70f98fe87ab5b332fa6308ae9f05da170d65e9f6
107 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
balgxmr
|
434f599332 | Merge branch 'upstream-linux-4.14.y' of https://android.googlesource.com/kernel/common into rebase | ||
|
Theodore Ts'o
|
0fc1041a98 |
ext4: bail out of ext4_xattr_ibody_get() fails for any reason
commit 2a534e1d0d1591e951f9ece2fb460b2ff92edabd upstream. In ext4_update_inline_data(), if ext4_xattr_ibody_get() fails for any reason, it's best if we just fail as opposed to stumbling on, especially if the failure is EFSCORRUPTED. Cc: stable@kernel.org Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Theodore Ts'o
|
5a229d21b9 |
ext4: add bounds checking in get_max_inline_xattr_value_size()
commit 2220eaf90992c11d888fe771055d4de330385f01 upstream. Normally the extended attributes in the inode body would have been checked when the inode is first opened, but if someone is writing to the block device while the file system is mounted, it's possible for the inode table to get corrupted. Add bounds checking to avoid reading beyond the end of allocated memory if this happens. Reported-by: syzbot+1966db24521e5f6e23f7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=1966db24521e5f6e23f7 Cc: stable@kernel.org Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Ritesh Harjani
|
d729fbe6bf |
ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()
[ Upstream commit 310c097c2bdbea253d6ee4e064f3e65580ef93ac ] ext4_xattr_ibody_inline_set() & ext4_xattr_ibody_set() have the exact same definition. Hence remove ext4_xattr_ibody_inline_set() and all its call references. Convert the callers of it to call ext4_xattr_ibody_set() instead. [ Modified to preserve ext4_xattr_ibody_set() and remove ext4_xattr_ibody_inline_set() instead. -- TYT ] Signed-off-by: Ritesh Harjani <riteshh@linux.ibm.com> Link: https://lore.kernel.org/r/fd566b799bbbbe9b668eb5eecde5b5e319e3694f.1622685482.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Ye Bin
|
dbd0db0951 |
ext4: move where set the MAY_INLINE_DATA flag is set
commit 1dcdce5919115a471bf4921a57f20050c545a236 upstream. The only caller of ext4_find_inline_data_nolock() that needs setting of EXT4_STATE_MAY_INLINE_DATA flag is ext4_iget_extra_inode(). In ext4_write_inline_data_end() we just need to update inode->i_inline_off. Since we are going to add one more caller that does not need to set EXT4_STATE_MAY_INLINE_DATA, just move setting of EXT4_STATE_MAY_INLINE_DATA out to ext4_iget_extra_inode(). Signed-off-by: Ye Bin <yebin10@huawei.com> Cc: stable@kernel.org Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230307015253.2232062-2-yebin@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Park Ju Hyung
|
78dd2d558d |
ext4: Remove additional tracings added by CAF
Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com> Signed-off-by: Pranav Vashi <neobuddy89@gmail.com> |
||
|
pwnrazr
|
638f264111 | Merge remote-tracking branch 'android-stable/android-4.14-stable' into 12.1 | ||
|
Baokun Li
|
48b5a08e9f |
ext4: correct max_inline_xattr_value_size computing
commit c9fd167d57133c5b748d16913c4eabc55e531c73 upstream. If the ext4 inode does not have xattr space, 0 is returned in the get_max_inline_xattr_value_size function. Otherwise, the function returns a negative value when the inode does not contain EXT4_STATE_XATTR. Cc: stable@kernel.org Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20220616021358.2504451-4-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
pwnrazr
|
902bff81d9 |
Merge remote-tracking branch 'android-stable/android-4.14-stable' into dev-base-up
Conflicts: drivers/char/Kconfig fs/ext4/hash.c fs/ext4/namei.c lib/crypto/Makefile |
||
|
pwnrazr
|
cccc708ed6 | Merge remote-tracking branch 'android-stable/android-4.14-stable' into dev-base | ||
|
Ye Bin
|
b2b78f5bf2 |
ext4: fix bug_on in ext4_writepages
commit ef09ed5d37b84d18562b30cf7253e57062d0db05 upstream. we got issue as follows: EXT4-fs error (device loop0): ext4_mb_generate_buddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------[ cut here ]------------ kernel BUG at fs/ext4/inode.c:2708! invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 2147 Comm: rep Not tainted 5.18.0-rc2-next-20220413+ #155 RIP: 0010:ext4_writepages+0x1977/0x1c10 RSP: 0018:ffff88811d3e7880 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88811c098000 RDX: 0000000000000000 RSI: ffff88811c098000 RDI: 0000000000000002 RBP: ffff888128140f50 R08: ffffffffb1ff6387 R09: 0000000000000000 R10: 0000000000000007 R11: ffffed10250281ea R12: 0000000000000001 R13: 00000000000000a4 R14: ffff88811d3e7bb8 R15: ffff888128141028 FS: 00007f443aed9740(0000) GS:ffff8883aef00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020007200 CR3: 000000011c2a4000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> do_writepages+0x130/0x3a0 filemap_fdatawrite_wbc+0x83/0xa0 filemap_flush+0xab/0xe0 ext4_alloc_da_blocks+0x51/0x120 __ext4_ioctl+0x1534/0x3210 __x64_sys_ioctl+0x12c/0x170 do_syscall_64+0x3b/0x90 It may happen as follows: 1. write inline_data inode vfs_write new_sync_write ext4_file_write_iter ext4_buffered_write_iter generic_perform_write ext4_da_write_begin ext4_da_write_inline_data_begin -> If inline data size too small will allocate block to write, then mapping will has dirty page ext4_da_convert_inline_data_to_extent ->clear EXT4_STATE_MAY_INLINE_DATA 2. fallocate do_vfs_ioctl ioctl_preallocate vfs_fallocate ext4_fallocate ext4_convert_inline_data ext4_convert_inline_data_nolock ext4_map_blocks -> fail will goto restore data ext4_restore_inline_data ext4_create_inline_data ext4_write_inline_data ext4_set_inode_state -> set inode EXT4_STATE_MAY_INLINE_DATA 3. writepages __ext4_ioctl ext4_alloc_da_blocks filemap_flush filemap_fdatawrite_wbc do_writepages ext4_writepages if (ext4_has_inline_data(inode)) BUG_ON(ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) The root cause of this issue is we destory inline data until call ext4_writepages under delay allocation mode. But there maybe already convert from inline to extent. To solve this issue, we call filemap_flush first.. Cc: stable@kernel.org Signed-off-by: Ye Bin <yebin10@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20220516122634.1690462-1-yebin10@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
f434c8896d |
Merge 4.14.265 into android-4.14-stable
Changes in 4.14.265 Bluetooth: refactor malicious adv data check s390/hypfs: include z/VM guests with access control group set scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices udf: Restore i_lenAlloc when inode expansion fails udf: Fix NULL ptr deref when converting from inline format PM: wakeup: simplify the output logic of pm_show_wakelocks() netfilter: nft_payload: do not update layer 4 checksum when mangling fragments serial: stm32: fix software flow control transfer tty: n_gsm: fix SW flow control encoding/handling tty: Add support for Brainboxes UC cards. usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge usb: common: ulpi: Fix crash in ulpi_match() usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS USB: core: Fix hang in usb_kill_urb by adding memory barriers usb: typec: tcpm: Do not disconnect while receiving VBUS off net: sfp: ignore disabled SFP node powerpc/32: Fix boot failure with GCC latent entropy plugin lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() i40e: Increase delay to 1 s after global EMP reset i40e: fix unsigned stat widths rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() ipv6_tunnel: Rate limit warning messages net: fix information leakage in /proc/net/ptype ping: fix the sk_bound_dev_if match in ping_lookup ipv4: avoid using shared IP generator for connected sockets hwmon: (lm90) Reduce maximum conversion rate for G781 NFSv4: Handle case where the lookup of a directory fails NFSv4: nfs_atomic_open() can race when looking up a non-regular file net-procfs: show net devices bound packet types drm/msm: Fix wrong size calculation drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable ibmvnic: don't spin in tasklet yam: fix a memory leak in yam_siocdevprivate() ipv4: raw: lock the socket in raw_bind() ipv4: tcp: send zero IPID in SYNACK messages bpf: fix truncated jump targets on heavy expansions netfilter: nat: remove l4 protocol port rovers netfilter: nat: limit port clash resolution attempts ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback net: amd-xgbe: ensure to reset the tx_timer_active flag net: amd-xgbe: Fix skb data length underflow rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() af_packet: fix data-race in packet_setsockopt / packet_setsockopt audit: improve audit queue handling when "audit=1" on cmdline ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() drm/nouveau: fix off by one in BIOS boundary checking block: bio-integrity: Advance seed correctly for larger interval sizes RDMA/mlx4: Don't continue event handler after memory allocation failure iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() spi: bcm-qspi: check for valid cs before applying chip select spi: mediatek: Avoid NULL pointer crash in interrupt spi: meson-spicc: add IRQ check in meson_spicc_probe net: ieee802154: ca8210: Stop leaking skb's net: ieee802154: Return meaningful error codes from the netlink helpers net: macsec: Verify that send_sci is on when setting Tx sci explicitly drm/i915/overlay: Prevent divide by zero bugs in scaling ASoC: fsl: Add missing error handling in pcm030_fabric_probe scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. selftests: futex: Use variable MAKE instead of make rtc: cmos: Evaluate century appropriate EDAC/altera: Fix deferred probing EDAC/xgene: Fix deferred probing ext4: fix error handling in ext4_restore_inline_data() Linux 4.14.265 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ia51a926162e82c5fa5bdef1de1056cb74114ef88 |
||
|
Ritesh Harjani
|
19cfb87724 |
ext4: fix error handling in ext4_restore_inline_data()
commit 897026aaa73eb2517dfea8d147f20ddb0b813044 upstream.
While running "./check -I 200 generic/475" it sometimes gives below
kernel BUG(). Ideally we should not call ext4_write_inline_data() if
ext4_create_inline_data() has failed.
<log snip>
[73131.453234] kernel BUG at fs/ext4/inline.c:223!
<code snip>
212 static void ext4_write_inline_data(struct inode *inode, struct ext4_iloc *iloc,
213 void *buffer, loff_t pos, unsigned int len)
214 {
<...>
223 BUG_ON(!EXT4_I(inode)->i_inline_off);
224 BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
This patch handles the error and prints out a emergency msg saying potential
data loss for the given inode (since we couldn't restore the original
inline_data due to some previous error).
