1. 17 3月, 2017 15 次提交
    • D
      afs: Fix AFS read bug · 29f06985
      David Howells 提交于
      Fix a bug in AFS read whereby the request page afs_read::index isn't
      incremented after calling ->page_done() if ->remain reaches 0, indicating
      that the data read is complete.
      
      Without this a NULL pointer exception happens when ->page_done() is called
      twice for the last page because the page clearing loop will call it also
      and afs_readpages_page_done() clears the current entry in the page list.
      
      BUG: unable to handle kernel NULL pointer dereference at           (null)
      IP: afs_readpages_page_done+0x21/0xa4 [kafs]
      PGD 0
      Oops: 0002 [#1] SMP
      Modules linked in: kafs(E)
      CPU: 2 PID: 3002 Comm: md5sum Tainted: G            E   4.10.0-fscache #485
      Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
      task: ffff8804017d86c0 task.stack: ffff8803fc1d8000
      RIP: 0010:afs_readpages_page_done+0x21/0xa4 [kafs]
      RSP: 0018:ffff8803fc1db978 EFLAGS: 00010282
      RAX: ffff880405d39af8 RBX: 0000000000000000 RCX: ffff880407d83ed4
      RDX: 0000000000000000 RSI: ffff880405d39a00 RDI: ffff880405c6f400
      RBP: ffff8803fc1db988 R08: 0000000000000000 R09: 0000000000000001
      R10: ffff8803fc1db820 R11: ffff88040cf56000 R12: ffff8804088f1780
      R13: ffff8804017d86c0 R14: ffff8804088f1780 R15: 0000000000003840
      FS:  00007f8154469700(0000) GS:ffff88041fb00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000000 CR3: 00000004016ec000 CR4: 00000000001406e0
      Call Trace:
       afs_deliver_fs_fetch_data+0x5b9/0x60e [kafs]
       ? afs_make_call+0x316/0x4e8 [kafs]
       ? afs_make_call+0x359/0x4e8 [kafs]
       afs_deliver_to_call+0x173/0x2e8 [kafs]
       ? afs_make_call+0x316/0x4e8 [kafs]
       afs_make_call+0x37a/0x4e8 [kafs]
       ? wake_up_q+0x4f/0x4f
       ? __init_waitqueue_head+0x36/0x49
       afs_fs_fetch_data+0x21c/0x227 [kafs]
       ? afs_fs_fetch_data+0x21c/0x227 [kafs]
       afs_vnode_fetch_data+0xf3/0x1d2 [kafs]
       afs_readpages+0x314/0x3fd [kafs]
       __do_page_cache_readahead+0x208/0x2c5
       ondemand_readahead+0x3a2/0x3b7
       ? ondemand_readahead+0x3a2/0x3b7
       page_cache_async_readahead+0x5e/0x67
       generic_file_read_iter+0x23b/0x70c
       ? __inode_security_revalidate+0x2f/0x62
       __vfs_read+0xc4/0xe8
       vfs_read+0xd1/0x15a
       SyS_read+0x4c/0x89
       do_syscall_64+0x80/0x191
       entry_SYSCALL64_slow_path+0x25/0x25
      Reported-by: NMarc Dionne <marc.dionne@auristor.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Tested-by: NMarc Dionne <marc.dionne@auristor.com>
      29f06985
    • T
      afs: Prevent callback expiry timer overflow · 56e71431
      Tina Ruchandani 提交于
      get_seconds() returns real wall-clock seconds. On 32-bit systems
      this value will overflow in year 2038 and beyond. This patch changes
      afs_vnode record to use ktime_get_real_seconds() instead, for the
      fields cb_expires and cb_expires_at.
      Signed-off-by: NTina Ruchandani <ruchandani.tina@gmail.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      56e71431
    • T
      afs: Migrate vlocation fields to 64-bit · 8a79790b
      Tina Ruchandani 提交于
      get_seconds() returns real wall-clock seconds. On 32-bit systems
      this value will overflow in year 2038 and beyond. This patch changes
      afs's vlocation record to use ktime_get_real_seconds() instead, for the
      fields time_of_death and update_at.
      Signed-off-by: NTina Ruchandani <ruchandani.tina@gmail.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      8a79790b
    • A
      afs: security: Replace rcu_assign_pointer() with RCU_INIT_POINTER() · df8a09d1
      Andreea-Cristina Bernat 提交于
      The use of "rcu_assign_pointer()" is NULLing out the pointer.
      According to RCU_INIT_POINTER()'s block comment:
      "1.   This use of RCU_INIT_POINTER() is NULLing out the pointer"
      it is better to use it instead of rcu_assign_pointer() because it has a
      smaller overhead.
      
