176b0 R15: ffff9132815e2000
[16402.256321] FS: 00007f542c6d7b80(0000) GS:ffff9132bbd00000(0000) knlGS:0000000000000000
[16402.256973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[16402.257374] CR2: 00007f127b83f250 CR3: 0000000133480002 CR4: 0000000000370ee0
[16402.257867] Call Trace:
[16402.258072] btrfs_cow_block+0x109/0x230
[16402.258356] btrfs_search_slot+0x530/0x9d0
[16402.258655] btrfs_lookup_file_extent+0x37/0x40
[16402.259155] __btrfs_drop_extents+0x13c/0xd60
[16402.259628] ? btrfs_block_rsv_migrate+0x4f/0xb0
[16402.259949] btrfs_replace_file_extents+0x190/0x820
[16402.260873] btrfs_clone+0x9ae/0xc00
[16402.261139] btrfs_extent_same_range+0x66/0x90
[16402.261771] btrfs_remap_file_range+0x353/0x3b1
[16402.262333] vfs_dedupe_file_range_one.part.0+0xd5/0x140
[16402.262821] vfs_dedupe_file_range+0x189/0x220
[16402.263150] do_vfs_ioctl+0x552/0x700
[16402.263662] __x64_sys_ioctl+0x62/0xb0
[16402.264023] do_syscall_64+0x33/0x40
[16402.264364] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[16402.264862] RIP: 0033:0x7f542c7d15cb
[16402.266901] RSP: 002b:00007ffd35944ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[16402.267627] RAX: ffffffffffffffda RBX: 00000000009d1968 RCX: 00007f542c7d15cb
[16402.268298] RDX: 00000000009d2490 RSI: 00000000c0189436 RDI: 0000000000000003
[16402.268958] RBP: 00000000009d2520 R08: 0000000000000036 R09: 00000000009d2e64
[16402.269726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[16402.270659] R13: 000000000001f000 R14: 00000000009d1970 R15: 00000000009d2e80
[16402.271498] irq event stamp: 0
[16402.271846] hardirqs last enabled at (0): [<0000000000000000>] 0x0
[16402.272497] hardirqs last disabled at (0): [<ffffffff910dbf59>] copy_process+0x6b9/0x1ba0
[16402.273343] softirqs last enabled at (0): [<ffffffff910dbf59>] copy_process+0x6b9/0x1ba0
[16402.273905] softirqs last disabled at (0): [<0000000000000000>] 0x0
[16402.274338] ---[ end trace 737874a5a41a8236 ]---
[16402.274669] BTRFS: error (device dm-9) in __btrfs_cow_block:1074: errno=-2 No such entry
[16402.276179] BTRFS info (device dm-9): forced readonly
[16402.277046] BTRFS: error (device dm-9) in btrfs_replace_file_extents:2723: errno=-2 No such entry
[16402.278744] BTRFS: error (device dm-9) in __btrfs_cow_block:1074: errno=-2 No such entry
[16402.279968] BTRFS: error (device dm-9) in __btrfs_cow_block:1074: errno=-2 No such entry
[16402.280582] BTRFS info (device dm-9): balance: ended with status: -30
The problem here is that as soon as we allocate the new block it is
locked and marked dirty in the btree inode. This means that we could
attempt to writeback this block and need to lock the extent buffer.
However we're not unlocking it here and thus we deadlock.
Fix this by unlocking the cow block if we have any errors inside of
__btrfs_cow_block, and also free it so we do not leak it.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8eb2fd00153a3a96a19c62ac9c6d48c2efebe5e8 upstream.
btrfs_ioctl_send() used open-coded kvzalloc implementation earlier.
The code was accidentally replaced with kzalloc() call [1]. Restore
the original code by using kvzalloc() to allocate sctx->clone_roots.
[1] https://patchwork.kernel.org/patch/9757891/#20529627
Fixes: 818e010bf9 ("btrfs: replace opencoded kvzalloc with the helper")
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: Denis Efremov <efremov@linux.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9c2b4e0347067396ceb3ae929d6888c81d610259 upstream.
During an incremental send, when an inode has multiple new references we
might end up emitting rename operations for orphanizations that have a
source path that is no longer valid due to a previous orphanization of
some directory inode. This causes the receiver to fail since it tries
to rename a path that does not exists.