[ 9571.070313] EXT4-fs (dm-0): error restoring inline_data for inode -- potential data loss! (inode 1703982, error -30)
Reported-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Ritesh Harjani <riteshh@linux.ibm.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/9f4cd7dfd54fa58ff27270881823d94ddf78dd07.1642416995.git.riteshh@linux.ibm.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
1dff798c56 |
Merge 4.14.247 into android-4.14-stable
Changes in 4.14.247 ext4: fix race writing to an inline_data file while its xattrs are changing xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG qed: Fix the VF msix vectors flow net: macb: Add a NULL check on desc_ptp qede: Fix memset corruption perf/x86/intel/pt: Fix mask of num_address_ranges perf/x86/amd/ibs: Work around erratum #1197 cryptoloop: add a deprecation warning ARM: 8918/2: only build return_address() if needed ALSA: pcm: fix divide error in snd_pcm_lib_ioctl clk: fix build warning for orphan_list media: stkwebcam: fix memory leak in stk_camera_probe igmp: Add ip_mc_list lock in ip_check_mc_rcu USB: serial: mos7720: improve OOM-handling in read_mos_reg() f2fs: fix potential overflow ath10k: fix recent bandwidth conversion bug ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) s390/disassembler: correct disassembly lines alignment mm/kmemleak.c: make cond_resched() rate-limiting more efficient crypto: talitos - reduce max key size for SEC1 powerpc/module64: Fix comment in R_PPC64_ENTRY handling powerpc/boot: Delete unneeded .globl _zimage_start net: ll_temac: Remove left-over debug message mm/page_alloc: speed up the iteration of max_order Revert "btrfs: compression: don't try to compress if we don't have enough pages" usb: host: xhci-rcar: Don't reload firmware after the completion x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions PCI: Call Max Payload Size-related fixup quirks early regmap: fix the offset of register error log crypto: mxs-dcp - Check for DMA mapping errors power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() udf: Check LVID earlier isofs: joliet: Fix iocharset=utf8 mount option nvme-rdma: don't update queue count when failing to set io queues power: supply: max17042_battery: fix typo in MAx17042_TOFF s390/cio: add dev_busid sysfs entry for each subchannel libata: fix ata_host_start() crypto: qat - do not ignore errors from enable_vf2pf_comms() crypto: qat - handle both source of interrupt in VF ISR crypto: qat - fix reuse of completion variable crypto: qat - fix naming for init/shutdown VF to PF notifications crypto: qat - do not export adf_iov_putmsg() udf_get_extendedattr() had no boundary checks. m68k: emu: Fix invalid free in nfeth_cleanup() spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config spi: spi-pic32: Fix issue with uninitialized dma_slave_config clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel crypto: qat - use proper type for vf_mask certs: Trigger creation of RSA module signing key if it's not an RSA key soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init media: dvb-usb: fix uninit-value in vp702x_read_mac_addr media: go7007: remove redundant initialization Bluetooth: sco: prevent information leak in sco_conn_defer_accept() tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos net: cipso: fix warnings in netlbl_cipsov4_add_std i2c: highlander: add IRQ check media: em28xx-input: fix refcount bug in em28xx_usb_disconnect PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently PCI: PM: Enable PME if it can be signaled from D3cold soc: qcom: smsm: Fix missed interrupts if state changes while masked Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 Bluetooth: fix repeated calls to sco_sock_kill drm/msm/dsi: Fix some reference counted resource leaks usb: gadget: udc: at91: add IRQ check usb: phy: fsl-usb: add IRQ check usb: phy: twl6030: add IRQ checks Bluetooth: Move shutdown callback before flushing tx and rx queue usb: host: ohci-tmio: add IRQ check usb: phy: tahvo: add IRQ check mac80211: Fix insufficient headroom issue for AMSDU usb: gadget: mv_u3d: request_irq() after initializing UDC Bluetooth: add timeout sanity check to hci_inquiry i2c: iop3xx: fix deferred probing i2c: s3c2410: fix IRQ check mmc: dw_mmc: Fix issue with uninitialized dma_slave_config mmc: moxart: Fix issue with uninitialized dma_slave_config CIFS: Fix a potencially linear read overflow i2c: mt65xx: fix IRQ check usb: ehci-orion: Handle errors of clk_prepare_enable() in probe usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available tty: serial: fsl_lpuart: fix the wrong mapbase value ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() bcma: Fix memory leak for internally-handled cores ipv4: make exception cache less predictible net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed net: qualcomm: fix QCA7000 checksum handling netns: protect netns ID lookups with RCU tty: Fix data race between tiocsti() and flush_to_ldisc() x86/resctrl: Fix a maybe-uninitialized build warning treated as error KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted IMA: remove -Wmissing-prototypes warning backlight: pwm_bl: Improve bootloader/kernel device handover clk: kirkwood: Fix a clocking boot regression fbmem: don't allow too huge resolutions rtc: tps65910: Correct driver module alias blk-zoned: allow zone management send operations without CAP_SYS_ADMIN blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN PCI/MSI: Skip masking MSI-X on Xen PV powerpc/perf/hv-gpci: Fix counter value parsing xen: fix setting of max_pfn in shared_info include/linux/list.h: add a macro to test if entry is pointing to the head 9p/xen: Fix end of loop tests for list_for_each_entry soc: aspeed: lpc-ctrl: Fix boundary check for mmap crypto: public_key: fix overflow during implicit conversion block: bfq: fix bfq_set_next_ioprio_data() power: supply: max17042: handle fails of reading status register dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() VMCI: fix NULL pointer dereference when unmapping queue pair media: uvc: don't do DMA on stack media: rc-loopback: return number of emitters rather than error libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs ARM: 9105/1: atags_to_fdt: don't warn about stack size PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure PCI: xilinx-nwl: Enable the clock through CCF PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response PCI: aardvark: Fix masking and unmasking legacy INTx interrupts HID: input: do not report stylus battery state as "full" RDMA/iwcm: Release resources if iw_cm module initialization fails docs: Fix infiniband uverbs minor number pinctrl: samsung: Fix pinctrl bank pin count vfio: Use config not menuconfig for VFIO_NOIOMMU openrisc: don't printk() unconditionally pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() scsi: qedi: Fix error codes in qedi_alloc_global_queues() MIPS: Malta: fix alignment of the devicetree buffer media: dib8000: rewrite the init prbs logic crypto: mxs-dcp - Use sg_mapping_iter to copy data PCI: Use pci_update_current_state() in pci_enable_device_flags() iio: dac: ad5624r: Fix incorrect handling of an optional regulator. ARM: dts: qcom: apq8064: correct clock names video: fbdev: kyro: fix a DoS bug by restricting user input netlink: Deal with ESRCH error in nlmsg_notify() Smack: Fix wrong semantics in smk_access_entry() usb: host: fotg210: fix the endpoint's transactional opportunities calculation usb: host: fotg210: fix the actual_length of an iso packet usb: gadget: u_ether: fix a potential null pointer dereference usb: gadget: composite: Allow bMaxPower=0 if self-powered staging: board: Fix uninitialized spinlock when attaching genpd tty: serial: jsm: hold port lock when reporting modem line changes bpf/tests: Fix copy-and-paste error in double word test bpf/tests: Do not PASS tests without actually testing the result video: fbdev: asiliantfb: Error out if 'pixclock' equals zero video: fbdev: kyro: Error out if 'pixclock' equals zero video: fbdev: riva: Error out if 'pixclock' equals zero ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() flow_dissector: Fix out-of-bounds warnings s390/jump_label: print real address in a case of a jump label bug serial: 8250: Define RX trigger levels for OxSemi 950 devices xtensa: ISS: don't panic in rs_init hvsi: don't panic on tty_register_driver failure serial: 8250_pci: make setup_port() parameters explicitly unsigned staging: ks7010: Fix the initialization of the 'sleep_status' structure ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() Bluetooth: skip invalid hci_sync_conn_complete_evt ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output media: v4l2-dv-timings.c: fix wrong condition in two for-loops arm64: dts: qcom: sdm660: use reg value for memory node net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() Bluetooth: avoid circular locks in sco_sock_connect gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() ARM: tegra: tamonten: Fix UART pad setting rpc: fix gss_svc_init cleanup on failure staging: rts5208: Fix get_ms_information() heap buffer size gfs2: Don't call dlm after protocol is unmounted mmc: sdhci-of-arasan: Check return value of non-void funtions mmc: rtsx_pci: Fix long reads when clock is prescaled selftests/bpf: Enlarge select() timeout for test_maps cifs: fix wrong release in sess_alloc_buffer() failed path Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" usb: musb: musb_dsps: request_irq() after initializing musb usbip: give back URBs for unsent unlink requests during cleanup usbip:vhci_hcd USB port can get stuck in the disabled state ASoC: rockchip: i2s: Fix regmap_ops hang ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B parport: remove non-zero check on count ath9k: fix OOB read ar9300_eeprom_restore_internal ath9k: fix sleeping in atomic context net: fix NULL pointer reference in cipso_v4_doi_free net: w5100: check return value after calling platform_get_resource() parisc: fix crash with signals and alloca scsi: BusLogic: Fix missing pr_cont() use scsi: qla2xxx: Sync queue idx with queue_pair_map idx cpufreq: powernv: Fix init_chip_info initialization in numa=off mm/hugetlb: initialize hugetlb_usage in mm_init memcg: enable accounting for pids in nested pid namespaces platform/chrome: cros_ec_proto: Send command again when timeout occurs xen: reset legacy rtc flag for PV domU bnx2x: Fix enabling network interfaces without VFs PM: base: power: don't try to use non-existing RTC for storing data x86/mm: Fix kern_addr_valid() to cope with existing but not present entries net-caif: avoid user-triggerable WARN_ON(1) ptp: dp83640: don't define PAGE0 dccp: don't duplicate ccid when cloning dccp sock net/l2tp: Fix reference count leak in l2tp_udp_recv_core r6040: Restore MDIO clock frequency after MAC reset tipc: increase timeout in tipc_sk_enqueue() events: Reuse value read using READ_ONCE instead of re-reading it net/af_unix: fix a data-race in unix_dgram_poll tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation mfd: Don't use irq_create_mapping() to resolve a mapping PCI: Add ACS quirks for Cavium multi-function devices net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 ethtool: Fix an error code in cxgb2.c PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' ARC: export clear_user_page() for modules net: dsa: b53: Fix calculating number of switch ports netfilter: socket: icmp6: fix use-after-scope qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom net: renesas: sh_eth: Fix freeing wrong tx descriptor s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant Linux 4.14.247 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: If4d48fb4bfd873036c9584406e8cf4ebbdb8a655 |
||
|
Theodore Ts'o
|
9569234645 |
ext4: fix race writing to an inline_data file while its xattrs are changing
commit a54c4613dac1500b40e4ab55199f7c51f028e848 upstream.
The location of the system.data extended attribute can change whenever
xattr_sem is not taken. So we need to recalculate the i_inline_off
field since it mgiht have changed between ext4_write_begin() and
ext4_write_end().
This means that caching i_inline_off is probably not helpful, so in
the long run we should probably get rid of it and shrink the in-memory
ext4 inode slightly, but let's fix the race the simple way for now.
Cc: stable@kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
76cc1c09f4 |
Merge 4.14.207 into android-4.14-stable
Changes in 4.14.207
regulator: defer probe when trying to get voltage from unresolved supply
ring-buffer: Fix recursion protection transitions between interrupt context
mm: mempolicy: fix potential pte_unmap_unlock pte error
time: Prevent undefined behaviour in timespec64_to_ns()
nbd: don't update block size after device is started
btrfs: sysfs: init devices outside of the chunk_mutex
btrfs: reschedule when cloning lots of extents
genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
hv_balloon: disable warning when floor reached
net: xfrm: fix a race condition during allocing spi
perf tools: Add missing swap for ino_generation
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
can: rx-offload: don't call kfree_skb() from IRQ context
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
can: peak_usb: add range checking in decode operations
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on
xfs: flush new eof page on truncate to avoid post-eof corruption
Btrfs: fix missing error return if writeback for extent buffer never started
ath9k_htc: Use appropriate rs_datalen type
usb: gadget: goku_udc: fix potential crashes in probe
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
gfs2: Add missing truncate_inode_pages_final for sd_aspace
gfs2: check for live vs. read-only file system in gfs2_fitrim
scsi: hpsa: Fix memory leak in hpsa_init_one()
drm/amdgpu: perform srbm soft reset always on SDMA resume
mac80211: fix use of skb payload instead of header
cfg80211: regulatory: Fix inconsistent format argument
scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
iommu/amd: Increase interrupt remapping table limit to 512 entries
pinctrl: intel: Set default bias in case no particular value given
ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template
pinctrl: aspeed: Fix GPI only function problem.
nbd: fix a block_device refcount leak in nbd_release
xfs: fix flags argument to rmap lookup when converting shared file rmaps
xfs: fix rmap key and record comparison functions
xfs: fix a missing unlock on error in xfs_fs_map_blocks
of/address: Fix of_node memory leak in of_dma_is_coherent
cosa: Add missing kfree in error path of cosa_write
perf: Fix get_recursion_context()
ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
uio: Fix use-after-free in uio_unregister_device()
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
mei: protect mei_cl_mtu from null dereference
futex: Don't enable IRQs unconditionally in put_pi_state()
ocfs2: initialize ip_next_orphan
selinux: Fix error return code in sel_ib_pkey_sid_slow()
don't dump the threads that had been already exiting when zapped.
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
pinctrl: amd: use higher precision for 512 RtcClk
pinctrl: amd: fix incorrect way to disable debounce filter
swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
IPv6: Set SIT tunnel hard_header_len to zero
net/af_iucv: fix null pointer dereference on shutdown
net/x25: Fix null-ptr-deref in x25_connect
vrf: Fix fast path output packet handling with async Netfilter rules
r8169: fix potential skb double free in an error path
net: Update window_clamp if SOCK_RCVBUF is set
random32: make prandom_u32() output unpredictable
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
perf/core: Fix bad use of igrab()
perf/core: Fix crash when using HW tracing kernel filters
perf/core: Fix a memory leak in perf_event_parse_addr_filter()
xen/events: avoid removing an event channel while handling it
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a new "late EOI" evtchn framework
xen/blkback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/pvcallsback: use lateeoi irq binding
xen/pciback: use lateeoi irq binding
xen/events: switch user event channels to lateeoi model
xen/events: use a common cpu hotplug hook for event channels
xen/events: defer eoi in case of excessive number of events
xen/events: block rogue events for some time
perf/core: Fix race in the perf_mmap_close() function
Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
reboot: fix overflow parsing reboot cpu number
Convert trailing spaces and periods in path components
mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
Linux 4.14.207
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id9671f12372dd8919395ce4f175ce1a5a06ef68f
|
||
|
Joseph Qi
|
e088e703db |
ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
commit 7067b2619017d51e71686ca9756b454de0e5826a upstream.
It takes xattr_sem to check inline data again but without unlock it
in case not have. So unlock it before return.
