1. 10 8月, 2017 3 次提交
    • P
      kvm: nVMX: Add support for fast unprotection of nested guest page tables · eebed243
      Paolo Bonzini 提交于
      This is the same as commit 14727754 ("kvm: svm: Add support for
      additional SVM NPF error codes", 2016-11-23), but for Intel processors.
      In this case, the exit qualification field's bit 8 says whether the
      EPT violation occurred while translating the guest's final physical
      address or rather while translating the guest page tables.
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      eebed243
    • B
      KVM: SVM: Limit PFERR_NESTED_GUEST_PAGE error_code check to L1 guest · 64531a3b
      Brijesh Singh 提交于
      Commit 14727754 ("kvm: svm: Add support for additional SVM NPF error
      codes", 2016-11-23) added a new error code to aid nested page fault
      handling.  The commit unprotects (kvm_mmu_unprotect_page) the page when
      we get a NPF due to guest page table walk where the page was marked RO.
      
      However, if an L0->L2 shadow nested page table can also be marked read-only
      when a page is read only in L1's nested page table.  If such a page
      is accessed by L2 while walking page tables it can cause a nested
      page fault (page table walks are write accesses).  However, after
      kvm_mmu_unprotect_page we may get another page fault, and again in an
      endless stream.
      
      To cover this use case, we qualify the new error_code check with
      vcpu->arch.mmu_direct_map so that the error_code check would run on L1
      guest, and not the L2 guest.  This avoids hitting the above scenario.
      
      Fixes: 14727754
      Cc: stable@vger.kernel.org
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Thomas Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      64531a3b
    • W
      KVM: X86: Fix residual mmio emulation request to userspace · bbeac283
      Wanpeng Li 提交于
      Reported by syzkaller:
      
      The kvm-intel.unrestricted_guest=0
      
         WARNING: CPU: 5 PID: 1014 at /home/kernel/data/kvm/arch/x86/kvm//x86.c:7227 kvm_arch_vcpu_ioctl_run+0x38b/0x1be0 [kvm]
         CPU: 5 PID: 1014 Comm: warn_test Tainted: G        W  OE   4.13.0-rc3+ #8
         RIP: 0010:kvm_arch_vcpu_ioctl_run+0x38b/0x1be0 [kvm]
         Call Trace:
          ? put_pid+0x3a/0x50
          ? rcu_read_lock_sched_held+0x79/0x80
          ? kmem_cache_free+0x2f2/0x350
          kvm_vcpu_ioctl+0x340/0x700 [kvm]
          ? kvm_vcpu_ioctl+0x340/0x700 [kvm]
          ? __fget+0xfc/0x210
          do_vfs_ioctl+0xa4/0x6a0
          ? __fget+0x11d/0x210
          SyS_ioctl+0x79/0x90
          entry_SYSCALL_64_fastpath+0x23/0xc2
          ? __this_cpu_preempt_check+0x13/0x20
      
      The syszkaller folks reported a residual mmio emulation request to userspace
      due to vm86 fails to emulate inject real mode interrupt(fails to read CS) and
      incurs a triple fault. The vCPU returns to userspace with vcpu->mmio_needed == true
      and KVM_EXIT_SHUTDOWN exit reason. However, the syszkaller testcase constructs
      several threads to launch the same vCPU, the thread which lauch this vCPU after
      the thread whichs get the vcpu->mmio_needed == true and KVM_EXIT_SHUTDOWN will
      trigger the warning.
      
         #define _GNU_SOURCE
         #include <pthread.h>
         #include <stdio.h>
         #include <stdlib.h>
         #include <string.h>
         #include <sys/wait.h>
         #include <sys/types.h>
         #include <sys/stat.h>
         #include <sys/mman.h>
         #include <fcntl.h>
         #include <unistd.h>
         #include <linux/kvm.h>
         #include <stdio.h>
      
         int kvmcpu;
         struct kvm_run *run;
      
         void* thr(void* arg)
         {
           int res;
           res = ioctl(kvmcpu, KVM_RUN, 0);
           printf("ret1=%d exit_reason=%d suberror=%d\n",
               res, run->exit_reason, run->internal.suberror);
           return 0;
         }
      
