1. 27 1月, 2020 1 次提交
    • D
      afs: Fix characters allowed into cell names · a45ea48e
      David Howells 提交于
      The afs filesystem needs to prohibit certain characters from cell names,
      such as '/', as these are used to form filenames in procfs, leading to
      the following warning being generated:
      
      	WARNING: CPU: 0 PID: 3489 at fs/proc/generic.c:178
      
      Fix afs_alloc_cell() to disallow nonprintable characters, '/', '@' and
      names that begin with a dot.
      
      Remove the check for "@cell" as that is then redundant.
      
      This can be tested by running:
      
      	echo add foo/.bar 1.2.3.4 >/proc/fs/afs/cells
      
      Note that we will also need to deal with:
      
       - Names ending in ".invalid" shouldn't be passed to the DNS.
      
       - Names that contain non-valid domainname chars shouldn't be passed to
         the DNS.
      
       - DNS replies that say "your-dns-needs-immediate-attention.<gTLD>" and
         replies containing A records that say 127.0.53.53 should be
         considered invalid.
         [https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf]
      
      but these need to be dealt with by the kafs-client DNS program rather
      than the kernel.
      
      Reported-by: syzbot+b904ba7c947a37b4b291@syzkaller.appspotmail.com
      Cc: stable@kernel.org
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a45ea48e
  2. 26 1月, 2020 7 次提交
    • L
      Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · 2821e26f
      Linus Torvalds 提交于
      Pull ARM fixes from Russell King:
      
       - fix ftrace relocation type filtering
      
       - relax arch timer version check
      
      * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 8955/1: virt: Relax arch timer version check during early boot
        ARM: 8950/1: ftrace/recordmcount: filter relocation types
      2821e26f
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 84809aaf
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Off by one in mt76 airtime calculation, from Dan Carpenter.
      
       2) Fix TLV fragment allocation loop condition in iwlwifi, from Luca
          Coelho.
      
       3) Don't confirm neigh entries when doing ipsec pmtu updates, from Xu
          Wang.
      
       4) More checks to make sure we only send TSO packets to lan78xx chips
          that they can actually handle. From James Hughes.
      
       5) Fix ip_tunnel namespace move, from William Dauchy.
      
       6) Fix unintended packet reordering due to cooperation between
          listification done by GRO and non-GRO paths. From Maxim
          Mikityanskiy.
      
       7) Add Jakub Kicincki formally as networking co-maintainer.
      
       8) Info leak in airo ioctls, from Michael Ellerman.
      
       9) IFLA_MTU attribute needs validation during rtnl_create_link(), from
          Eric Dumazet.
      
      10) Use after free during reload in mlxsw, from Ido Schimmel.
      
      11) Dangling pointers are possible in tp->highest_sack, fix from Eric
          Dumazet.
      
      12) Missing *pos++ in various networking seq_next handlers, from Vasily
          Averin.
      
      13) CHELSIO_GET_MEM operation neds CAP_NET_ADMIN check, from Michael
          Ellerman.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (109 commits)
        firestream: fix memory leaks
        net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
        net: bcmgenet: Use netif_tx_napi_add() for TX NAPI
        tipc: change maintainer email address
        net: stmmac: platform: fix probe for ACPI devices
        net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path
        net/mlx5e: kTLS, Remove redundant posts in TX resync flow
        net/mlx5e: kTLS, Fix corner-case checks in TX resync flow
        net/mlx5e: Clear VF config when switching modes
        net/mlx5: DR, use non preemptible call to get the current cpu number
        net/mlx5: E-Switch, Prevent ingress rate configuration of uplink rep
        net/mlx5: DR, Enable counter on non-fwd-dest objects
        net/mlx5: Update the list of the PCI supported devices
        net/mlx5: Fix lowest FDB pool size
        net: Fix skb->csum update in inet_proto_csum_replace16().
        netfilter: nf_tables: autoload modules from the abort path
        netfilter: nf_tables: add __nft_chain_type_get()
        netfilter: nf_tables_offload: fix check the chain offload flag
        netfilter: conntrack: sctp: use distinct states for new SCTP connections
        ipv6_route_seq_next should increase position index
        ...
      84809aaf
    • L
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · f041eada
      Linus Torvalds 提交于
      Pull ARM SoC fixes from Olof Johansson:
       "A couple of fixes have come in that would be good to include in this
        release:
      
         - A fix for amount of memory on Beaglebone Black. Surfaced now since
           GRUB2 doesn't update memory size in the booted kernel.
      
         - A fix to make SPI interfaces work on am43x-epos-evm.
      
