1. 01 May, 2018 3 commits
    • NeilBrown's avatar
      md: fix two problems with setting the "re-add" device state. · 011abdc9
      NeilBrown authored
      If "re-add" is written to the "state" file for a device
      which is faulty, this has an effect similar to removing
      and re-adding the device.  It should take up the
      same slot in the array that it previously had, and
      an accelerated (e.g. bitmap-based) rebuild should happen.
      
      The slot that "it previously had" is determined by
      rdev->saved_raid_disk.
      However this is not set when a device fails (only when a device
      is added), and it is cleared when resync completes.
      This means that "re-add" will normally work once, but may not work a
      second time.
      
      This patch includes two fixes.
      1/ when a device fails, record the ->raid_disk value in
          ->saved_raid_disk before clearing ->raid_disk
      2/ when "re-add" is written to a device for which
          ->saved_raid_disk is not set, fail.
      
      I think this is suitable for stable as it can
      cause re-adding a device to be forced to do a full
      resync which takes a lot longer and so puts data at
      more risk.
      
      Cc: <stable@vger.kernel.org> (v4.1)
      Fixes: 97f6cd39 ("md-cluster: re-add capabilities")
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Reviewed-by: default avatarGoldwyn Rodrigues <rgoldwyn@suse.com>
      Signed-off-by: default avatarShaohua Li <shli@fb.com>
      011abdc9
    • Guoqing Jiang's avatar
      raid10: check bio in r10buf_pool_free to void NULL pointer dereference · eb81b328
      Guoqing Jiang authored
      For recovery case, r10buf_pool_alloc only allocates 2 bios,
      so we can't access more than 2 bios in r10buf_pool_free.
      Otherwise, we can see NULL pointer dereference as follows:
      
      [   98.347009] BUG: unable to handle kernel NULL pointer dereference
      at 0000000000000050
      [   98.355783] IP: r10buf_pool_free+0x38/0xe0 [raid10]
      [...]
      [   98.543734] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   98.550161] CR2: 0000000000000050 CR3: 000000089500a001 CR4: 00000000001606f0
      [   98.558145] Call Trace:
      [   98.560881]  <IRQ>
      [   98.563136]  put_buf+0x19/0x20 [raid10]
      [   98.567426]  end_sync_request+0x6b/0x70 [raid10]
      [   98.572591]  end_sync_write+0x9b/0x160 [raid10]
      [   98.577662]  blk_update_request+0x78/0x2c0
      [   98.582254]  scsi_end_request+0x2c/0x1e0 [scsi_mod]
      [   98.587719]  scsi_io_completion+0x22f/0x610 [scsi_mod]
      [   98.593472]  blk_done_softirq+0x8e/0xc0
      [   98.597767]  __do_softirq+0xde/0x2b3
      [   98.601770]  irq_exit+0xae/0xb0
      [   98.605285]  do_IRQ+0x81/0xd0
      [   98.608606]  common_interrupt+0x7d/0x7d
      [   98.612898]  </IRQ>
      
      So we need to check the bio is valid or not before the bio is
      used in r10buf_pool_free. Another workable way is to free 2 bios
      for recovery case just like r10buf_pool_alloc.
      
      Fixes: f0250618 ("md: raid10: don't use bio's vec table to manage resync pages")
      Reported-by: default avatarAlexis Castilla <pencerval@gmail.com>
      Tested-by: default avatarAlexis Castilla <pencerval@gmail.com>
      Signed-off-by: default avatarGuoqing Jiang <gqjiang@suse.com>
      Signed-off-by: default avatarShaohua Li <shli@fb.com>
      eb81b328
    • Yufen Yu's avatar
      md: fix an error code format and remove unsed bio_sector · 13db16d7
      Yufen Yu authored
      Signed-off-by: default avatarYufen Yu <yuyufen@huawei.com>
      Signed-off-by: default avatarShaohua Li <shli@fb.com>
      13db16d7
  2. 20 Apr, 2018 16 commits
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal · 83beed7b
      Linus Torvalds authored
      Pull thermal fixes from Eduardo Valentin:
       "A couple of fixes for the thermal subsystem"
      
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal:
        dt-bindings: thermal: Remove "cooling-{min|max}-level" properties
        dt-bindings: thermal: remove no longer needed samsung thermal properties
      83beed7b
    • Linus Torvalds's avatar
      Merge tag 'mmc-v4.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 7e3cb169
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "A couple of MMC host fixes:
      
         - sdhci-pci: Fixup tuning for AMD for eMMC HS200 mode
      
         - renesas_sdhi_internal_dmac: Avoid data corruption by limiting
           DMA RX"
      