Fixes:
|
||
|
Daniel Rosenberg
|
b10c4acd41 |
ANDROID: ext4: Handle casefolding with encryption
This adds support for encryption with casefolding. Since the name on disk is case preserving, and also encrypted, we can no longer just recompute the hash on the fly. Additionally, to avoid leaking extra information from the hash of the unencrypted name, we use siphash via an fscrypt v2 policy. The hash is stored at the end of the directory entry for all entries inside of an encrypted and casefolded directory apart from those that deal with '.' and '..'. This way, the change is backwards compatible with existing ext4 filesystems. Signed-off-by: Daniel Rosenberg <drosen@google.com> Test: Boots, /data/media is case insensitive Bug: 138322712 Change-Id: I07354e3129aa07d309fbe36c002fee1af718f348 |
||
|
Greg Kroah-Hartman
|
509b38045c |
Merge 4.14.168 into android-4.14
Changes in 4.14.168
xfs: Sanity check flags of Q_XQUOTARM call
mfd: intel-lpss: Add default I2C device properties for Gemini Lake
powerpc/archrandom: fix arch_get_random_seed_int()
tipc: fix wrong timeout input for tipc_wait_for_cond()
mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
crypto: sun4i-ss - fix big endian issues
drm/sti: do not remove the drm_bridge that was never added
drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
ALSA: hda: fix unused variable warning
apparmor: don't try to replace stale label in ptrace access check
PCI: iproc: Remove PAXC slot check to allow VF support
drm/hisilicon: hibmc: Don't overwrite fb helper surface depth
IB/rxe: replace kvfree with vfree
IB/hfi1: Add mtu check for operational data VLs
ALSA: usb-audio: update quirk for B&W PX to remove microphone
staging: comedi: ni_mio_common: protect register write overflow
pwm: lpss: Release runtime-pm reference from the driver's remove callback
drm/sun4i: hdmi: Fix double flag assignation
mlxsw: reg: QEEC: Add minimum shaper fields
NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks
pcrypt: use format specifier in kobject_add
exportfs: fix 'passing zero to ERR_PTR()' warning
drm/dp_mst: Skip validating ports during destruction, just ref
net: phy: Fix not to call phy_resume() if PHY is not attached
IB/rxe: Fix incorrect cache cleanup in error flow
staging: bcm2835-camera: Abort probe if there is no camera
switchtec: Remove immediate status check after submitting MRPC command
pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
pinctrl: sh-pfc: r8a77995: Remove bogus SEL_PWM[0-3]_3 configurations
pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
vxlan: changelink: Fix handling of default remotes
Input: nomadik-ske-keypad - fix a loop timeout test
clk: highbank: fix refcount leak in hb_clk_init()
clk: qoriq: fix refcount leak in clockgen_init()
clk: socfpga: fix refcount leak
clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
clk: imx6q: fix refcount leak in imx6q_clocks_init()
clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
clk: imx7d: fix refcount leak in imx7d_clocks_init()
clk: vf610: fix refcount leak in vf610_clocks_init()
clk: armada-370: fix refcount leak in a370_clk_init()
clk: kirkwood: fix refcount leak in kirkwood_clk_init()
clk: armada-xp: fix refcount leak in axp_clk_init()
clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init()
clk: dove: fix refcount leak in dove_clk_init()
MIPS: BCM63XX: drop unused and broken DSP platform device
IB/usnic: Fix out of bounds index check in query pkey
RDMA/ocrdma: Fix out of bounds index check in query pkey
RDMA/qedr: Fix out of bounds index check in query pkey
drm/shmob: Fix return value check in shmob_drm_probe
arm64: dts: apq8016-sbc: Increase load on l11 for SDCARD
spi: cadence: Correct initialisation of runtime PM
RDMA/iw_cxgb4: Fix the unchecked ep dereference
drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump()
media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL
kbuild: mark prepare0 as PHONY to fix external module build
crypto: brcm - Fix some set-but-not-used warning
crypto: tgr192 - fix unaligned memory access
ASoC: imx-sgtl5000: put of nodes if finding codec fails
IB/iser: Pass the correct number of entries for dma mapped SGL
rtc: cmos: ignore bogus century byte
spi/topcliff_pch: Fix potential NULL dereference on allocation error
clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it
iwlwifi: mvm: avoid possible access out of array.
net/mlx5: Take lock with IRQs disabled to avoid deadlock
iwlwifi: mvm: fix A-MPDU reference assignment
tty: ipwireless: Fix potential NULL pointer dereference
driver: uio: fix possible memory leak in __uio_register_device
driver: uio: fix possible use-after-free in __uio_register_device
crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments
driver core: Do not resume suppliers under device_links_write_lock()
ARM: dts: lpc32xx: add required clocks property to keypad device node
ARM: dts: lpc32xx: reparent keypad controller to SIC1
ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller variant
ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller clocks property
ARM: dts: lpc32xx: phy3250: fix SD card regulator voltage
iwlwifi: mvm: fix RSS config command
staging: most: cdev: add missing check for cdev_add failure
rtc: ds1672: fix unintended sign extension
thermal: mediatek: fix register index error
net: phy: fixed_phy: Fix fixed_phy not checking GPIO
rtc: ds1307: rx8130: Fix alarm handling
rtc: 88pm860x: fix unintended sign extension
rtc: 88pm80x: fix unintended sign extension
rtc: pm8xxx: fix unintended sign extension
fbdev: chipsfb: remove set but not used variable 'size'
iw_cxgb4: use tos when importing the endpoint
iw_cxgb4: use tos when finding ipv6 routes
drm/etnaviv: potential NULL dereference
pinctrl: sh-pfc: emev2: Add missing pinmux functions
pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group
pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
PCI: endpoint: functions: Use memcpy_fromio()/memcpy_toio()
usb: phy: twl6030-usb: fix possible use-after-free on remove
block: don't use bio->bi_vcnt to figure out segment number
keys: Timestamp new keys
vfio_pci: Enable memory accesses before calling pci_map_rom
hwmon: (pmbus/tps53679) Fix driver info initialization in probe routine
KVM: PPC: Release all hardware TCE tables attached to a group
staging: r8822be: check kzalloc return or bail
dmaengine: mv_xor: Use correct device for DMA API
cdc-wdm: pass return value of recover_from_urb_loss
regulator: pv88060: Fix array out-of-bounds access
regulator: pv88080: Fix array out-of-bounds access
regulator: pv88090: Fix array out-of-bounds access
net: dsa: qca8k: Enable delay for RGMII_ID mode
drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
drm/nouveau/pmu: don't print reply values if exec is false
ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
fs/nfs: Fix nfs_parse_devname to not modify it's argument
staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx
powerpc/64s: Fix logic when handling unknown CPU features
NFS: Fix a soft lockup in the delegation recovery code
clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
clocksource/drivers/exynos_mct: Fix error path in timer resources initialization
platform/x86: wmi: fix potential null pointer dereference
NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount
mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe
ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
ARM: 8848/1: virt: Align GIC version check with arm64 counterpart
regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
netfilter: nft_set_hash: fix lookups with fixed size hash on big endian
NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE()
net: aquantia: fixed instack structure overflow
powerpc/mm: Check secondary hash page table
nios2: ksyms: Add missing symbol exports
x86/mm: Remove unused variable 'cpu'
scsi: megaraid_sas: reduce module load time
drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
xen, cpu_hotplug: Prevent an out of bounds access
net: sh_eth: fix a missing check of of_get_phy_mode
regulator: lp87565: Fix missing register for LP87565_BUCK_0
media: ivtv: update *pos correctly in ivtv_read_pos()
media: cx18: update *pos correctly in cx18_read_pos()
media: wl128x: Fix an error code in fm_download_firmware()
media: cx23885: check allocation return
regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB
jfs: fix bogus variable self-initialization
tipc: tipc clang warning
m68k: mac: Fix VIA timer counter accesses
arm64: dts: allwinner: a64: Add missing PIO clocks
ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
media: davinci-isif: avoid uninitialized variable use
media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
spi: tegra114: clear packed bit for unpacked mode
spi: tegra114: fix for unpacked mode transfers
spi: tegra114: terminate dma and reset on transfer timeout
spi: tegra114: flush fifos
spi: tegra114: configure dma burst size to fifo trig level
soc/fsl/qe: Fix an error code in qe_pin_request()
spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
ehea: Fix a copy-paste err in ehea_init_port_res
scsi: qla2xxx: Unregister chrdev if module initialization fails
scsi: target/core: Fix a race condition in the LUN lookup code
ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
net: hns3: fix for vport->bw_limit overflow problem
hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
tipc: set sysctl_tipc_rmem and named_timeout right range
selftests/ipc: Fix msgque compiler warnings
powerpc: vdso: Make vdso32 installation conditional in vdso_install
ARM: dts: ls1021: Fix SGMII PCS link remaining down after PHY disconnect
media: ov2659: fix unbalanced mutex_lock/unlock
6lowpan: Off by one handling ->nexthdr
dmaengine: axi-dmac: Don't check the number of frames for alignment
ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
NFS: Don't interrupt file writeout due to fatal errors
irqchip/gic-v3-its: fix some definitions of inner cacheability attributes
scsi: qla2xxx: Fix a format specifier
scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory
packet: in recvmsg msg_name return at least sizeof sockaddr_ll
ASoC: fix valid stream condition
usb: gadget: fsl: fix link error against usb-gadget module
dwc2: gadget: Fix completed transfer size calculation in DDMA
IB/mlx5: Add missing XRC options to QP optional params mask
iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry
net: ena: fix: Free napi resources when ena_up() fails
net: ena: fix incorrect test of supported hash function
net: ena: fix ena_com_fill_hash_function() implementation
dmaengine: tegra210-adma: restore channel status
mmc: core: fix possible use after free of host
lightnvm: pblk: fix lock order in pblk_rb_tear_down_check
afs: Fix the afs.cell and afs.volume xattr handlers
vfio/mdev: Avoid release parent reference during error path
vfio/mdev: Fix aborting mdev child device removal if one fails
l2tp: Fix possible NULL pointer dereference
media: omap_vout: potential buffer overflow in vidioc_dqbuf()
media: davinci/vpbe: array underflow in vpbe_enum_outputs()
platform/x86: alienware-wmi: printing the wrong error code
crypto: caam - fix caam_dump_sg that iterates through scatterlist
netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
pwm: meson: Consider 128 a valid pre-divider
pwm: meson: Don't disable PWM when setting duty repeatedly
ARM: riscpc: fix lack of keyboard interrupts after irq conversion
kdb: do a sanity check on the cpu in kdb_per_cpu()
backlight: lm3630a: Return 0 on success in update_status functions
thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
EDAC/mc: Fix edac_mc_find() in case no device is found
ARM: dts: sun8i-h3: Fix wifi in Beelink X2 DT
dmaengine: tegra210-adma: Fix crash during probe
arm64: dts: meson: libretech-cc: set eMMC as removable
RDMA/qedr: Fix incorrect device rate.
spi: spi-fsl-spi: call spi_finalize_current_message() at the end
crypto: ccp - fix AES CFB error exposed by new test vectors
crypto: ccp - Fix 3DES complaint from ccp-crypto module
serial: stm32: fix rx error handling
serial: stm32: fix transmit_chars when tx is stopped
serial: stm32: Add support of TC bit status check
serial: stm32: fix wakeup source initialization
misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
iommu: Use right function to get group for device
signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
netvsc: unshare skb in VF rx handler
cpufreq: brcmstb-avs-cpufreq: Fix initial command check
cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency
media: vivid: fix incorrect assignment operation when setting video mode
mpls: fix warning with multi-label encap
iommu/vt-d: Duplicate iommu_resv_region objects per device list
qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state
powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
drm/msm/mdp5: Fix mdp5_cfg_init error return
net: netem: fix backlog accounting for corrupted GSO frames
net/af_iucv: always register net_device notifier
ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
rtc: pcf8563: Fix interrupt trigger method
rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
drm/msm/a3xx: remove TPL1 regs from snapshot
perf/ioctl: Add check for the sample_period value
dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width"
clk: qcom: Fix -Wunused-const-variable
nvmem: imx-ocotp: Ensure WAIT bits are preserved when setting timing
bnxt_en: Fix ethtool selftest crash under error conditions.
iommu/amd: Make iommu_disable safer
mfd: intel-lpss: Release IDA resources
rxrpc: Fix uninitialized error code in rxrpc_send_data_packet()
devres: allow const resource arguments
RDMA/hns: Fixs hw access invalid dma memory error
net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
scsi: libfc: fix null pointer dereference on a null lport
clk: sunxi-ng: v3s: add the missing PLL_DDR1
PM: sleep: Fix possible overflow in pm_system_cancel_wakeup()
libertas_tf: Use correct channel range in lbtf_geo_init
qed: reduce maximum stack frame size
usb: host: xhci-hub: fix extra endianness conversion
mic: avoid statically declaring a 'struct device'.
