58515 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Paul Lawrence
|
84bb7a652b |
ANDROID: Incremental fs: Set credentials before reading/writing
Use same selinux scheme as incfs v2
Fix memory leak.
Bug: 174692664
Test: incfs_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I6058ddad9d43ba01b2eabd7d3c576f2cc9b42292
Git-commit:
|
||
Greg Kroah-Hartman
|
e8b542dd52 |
ANDROID: Incremental fs: fix up attempt to copy structures with READ/WRITE_ONCE
READ/WRITE_ONCE are for atomic data types, not for structures. Fix this
up by doing a memcpy to make it explicit just how messy this copy is...
This fixes a build error on 5.8-rc1, as things are more strict, odds are
it's also wrong in other kernel versions as well...
Cc: Daniel Mentz <danielmentz@google.com>
Cc: Paul Lawrence <paullawrence@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7ecd3d05bd94c936dd5e69c63028458786f37a78
Git-commit:
|
||
Jiten Patel
|
f4ecbf76c7 |
fs: crypto: Add support for legacy pfk based FBE
Enable legacy method to generate aes keys derived from nonce and master key. In private mode the keys will be used as file encryption keys and set into Inline Crypto Engine hardware. This will be used to support OTA upgrades where device were launched using legacy PFK generation method. Test: 1) Flashed P meta, create multiple files under /data. 2) Set PIN 3) Build R (include OTA changes) and flash APPS images of R except userdata and boot the device. 4) Device booted upto UI. 5) Unlock device by PIN set on P build. 6) Files created with Q build retained. 7) Created new files under /data and checked retention across multiple re-boots. Change-Id: I6b4e49ed4549bf4f27ea63ab33016b00dca9fcf0 Signed-off-by: Jiten Patel <jitepate@codeaurora.org> |
||
Vinayak Menon
|
851a03f61d |
mm: process_reclaim: pass pid struct instead of tgid
Pass pid struct instead of tgid to the reclaim notifier so that notifier users need not worry on pid reuse issues. Change-Id: Ifd11937da75547c3b0ddecc19ecad1e488a86962 Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
Vinayak Menon
|
cb82ed9052 |
mm: process_reclaim: skip target_vma
Skip using target_vma for address space reclaim. Shared pages are not reclaimed by this interface and thus there isn't a need to perform targeted reclaim. Change-Id: I17cc0452c1179786ac64f0dd1ee81b2b71bb7caa Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
Srinivasarao P
|
20912a8acc |
Merge android-4.19-stable.157 (8ee67bc ) into msm-4.19
* refs/heads/tmp-8ee67bc Revert "nl80211: fix non-split wiphy information" Reverting usb changes Linux 4.19.157 powercap: restrict energy meter to root access Revert "ANDROID: Kbuild, LLVMLinux: allow overriding clang target triple" Linux 4.19.156 arm64: dts: marvell: espressobin: Add ethernet switch aliases net: dsa: read mac address from DT for slave device tools: perf: Fix build error in v4.19.y perf/core: Fix a memory leak in perf_event_parse_addr_filter() PM: runtime: Resume the device earlier in __device_release_driver() Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE" ARC: stack unwinding: avoid indefinite looping usb: mtu3: fix panic in mtu3_gadget_stop() USB: Add NO_LPM quirk for Kingston flash drive USB: serial: option: add Telit FN980 composition 0x1055 USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 USB: serial: option: add Quectel EC200T module support USB: serial: cyberjack: fix write-URB completion race serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init serial: 8250_mtk: Fix uart_get_baud_rate warning fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent vt: Disable KD_FONT_OP_COPY ACPI: NFIT: Fix comparison to '-ENXIO' drm/vc4: drv: Add error handding for bind vsock: use ns_capable_noaudit() on socket create scsi: core: Don't start concurrent async scan on same host blk-cgroup: Pre-allocate tree node on blkg_conf_prep blk-cgroup: Fix memleak on error path of: Fix reserved-memory overlap detection x86/kexec: Use up-to-dated screen_info copy to fill boot params ARM: dts: sun4i-a10: fix cpu_alert temperature futex: Handle transient "ownerless" rtmutex state correctly tracing: Fix out of bounds write in get_trace_buf ftrace: Handle tracing when switching between context ftrace: Fix recursion check for NMI test ring-buffer: Fix recursion protection transitions between interrupt context gfs2: Wake up when sd_glock_disposal becomes zero mm: always have io_remap_pfn_range() set pgprot_decrypted() kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled lib/crc32test: remove extra local_irq_disable/enable mm: mempolicy: fix potential pte_unmap_unlock pte error ALSA: usb-audio: Add implicit feedback quirk for MODX ALSA: usb-audio: Add implicit feedback quirk for Qu-16 ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 Fonts: Replace discarded const qualifier btrfs: tree-checker: fix the error message for transid error btrfs: tree-checker: Verify inode item btrfs: tree-checker: Enhance chunk checker to validate chunk profile btrfs: tree-checker: Fix wrong check on max devid btrfs: tree-checker: Verify dev item btrfs: tree-checker: Check chunk item at tree block read time btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO btrfs: tree-checker: Make chunk item checker messages more readable btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it btrfs: Don't submit any btree write bio if the fs has errors Btrfs: fix unwritten extent buffers and hangs on future writeback attempts btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io() btrfs: extent_io: Handle errors better in btree_write_cache_pages() btrfs: extent_io: Handle errors better in extent_write_full_page() btrfs: flush write bio if we loop in extent_write_cache_pages Revert "btrfs: flush write bio if we loop in extent_write_cache_pages" btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up btrfs: extent_io: Kill the forward declaration of flush_write_bio blktrace: fix debugfs use after free sfp: Fix error handing in sfp_probe() sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition gianfar: Account for Tx PTP timestamp in the skb headroom gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP chelsio/chtls: fix always leaking ctrl_skb chelsio/chtls: fix memory leaks caused by a race cadence: force nonlinear buffers to be cloned ptrace: fix task_join_group_stop() for the case when current is traced tipc: fix use-after-free in tipc_bcast_get_mode drm/i915: Break up error capture compression loops with cond_resched() ANDROID: fuse: Add support for d_canonical_path ANDROID: vfs: add d_canonical_path for stacked filesystem support ANDROID: Temporarily disable XFRM_USER_COMPAT filtering Linux 4.19.155 staging: octeon: Drop on uncorrectable alignment or FCS error staging: octeon: repair "fixed-link" support staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR device property: Don't clear secondary pointer for shared primary firmware node device property: Keep secondary firmware node secondary by type ARM: s3c24xx: fix missing system reset ARM: samsung: fix PM debug build with DEBUG_LL but !MMU arm: dts: mt7623: add missing pause for switchport hil/parisc: Disable HIL driver when it gets stuck cachefiles: Handle readpage error correctly arm64: berlin: Select DW_APB_TIMER_OF tty: make FONTX ioctl use the tty pointer they were actually passed rtc: rx8010: don't modify the global rtc ops drm/ttm: fix eviction valuable range check. ext4: fix invalid inode checksum ext4: fix error handling code in add_new_gdb ext4: fix leaking sysfs kobject after failed mount vringh: fix __vringh_iov() when riov and wiov are different ring-buffer: Return 0 on success from ring_buffer_resize() 9P: Cast to loff_t before multiplying libceph: clear con->out_msg on Policy::stateful_server faults ceph: promote to unsigned long long before shifting drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally drm/amdgpu: don't map BO in reserved region i2c: imx: Fix external abort on interrupt in exit paths ia64: fix build error with !COREDUMP ubi: check kthread_should_stop() after the setting of task state perf python scripting: Fix printable strings in python3 scripts ubifs: dent: Fix some potential memory leaks while iterating entries NFSD: Add missing NFSv2 .pc_func methods NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation powerpc/powernv/elog: Fix race while processing OPAL error log event. powerpc: Warn about use of smt_snooze_delay powerpc/rtas: Restrict RTAS requests from userspace s390/stp: add locking to sysfs functions powerpc/drmem: Make lmb_size 64 bit iio:gyro:itg3200: Fix timestamp alignment and prevent data leak. iio:adc:ti-adc12138 Fix alignment issue with timestamp iio:adc:ti-adc0832 Fix alignment issue with timestamp iio:light:si1145: Fix timestamp alignment and prevent data leak. dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status udf: Fix memory leak when mounting HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery vt: keyboard, extend func_buf_lock to readers vt: keyboard, simplify vt_kdgkbsent drm/i915: Force VT'd workarounds when running as a guest OS usb: host: fsl-mph-dr-of: check return of dma_set_mask() usb: typec: tcpm: reset hard_reset_count for any disconnect usb: cdc-acm: fix cooldown mechanism usb: dwc3: core: don't trigger runtime pm when remove driver usb: dwc3: core: add phy cleanup for probe error handling usb: dwc3: gadget: Check MPS of the request length usb: dwc3: ep0: Fix ZLP for OUT ep0 requests usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC btrfs: fix use-after-free on readahead extent after failure to create it btrfs: cleanup cow block on error btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() btrfs: send, recompute reference path after orphanization of a directory btrfs: reschedule if necessary when logging directory items btrfs: improve device scanning messages btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode scsi: qla2xxx: Fix crash on session cleanup with unload scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() w1: mxc_w1: Fix timeout resolution problem leading to bus error acpi-cpufreq: Honor _PSD table setting on new AMD CPUs ACPI: debug: don't allow debugging when ACPI is disabled ACPI: video: use ACPI backlight for HP 635 Notebook ACPI / extlog: Check for RDMSR failure ACPI: button: fix handling lid state changes when input device closed NFS: fix nfs_path in case of a rename retry fs: Don't invalidate page buffers in block_write_full_page() media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect leds: bcm6328, bcm6358: use devres LED registering function perf/x86/amd/ibs: Fix raw sample data accumulation perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count() mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN md/raid5: fix oops during stripe resizing nvme-rdma: fix crash when connect rejected sgl_alloc_order: fix memory leak nbd: make the config put is called before the notifying the waiter ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node ARM: dts: s5pv210: move PMU node out of clock controller ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings memory: emif: Remove bogus debugfs error handling ARM: dts: omap4: Fix sgx clock rate for 4430 arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes cifs: handle -EINTR in cifs_setattr gfs2: add validation checks for size of superblock ext4: Detect already used quota file early drivers: watchdog: rdc321x_wdt: Fix race condition bugs net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid clk: ti: clockdomain: fix static checker warning rpmsg: glink: Use complete_all for open states bnxt_en: Log unknown link speed appropriately. md/bitmap: md_bitmap_get_counter returns wrong blocks btrfs: fix replace of seed device drm/amd/display: HDMI remote sink need mode validation for Linux power: supply: test_power: add missing newlines when printing parameters by sysfs bus/fsl_mc: Do not rely on caller to provide non NULL mc_io drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values ACPI: Add out of bounds and numa_off protections to pxm_to_node() xfs: don't free rt blocks when we're doing a REMAP bunmapi call arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE usb: xhci: omit duplicate actions when suspending a runtime suspended host. uio: free uio id after uio file node is freed USB: adutux: fix debugging cpufreq: sti-cpufreq: add stih418 support riscv: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO media: uvcvideo: Fix dereference of out-of-bound list iterator kgdb: Make "kgdbcon" work properly with "kgdb_earlycon" ia64: kprobes: Use generic kretprobe trampoline handler printk: reduce LOG_BUF_SHIFT range for H8300 arm64: topology: Stop using MPIDR for topology information drm/bridge/synopsys: dsi: add support for non-continuous HS clock mmc: via-sdmmc: Fix data race bug media: imx274: fix frame interval handling media: tw5864: check status of tw5864_frameinterval_get usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart media: platform: Improve queue set up flow for bug fixing media: videodev2.h: RGB BT2020 and HSV are always full range drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly ath10k: fix VHT NSS calculation when STBC is enabled ath10k: start recovery process when payload length exceeds max htc length for sdio video: fbdev: pvr2fb: initialize variables xfs: fix realtime bitmap/summary file truncation when growing rt volume power: supply: bq27xxx: report "not charging" on all types ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses um: change sigio_spinlock to a mutex f2fs: fix to check segment boundary during SIT page readahead f2fs: fix uninit-value in f2fs_lookup f2fs: add trace exit in exception path sparc64: remove mm_cpumask clearing to fix kthread_use_mm race powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race powerpc/powernv/smp: Fix spurious DBG() warning futex: Fix incorrect should_fail_futex() handling ata: sata_nv: Fix retrieving of active qcs RDMA/qedr: Fix memory leak in iWARP CM mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels xen/events: block rogue events for some time xen/events: defer eoi in case of excessive number of events xen/events: use a common cpu hotplug hook for event channels xen/events: switch user event channels to lateeoi model xen/pciback: use lateeoi irq binding xen/pvcallsback: use lateeoi irq binding xen/scsiback: use lateeoi irq binding xen/netback: use lateeoi irq binding xen/blkback: use lateeoi irq binding xen/events: add a new "late EOI" evtchn framework xen/events: fix race in evtchn_fifo_unmask() xen/events: add a proper barrier to 2-level uevent unmasking xen/events: avoid removing an event channel while handling it xen/events: don't use chip_data for legacy IRQs Revert "block: ratelimit handle_bad_sector() message" fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext fscrypt: only set dentry_operations on ciphertext dentries fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory fscrypt: fix race allowing rename() and link() of ciphertext dentries fscrypt: clean up and improve dentry revalidation fscrypt: return -EXDEV for incompatible rename or link into encrypted dir ata: sata_rcar: Fix DMA boundary mask serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt mtd: lpddr: Fix bad logic in print_drs_error RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() cxl: Rework error message for incompatible slots p54: avoid accessing the data mapped to streaming DMA evm: Check size of security.evm before using it bpf: Fix comment for helper bpf_current_task_under_cgroup() fuse: fix page dereference after free x86/xen: disable Firmware First mode for correctable memory errors arch/x86/amd/ibs: Fix re-arming IBS Fetch cxgb4: set up filter action after rewrites r8169: fix issue with forced threading in combination with shared interrupts tipc: fix memory leak caused by tipc_buf_append() tcp: Prevent low rmem stalls with SO_RCVLOWAT. ravb: Fix bit fields checking in ravb_hwtstamp_get() netem: fix zero division in tabledist mlxsw: core: Fix memory leak on module removal gtp: fix an use-before-init in gtp_newlink() chelsio/chtls: fix tls record info to user chelsio/chtls: fix memory leaks in CPL handlers chelsio/chtls: fix deadlock issue efivarfs: Replace invalid slashes with exclamation marks in dentries. x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled arm64: link with -z norelro regardless of CONFIG_RELOCATABLE arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs scripts/setlocalversion: make git describe output more reliable objtool: Support Clang non-section symbols in ORC generation ANDROID: GKI: Enable DEBUG_INFO_DWARF4 UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr BACKPORT: xfrm/compat: Add 32=>64-bit messages translator UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator UPSTREAM: xfrm/compat: Add 64=>32-bit messages translator BACKPORT: xfrm: Provide API to register translator module ANDROID: Publish uncompressed Image on aarch64 FROMLIST: crypto: arm64/poly1305-neon - reorder PAC authentication with SP update UPSTREAM: crypto: arm64/chacha - fix chacha_4block_xor_neon() for big endian UPSTREAM: crypto: arm64/chacha - fix hchacha_block_neon() for big endian Linux 4.19.154 usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. eeprom: at25: set minimum read/write access stride to 1 USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). usb: cdc-acm: add quirk to blacklist ETAS ES58X devices tty: serial: fsl_lpuart: fix lpuart32_poll_get_char net: korina: cast KSEG0 address to pointer in kfree ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() usb: core: Solve race condition in anchor cleanup functions brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach mwifiex: don't call del_timer_sync() on uninitialized timer reiserfs: Fix memory leak in reiserfs_parse_options() ipvs: Fix uninit-value in do_ip_vs_set_ctl() tty: ipwireless: fix error handling scsi: qedi: Fix list_del corruption while removing active I/O scsi: qedi: Protect active command list to avoid list corruption Fix use after free in get_capset_info callback. rtl8xxxu: prevent potential memory leak brcmsmac: fix memory leak in wlc_phy_attach_lcnphy scsi: ibmvfc: Fix error return in ibmvfc_probe() Bluetooth: Only mark socket zapped after unlocking usb: ohci: Default to per-port over-current protection xfs: make sure the rt allocator doesn't run off the end reiserfs: only call unlock_new_inode() if I_NEW misc: rtsx: Fix memory leak in rtsx_pci_probe ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() can: flexcan: flexcan_chip_stop(): add error handling and propagate error value usb: dwc3: simple: add support for Hikey 970 USB: cdc-acm: handle broken union descriptors udf: Avoid accessing uninitialized data on failed inode read udf: Limit sparing table size usb: gadget: function: printer: fix use-after-free in __lock_acquire misc: vop: add round_up(x,4) for vring_size to avoid kernel panic mic: vop: copy data to kernel space then write to io memory scsi: target: core: Add CONTROL field for trace events scsi: mvumi: Fix error return in mvumi_io_attach() PM: hibernate: remove the bogus call to get_gendisk() in software_resume() mac80211: handle lack of sband->bitrates in rates ip_gre: set dev->hard_header_len and dev->needed_headroom properly ntfs: add check for mft record size in superblock media: venus: core: Fix runtime PM imbalance in venus_probe fs: dlm: fix configfs memory leak media: saa7134: avoid a shift overflow mmc: sdio: Check for CISTPL_VERS_1 buffer size media: uvcvideo: Ensure all probed info is returned to v4l2 media: media/pci: prevent memory leak in bttv_probe media: bdisp: Fix runtime PM imbalance on error media: platform: sti: hva: Fix runtime PM imbalance on error media: platform: s3c-camif: Fix runtime PM imbalance on error media: vsp1: Fix runtime PM imbalance on error media: exynos4-is: Fix a reference count leak media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync media: sti: Fix reference count leaks media: st-delta: Fix reference count leak in delta_run_work media: ati_remote: sanity check for both endpoints media: firewire: fix memory leak crypto: ccp - fix error handling block: ratelimit handle_bad_sector() message i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs perf: correct SNOOPX field offset sched/features: Fix !CONFIG_JUMP_LABEL case NTB: hw: amd: fix an issue about leak system resources nvmet: fix uninitialized work for zero kato powerpc/powernv/dump: Fix race while processing OPAL dump arm64: dts: zynqmp: Remove additional compatible string for i2c IPs ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts arm64: dts: qcom: pm8916: Remove invalid reg size from wcd_codec memory: fsl-corenet-cf: Fix handling of platform_get_irq() error memory: omap-gpmc: Fix build error without CONFIG_OF memory: omap-gpmc: Fix a couple off by ones ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator ARM: dts: imx6sl: fix rng node netfilter: nf_fwd_netdev: clear timestamp in forwarding path netfilter: conntrack: connection timeout after re-register KVM: x86: emulating RDPID failure shall return #UD rather than #GP Input: sun4i-ps2 - fix handling of platform_get_irq() error Input: twl4030_keypad - fix handling of platform_get_irq() error Input: omap4-keypad - fix handling of platform_get_irq() error Input: ep93xx_keypad - fix handling of platform_get_irq() error Input: stmfts - fix a & vs && typo Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages vfio/pci: Clear token on bypass registration failure ext4: limit entries returned when counting fsmap records svcrdma: fix bounce buffers for unaligned offsets and multiple pages watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 watchdog: Use put_device on error watchdog: Fix memleak in watchdog_cdev_register clk: bcm2835: add missing release if devm_clk_hw_register fails clk: at91: clk-main: update key before writing AT91_CKGR_MOR clk: rockchip: Initialize hw to error to avoid undefined behavior pwm: img: Fix null pointer access in probe rpmsg: smd: Fix a kobj leak in in qcom_smd_parse_edge() PCI: iproc: Set affinity mask on MSI interrupts i2c: rcar: Auto select RESET_CONTROLLER mailbox: avoid timer start from callback rapidio: fix the missed put_device() for rio_mport_add_riodev rapidio: fix error handling path ramfs: fix nommu mmap with gaps in the page cache lib/crc32.c: fix trivial typo in preprocessor condition f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info IB/rdmavt: Fix sizeof mismatch cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier powerpc/perf/hv-gpci: Fix starting index value powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints overflow: Include header file with SIZE_MAX declaration kdb: Fix pager search for multi-line strings RDMA/hns: Fix missing sq_sig_type when querying QP RDMA/hns: Set the unsupported wr opcode perf intel-pt: Fix "context_switch event has no tid" error RDMA/cma: Consolidate the destruction of a cma_multicast in one place RDMA/cma: Remove dead code for kernel rdmacm multicast powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm powerpc/tau: Disable TAU between measurements powerpc/tau: Check processor type before enabling TAU interrupt ANDROID: GKI: update the ABI xml Linux 4.19.153 powerpc/tau: Remove duplicated set_thresholds() call powerpc/tau: Convert from timer to workqueue powerpc/tau: Use appropriate temperature sample interval RDMA/qedr: Fix inline size returned for iWARP RDMA/qedr: Fix use of uninitialized field xfs: fix high key handling in the rt allocator's query_range function xfs: limit entries returned when counting fsmap records arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values mtd: mtdoops: Don't write panic data twice powerpc/pseries: explicitly reschedule during drmem_lmb list traversal mtd: lpddr: fix excessive stack usage with clang RDMA/ucma: Add missing locking around rdma_leave_multicast() RDMA/ucma: Fix locking for ctx->events_reported powerpc/icp-hv: Fix missing of_node_put() in success path powerpc/pseries: Fix missing of_node_put() in rng_init() IB/mlx4: Adjust delayed work when a dup is observed IB/mlx4: Fix starvation in paravirt mux/demux mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary mm/memcg: fix device private memcg accounting netfilter: nf_log: missing vlan offload tag and proto net: korina: fix kfree of rx/tx descriptor array ipvs: clear skb->tstamp in forwarding path mwifiex: fix double free platform/x86: mlx-platform: Remove PSU EEPROM configuration scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() scsi: target: tcmu: Fix warning: 'page' may be used uninitialized usb: dwc2: Fix INTR OUT transfers in DDMA mode. nl80211: fix non-split wiphy information usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. iwlwifi: mvm: split a print to avoid a WARNING in ROC mfd: sm501: Fix leaks in probe() net: enic: Cure the enic api locking trainwreck qtnfmac: fix resource leaks on unsupported iftype error return path HID: hid-input: fix stylus battery reporting slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback slimbus: core: do not enter to clock pause mode in core slimbus: core: check get_addr before removing laddr ida quota: clear padding in v2r1_mem2diskdqb() usb: dwc2: Fix parameter type in function pointer prototype ALSA: seq: oss: Avoid mutex lock for a long-time ioctl misc: mic: scif: Fix error handling path ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() net: dsa: rtl8366rb: Support all 4096 VLANs net: dsa: rtl8366: Skip PVID setting if not requested net: dsa: rtl8366: Refactor VLAN/PVID init net: dsa: rtl8366: Check validity of passed VLANs cpufreq: armada-37xx: Add missing MODULE_DEVICE_TABLE net: stmmac: use netif_tx_start|stop_all_queues() function net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow pinctrl: mcp23s08: Fix mcp23x17 precious range pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser HID: roccat: add bounds checking in kone_sysfs_write_settings() video: fbdev: radeon: Fix memleak in radeonfb_pci_register video: fbdev: sis: fix null ptr dereference video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error drivers/virt/fsl_hypervisor: Fix error handling path pwm: lpss: Add range limit check for the base_unit register value pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() pty: do tty_flip_buffer_push without port->lock in pty_write tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup() tty: serial: earlycon dependency VMCI: check return value of get_user_pages_fast() for errors backlight: sky81452-backlight: Fix refcount imbalance on error scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' drm/gma500: fix error check staging: rtl8192u: Do not use GFP_KERNEL in atomic context mwifiex: Do not use GFP_KERNEL in atomic context brcmfmac: check ndev pointer ASoC: qcom: lpass-cpu: fix concurrency issue ASoC: qcom: lpass-platform: fix memory leak wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() ath6kl: prevent potential array overflow in ath6kl_add_new_sta() Bluetooth: hci_uart: Cancel init work before unregistering ath10k: provide survey info as accumulated data spi: spi-s3c64xx: Check return values spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB regulator: resolve supply after creating regulator media: ti-vpe: Fix a missing check and reference count leak media: stm32-dcmi: Fix a reference count leak media: s5p-mfc: Fix a reference count leak media: camss: Fix a reference count leak. media: platform: fcp: Fix a reference count leak. media: rockchip/rga: Fix a reference count leak. media: rcar-vin: Fix a reference count leak. media: tc358743: cleanup tc358743_cec_isr media: tc358743: initialize variable media: mx2_emmaprp: Fix memleak in emmaprp_probe cypto: mediatek - fix leaks in mtk_desc_ring_alloc hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} crypto: omap-sham - fix digcnt register handling with export/import media: omap3isp: Fix memleak in isp_probe media: uvcvideo: Silence shift-out-of-bounds warning media: uvcvideo: Set media controller entity functions media: m5mols: Check function pointer in m5mols_sensor_power media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" media: tuner-simple: fix regression in simple_set_radio_freq crypto: picoxcell - Fix potential race condition bug crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() crypto: algif_skcipher - EBUSY on aio should be an error x86/events/amd/iommu: Fix sizeof mismatch x86/nmi: Fix nmi_handle() duration miscalculation drivers/perf: xgene_pmu: Fix uninitialized resource struct x86/fpu: Allow multiple bits in clearcpuid= parameter EDAC/ti: Fix handling of platform_get_irq() error EDAC/i5100: Fix error handling order in i5100_init_one() crypto: algif_aead - Do not set MAY_BACKLOG on the async path ima: Don't ignore errors from crypto_shash_update() KVM: SVM: Initialize prev_ga_tag before use KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages cifs: Return the error from crypt_message when enc/dec key not found. cifs: remove bogus debug code ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 icmp: randomize the global rate limiter r8169: fix operation under forced interrupt threading tcp: fix to update snd_wl1 in bulk receiver fast path nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device chelsio/chtls: correct function return and return type chelsio/chtls: correct netdevice for vlan interface chelsio/chtls: fix socket lock ALSA: bebob: potential info leak in hwdep_read() binder: fix UAF when releasing todo list net/tls: sendfile fails with ktls offload r8169: fix data corruption issue on RTL8402 net/ipv4: always honour route mtu during forwarding tipc: fix the skb_unshare() in tipc_buf_append() net: usb: qmi_wwan: add Cellient MPL200 card net/smc: fix valid DMBE buffer sizes net: fix pos incrementment in ipv6_route_seq_next net: fec: Fix PHY init after phy_reset_after_clk_enable() net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() mlx4: handle non-napi callers to napi_poll ipv4: Restore flowi4_oif update before call to xfrm_lookup_route ibmveth: Identify ingress large send packets. ibmveth: Switch order of ibmveth_helper calls. ANDROID: clang: update to 11.0.5 FROMLIST: arm64: link with -z norelro regardless of CONFIG_RELOCATABLE ANDROID: GKI: enable CONFIG_WIREGUARD UPSTREAM: wireguard: peerlookup: take lock before checking hash in replace operation UPSTREAM: wireguard: noise: take lock when removing handshake entry from table UPSTREAM: wireguard: queueing: make use of ip_tunnel_parse_protocol UPSTREAM: net: ip_tunnel: add header_ops for layer 3 devices UPSTREAM: wireguard: receive: account for napi_gro_receive never returning GRO_DROP UPSTREAM: wireguard: device: avoid circular netns references UPSTREAM: wireguard: noise: do not assign initiation time in if condition UPSTREAM: wireguard: noise: separate receive counter from send counter UPSTREAM: wireguard: queueing: preserve flow hash across packet scrubbing UPSTREAM: wireguard: noise: read preshared key while taking lock UPSTREAM: wireguard: selftests: use newer iproute2 for gcc-10 UPSTREAM: wireguard: send/receive: use explicit unlikely branch instead of implicit coalescing UPSTREAM: wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning UPSTREAM: wireguard: send/receive: cond_resched() when processing worker ringbuffers UPSTREAM: wireguard: socket: remove errant restriction on looping to self UPSTREAM: wireguard: selftests: use normal kernel stack size on ppc64 UPSTREAM: wireguard: receive: use tunnel helpers for decapsulating ECN markings UPSTREAM: wireguard: queueing: cleanup ptr_ring in error path of packet_queue_init UPSTREAM: wireguard: send: remove errant newline from packet_encrypt_worker UPSTREAM: wireguard: noise: error out precomputed DH during handshake rather than config UPSTREAM: wireguard: receive: remove dead code from default packet type case UPSTREAM: wireguard: queueing: account for skb->protocol==0 UPSTREAM: wireguard: selftests: remove duplicated include <sys/types.h> UPSTREAM: wireguard: socket: remove extra call to synchronize_net UPSTREAM: wireguard: send: account for mtu=0 devices UPSTREAM: wireguard: receive: reset last_under_load to zero UPSTREAM: wireguard: selftests: reduce complexity and fix make races UPSTREAM: wireguard: device: use icmp_ndo_send helper UPSTREAM: wireguard: selftests: tie socket waiting to target pid UPSTREAM: wireguard: selftests: ensure non-addition of peers with failed precomputation UPSTREAM: wireguard: noise: reject peers with low order public keys UPSTREAM: wireguard: allowedips: fix use-after-free in root_remove_peer_lists UPSTREAM: net: skbuff: disambiguate argument and member for skb_list_walk_safe helper UPSTREAM: net: introduce skb_list_walk_safe for skb segment walking UPSTREAM: wireguard: socket: mark skbs as not on list when receiving via gro UPSTREAM: wireguard: queueing: do not account for pfmemalloc when clearing skb header UPSTREAM: wireguard: selftests: remove ancient kernel compatibility code UPSTREAM: wireguard: allowedips: use kfree_rcu() instead of call_rcu() UPSTREAM: wireguard: main: remove unused include <linux/version.h> UPSTREAM: wireguard: global: fix spelling mistakes in comments UPSTREAM: wireguard: Kconfig: select parent dependency for crypto UPSTREAM: wireguard: selftests: import harness makefile for test suite UPSTREAM: net: WireGuard secure network tunnel UPSTREAM: timekeeping: Boot should be boottime for coarse ns accessor UPSTREAM: timekeeping: Add missing _ns functions for coarse accessors UPSTREAM: icmp: introduce helper for nat'd source address in network device context UPSTREAM: crypto: poly1305-x86_64 - Use XORL r32,32 UPSTREAM: crypto: curve25519-x86_64 - Use XORL r32,32 UPSTREAM: crypto: arm/poly1305 - Add prototype for poly1305_blocks_neon UPSTREAM: crypto: arm/curve25519 - include <linux/scatterlist.h> UPSTREAM: crypto: x86/curve25519 - Remove unused carry variables UPSTREAM: crypto: x86/chacha-sse3 - use unaligned loads for state array UPSTREAM: crypto: lib/chacha20poly1305 - Add missing function declaration UPSTREAM: crypto: arch/lib - limit simd usage to 4k chunks UPSTREAM: crypto: arm[64]/poly1305 - add artifact to .gitignore files UPSTREAM: crypto: x86/curve25519 - leave r12 as spare register UPSTREAM: crypto: x86/curve25519 - replace with formally verified implementation UPSTREAM: crypto: arm64/chacha - correctly walk through blocks UPSTREAM: crypto: x86/curve25519 - support assemblers with no adx support UPSTREAM: crypto: chacha20poly1305 - prevent integer overflow on large input UPSTREAM: crypto: Kconfig - allow tests to be disabled when manager is disabled UPSTREAM: crypto: arm/chacha - fix build failured when kernel mode NEON is disabled UPSTREAM: crypto: x86/poly1305 - emit does base conversion itself UPSTREAM: crypto: chacha20poly1305 - add back missing test vectors and test chunking UPSTREAM: crypto: x86/poly1305 - fix .gitignore typo UPSTREAM: crypto: curve25519 - Fix selftest build error UPSTREAM: crypto: {arm,arm64,mips}/poly1305 - remove redundant non-reduction from emit UPSTREAM: crypto: x86/poly1305 - wire up faster implementations for kernel UPSTREAM: crypto: x86/poly1305 - import unmodified cryptogams implementation UPSTREAM: crypto: poly1305 - add new 32 and 64-bit generic versions UPSTREAM: crypto: lib/curve25519 - re-add selftests UPSTREAM: crypto: arm/curve25519 - add arch-specific key generation function UPSTREAM: crypto: chacha - fix warning message in header file UPSTREAM: crypto: arch - conditionalize crypto api in arch glue for lib code UPSTREAM: crypto: lib/chacha20poly1305 - use chacha20_crypt() UPSTREAM: crypto: x86/chacha - only unregister algorithms if registered UPSTREAM: crypto: chacha_generic - remove unnecessary setkey() functions UPSTREAM: crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine UPSTREAM: crypto: chacha20poly1305 - import construction and selftest from Zinc UPSTREAM: crypto: arm/curve25519 - wire up NEON implementation UPSTREAM: crypto: arm/curve25519 - import Bernstein and Schwabe's Curve25519 ARM implementation UPSTREAM: crypto: curve25519 - x86_64 library and KPP implementations UPSTREAM: crypto: lib/curve25519 - work around Clang stack spilling issue UPSTREAM: crypto: curve25519 - implement generic KPP driver UPSTREAM: crypto: curve25519 - add kpp selftest UPSTREAM: crypto: curve25519 - generic C library implementations UPSTREAM: crypto: blake2s - x86_64 SIMD implementation UPSTREAM: crypto: blake2s - implement generic shash driver UPSTREAM: crypto: testmgr - add test cases for Blake2s UPSTREAM: crypto: blake2s - generic C library implementation and selftest UPSTREAM: crypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation UPSTREAM: crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation UPSTREAM: crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation UPSTREAM: crypto: x86/poly1305 - expose existing driver as poly1305 library UPSTREAM: crypto: x86/poly1305 - depend on generic library not generic shash UPSTREAM: crypto: poly1305 - expose init/update/final library interface UPSTREAM: crypto: x86/poly1305 - unify Poly1305 state struct with generic code UPSTREAM: crypto: poly1305 - move core routines into a separate library UPSTREAM: crypto: chacha - unexport chacha_generic routines UPSTREAM: crypto: mips/chacha - wire up accelerated 32r2 code from Zinc UPSTREAM: crypto: mips/chacha - import 32r2 ChaCha code from Zinc UPSTREAM: crypto: arm/chacha - expose ARM ChaCha routine as library function UPSTREAM: crypto: arm/chacha - remove dependency on generic ChaCha driver UPSTREAM: crypto: arm/chacha - import Eric Biggers's scalar accelerated ChaCha code UPSTREAM: crypto: arm64/chacha - expose arm64 ChaCha routine as library function UPSTREAM: crypto: arm64/chacha - depend on generic chacha library instead of crypto driver UPSTREAM: crypto: arm64/chacha - use combined SIMD/ALU routine for more speed UPSTREAM: crypto: arm64/chacha - optimize for arbitrary length inputs UPSTREAM: crypto: x86/chacha - expose SIMD ChaCha routine as library function UPSTREAM: crypto: x86/chacha - depend on generic chacha library instead of crypto driver UPSTREAM: crypto: chacha - move existing library code into lib/crypto UPSTREAM: crypto: lib - tidy up lib/crypto Kconfig and Makefile UPSTREAM: crypto: chacha - constify ctx and iv arguments UPSTREAM: crypto: x86/poly1305 - Clear key material from stack in SSE2 variant UPSTREAM: crypto: xchacha20 - fix comments for test vectors UPSTREAM: crypto: xchacha - add test vector from XChaCha20 draft RFC UPSTREAM: crypto: arm64/chacha - add XChaCha12 support UPSTREAM: crypto: arm64/chacha20 - refactor to allow varying number of rounds UPSTREAM: crypto: arm64/chacha20 - add XChaCha20 support UPSTREAM: crypto: x86/chacha - avoid sleeping under kernel_fpu_begin() UPSTREAM: crypto: x86/chacha - yield the FPU occasionally UPSTREAM: crypto: x86/chacha - add XChaCha12 support UPSTREAM: crypto: x86/chacha20 - refactor to allow varying number of rounds UPSTREAM: crypto: x86/chacha20 - add XChaCha20 support UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX-512VL variant UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX-512VL variant UPSTREAM: crypto: x86/chacha20 - Add a 8-block AVX-512VL variant UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX2 variant UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX2 variant UPSTREAM: crypto: x86/chacha20 - Use larger block functions more aggressively UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 8-block AVX2 variant UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 4-block SSSE3 variant UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 1-block SSSE3 variant ANDROID: GKI: Enable CONFIG_USB_ANNOUNCE_NEW_DEVICES ANDROID: GKI: Enable CONFIG_X86_X2APIC ANDROID: move builds to use gas prebuilts UPSTREAM: binder: fix UAF when releasing todo list Conflicts: crypto/algif_aead.c drivers/rpmsg/qcom_glink_native.c drivers/scsi/ufs/ufs-qcom.c drivers/slimbus/qcom-ngd-ctrl.c fs/notify/inotify/inotify_user.c include/linux/dcache.h include/linux/fsnotify.h mm/oom_kill.c Fixed build errors: fs/fuse/dir.c Change-Id: I95bdbb1b183fa2c569023f18e09799d9cb96fc9f Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
qctecmdr
|
00089f062c | Merge "f2fs: should avoid inode eviction in synchronous path" | ||
Jaegeuk Kim
|
f7c4854c79 |
f2fs: prepare a waiter before entering io_schedule
This is to avoid sleep() in the waiter thread. [ 20.157753] ------------[ cut here ]------------ [ 20.158393] do not call blocking ops when !TASK_RUNNING; state=2 set at [<0000000096354225>] prepare_to_wait+0xcd/0x430 [ 20.159858] WARNING: CPU: 1 PID: 1152 at kernel/sched/core.c:7142 __might_sleep+0x149/0x1a0 ... [ 20.176110] __submit_merged_write_cond+0x191/0x310 [ 20.176739] f2fs_submit_merged_write+0x18/0x20 [ 20.177323] f2fs_wait_on_all_pages+0x269/0x2d0 [ 20.177899] ? block_operations+0x980/0x980 [ 20.178441] ? __kasan_check_read+0x11/0x20 [ 20.178975] ? finish_wait+0x260/0x260 [ 20.179488] ? percpu_counter_set+0x147/0x230 [ 20.180049] do_checkpoint+0x1757/0x2a50 [ 20.180558] f2fs_write_checkpoint+0x840/0xaf0 [ 20.181126] f2fs_sync_fs+0x287/0x4a0. Change-Id: I8ec83957172abca950945cafa6c4311d8ec08a59 Reported-by: Eric Biggers <ebiggers@kernel.org> Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Git-commit: 828add774f0d2bf930cdeca6c982c1fbcdd846bb Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/ Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org> |
||
Jaegeuk Kim
|
c6245540a2 |
f2fs: fix deadlock between quota writes and checkpoint
f2fs_write_data_pages(quota_mapping) __f2fs_write_data_pages f2fs_write_checkpoint * blk_start_plug(&plug); * add bio in write_io[DATA] - block_operations - skip syncing quota by >DEFAULT_RETRY_QUOTA_FLUSH_COUNT - down_write(&sbi->node_write); - f2fs_write_single_data_page - down_read(node_write) - f2fs_wait_on_all_pages(F2FS_WB_CP_DATA); Change-Id: I0081e701db50dee0b915c788e875d16a2c7da73d Signed-off-by: Daeho Jeong <daehojeong@google.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Git-commit: 1fd280188d1f1e7318264a34aba435f3b69e71e8 Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/ Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org> |