         void test()
         {
           int i, kvm, kvmvm;
           pthread_t th[4];
      
           kvm = open("/dev/kvm", O_RDWR);
           kvmvm = ioctl(kvm, KVM_CREATE_VM, 0);
           kvmcpu = ioctl(kvmvm, KVM_CREATE_VCPU, 0);
           run = (struct kvm_run*)mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, kvmcpu, 0);
           srand(getpid());
           for (i = 0; i < 4; i++) {
             pthread_create(&th[i], 0, thr, 0);
             usleep(rand() % 10000);
           }
           for (i = 0; i < 4; i++)
             pthread_join(th[i], 0);
         }
      
         int main()
         {
           for (;;) {
             int pid = fork();
             if (pid < 0)
               exit(1);
             if (pid == 0) {
               test();
               exit(0);
             }
             int status;
             while (waitpid(pid, &status, __WALL) != pid) {}
           }
           return 0;
         }
      
      This patch fixes it by resetting the vcpu->mmio_needed once we receive
      the triple fault to avoid the residue.
      Reported-by: NDmitry Vyukov <dvyukov@google.com>
      Tested-by: NDmitry Vyukov <dvyukov@google.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Signed-off-by: NWanpeng Li <wanpeng.li@hotmail.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      bbeac283
  2. 08 8月, 2017 4 次提交
  3. 07 8月, 2017 15 次提交
  4. 06 8月, 2017 16 次提交
    • M
      ext4: fix copy paste error in ext4_swap_extents() · 4e562013
      Maninder Singh 提交于
      This bug was found by a static code checker tool for copy paste
      problems.
      Signed-off-by: NManinder Singh <maninder1.s@samsung.com>
      Signed-off-by: NVaneet Narang <v.narang@samsung.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      4e562013
    • J
      ext4: fix overflow caused by missing cast in ext4_resize_fs() · aec51758
      Jerry Lee 提交于
      On a 32-bit platform, the value of n_blcoks_count may be wrong during
      the file system is resized to size larger than 2^32 blocks.  This may
      caused the superblock being corrupted with zero blocks count.
      
      Fixes: 1c6bd717Signed-off-by: NJerry Lee <jerrylee@qnap.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Cc: stable@vger.kernel.org # 3.7+
      aec51758
    • M
      ext4, project: expand inode extra size if possible · c03b45b8
      Miao Xie 提交于
      When upgrading from old format, try to set project id
      to old file first time, it will return EOVERFLOW, but if
      that file is dirtied(touch etc), changing project id will
      be allowed, this might be confusing for users, we could
      try to expand @i_extra_isize here too.
      Reported-by: NZhang Yi <yi.zhang@huawei.com>
      Signed-off-by: NMiao Xie <miaoxie@huawei.com>
      Signed-off-by: NWang Shilong <wshilong@ddn.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      c03b45b8
    • M
      ext4: cleanup ext4_expand_extra_isize_ea() · b640b2c5
      Miao Xie 提交于
      Clean up some goto statement, make ext4_expand_extra_isize_ea() clearer.
      Signed-off-by: NMiao Xie <miaoxie@huawei.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: NWang Shilong <wshilong@ddn.com>
      b640b2c5
    • M
      ext4: restructure ext4_expand_extra_isize · cf0a5e81
      Miao Xie 提交于
      Current ext4_expand_extra_isize just tries to expand extra isize, if
      someone is holding xattr lock or some check fails, it will give up.
      So rename its name to ext4_try_to_expand_extra_isize.
      
      Besides that, we clean up unnecessary check and move some relative checks
      into it.
      Signed-off-by: NMiao Xie <miaoxie@huawei.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: NWang Shilong <wshilong@ddn.com>
      cf0a5e81
    • M
      ext4: fix forgetten xattr lock protection in ext4_expand_extra_isize · 3b10fdc6
      Miao Xie 提交于
      We should avoid the contention between the i_extra_isize update and
      the inline data insertion, so move the xattr trylock in front of
      i_extra_isize update.
      Signed-off-by: NMiao Xie <miaoxie@huawei.com>
      Reviewed-by: NWang Shilong <wshilong@ddn.com>
      3b10fdc6
    • T
      ext4: make xattr inode reads faster · 9699d4f9
      Tahsin Erdogan 提交于
      ext4_xattr_inode_read() currently reads each block sequentially while
      waiting for io operation to complete before moving on to the next
      block. This prevents request merging in block layer.
      