x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
crypto: ccp - Reduce maximum stack usage
ALSA: aoa: onyx: always initialize register read value
tipc: reduce risk of wakeup queue starvation
ARM: dts: stm32: add missing vdda-supply to adc on stm32h743i-eval
net/mlx5: Fix mlx5_ifc_query_lag_out_bits
cifs: fix rmmod regression in cifs.ko caused by force_sig changes
crypto: caam - free resources in case caam_rng registration failed
ext4: set error return correctly when ext4_htree_store_dirent fails
ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
net/rds: Add a few missing rds_stat_names entries
bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
signal: Allow cifs and drbd to receive their terminating signals
ASoC: sun4i-i2s: RX and TX counter registers are swapped
dmaengine: dw: platform: Switch to acpi_dma_controller_register()
mac80211: minstrel_ht: fix per-group max throughput rate initialization
media: atmel: atmel-isi: fix timeout value for stop streaming
rtc: pcf2127: bugfix: read rtc disables watchdog
mips: avoid explicit UB in assignment of mips_io_port_base
iommu/mediatek: Fix iova_to_phys PA start for 4GB mode
ahci: Do not export local variable ahci_em_messages
Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
hwmon: (lm75) Fix write operations for negative temperatures
power: supply: Init device wakeup after device_add()
x86, perf: Fix the dependency of the x86 insn decoder selftest
staging: greybus: light: fix a couple double frees
irqdomain: Add the missing assignment of domain->fwnode for named fwnode
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
iio: dac: ad5380: fix incorrect assignment to val
ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs
net: sonic: return NETDEV_TX_OK if failed to map buffer
scsi: fnic: fix msix interrupt allocation
Btrfs: fix hang when loading existing inode cache off disk
Btrfs: fix inode cache waiters hanging on failure to start caching thread
Btrfs: fix inode cache waiters hanging on path allocation failure
btrfs: use correct count in btrfs_file_write_iter()
ixgbe: sync the first fragment unconditionally
hwmon: (shtc1) fix shtc1 and shtw1 id mask
net: sonic: replace dev_kfree_skb in sonic_send_packet
pinctrl: iproc-gpio: Fix incorrect pinconf configurations
ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet
RDMA/cma: Fix false error message
net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
iommu/amd: Wait for completion of IOTLB flush in attach_device
net: aquantia: Fix aq_vec_isr_legacy() return value
net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
net: stmmac: dwmac-meson8b: Fix signedness bug in probe
net: axienet: fix a signedness bug in probe
of: mdio: Fix a signedness bug in of_phy_get_and_connect()
net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
nvme: retain split access workaround for capability reads
net: stmmac: gmac4+: Not all Unicast addresses may be available
mac80211: accept deauth frames in IBSS mode
llc: fix another potential sk_buff leak in llc_ui_sendmsg()
llc: fix sk_buff refcounting in llc_conn_state_process()
net: stmmac: fix length of PTP clock's name string
act_mirred: Fix mirred_init_module error handling
net: avoid possible false sharing in sk_leave_memory_pressure()
net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head
tcp: annotate lockless access to tcp_memory_pressure
drm/msm/dsi: Implement reset correctly
dmaengine: imx-sdma: fix size check for sdma script_number
net: netem: fix error path for corrupted GSO frames
net: netem: correct the parent's backlog when corrupted packet was dropped
net: qca_spi: Move reset_count to struct qcaspi
afs: Fix large file support
MIPS: Loongson: Fix return value of loongson_hwmon_init
hv_netvsc: flag software created hash value
net: neigh: use long type to store jiffies delta
packet: fix data-race in fanout_flow_is_huge()
mmc: sdio: fix wl1251 vendor id
mmc: core: fix wl1251 sdio quirks
affs: fix a memory leak in affs_remount
dmaengine: ti: edma: fix missed failure handling
drm/radeon: fix bad DMA from INTERRUPT_CNTL2
arm64: dts: juno: Fix UART frequency
IB/iser: Fix dma_nents type definition
serial: stm32: fix clearing interrupt error flags
m68k: Call timer_interrupt() with interrupts disabled
Linux 4.14.168
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I3eeaa348e8e99998356d27c99d06dcb38e48e7d5
|
||
|
Colin Ian King
|
25f9e3e502 |
ext4: set error return correctly when ext4_htree_store_dirent fails
[ Upstream commit 7a14826ede1d714f0bb56de8167c0e519041eeda ]
Currently when the call to ext4_htree_store_dirent fails the error return
variable 'ret' is is not being set to the error code and variable count is
instead, hence the error code is not being returned. Fix this by assigning
ret to the error return code.
Addresses-Coverity: ("Unused value")
Fixes:
|
||
|
Jaegeuk Kim
|
791557a04a |
Merge remote-tracking branch 'origin/upstream-f2fs-stable-linux-4.14.y' into android-4.14
* origin/upstream-f2fs-stable-linux-4.14.y:
ext4: add verity flag check for dax
f2fs: add a condition to detect overflow in f2fs_ioc_gc_range()
f2fs: fix to add missing F2FS_IO_ALIGNED() condition
f2fs: fix to fallback to buffered IO in IO aligned mode
f2fs: fix to handle error path correctly in f2fs_map_blocks
f2fs: fix extent corrupotion during directIO in LFS mode
f2fs: check all the data segments against all node ones
f2fs: Add a small clarification to CONFIG_FS_F2FS_FS_SECURITY
f2fs: fix inode rwsem regression
f2fs: fix to avoid accessing uninitialized field of inode page in is_alive()
f2fs: avoid infinite GC loop due to stale atomic files
f2fs: Fix indefinite loop in f2fs_gc()
f2fs: convert inline_data in prior to i_size_write
f2fs: fix error path of f2fs_convert_inline_page()
f2fs: add missing documents of reserve_root/resuid/resgid
f2fs: fix flushing node pages when checkpoint is disabled
f2fs: enhance f2fs_is_checkpoint_ready()'s readability
f2fs: clean up __bio_alloc()'s parameter
f2fs: fix wrong error injection path in inc_valid_block_count()
f2fs: fix to writeout dirty inode during node flush
f2fs: optimize case-insensitive lookups
f2fs: introduce f2fs_match_name() for cleanup
f2fs: Fix indefinite loop in f2fs_gc()
f2fs: allocate memory in batch in build_sit_info()
f2fs: fix to avoid data corruption by forbidding SSR overwrite
f2fs: Fix build error while CONFIG_NLS=m
Revert "f2fs: avoid out-of-range memory access"
f2fs: cleanup the code in build_sit_entries.
f2fs: fix wrong available node count calculation
f2fs: remove duplicate code in f2fs_file_write_iter
f2fs: fix to migrate blocks correctly during defragment
f2fs: use wrapped f2fs_cp_error()
f2fs: fix to use more generic EOPNOTSUPP
f2fs: use wrapped IS_SWAPFILE()
f2fs: Support case-insensitive file name lookups
f2fs: include charset encoding information in the superblock
fs: Reserve flag for casefolding
f2fs: fix to avoid call kvfree under spinlock
fs: f2fs: Remove unnecessary checks of SM_I(sbi) in update_general_status()
f2fs: disallow direct IO in atomic write
f2fs: fix to handle quota_{on,off} correctly
f2fs: fix to detect cp error in f2fs_setxattr()
f2fs: fix to spread f2fs_is_checkpoint_ready()
f2fs: support fiemap() for directory inode
f2fs: fix to avoid discard command leak
f2fs: fix to avoid tagging SBI_QUOTA_NEED_REPAIR incorrectly
f2fs: fix to drop meta/node pages during umount
f2fs: disallow switching io_bits option during remount
f2fs: fix panic of IO alignment feature
f2fs: introduce {page,io}_is_mergeable() for readability
f2fs: fix livelock in swapfile writes
f2fs: add fs-verity support
ext4: update on-disk format documentation for fs-verity
ext4: add fs-verity read support
ext4: add basic fs-verity support
fs-verity: support builtin file signatures
fs-verity: add SHA-512 support
fs-verity: implement FS_IOC_MEASURE_VERITY ioctl
fs-verity: implement FS_IOC_ENABLE_VERITY ioctl
fs-verity: add data verification hooks for ->readpages()
fs-verity: add the hook for file ->setattr()
fs-verity: add the hook for file ->open()
fs-verity: add inode and superblock fields
fs-verity: add Kconfig and the helper functions for hashing
fs: uapi: define verity bit for FS_IOC_GETFLAGS
fs-verity: add UAPI header
fs-verity: add MAINTAINERS file entry
fs-verity: add a documentation file
ext4: fix kernel oops caused by spurious casefold flag
ext4: fix coverity warning on error path of filename setup
ext4: optimize case-insensitive lookups
ext4: fix dcache lookup of !casefolded directories
unicode: update to Unicode 12.1.0 final
unicode: add missing check for an error return from utf8lookup()
ext4: export /sys/fs/ext4/feature/casefold if Unicode support is present
unicode: refactor the rule for regenerating utf8data.h
ext4: Support case-insensitive file name lookups
ext4: include charset encoding information in the superblock
unicode: update unicode database unicode version 12.1.0
unicode: introduce test module for normalized utf8 implementation
unicode: implement higher level API for string handling
unicode: reduce the size of utf8data[]
unicode: introduce code for UTF-8 normalization
unicode: introduce UTF-8 character database
ext4 crypto: fix to check feature status before get policy
fscrypt: document the new ioctls and policy version
ubifs: wire up new fscrypt ioctls
f2fs: wire up new fscrypt ioctls
ext4: wire up new fscrypt ioctls
fscrypt: require that key be added when setting a v2 encryption policy
fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl
fscrypt: allow unprivileged users to add/remove keys for v2 policies
fscrypt: v2 encryption policy support
fscrypt: add an HKDF-SHA512 implementation
fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl
fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl
fscrypt: rename keyinfo.c to keysetup.c
fscrypt: move v1 policy key setup to keysetup_v1.c
fscrypt: refactor key setup code in preparation for v2 policies
fscrypt: rename fscrypt_master_key to fscrypt_direct_key
fscrypt: add ->ci_inode to fscrypt_info
fscrypt: use FSCRYPT_* definitions, not FS_*
fscrypt: use FSCRYPT_ prefix for uapi constants
fs, fscrypt: move uapi definitions to new header <linux/fscrypt.h>
fscrypt: use ENOPKG when crypto API support missing
fscrypt: improve warnings for missing crypto API support
fscrypt: improve warning messages for unsupported encryption contexts
fscrypt: make fscrypt_msg() take inode instead of super_block
fscrypt: clean up base64 encoding/decoding
fscrypt: remove loadable module related code
Conflicts:
fs/ext4/inode.c
fs/ext4/ioctl.c
fs/ext4/readpage.c
Bug: 141329812
Change-Id: I7b5c255d3766b8c66b7802f5b4c6aabe2b834f65
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
|
||
|
Gabriel Krisman Bertazi
|
b8a0a7b192 |
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||
|
Greg Kroah-Hartman
|
42506d99b8 |
Merge 4.14.94 into android-4.14
Changes in 4.14.94 x86,kvm: move qemu/guest FPU switching out to vcpu_run x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE ALSA: hda/realtek - Support Dell headset mode for New AIO platform ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 CIFS: Fix adjustment of credits for MTU requests CIFS: Do not hide EINTR after sending network packets cifs: Fix potential OOB access of lock element array usb: cdc-acm: send ZLP for Telit 3G Intel based modems USB: storage: don't insert sane sense for SPC3+ when bad sense specified USB: storage: add quirk for SMI SM3350 USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB slab: alien caches must not be initialized if the allocation of the alien cache failed mm: page_mapped: don't assume compound page is huge or THP mm, memcg: fix reclaim deadlock with writeback ACPI: power: Skip duplicate power resource references in _PRx ACPI / PMIC: xpower: Fix TS-pin current-source handling i2c: dev: prevent adapter retries and timeout being set as minus value drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set ext4: make sure enough credits are reserved for dioread_nolock writes ext4: fix a potential fiemap/page fault deadlock w/ inline_data ext4: avoid kernel warning when writing the superblock to a dead device ext4: use ext4_write_inode() when fsyncing w/o a journal ext4: track writeback errors using the generic tracking infrastructure sunrpc: use-after-free in svc_process_common() KVM: arm/arm64: Fix VMID alloc race by reverting to lock-less Linux 4.14.94 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Theodore Ts'o
|
b4727299f5 |
ext4: fix a potential fiemap/page fault deadlock w/ inline_data
commit 2b08b1f12cd664dc7d5c84ead9ff25ae97ad5491 upstream. The ext4_inline_data_fiemap() function calls fiemap_fill_next_extent() while still holding the xattr semaphore. This is not necessary and it triggers a circular lockdep warning. This is because fiemap_fill_next_extent() could trigger a page fault when it writes into page which triggers a page fault. If that page is mmaped from the inline file in question, this could very well result in a deadlock. This problem can be reproduced using generic/519 with a file system configuration which has the inline_data feature enabled. Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
2aee898fff |
Merge 4.14.92 into android-4.14
Changes in 4.14.92 ipv4: Fix potential Spectre v1 vulnerability ip6mr: Fix potential Spectre v1 vulnerability ax25: fix a use-after-free in ax25_fillin_cb() gro_cell: add napi_disable in gro_cells_destroy ibmveth: fix DMA unmap error in ibmveth_xmit_start error path ieee802154: lowpan_header_create check must check daddr ipv6: explicitly initialize udp6_addr in udp_sock_create6() ipv6: tunnels: fix two use-after-free isdn: fix kernel-infoleak in capi_unlocked_ioctl net: ipv4: do not handle duplicate fragments as overlapping net: macb: restart tx after tx used bit read net: phy: Fix the issue that netif always links up after resuming netrom: fix locking in nr_find_socket() net/wan: fix a double free in x25_asy_open_tty() packet: validate address length packet: validate address length if non-zero ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() qmi_wwan: Added support for Telit LN940 series sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event tcp: fix a race in inet_diag_dump_icsk() tipc: fix a double kfree_skb() vhost: make sure used idx is seen before log in vhost_add_used_n() VSOCK: Send reset control packet when socket is partially bound xen/netfront: tolerate frags with no data net/mlx5: Typo fix in del_sw_hw_rule net/mlx5e: RX, Fix wrong early return in receive queue poll mlxsw: core: Increase timeout during firmware flash process net/mlx5e: Remove the false indication of software timestamping support tipc: use lock_sock() in tipc_sk_reinit() tipc: compare remote and local protocols in tipc_udp_enable() qmi_wwan: Added support for Fibocom NL668 series qmi_wwan: Add support for Fibocom NL678 series net/smc: fix TCP fallback socket release sock: Make sock->sk_stamp thread-safe IB/hfi1: Incorrect sizing of sge for PIO will OOPs ALSA: rme9652: Fix potential Spectre v1 vulnerability ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities ALSA: pcm: Fix potential Spectre v1 vulnerability ALSA: emux: Fix potential Spectre v1 vulnerabilities mtd: atmel-quadspi: disallow building on ebsa110 ALSA: hda: add mute LED support for HP EliteBook 840 G4 ALSA: fireface: fix for state to fetch PCM frames ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint ALSA: firewire-lib: use the same print format for 'without_header' tracepoints ALSA: hda/tegra: clear pending irq handlers USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays USB: serial: option: add Fibocom NL678 series usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() staging: wilc1000: fix missing read_write setting when reading data qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID s390/pci: fix sleeping in atomic during hotplug Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup KVM: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails platform-msi: Free descriptors in platform_msi_domain_free() perf pmu: Suppress potential format-truncation warning ext4: add ext4_sb_bread() to disambiguate ENOMEM cases ext4: fix possible use after free in ext4_quota_enable ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() ext4: fix EXT4_IOC_GROUP_ADD ioctl ext4: include terminating u32 in size of xattr entries when expanding inodes ext4: force inode writes when nfsd calls commit_metadata() ext4: check for shutdown and r/o file system in ext4_write_inode() spi: bcm2835: Fix race on DMA termination spi: bcm2835: Fix book-keeping of DMA termination spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode clk: rockchip: fix typo in rk3188 spdif_frac parent crypto: cavium/nitrox - fix a DMA pool free failure cgroup: fix CSS_TASK_ITER_PROCS cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader. Btrfs: fix fsync of files with multiple hard links in new directories netfilter: xt_connlimit: don't store address in the conn nodes netfilter: nf_conncount: expose connection list interface netfilter: nf_conncount: Fix garbage collection with zones netfilter: nf_conncount: fix garbage collection confirm race netfilter: nf_conncount: don't skip eviction when age is negative f2fs: fix validation of the block count in sanity_check_raw_super serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly media: vivid: free bitmap_cap when updating std/timings/etc. media: v4l2-tpg: array index could become negative MIPS: math-emu: Write-protect delay slot emulation pages MIPS: c-r4k: Add r4k_blast_scache_node for Loongson-3 MIPS: Ensure pmd_present() returns false after pmd_mknotpresent() MIPS: Align kernel load address to 64KB MIPS: Expand MIPS32 ASIDs to 64 bits MIPS: OCTEON: mark RGMII interface disabled on OCTEON III CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs rtc: m41t80: Correct alarm month range with RTC reads tpm: tpm_try_transmit() refactor error flow. tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x spi: bcm2835: Unbreak the build of esoteric configs MIPS: Only include mmzone.h when CONFIG_NEED_MULTIPLE_NODES=y Linux 4.14.92 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Maurizio Lombardi
|
92bb9b067b |
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
commit 132d00becb31e88469334e1e62751c81345280e0 upstream.