||
Neeraj Soni
|
29db976690 |
fs: crypto: support IV_INO_LBLK_32 for legacy (V1) format
New file encryption V2 format suports IV_INO_LBLK_32 but this is needed in V1 to support over the air upgrade which uses FS_ENCRYPTION_MODE_PRIVATE data encryption mode. Also randomness of encrypted data for eMMC devices is fixed. Test: vts-kernel-encryption-test after Q to R OTA. Change-Id: Idb9f5a140e755a9f5c9aa26d5f0e900252f441e8 Signed-off-by: Neeraj Soni <neersoni@codeaurora.org> |
||
Jaegeuk Kim
|
82ee07bc9e |
f2fs: should avoid inode eviction in synchronous path
https://bugzilla.kernel.org/show_bug.cgi?id=208565 PID: 257 TASK: ecdd0000 CPU: 0 COMMAND: "init" #0 [<c0b420ec>] (__schedule) from [<c0b423c8>] #1 [<c0b423c8>] (schedule) from [<c0b459d4>] #2 [<c0b459d4>] (rwsem_down_read_failed) from [<c0b44fa0>] #3 [<c0b44fa0>] (down_read) from [<c044233c>] #4 [<c044233c>] (f2fs_truncate_blocks) from [<c0442890>] #5 [<c0442890>] (f2fs_truncate) from [<c044d408>] #6 [<c044d408>] (f2fs_evict_inode) from [<c030be18>] #7 [<c030be18>] (evict) from [<c030a558>] #8 [<c030a558>] (iput) from [<c047c600>] #9 [<c047c600>] (f2fs_sync_node_pages) from [<c0465414>] #10 [<c0465414>] (f2fs_write_checkpoint) from [<c04575f4>] #11 [<c04575f4>] (f2fs_sync_fs) from [<c0441918>] #12 [<c0441918>] (f2fs_do_sync_file) from [<c0441098>] #13 [<c0441098>] (f2fs_sync_file) from [<c0323fa0>] #14 [<c0323fa0>] (vfs_fsync_range) from [<c0324294>] #15 [<c0324294>] (do_fsync) from [<c0324014>] #16 [<c0324014>] (sys_fsync) from [<c0108bc0>] This can be caused by flush_dirty_inode() in f2fs_sync_node_pages() where iput() requires f2fs_lock_op() again resulting in livelock. Change-Id: I5d7ef35a21cdb074e7bf5288371f579bfc0eb19d Reported-by: Zhiguo Niu <Zhiguo.Niu@unisoc.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Git-commit: b0f3b87fb3abc42c81d76c6c5795f26dbdb2f04b Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/ Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org> |
||
qctecmdr
|
ba87aa9b05 |
Merge "Merge android-4.19-stable.152 (13abe23 ) into msm-4.19"
|
||
Greg Kroah-Hartman
|
bc09bee25e |
This is the 4.19.156 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+qe0EACgkQONu9yGCS aT6MSw//TZRP6iLK2RhIrZu2jKD8jfYbHMT9JgKV2QCw7meg9q0JMj+SNP9CPbiL oOYtsXsRFRnAh98aBXNMFmzV7Zm0uUu0XGeFGxnf8y2X7EI1nZ6plvrCUYD8dCiF IPR67yyc5MojNQTfm0XDvQ3C7bKx5PuheRCLwhSuKclnrDxi8FNjS2NSBxi5G32j B7NzateeG7m/zE9fG1RkiJzfwu8/k0PKKecEYFwjRSC5QrXwvtEKdz/X/HkoXsck 345wWHCTObpcDbDWkkUF5VuR36kCWMP+uYT4lNihZTV9+9b8Gz9ghhanDIuVCoU1 biEsJnCORe/PV/xcgGJNkpEtabbDQNJ5Dn3wLKSuRAbBOkN2/nwzZa4EDoXWQSTv PDhzbLDjFjMu8Yb9PKrylhYGTmlNS4mA3hMszF4QNszhRyxTyDGln4MbUkpKg4sO HgU4JLvDOCfkCsGTBJ4XGTBcH+6ZxZwm1b+e4uy3FFZW2CEqSetZ3TCyIBxdLupa 8JYmfqQjmaj0KUiUV9l1SJ6uHcIyg/FoNuCAdtDl7mLuzZdwtEhk3TeaZn4iwxWJ Ku+2qY0X6wsePOTfIA7puWBbK+IonM24Q3oIDVqjA+2yrmLJGlYuaQJrSPzEJHoh upHznwsU2W7MIfA6hJIcQeWIvzM4w5GSKUr3YeknVPIStP1ZqRg= =trRk -----END PGP SIGNATURE----- Merge 4.19.156 into android-4.19-stable Changes in 4.19.156 drm/i915: Break up error capture compression loops with cond_resched() tipc: fix use-after-free in tipc_bcast_get_mode ptrace: fix task_join_group_stop() for the case when current is traced cadence: force nonlinear buffers to be cloned chelsio/chtls: fix memory leaks caused by a race chelsio/chtls: fix always leaking ctrl_skb gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP gianfar: Account for Tx PTP timestamp in the skb headroom net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms sfp: Fix error handing in sfp_probe() blktrace: fix debugfs use after free btrfs: extent_io: Kill the forward declaration of flush_write_bio btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up Revert "btrfs: flush write bio if we loop in extent_write_cache_pages" btrfs: flush write bio if we loop in extent_write_cache_pages btrfs: extent_io: Handle errors better in extent_write_full_page() btrfs: extent_io: Handle errors better in btree_write_cache_pages() btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io() Btrfs: fix unwritten extent buffers and hangs on future writeback attempts btrfs: Don't submit any btree write bio if the fs has errors btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it btrfs: tree-checker: Make chunk item checker messages more readable btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO btrfs: tree-checker: Check chunk item at tree block read time btrfs: tree-checker: Verify dev item btrfs: tree-checker: Fix wrong check on max devid btrfs: tree-checker: Enhance chunk checker to validate chunk profile btrfs: tree-checker: Verify inode item btrfs: tree-checker: fix the error message for transid error Fonts: Replace discarded const qualifier ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices ALSA: usb-audio: Add implicit feedback quirk for Qu-16 ALSA: usb-audio: Add implicit feedback quirk for MODX mm: mempolicy: fix potential pte_unmap_unlock pte error lib/crc32test: remove extra local_irq_disable/enable kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled mm: always have io_remap_pfn_range() set pgprot_decrypted() gfs2: Wake up when sd_glock_disposal becomes zero ring-buffer: Fix recursion protection transitions between interrupt context ftrace: Fix recursion check for NMI test ftrace: Handle tracing when switching between context tracing: Fix out of bounds write in get_trace_buf futex: Handle transient "ownerless" rtmutex state correctly ARM: dts: sun4i-a10: fix cpu_alert temperature x86/kexec: Use up-to-dated screen_info copy to fill boot params of: Fix reserved-memory overlap detection blk-cgroup: Fix memleak on error path blk-cgroup: Pre-allocate tree node on blkg_conf_prep scsi: core: Don't start concurrent async scan on same host vsock: use ns_capable_noaudit() on socket create drm/vc4: drv: Add error handding for bind ACPI: NFIT: Fix comparison to '-ENXIO' vt: Disable KD_FONT_OP_COPY fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent serial: 8250_mtk: Fix uart_get_baud_rate warning serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init USB: serial: cyberjack: fix write-URB completion race USB: serial: option: add Quectel EC200T module support USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 USB: serial: option: add Telit FN980 composition 0x1055 USB: Add NO_LPM quirk for Kingston flash drive usb: mtu3: fix panic in mtu3_gadget_stop() ARC: stack unwinding: avoid indefinite looping Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE" PM: runtime: Resume the device earlier in __device_release_driver() perf/core: Fix a memory leak in perf_event_parse_addr_filter() tools: perf: Fix build error in v4.19.y net: dsa: read mac address from DT for slave device arm64: dts: marvell: espressobin: Add ethernet switch aliases Linux 4.19.156 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I87af8871465f54de0332fa74bc1f342b7fe99061 |
||
Alexander Aring
|
fe0af0efa7 |
gfs2: Wake up when sd_glock_disposal becomes zero
commit da7d554f7c62d0c17c1ac3cc2586473c2d99f0bd upstream. Commit |
||
Qu Wenruo
|
cdf69f3b13 |
btrfs: tree-checker: fix the error message for transid error
commit f96d6960abbc52e26ad124e69e6815283d3e1674 upstream. The error message for inode transid is the same as for inode generation, which makes us unable to detect the real problem. Reported-by: Tyler Richmond <t.d.richmond@gmail.com> Fixes: 496245cac57e ("btrfs: tree-checker: Verify inode item") CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Marcos Paulo de Souza <mpdesouza@suse.com> Signed-off-by: Qu Wenruo <wqu@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> [bwh: Backported to 4.19: adjust context] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
3384e8d725 |
btrfs: tree-checker: Verify inode item
commit 496245cac57e26d8b738d85c7a29cf9a47610f3f upstream. There is a report in kernel bugzilla about mismatch file type in dir item and inode item. This inspires us to check inode mode in inode item. This patch will check the following members: - inode key objectid Should be ROOT_DIR_DIR or [256, (u64)-256] or FREE_INO. - inode key offset Should be 0 - inode item generation - inode item transid No newer than sb generation + 1. The +1 is for log tree. - inode item mode No unknown bits. No invalid S_IF* bit. NOTE: S_IFMT check is not enough, need to check every know type. - inode item nlink Dir should have no more link than 1. - inode item flags Reviewed-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
bedd9974c1 |
btrfs: tree-checker: Enhance chunk checker to validate chunk profile
commit 80e46cf22ba0bcb57b39c7c3b52961ab3a0fd5f2 upstream. Btrfs-progs already have a comprehensive type checker, to ensure there is only 0 (SINGLE profile) or 1 (DUP/RAID0/1/5/6/10) bit set for chunk profile bits. Do the same work for kernel. Reported-by: Yoon Jungyeon <jungyeon@gatech.edu> Link: https://bugzilla.kernel.org/show_bug.cgi?id=202765 Reviewed-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
b5b2a94d84 |
btrfs: tree-checker: Fix wrong check on max devid
commit 8bb177d18f114358a57d8ae7e206861b48b8b4de upstream. [BUG] The following script will cause false alert on devid check. #!/bin/bash dev1=/dev/test/test dev2=/dev/test/scratch1 mnt=/mnt/btrfs umount $dev1 &> /dev/null umount $dev2 &> /dev/null umount $mnt &> /dev/null mkfs.btrfs -f $dev1 mount $dev1 $mnt _fail() { echo "!!! FAILED !!!" exit 1 } for ((i = 0; i < 4096; i++)); do btrfs dev add -f $dev2 $mnt || _fail btrfs dev del $dev1 $mnt || _fail dev_tmp=$dev1 dev1=$dev2 dev2=$dev_tmp done [CAUSE] Tree-checker uses BTRFS_MAX_DEVS() and BTRFS_MAX_DEVS_SYS_CHUNK() as upper limit for devid. But we can have devid holes just like above script. So the check for devid is incorrect and could cause false alert. [FIX] Just remove the whole devid check. We don't have any hard requirement for devid assignment. Furthermore, even devid could get corrupted by a bitflip, we still have dev extents verification at mount time, so corrupted data won't sneak in. This fixes fstests btrfs/194. Reported-by: Anand Jain <anand.jain@oracle.com> Fixes: ab4ba2e13346 ("btrfs: tree-checker: Verify dev item") CC: stable@vger.kernel.org # 5.2+ Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> [bwh: Backported to 4.19: adjust context] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
e23e5d2594 |
btrfs: tree-checker: Verify dev item
commit ab4ba2e133463c702b37242560d7fabedd2dc750 upstream. [BUG] For fuzzed image whose DEV_ITEM has invalid total_bytes as 0, then kernel will just panic: BUG: unable to handle kernel NULL pointer dereference at 0000000000000098 #PF error: [normal kernel read fault] PGD 800000022b2bd067 P4D 800000022b2bd067 PUD 22b2bc067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 1106 Comm: mount Not tainted 5.0.0-rc8+ #9 RIP: 0010:btrfs_verify_dev_extents+0x2a5/0x5a0 Call Trace: open_ctree+0x160d/0x2149 btrfs_mount_root+0x5b2/0x680 [CAUSE] If device extent verification finds a deivce with 0 total_bytes, then it assumes it's a seed dummy, then search for seed devices. But in this case, there is no seed device at all, causing NULL pointer. [FIX] Since this is caused by fuzzed image, let's go the tree-check way, just add a new verification for device item. Reported-by: Yoon Jungyeon <jungyeon@gatech.edu> Link: https://bugzilla.kernel.org/show_bug.cgi?id=202691 Reviewed-by: Nikolay Borisov <nborisov@suse.com> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
3c06c86cd0 |
btrfs: tree-checker: Check chunk item at tree block read time
commit 075cb3c78fe7976c9f29ca1fa23f9728634ecefc upstream. Since we have btrfs_check_chunk_valid() in tree-checker, let's do chunk item verification in tree-checker too. Since the tree-checker is run at endio time, if one chunk leaf fails chunk verification, we can still retry the other copy, making btrfs more robust to fuzzed image as we may still get a good chunk item. Also since we have done chunk verification in tree block read time, skip the btrfs_check_chunk_valid() call in read_one_chunk() if we're reading chunk items from leaf. Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
782aa87c8f |
btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO
commit bf871c3b43b1dcc3f2a076ff39a8f1ce7959d958 upstream. To follow the standard behavior of tree-checker. Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> [bwh: Cherry-picked for 4.19 to ease backporting later fixes] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
c24ed5ea52 |
btrfs: tree-checker: Make chunk item checker messages more readable
commit f114024376bceb1c0f61a7bad4a72a0f978767af upstream. Old error message would be something like: BTRFS error (device dm-3): invalid chunk num_stipres: 0 New error message would be: Btrfs critical (device dm-3): corrupt superblock syschunk array: chunk_start=2097152, invalid chunk num_stripes: 0 Or Btrfs critical (device dm-3): corrupt leaf: root=3 block=8388608 slot=3 chunk_start=2097152, invalid chunk num_stripes: 0 And for certain error message, also output expected value. The error message levels are changed from error to critical. Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> [bwh: Cherry-picked for 4.19 to ease backporting later fixes] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
5d123c6335 |
btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
commit 82fc28fbedbb59642f05215db3b0ef4eb91aa31d upstream. By function, chunk item verification is more suitable to be done inside tree-checker. So move btrfs_check_chunk_valid() to tree-checker.c and export it. And since it's now moved to tree-checker, also add a better comment for what this function is doing. Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> [bwh: Cherry-picked for 4.19 to ease backporting later fixes] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