         - Small Kconfig fix for OPTEE (adds a depend on MMU) to avoid build
           failures"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        ARM: dts: am43x-epos-evm: set data pin directions for spi0 and spi1
        tee: optee: Fix compilation issue with nommu
        ARM: dts: am335x-boneblack-common: fix memory size
      f041eada
    • W
      firestream: fix memory leaks · fa865ba1
      Wenwen Wang 提交于
      In fs_open(), 'vcc' is allocated through kmalloc() and assigned to
      'atm_vcc->dev_data.' In the following execution, if an error occurs, e.g.,
      there is no more free channel, an error code EBUSY or ENOMEM will be
      returned. However, 'vcc' is not deallocated, leading to memory leaks. Note
      that, in normal cases where fs_open() returns 0, 'vcc' will be deallocated
      in fs_close(). But, if fs_open() fails, there is no guarantee that
      fs_close() will be invoked.
      
      To fix this issue, deallocate 'vcc' before the error code is returned.
      Signed-off-by: NWenwen Wang <wenwen@cs.uga.edu>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fa865ba1
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 6badad1c
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for net:
      
      1) Missing netlink attribute sanity check for NFTA_OSF_DREG,
         from Florian Westphal.
      
      2) Use bitmap infrastructure in ipset to fix KASAN slab-out-of-bounds
         reads, from Jozsef Kadlecsik.
      
      3) Missing initial CLOSED state in new sctp connection through
         ctnetlink events, from Jiri Wiesner.
      
      4) Missing check for NFT_CHAIN_HW_OFFLOAD in nf_tables offload
         indirect block infrastructure, from wenxu.
      
      5) Add __nft_chain_type_get() to sanity check family and chain type.
      
      6) Autoload modules from the nf_tables abort path to fix races
         reported by syzbot.
      
      7) Remove unnecessary skb->csum update on inet_proto_csum_replace16(),
         from Praveen Chaudhary.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6badad1c
    • L
      Merge tag 'for-5.5-rc8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · a075f23d
      Linus Torvalds 提交于
      Pull btrfs fix from David Sterba:
       "Here's a last minute fix for a regression introduced in this
        development cycle.
      
        There's a small chance of a silent corruption when device replace and
        NOCOW data writes happen at the same time in one block group. Metadata
        or COW data writes are unaffected.
      
        The extra fixup patch is there to silence an unnecessary warning"
      
      * tag 'for-5.5-rc8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: dev-replace: remove warning for unknown return codes when finished
        btrfs: scrub: Require mandatory block group RO for dev-replace
      a075f23d
    • L
      Merge tag 'pinctrl-v5.5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · 93d1a05e
      Linus Torvalds 提交于
      Pull pin control fix from Linus Walleij:
       "A single fix for the Intel Sunrisepoint pin controller that makes the
        interrupts work properly on it"
      
      * tag 'pinctrl-v5.5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: sunrisepoint: Add missing Interrupt Status register offset
      93d1a05e
  3. 25 1月, 2020 27 次提交
  4. 24 1月, 2020 5 次提交
    • S
      iommu/amd: Fix IOMMU perf counter clobbering during init · 8c17bbf6
      Shuah Khan 提交于
      init_iommu_perf_ctr() clobbers the register when it checks write access
      to IOMMU perf counters and fails to restore when they are writable.
      
      Add save and restore to fix it.
      Signed-off-by: NShuah Khan <skhan@linuxfoundation.org>
      Fixes: 30861ddc ("perf/x86/amd: Add IOMMU Performance Counter resource management")
      Reviewed-by: NSuravee Suthikulpanit <suravee.suthikulpanit@amd.com>
      Tested-by: NSuravee Suthikulpanit <suravee.suthikulpanit@amd.com>
      Signed-off-by: NJoerg Roedel <jroedel@suse.de>
      8c17bbf6
    • J
      iommu/vt-d: Call __dmar_remove_one_dev_info with valid pointer · bf708cfb
      Jerry Snitselaar 提交于
      It is possible for archdata.iommu to be set to
      DEFER_DEVICE_DOMAIN_INFO or DUMMY_DEVICE_DOMAIN_INFO so check for
      those values before calling __dmar_remove_one_dev_info. Without a
      check it can result in a null pointer dereference. This has been seen
      while booting a kdump kernel on an HP dl380 gen9.
      
      Cc: Joerg Roedel <joro@8bytes.org>
      Cc: Lu Baolu <baolu.lu@linux.intel.com>
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: stable@vger.kernel.org # 5.3+
      Cc: linux-kernel@vger.kernel.org
      Fixes: ae23bfb6 ("iommu/vt-d: Detach domain before using a private one")
      Signed-off-by: NJerry Snitselaar <jsnitsel@redhat.com>
      Acked-by: NLu Baolu <baolu.lu@linux.intel.com>
      Signed-off-by: NJoerg Roedel <jroedel@suse.de>
      bf708cfb
    • Q
      btrfs: scrub: Require mandatory block group RO for dev-replace · 1bbb97b8
      Qu Wenruo 提交于
      [BUG]
      For dev-replace test cases with fsstress, like btrfs/06[45] btrfs/071,
      looped runs can lead to random failure, where scrub finds csum error.
      