In case of error, ext4_try_to_write_inline_data() should unlock
and release the page it holds.
Fixes:
|
||
|
Greg Kroah-Hartman
|
4e76528bd4 |
Merge 4.14.81 into android-4.14
Changes in 4.14.81
mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB
spi: bcm-qspi: switch back to reading flash using smaller chunks
bcache: trace missed reading by cache_missed
bcache: fix miss key refill->end in writeback
hwmon: (pmbus) Fix page count auto-detection.
jffs2: free jffs2_sb_info through jffs2_kill_sb()
cpufreq: conservative: Take limits changes into account properly
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
ipmi: Fix timer race with module unload
parisc: Fix address in HPMC IVA
parisc: Fix map_pages() to not overwrite existing pte entries
parisc: Fix exported address of os_hpmc handler
ALSA: hda - Add quirk for ASUS G751 laptop
ALSA: hda - Fix headphone pin config for ASUS G751
ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
x86/xen: Fix boot loader version reported for PVH guests
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
x86/mm/pat: Disable preemption around __flush_tlb_all()
x86/speculation: Support Enhanced IBRS on future CPUs
ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen
bpf: do not blindly change rlimit in reuseport net selftest
Revert "perf tools: Fix PMU term format max value calculation"
xfrm: policy: use hlist rcu variants on insert
perf vendor events intel: Fix wrong filter_band* values for uncore events
sparc: Fix single-pcr perf event counter management.
sparc: Throttle perf events properly.
sparc64: Make proc_id signed.
sched/fair: Fix the min_vruntime update logic in dequeue_entity()
perf tools: Fix use of alternatives to find JDIR
perf cpu_map: Align cpu map synthesized events properly.
x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
net: qla3xxx: Remove overflowing shift statement
selftests: ftrace: Add synthetic event syntax testcase
i2c: rcar: cleanup DMA for all kinds of failure
locking/lockdep: Fix debug_locks off performance problem
ataflop: fix error handling during setup
swim: fix cleanup on setup error
nfp: devlink port split support for 1x100G CXP NIC
tun: Consistently configure generic netdev params via rtnetlink
s390/sthyi: Fix machine name validity indication
hwmon: (pwm-fan) Set fan speed to 0 on suspend
lightnvm: pblk: fix two sleep-in-atomic-context bugs
spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare}
perf tools: Free temporary 'sys' string in read_event_files()
perf tools: Cleanup trace-event-info 'tdata' leak
perf strbuf: Match va_{add,copy} with va_end
cpupower: Fix coredump on VMWare
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
iwlwifi: pcie: avoid empty free RB queue
iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface
x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC
ACPI / processor: Fix the return value of acpi_processor_ids_walk()
cpufreq: dt: Try freeing static OPPs only if we have added them
mtd: rawnand: atmel: Fix potential NULL pointer dereference
signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
x86: boot: Fix EFI stub alignment
pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
brcmfmac: fix for proper support of 160MHz bandwidth
net: phy: phylink: ensure the carrier is off when starting phylink
block, bfq: correctly charge and reset entity service in all cases
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
pinctrl: qcom: spmi-mpp: Fix drive strength setting
pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
net: dsa: mv88e6xxx: Fix writing to a PHY page.
iwlwifi: mvm: fix BAR seq ctrl reporting
ixgbevf: VF2VF TCP RSS
ath10k: schedule hardware restart if WMI command times out
thermal: da9062/61: Prevent hardware access during system suspend
cgroup, netclassid: add a preemption point to write_classid
scsi: esp_scsi: Track residual for PIO transfers
UAPI: ndctl: Fix g++-unsupported initialisation in headers
KVM: nVMX: Clear reserved bits of #DB exit qualification
scsi: megaraid_sas: fix a missing-check bug
RDMA/core: Do not expose unsupported counters
IB/ipoib: Clear IPCB before icmp_send
RDMA/bnxt_re: Fix recursive lock warning in debug kernel
usb: host: ohci-at91: fix request of irq for optional gpio
PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask
VMCI: Resource wildcard match fixed
PCI / ACPI: Enable wake automatically for power managed bridges
usb: gadget: udc: atmel: handle at91sam9rl PMC
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
MD: fix invalid stored role for a disk
f2fs: fix to recover inode's i_flags during POR
PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
coresight: etb10: Fix handling of perf mode
PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode
crypto: caam - fix implicit casts in endianness helpers
usb: chipidea: Prevent unbalanced IRQ disable
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
uio: ensure class is registered before devices
scsi: lpfc: Correct soft lockup when running mds diagnostics
scsi: lpfc: Correct race with abort on completion path
f2fs: report error if quota off error during umount
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
mfd: menelaus: Fix possible race condition and leak
dmaengine: dma-jz4780: Return error if not probed from DT
IB/rxe: fix for duplicate request processing and ack psns
ALSA: hda: Check the non-cached stream buffers more explicitly
cpupower: Fix AMD Family 0x17 msr_pstate size
Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()"
f2fs: fix to account IO correctly
ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes
arm: dts: exynos: Add missing cooling device properties for CPUs
ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
xen-swiotlb: use actually allocated size on check physical continuous
tpm: Restore functionality to xen vtpm driver.
xen/blkfront: avoid NULL blkfront_info dereference on device removal
xen/balloon: Support xend-based toolstack
xen: fix race in xen_qlock_wait()
xen: make xen_qlock_wait() nestable
xen/pvh: increase early stack size
xen/pvh: don't try to unplug emulated devices
libertas: don't set URB_ZERO_PACKET on IN USB transfer
usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround"
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
net/ipv4: defensive cipso option parsing
dmaengine: ppc4xx: fix off-by-one build failure
dmaengine: stm32-dma: fix incomplete configuration in cyclic mode
libnvdimm: Hold reference on parent while scheduling async init
libnvdimm, region: Fail badblocks listing for inactive regions
ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
IB/mlx5: Fix MR cache initialization
jbd2: fix use after free in jbd2_log_do_checkpoint()
gfs2_meta: ->mount() can get NULL dev_name
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
ext4: fix setattr project check in fssetxattr ioctl
ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
ext4: fix use-after-free race in ext4_remount()'s error path
HID: hiddev: fix potential Spectre v1
EDAC, amd64: Add Family 17h, models 10h-2fh support
EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
EDAC, skx_edac: Fix logical channel intermediate decoding
ARM: dts: dra7: Fix up unaligned access setting for PCIe EP
PCI/ASPM: Fix link_state teardown on device removal
PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
PCI: vmd: White list for fast interrupt handlers
signal/GenWQE: Fix sending of SIGKILL
signal: Guard against negative signal numbers in copy_siginfo_from_user32
crypto: lrw - Fix out-of bounds access on counter overflow
crypto: tcrypt - fix ghash-generic speed test
mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range()
ima: fix showing large 'violations' or 'runtime_measurements_count'
hugetlbfs: dirty pages as they are added to pagecache
mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly
KVM: arm64: Fix caching of host MDCR_EL2 value
kbuild: fix kernel/bounds.c 'W=1' warning
iio: ad5064: Fix regulator handling
iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
iio: adc: at91: fix acking DRDY irq on simple conversions
iio: adc: at91: fix wrong channel number in triggered buffer mode
w1: omap-hdq: fix missing bus unregister at removal
smb3: allow stats which track session and share reconnects to be reset
smb3: do not attempt cifs operation in smb3 query info error path
smb3: on kerberos mount if server doesn't specify auth type use krb5
printk: Fix panic caused by passing log_buf_len to command line
genirq: Fix race on spurious interrupt detection
NFSv4.1: Fix the r/wsize checking
nfs: Fix a missed page unlock after pg_doio()
nfsd: Fix an Oops in free_session()
lockd: fix access beyond unterminated strings in prints
dm ioctl: harden copy_params()'s copy_from_user() from malicious users
dm zoned: fix metadata block ref counting
dm zoned: fix various dmz_get_mblock() issues
powerpc/msi: Fix compile error on mpc83xx
MIPS: OCTEON: fix out of bounds array access on CN68XX
iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
TC: Set DMA masks for devices
media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
kgdboc: Passing ekgdboc to command line causes panic
xen: fix xen_qlock_wait()
xen-blkfront: fix kernel panic with negotiate_mq error path
media: em28xx: use a default format if TRY_FMT fails
media: tvp5150: avoid going past array on v4l2_querymenu()
media: em28xx: fix input name for Terratec AV 350
media: em28xx: make v4l2-compliance happier by starting sequence on zero
media: media colorspaces*.rst: rename AdobeRGB to opRGB
arm64: lse: remove -fcall-used-x0 flag
rpmsg: smd: fix memory leak on channel create
Cramfs: fix abad comparison when wrap-arounds occur
ARM: dts: socfpga: Fix SDRAM node address for Arria10
arm64: dts: stratix10: Correct System Manager register size
soc/tegra: pmc: Fix child-node lookup
selftests/powerpc: Fix ptrace tm failure
btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled
btrfs: Handle owner mismatch gracefully when walking up tree
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
btrfs: fix error handling in free_log_tree
btrfs: Enhance btrfs_trim_fs function to handle error better
btrfs: Ensure btrfs_trim_fs can trim the whole filesystem
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
btrfs: don't attempt to trim devices that don't support it
btrfs: wait on caching when putting the bg cache
btrfs: protect space cache inode alloc with GFP_NOFS
btrfs: reset max_extent_size on clear in a bitmap
btrfs: make sure we create all new block groups
Btrfs: fix warning when replaying log after fsync of a tmpfile
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
btrfs: qgroup: Dirty all qgroups before rescan
Btrfs: fix null pointer dereference on compressed write path error
Btrfs: fix assertion on fsync of regular file when using no-holes feature
btrfs: set max_extent_size properly
btrfs: don't use ctl->free_space for max_extent_size
btrfs: only free reserved extent if we didn't insert it
btrfs: don't run delayed_iputs in commit
btrfs: move the dio_sem higher up the callchain
Btrfs: fix use-after-free during inode eviction
Btrfs: fix use-after-free when dumping free space
Btrfs: fix fsync after hole punching when using no-holes feature
net: sched: Remove TCA_OPTIONS from policy
bpf: wait for running BPF programs when updating map-in-map
MD: fix invalid stored role for a disk - try2
Linux 4.14.81
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Lukas Czerner
|
13b63ba403 |
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
commit 625ef8a3acd111d5f496d190baf99d1a815bd03e upstream.