      * tag 'mmc-v4.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: renesas_sdhi_internal_dmac: limit DMA RX for old SoCs
        mmc: sdhci-pci: Only do AMD tuning for HS200
      7e3cb169
    • Linus Torvalds's avatar
      Merge tag 'md/4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md · 7768ee3f
      Linus Torvalds authored
      Pull MD fixes from Shaohua Li:
       "Three small fixes for MD:
      
         - md-cluster fix for faulty device from Guoqing
      
         - writehint fix for writebehind IO for raid1 from Mariusz
      
         - a live lock fix for interrupted recovery from Yufen"
      
      * tag 'md/4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md:
        raid1: copy write hint from master bio to behind bio
        md/raid1: exit sync request if MD_RECOVERY_INTR is set
        md-cluster: don't update recovery_offset for faulty device
      7768ee3f
    • David Howells's avatar
      vfs: Undo an overly zealous MS_RDONLY -> SB_RDONLY conversion · a9e5b732
      David Howells authored
      In do_mount() when the MS_* flags are being converted to MNT_* flags,
      MS_RDONLY got accidentally convered to SB_RDONLY.
      
      Undo this change.
      
      Fixes: e462ec50 ("VFS: Differentiate mount flags (MS_*) from internal superblock flags")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a9e5b732
    • David Howells's avatar
      afs: Fix server record deletion · 66062592
      David Howells authored
      AFS server records get removed from the net->fs_servers tree when
      they're deleted, but not from the net->fs_addresses{4,6} lists, which
      can lead to an oops in afs_find_server() when a server record has been
      removed, for instance during rmmod.
      
      Fix this by deleting the record from the by-address lists before posting
      it for RCU destruction.
      
      The reason this hasn't been noticed before is that the fileserver keeps
      probing the local cache manager, thereby keeping the service record
      alive, so the oops would only happen when a fileserver eventually gets
      bored and stops pinging or if the module gets rmmod'd and a call comes
      in from the fileserver during the window between the server records
      being destroyed and the socket being closed.
      
      The oops looks something like:
      
        BUG: unable to handle kernel NULL pointer dereference at 000000000000001c
        ...
        Workqueue: kafsd afs_process_async_call [kafs]
        RIP: 0010:afs_find_server+0x271/0x36f [kafs]
        ...
        Call Trace:
         afs_deliver_cb_init_call_back_state3+0x1f2/0x21f [kafs]
         afs_deliver_to_call+0x1ee/0x5e8 [kafs]
         afs_process_async_call+0x5b/0xd0 [kafs]
         process_one_work+0x2c2/0x504
         worker_thread+0x1d4/0x2ac
         kthread+0x11f/0x127
         ret_from_fork+0x24/0x30
      
      Fixes: d2ddc776 ("afs: Overhaul volume and server record caching and fileserver rotation")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      66062592
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · a72db42c
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Unbalanced refcounting in TIPC, from Jon Maloy.
      
       2) Only allow TCP_MD5SIG to be set on sockets in close or listen state.
          Once the connection is established it makes no sense to change this.
          From Eric Dumazet.
      
       3) Missing attribute validation in neigh_dump_table(), also from Eric
          Dumazet.
      
       4) Fix address comparisons in SCTP, from Xin Long.
      
       5) Neigh proxy table clearing can deadlock, from Wolfgang Bumiller.
      
       6) Fix tunnel refcounting in l2tp, from Guillaume Nault.
      
       7) Fix double list insert in team driver, from Paolo Abeni.
      
       8) af_vsock.ko module was accidently made unremovable, from Stefan
          Hajnoczi.
      
       9) Fix reference to freed llc_sap object in llc stack, from Cong Wang.
      
      10) Don't assume netdevice struct is DMA'able memory in virtio_net
          driver, from Michael S. Tsirkin.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (62 commits)
        net/smc: fix shutdown in state SMC_LISTEN
        bnxt_en: Fix memory fault in bnxt_ethtool_init()
        virtio_net: sparse annotation fix
        virtio_net: fix adding vids on big-endian
        virtio_net: split out ctrl buffer
        net: hns: Avoid action name truncation
        docs: ip-sysctl.txt: fix name of some ipv6 variables
        vmxnet3: fix incorrect dereference when rxvlan is disabled
        llc: hold llc_sap before release_sock()
        MAINTAINERS: Direct networking documentation changes to netdev
        atm: iphase: fix spelling mistake: "Tansmit" -> "Transmit"
        net: qmi_wwan: add Wistron Neweb D19Q1
        net: caif: fix spelling mistake "UKNOWN" -> "UNKNOWN"
        net: stmmac: Disable ACS Feature for GMAC >= 4
        net: mvpp2: Fix DMA address mask size
        net: change the comment of dev_mc_init
        net: qualcomm: rmnet: Fix warning seen with fill_info
        tun: fix vlan packet truncation
        tipc: fix infinite loop when dumping link monitor summary
        tipc: fix use-after-free in tipc_nametbl_stop
        ...
      a72db42c
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · b9abdcfd
      Linus Torvalds authored
      Pull vfs fixes from Al Viro:
       "Assorted fixes.
      