      Add a ext4_bread_batch() function that starts reads for all blocks
      then optionally waits for them to complete. A similar logic is used
      in ext4_find_entry(), so update that code to use the new function.
      Signed-off-by: NTahsin Erdogan <tahsin@google.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      9699d4f9
    • T
      ext4: inplace xattr block update fails to deduplicate blocks · ec000220
      Tahsin Erdogan 提交于
      When an xattr block has a single reference, block is updated inplace
      and it is reinserted to the cache. Later, a cache lookup is performed
      to see whether an existing block has the same contents. This cache
      lookup will most of the time return the just inserted entry so
      deduplication is not achieved.
      
      Running the following test script will produce two xattr blocks which
      can be observed in "File ACL: " line of debugfs output:
      
        mke2fs -b 1024 -I 128 -F -O extent /dev/sdb 1G
        mount /dev/sdb /mnt/sdb
      
        touch /mnt/sdb/{x,y}
      
        setfattr -n user.1 -v aaa /mnt/sdb/x
        setfattr -n user.2 -v bbb /mnt/sdb/x
      
        setfattr -n user.1 -v aaa /mnt/sdb/y
        setfattr -n user.2 -v bbb /mnt/sdb/y
      
        debugfs -R 'stat x' /dev/sdb | cat
        debugfs -R 'stat y' /dev/sdb | cat
      
      This patch defers the reinsertion to the cache so that we can locate
      other blocks with the same contents.
      Signed-off-by: NTahsin Erdogan <tahsin@google.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: NAndreas Dilger <adilger@dilger.ca>
      ec000220
    • T
      ext4: remove unused mode parameter · 77a2e84d
      Tahsin Erdogan 提交于
      ext4_alloc_file_blocks() does not use its mode parameter. Remove it.
      Signed-off-by: NTahsin Erdogan <tahsin@google.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      77a2e84d
    • A
      ext4: fix warning about stack corruption · 2df2c340
      Arnd Bergmann 提交于
      After commit 62d1034f53e3 ("fortify: use WARN instead of BUG for now"),
      we get a warning about possible stack overflow from a memcpy that
      was not strictly bounded to the size of the local variable:
      
          inlined from 'ext4_mb_seq_groups_show' at fs/ext4/mballoc.c:2322:2:
      include/linux/string.h:309:9: error: '__builtin_memcpy': writing between 161 and 1116 bytes into a region of size 160 overflows the destination [-Werror=stringop-overflow=]
      
      We actually had a bug here that would have been found by the warning,
      but it was already fixed last year in commit 30a9d7af ("ext4: fix
      stack memory corruption with 64k block size").
      
      This replaces the fixed-length structure on the stack with a variable-length
      structure, using the correct upper bound that tells the compiler that
      everything is really fine here. I also change the loop count to check
      for the same upper bound for consistency, but the existing code is
      already correct here.
      
      Note that while clang won't allow certain kinds of variable-length arrays
      in structures, this particular instance is fine, as the array is at the
      end of the structure, and the size is strictly bounded.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      2df2c340
    • A
      ext4: fix dir_nlink behaviour · c7414892
      Andreas Dilger 提交于
      The dir_nlink feature has been enabled by default for new ext4
      filesystems since e2fsprogs-1.41 in 2008, and was automatically
      enabled by the kernel for older ext4 filesystems since the
      dir_nlink feature was added with ext4 in kernel 2.6.28+ when
      the subdirectory count exceeded EXT4_LINK_MAX-1.
      
      Automatically adding the file system features such as dir_nlink is
      generally frowned upon, since it could cause the file system to not be
      mountable on older kernel, thus preventing the administrator from
      rolling back to an older kernel if necessary.
      
      In this case, the administrator might also want to disable the feature
      because glibc's fts_read() function does not correctly optimize
      directory traversal for directories that use st_nlinks field of 1 to
      indicate that the number of links in the directory are not tracked by
      the file system, and could fail to traverse the full directory
      hierarchy.  Fortunately, in the past ten years very few users have
      complained about incomplete file system traversal by glibc's
      fts_read().
      