Variable retries is not initialized in ext4_da_write_inline_data_begin()
which can lead to nondeterministic number of retries in case we hit
ENOSPC. Initialize retries to zero as we do everywhere else.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Fixes:
|
||
|
Greg Kroah-Hartman
|
84ae3e35e1 |
Merge 4.14.73 into android-4.14
Changes in 4.14.73 gso_segment: Reset skb->mac_len after modifying network header ipv6: fix possible use-after-free in ip6_xmit() net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT net: hp100: fix always-true check for link up state pppoe: fix reception of frames with no mac header qmi_wwan: set DTR for modems in forced USB2 mode udp4: fix IP_CMSG_CHECKSUM for connected sockets neighbour: confirm neigh entries when ARP packet is received udp6: add missing checks on edumux packet processing net/sched: act_sample: fix NULL dereference in the data path tls: don't copy the key out of tls12_crypto_info_aes_gcm_128 tls: zero the crypto information from tls_context before freeing tls: clear key material from kernel memory when do_tls_setsockopt_conf fails NFC: Fix possible memory corruption when handling SHDLC I-Frame commands NFC: Fix the number of pipes ASoC: cs4265: fix MMTLR Data switch control ASoC: rsnd: fixup not to call clk_get/set under non-atomic ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() ALSA: firewire-digi00x: fix memory leak of private data ALSA: firewire-tascam: fix memory leak of private data ALSA: fireworks: fix memory leak of response buffer at error path ALSA: oxfw: fix memory leak for model-dependent data at error path ALSA: oxfw: fix memory leak of discovered stream formats at error path ALSA: oxfw: fix memory leak of private data platform/x86: alienware-wmi: Correct a memory leak xen/netfront: don't bug in case of too many frags xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers Revert "PCI: Add ACS quirk for Intel 300 series" ring-buffer: Allow for rescheduling when removing pages mm: shmem.c: Correctly annotate new inodes for lockdep Revert "rpmsg: core: add support to power domains for devices" Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name" scsi: target: iscsi: Use hex2bin instead of a re-implementation scsi: target: iscsi: Use bin2hex instead of a re-implementation Revert "ubifs: xattr: Don't operate on deleted inodes" ocfs2: fix ocfs2 read block panic drm/nouveau: Fix deadlocks in nouveau_connector_detect() drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early drm/vc4: Fix the "no scaling" case on multi-planar YUV formats drm: udl: Destroy framebuffer only if it was initialized drm/amdgpu: add new polaris pci id tty: vt_ioctl: fix potential Spectre v1 ext4: check to make sure the rename(2)'s destination is not freed ext4: avoid divide by zero fault when deleting corrupted inline directories ext4: avoid arithemetic overflow that can trigger a BUG ext4: recalucate superblock checksum after updating free blocks/inodes ext4: fix online resize's handling of a too-small final block group ext4: fix online resizing for bigalloc file systems with a 1k block size ext4: don't mark mmp buffer head dirty ext4: show test_dummy_encryption mount option in /proc/mounts sched/fair: Fix vruntime_normalized() for remote non-migration wakeup PCI: aardvark: Size bridges before resources allocation vmw_balloon: include asm/io.h iw_cxgb4: only allow 1 flush on user qps tick/nohz: Prevent bogus softirq pending warning spi: Fix double IDR allocation with DT aliases Linux 4.14.73 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Theodore Ts'o
|
3f9eafe877 |
ext4: avoid divide by zero fault when deleting corrupted inline directories
commit 4d982e25d0bdc83d8c64e66fdeca0b89240b3b85 upstream. A specially crafted file system can trick empty_inline_dir() into reading past the last valid entry in a inline directory, and then run into the end of xattr marker. This will trigger a divide by zero fault. Fix this by using the size of the inline directory instead of dir->i_size. Also clean up error reporting in __ext4_check_dir_entry so that the message is clearer and more understandable --- and avoids the division by zero trap if the size passed in is zero. (I'm not sure why we coded it that way in the first place; printing offset % size is actually more confusing and less useful.) https://bugzilla.kernel.org/show_bug.cgi?id=200933 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reported-by: Wen Xu <wen.xu@gatech.edu> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
6f2e09c90a |
Merge 4.14.60 into android-4.14
Changes in 4.14.60
fork: unconditionally clear stack on fork
i2c: core: decrease reference count of device node in i2c_unregister_device
RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
spi: spi-s3c64xx: Fix system resume support
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
kvm, mm: account shadow page tables to kmemcg
delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
tracing: Fix double free of event_trigger_data
tracing: Fix possible double free in event_enable_trigger_func()
kthread, tracing: Don't expose half-written comm when creating kthreads
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
tracing: Quiet gcc warning about maybe unused link variable
arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
mlxsw: spectrum_switchdev: Fix port_vlan refcounting
kcov: ensure irq code sees a valid area
xen/netfront: raise max number of slots in xennet_get_responses()
hv_netvsc: fix network namespace issues with VF support
skip LAYOUTRETURN if layout is invalid
ALSA: emu10k1: add error handling for snd_ctl_add
ALSA: fm801: add error handling for snd_ctl_add
NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
vfio: platform: Fix reset module leak in error path
vfio/mdev: Check globally for duplicate devices
vfio/type1: Fix task tracking for QEMU vCPU hotplug
kernel/hung_task.c: show all hung tasks before panic
mm: /proc/pid/pagemap: hide swap entries from unprivileged users
mm: vmalloc: avoid racy handling of debugobjects in vunmap
mm/slub.c: add __printf verification to slab_err()
rtc: ensure rtc_set_alarm fails when alarms are not supported
perf tools: Fix pmu events parsing rule
netfilter: ipset: forbid family for hash:mac sets
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
irqchip/ls-scfg-msi: Map MSIs in the iommu
watchdog: da9063: Fix updating timeout value
printk: drop in_nmi check from printk_safe_flush_on_panic()
bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
ceph: fix alignment of rasize
e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
infiniband: fix a possible use-after-free bug
powerpc/lib: Adjust .balign inside string functions for PPC32
powerpc/64s: Add barrier_nospec
powerpc/eeh: Fix use-after-release of EEH driver
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
powerpc/64s: Fix compiler store ordering to SLB shadow area
RDMA/mad: Convert BUG_ONs to error flows
lightnvm: pblk: warn in case of corrupted write buffer
netfilter: nf_tables: check msg_type before nft_trans_set(trans)
pnfs: Don't release the sequence slot until we've processed layoutget on open
disable loading f2fs module on PAGE_SIZE > 4KB
f2fs: fix error path of move_data_page
f2fs: fix to don't trigger writeback during recovery
f2fs: fix to wait page writeback during revoking atomic write
f2fs: Fix deadlock in shutdown ioctl
f2fs: fix to detect failure of dquot_initialize
f2fs: fix race in between GC and atomic open
block, bfq: remove wrong lock in bfq_requests_merged
usbip: usbip_detach: Fix memory, udev context and udev leak
usbip: dynamically allocate idev by nports found in sysfs
perf/x86/intel/uncore: Correct fixed counter index check in generic code
perf/x86/intel/uncore: Correct fixed counter index check for NHM
selftests/intel_pstate: Improve test, minor fixes
selftests: memfd: return Kselftest Skip code for skipped tests
selftests: intel_pstate: return Kselftest Skip code for skipped tests
PCI: Fix devm_pci_alloc_host_bridge() memory leak
btrfs: balance dirty metadata pages in btrfs_finish_ordered_io
iwlwifi: pcie: fix race in Rx buffer allocator
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
ASoC: dpcm: fix BE dai not hw_free and shutdown
mfd: cros_ec: Fail early if we cannot identify the EC
mwifiex: handle race during mwifiex_usb_disconnect
wlcore: sdio: check for valid platform device data before suspend
net: hns3: Fixes the init of the VALID BD info in the descriptor
media: tw686x: Fix incorrect vb2_mem_ops GFP flags
media: videobuf2-core: don't call memop 'finish' when queueing
Btrfs: don't return ino to ino cache if inode item removal fails
Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
x86/microcode: Make the late update update_lock a raw lock for RT
PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
PCI: Prevent sysfs disable of device while driver is attached
nvme-rdma: stop admin queue before freeing it
nvme-pci: Fix AER reset handling
ath: Add regulatory mapping for FCC3_ETSIC
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Bahamas
powerpc/32: Add a missing include header
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/powermac: Mark variable x as unused
powerpc: Add __printf verification to prom_printf
spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC
powerpc/8xx: fix invalid register expression in head_8xx.S
pinctrl: at91-pio4: add missing of_node_put
bpf: powerpc64: pad function address loads with NOPs
PCI: pciehp: Request control of native hotplug only if supported
net: dsa: qca8k: Add support for QCA8334 switch
mwifiex: correct histogram data with appropriate index
ima: based on policy verify firmware signatures (pre-allocated buffer)
drivers/perf: arm-ccn: don't log to dmesg in event_init
spi: Add missing pm_runtime_put_noidle() after failed get
net: hns3: Fix the missing client list node initialization
fscrypt: use unbound workqueue for decryption
scsi: ufs: ufshcd: fix possible unclocked register access
scsi: ufs: fix exception event handling
scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger
drm/nouveau/fifo/gk104-: poll for runlist update completion
Bluetooth: btusb: add ID for LiteOn 04ca:301a
rtc: tps6586x: fix possible race condition
rtc: vr41xx: fix possible race condition
rtc: tps65910: fix possible race condition
ALSA: emu10k1: Rate-limit error messages about page errors
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
md/raid1: add error handling of read error from FailFast device
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
ixgbevf: fix MAC address changes through ixgbevf_set_mac()
media: smiapp: fix timeout checking in smiapp_read_nvm
net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
media: atomisp: ov2680: don't declare unused vars
arm64: cmpwait: Clear event register before arming exclusive monitor
HID: hid-plantronics: Re-resend Update to map button for PTT products
arm64: dts: renesas: salvator-common: use audio-graph-card for Sound
drm/radeon: fix mode_valid's return type
drm/amdgpu: Remove VRAM from shared bo domains.
