1. 12 10月, 2015 4 次提交
    • K
      ovl: free stack of paths in ovl_fill_super · 0f95502a
      Konstantin Khlebnikov 提交于
      This fixes small memory leak after mount.
      
      Kmemleak report:
      
      unreferenced object 0xffff88003683fe00 (size 16):
        comm "mount", pid 2029, jiffies 4294909563 (age 33.380s)
        hex dump (first 16 bytes):
          20 27 1f bb 00 88 ff ff 40 4b 0f 36 02 88 ff ff   '......@K.6....
        backtrace:
          [<ffffffff811f8cd4>] create_object+0x124/0x2c0
          [<ffffffff817a059b>] kmemleak_alloc+0x7b/0xc0
          [<ffffffff811dffe6>] __kmalloc+0x106/0x340
          [<ffffffffa01b7a29>] ovl_fill_super+0x389/0x9a0 [overlay]
          [<ffffffff81200ac4>] mount_nodev+0x54/0xa0
          [<ffffffffa01b7118>] ovl_mount+0x18/0x20 [overlay]
          [<ffffffff81201ab3>] mount_fs+0x43/0x170
          [<ffffffff81220d34>] vfs_kern_mount+0x74/0x170
          [<ffffffff812233ad>] do_mount+0x22d/0xdf0
          [<ffffffff812242cb>] SyS_mount+0x7b/0xc0
          [<ffffffff817b6bee>] entry_SYSCALL_64_fastpath+0x12/0x76
          [<ffffffffffffffff>] 0xffffffffffffffff
      Signed-off-by: NKonstantin Khlebnikov <khlebnikov@yandex-team.ru>
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Fixes: a78d9f0d ("ovl: support multiple lower layers")
      Cc: <stable@vger.kernel.org> # v4.0+
      0f95502a
    • M
      ovl: fix open in stacked overlay · 1c8a47df
      Miklos Szeredi 提交于
      If two overlayfs filesystems are stacked on top of each other, then we need
      recursion in ovl_d_select_inode().
      
      I guess d_backing_inode() is supposed to do that.  But currently it doesn't
      and that functionality is open coded in vfs_open().  This is now copied
      into ovl_d_select_inode() to fix this regression.
      Reported-by: NAlban Crequy <alban.crequy@gmail.com>
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Fixes: 4bacc9c9 ("overlayfs: Make f_path always point to the overlay...")
      Cc: David Howells <dhowells@redhat.com>
      Cc: <stable@vger.kernel.org> # v4.2+
      1c8a47df
    • D
      ovl: fix dentry reference leak · ab79efab
      David Howells 提交于
      In ovl_copy_up_locked(), newdentry is leaked if the function exits through
      out_cleanup as this just to out after calling ovl_cleanup() - which doesn't
      actually release the ref on newdentry.
      
      The out_cleanup segment should instead exit through out2 as certainly
      newdentry leaks - and possibly upper does also, though this isn't caught
      given the catch of newdentry.
      
      Without this fix, something like the following is seen:
      
      	BUG: Dentry ffff880023e9eb20{i=f861,n=#ffff880023e82d90} still in use (1) [unmount of tmpfs tmpfs]
      	BUG: Dentry ffff880023ece640{i=0,n=bigfile}  still in use (1) [unmount of tmpfs tmpfs]
      
      when unmounting the upper layer after an error occurred in copyup.
      
      An error can be induced by creating a big file in a lower layer with
      something like:
      
      	dd if=/dev/zero of=/lower/a/bigfile bs=65536 count=1 seek=$((0xf000))
      
      to create a large file (4.1G).  Overlay an upper layer that is too small
      (on tmpfs might do) and then induce a copy up by opening it writably.
      Reported-by: NUlrich Obergfell <uobergfe@redhat.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Cc: <stable@vger.kernel.org> # v3.18+
      ab79efab
    • D
      ovl: use O_LARGEFILE in ovl_copy_up() · 0480334f
      David Howells 提交于
      Open the lower file with O_LARGEFILE in ovl_copy_up().
      
