1. 27 1月, 2020 2 次提交
  2. 24 1月, 2020 2 次提交
  3. 21 1月, 2020 1 次提交
  4. 17 1月, 2020 7 次提交
    • D
      xfs: check log iovec size to make sure it's plausibly a buffer log format · 8a6453a8
      Darrick J. Wong 提交于
      When log recovery is processing buffer log items, we should check that
      the incoming iovec actually describes a region of memory large enough to
      contain the log format and the dirty map.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      8a6453a8
    • D
      xfs: make struct xfs_buf_log_format have a consistent size · b7df5e92
      Darrick J. Wong 提交于
      Increase XFS_BLF_DATAMAP_SIZE by 1 to fill in the implied padding at the
      end of struct xfs_buf_log_format.  This makes the size consistent so
      that we can check it in xfs_ondisk.h, and will be needed once we start
      logging attribute values.
      
      On amd64 we get the following pahole:
      
      struct xfs_buf_log_format {
              short unsigned int         blf_type;       /*     0     2 */
              short unsigned int         blf_size;       /*     2     2 */
              short unsigned int         blf_flags;      /*     4     2 */
              short unsigned int         blf_len;        /*     6     2 */
              long long int              blf_blkno;      /*     8     8 */
              unsigned int               blf_map_size;   /*    16     4 */
              unsigned int               blf_data_map[16]; /*    20    64 */
              /* --- cacheline 1 boundary (64 bytes) was 20 bytes ago --- */
      
              /* size: 88, cachelines: 2, members: 7 */
              /* padding: 4 */
              /* last cacheline: 24 bytes */
      };
      
      But on i386 we get the following:
      
      struct xfs_buf_log_format {
              short unsigned int         blf_type;       /*     0     2 */
              short unsigned int         blf_size;       /*     2     2 */
              short unsigned int         blf_flags;      /*     4     2 */
              short unsigned int         blf_len;        /*     6     2 */
              long long int              blf_blkno;      /*     8     8 */
              unsigned int               blf_map_size;   /*    16     4 */
              unsigned int               blf_data_map[16]; /*    20    64 */
              /* --- cacheline 1 boundary (64 bytes) was 20 bytes ago --- */
      
              /* size: 84, cachelines: 2, members: 7 */
              /* last cacheline: 20 bytes */
      };
      
      Notice how the amd64 compiler inserts 4 bytes of padding to the end of
      the structure to ensure 8-byte alignment.  Prior to "xfs: fix memory
      corruption during remote attr value buffer invalidation" we would try to
      write to blf_data_map[17], which is harmless on amd64 but really bad on
      i386.
      
      This shouldn't cause any changes in the ondisk logging formats because
      the log code writes out the log vectors with the appropriate size for
      the log item's map_size, and log recovery treats the data_map array as a
      VLA.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      b7df5e92
    • D
      xfs: complain if anyone tries to create a too-large buffer log item · c3d5f0c2
      Darrick J. Wong 提交于
      Complain if someone calls xfs_buf_item_init on a buffer that is larger
      than the dirty bitmap can handle, or tries to log a region that's past
      the end of the dirty bitmap.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      c3d5f0c2
    • D
      xfs: clean up xfs_buf_item_get_format return value · c64dd49b
      Darrick J. Wong 提交于
      The only thing that can cause a nonzero return from
      xfs_buf_item_get_format is if the kmem_alloc fails, which it can't.
      Get rid of all the unnecessary error handling.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      c64dd49b
    • D
      xfs: streamline xfs_attr3_leaf_inactive · 0bb9d159
      Darrick J. Wong 提交于
      Now that we know we don't have to take a transaction to stale the incore
      buffers for a remote value, get rid of the unnecessary memory allocation
      in the leaf walker and call the rmt_stale function directly.  Flatten
      the loop while we're at it.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      0bb9d159
    • D
      xfs: fix memory corruption during remote attr value buffer invalidation · e8db2aaf
      Darrick J. Wong 提交于
      While running generic/103, I observed what looks like memory corruption
      and (with slub debugging turned on) a slub redzone warning on i386 when
      inactivating an inode with a 64k remote attr value.
      