      This commit also changes ext4_inc_count() to allow i_nlinks to reach
      the full EXT4_LINK_MAX links on the parent directory (including "."
      and "..") before changing i_links_count to be 1.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=196405Signed-off-by: NAndreas Dilger <adilger@dilger.ca>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      c7414892
    • D
      ext4: silence array overflow warning · 381cebfe
      Dan Carpenter 提交于
      I get a static checker warning:
      
          fs/ext4/ext4.h:3091 ext4_set_de_type()
          error: buffer overflow 'ext4_type_by_mode' 15 <= 15
      
      It seems unlikely that we would hit this read overflow in real life, but
      it's also simple enough to make the array 16 bytes instead of 15.
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      381cebfe
    • J
      ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize · fcf5ea10
      Jan Kara 提交于
      ext4_find_unwritten_pgoff() does not properly handle a situation when
      starting index is in the middle of a page and blocksize < pagesize. The
      following command shows the bug on filesystem with 1k blocksize:
      
        xfs_io -f -c "falloc 0 4k" \
                  -c "pwrite 1k 1k" \
                  -c "pwrite 3k 1k" \
                  -c "seek -a -r 0" foo
      
      In this example, neither lseek(fd, 1024, SEEK_HOLE) nor lseek(fd, 2048,
      SEEK_DATA) will return the correct result.
      
      Fix the problem by neglecting buffers in a page before starting offset.
      Reported-by: NAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NJan Kara <jack@suse.cz>
      CC: stable@vger.kernel.org # 3.8+
      fcf5ea10
    • M
      platform/x86: intel-vbtn: match power button on press rather than release · 946da699
      Mario Limonciello 提交于
      This fixes a problem where the system gets stuck in a loop
      unable to wakeup via power button in s2idle.
      
      The problem happens because:
       - press power button:
         - system emits 0xc0 (power press), event ignored
         - system emits 0xc1 (power release), event processed,
           emited as KEY_POWER
         - set wakeup_mode to true
         - system goes to s2idle
       - press power button
         - system emits 0xc0 (power press), wakeup_mode is true,
           system wakes
         - system emits 0xc1 (power release), event processed,
           emited as KEY_POWER
         - system goes to s2idle again
      
      To avoid this situation, process the presses (which matches what
      intel-hid does too).
      
      Verified on an Dell XPS 9365
      Signed-off-by: NMario Limonciello <mario.limonciello@dell.com>
      Acked-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org>
      946da699
    • L
      Merge tag 'media/v4.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media · 0fdd951c
      Linus Torvalds 提交于
      Pull media fixes from Mauro Carvalho Chehab:
       "This series is larger than I would like to submit for -rc4. My
        original intent were to sent it to either -rc2 or -rc3. Unfortunately,
        due to my vacations, I got a lot of pending stuff after my return, and
        had to do some biz trips, with prevented me to send this earlier.
      
        Several fixes:
      
         - some fixes at atomisp staging driver
      
         - several gcc 7 warning fixes
      
         - cleanup media SVG files, in order to fix PDF build on some distros
      
         - fix random Kconfig build of venus driver
      
         - some fixes for the venus driver
      
         - some changes from semaphone to mutex in ngene's driver
      
         - some locking fixes at dib0700 driver
      
         - several fixes on ngene's driver and frontends to make it properly
           support some new boards added on Kernel 4.13
      
         - some fixes to CEC drivers
      
         - omap_vout: vrfb: convert to dmaengine
      
         - docs-rst: document EBUSY for VIDIOC_S_FMT
      
        Please notice that the big diffstat changes here are at the SVG files.
      