      Pass O_LARGEFILE unconditionally in ovl_copy_up_data() as it's purely for
      catching 32-bit userspace dealing with a file large enough that it'll be
      mishandled if the application isn't aware that there might be an integer
      overflow.  Inside the kernel, there shouldn't be any problems.
      Reported-by: NUlrich Obergfell <uobergfe@redhat.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Cc: <stable@vger.kernel.org> # v3.18+
      0480334f
  2. 31 8月, 2015 1 次提交
  3. 30 8月, 2015 1 次提交
  4. 29 8月, 2015 2 次提交
  5. 28 8月, 2015 9 次提交
    • L
      Merge tag 'powerpc-4.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 4941b8f0
      Linus Torvalds 提交于
      Pull powerpc fixes from Michael Ellerman:
       "Fix MSI/MSI-X on pseries from Guilherme"
      
      * tag 'powerpc-4.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/PCI: Disable MSI/MSI-X interrupts at PCI probe time in OF case
        PCI: Make pci_msi_setup_pci_dev() non-static for use by arch code
      4941b8f0
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · e001d708
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
       "Some straggler bug fixes here:
      
         1) Netlink_sendmsg() doesn't check iterator type properly in mmap
            case, from Ken-ichirou MATSUZAWA.
      
         2) Don't sleep in atomic context in bcmgenet driver, from Florian
            Fainelli.
      
         3) The pfkey_broadcast() code patch can't actually ever use anything
            other than GFP_ATOMIC.  And the cases that right now pass
            GFP_KERNEL or similar will currently trigger an RCU splat.  Just
            use GFP_ATOMIC unconditionally.  From David Ahern.
      
         4) Fix FD bit timings handling in pcan_usb driver, from Marc
            Kleine-Budde.
      
         5) Cache dst leaked in ip6_gre tunnel removal, fix from Huaibin Wang.
      
         6) Traversal into drivers/net/ethernet/renesas should be triggered by
            CONFIG_NET_VENDOR_RENESAS, not a particular driver's config
            option.  From Kazuya Mizuguchi.
      
         7) Fix regression in handling of igmp_join errors in vxlan, from
            Marcelo Ricardo Leitner.
      
         8) Make phy_{read,write}_mmd_indirect() properly take the mdio_lock
            mutex when programming the registers.  From Russell King.
      
         9) Fix non-forced handling in u32_destroy(), from WANG Cong.
      
        10) Test the EVENT_NO_RUNTIME_PM flag before it is cleared in
            usbnet_stop(), from Eugene Shatokhin.
      
        11) In sfc driver, don't fetch statistics firmware isn't capable of,
            from Bert Kenward.
      
        12) Verify ASCONF address parameter location in SCTP, from Xin Long"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        sctp: donot reset the overall_error_count in SHUTDOWN_RECEIVE state
        sctp: asconf's process should verify address parameter is in the beginning
        sfc: only use vadaptor stats if firmware is capable
        net: phy: fixed: propagate fixed link values to struct
        usbnet: Get EVENT_NO_RUNTIME_PM bit before it is cleared
        drivers: net: xgene: fix: Oops in linkwatch_fire_event
        cls_u32: complete the check for non-forced case in u32_destroy()
        net: fec: use reinit_completion() in mdio accessor functions
        net: phy: add locking to phy_read_mmd_indirect()/phy_write_mmd_indirect()
        vxlan: re-ignore EADDRINUSE from igmp_join
        net: compile renesas directory if NET_VENDOR_RENESAS is configured
        ip6_gre: release cached dst on tunnel removal
        phylib: Make PHYs children of their MDIO bus, not the bus' parent.
        can: pcan_usb: don't provide CAN FD bittimings by non-FD adapters
        net: Fix RCU splat in af_key
        net: bcmgenet: fix uncleaned dma flags
        net: bcmgenet: Avoid sleeping in bcmgenet_timeout
        netlink: mmap: fix tx type check
      e001d708
    • L
      Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 5c98bcce
      Linus Torvalds 提交于
      Pull nvdimm fixlet from Dan Williams:
       "This is a libnvdimm ABI fixup.
      