1527c0e022 |
btrfs: Don't submit any btree write bio if the fs has errors
commit b3ff8f1d380e65dddd772542aa9bff6c86bf715a upstream. [BUG] There is a fuzzed image which could cause KASAN report at unmount time. BUG: KASAN: use-after-free in btrfs_queue_work+0x2c1/0x390 Read of size 8 at addr ffff888067cf6848 by task umount/1922 CPU: 0 PID: 1922 Comm: umount Tainted: G W 5.0.21 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: dump_stack+0x5b/0x8b print_address_description+0x70/0x280 kasan_report+0x13a/0x19b btrfs_queue_work+0x2c1/0x390 btrfs_wq_submit_bio+0x1cd/0x240 btree_submit_bio_hook+0x18c/0x2a0 submit_one_bio+0x1be/0x320 flush_write_bio.isra.41+0x2c/0x70 btree_write_cache_pages+0x3bb/0x7f0 do_writepages+0x5c/0x130 __writeback_single_inode+0xa3/0x9a0 writeback_single_inode+0x23d/0x390 write_inode_now+0x1b5/0x280 iput+0x2ef/0x600 close_ctree+0x341/0x750 generic_shutdown_super+0x126/0x370 kill_anon_super+0x31/0x50 btrfs_kill_super+0x36/0x2b0 deactivate_locked_super+0x80/0xc0 deactivate_super+0x13c/0x150 cleanup_mnt+0x9a/0x130 task_work_run+0x11a/0x1b0 exit_to_usermode_loop+0x107/0x130 do_syscall_64+0x1e5/0x280 entry_SYSCALL_64_after_hwframe+0x44/0xa9 [CAUSE] The fuzzed image has a completely screwd up extent tree: leaf 29421568 gen 8 total ptrs 6 free space 3587 owner EXTENT_TREE refs 2 lock (w:0 r:0 bw:0 br:0 sw:0 sr:0) lock_owner 0 current 5938 item 0 key (12587008 168 4096) itemoff 3942 itemsize 53 extent refs 1 gen 9 flags 1 ref#0: extent data backref root 5 objectid 259 offset 0 count 1 item 1 key (12591104 168 8192) itemoff 3889 itemsize 53 extent refs 1 gen 9 flags 1 ref#0: extent data backref root 5 objectid 271 offset 0 count 1 item 2 key (12599296 168 4096) itemoff 3836 itemsize 53 extent refs 1 gen 9 flags 1 ref#0: extent data backref root 5 objectid 259 offset 4096 count 1 item 3 key (29360128 169 0) itemoff 3803 itemsize 33 extent refs 1 gen 9 flags 2 ref#0: tree block backref root 5 item 4 key (29368320 169 1) itemoff 3770 itemsize 33 extent refs 1 gen 9 flags 2 ref#0: tree block backref root 5 item 5 key (29372416 169 0) itemoff 3737 itemsize 33 extent refs 1 gen 9 flags 2 ref#0: tree block backref root 5 Note that leaf 29421568 doesn't have its backref in the extent tree. Thus extent allocator can re-allocate leaf 29421568 for other trees. In short, the bug is caused by: - Existing tree block gets allocated to log tree This got its generation bumped. - Log tree balance cleaned dirty bit of offending tree block It will not be written back to disk, thus no WRITTEN flag. - Original owner of the tree block gets COWed Since the tree block has higher transid, no WRITTEN flag, it's reused, and not traced by transaction::dirty_pages. - Transaction aborted Tree blocks get cleaned according to transaction::dirty_pages. But the offending tree block is not recorded at all. - Filesystem unmount All pages are assumed to be are clean, destroying all workqueue, then call iput(btree_inode). But offending tree block is still dirty, which triggers writeback, and causes use-after-free bug. The detailed sequence looks like this: - Initial status eb: 29421568, header=WRITTEN bflags_dirty=0, page_dirty=0, gen=8, not traced by any dirty extent_iot_tree. - New tree block is allocated Since there is no backref for 29421568, it's re-allocated as new tree block. Keep in mind that tree block 29421568 is still referred by extent tree. - Tree block 29421568 is filled for log tree eb: 29421568, header=0 bflags_dirty=1, page_dirty=1, gen=9 << (gen bumped) traced by btrfs_root::dirty_log_pages - Some log tree operations Since the fs is using node size 4096, the log tree can easily go a level higher. - Log tree needs balance Tree block 29421568 gets all its content pushed to right, thus now it is empty, and we don't need it. btrfs_clean_tree_block() from __push_leaf_right() get called. eb: 29421568, header=0 bflags_dirty=0, page_dirty=0, gen=9 traced by btrfs_root::dirty_log_pages - Log tree write back btree_write_cache_pages() goes through dirty pages ranges, but since page of tree block 29421568 gets cleaned already, it's not written back to disk. Thus it doesn't have WRITTEN bit set. But ranges in dirty_log_pages are cleared. eb: 29421568, header=0 bflags_dirty=0, page_dirty=0, gen=9 not traced by any dirty extent_iot_tree. - Extent tree update when committing transaction Since tree block 29421568 has transid equal to running trans, and has no WRITTEN bit, should_cow_block() will use it directly without adding it to btrfs_transaction::dirty_pages. eb: 29421568, header=0 bflags_dirty=1, page_dirty=1, gen=9 not traced by any dirty extent_iot_tree. At this stage, we're doomed. We have a dirty eb not tracked by any extent io tree. - Transaction gets aborted due to corrupted extent tree Btrfs cleans up dirty pages according to transaction::dirty_pages and btrfs_root::dirty_log_pages. But since tree block 29421568 is not tracked by neither of them, it's still dirty. eb: 29421568, header=0 bflags_dirty=1, page_dirty=1, gen=9 not traced by any dirty extent_iot_tree. - Filesystem unmount Since all cleanup is assumed to be done, all workqueus are destroyed. Then iput(btree_inode) is called, expecting no dirty pages. But tree 29421568 is still dirty, thus triggering writeback. Since all workqueues are already freed, we cause use-after-free. This shows us that, log tree blocks + bad extent tree can cause wild dirty pages. [FIX] To fix the problem, don't submit any btree write bio if the filesytem has any error. This is the last safe net, just in case other cleanup haven't caught catch it. Link: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377 CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> [bwh: Backported to 4.19: fs_info variable already exists in btree_write_cache_pages()] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Filipe Manana
|
432bdb0d93 |
Btrfs: fix unwritten extent buffers and hangs on future writeback attempts
commit 18dfa7117a3f379862dcd3f67cadd678013bb9dd upstream. The lock_extent_buffer_io() returns 1 to the caller to tell it everything went fine and the callers needs to start writeback for the extent buffer (submit a bio, etc), 0 to tell the caller everything went fine but it does not need to start writeback for the extent buffer, and a negative value if some error happened. When it's about to return 1 it tries to lock all pages, and if a try lock on a page fails, and we didn't flush any existing bio in our "epd", it calls flush_write_bio(epd) and overwrites the return value of 1 to 0 or an error. The page might have been locked elsewhere, not with the goal of starting writeback of the extent buffer, and even by some code other than btrfs, like page migration for example, so it does not mean the writeback of the extent buffer was already started by some other task, so returning a 0 tells the caller (btree_write_cache_pages()) to not start writeback for the extent buffer. Note that epd might currently have either no bio, so flush_write_bio() returns 0 (success) or it might have a bio for another extent buffer with a lower index (logical address). Since we return 0 with the EXTENT_BUFFER_WRITEBACK bit set on the extent buffer and writeback is never started for the extent buffer, future attempts to writeback the extent buffer will hang forever waiting on that bit to be cleared, since it can only be cleared after writeback completes. Such hang is reported with a trace like the following: [49887.347053] INFO: task btrfs-transacti:1752 blocked for more than 122 seconds. [49887.347059] Not tainted 5.2.13-gentoo #2 [49887.347060] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [49887.347062] btrfs-transacti D 0 1752 2 0x80004000 [49887.347064] Call Trace: [49887.347069] ? __schedule+0x265/0x830 [49887.347071] ? bit_wait+0x50/0x50 [49887.347072] ? bit_wait+0x50/0x50 [49887.347074] schedule+0x24/0x90 [49887.347075] io_schedule+0x3c/0x60 [49887.347077] bit_wait_io+0x8/0x50 [49887.347079] __wait_on_bit+0x6c/0x80 [49887.347081] ? __lock_release.isra.29+0x155/0x2d0 [49887.347083] out_of_line_wait_on_bit+0x7b/0x80 [49887.347084] ? var_wake_function+0x20/0x20 [49887.347087] lock_extent_buffer_for_io+0x28c/0x390 [49887.347089] btree_write_cache_pages+0x18e/0x340 [49887.347091] do_writepages+0x29/0xb0 [49887.347093] ? kmem_cache_free+0x132/0x160 [49887.347095] ? convert_extent_bit+0x544/0x680 [49887.347097] filemap_fdatawrite_range+0x70/0x90 [49887.347099] btrfs_write_marked_extents+0x53/0x120 [49887.347100] btrfs_write_and_wait_transaction.isra.4+0x38/0xa0 [49887.347102] btrfs_commit_transaction+0x6bb/0x990 [49887.347103] ? start_transaction+0x33e/0x500 [49887.347105] transaction_kthread+0x139/0x15c So fix this by not overwriting the return value (ret) with the result from flush_write_bio(). We also need to clear the EXTENT_BUFFER_WRITEBACK bit in case flush_write_bio() returns an error, otherwise it will hang any future attempts to writeback the extent buffer, and undo all work done before (set back EXTENT_BUFFER_DIRTY, etc). This is a regression introduced in the 5.2 kernel. Fixes: 2e3c25136adfb ("btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io()") Fixes: f4340622e0226 ("btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up") Reported-by: Zdenek Sojka <zsojka@seznam.cz> Link: https://lore.kernel.org/linux-btrfs/GpO.2yos.3WGDOLpx6t%7D.1TUDYM@seznam.cz/T/#u Reported-by: Stefan Priebe - Profihost AG <s.priebe@profihost.ag> Link: https://lore.kernel.org/linux-btrfs/5c4688ac-10a7-fb07-70e8-c5d31a3fbb38@profihost.ag/T/#t Reported-by: Drazen Kacar <drazen.kacar@oradian.com> Link: https://lore.kernel.org/linux-btrfs/DB8PR03MB562876ECE2319B3E579590F799C80@DB8PR03MB5628.eurprd03.prod.outlook.com/ Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204377 Signed-off-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
2311ea7ea0 |
btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io()
commit 2e3c25136adfb293d517e17f761d3b8a43a8fc22 upstream. This function needs some extra checks on locked pages and eb. For error handling we need to unlock locked pages and the eb. There is a rare >0 return value branch, where all pages get locked while write bio is not flushed. Thankfully it's handled by the only caller, btree_write_cache_pages(), as later write_one_eb() call will trigger submit_one_bio(). So there shouldn't be any problem. Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
22bb77c13f |
btrfs: extent_io: Handle errors better in btree_write_cache_pages()
commit 2b952eea813b1f7e7d4b9782271acd91625b9bb9 upstream. In btree_write_cache_pages(), we can only get @ret <= 0. Add an ASSERT() for it just in case. Then instead of submitting the write bio even we got some error, check the return value first. If we have already hit some error, just clean up the corrupted or half-baked bio, and return error. If there is no error so far, then call flush_write_bio() and return the result. Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
eeda803b77 |
btrfs: extent_io: Handle errors better in extent_write_full_page()
commit 3065976b045f77a910809fa7699f99a1e7c0dbbb upstream. Since now flush_write_bio() could return error, kill the BUG_ON() first. Then don't call flush_write_bio() unconditionally, instead we check the return value from __extent_writepage() first. If __extent_writepage() fails, we do cleanup, and return error without submitting the possible corrupted or half-baked bio. If __extent_writepage() successes, then we call flush_write_bio() and return the result. Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Josef Bacik
|
169ae60340 |
btrfs: flush write bio if we loop in extent_write_cache_pages
commit 42ffb0bf584ae5b6b38f72259af1e0ee417ac77f upstream.
There exists a deadlock with range_cyclic that has existed forever. If
we loop around with a bio already built we could deadlock with a writer
who has the page locked that we're attempting to write but is waiting on
a page in our bio to be written out. The task traces are as follows
PID: 1329874 TASK: ffff889ebcdf3800 CPU: 33 COMMAND: "kworker/u113:5"
#0 [ffffc900297bb658] __schedule at ffffffff81a4c33f
#1 [ffffc900297bb6e0] schedule at ffffffff81a4c6e3
#2 [ffffc900297bb6f8] io_schedule at ffffffff81a4ca42
#3 [ffffc900297bb708] __lock_page at ffffffff811f145b
#4 [ffffc900297bb798] __process_pages_contig at ffffffff814bc502
#5 [ffffc900297bb8c8] lock_delalloc_pages at ffffffff814bc684
#6 [ffffc900297bb900] find_lock_delalloc_range at ffffffff814be9ff
#7 [ffffc900297bb9a0] writepage_delalloc at ffffffff814bebd0
#8 [ffffc900297bba18] __extent_writepage at ffffffff814bfbf2
#9 [ffffc900297bba98] extent_write_cache_pages at ffffffff814bffbd
PID: 2167901 TASK: ffff889dc6a59c00 CPU: 14 COMMAND:
"aio-dio-invalid"
#0 [ffffc9003b50bb18] __schedule at ffffffff81a4c33f
#1 [ffffc9003b50bba0] schedule at ffffffff81a4c6e3
#2 [ffffc9003b50bbb8] io_schedule at ffffffff81a4ca42
#3 [ffffc9003b50bbc8] wait_on_page_bit at ffffffff811f24d6
#4 [ffffc9003b50bc60] prepare_pages at ffffffff814b05a7
#5 [ffffc9003b50bcd8] btrfs_buffered_write at ffffffff814b1359
#6 [ffffc9003b50bdb0] btrfs_file_write_iter at ffffffff814b5933
#7 [ffffc9003b50be38] new_sync_write at ffffffff8128f6a8
#8 [ffffc9003b50bec8] vfs_write at ffffffff81292b9d
#9 [ffffc9003b50bf00] ksys_pwrite64 at ffffffff81293032
I used drgn to find the respective pages we were stuck on
page_entry.page 0xffffea00fbfc7500 index 8148 bit 15 pid 2167901
page_entry.page 0xffffea00f9bb7400 index 7680 bit 0 pid 1329874
As you can see the kworker is waiting for bit 0 (PG_locked) on index
7680, and aio-dio-invalid is waiting for bit 15 (PG_writeback) on index
8148. aio-dio-invalid has 7680, and the kworker epd looks like the
following
crash> struct extent_page_data ffffc900297bbbb0
struct extent_page_data {
bio = 0xffff889f747ed830,
tree = 0xffff889eed6ba448,
extent_locked = 0,
sync_io = 0
}
Probably worth mentioning as well that it waits for writeback of the
page to complete while holding a lock on it (at prepare_pages()).