      The possibility is not high, around 1/20 to 1/100, but it's causing data
      corruption.
      
      The bug is observable after commit b12de528 ("btrfs: scrub: Don't
      check free space before marking a block group RO")
      
      [CAUSE]
      Dev-replace has two source of writes:
      
      - Write duplication
        All writes to source device will also be duplicated to target device.
      
        Content:	Not yet persisted data/meta
      
      - Scrub copy
        Dev-replace reused scrub code to iterate through existing extents, and
        copy the verified data to target device.
      
        Content:	Previously persisted data and metadata
      
      The difference in contents makes the following race possible:
      	Regular Writer		|	Dev-replace
      -----------------------------------------------------------------
        ^                             |
        | Preallocate one data extent |
        | at bytenr X, len 1M		|
        v				|
        ^ Commit transaction		|
        | Now extent [X, X+1M) is in  |
        v commit root			|
       ================== Dev replace starts =========================
        				| ^
      				| | Scrub extent [X, X+1M)
      				| | Read [X, X+1M)
      				| | (The content are mostly garbage
      				| |  since it's preallocated)
        ^				| v
        | Write back happens for	|
        | extent [X, X+512K)		|
        | New data writes to both	|
        | source and target dev.	|
        v				|
      				| ^
      				| | Scrub writes back extent [X, X+1M)
      				| | to target device.
      				| | This will over write the new data in
      				| | [X, X+512K)
      				| v
      
      This race can only happen for nocow writes. Thus metadata and data cow
      writes are safe, as COW will never overwrite extents of previous
      transaction (in commit root).
      
      This behavior can be confirmed by disabling all fallocate related calls
      in fsstress (*), then all related tests can pass a 2000 run loop.
      
      *: FSSTRESS_AVOID="-f fallocate=0 -f allocsp=0 -f zero=0 -f insert=0 \
      		   -f collapse=0 -f punch=0 -f resvsp=0"
         I didn't expect resvsp ioctl will fallback to fallocate in VFS...
      
      [FIX]
      Make dev-replace to require mandatory block group RO, and wait for current
      nocow writes before calling scrub_chunk().
      
      This patch will mostly revert commit 76a8efa1 ("btrfs: Continue replace
      when set_block_ro failed") for dev-replace path.
      
      The side effect is, dev-replace can be more strict on avaialble space, but
      definitely worth to avoid data corruption.
      Reported-by: NFilipe Manana <fdmanana@suse.com>
      Fixes: 76a8efa1 ("btrfs: Continue replace when set_block_ro failed")
      Fixes: b12de528 ("btrfs: scrub: Don't check free space before marking a block group RO")
      Reviewed-by: NFilipe Manana <fdmanana@suse.com>
      Signed-off-by: NQu Wenruo <wqu@suse.com>
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      1bbb97b8
    • D
      Merge branch 'netdev-seq_file-next-functions-should-increase-position-index' · 623c8d5c
      David S. Miller 提交于
      Vasily Averin says:
      
      ====================
      netdev: seq_file .next functions should increase position index
      
      In Aug 2018 NeilBrown noticed
      commit 1f4aace6 ("fs/seq_file.c: simplify seq_file iteration code and interface")
      "Some ->next functions do not increment *pos when they return NULL...
      Note that such ->next functions are buggy and should be fixed.
      A simple demonstration is
      
      dd if=/proc/swaps bs=1000 skip=1
      
      Choose any block size larger than the size of /proc/swaps.  This will
      always show the whole last line of /proc/swaps"
      
      Described problem is still actual. If you make lseek into middle of last output line
      following read will output end of last line and whole last line once again.
      
      $ dd if=/proc/swaps bs=1  # usual output
      Filename				Type		Size	Used	Priority
      /dev/dm-0                               partition	4194812	97536	-2
      104+0 records in
      104+0 records out
      104 bytes copied
      
      $ dd if=/proc/swaps bs=40 skip=1    # last line was generated twice
      dd: /proc/swaps: cannot skip to specified offset
      v/dm-0                               partition	4194812	97536	-2
      /dev/dm-0                               partition	4194812	97536	-2
      3+1 records in
      3+1 records out
      131 bytes copied
      
      There are lot of other affected files, I've found 30+ including
      /proc/net/ip_tables_matches and /proc/sysvipc/*
      
      This patch-set fixes files related to netdev@
      
      https://bugzilla.kernel.org/show_bug.cgi?id=206283
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      623c8d5c
    • V
      ipv6_route_seq_next should increase position index · 4fc427e0
      Vasily Averin 提交于
      if seq_file .next fuction does not change position index,
      read after some lseek can generate unexpected output.
      
      https://bugzilla.kernel.org/show_bug.cgi?id=206283Signed-off-by: NVasily Averin <vvs@virtuozzo.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4fc427e0
新手
引导
客服 返回
顶部