        I pushed back on this change quite hard given the late date, that it
        appears to be purely cosmetic, sysfs is not necessarily meant to be a
        user friendly UI, and the kernel interprets the reversed polarity of
        the ACPI_NFIT_MEM_ARMED flag correctly.  When this flag is set, the
        energy source of an NVDIMM is not armed and any new writes to the DIMM
        may not be preserved.
      
        However, Bob Moore warned me that it is important to get these things
        named correctly wherever they appear otherwise we run the risk of a
        less than cautious firmware engineer implementing the polarity the
        wrong way.  Once a mistake like that escapes into production platforms
        the flag becomes useless and we need to move to a new bit position.
      
        Bob has agreed to take a change through ACPICA to rename
        ACPI_NFIT_MEM_ARMED to ACPI_NFIT_MEM_NOT_ARMED, and the patch below
        from Toshi brings the sysfs representation of these flags in line with
        their respective polarities.
      
        Please pull for 4.2 as this is the first kernel to expose the ACPI
        NFIT sysfs representation, and this is likely a kernel that firmware
        developers will be using for checking out their NVDIMM enabling"
      
      * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        nfit: Clarify memory device state flags strings
      5c98bcce
    • L
      sctp: donot reset the overall_error_count in SHUTDOWN_RECEIVE state · f648f807
      lucien 提交于
      Commit f8d96052 ("sctp: Enforce retransmission limit during shutdown")
      fixed a problem with excessive retransmissions in the SHUTDOWN_PENDING by not
      resetting the association overall_error_count.  This allowed the association
      to better enforce assoc.max_retrans limit.
      
      However, the same issue still exists when the association is in SHUTDOWN_RECEIVED
      state.  In this state, HB-ACKs will continue to reset the overall_error_count
      for the association would extend the lifetime of association unnecessarily.
      
      This patch solves this by resetting the overall_error_count whenever the current
      state is small then SCTP_STATE_SHUTDOWN_PENDING.  As a small side-effect, we
      end up also handling SCTP_STATE_SHUTDOWN_ACK_SENT and SCTP_STATE_SHUTDOWN_SENT
      states, but they are not really impacted because we disable Heartbeats in those
      states.
      
      Fixes: Commit f8d96052 ("sctp: Enforce retransmission limit during shutdown")
      Signed-off-by: NXin Long <lucien.xin@gmail.com>
      Acked-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Acked-by: NVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f648f807
    • L
      sctp: asconf's process should verify address parameter is in the beginning · ce7b4ccc
      lucien 提交于
      in sctp_process_asconf(), we get address parameter from the beginning of
      the addip params. but we never check if it's really there. if the addr
      param is not there, it still can pass sctp_verify_asconf(), then to be
      handled by sctp_process_asconf(), it will not be safe.
      
      so add a code in sctp_verify_asconf() to check the address parameter is in
      the beginning, or return false to send abort.
      
      note that this can also detect multiple address parameters, and reject it.
      Signed-off-by: NXin Long <lucien.xin@gmail.com>
      Signed-off-by: NMarcelo Ricardo Leitner <mleitner@redhat.com>
      Acked-by: NVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ce7b4ccc
    • T
      nfit: Clarify memory device state flags strings · 402bae59
      Toshi Kani 提交于
      ACPI 6.0 NFIT Memory Device State Flags in Table 5-129 defines
      NVDIMM status as follows.  These bits indicate multiple info,
      such as failures, pending event, and capability.
      
        Bit [0] set to 1 to indicate that the previous SAVE to the
        Memory Device failed.
        Bit [1] set to 1 to indicate that the last RESTORE from the
        Memory Device failed.
        Bit [2] set to 1 to indicate that platform flush of data to
        Memory Device failed. As a result, the restored data content
        may be inconsistent even if SAVE and RESTORE do not indicate
        failure.
        Bit [3] set to 1 to indicate that the Memory Device is observed
        to be not armed prior to OSPM hand off. A Memory Device is
        considered armed if it is able to accept persistent writes.
        Bit [4] set to 1 to indicate that the Memory Device observed
        SMART and health events prior to OSPM handoff.
      