Using drgn I walked the bio pages looking for page
0xffffea00fbfc7500 which is the one we're waiting for writeback on
bio = Object(prog, 'struct bio', address=0xffff889f747ed830)
for i in range(0, bio.bi_vcnt.value_()):
bv = bio.bi_io_vec[i]
if bv.bv_page.value_() == 0xffffea00fbfc7500:
print("FOUND IT")
which validated what I suspected.
The fix for this is simple, flush the epd before we loop back around to
the beginning of the file during writeout.
Fixes:
|
||
Ben Hutchings
|
aa38097b44 |
Revert "btrfs: flush write bio if we loop in extent_write_cache_pages"
This reverts commit
|
||
Qu Wenruo
|
63ece3bb01 |
btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
commit f4340622e02261fae599e3da936ff4808b418173 upstream. We have a BUG_ON() in flush_write_bio() to handle the return value of submit_one_bio(). Move the BUG_ON() one level up to all its callers. This patch will introduce temporary variable, @flush_ret to keep code change minimal in this patch. That variable will be cleaned up when enhancing the error handling later. Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> [bwh: Cherry-picked for 4.19 to ease backporting later fixes] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
7f2b9e8d42 |
btrfs: extent_io: Kill the forward declaration of flush_write_bio
commit bb58eb9e167d087cc518f7a71c3c00f1671958da upstream. There is no need to forward declare flush_write_bio(), as it only depends on submit_one_bio(). Both of them are pretty small, just move them to kill the forward declaration. Reviewed-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Qu Wenruo <wqu@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> [bwh: Cherry-picked for 4.19 to ease backporting later fixes] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Daniel Rosenberg
|
fa199896a3 |
ANDROID: fuse: Add support for d_canonical_path
Allows FUSE to report to inotify that it is acting as a layered filesystem. The userspace component returns a string representing the location of the underlying file. If the string cannot be resolved into a path, the top level path is returned instead. Bug: 23904372 Bug: 171780975 Test: Pixel 4.19 Change-Id: Iabdca0bbedfbff59e9c820c58636a68ef9683d9f Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Alessio Balsini <balsini@google.com> |
||
Alessio Balsini
|
54b41388f5 |
ANDROID: vfs: add d_canonical_path for stacked filesystem support
Inotify does not currently know when a filesystem is acting as a wrapper around another fs. This means that inotify watchers will miss any modifications to the base file, as well as any made in a separate stacked fs that points to the same file. d_canonical_path solves this problem by allowing the fs to map a dentry to a path in the lower fs. Inotify can use it to find the appropriate place to watch to be informed of all changes to a file. Test: Pixel 4.19 Bug: 171780975 Change-Id: I09563baffad1711a045e45c1bd0bd8713c2cc0b6 Signed-off-by: Daniel Rosenberg <drosen@google.com> [astrachan: Folded 34df4102216e ("ANDROID: fsnotify: Notify lower fs of open") into this patch] Signed-off-by: Alistair Strachan <astrachan@google.com> Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org> Signed-off-by: Alessio Balsini <balsini@google.com> |
||
Greg Kroah-Hartman
|
d1253c75a8 |
This is the 4.19.155 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+jz0oACgkQONu9yGCS aT4hPA//Xp0LuMofylz77cZMkWiagSQ5k/4oKn2O2iEISKfdcFMzjcJbRBMmTFFP r1T0Uu5N2gZQ8ZAV67itpaA/KV9YlytbDrwRBKQ/mxNMP7xaX+hC43hbPrx72Qc5 on6v3z9xTxMB2+HwFlJZpsmYrrjqg1ruGtxR5UMZ37Jt7KUYDRbHDbqMEXRkKHko pWtZ/8GkY8UG3GNpiPlka9BfDK9X0k5m65r3vscbmgCd7bQFQi9rbp930N0y7MMX e/YIBss699EZp6r7hpH1+ETBP6Z2qHxRFY86kcL9I3NcZnI3NrX0pKql0hWlqPOm CeR3z6fpW9Xyf1CqQOkyDBCMfvMLsMarwQ+bb8d+zIQD/I4W12whPhGM4eh6rYcu 2WL4gwiyhju0OuPK7ZcCzMOEPUwWQYvyvwoBnoywZfN5L8702Xi4eN8QqP5l7Hcd lcZH5gv/v1z0Xb6pU4AMthbLB+VcQ5w5g3DfvF/A9kOyzmP0YvKa39y8J379mwdJ 6DXu8DRvee5bYW8LObszzKqshnF79eia+xcf7YFJn1Y2cwh63AQgOcSzaEc5q7/2 kuWNfrZJCyvt41j48bO7MtTEULeCAtPkuKvVrZuCO7Q4J2wFSWuGCUQTg3bm8dQd 5B9V6jQKaCIOn3+/dPXg5N6yaRKZR4dHIUsWpKOs1tOQuucpVmw= =2s9n -----END PGP SIGNATURE----- Merge 4.19.155 into android-4.19-stable Changes in 4.19.155 objtool: Support Clang non-section symbols in ORC generation scripts/setlocalversion: make git describe output more reliable arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs arm64: link with -z norelro regardless of CONFIG_RELOCATABLE x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled efivarfs: Replace invalid slashes with exclamation marks in dentries. chelsio/chtls: fix deadlock issue chelsio/chtls: fix memory leaks in CPL handlers chelsio/chtls: fix tls record info to user gtp: fix an use-before-init in gtp_newlink() mlxsw: core: Fix memory leak on module removal netem: fix zero division in tabledist ravb: Fix bit fields checking in ravb_hwtstamp_get() tcp: Prevent low rmem stalls with SO_RCVLOWAT. tipc: fix memory leak caused by tipc_buf_append() r8169: fix issue with forced threading in combination with shared interrupts cxgb4: set up filter action after rewrites arch/x86/amd/ibs: Fix re-arming IBS Fetch x86/xen: disable Firmware First mode for correctable memory errors fuse: fix page dereference after free bpf: Fix comment for helper bpf_current_task_under_cgroup() evm: Check size of security.evm before using it p54: avoid accessing the data mapped to streaming DMA cxl: Rework error message for incompatible slots RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() mtd: lpddr: Fix bad logic in print_drs_error serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt ata: sata_rcar: Fix DMA boundary mask fscrypt: return -EXDEV for incompatible rename or link into encrypted dir fscrypt: clean up and improve dentry revalidation fscrypt: fix race allowing rename() and link() of ciphertext dentries fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory fscrypt: only set dentry_operations on ciphertext dentries fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext Revert "block: ratelimit handle_bad_sector() message" xen/events: don't use chip_data for legacy IRQs xen/events: avoid removing an event channel while handling it xen/events: add a proper barrier to 2-level uevent unmasking xen/events: fix race in evtchn_fifo_unmask() xen/events: add a new "late EOI" evtchn framework xen/blkback: use lateeoi irq binding xen/netback: use lateeoi irq binding xen/scsiback: use lateeoi irq binding xen/pvcallsback: use lateeoi irq binding xen/pciback: use lateeoi irq binding xen/events: switch user event channels to lateeoi model xen/events: use a common cpu hotplug hook for event channels xen/events: defer eoi in case of excessive number of events xen/events: block rogue events for some time x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() RDMA/qedr: Fix memory leak in iWARP CM ata: sata_nv: Fix retrieving of active qcs futex: Fix incorrect should_fail_futex() handling powerpc/powernv/smp: Fix spurious DBG() warning mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM sparc64: remove mm_cpumask clearing to fix kthread_use_mm race f2fs: add trace exit in exception path f2fs: fix uninit-value in f2fs_lookup f2fs: fix to check segment boundary during SIT page readahead um: change sigio_spinlock to a mutex ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses power: supply: bq27xxx: report "not charging" on all types xfs: fix realtime bitmap/summary file truncation when growing rt volume video: fbdev: pvr2fb: initialize variables ath10k: start recovery process when payload length exceeds max htc length for sdio ath10k: fix VHT NSS calculation when STBC is enabled drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly media: videodev2.h: RGB BT2020 and HSV are always full range media: platform: Improve queue set up flow for bug fixing usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart media: tw5864: check status of tw5864_frameinterval_get media: imx274: fix frame interval handling mmc: via-sdmmc: Fix data race bug drm/bridge/synopsys: dsi: add support for non-continuous HS clock arm64: topology: Stop using MPIDR for topology information printk: reduce LOG_BUF_SHIFT range for H8300 ia64: kprobes: Use generic kretprobe trampoline handler kgdb: Make "kgdbcon" work properly with "kgdb_earlycon" media: uvcvideo: Fix dereference of out-of-bound list iterator riscv: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO cpufreq: sti-cpufreq: add stih418 support USB: adutux: fix debugging uio: free uio id after uio file node is freed usb: xhci: omit duplicate actions when suspending a runtime suspended host. arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE xfs: don't free rt blocks when we're doing a REMAP bunmapi call ACPI: Add out of bounds and numa_off protections to pxm_to_node() drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values bus/fsl_mc: Do not rely on caller to provide non NULL mc_io power: supply: test_power: add missing newlines when printing parameters by sysfs drm/amd/display: HDMI remote sink need mode validation for Linux btrfs: fix replace of seed device md/bitmap: md_bitmap_get_counter returns wrong blocks bnxt_en: Log unknown link speed appropriately. rpmsg: glink: Use complete_all for open states clk: ti: clockdomain: fix static checker warning net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid drivers: watchdog: rdc321x_wdt: Fix race condition bugs ext4: Detect already used quota file early gfs2: add validation checks for size of superblock cifs: handle -EINTR in cifs_setattr arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes ARM: dts: omap4: Fix sgx clock rate for 4430 memory: emif: Remove bogus debugfs error handling ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings ARM: dts: s5pv210: move PMU node out of clock controller ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node nbd: make the config put is called before the notifying the waiter sgl_alloc_order: fix memory leak nvme-rdma: fix crash when connect rejected md/raid5: fix oops during stripe resizing mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count() perf/x86/amd/ibs: Fix raw sample data accumulation leds: bcm6328, bcm6358: use devres LED registering function media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect fs: Don't invalidate page buffers in block_write_full_page() NFS: fix nfs_path in case of a rename retry ACPI: button: fix handling lid state changes when input device closed ACPI / extlog: Check for RDMSR failure ACPI: video: use ACPI backlight for HP 635 Notebook ACPI: debug: don't allow debugging when ACPI is disabled acpi-cpufreq: Honor _PSD table setting on new AMD CPUs w1: mxc_w1: Fix timeout resolution problem leading to bus error scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() scsi: qla2xxx: Fix crash on session cleanup with unload btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode btrfs: improve device scanning messages btrfs: reschedule if necessary when logging directory items btrfs: send, recompute reference path after orphanization of a directory btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() btrfs: cleanup cow block on error btrfs: fix use-after-free on readahead extent after failure to create it usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC usb: dwc3: ep0: Fix ZLP for OUT ep0 requests usb: dwc3: gadget: Check MPS of the request length usb: dwc3: core: add phy cleanup for probe error handling usb: dwc3: core: don't trigger runtime pm when remove driver usb: cdc-acm: fix cooldown mechanism usb: typec: tcpm: reset hard_reset_count for any disconnect usb: host: fsl-mph-dr-of: check return of dma_set_mask() drm/i915: Force VT'd workarounds when running as a guest OS vt: keyboard, simplify vt_kdgkbsent vt: keyboard, extend func_buf_lock to readers HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery udf: Fix memory leak when mounting dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status iio:light:si1145: Fix timestamp alignment and prevent data leak. iio:adc:ti-adc0832 Fix alignment issue with timestamp iio:adc:ti-adc12138 Fix alignment issue with timestamp iio:gyro:itg3200: Fix timestamp alignment and prevent data leak. powerpc/drmem: Make lmb_size 64 bit s390/stp: add locking to sysfs functions powerpc/rtas: Restrict RTAS requests from userspace powerpc: Warn about use of smt_snooze_delay powerpc/powernv/elog: Fix race while processing OPAL error log event. powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag NFSD: Add missing NFSv2 .pc_func methods ubifs: dent: Fix some potential memory leaks while iterating entries perf python scripting: Fix printable strings in python3 scripts ubi: check kthread_should_stop() after the setting of task state ia64: fix build error with !COREDUMP i2c: imx: Fix external abort on interrupt in exit paths drm/amdgpu: don't map BO in reserved region drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally ceph: promote to unsigned long long before shifting libceph: clear con->out_msg on Policy::stateful_server faults 9P: Cast to loff_t before multiplying ring-buffer: Return 0 on success from ring_buffer_resize() vringh: fix __vringh_iov() when riov and wiov are different ext4: fix leaking sysfs kobject after failed mount ext4: fix error handling code in add_new_gdb ext4: fix invalid inode checksum drm/ttm: fix eviction valuable range check. rtc: rx8010: don't modify the global rtc ops tty: make FONTX ioctl use the tty pointer they were actually passed arm64: berlin: Select DW_APB_TIMER_OF cachefiles: Handle readpage error correctly hil/parisc: Disable HIL driver when it gets stuck arm: dts: mt7623: add missing pause for switchport ARM: samsung: fix PM debug build with DEBUG_LL but !MMU ARM: s3c24xx: fix missing system reset device property: Keep secondary firmware node secondary by type device property: Don't clear secondary pointer for shared primary firmware node KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice staging: octeon: repair "fixed-link" support staging: octeon: Drop on uncorrectable alignment or FCS error Linux 4.19.155 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I18fefb5bfaa4d05772c61c2975340d0f089b8e3e |
||
Matthew Wilcox (Oracle)
|
9f14e20c0e |
cachefiles: Handle readpage error correctly
commit 9480b4e75b7108ee68ecf5bc6b4bd68e8031c521 upstream.