      On a v5 filesystem, maximally sized remote attr values require one block
      more than 64k worth of space to hold both the remote attribute value
      header (64 bytes).  On a 4k block filesystem this results in a 68k
      buffer; on a 64k block filesystem, this would be a 128k buffer.  Note
      that even though we'll never use more than 65,600 bytes of this buffer,
      XFS_MAX_BLOCKSIZE is 64k.
      
      This is a problem because the definition of struct xfs_buf_log_format
      allows for XFS_MAX_BLOCKSIZE worth of dirty bitmap (64k).  On i386 when we
      invalidate a remote attribute, xfs_trans_binval zeroes all 68k worth of
      the dirty map, writing right off the end of the log item and corrupting
      memory.  We've gotten away with this on x86_64 for years because the
      compiler inserts a u32 padding on the end of struct xfs_buf_log_format.
      
      Fortunately for us, remote attribute values are written to disk with
      xfs_bwrite(), which is to say that they are not logged.  Fix the problem
      by removing all places where we could end up creating a buffer log item
      for a remote attribute value and leave a note explaining why.  Next,
      replace the open-coded buffer invalidation with a call to the helper we
      created in the previous patch that does better checking for bad metadata
      before marking the buffer stale.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      e8db2aaf
    • D
      xfs: refactor remote attr value buffer invalidation · 8edbb26b
      Darrick J. Wong 提交于
      Hoist the code that invalidates remote extended attribute value buffers
      into a separate helper function.  This prepares us for a memory
      corruption fix in the next patch.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      8edbb26b
  5. 16 1月, 2020 2 次提交
  6. 15 1月, 2020 3 次提交
    • D
      xfs: fix s_maxbytes computation on 32-bit kernels · 932befe3
      Darrick J. Wong 提交于
      I observed a hang in generic/308 while running fstests on a i686 kernel.
      The hang occurred when trying to purge the pagecache on a large sparse
      file that had a page created past MAX_LFS_FILESIZE, which caused an
      integer overflow in the pagecache xarray and resulted in an infinite
      loop.
      
      I then noticed that Linus changed the definition of MAX_LFS_FILESIZE in
      commit 0cc3b0ec ("Clarify (and fix) MAX_LFS_FILESIZE macros") so
      that it is now one page short of the maximum page index on 32-bit
      kernels.  Because the XFS function to compute max offset open-codes the
      2005-era MAX_LFS_FILESIZE computation and neither the vfs nor mm perform
      any sanity checking of s_maxbytes, the code in generic/308 can create a
      page above the pagecache's limit and kaboom.
      
      Fix all this by setting s_maxbytes to MAX_LFS_FILESIZE directly and
      aborting the mount with a warning if our assumptions ever break.  I have
      no answer for why this seems to have been broken for years and nobody
      noticed.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      932befe3
    • D
      xfs: truncate should remove all blocks, not just to the end of the page cache · 4bbb04ab
      Darrick J. Wong 提交于
      xfs_itruncate_extents_flags() is supposed to unmap every block in a file
      from EOF onwards.  Oddly, it uses s_maxbytes as the upper limit to the
      bunmapi range, even though s_maxbytes reflects the highest offset the
      pagecache can support, not the highest offset that XFS supports.
      
      The result of this confusion is that if you create a 20T file on a
      64-bit machine, mount the filesystem on a 32-bit machine, and remove the
      file, we leak everything above 16T.  Fix this by capping the bunmapi
      request at the maximum possible block offset, not s_maxbytes.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      4bbb04ab
    • D
      xfs: introduce XFS_MAX_FILEOFF · a5084865
      Darrick J. Wong 提交于
      Introduce a new #define for the maximum supported file block offset.
      We'll use this in the next patch to make it more obvious that we're
      doing some operation for all possible inode fork mappings after a given
      offset.  We can't use ULLONG_MAX here because bunmapi uses that to
      detect when it's done.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      a5084865
  7. 10 1月, 2020 6 次提交
  8. 08 1月, 2020 1 次提交
  9. 07 1月, 2020 2 次提交
  10. 30 12月, 2019 4 次提交
  11. 29 12月, 2019 1 次提交
  12. 28 12月, 2019 9 次提交
    • O
      riscv: export flush_icache_all to modules · 1833e327
      Olof Johansson 提交于
      This is needed by LKDTM (crash dump test module), it calls
      flush_icache_range(), which on RISC-V turns into flush_icache_all(). On
      other architectures, the actual implementation is exported, so follow
      that precedence and export it here too.
      