Example reproducer:
$ cat reproducer.sh
#!/bin/bash
mkfs.btrfs -f /dev/sdi >/dev/null
mount /dev/sdi /mnt/sdi
touch /mnt/sdi/f1
touch /mnt/sdi/f2
mkdir /mnt/sdi/d1
mkdir /mnt/sdi/d1/d2
# Filesystem looks like:
#
# . (ino 256)
# |----- f1 (ino 257)
# |----- f2 (ino 258)
# |----- d1/ (ino 259)
# |----- d2/ (ino 260)
btrfs subvolume snapshot -r /mnt/sdi /mnt/sdi/snap1
btrfs send -f /tmp/snap1.send /mnt/sdi/snap1
# Now do a series of changes such that:
#
# *) inode 258 has one new hardlink and the previous name changed
#
# *) both names conflict with the old names of two other inodes:
#
# 1) the new name "d1" conflicts with the old name of inode 259,
# under directory inode 256 (root)
#
# 2) the new name "d2" conflicts with the old name of inode 260
# under directory inode 259
#
# *) inodes 259 and 260 now have the old names of inode 258
#
# *) inode 257 is now located under inode 260 - an inode with a number
# smaller than the inode (258) for which we created a second hard
# link and swapped its names with inodes 259 and 260
#
ln /mnt/sdi/f2 /mnt/sdi/d1/f2_link
mv /mnt/sdi/f1 /mnt/sdi/d1/d2/f1
# Swap d1 and f2.
mv /mnt/sdi/d1 /mnt/sdi/tmp
mv /mnt/sdi/f2 /mnt/sdi/d1
mv /mnt/sdi/tmp /mnt/sdi/f2
# Swap d2 and f2_link
mv /mnt/sdi/f2/d2 /mnt/sdi/tmp
mv /mnt/sdi/f2/f2_link /mnt/sdi/f2/d2
mv /mnt/sdi/tmp /mnt/sdi/f2/f2_link
# Filesystem now looks like:
#
# . (ino 256)
# |----- d1 (ino 258)
# |----- f2/ (ino 259)
# |----- f2_link/ (ino 260)
# | |----- f1 (ino 257)
# |
# |----- d2 (ino 258)
btrfs subvolume snapshot -r /mnt/sdi /mnt/sdi/snap2
btrfs send -f /tmp/snap2.send -p /mnt/sdi/snap1 /mnt/sdi/snap2
mkfs.btrfs -f /dev/sdj >/dev/null
mount /dev/sdj /mnt/sdj
btrfs receive -f /tmp/snap1.send /mnt/sdj
btrfs receive -f /tmp/snap2.send /mnt/sdj
umount /mnt/sdi
umount /mnt/sdj
When executed the receive of the incremental stream fails:
$ ./reproducer.sh
Create a readonly snapshot of '/mnt/sdi' in '/mnt/sdi/snap1'
At subvol /mnt/sdi/snap1
Create a readonly snapshot of '/mnt/sdi' in '/mnt/sdi/snap2'
At subvol /mnt/sdi/snap2
At subvol snap1
At snapshot snap2
ERROR: rename d1/d2 -> o260-6-0 failed: No such file or directory
This happens because:
1) When processing inode 257 we end up computing the name for inode 259
because it is an ancestor in the send snapshot, and at that point it
still has its old name, "d1", from the parent snapshot because inode
259 was not yet processed. We then cache that name, which is valid
until we start processing inode 259 (or set the progress to 260 after
processing its references);
2) Later we start processing inode 258 and collecting all its new
references into the list sctx->new_refs. The first reference in the
list happens to be the reference for name "d1" while the reference for
name "d2" is next (the last element of the list).
We compute the full path "d1/d2" for this second reference and store
it in the reference (its ->full_path member). The path used for the
new parent directory was "d1" and not "f2" because inode 259, the
new parent, was not yet processed;
3) When we start processing the new references at process_recorded_refs()
we start with the first reference in the list, for the new name "d1".
Because there is a conflicting inode that was not yet processed, which
is directory inode 259, we orphanize it, renaming it from "d1" to
"o259-6-0";
4) Then we start processing the new reference for name "d2", and we
realize it conflicts with the reference of inode 260 in the parent
snapshot. So we issue an orphanization operation for inode 260 by
emitting a rename operation with a destination path of "o260-6-0"
and a source path of "d1/d2" - this source path is the value we
stored in the reference earlier at step 2), corresponding to the
->full_path member of the reference, however that path is no longer
valid due to the orphanization of the directory inode 259 in step 3).
This makes the receiver fail since the path does not exists, it should
have been "o259-6-0/d2".
Fix this by recomputing the full path of a reference before emitting an
orphanization if we previously orphanized any directory, since that
directory could be a parent in the new path. This is a rare scenario so
keeping it simple and not checking if that previously orphanized directory
is in fact an ancestor of the inode we are trying to orphanize.
A test case for fstests follows soon.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bb56f02f26fe23798edb1b2175707419b28c752a upstream.
Logging directories with many entries can take a significant amount of
time, and in some cases monopolize a cpu/core for a long time if the
logging task doesn't happen to block often enough.
Johannes and Lu Fengqi reported test case generic/041 triggering a soft
lockup when the kernel has CONFIG_SOFTLOCKUP_DETECTOR=y. For this test
case we log an inode with 3002 hard links, and because the test removed
one hard link before fsyncing the file, the inode logging causes the
parent directory do be logged as well, which has 6004 directory items to
log (3002 BTRFS_DIR_ITEM_KEY items plus 3002 BTRFS_DIR_INDEX_KEY items),
so it can take a significant amount of time and trigger the soft lockup.