      The following Coccinelle semantic patch was used:
      @@
      @@
      
      - rcu_assign_pointer
      + RCU_INIT_POINTER
        (..., NULL)
      Signed-off-by: NAndreea-Cristina Bernat <bernat.ada@gmail.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      df8a09d1
    • A
      afs: inode: Replace rcu_assign_pointer() with RCU_INIT_POINTER() · 1d7e4ebf
      Andreea-Cristina Bernat 提交于
      The use of "rcu_assign_pointer()" is NULLing out the pointer.
      According to RCU_INIT_POINTER()'s block comment:
      "1.   This use of RCU_INIT_POINTER() is NULLing out the pointer"
      it is better to use it instead of rcu_assign_pointer() because it has a
      smaller overhead.
      
      The following Coccinelle semantic patch was used:
      @@
      @@
      
      - rcu_assign_pointer
      + RCU_INIT_POINTER
        (..., NULL)
      Signed-off-by: NAndreea-Cristina Bernat <bernat.ada@gmail.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      1d7e4ebf
    • D
      afs: Distinguish mountpoints from symlinks by file mode alone · 944c74f4
      David Howells 提交于
      In AFS, mountpoints appear as symlinks with mode 0644 and normal symlinks
      have mode 0777, so use this to distinguish them rather than reading the
      content and parsing it.  In the case of a mountpoint, the symlink body is a
      formatted string indicating the location of the target volume.
      
      Note that with this, kAFS no longer 'pre-fetches' the contents of symlinks,
      so afs_readpage() may fail with an access-denial because when the VFS calls
      d_automount(), it wraps the call in an credentials override that sets the
      initial creds - thereby preventing access to the caller's keyrings and the
      authentication keys held therein.
      
      To this end, a patch reverting that change to the VFS is required also.
      Reported-by: NJeffrey Altman <jaltman@auristor.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      944c74f4
    • D
      afs: Flush outstanding writes when an fd is closed · 58fed94d
      David Howells 提交于
      Flush outstanding writes in afs when an fd is closed.  This is what NFS and
      CIFS do.
      Reported-by: NMarc Dionne <marc.c.dionne@gmail.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      58fed94d
    • D
      afs: Handle a short write to an AFS page · e8e581a8
      David Howells 提交于
      Handle the situation where afs_write_begin() is told to expect that a
      full-page write will be made, but this doesn't happen (EFAULT, CTRL-C,
      etc.), and so afs_write_end() sees a partial write took place.  Currently,
      no attempt is to deal with the discrepency.
      
      Fix this by loading the gap from the server.
      Reported-by: NAl Viro <viro@ZenIV.linux.org.uk>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      e8e581a8
    • D
      afs: Kill struct afs_read::pg_offset · 3448e652
      David Howells 提交于
      Kill struct afs_read::pg_offset as nothing uses it.  It's unnecessary as pos
      can be masked off.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      3448e652
    • D
      afs: Handle better the server returning excess or short data · 6db3ac3c
      David Howells 提交于
      When an AFS server is given an FS.FetchData{,64} request to read data from
      a file, it is permitted by the protocol to return more or less than was
      requested.  kafs currently relies on the latter behaviour in readpage{,s}
      to handle a partial page at the end of the file (we just ask for a whole
      page and clear space beyond the short read).
      
      However, we don't handle all cases.  Add:
      
       (1) Handle excess data by discarding it rather than aborting.  Note that
           we use a common static buffer to discard into so that the decryption
           algorithm advances the PCBC state.
      
       (2) Handle a short read that affects more than just the last page.
      
      Note that if a read comes up unexpectedly short of long, it's possible that
      the server's copy of the file changed - in which case the data version
      number will have been incremented and the callback will have been broken -
      in which case all the pages currently attached to the inode will be zapped
      anyway at some point.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      6db3ac3c
    • M
      afs: Deal with an empty callback array · bcd89270
      Marc Dionne 提交于
      Servers may send a callback array that is the same size as
      the FID array, or an empty array.  If the callback count is
      0, the code would attempt to read (fid_count * 12) bytes of
      data, which would fail and result in an unmarshalling error.
      This would lead to stale data for remotely modified files
      or directories.
      
      Store the callback array size in the internal afs_call
      structure and use that to determine the amount of data to
      read.
      Signed-off-by: NMarc Dionne <marc.dionne@auristor.com>
      bcd89270
    • M
      afs: Adjust mode bits processing · 627f4694
      Marc Dionne 提交于
      Mode bits for an afs file should not be enforced in the usual
      way.
      
      For files, the absence of user bits can restrict file access
      with respect to what is granted by the server.
      
      These bits apply regardless of the owner or the current uid; the
      rest of the mode bits (group, other) are ignored.
      Signed-off-by: NMarc Dionne <marc.dionne@auristor.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      627f4694
    • M
      afs: Populate group ID from vnode status · 6186f078
      Marc Dionne 提交于
      The group was hard coded to GLOBAL_ROOT_GID; use the group
      ID that was received from the server.
      Signed-off-by: NMarc Dionne <marc.dionne@auristor.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      6186f078
    • D
      afs: Fix page overput in afs_fill_page() · 5611ef28
      David Howells 提交于
      afs_fill_page() loads the page it wants to fill into the afs_read request
      without incrementing its refcount - but then calls afs_put_read() to clean
      up afterwards, which then releases a ref on the page.
      