      Fixes build of CONFIG_LKDTM that fails with:
      ERROR: "flush_icache_all" [drivers/misc/lkdtm/lkdtm.ko] undefined!
      Signed-off-by: NOlof Johansson <olof@lixom.net>
      Signed-off-by: NPaul Walmsley <paul.walmsley@sifive.com>
      1833e327
    • D
      riscv: reject invalid syscalls below -1 · 556f47ac
      David Abdurachmanov 提交于
      Running "stress-ng --enosys 4 -t 20 -v" showed a large number of kernel oops
      with "Unable to handle kernel paging request at virtual address" message. This
      happens when enosys stressor starts testing random non-valid syscalls.
      
      I forgot to redirect any syscall below -1 to sys_ni_syscall.
      
      With the patch kernel oops messages are gone while running stress-ng enosys
      stressor.
      Signed-off-by: NDavid Abdurachmanov <david.abdurachmanov@sifive.com>
      Fixes: 5340627e ("riscv: add support for SECCOMP and SECCOMP_FILTER")
      Signed-off-by: NPaul Walmsley <paul.walmsley@sifive.com>
      556f47ac
    • L
      riscv: fix compile failure with EXPORT_SYMBOL() & !MMU · 4d47ce15
      Luc Van Oostenryck 提交于
      When support for !MMU was added, the declaration of
      __asm_copy_to_user() & __asm_copy_from_user() were #ifdefed
      out hence their EXPORT_SYMBOL() give an error message like:
        .../riscv_ksyms.c:13:15: error: '__asm_copy_to_user' undeclared here
        .../riscv_ksyms.c:14:15: error: '__asm_copy_from_user' undeclared here
      
      Since these symbols are not defined with !MMU it's wrong to export them.
      Same for __clear_user() (even though this one is also declared in
      include/asm-generic/uaccess.h and thus doesn't give an error message).
      
      Fix this by doing the EXPORT_SYMBOL() directly where these symbols
      are defined: inside lib/uaccess.S itself.
      
      Fixes: 6bd33e1e ("riscv: fix compile failure with EXPORT_SYMBOL() & !MMU")
      Reported-by: Nkbuild test robot <lkp@intel.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Signed-off-by: NLuc Van Oostenryck <luc.vanoostenryck@gmail.com>
      Signed-off-by: NPaul Walmsley <paul.walmsley@sifive.com>
      4d47ce15
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · bf8d1cd4
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "Four fixes and one spelling update, all in drivers: two in lpfc and
        the rest in mp3sas, cxgbi and target"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: target/iblock: Fix protection error with blocks greater than 512B
        scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
        scsi: lpfc: fix spelling mistakes of asynchronous
        scsi: lpfc: fix build failure with DEBUGFS disabled
        scsi: mpt3sas: Fix double free in attach error handling
      bf8d1cd4
    • L
      Merge tag 'drm-fixes-2019-12-28' of git://anongit.freedesktop.org/drm/drm · 48a8dd17
      Linus Torvalds 提交于
      Pull drm fixes from Dave Airlie:
       "Post-xmas food coma recovery fixes. Only three fixes for i915 since I
        expect most people are holidaying.
      
        i915:
         - power management rc6 fix
         - framebuffer tracking fix
         - display power management ratelimit fix"
      
      * tag 'drm-fixes-2019-12-28' of git://anongit.freedesktop.org/drm/drm:
        drm/i915: Hold reference to intel_frontbuffer as we track activity
        drm/i915/gt: Ratelimit display power w/a
        drm/i915/pmu: Ensure monotonic rc6
      48a8dd17
    • L
      Merge tag 'linux-kselftest-5.5-rc4' of... · f4b39746
      Linus Torvalds 提交于
      Merge tag 'linux-kselftest-5.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull Kselftest fixes from Shuah Khan:
      
       - rseq build failures fixes related to glibc 2.30 compatibility from
         Mathieu Desnoyers
      
       - Kunit fixes and cleanups from SeongJae Park
      
       - Fixes to filesystems/epoll, firmware, and livepatch build failures
         and skip handling.
      