If ->readpage returns an error, it has already unlocked the page.
Fixes:
|
||
Luo Meng
|
7b97149296 |
ext4: fix invalid inode checksum
commit 1322181170bb01bce3c228b82ae3d5c6b793164f upstream. During the stability test, there are some errors: ext4_lookup:1590: inode #6967: comm fsstress: iget: checksum invalid. If the inode->i_iblocks too big and doesn't set huge file flag, checksum will not be recalculated when update the inode information to it's buffer. If other inode marks the buffer dirty, then the inconsistent inode will be flushed to disk. Fix this problem by checking i_blocks in advance. Cc: stable@kernel.org Signed-off-by: Luo Meng <luomeng12@huawei.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Link: https://lore.kernel.org/r/20201020013631.3796673-1-luomeng12@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Dinghao Liu
|
6ad22dc99c |
ext4: fix error handling code in add_new_gdb
commit c9e87161cc621cbdcfc472fa0b2d81c63780c8f5 upstream. When ext4_journal_get_write_access() fails, we should terminate the execution flow and release n_group_desc, iloc.bh, dind and gdb_bh. Cc: stable@kernel.org Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Link: https://lore.kernel.org/r/20200829025403.3139-1-dinghao.liu@zju.edu.cn Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Eric Biggers
|
314b5a46c6 |
ext4: fix leaking sysfs kobject after failed mount
commit cb8d53d2c97369029cc638c9274ac7be0a316c75 upstream.
ext4_unregister_sysfs() only deletes the kobject. The reference to it
needs to be put separately, like ext4_put_super() does.
This addresses the syzbot report
"memory leak in kobject_set_name_vargs (3)"
(https://syzkaller.appspot.com/bug?extid=9f864abad79fae7c17e1).
Reported-by: syzbot+9f864abad79fae7c17e1@syzkaller.appspotmail.com
Fixes:
|
||
Matthew Wilcox (Oracle)
|
f870895527 |
9P: Cast to loff_t before multiplying
commit f5f7ab168b9a60e12a4b8f2bb6fcc91321dc23c1 upstream.
On 32-bit systems, this multiplication will overflow for files larger
than 4GB.
Link: http://lkml.kernel.org/r/20201004180428.14494-2-willy@infradead.org
Cc: stable@vger.kernel.org
Fixes:
|
||
Matthew Wilcox (Oracle)
|
4f3b78e25a |
ceph: promote to unsigned long long before shifting
commit c403c3a2fbe24d4ed33e10cabad048583ebd4edf upstream.
On 32-bit systems, this shift will overflow for files larger than 4GB.
Cc: stable@vger.kernel.org
Fixes:
|
||
Zhihao Cheng
|
b08433b1c5 |
ubifs: dent: Fix some potential memory leaks while iterating entries
commit 58f6e78a65f1fcbf732f60a7478ccc99873ff3ba upstream.
Fix some potential memory leaks in error handling branches while
iterating dent entries. For example, function dbg_check_dir()
forgets to free pdent if it exists.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Cc: <stable@vger.kernel.org>
Fixes:
|
||
Chuck Lever
|
88401813fc |
NFSD: Add missing NFSv2 .pc_func methods
commit 6b3dccd48de8a4c650b01499a0b09d1e2279649e upstream. There's no protection in nfsd_dispatch() against a NULL .pc_func helpers. A malicious NFS client can trigger a crash by invoking the unused/unsupported NFSv2 ROOT or WRITECACHE procedures. The current NFSD dispatcher does not support returning a void reply to a non-NULL procedure, so the reply to both of these is wrong, for the moment. Cc: <stable@vger.kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Olga Kornievskaia
|
3c040b9249 |
NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
commit 8c39076c276be0b31982e44654e2c2357473258a upstream. RFC 7862 introduced a new flag that either client or server is allowed to set: EXCHGID4_FLAG_SUPP_FENCE_OPS. Client needs to update its bitmask to allow for this flag value. v2: changed minor version argument to unsigned int Signed-off-by: Olga Kornievskaia <kolga@netapp.com> CC: <stable@vger.kernel.org> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Jan Kara
|
9bbfd6578e |
udf: Fix memory leak when mounting
commit a7be300de800e755714c71103ae4a0d205e41e99 upstream.
udf_process_sequence() allocates temporary array for processing
partition descriptors on volume which it fails to free. Free the array
when it is not needed anymore.
Fixes:
|
||
Filipe Manana
|
0da7b606dc |
btrfs: fix use-after-free on readahead extent after failure to create it
commit 83bc1560e02e25c6439341352024ebe8488f4fbd upstream.
If we fail to find suitable zones for a new readahead extent, we end up
leaving a stale pointer in the global readahead extents radix tree
(fs_info->reada_tree), which can trigger the following trace later on:
[13367.696354] BUG: kernel NULL pointer dereference, address: 00000000000000b0
[13367.696802] #PF: supervisor read access in kernel mode
[13367.697249] #PF: error_code(0x0000) - not-present page
[13367.697721] PGD 0 P4D 0
[13367.698171] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
[13367.698632] CPU: 6 PID: 851214 Comm: btrfs Tainted: G W 5.9.0-rc6-btrfs-next-69 #1
[13367.699100] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
[13367.700069] RIP: 0010:__lock_acquire+0x20a/0x3970
[13367.700562] Code: ff 1f 0f b7 c0 48 0f (...)
[13367.701609] RSP: 0018:ffffb14448f57790 EFLAGS: 00010046
[13367.702140] RAX: 0000000000000000 RBX: 29b935140c15e8cf RCX: 0000000000000000
[13367.702698] RDX: 0000000000000002 RSI: ffffffffb3d66bd0 RDI: 0000000000000046
[13367.703240] RBP: ffff8a52ba8ac040 R08: 00000c2866ad9288 R09: 0000000000000001
[13367.703783] R10: 0000000000000001 R11: 00000000b66d9b53 R12: ffff8a52ba8ac9b0
[13367.704330] R13: 0000000000000000 R14: ffff8a532b6333e8 R15: 0000000000000000
[13367.704880] FS: 00007fe1df6b5700(0000) GS:ffff8a5376600000(0000) knlGS:0000000000000000
[13367.705438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[13367.705995] CR2: 00000000000000b0 CR3: 000000022cca8004 CR4: 00000000003706e0
[13367.706565] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[13367.707127] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[13367.707686] Call Trace:
[13367.708246] ? ___slab_alloc+0x395/0x740
[13367.708820] ? reada_add_block+0xae/0xee0 [btrfs]
[13367.709383] lock_acquire+0xb1/0x480
[13367.709955] ? reada_add_block+0xe0/0xee0 [btrfs]
[13367.710537] ? reada_add_block+0xae/0xee0 [btrfs]
[13367.711097] ? rcu_read_lock_sched_held+0x5d/0x90
[13367.711659] ? kmem_cache_alloc_trace+0x8d2/0x990
[13367.712221] ? lock_acquired+0x33b/0x470
[13367.712784] _raw_spin_lock+0x34/0x80
[13367.713356] ? reada_add_block+0xe0/0xee0 [btrfs]
[13367.713966] reada_add_block+0xe0/0xee0 [btrfs]
[13367.714529] ? btrfs_root_node+0x15/0x1f0 [btrfs]
[13367.715077] btrfs_reada_add+0x117/0x170 [btrfs]
[13367.715620] scrub_stripe+0x21e/0x10d0 [btrfs]
[13367.716141] ? kvm_sched_clock_read+0x5/0x10
[13367.716657] ? __lock_acquire+0x41e/0x3970
[13367.717184] ? scrub_chunk+0x60/0x140 [btrfs]
[13367.717697] ? find_held_lock+0x32/0x90
[13367.718254] ? scrub_chunk+0x60/0x140 [btrfs]
[13367.718773] ? lock_acquired+0x33b/0x470
[13367.719278] ? scrub_chunk+0xcd/0x140 [btrfs]
[13367.719786] scrub_chunk+0xcd/0x140 [btrfs]
[13367.720291] scrub_enumerate_chunks+0x270/0x5c0 [btrfs]
[13367.720787] ? finish_wait+0x90/0x90
[13367.721281] btrfs_scrub_dev+0x1ee/0x620 [btrfs]
[13367.721762] ? rcu_read_lock_any_held+0x8e/0xb0
[13367.722235] ? preempt_count_add+0x49/0xa0
[13367.722710] ? __sb_start_write+0x19b/0x290
[13367.723192] btrfs_ioctl+0x7f5/0x36f0 [btrfs]
[13367.723660] ? __fget_files+0x101/0x1d0
[13367.724118] ? find_held_lock+0x32/0x90
[13367.724559] ? __fget_files+0x101/0x1d0
[13367.724982] ? __x64_sys_ioctl+0x83/0xb0
[13367.725399] __x64_sys_ioctl+0x83/0xb0
[13367.725802] do_syscall_64+0x33/0x80
[13367.726188] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[13367.726574] RIP: 0033:0x7fe1df7add87
[13367.726948] Code: 00 00 00 48 8b 05 09 91 (...)
[13367.727763] RSP: 002b:00007fe1df6b4d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[13367.728179] RAX: ffffffffffffffda RBX: 000055ce1fb596a0 RCX: 00007fe1df7add87
[13367.728604] RDX: 000055ce1fb596a0 RSI: 00000000c400941b RDI: 0000000000000003
[13367.729021] RBP: 0000000000000000 R08: 00007fe1df6b5700 R09: 0000000000000000
[13367.729431] R10: 00007fe1df6b5700 R11: 0000000000000246 R12: 00007ffd922b07de
[13367.729842] R13: 00007ffd922b07df R14: 00007fe1df6b4e40 R15: 0000000000802000
[13367.730275] Modules linked in: btrfs blake2b_generic xor (...)
[13367.732638] CR2: 00000000000000b0
[13367.733166] ---[ end trace d298b6805556acd9 ]---
What happens is the following:
1) At reada_find_extent() we don't find any existing readahead extent for
the metadata extent starting at logical address X;
2) So we proceed to create a new one. We then call btrfs_map_block() to get
information about which stripes contain extent X;
3) After that we iterate over the stripes and create only one zone for the
readahead extent - only one because reada_find_zone() returned NULL for
all iterations except for one, either because a memory allocation failed
or it couldn't find the block group of the extent (it may have just been
deleted);
4) We then add the new readahead extent to the readahead extents radix
tree at fs_info->reada_tree;
5) Then we iterate over each zone of the new readahead extent, and find
that the device used for that zone no longer exists, because it was
removed or it was the source device of a device replace operation.
Since this left 'have_zone' set to 0, after finishing the loop we jump
to the 'error' label, call kfree() on the new readahead extent and
return without removing it from the radix tree at fs_info->reada_tree;
6) Any future call to reada_find_extent() for the logical address X will
find the stale pointer in the readahead extents radix tree, increment
its reference counter, which can trigger the use-after-free right
away or return it to the caller reada_add_block() that results in the
use-after-free of the example trace above.
So fix this by making sure we delete the readahead extent from the radix
tree if we fail to setup zones for it (when 'have_zone = 0').