      Fix this by getting a ref on the page before calling
      afs_vnode_fetch_data().
      
      This causes sync after a write to hang in afs_writepages_region() because
      find_get_pages_tag() gets confused and doesn't return.
      
      Fixes: 196ee9cd ("afs: Make afs_fs_fetch_data() take a list of pages")
      Reported-by: NMarc Dionne <marc.dionne@auristor.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Tested-by: NMarc Dionne <marc.dionne@auristor.com>
      5611ef28
    • D
      afs: Fix missing put_page() · 29c8bbbd
      David Howells 提交于
      In afs_writepages_region(), inside the loop where we find dirty pages to
      deal with, one of the if-statements is missing a put_page().
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      29c8bbbd
  2. 16 3月, 2017 4 次提交
    • L
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 69eea5a4
      Linus Torvalds 提交于
      Pull block fixes from Jens Axboe:
       "Four small fixes for this cycle:
      
         - followup fix from Neil for a fix that went in before -rc2, ensuring
           that we always see the full per-task bio_list.
      
         - fix for blk-mq-sched from me that ensures that we retain similar
           direct-to-issue behavior on running the queue.
      
         - fix from Sagi fixing a potential NULL pointer dereference in blk-mq
           on spurious CPU unplug.
      
         - a memory leak fix in writeback from Tahsin, fixing a case where
           device removal of a mounted device can leak a struct
           wb_writeback_work"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        blk-mq-sched: don't run the queue async from blk_mq_try_issue_directly()
        writeback: fix memory leak in wb_queue_work()
        blk-mq: Fix tagset reinit in the presence of cpu hot-unplug
        blk: Ensure users for current->bio_list can see the full list.
      69eea5a4
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 95422dec
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "This is a rather large set of fixes. The bulk are for lpfc correcting
        a lot of issues in the new NVME driver code which just went in in the
        merge window.
      
        The others are:
      
         - fix a hang in the vmware paravirt driver caused by incorrect
           handling of the new MSI vector allocation
      
         - long standing bug in storvsc, which recent block changes turned
           from being a harmless annoyance into a hang
      
         - yet more fallout (in mpt3sas) from the changes to device blocking
      
        The remainder are small fixes and updates"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (34 commits)
        scsi: lpfc: Add shutdown method for kexec
        scsi: storvsc: Workaround for virtual DVD SCSI version
        scsi: lpfc: revise version number to 11.2.0.10
        scsi: lpfc: code cleanups in NVME initiator discovery
        scsi: lpfc: code cleanups in NVME initiator base
        scsi: lpfc: correct rdp diag portnames
        scsi: lpfc: remove dead sli3 nvme code
        scsi: lpfc: correct double print
        scsi: lpfc: Rename LPFC_MAX_EQ_DELAY to LPFC_MAX_EQ_DELAY_EQID_CNT
        scsi: lpfc: Rework lpfc Kconfig for NVME options
        scsi: lpfc: add transport eh_timed_out reference
        scsi: lpfc: Fix eh_deadline setting for sli3 adapters.
        scsi: lpfc: add NVME exchange aborts
        scsi: lpfc: Fix nvme allocation bug on failed nvme_fc_register_localport
        scsi: lpfc: Fix IO submission if WQ is full
        scsi: lpfc: Fix NVME CMD IU byte swapped word 1 problem
        scsi: lpfc: Fix RCTL value on NVME LS request and response
        scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters
        scsi: lpfc: fix missing spin_unlock on sql_list_lock
        scsi: lpfc: don't dereference dma_buf->iocbq before null check
        ...
      95422dec
    • L
      Merge tag 'gfs2-4.11-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 · aabcf5fc
      Linus Torvalds 提交于
      Pull gfs2 fix from Bob Peterson:
       "This is an emergency patch for 4.11-rc3
      
        The GFS2 developers uncovered a really nasty problem that can lead to
        random corruption and kernel panic, much like the last one. Andreas
        Gruenbacher wrote a simple one-line patch to fix the problem."
      
      * tag 'gfs2-4.11-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
        gfs2: Avoid alignment hole in struct lm_lockname
      aabcf5fc
    • L
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · defc7d75
      Linus Torvalds 提交于
      Pull crypto fixes from Herbert Xu:
      
       - self-test failure of crc32c on powerpc
      
       - regressions of ecb(aes) when used with xts/lrw in s5p-sss
      
       - a number of bugs in the omap RNG driver
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: s5p-sss - Fix spinlock recursion on LRW(AES)
        hwrng: omap - Do not access INTMASK_REG on EIP76
        hwrng: omap - use devm_clk_get() instead of of_clk_get()
        hwrng: omap - write registers after enabling the clock
        crypto: s5p-sss - Fix completing crypto request in IRQ handler
        crypto: powerpc - Fix initialisation of crc32c context
      defc7d75
  3. 15 3月, 2017 19 次提交
  4. 14 3月, 2017 2 次提交