        Visually, the images look the same, but the file size is now a lot
        smaller than before, and they don't use some XML tags that would cause
        them to be badly parsed by some ImageMagick versions, or to require a
        lot of memory by TeTex, with would break PDF output on some
        distributions"
      
      * tag 'media/v4.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (68 commits)
        media: atomisp2: array underflow in imx_enum_frame_size()
        media: atomisp2: array underflow in ap1302_enum_frame_size()
        media: atomisp2: Array underflow in atomisp_enum_input()
        media: platform: davinci: drop VPFE_CMD_S_CCDC_RAW_PARAMS
        media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl
        media: venus: don't abuse dma_alloc for non-DMA allocations
        media: venus: hfi: fix error handling in hfi_sys_init_done()
        media: venus: fix compile-test build on non-qcom ARM platform
        media: venus: mark PM functions as __maybe_unused
        media: cec-notifier: small improvements
        media: pulse8-cec: persistent_config should be off by default
        media: cec: cec_transmit_attempt_done: ignore CEC_TX_STATUS_MAX_RETRIES
        media: staging: atomisp: array underflow in ioctl
        media: lirc: LIRC_GET_REC_RESOLUTION should return microseconds
        media: svg: avoid too long lines
        media: svg files: simplify files
        media: selection.svg: simplify the SVG file
        media: vimc: set id_table for platform drivers
        media: staging: atomisp: disable warnings with cc-disable-warning
        media: davinci: variable 'common' set but not used
        ...
      0fdd951c
    • D
      ext4: release discard bio after sending discard commands · e4510577
      Daeho Jeong 提交于
      We've changed the discard command handling into parallel manner.
      But, in this change, I forgot decreasing the usage count of the bio
      which was used to send discard request. I'm sorry about that.
      
      Fixes: a0154344 ("ext4: send parallel discards on commit completions")
      Signed-off-by: NDaeho Jeong <daeho.jeong@samsung.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: NJan Kara <jack@suse.cz>
      e4510577
  5. 05 8月, 2017 2 次提交
    • L
      Merge tag 'gpio-v4.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · aab7761c
      Linus Torvalds 提交于
      Pull GPIO fixes from Linus Walleij:
      
       - LP87565: set the proper output level for direction_output.
      
       - stm32: fix the kernel build by selecting the hierarchical irqdomain
         symbol properly - this happens to be done in the pin control
         framework but whatever, it had dependencies to GPIO so we need to
         apply it here.
      
       - Select the hierarchical IRQ domain also for Xgene.
      
       - Fix wakeups to work on MXC.
      
       - Fix up the device tree binding on Exar that went astray, also add the
         right bindings.
      
       - Fix the unwanted events for edges from the library.
      
       - Fix the unbalanced chanined IRQ on the Tegra.
      
      * tag 'gpio-v4.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio: tegra: fix unbalanced chained_irq_enter/exit
        gpiolib: skip unwanted events, don't convert them to opposite edge
        gpio: exar: Use correct property prefix and document bindings
        gpio: gpio-mxc: Fix: higher 16 GPIOs usable as wake source
        gpio: xgene-sb: select IRQ_DOMAIN_HIERARCHY
        pinctrl: stm32: select IRQ_DOMAIN_HIERARCHY instead of depends on
        gpio: lp87565: Set proper output level and direction for direction_output
        MAINTAINERS: Add entry for Whiskey Cove PMIC GPIO driver
      aab7761c
    • L
      Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · ef9ca02b
      Linus Torvalds 提交于
      Pull clk fixes from Stephen Boyd:
       "A handful of critical fixes for changes introduce this merge window.
      
         - The TI sci_clk_get() API was pretty broken and nobody noticed.
      
         - There were some CPUfreq crashes on C.H.I.P devices because we
           failed to propagate rates up the clk tree.
      
         - Also, the Intel Atom PMC clk driver needs to mark a clk critical if
           the firmware has it enabled already so that audio doesn't get
           killed on Baytrail.
      
         - Gemini devices have a dead serial console because the reset control
           usage in the serial driver assume one method of reset that gemini
           doesn't support (this will be fixed in the next version in the
           reset framework so this is the small fix for -rc series).
      
         - Finally we have two rate calculation fixes, one for Exynos and one
           for Meson SoCs, that fix rate inconsistencies"
      
      * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        clk: keystone: sci-clk: Fix sci_clk_get
        clk: meson: mpll: fix mpll0 fractional part ignored
        clk: samsung: exynos5420: The EPLL rate table corrections
        clk: sunxi-ng: sun5i: Add clk_set_rate_parent to the CPU clock
        clk: x86: Do not gate clocks enabled by the firmware
        clk: gemini: Fix reset regression
      ef9ca02b