So just make tree-log.c:log_dir_items() reschedule when necessary,
releasing the current search path before doing so and then resume from
where it was before the reschedule.
The stack trace produced when the soft lockup happens is the following:
[10480.277653] watchdog: BUG: soft lockup - CPU#2 stuck for 22s! [xfs_io:28172]
[10480.279418] Modules linked in: dm_thin_pool dm_persistent_data (...)
[10480.284915] irq event stamp: 29646366
[10480.285987] hardirqs last enabled at (29646365): [<ffffffff85249b66>] __slab_alloc.constprop.0+0x56/0x60
[10480.288482] hardirqs last disabled at (29646366): [<ffffffff8579b00d>] irqentry_enter+0x1d/0x50
[10480.290856] softirqs last enabled at (4612): [<ffffffff85a00323>] __do_softirq+0x323/0x56c
[10480.293615] softirqs last disabled at (4483): [<ffffffff85800dbf>] asm_call_on_stack+0xf/0x20
[10480.296428] CPU: 2 PID: 28172 Comm: xfs_io Not tainted 5.9.0-rc4-default+ #1248
[10480.298948] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014
[10480.302455] RIP: 0010:__slab_alloc.constprop.0+0x19/0x60
[10480.304151] Code: 86 e8 31 75 21 00 66 66 2e 0f 1f 84 00 00 00 (...)
[10480.309558] RSP: 0018:ffffadbe09397a58 EFLAGS: 00000282
[10480.311179] RAX: ffff8a495ab92840 RBX: 0000000000000282 RCX: 0000000000000006
[10480.313242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff85249b66
[10480.315260] RBP: ffff8a497d04b740 R08: 0000000000000001 R09: 0000000000000001
[10480.317229] R10: ffff8a497d044800 R11: ffff8a495ab93c40 R12: 0000000000000000
[10480.319169] R13: 0000000000000000 R14: 0000000000000c40 R15: ffffffffc01daf70
[10480.321104] FS: 00007fa1dc5c0e40(0000) GS:ffff8a497da00000(0000) knlGS:0000000000000000
[10480.323559] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[10480.325235] CR2: 00007fa1dc5befb8 CR3: 0000000004f8a006 CR4: 0000000000170ea0
[10480.327259] Call Trace:
[10480.328286] ? overwrite_item+0x1f0/0x5a0 [btrfs]
[10480.329784] __kmalloc+0x831/0xa20
[10480.331009] ? btrfs_get_32+0xb0/0x1d0 [btrfs]
[10480.332464] overwrite_item+0x1f0/0x5a0 [btrfs]
[10480.333948] log_dir_items+0x2ee/0x570 [btrfs]
[10480.335413] log_directory_changes+0x82/0xd0 [btrfs]
[10480.336926] btrfs_log_inode+0xc9b/0xda0 [btrfs]
[10480.338374] ? init_once+0x20/0x20 [btrfs]
[10480.339711] btrfs_log_inode_parent+0x8d3/0xd10 [btrfs]
[10480.341257] ? dget_parent+0x97/0x2e0
[10480.342480] btrfs_log_dentry_safe+0x3a/0x50 [btrfs]
[10480.343977] btrfs_sync_file+0x24b/0x5e0 [btrfs]
[10480.345381] do_fsync+0x38/0x70
[10480.346483] __x64_sys_fsync+0x10/0x20
[10480.347703] do_syscall_64+0x2d/0x70
[10480.348891] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[10480.350444] RIP: 0033:0x7fa1dc80970b
[10480.351642] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 (...)
[10480.356952] RSP: 002b:00007fffb3d081d0 EFLAGS: 00000293 ORIG_RAX: 000000000000004a
[10480.359458] RAX: ffffffffffffffda RBX: 0000562d93d45e40 RCX: 00007fa1dc80970b
[10480.361426] RDX: 0000562d93d44ab0 RSI: 0000562d93d45e60 RDI: 0000000000000003
[10480.363367] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007fa1dc7b2a40
[10480.365317] R10: 0000562d93d0e366 R11: 0000000000000293 R12: 0000000000000001
[10480.367299] R13: 0000562d93d45290 R14: 0000562d93d45e40 R15: 0000562d93d45e60
Link: https://lore.kernel.org/linux-btrfs/20180713090216.GC575@fnst.localdomain/
Reported-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
CC: stable@vger.kernel.org # 4.4+
Tested-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Paul Lawrence
Greg Kroah-Hartman
Jiten Patel
Vinayak Menon
Srinivasarao P
qctecmdr
Jaegeuk Kim
Neeraj Soni
Alexander Aring
Qu Wenruo
Filipe Manana
Josef Bacik
Ben Hutchings
Daniel Rosenberg
Alessio Balsini
Matthew Wilcox (Oracle)
Luo Meng
Dinghao Liu
Eric Biggers
Zhihao Cheng
Chuck Lever
Olga Kornievskaia
Jan Kara
Denis Efremov