      * tag 'linux-kselftest-5.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        rseq/selftests: Clarify rseq_prepare_unload() helper requirements
        rseq/selftests: Fix: Namespace gettid() for compatibility with glibc 2.30
        rseq/selftests: Turn off timeout setting
        kunit/kunit_tool_test: Test '--build_dir' option run
        kunit: Rename 'kunitconfig' to '.kunitconfig'
        kunit: Place 'test.log' under the 'build_dir'
        kunit: Create default config in '--build_dir'
        kunit: Remove duplicated defconfig creation
        docs/kunit/start: Use in-tree 'kunit_defconfig'
        selftests: livepatch: Fix it to do root uid check and skip
        selftests: firmware: Fix it to do root uid check and skip
        selftests: filesystems/epoll: fix build error
      f4b39746
    • L
      Merge tag 'pm-5.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 1413c361
      Linus Torvalds 提交于
      Pull power management fixes from Rafael Wysocki:
       "Fix compile test of the Tegra devfreq driver (Arnd Bergmann) and
        remove redundant Kconfig dependencies from multiple devfreq drivers
        (Leonard Crestez)"
      
      * tag 'pm-5.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        PM / devfreq: tegra: Add COMMON_CLK dependency
        PM / devfreq: Drop explicit selection of PM_OPP
      1413c361
    • L
      Merge tag 'io_uring-5.5-20191226' of git://git.kernel.dk/linux-block · 534121d2
      Linus Torvalds 提交于
      Pull io_uring fixes from Jens Axboe:
      
       - Removal of now unused busy wqe list (Hillf)
      
       - Add cond_resched() to io-wq work processing (Hillf)
      
       - And then the series that I hinted at from last week, which removes
         the sqe from the io_kiocb and keeps all sqe handling on the prep
         side. This guarantees that an opcode can't do the wrong thing and
         read the sqe more than once. This is unchanged from last week, no
         issues have been observed with this in testing. Hence I really think
         we should fold this into 5.5.
      
      * tag 'io_uring-5.5-20191226' of git://git.kernel.dk/linux-block:
        io-wq: add cond_resched() to worker thread
        io-wq: remove unused busy list from io_sqe
        io_uring: pass in 'sqe' to the prep handlers
        io_uring: standardize the prep methods
        io_uring: read 'count' for IORING_OP_TIMEOUT in prep handler
        io_uring: move all prep state for IORING_OP_{SEND,RECV}_MGS to prep handler
        io_uring: move all prep state for IORING_OP_CONNECT to prep handler
        io_uring: add and use struct io_rw for read/writes
        io_uring: use u64_to_user_ptr() consistently
      534121d2
    • L
      Merge tag 'libata-5.5-20191226' of git://git.kernel.dk/linux-block · 0f710a55
      Linus Torvalds 提交于
      Pull libata fixes from Jens Axboe:
       "Two things in here:
      
         - First half of a series that fixes ahci_brcm, also marked for
           stable. The other part of the series is going into 5.6 (Florian)
      
         - sata_nv regression fix that is also marked for stable (Sascha)"
      
      * tag 'libata-5.5-20191226' of git://git.kernel.dk/linux-block:
        ata: ahci_brcm: Add missing clock management during recovery
        ata: ahci_brcm: BCM7425 AHCI requires AHCI_HFLAG_DELAY_ENGINE
        ata: ahci_brcm: Fix AHCI resources management
        ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys()
        libata: Fix retrieving of active qcs
      0f710a55