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
HID: i2c-hid: check if device is there before really probing
EDAC, altera: Fix ARM64 build warning
ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage
ARM: dts: emev2: Add missing interrupt-affinity to PMU node
ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
nvmem: properly handle returned value nvmem_reg_read
i40e: free the skb after clearing the bitlock
tty: Fix data race in tty_insert_flip_string_fixed_flag
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
net: phy: phylink: Release link GPIO
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
libata: Fix command retry decision
ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
media: media-device: fix ioctl function types
media: saa7164: Fix driver name in debug output
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
brcmfmac: Add support for bcm43364 wireless chipset
s390/cpum_sf: Add data entry sizes to sampling trailer entry
perf: fix invalid bit in diagnostic entry
bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
scsi: 3w-9xxx: fix a missing-check bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: megaraid: silence a static checker bug
scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
scsi: qedf: Set the UNLOADING flag when removing a vport
staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
thermal: exynos: fix setting rising_threshold for Exynos5433
bpf: fix references to free_bpf_prog_info() in comments
f2fs: avoid fsync() failure caused by EAGAIN in writepage()
media: siano: get rid of __le32/__le16 cast warnings
drm/atomic: Handling the case when setting old crtc for plane
ALSA: hda/ca0132: fix build failure when a local macro is defined
mmc: dw_mmc: update actual clock for mmc debugfs
mmc: pwrseq: Use kmalloc_array instead of stack VLA
dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
spi: meson-spicc: Fix error handling in meson_spicc_probe()
net: hns3: Fixes the out of bounds access in hclge_map_tqp
dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
stop_machine: Use raw spinlocks
delayacct: Use raw_spinlocks
memory: tegra: Do not handle spurious interrupts
memory: tegra: Apply interrupts mask per SoC
nvme: lightnvm: add granby support
arm64: defconfig: Enable Rockchip io-domain driver
igb: Fix queue selection on MAC filters on i210
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
ipconfig: Correctly initialise ic_nameservers
rsi: Fix 'invalid vdd' warning in mmc
rsi: fix nommu_map_sg overflow kernel panic
audit: allow not equal op for audit by executable
staging: vchiq_core: Fix missing semaphore release in error case
staging: lustre: llite: correct removexattr detection
staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
serial: core: Make sure compiler barfs for 16-byte earlycon names
soc: imx: gpcv2: Do not pass static memory as platform data
microblaze: Fix simpleImage format generation
usb: hub: Don't wait for connect state at resume for powered-off ports
crypto: authencesn - don't leak pointers to authenc keys
crypto: authenc - don't leak pointers to authenc keys
media: omap3isp: fix unbalanced dma_iommu_mapping
regulator: Don't return or expect -errno from of_map_mode()
scsi: scsi_dh: replace too broad "TP9" string with the exact models
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
scsi: cxlflash: Synchronize reset and remove ops
scsi: cxlflash: Avoid clobbering context control register value
media: atomisp: compat32: fix __user annotations
media: si470x: fix __be16 annotations
ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
ASoC: topology: Add missing clock gating parameter when parsing hw_configs
drm: Add DP PSR2 sink enable bit
drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown()
drm/dp/mst: Fix off-by-one typo when dump payload table
block: bio_iov_iter_get_pages: fix size of last iovec
blkdev: __blkdev_direct_IO_simple: fix leak in error case
block: reset bi_iter.bi_done after splitting bio
random: mix rdrand with entropy sent in from userspace
squashfs: be more careful about metadata corruption
ext4: fix inline data updates with checksums enabled
ext4: check for allocation block validity with block group locked
ext4: fix check to prevent initializing reserved inodes
PCI: pciehp: Assume NoCompl+ for Thunderbolt ports
PCI: xgene: Remove leftover pci_scan_child_bus() call
ovl: Sync upper dirty data when syncing overlayfs
usb: gadget: udc: renesas_usb3: should remove debugfs
RDMA/uverbs: Protect from attempts to create flows on unsupported QP
net: dsa: qca8k: Force CPU port to its highest bandwidth
net: dsa: qca8k: Enable RXMAC when bringing up a port
net: dsa: qca8k: Add QCA8334 binding documentation
net: dsa: qca8k: Allow overwriting CPU port setting
ipv4: remove BUG_ON() from fib_compute_spec_dst
net: ena: Fix use of uninitialized DMA address bits field
net: fix amd-xgbe flow-control issue
net: lan78xx: fix rx handling before first packet is send
net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
NET: stmmac: align DMA stuff to largest cache line length
tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
xen-netfront: wait xenbus state change when load module manually
netlink: Do not subscribe to non-existent groups
netlink: Don't shift with UB on nlk->ngroups
tcp: do not force quickack when receiving out-of-order packets
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not aggressively quick ack after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: add one more quick ack after after ECN events
Linux 4.14.60
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Theodore Ts'o
|
cdcbe750ac |
ext4: fix inline data updates with checksums enabled
commit 362eca70b53389bddf3143fe20f53dcce2cfdf61 upstream. The inline data code was updating the raw inode directly; this is problematic since if metadata checksums are enabled, ext4_mark_inode_dirty() must be called to update the inode's checksum. In addition, the jbd2 layer requires that get_write_access() be called before the metadata buffer is modified. Fix both of these problems. https://bugzilla.kernel.org/show_bug.cgi?id=200443 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
2e9aed164f |
Merge 4.14.55 into android-4.14
Changes in 4.14.55 userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access mm: hugetlb: yield when prepping struct pages tracing: Fix missing return symbol in function_graph output scsi: sg: mitigate read/write abuse scsi: target: Fix truncated PR-in ReadKeys response s390: Correct register corruption in critical section cleanup drbd: fix access after free vfio: Use get_user_pages_longterm correctly cifs: Fix use after free of a mid_q_entry cifs: Fix memory leak in smb2_set_ea() cifs: Fix infinite loop when using hard mount option cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting drm: Use kvzalloc for allocating blob property memory drm/udl: fix display corruption of the last line jbd2: don't mark block as modified if the handle is out of credits ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: make sure bitmaps and the inode table don't overlap with bg descriptors ext4: always check block group bounds in ext4_init_block_bitmap() ext4: only look at the bg_flags field if it is valid ext4: verify the depth of extent tree in ext4_find_extent() ext4: include the illegal physical block in the bad map ext4_error msg ext4: clear i_data in ext4_inode_info when removing inline data ext4: never move the system.data xattr out of the inode body ext4: avoid running out of journal credits when appending to an inline file ext4: add more inode number paranoia checks ext4: add more mount time checks of the superblock ext4: check superblock mapped prior to committing block: factor out __blkdev_issue_zero_pages() block: cope with WRITE ZEROES failing in blkdev_issue_zeroout() HID: i2c-hid: Fix "incomplete report" noise HID: hiddev: fix potential Spectre v1 HID: debug: check length before copy_to_user() irq/core: Fix boot crash when the irqaffinity= boot parameter is passed on CPUMASK_OFFSTACK=y kernels(v1) mm: hwpoison: disable memory error handling on 1GB hugepage media: vb2: core: Finish buffers at the end of the stream f2fs: truncate preallocated blocks in error case Revert "dpaa_eth: fix error in dpaa_remove()" Kbuild: fix # escaping in .cmd files for future Make media: cx25840: Use subdev host data for PLL override mtd: rawnand: mxc: set spare area size register explicitly fs: allow per-device dax status checking for filesystems dax: change bdev_dax_supported() to support boolean returns dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() dm: set QUEUE_FLAG_DAX accordingly in dm_table_set_restrictions() dm: prevent DAX mounts if not supported mtd: cfi_cmdset_0002: Change definition naming to retry write operation mtd: cfi_cmdset_0002: Change erase functions to retry for error mtd: cfi_cmdset_0002: Change erase functions to check chip good only netfilter: nf_log: don't hold nf_log_mutex during user access staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() sched, tracing: Fix trace_sched_pi_setprio() for deboosting Revert mm/vmstat.c: fix vmstat_update() preemption BUG Linux 4.14.55 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Theodore Ts'o
|
02945e49dc |
ext4: avoid running out of journal credits when appending to an inline file
commit 8bc1379b82b8e809eef77a9fedbb75c6c297be19 upstream. Use a separate journal transaction if it turns out that we need to convert an inline file to use an data block. Otherwise we could end up failing due to not having journal credits. This addresses CVE-2018-10883. https://bugzilla.kernel.org/show_bug.cgi?id=200071 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Theodore Ts'o
|
deb465ec75 |
ext4: clear i_data in ext4_inode_info when removing inline data
commit 6e8ab72a812396996035a37e5ca4b3b99b5d214b upstream. When converting from an inode from storing the data in-line to a data block, ext4_destroy_inline_data_nolock() was only clearing the on-disk copy of the i_blocks[] array. It was not clearing copy of the i_blocks[] in ext4_inode_info, in i_data[], which is the copy actually used by ext4_map_blocks(). This didn't matter much if we are using extents, since the extents header would be invalid and thus the extents could would re-initialize the extents tree. But if we are using indirect blocks, the previous contents of the i_blocks array will be treated as block numbers, with potentially catastrophic results to the file system integrity and/or user data. This gets worse if the file system is using a 1k block size and s_first_data is zero, but even without this, the file system can get quite badly corrupted. This addresses CVE-2018-10881. https://bugzilla.kernel.org/show_bug.cgi?id=200015 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
08850d51f9 |
Merge 4.14.52 into android-4.14
Changes in 4.14.52
bonding: re-evaluate force_primary when the primary slave name changes
cdc_ncm: avoid padding beyond end of skb
ipv6: allow PMTU exceptions to local routes
net: dsa: add error handling for pskb_trim_rcsum
net/sched: act_simple: fix parsing of TCA_DEF_DATA
tcp: verify the checksum of the first data segment in a new connection
socket: close race condition between sock_close() and sockfs_setattr()
udp: fix rx queue len reported by diag and proc interface
net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan
hv_netvsc: Fix a network regression after ifdown/ifup
tls: fix use-after-free in tls_push_record
NFSv4.1: Fix up replays of interrupted requests
ext4: fix hole length detection in ext4_ind_map_blocks()
ext4: update mtime in ext4_punch_hole even if no blocks are released
ext4: do not allow external inodes for inline data
ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
ext4: fix fencepost error in check for inode count overflow during resize
driver core: Don't ignore class_dir_create_and_add() failure.
Btrfs: fix clone vs chattr NODATASUM race
Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
btrfs: return error value if create_io_em failed in cow_file_range
btrfs: scrub: Don't use inode pages for device replace
ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs
ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
ALSA: hda: add dock and led support for HP EliteBook 830 G5
ALSA: hda: add dock and led support for HP ProBook 640 G4
x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
smb3: fix various xid leaks
smb3: on reconnect set PreviousSessionId field
CIFS:
|
||
|
Theodore Ts'o
|
e81d371dac |
ext4: do not allow external inodes for inline data
commit 117166efb1ee8f13c38f9e96b258f16d4923f888 upstream.
The inline data feature was implemented before we added support for
external inodes for xattrs. It makes no sense to support that
combination, but the problem is that there are a number of extended
attribute checks that are skipped if e_value_inum is non-zero.
Unfortunately, the inline data code is completely e_value_inum
unaware, and attempts to interpret the xattr fields as if it were an
inline xattr --- at which point, Hilarty Ensues.
This addresses CVE-2018-11412.