      /sys/bus/nd/devices/nmemX/nfit/flags shows this flags info.
      The output strings associated with the bits are "save", "restore",
      "smart", etc., which can be confusing as they may be interpreted
      as positive status, i.e. save succeeded.
      
      Change also the dev_info() message in acpi_nfit_register_dimms()
      to be consistent with the sysfs flags strings.
      Reported-by: NRobert Elliott <elliott@hp.com>
      Signed-off-by: NToshi Kani <toshi.kani@hp.com>
      [ross: rename 'not_arm' to 'not_armed']
      Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
      [djbw: defer adding bit5, HEALTH_ENABLED, for now]
      Signed-off-by: NDan Williams <dan.j.williams@intel.com>
      402bae59
    • B
      sfc: only use vadaptor stats if firmware is capable · fbe4307e
      Bert Kenward 提交于
      Some of the stats handling code differs based on SR-IOV support,
      and SRIOV support is only available if full-featured firmware is
      used.
      Do not use vadaptor stats if firmware mode is not set to
      full-featured.
      Signed-off-by: NShradha Shah <sshah@solarflare.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fbe4307e
    • M
      net: phy: fixed: propagate fixed link values to struct · 4b195360
      Madalin Bucur 提交于
      The fixed link values parsed from the device tree are stored in
      the struct fixed_phy member status. The struct phy_device members
      speed, duplex were not updated.
      Signed-off-by: NMadalin Bucur <madalin.bucur@freescale.com>
      Reviewed-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4b195360
    • L
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 95803812
      Linus Torvalds 提交于
      Pull amr64 kvm fix from Will Deacon:
       "We've uncovered a nasty bug in the arm64 KVM code which allows a badly
        behaved 32-bit guest to bring down the host.  The fix is simple (it's
        what I believe we call a "brown paper bag" bug) and I don't think it
        makes sense to sit on this, particularly as Russell ended up
        triggering this rather than just somebody noticing a potential problem
        by inspection.
      
        Usually arm64 KVM changes would go via Paolo's tree, but he's on
        holiday at the moment and the deal is that anything urgent gets
        shuffled via the arch trees, so here it is.
      
        Summary:
      
        Fix arm64 KVM issue when injecting an abort into a 32-bit guest, which
        would lead to an illegal exception return at EL2 and a subsequent host
        crash"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: KVM: Fix host crash when injecting a fault into a 32bit guest
      95803812
  6. 27 8月, 2015 2 次提交
  7. 26 8月, 2015 20 次提交
  8. 25 8月, 2015 1 次提交
    • M
      can: pcan_usb: don't provide CAN FD bittimings by non-FD adapters · 06b23f7f
      Marc Kleine-Budde 提交于
      The CAN FD data bittiming constants are provided via netlink only when there
      are valid CAN FD constants available in priv->data_bittiming_const.
      
      Due to the indirection of pointer assignments in the peak_usb driver the
      priv->data_bittiming_const never becomes NULL - not even for non-FD adapters.
      
      The data_bittiming_const points to zero'ed data which leads to this result
      when running 'ip -details link show can0':
      
      35: can0: <NOARP,ECHO> mtu 16 qdisc noop state DOWN mode DEFAULT group default qlen 10
          link/can  promiscuity 0
          can state STOPPED restart-ms 0
      	  pcan_usb: tseg1 1..16 tseg2 1..8 sjw 1..4 brp 1..64 brp-inc 1
      	  : dtseg1 0..0 dtseg2 0..0 dsjw 1..0 dbrp 0..0 dbrp-inc 0  <== BROKEN!
      	  clock 8000000
      
      This patch changes the struct peak_usb_adapter::bittiming_const and struct
      peak_usb_adapter::data_bittiming_const to pointers to fix the assignemnt
      problems.
      
      Cc: linux-stable <stable@vger.kernel.org> # >= 4.0
      Reported-by: NOliver Hartkopp <socketcan@hartkopp.net>
      Tested-by: NOliver Hartkopp <socketcan@hartkopp.net>
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      06b23f7f