Fixes:
|
||
Josef Bacik
|
8c6990856f |
btrfs: cleanup cow block on error
commit 572c83acdcdafeb04e70aa46be1fa539310be20c upstream. In fstest btrfs/064 a transaction abort in __btrfs_cow_block could lead to a system lockup. It gets stuck trying to write back inodes, and the write back thread was trying to lock an extent buffer: $ cat /proc/2143497/stack [<0>] __btrfs_tree_lock+0x108/0x250 [<0>] lock_extent_buffer_for_io+0x35e/0x3a0 [<0>] btree_write_cache_pages+0x15a/0x3b0 [<0>] do_writepages+0x28/0xb0 [<0>] __writeback_single_inode+0x54/0x5c0 [<0>] writeback_sb_inodes+0x1e8/0x510 [<0>] wb_writeback+0xcc/0x440 [<0>] wb_workfn+0xd7/0x650 [<0>] process_one_work+0x236/0x560 [<0>] worker_thread+0x55/0x3c0 [<0>] kthread+0x13a/0x150 [<0>] ret_from_fork+0x1f/0x30 This is because we got an error while COWing a block, specifically here if (test_bit(BTRFS_ROOT_SHAREABLE, &root->state)) { ret = btrfs_reloc_cow_block(trans, root, buf, cow); if (ret) { btrfs_abort_transaction(trans, ret); return ret; } } [16402.241552] BTRFS: Transaction aborted (error -2) [16402.242362] WARNING: CPU: 1 PID: 2563188 at fs/btrfs/ctree.c:1074 __btrfs_cow_block+0x376/0x540 [16402.249469] CPU: 1 PID: 2563188 Comm: fsstress Not tainted 5.9.0-rc6+ #8 [16402.249936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 [16402.250525] RIP: 0010:__btrfs_cow_block+0x376/0x540 [16402.252417] RSP: 0018:ffff9cca40e578b0 EFLAGS: 00010282 [16402.252787] RAX: 0000000000000025 RBX: 0000000000000002 RCX: ffff9132bbd19388 [16402.253278] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9132bbd19380 [16402.254063] RBP: ffff9132b41a49c0 R08: 0000000000000000 R09: 0000000000000000 [16402.254887] R10: 0000000000000000 R11: ffff91324758b080 R12: ffff91326ef17ce0 [16402.255694] R13: ffff91325fc0f000 R14: ffff91326ef176b0 R15: ffff9132815e2000 [16402.256321] FS: 00007f542c6d7b80(0000) GS:ffff9132bbd00000(0000) knlGS:0000000000000000 [16402.256973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [16402.257374] CR2: 00007f127b83f250 CR3: 0000000133480002 CR4: 0000000000370ee0 [16402.257867] Call Trace: [16402.258072] btrfs_cow_block+0x109/0x230 [16402.258356] btrfs_search_slot+0x530/0x9d0 [16402.258655] btrfs_lookup_file_extent+0x37/0x40 [16402.259155] __btrfs_drop_extents+0x13c/0xd60 [16402.259628] ? btrfs_block_rsv_migrate+0x4f/0xb0 [16402.259949] btrfs_replace_file_extents+0x190/0x820 [16402.260873] btrfs_clone+0x9ae/0xc00 [16402.261139] btrfs_extent_same_range+0x66/0x90 [16402.261771] btrfs_remap_file_range+0x353/0x3b1 [16402.262333] vfs_dedupe_file_range_one.part.0+0xd5/0x140 [16402.262821] vfs_dedupe_file_range+0x189/0x220 [16402.263150] do_vfs_ioctl+0x552/0x700 [16402.263662] __x64_sys_ioctl+0x62/0xb0 [16402.264023] do_syscall_64+0x33/0x40 [16402.264364] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [16402.264862] RIP: 0033:0x7f542c7d15cb [16402.266901] RSP: 002b:00007ffd35944ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [16402.267627] RAX: ffffffffffffffda RBX: 00000000009d1968 RCX: 00007f542c7d15cb [16402.268298] RDX: 00000000009d2490 RSI: 00000000c0189436 RDI: 0000000000000003 [16402.268958] RBP: 00000000009d2520 R08: 0000000000000036 R09: 00000000009d2e64 [16402.269726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [16402.270659] R13: 000000000001f000 R14: 00000000009d1970 R15: 00000000009d2e80 [16402.271498] irq event stamp: 0 [16402.271846] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [16402.272497] hardirqs last disabled at (0): [<ffffffff910dbf59>] copy_process+0x6b9/0x1ba0 [16402.273343] softirqs last enabled at (0): [<ffffffff910dbf59>] copy_process+0x6b9/0x1ba0 [16402.273905] softirqs last disabled at (0): [<0000000000000000>] 0x0 [16402.274338] ---[ end trace 737874a5a41a8236 ]--- [16402.274669] BTRFS: error (device dm-9) in __btrfs_cow_block:1074: errno=-2 No such entry [16402.276179] BTRFS info (device dm-9): forced readonly [16402.277046] BTRFS: error (device dm-9) in btrfs_replace_file_extents:2723: errno=-2 No such entry [16402.278744] BTRFS: error (device dm-9) in __btrfs_cow_block:1074: errno=-2 No such entry [16402.279968] BTRFS: error (device dm-9) in __btrfs_cow_block:1074: errno=-2 No such entry [16402.280582] BTRFS info (device dm-9): balance: ended with status: -30 The problem here is that as soon as we allocate the new block it is locked and marked dirty in the btree inode. This means that we could attempt to writeback this block and need to lock the extent buffer. However we're not unlocking it here and thus we deadlock. Fix this by unlocking the cow block if we have any errors inside of __btrfs_cow_block, and also free it so we do not leak it. CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Denis Efremov
|
96e4fc79e9 |
btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send()
commit 8eb2fd00153a3a96a19c62ac9c6d48c2efebe5e8 upstream.
btrfs_ioctl_send() used open-coded kvzalloc implementation earlier.
The code was accidentally replaced with kzalloc() call [1]. Restore
the original code by using kvzalloc() to allocate sctx->clone_roots.
[1] https://patchwork.kernel.org/patch/9757891/#20529627
Fixes:
|
||
Filipe Manana
|
67dc9c4f0a |
btrfs: send, recompute reference path after orphanization of a directory
commit 9c2b4e0347067396ceb3ae929d6888c81d610259 upstream. During an incremental send, when an inode has multiple new references we might end up emitting rename operations for orphanizations that have a source path that is no longer valid due to a previous orphanization of some directory inode. This causes the receiver to fail since it tries to rename a path that does not exists. Example reproducer: $ cat reproducer.sh #!/bin/bash mkfs.btrfs -f /dev/sdi >/dev/null mount /dev/sdi /mnt/sdi touch /mnt/sdi/f1 touch /mnt/sdi/f2 mkdir /mnt/sdi/d1 mkdir /mnt/sdi/d1/d2 # Filesystem looks like: # # . (ino 256) # |----- f1 (ino 257) # |----- f2 (ino 258) # |----- d1/ (ino 259) # |----- d2/ (ino 260) btrfs subvolume snapshot -r /mnt/sdi /mnt/sdi/snap1 btrfs send -f /tmp/snap1.send /mnt/sdi/snap1 # Now do a series of changes such that: # # *) inode 258 has one new hardlink and the previous name changed # # *) both names conflict with the old names of two other inodes: # # 1) the new name "d1" conflicts with the old name of inode 259, # under directory inode 256 (root) # # 2) the new name "d2" conflicts with the old name of inode 260 # under directory inode 259 # # *) inodes 259 and 260 now have the old names of inode 258 # # *) inode 257 is now located under inode 260 - an inode with a number # smaller than the inode (258) for which we created a second hard # link and swapped its names with inodes 259 and 260 # ln /mnt/sdi/f2 /mnt/sdi/d1/f2_link mv /mnt/sdi/f1 /mnt/sdi/d1/d2/f1 # Swap d1 and f2. mv /mnt/sdi/d1 /mnt/sdi/tmp mv /mnt/sdi/f2 /mnt/sdi/d1 mv /mnt/sdi/tmp /mnt/sdi/f2 # Swap d2 and f2_link mv /mnt/sdi/f2/d2 /mnt/sdi/tmp mv /mnt/sdi/f2/f2_link /mnt/sdi/f2/d2 mv /mnt/sdi/tmp /mnt/sdi/f2/f2_link # Filesystem now looks like: # # . (ino 256) # |----- d1 (ino 258) # |----- f2/ (ino 259) # |----- f2_link/ (ino 260) # | |----- f1 (ino 257) # | # |----- d2 (ino 258) btrfs subvolume snapshot -r /mnt/sdi /mnt/sdi/snap2 btrfs send -f /tmp/snap2.send -p /mnt/sdi/snap1 /mnt/sdi/snap2 mkfs.btrfs -f /dev/sdj >/dev/null mount /dev/sdj /mnt/sdj btrfs receive -f /tmp/snap1.send /mnt/sdj btrfs receive -f /tmp/snap2.send /mnt/sdj umount /mnt/sdi umount /mnt/sdj When executed the receive of the incremental stream fails: $ ./reproducer.sh Create a readonly snapshot of '/mnt/sdi' in '/mnt/sdi/snap1' At subvol /mnt/sdi/snap1 Create a readonly snapshot of '/mnt/sdi' in '/mnt/sdi/snap2' At subvol /mnt/sdi/snap2 At subvol snap1 At snapshot snap2 ERROR: rename d1/d2 -> o260-6-0 failed: No such file or directory This happens because: 1) When processing inode 257 we end up computing the name for inode 259 because it is an ancestor in the send snapshot, and at that point it still has its old name, "d1", from the parent snapshot because inode 259 was not yet processed. We then cache that name, which is valid until we start processing inode 259 (or set the progress to 260 after processing its references); 2) Later we start processing inode 258 and collecting all its new references into the list sctx->new_refs. The first reference in the list happens to be the reference for name "d1" while the reference for name "d2" is next (the last element of the list). We compute the full path "d1/d2" for this second reference and store it in the reference (its ->full_path member). The path used for the new parent directory was "d1" and not "f2" because inode 259, the new parent, was not yet processed; 3) When we start processing the new references at process_recorded_refs() we start with the first reference in the list, for the new name "d1". Because there is a conflicting inode that was not yet processed, which is directory inode 259, we orphanize it, renaming it from "d1" to "o259-6-0"; 4) Then we start processing the new reference for name "d2", and we realize it conflicts with the reference of inode 260 in the parent snapshot. So we issue an orphanization operation for inode 260 by emitting a rename operation with a destination path of "o260-6-0" and a source path of "d1/d2" - this source path is the value we stored in the reference earlier at step 2), corresponding to the ->full_path member of the reference, however that path is no longer valid due to the orphanization of the directory inode 259 in step 3). This makes the receiver fail since the path does not exists, it should have been "o259-6-0/d2". Fix this by recomputing the full path of a reference before emitting an orphanization if we previously orphanized any directory, since that directory could be a parent in the new path. This is a rare scenario so keeping it simple and not checking if that previously orphanized directory is in fact an ancestor of the inode we are trying to orphanize. A test case for fstests follows soon. CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Filipe Manana
|
c06d72888d |
btrfs: reschedule if necessary when logging directory items
commit bb56f02f26fe23798edb1b2175707419b28c752a upstream. Logging directories with many entries can take a significant amount of time, and in some cases monopolize a cpu/core for a long time if the logging task doesn't happen to block often enough. Johannes and Lu Fengqi reported test case generic/041 triggering a soft lockup when the kernel has CONFIG_SOFTLOCKUP_DETECTOR=y. For this test case we log an inode with 3002 hard links, and because the test removed one hard link before fsyncing the file, the inode logging causes the parent directory do be logged as well, which has 6004 directory items to log (3002 BTRFS_DIR_ITEM_KEY items plus 3002 BTRFS_DIR_INDEX_KEY items), so it can take a significant amount of time and trigger the soft lockup. So just make tree-log.c:log_dir_items() reschedule when necessary, releasing the current search path before doing so and then resume from where it was before the reschedule. The stack trace produced when the soft lockup happens is the following: [10480.277653] watchdog: BUG: soft lockup - CPU#2 stuck for 22s! [xfs_io:28172] [10480.279418] Modules linked in: dm_thin_pool dm_persistent_data (...) [10480.284915] irq event stamp: 29646366 [10480.285987] hardirqs last enabled at (29646365): [<ffffffff85249b66>] __slab_alloc.constprop.0+0x56/0x60 [10480.288482] hardirqs last disabled at (29646366): [<ffffffff8579b00d>] irqentry_enter+0x1d/0x50 [10480.290856] softirqs last enabled at (4612): [<ffffffff85a00323>] __do_softirq+0x323/0x56c [10480.293615] softirqs last disabled at (4483): [<ffffffff85800dbf>] asm_call_on_stack+0xf/0x20 [10480.296428] CPU: 2 PID: 28172 Comm: xfs_io Not tainted 5.9.0-rc4-default+ #1248 [10480.298948] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014 [10480.302455] RIP: 0010:__slab_alloc.constprop.0+0x19/0x60 [10480.304151] Code: 86 e8 31 75 21 00 66 66 2e 0f 1f 84 00 00 00 (...) [10480.309558] RSP: 0018:ffffadbe09397a58 EFLAGS: 00000282 [10480.311179] RAX: ffff8a495ab92840 RBX: 0000000000000282 RCX: 0000000000000006 [10480.313242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff85249b66 [10480.315260] RBP: ffff8a497d04b740 R08: 0000000000000001 R09: 0000000000000001 [10480.317229] R10: ffff8a497d044800 R11: ffff8a495ab93c40 R12: 0000000000000000 [10480.319169] R13: 0000000000000000 R14: 0000000000000c40 R15: ffffffffc01daf70 [10480.321104] FS: 00007fa1dc5c0e40(0000) GS:ffff8a497da00000(0000) knlGS:0000000000000000 [10480.323559] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [10480.325235] CR2: 00007fa1dc5befb8 CR3: 0000000004f8a006 CR4: 0000000000170ea0 [10480.327259] Call Trace: [10480.328286] ? overwrite_item+0x1f0/0x5a0 [btrfs] [10480.329784] __kmalloc+0x831/0xa20 [10480.331009] ? btrfs_get_32+0xb0/0x1d0 [btrfs] [10480.332464] overwrite_item+0x1f0/0x5a0 [btrfs] [10480.333948] log_dir_items+0x2ee/0x570 [btrfs] [10480.335413] log_directory_changes+0x82/0xd0 [btrfs] [10480.336926] btrfs_log_inode+0xc9b/0xda0 [btrfs] [10480.338374] ? init_once+0x20/0x20 [btrfs] [10480.339711] btrfs_log_inode_parent+0x8d3/0xd10 [btrfs] [10480.341257] ? dget_parent+0x97/0x2e0 [10480.342480] btrfs_log_dentry_safe+0x3a/0x50 [btrfs] [10480.343977] btrfs_sync_file+0x24b/0x5e0 [btrfs] [10480.345381] do_fsync+0x38/0x70 [10480.346483] __x64_sys_fsync+0x10/0x20 [10480.347703] do_syscall_64+0x2d/0x70 [10480.348891] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [10480.350444] RIP: 0033:0x7fa1dc80970b [10480.351642] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 (...) [10480.356952] RSP: 002b:00007fffb3d081d0 EFLAGS: 00000293 ORIG_RAX: 000000000000004a [10480.359458] RAX: ffffffffffffffda RBX: 0000562d93d45e40 RCX: 00007fa1dc80970b [10480.361426] RDX: 0000562d93d44ab0 RSI: 0000562d93d45e60 RDI: 0000000000000003 [10480.363367] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007fa1dc7b2a40 [10480.365317] R10: 0000562d93d0e366 R11: 0000000000000293 R12: 0000000000000001 [10480.367299] R13: 0000562d93d45290 R14: 0000562d93d45e40 R15: 0000562d93d45e60 Link: https://lore.kernel.org/linux-btrfs/20180713090216.GC575@fnst.localdomain/ Reported-by: Johannes Thumshirn <johannes.thumshirn@wdc.com> CC: stable@vger.kernel.org # 4.4+ Tested-by: Johannes Thumshirn <johannes.thumshirn@wdc.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com> Signed-off-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |