1. 08 1月, 2018 2 次提交
    • E
      mbcache: revert "fs/mbcache.c: make count_objects() more robust" · bbe45d24
      Eric Biggers 提交于
      This reverts commit d5dabd63.
      
      This patch did absolutely nothing, because ->c_entry_count is unsigned.
      
      In addition if there is a bug in how mbcache maintains its entry count,
      it needs to be fixed, not just hacked around.  (There is no obvious bug,
      though.)
      
      Cc: Jan Kara <jack@suse.cz>
      Cc: Jiang Biao <jiang.biao2@zte.com.cn>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      bbe45d24
    • A
      mbcache: initialize entry->e_referenced in mb_cache_entry_create() · 3876bbe2
      Alexander Potapenko 提交于
      KMSAN reported use of uninitialized |entry->e_referenced| in a condition
      in mb_cache_shrink():
      
      ==================================================================
      BUG: KMSAN: use of uninitialized memory in mb_cache_shrink+0x3b4/0xc50 fs/mbcache.c:287
      CPU: 2 PID: 816 Comm: kswapd1 Not tainted 4.11.0-rc5+ #2877
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs
      01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:16 [inline]
       dump_stack+0x172/0x1c0 lib/dump_stack.c:52
       kmsan_report+0x12a/0x180 mm/kmsan/kmsan.c:927
       __msan_warning_32+0x61/0xb0 mm/kmsan/kmsan_instr.c:469
       mb_cache_shrink+0x3b4/0xc50 fs/mbcache.c:287
       mb_cache_scan+0x67/0x80 fs/mbcache.c:321
       do_shrink_slab mm/vmscan.c:397 [inline]
       shrink_slab+0xc3d/0x12d0 mm/vmscan.c:500
       shrink_node+0x208f/0x2fd0 mm/vmscan.c:2603
       kswapd_shrink_node mm/vmscan.c:3172 [inline]
       balance_pgdat mm/vmscan.c:3289 [inline]
       kswapd+0x160f/0x2850 mm/vmscan.c:3478
       kthread+0x46c/0x5f0 kernel/kthread.c:230
       ret_from_fork+0x29/0x40 arch/x86/entry/entry_64.S:430
      chained origin:
       save_stack_trace+0x37/0x40 arch/x86/kernel/stacktrace.c:59
       kmsan_save_stack_with_flags mm/kmsan/kmsan.c:302 [inline]
       kmsan_save_stack mm/kmsan/kmsan.c:317 [inline]
       kmsan_internal_chain_origin+0x12a/0x1f0 mm/kmsan/kmsan.c:547
       __msan_store_shadow_origin_1+0xac/0x110 mm/kmsan/kmsan_instr.c:257
       mb_cache_entry_create+0x3b3/0xc60 fs/mbcache.c:95
       ext4_xattr_cache_insert fs/ext4/xattr.c:1647 [inline]
       ext4_xattr_block_set+0x4c82/0x5530 fs/ext4/xattr.c:1022
       ext4_xattr_set_handle+0x1332/0x20a0 fs/ext4/xattr.c:1252
       ext4_xattr_set+0x4d2/0x680 fs/ext4/xattr.c:1306
       ext4_xattr_trusted_set+0x8d/0xa0 fs/ext4/xattr_trusted.c:36
       __vfs_setxattr+0x703/0x790 fs/xattr.c:149
       __vfs_setxattr_noperm+0x27a/0x6f0 fs/xattr.c:180
       vfs_setxattr fs/xattr.c:223 [inline]
       setxattr+0x6ae/0x790 fs/xattr.c:449
       path_setxattr+0x1eb/0x380 fs/xattr.c:468
       SYSC_lsetxattr+0x8d/0xb0 fs/xattr.c:490
       SyS_lsetxattr+0x77/0xa0 fs/xattr.c:486
       entry_SYSCALL_64_fastpath+0x13/0x94
      origin:
       save_stack_trace+0x37/0x40 arch/x86/kernel/stacktrace.c:59
       kmsan_save_stack_with_flags mm/kmsan/kmsan.c:302 [inline]
       kmsan_internal_poison_shadow+0xb1/0x1a0 mm/kmsan/kmsan.c:198
       kmsan_kmalloc+0x7f/0xe0 mm/kmsan/kmsan.c:337
       kmem_cache_alloc+0x1c2/0x1e0 mm/slub.c:2766
       mb_cache_entry_create+0x283/0xc60 fs/mbcache.c:86
       ext4_xattr_cache_insert fs/ext4/xattr.c:1647 [inline]
       ext4_xattr_block_set+0x4c82/0x5530 fs/ext4/xattr.c:1022
       ext4_xattr_set_handle+0x1332/0x20a0 fs/ext4/xattr.c:1252
       ext4_xattr_set+0x4d2/0x680 fs/ext4/xattr.c:1306
       ext4_xattr_trusted_set+0x8d/0xa0 fs/ext4/xattr_trusted.c:36
       __vfs_setxattr+0x703/0x790 fs/xattr.c:149
       __vfs_setxattr_noperm+0x27a/0x6f0 fs/xattr.c:180
       vfs_setxattr fs/xattr.c:223 [inline]
       setxattr+0x6ae/0x790 fs/xattr.c:449
       path_setxattr+0x1eb/0x380 fs/xattr.c:468
       SYSC_lsetxattr+0x8d/0xb0 fs/xattr.c:490
       SyS_lsetxattr+0x77/0xa0 fs/xattr.c:486
       entry_SYSCALL_64_fastpath+0x13/0x94
      ==================================================================
      Signed-off-by: NAlexander Potapenko <glider@google.com>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Cc: stable@vger.kernel.org # v4.6
      3876bbe2
  2. 18 12月, 2017 10 次提交
  3. 17 12月, 2017 15 次提交
  4. 16 12月, 2017 13 次提交
    • L
      Revert "mm: replace p??_write with pte_access_permitted in fault + gup paths" · f6f37321
      Linus Torvalds 提交于
      This reverts commits 5c9d2d5c, c7da82b8, and e7fe7b5c.
      
      We'll probably need to revisit this, but basically we should not
      complicate the get_user_pages_fast() case, and checking the actual page
      table protection key bits will require more care anyway, since the
      protection keys depend on the exact state of the VM in question.
      
      Particularly when doing a "remote" page lookup (ie in somebody elses VM,
      not your own), you need to be much more careful than this was.  Dave
      Hansen says:
      
       "So, the underlying bug here is that we now a get_user_pages_remote()
        and then go ahead and do the p*_access_permitted() checks against the
        current PKRU. This was introduced recently with the addition of the
        new p??_access_permitted() calls.
      
        We have checks in the VMA path for the "remote" gups and we avoid
        consulting PKRU for them. This got missed in the pkeys selftests
        because I did a ptrace read, but not a *write*. I also didn't
        explicitly test it against something where a COW needed to be done"
      
      It's also not entirely clear that it makes sense to check the protection
      key bits at this level at all.  But one possible eventual solution is to
      make the get_user_pages_fast() case just abort if it sees protection key
      bits set, which makes us fall back to the regular get_user_pages() case,
      which then has a vma and can do the check there if we want to.
      
      We'll see.
      
      Somewhat related to this all: what we _do_ want to do some day is to
      check the PAGE_USER bit - it should obviously always be set for user
      pages, but it would be a good check to have back.  Because we have no
      generic way to test for it, we lost it as part of moving over from the
      architecture-specific x86 GUP implementation to the generic one in
      commit e585513b ("x86/mm/gup: Switch GUP to the generic
      get_user_page_fast() implementation").
      
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: "Jérôme Glisse" <jglisse@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f6f37321
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 7a3c296a
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Clamp timeouts to INT_MAX in conntrack, from Jay Elliot.
      
       2) Fix broken UAPI for BPF_PROG_TYPE_PERF_EVENT, from Hendrik
          Brueckner.
      
       3) Fix locking in ieee80211_sta_tear_down_BA_sessions, from Johannes
          Berg.
      
       4) Add missing barriers to ptr_ring, from Michael S. Tsirkin.
      
       5) Don't advertise gigabit in sh_eth when not available, from Thomas
          Petazzoni.
      
       6) Check network namespace when delivering to netlink taps, from Kevin
          Cernekee.
      
       7) Kill a race in raw_sendmsg(), from Mohamed Ghannam.
      
       8) Use correct address in TCP md5 lookups when replying to an incoming
          segment, from Christoph Paasch.
      
       9) Add schedule points to BPF map alloc/free, from Eric Dumazet.
      
      10) Don't allow silly mtu values to be used in ipv4/ipv6 multicast, also
          from Eric Dumazet.
      
      11) Fix SKB leak in tipc, from Jon Maloy.
      
      12) Disable MAC learning on OVS ports of mlxsw, from Yuval Mintz.
      
      13) SKB leak fix in skB_complete_tx_timestamp(), from Willem de Bruijn.
      
      14) Add some new qmi_wwan device IDs, from Daniele Palmas.
      
      15) Fix static key imbalance in ingress qdisc, from Jiri Pirko.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (76 commits)
        net: qcom/emac: Reduce timeout for mdio read/write
        net: sched: fix static key imbalance in case of ingress/clsact_init error
        net: sched: fix clsact init error path
        ip_gre: fix wrong return value of erspan_rcv
        net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support
        pkt_sched: Remove TC_RED_OFFLOADED from uapi
        net: sched: Move to new offload indication in RED
        net: sched: Add TCA_HW_OFFLOAD
        net: aquantia: Increment driver version
        net: aquantia: Fix typo in ethtool statistics names
        net: aquantia: Update hw counters on hw init
        net: aquantia: Improve link state and statistics check interval callback
        net: aquantia: Fill in multicast counter in ndev stats from hardware
        net: aquantia: Fill ndev stat couters from hardware
        net: aquantia: Extend stat counters to 64bit values
        net: aquantia: Fix hardware DMA stream overload on large MRRS
        net: aquantia: Fix actual speed capabilities reporting
        sock: free skb in skb_complete_tx_timestamp on error
        s390/qeth: update takeover IPs after configuration change
        s390/qeth: lock IP table while applying takeover changes
        ...
      7a3c296a
    • L
      Merge tag 'usb-4.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · c36c7a7c
      Linus Torvalds 提交于
      Pull USB fixes from Greg KH:
       "Here are some USB fixes for 4.15-rc4.
      
        There is the usual handful gadget/dwc2/dwc3 fixes as always, for
        reported issues. But the most important things in here is the core fix
        from Alan Stern to resolve a nasty security bug (my first attempt is
        reverted, Alan's was much cleaner), as well as a number of usbip fixes
        from Shuah Khan to resolve those reported security issues.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-4.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        USB: core: prevent malicious bNumInterfaces overflow
        Revert "USB: core: only clean up what we allocated"
        USB: core: only clean up what we allocated
        Revert "usb: gadget: allow to enable legacy drivers without USB_ETH"
        usb: gadget: webcam: fix V4L2 Kconfig dependency
        usb: dwc2: Fix TxFIFOn sizes and total TxFIFO size issues
        usb: dwc3: gadget: Fix PCM1 for ISOC EP with ep->mult less than 3
        usb: dwc3: of-simple: set dev_pm_ops
        usb: dwc3: of-simple: fix missing clk_disable_unprepare
        usb: dwc3: gadget: Wait longer for controller to end command processing
        usb: xhci: fix TDS for MTK xHCI1.1
        xhci: Don't add a virt_dev to the devs array before it's fully allocated
        usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
        usbip: prevent vhci_hcd driver from leaking a socket pointer address
        usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
        usbip: fix stub_rx: get_pipe() to validate endpoint number
        tools/usbip: fixes potential (minor) "buffer overflow" (detected on recent gcc with -Werror)
        USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
        usb: musb: da8xx: fix babble condition handling
      c36c7a7c
    • L
      Merge tag 'staging-4.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · a84ec723
      Linus Torvalds 提交于
      Pull staging fixes from Greg KH:
       "Here are some small staging driver fixes for 4.15-rc4.
      
        One patch for the ccree driver to prevent an unitialized value from
        being returned to a caller, and the other fixes a logic error in the
        pi433 driver"
      
      * tag 'staging-4.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: pi433: Fixes issue with bit shift in rf69_get_modulation
        staging: ccree: Uninitialized return in ssi_ahash_import()
      a84ec723
    • L
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · d6e47eed
      Linus Torvalds 提交于
      Pull virtio regression fixes from Michael Tsirkin:
       "Fixes two issues in the latest kernel"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        virtio_mmio: fix devm cleanup
        ptr_ring: fix up after recent ptr_ring changes
      d6e47eed
    • L
      Merge tag 'for-4.15/dm-fixes' of... · ee1b43ec
      Linus Torvalds 提交于
      Merge tag 'for-4.15/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - fix a particularly nasty DM core bug in a 4.15 refcount_t conversion.
      
       - fix various targets to dm_register_target after module __init
         resources created; otherwise racing lvm2 commands could result in a
         NULL pointer during initialization of associated DM kernel module.
      
       - fix regression in bio-based DM multipath queue_if_no_path handling.
      
       - fix DM bufio's shrinker to reclaim more than one buffer per scan.
      
      * tag 'for-4.15/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
        dm mpath: fix bio-based multipath queue_if_no_path handling
        dm: fix various targets to dm_register_target after module __init resources created
        dm table: fix regression from improper dm_dev_internal.count refcount_t conversion
      ee1b43ec
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 66dbbd72
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "The most important one is the bfa fix because it's easy to oops the
        kernel with this driver (this includes the commit that corrects the
        compiler warning in the original), a regression in the new timespec
        conversion in aacraid and a regression in the Fibre Channel ELS
        handling patch.
      
        The other three are a theoretical problem with termination in the
        vendor/host matching code and a use after free in lpfc.
      
        The additional patches are a fix for an I/O hang in the mq code under
        certain circumstances and a rare oops in some debugging code"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: core: Fix a scsi_show_rq() NULL pointer dereference
        scsi: MAINTAINERS: change FCoE list to linux-scsi
        scsi: libsas: fix length error in sas_smp_handler()
        scsi: bfa: fix type conversion warning
        scsi: core: run queue if SCSI device queue isn't ready and queue is idle
        scsi: scsi_devinfo: cleanly zero-pad devinfo strings
        scsi: scsi_devinfo: handle non-terminated strings
        scsi: bfa: fix access to bfad_im_port_s
        scsi: aacraid: address UBSAN warning regression
        scsi: libfc: fix ELS request handling
        scsi: lpfc: Use after free in lpfc_rq_buf_free()
      66dbbd72
    • L
      Merge tag 'mmc-v4.15-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 07a20ed1
      Linus Torvalds 提交于
      Pull MMC fixes from Ulf Hansson:
       "A couple of MMC fixes:
      
         - fix use of uninitialized drv_typ variable
      
         - apply NO_CMD23 quirk to some specific SD cards to make them work"
      
      * tag 'mmc-v4.15-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: core: apply NO_CMD23 quirk to some specific cards
        mmc: core: properly init drv_type
      07a20ed1
    • L
      Merge tag 'ceph-for-4.15-rc4' of git://github.com/ceph/ceph-client · dd3d66b8
      Linus Torvalds 提交于
      Pull ceph fix from Ilya Dryomov:
       "CephFS inode trimming fix from Zheng, marked for stable"
      
      * tag 'ceph-for-4.15-rc4' of git://github.com/ceph/ceph-client:
        ceph: drop negative child dentries before try pruning inode's alias
      dd3d66b8
    • L
      Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs · 227701e0
      Linus Torvalds 提交于
      Pull overlayfs fixes from Miklos Szeredi:
      
       - fix incomplete syncing of filesystem
      
       - fix regression in readdir on ovl over 9p
      
       - only follow redirects when needed
      
       - misc fixes and cleanups
      
      * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        ovl: fix overlay: warning prefix
        ovl: Use PTR_ERR_OR_ZERO()
        ovl: Sync upper dirty data when syncing overlayfs
        ovl: update ctx->pos on impure dir iteration
        ovl: Pass ovl_get_nlink() parameters in right order
        ovl: don't follow redirects if redirect_dir=off
      227701e0
    • H
      net: qcom/emac: Reduce timeout for mdio read/write · 043ee1de
      Hemanth Puranik 提交于
      Currently mdio read/write takes around ~115us as the timeout
      between status check is set to 100us.
      By reducing the timeout to 1us mdio read/write takes ~15us to
      complete. This improves the link up event response.
      Signed-off-by: NHemanth Puranik <hpuranik@codeaurora.org>
      Acked-by: NTimur Tabi <timur@codeaurora.org>
      Reviewed-by: NAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      043ee1de
    • L
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 06f976ec
      Linus Torvalds 提交于
      Pull arm64 fixes from Will Deacon:
       "There are some significant fixes in here for FP state corruption,
        hardware access/dirty PTE corruption and an erratum workaround for the
        Falkor CPU.
      
        I'm hoping that things finally settle down now, but never say never...
      
        Summary:
      
         - Fix FPSIMD context switch regression introduced in -rc2
      
         - Fix ABI break with SVE CPUID register reporting
      
         - Fix use of uninitialised variable
      
         - Fixes to hardware access/dirty management and sanity checking
      
         - CPU erratum workaround for Falkor CPUs
      
         - Fix reporting of writeable+executable mappings
      
         - Fix signal reporting for RAS errors"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: fpsimd: Fix copying of FP state from signal frame into task struct
        arm64/sve: Report SVE to userspace via CPUID only if supported
        arm64: fix CONFIG_DEBUG_WX address reporting
        arm64: fault: avoid send SIGBUS two times
        arm64: hw_breakpoint: Use linux/uaccess.h instead of asm/uaccess.h
        arm64: Add software workaround for Falkor erratum 1041
        arm64: Define cputype macros for Falkor CPU
        arm64: mm: Fix false positives in set_pte_at access/dirty race detection
        arm64: mm: Fix pte_mkclean, pte_mkdirty semantics
        arm64: Initialise high_memory global variable earlier
      06f976ec
    • J
      net: sched: fix static key imbalance in case of ingress/clsact_init error · b59e6979
      Jiri Pirko 提交于
      Move static key increments to the beginning of the init function
      so they pair 1:1 with decrements in ingress/clsact_destroy,
      which is called in case ingress/clsact_init fails.
      
      Fixes: 6529eaba ("net: sched: introduce tcf block infractructure")
      Signed-off-by: NJiri Pirko <jiri@mellanox.com>
      Acked-by: NCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b59e6979