        Some of that is only a matter with fault injection (broken handling of
        small allocation failure in various mount-related places), but the
        last one is a root-triggerable stack overflow, and combined with
        userns it gets really nasty ;-/"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        Don't leak MNT_INTERNAL away from internal mounts
        mm,vmscan: Allow preallocating memory for register_shrinker().
        rpc_pipefs: fix double-dput()
        orangefs_kill_sb(): deal with allocation failures
        jffs2_kill_sb(): deal with failed allocations
        hypfs_kill_super(): deal with failed allocations
      b9abdcfd
    • Linus Torvalds's avatar
      Merge tag 'ecryptfs-4.17-rc2-fixes' of... · 43f70c96
      Linus Torvalds authored
      Merge tag 'ecryptfs-4.17-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs
      
      Pull eCryptfs fixes from Tyler Hicks:
       "Minor cleanups and a bug fix to completely ignore unencrypted
        filenames in the lower filesystem when filename encryption is enabled
        at the eCryptfs layer"
      
      * tag 'ecryptfs-4.17-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
        eCryptfs: don't pass up plaintext names when using filename encryption
        ecryptfs: fix spelling mistake: "cadidate" -> "candidate"
        ecryptfs: lookup: Don't check if mount_crypt_stat is NULL
      43f70c96
    • Linus Torvalds's avatar
      Merge tag 'for_v4.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · 0d9cf33b
      Linus Torvalds authored
       - isofs memory leak fix
      
       - two fsnotify fixes of event mask handling
      
       - udf fix of UTF-16 handling
      
       - couple other smaller cleanups
      
      * tag 'for_v4.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        udf: Fix leak of UTF-16 surrogates into encoded strings
        fs: ext2: Adding new return type vm_fault_t
        isofs: fix potential memory leak in mount option parsing
        MAINTAINERS: add an entry for FSNOTIFY infrastructure
        fsnotify: fix typo in a comment about mark->g_list
        fsnotify: fix ignore mask logic in send_to_group()
        isofs compress: Remove VLA usage
        fs: quota: Replace GFP_ATOMIC with GFP_KERNEL in dquot_init
        fanotify: fix logic of events on child
      0d9cf33b
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid · 4d189053
      Linus Torvalds authored
      Pull HID updates from Jiri Kosina:
      
       - suspend/resume handling fix for Raydium I2C-connected touchscreen
         from Aaron Ma
      
       - protocol fixup for certain BT-connected Wacoms from Aaron Armstrong
         Skomra
      
       - battery level reporting fix on BT-connected mice from Dmitry Torokhov
      
       - hidraw race condition fix from Rodrigo Rivas Costa
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
        HID: i2c-hid: fix inverted return value from i2c_hid_command()
        HID: i2c-hid: Fix resume issue on Raydium touchscreen device
        HID: wacom: bluetooth: send exit report for recent Bluetooth devices
        HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
        HID: input: fix battery level reporting on BT mice
      4d189053
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching · 41e3bef5
      Linus Torvalds authored
      Pull livepatching fix from Jiri Kosina:
       "Shadow variable API list_head initialization fix from Petr Mladek"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching:
        livepatch: Allow to call a custom callback when freeing shadow variables
        livepatch: Initialize shadow variables safely by a custom callback
      41e3bef5
    • Linus Torvalds's avatar
      Merge tag 'for-linus-4.17-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 36e584de
      Linus Torvalds authored
      Pull xen fixes from Juergen Gross:
      
       - some fixes of kmalloc() flags
      
       - one fix of the xenbus driver
      
       - an update of the pv sound driver interface needed for a driver which
         will go through the sound tree
      
      * tag 'for-linus-4.17-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen: xenbus_dev_frontend: Really return response string
        xen/sndif: Sync up with the canonical definition in Xen
        xen: xen-pciback: Replace GFP_ATOMIC with GFP_KERNEL in pcistub_reg_add
        xen: xen-pciback: Replace GFP_ATOMIC with GFP_KERNEL in xen_pcibk_config_quirks_init
        xen: xen-pciback: Replace GFP_ATOMIC with GFP_KERNEL in pcistub_device_alloc
        xen: xen-pciback: Replace GFP_ATOMIC with GFP_KERNEL in pcistub_init_device
        xen: xen-pciback: Replace GFP_ATOMIC with GFP_KERNEL in pcistub_probe
      36e584de
    • Linus Torvalds's avatar
      Merge tag 'mips_fixes_4.17_1' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips · 854da238
      Linus Torvalds authored
      Pull MIPS fixes from James Hogan:
      
       - io: Add barriers to read*() & write*()
      
       - dts: Fix boston PCI bus DTC warnings (4.17)
      
       - memset: Several corner case fixes (one 3.10, others longer)
      
      * tag 'mips_fixes_4.17_1' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips:
        MIPS: uaccess: Add micromips clobbers to bzero invocation
        MIPS: memset.S: Fix clobber of v1 in last_fixup
        MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
        MIPS: memset.S: EVA & fault support for small_memset
        MIPS: dts: Boston: Fix PCI bus dtc warnings:
        MIPS: io: Add barrier after register read in readX()
        MIPS: io: Prevent compiler reordering writeX()
      854da238
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · d08de37b
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - Fix an off-by-one bug in our alternative asm patching which leads to
         incorrectly patched code. This bug lay dormant for nearly 10 years
         but we finally hit it due to a recent change.
      
       - Fix lockups when running KVM guests on Power8 due to a missing check
         when a thread that's running KVM comes out of idle.
      
       - Fix an out-of-spec behaviour in the XIVE code (P9 interrupt
         controller).
      
       - Fix EEH handling of bridge MMIO windows.
      
       - Prevent crashes in our RFI fallback flush handler if firmware didn't
         tell us the size of the L1 cache (only seen on simulators).
      
      Thanks to: Benjamin Herrenschmidt, Madhavan Srinivasan, Michael Neuling.
      
      * tag 'powerpc-4.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/kvm: Fix lockups when running KVM guests on Power8
        powerpc/eeh: Fix enabling bridge MMIO windows
        powerpc/xive: Fix trying to "push" an already active pool VP
        powerpc/64s: Default l1d_size to 64K in RFI fallback flush
        powerpc/lib: Fix off-by-one in alternate feature patching
      d08de37b
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · c2d94c52
      Linus Torvalds authored
      Pull s390 fixes and kexec-file-load from Martin Schwidefsky:
       "After the common code kexec patches went in via Andrew we can now push
        the architecture parts to implement the kexec-file-load system call.
      
        Plus a few more bug fixes and cleanups, this includes an update to the
        default configurations"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/signal: cleanup uapi struct sigaction
        s390: rename default_defconfig to debug_defconfig
        s390: remove gcov defconfig
        s390: update defconfig
        s390: add support for IBM z14 Model ZR1
        s390: remove couple of duplicate includes
        s390/boot: remove unused COMPILE_VERSION and ccflags-y
        s390/nospec: include cpu.h
        s390/decompressor: Ignore file vmlinux.bin.full
        s390/kexec_file: add generated files to .gitignore
        s390/Kconfig: Move kexec config options to "Processor type and features"
        s390/kexec_file: Add ELF loader
        s390/kexec_file: Add crash support to image loader
        s390/kexec_file: Add image loader
        s390/kexec_file: Add kexec_file_load system call
        s390/kexec_file: Add purgatory
        s390/kexec_file: Prepare setup.h for kexec_file_load
        s390/smsgiucv: disable SMSG on module unload
        s390/sclp: avoid potential usage of uninitialized value
      c2d94c52
    • Al Viro's avatar
      Don't leak MNT_INTERNAL away from internal mounts · 16a34adb
      Al Viro authored
      We want it only for the stuff created by SB_KERNMOUNT mounts, *not* for
      their copies.  As it is, creating a deep stack of bindings of /proc/*/ns/*
      somewhere in a new namespace and exiting yields a stack overflow.
      
      Cc: stable@kernel.org
      Reported-by: default avatarAlexander Aring <aring@mojatatu.com>
      Bisected-by: default avatarKirill Tkhai <ktkhai@virtuozzo.com>
      Tested-by: default avatarKirill Tkhai <ktkhai@virtuozzo.com>
      Tested-by: default avatarAlexander Aring <aring@mojatatu.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      16a34adb
  3. 19 Apr, 2018 21 commits