https://bugzilla.kernel.org/show_bug.cgi?id=199803
Reported-by: Jann Horn <jannh@google.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Fixes:
|
||
|
Greg Kroah-Hartman
|
50cb0d5ca6 |
Merge 4.14.3 into android-4.14
Changes in 4.14.3 s390: fix transactional execution control register handling s390/noexec: execute kexec datamover without DAT s390/runtime instrumention: fix possible memory corruption s390/guarded storage: fix possible memory corruption s390/disassembler: add missing end marker for e7 table s390/disassembler: increase show_code buffer size ACPI / PM: Fix acpi_pm_notifier_lock vs flush_workqueue() deadlock ACPI / EC: Fix regression related to triggering source of EC event handling cpufreq: schedutil: Reset cached_raw_freq when not in sync with next_freq serdev: fix registration of second slave sched: Make resched_cpu() unconditional lib/mpi: call cond_resched() from mpi_powm() loop x86/boot: Fix boot failure when SMP MP-table is based at 0 x86/decoder: Add new TEST instruction pattern x86/entry/64: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing x86/entry/64: Add missing irqflags tracing to native_load_gs_index() perf/x86/intel: Hide TSX events when RTM is not supported arm64: Implement arch-specific pte_access_permitted() ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE ARM: 8721/1: mm: dump: check hardware RO bit for LPAE uapi: fix linux/tls.h userspace compilation error uapi: fix linux/rxrpc.h userspace compilation errors MIPS: cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work for 32-bit SMP MIPS: ralink: Fix MT7628 pinmux MIPS: ralink: Fix typo in mt7628 pinmux function net: mvneta: fix handling of the Tx descriptor counter nbd: wait uninterruptible for the dead timeout nbd: don't start req until after the dead connection logic PM / OPP: Add missing of_node_put(np) PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD PCI: hv: Use effective affinity mask PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF PCI: Apply Cavium ThunderX ACS quirk to more Root Ports ALSA: hda: Add Raven PCI ID dm integrity: allow unaligned bv_offset dm cache: fix race condition in the writeback mode overwrite_bio optimisation dm crypt: allow unaligned bv_offset dm zoned: ignore last smaller runt zone dm mpath: remove annoying message of 'blk_get_request() returned -11' dm bufio: fix integer overflow when limiting maximum cache size ovl: Put upperdentry if ovl_check_origin() fails dm: allocate struct mapped_device with kvzalloc sched/rt: Simplify the IPI based RT balancing logic MIPS: pci: Remove KERN_WARN instance inside the mt7620 driver dm: fix race between dm_get_from_kobject() and __dm_destroy() dm: discard support requires all targets in a table support discards MIPS: Fix odd fp register warnings with MIPS64r2 MIPS: Fix MIPS64 FP save/restore on 32-bit kernels MIPS: dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry MIPS: Fix an n32 core file generation regset support regression MIPS: BCM47XX: Fix LED inversion for WRT54GSv1 MIPS: math-emu: Fix final emulation phase for certain instructions rt2x00usb: mark device removed when get ENOENT usb error mm/z3fold.c: use kref to prevent page free/compact race autofs: don't fail mount for transient error nilfs2: fix race condition that causes file system corruption fscrypt: lock mutex before checking for bounce page pool eCryptfs: use after free in ecryptfs_release_messaging() libceph: don't WARN() if user tries to add invalid key bcache: check ca->alloc_thread initialized before wake up it fs: guard_bio_eod() needs to consider partitions fanotify: fix fsnotify_prepare_user_wait() failure isofs: fix timestamps beyond 2027 btrfs: change how we decide to commit transactions during flushing f2fs: expose some sectors to user in inline data or dentry case NFS: Fix typo in nomigration mount option NFS: Revert "NFS: Move the flock open mode check into nfs_flock()" nfs: Fix ugly referral attributes NFS: Avoid RCU usage in tracepoints NFS: revalidate "." etc correctly on "open". nfsd: deal with revoked delegations appropriately rtlwifi: rtl8192ee: Fix memory leak when loading firmware rtlwifi: fix uninitialized rtlhal->last_suspend_sec time iwlwifi: fix firmware names for 9000 and A000 series hw md: fix deadlock error in recent patch. md: don't check MD_SB_CHANGE_CLEAN in md_allow_write Bluetooth: btqcomsmd: Add support for BD address setup md/bitmap: revert a patch fsnotify: clean up fsnotify_prepare/finish_user_wait() fsnotify: pin both inode and vfsmount mark fsnotify: fix pinning group in fsnotify_prepare_user_wait() ata: fixes kernel crash while tracing ata_eh_link_autopsy event ext4: fix interaction between i_size, fallocate, and delalloc after a crash ext4: prevent data corruption with inline data + DAX ext4: prevent data corruption with journaling + DAX ALSA: pcm: update tstamp only if audio_tstamp changed ALSA: usb-audio: Add sanity checks to FE parser ALSA: usb-audio: Fix potential out-of-bound access at parsing SU ALSA: usb-audio: Add sanity checks in v2 clock parsers ALSA: timer: Remove kernel warning at compat ioctl error paths ALSA: hda/realtek - Fix ALC275 no sound issue ALSA: hda: Fix too short HDMI/DP chmap reporting ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization ALSA: hda/realtek - Fix ALC700 family no sound issue ASoC: sun8i-codec: Invert Master / Slave condition ASoC: sun8i-codec: Fix left and right channels inversion ASoC: sun8i-codec: Set the BCLK divider mfd: lpc_ich: Avoton/Rangeley uses SPI_BYT method fix a page leak in vhost_scsi_iov_to_sgl() error recovery 9p: Fix missing commas in mount options fs/9p: Compare qid.path in v9fs_test_inode net/9p: Switch to wait_event_killable() scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair() scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics() scsi: lpfc: fix pci hot plug crash in timer management routines scsi: lpfc: fix pci hot plug crash in list_add call scsi: lpfc: Fix crash receiving ELS while detaching driver scsi: lpfc: Fix FCP hba_wqidx assignment scsi: lpfc: Fix oops if nvmet_fc_register_targetport fails iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref iscsi-target: Fix non-immediate TMR reference leak target: fix null pointer regression in core_tmr_drain_tmr_list target: fix buffer offset in core_scsi3_pri_read_full_status target: Fix QUEUE_FULL + SCSI task attribute handling target: Fix caw_sem leak in transport_generic_request_failure target: Fix quiese during transport_write_pending_qf endless loop target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK mtd: Avoid probe failures when mtd->dbg.dfs_dir is invalid mtd: nand: Export nand_reset() symbol mtd: nand: atmel: Actually use the PM ops mtd: nand: omap2: Fix subpage write mtd: nand: Fix writing mtdoops to nand flash. mtd: nand: mtk: fix infinite ECC decode IRQ issue mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush sequence p54: don't unregister leds when they are not initialized block: Fix a race between blk_cleanup_queue() and timeout handling raid1: prevent freeze_array/wait_all_barriers deadlock genirq: Track whether the trigger type has been set irqchip/gic-v3: Fix ppi-partitions lookup lockd: double unregister of inetaddr notifiers KVM: PPC: Book3S HV: Don't call real-mode XICS hypercall handlers if not enabled KVM: nVMX: set IDTR and GDTR limits when loading L1 host state KVM: SVM: obey guest PAT kvm: vmx: Reinstate support for CPUs without virtual NMI dax: fix PMD faults on zero-length files dax: fix general protection fault in dax_alloc_inode SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status clk: ti: dra7-atl-clock: fix child-node lookups libnvdimm, dimm: clear 'locked' status on successful DIMM enable libnvdimm, pfn: make 'resource' attribute only readable by root libnvdimm, namespace: fix label initialization to use valid seq numbers libnvdimm, region : make 'resource' attribute only readable by root libnvdimm, namespace: make 'resource' attribute only readable by root svcrdma: Preserve CB send buffer across retransmits IB/srpt: Do not accept invalid initiator port names IB/cm: Fix memory corruption in handling CM request IB/hfi1: Fix incorrect available receive user context count IB/srp: Avoid that a cable pull can trigger a kernel crash IB/core: Avoid crash on pkey enforcement failed in received MADs IB/core: Only maintain real QPs in the security lists NFC: fix device-allocation error return spi-nor: intel-spi: Fix broken software sequencing codes i40e: Use smp_rmb rather than read_barrier_depends igb: Use smp_rmb rather than read_barrier_depends igbvf: Use smp_rmb rather than read_barrier_depends ixgbevf: Use smp_rmb rather than read_barrier_depends i40evf: Use smp_rmb rather than read_barrier_depends fm10k: Use smp_rmb rather than read_barrier_depends ixgbe: Fix skb list corruption on Power systems parisc: Fix validity check of pointer size argument in new CAS implementation powerpc: Fix boot on BOOK3S_32 with CONFIG_STRICT_KERNEL_RWX powerpc/mm/radix: Fix crashes on Power9 DD1 with radix MMU and STRICT_RWX powerpc/perf/imc: Use cpu_to_node() not topology_physical_package_id() powerpc/signal: Properly handle return value from uprobe_deny_signal() powerpc/64s: Fix masking of SRR1 bits on instruction fault powerpc/64s/radix: Fix 128TB-512TB virtual address boundary case allocation powerpc/64s/hash: Fix 512T hint detection to use >= 128T powerpc/64s/hash: Fix 128TB-512TB virtual address boundary case allocation powerpc/64s/hash: Fix fork() with 512TB process address space powerpc/64s/hash: Allow MAP_FIXED allocations to cross 128TB boundary media: Don't do DMA on stack for firmware upload in the AS102 driver media: rc: check for integer overflow media: rc: nec decoder should not send both repeat and keycode cx231xx-cards: fix NULL-deref on missing association descriptor media: v4l2-ctrl: Fix flags field on Control events media: venus: fix wrong size on dma_free media: venus: venc: fix bytesused v4l2_plane field media: venus: reimplement decoder stop command ARM64: dts: meson-gxl: Add alternate ARM Trusted Firmware reserved memory zone iwlwifi: fix wrong struct for a000 device iwlwifi: add a new a000 device iwlwifi: pcie: sort IDs for the 9000 series for easier comparisons iwlwifi: add new cards for a000 series iwlwifi: add new cards for 8265 series iwlwifi: add new cards for 8260 series iwlwifi: fix PCI IDs and configuration mapping for 9000 series iwlwifi: mvm: support version 7 of the SCAN_REQ_UMAC FW command e1000e: Fix error path in link detection e1000e: Fix return value test e1000e: Separate signaling for link check/link up e1000e: Avoid receiver overrun interrupt bursts e1000e: fix buffer overrun while the I219 is processing DMA transactions Linux 4.14.3 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Mohan Srinivasan
|
a59d873237 |
ANDROID: fs: Refactor FS readpage/write tracepoints.
Refactor the fs readpage/write tracepoints to move the inode->path lookup outside the tracepoint code, and pass a pointer to the path into the tracepoint code instead. This is necessary because the tracepoint code runs non-preemptible. Thanks to Trilok Soni for catching this in 4.4. Signed-off-by: Mohan Srinivasan <srmohan@google.com> [AmitP: Folded following android-4.9 commit changes into this patch a5c4dbb05ab7 ("ANDROID: Replace spaces by '_' for some android filesystem tracepoints.")] Signed-off-by: Amit Pundir <amit.pundir@linaro.org> |
||
|
Mohan Srinivasan
|
45560fee7f |
ANDROID: fs: FS tracepoints to track IO.
Adds tracepoints in ext4/f2fs/mpage to track readpages/buffered write()s. This allows us to track files that are being read/written to PIDs. (Merged from android4.4-common). Signed-off-by: Mohan Srinivasan <srmohan@google.com> |
||
|
Ross Zwisler
|
713cb65003 |
ext4: prevent data corruption with inline data + DAX
commit 559db4c6d784ceedc2a5418ced4d357cb843e221 upstream. If an inode has inline data it is currently prevented from using DAX by a check in ext4_set_inode_flags(). When the inode grows inline data via ext4_create_inline_data() or removes its inline data via ext4_destroy_inline_data_nolock(), the value of S_DAX can change. Currently these changes are unsafe because we don't hold off page faults and I/O, write back dirty radix tree entries and invalidate all mappings. There are also issues with mm-level races when changing the value of S_DAX, as well as issues with the VM_MIXEDMAP flag: https://www.spinics.net/lists/linux-xfs/msg09859.html The unsafe transition of S_DAX can reliably cause data corruption, as shown by the following fstest: https://patchwork.kernel.org/patch/9948381/ Fix this issue by preventing the DAX mount option from being used on filesystems that were created to support inline data. Inline data is an option given to mkfs.ext4. Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Andreas Dilger
|
e50e5129f3 |
ext4: xattr-in-inode support
Large xattr support is implemented for EXT4_FEATURE_INCOMPAT_EA_INODE.
If the size of an xattr value is larger than will fit in a single
external block, then the xattr value will be saved into the body
of an external xattr inode.
The also helps support a larger number of xattr, since only the headers
will be stored in the in-inode space or the single external block.
The inode is referenced from the xattr header via "e_value_inum",
which was formerly "e_value_block", but that field was never used.
The e_value_size still contains the xattr size so that listing
xattrs does not need to look up the inode if the data is not accessed.
struct ext4_xattr_entry {
__u8 e_name_len; /* length of name */
__u8 e_name_index; /* attribute name index */
__le16 e_value_offs; /* offset in disk block of value */
__le32 e_value_inum; /* inode in which value is stored */
__le32 e_value_size; /* size of attribute value */
__le32 e_hash; /* hash value of name and value */
char e_name[0]; /* attribute name */
};
The xattr inode is marked with the EXT4_EA_INODE_FL flag and also
holds a back-reference to the owning inode in its i_mtime field,
allowing the ext4/e2fsck to verify the correct inode is accessed.
[ Applied fix by Dan Carpenter to avoid freeing an ERR_PTR. ]
Lustre-Jira: https://jira.hpdd.intel.com/browse/LU-80
Lustre-bugzilla: https://bugzilla.lustre.org/show_bug.cgi?id=4424
Signed-off-by: Kalpak Shah <kalpak.shah@sun.com>
Signed-off-by: James Simmons <uja.ornl@gmail.com>
Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
Signed-off-by: Tahsin Erdogan <tahsin@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
|
||
|
Eric Biggers
|
d6b975504e |
ext4: remove unused d_name argument from ext4_search_dir() et al.
Now that we are passing a struct ext4_filename, we do not need to pass around the original struct qstr too. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Jan Kara <jack@suse.cz> |
||
|
Eric Biggers
|
1bc0af600b |
ext4: trim return value and 'dir' argument from ext4_insert_dentry()
In the initial implementation of ext4 encryption, the filename was encrypted in ext4_insert_dentry(), which could fail and also required access to the 'dir' inode. Since then ext4 filename encryption has been changed to encrypt the filename earlier, so we can revert the additions to ext4_insert_dentry(). Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
||
|
Eric Biggers
|
b9cf625d6e |
ext4: mark inode dirty after converting inline directory
If ext4_convert_inline_data() was called on a directory with inline
data, the filesystem was left in an inconsistent state (as considered by
e2fsck) because the file size was not increased to cover the new block.
This happened because the inode was not marked dirty after i_disksize
was updated. Fix this by marking the inode dirty at the end of
ext4_finish_convert_inline_dir().
This bug was probably not noticed before because most users mark the
inode dirty afterwards for other reasons. But if userspace executed
FS_IOC_SET_ENCRYPTION_POLICY with invalid parameters, as exercised by
'kvm-xfstests -c adv generic/396', then the inode was never marked dirty
after updating i_disksize.
Cc: stable@vger.kernel.org # 3.10+
Fixes:
|
||
|
Theodore Ts'o
|
0db1ff222d |
ext4: add shutdown bit and check for it
Add a shutdown bit that will cause ext4 processing to fail immediately with EIO. Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
||
|
Theodore Ts'o
|
eb5efbcb76 |
ext4: fix inline data error paths
The write_end() function must always unlock the page and drop its ref count, even on an error. Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org |
||
|
Theodore Ts'o
|
01daf94525 |
ext4: propagate error values from ext4_inline_data_truncate()
Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
||
|
Theodore Ts'o
|
b907f2d519 |
ext4: avoid calling ext4_mark_inode_dirty() under unneeded semaphores
There is no need to call ext4_mark_inode_dirty while holding xattr_sem or i_data_sem, so where it's easy to avoid it, move it out from the critical region. Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
||
|
Theodore Ts'o
|
c755e25135 |
ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()
The xattr_sem deadlock problems fixed in commit |