- 14 Mar, 2016 1 commit
-
-
Al Viro authored
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
- 06 Mar, 2016 1 commit
-
-
Al Viro authored
... and kill need_lookup thing Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
- 05 Mar, 2016 2 commits
-
-
Al Viro authored
bugger off on negatives a bit earlier, simplify the tests Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
for the sake of namei.c fixes
-
- 29 Feb, 2016 1 commit
-
-
Al Viro authored
Games with ordering and barriers are way too brittle. Just bump ->d_seq before and after updating ->d_inode and ->d_flags type bits, so that verifying ->d_seq would guarantee they are coherent. Cc: stable@vger.kernel.org # v3.13+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
- 28 Feb, 2016 6 commits
-
-
Al Viro authored
... or we risk seeing a bogus value of d_is_symlink() there. Cc: stable@vger.kernel.org # v4.2+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
... otherwise d_is_symlink() above might have nothing to do with the inode value we've got. Cc: stable@vger.kernel.org # v4.2+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
both do_last() and walk_component() risk picking a NULL inode out of dentry about to become positive, *then* checking its flags and seeing that it's not negative anymore and using (already stale by then) value they'd fetched earlier. Usually ends up oopsing soon after that... Cc: stable@vger.kernel.org # v3.13+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
... into returning a positive to path_openat(), which would interpret that as "symlink had been encountered" and proceed to corrupt memory, etc. It can only happen due to a bug in some ->open() instance or in some LSM hook, etc., so we report any such event *and* make sure it doesn't trick us into further unpleasantness. Cc: stable@vger.kernel.org # v3.6+, at least Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Christoph Hellwig authored
-EBADF is a rather confusing error if an operations is not supported, and nfsd gets rather upset about it. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Mikulas Patocka authored
The delete opration can allocate additional space on the HPFS filesystem due to btree split. The HPFS driver checks in advance if there is available space, so that it won't corrupt the btree if we run out of space during splitting. If there is not enough available space, the HPFS driver attempted to truncate the file, but this results in a deadlock since the commit 7dd29d8d ("HPFS: Introduce a global mutex and lock it on every callback from VFS"). This patch removes the code that tries to truncate the file and -ENOSPC is returned instead. If the user hits -ENOSPC on delete, he should try to delete other files (that are stored in a leaf btree node), so that the delete operation will make some space for deleting the file stored in non-leaf btree node. Reported-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz> Cc: stable@vger.kernel.org # 2.6.39+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
- 22 Feb, 2016 2 commits
-
-
Al Viro authored
the last time it was getting something other than NULL as crypt_stat had been back in 2009... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
- 20 Feb, 2016 4 commits
-
-
Maxim Patlasov authored
propagate_one(m) calculates "type" argument for copy_tree() like this: > if (m->mnt_group_id == last_dest->mnt_group_id) { > type = CL_MAKE_SHARED; > } else { > type = CL_SLAVE; > if (IS_MNT_SHARED(m)) > type |= CL_MAKE_SHARED; > } The "type" argument then governs clone_mnt() behavior with respect to flags and mnt_master of new mount. When we iterate through a slave group, it is possible that both current "m" and "last_dest" are not shared (although, both are slaves, i.e. have non-NULL mnt_master-s). Then the comparison above erroneously makes new mount shared and sets its mnt_master to last_source->mnt_master. The patch fixes the problem by handling zero mnt_group_id-s as though they are unequal. The similar problem exists in the implementation of "else" clause above when we have to ascend upward in the master/slave tree by calling: > last_source = last_source->mnt_master; > last_dest = last_source->mnt_parent; proper number of times. The last step is governed by "n->mnt_group_id != last_dest->mnt_group_id" condition that may lie if both are zero. The patch fixes this case in the same way as the former one. [AV: don't open-code an obvious helper...] Signed-off-by: Maxim Patlasov <mpatlasov@virtuozzo.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
It forgets kunmap() on a failure exit, but there's really no point keeping the page kmapped at all - after all, what we are doing is a bunch of memcpy() into the parts of page, so kmap_atomic()/kunmap_atomic() just around those memcpy() is enough. Spotted-by: Insu Yun <wuninsu@gmail.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Mateusz Guzik authored
The code could leak xattrs->lock on error. Problem introduced with 786534b9 "tmpfs: listxattr should include POSIX ACL xattrs". Signed-off-by: Mateusz Guzik <mguzik@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Wouter van Kesteren authored
The user-visible impact of the issue is for example that without this patch sensors-detect breaks when trying to seek in /dev/cpu/0/cpuid. '~0ULL' is a 'unsigned long long' that when converted to a loff_t, which is signed, gets turned into -1. later in vfs_setpos we have 'if (offset > maxsize)', which makes it always return EINVAL. Fixes: b25472f9 ("new helpers: no_seek_end_llseek{,_size}()") Signed-off-by: Wouter van Kesteren <woutershep@gmail.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
- 14 Feb, 2016 15 commits
-
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-miscLinus Torvalds authored
Pull char/misc driver fixes from Greg KH: "Here are 3 fixes for some reported issues. Two nvmem driver fixes, and one mei fix. All have been in linux-next just fine" * tag 'char-misc-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: nvmem: qfprom: Specify LE device endianness nvmem: core: return error for non word aligned access mei: validate request value in client notify request ioctl
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-coreLinus Torvalds authored
Pull driver core fix from Greg KH: "Here is one driver core, well klist, fix for 4.5-rc4. It fixes a problem found in the scsi device list traversal that probably also could be triggered by other subsystems. The fix has been in linux-next for a while with no reported problems" * tag 'driver-core-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: klist: fix starting point removed bug in klist iterators
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/ttyLinus Torvalds authored
Pull tty/serial fixes from Greg KH: "Here are a number of small tty and serial driver fixes for 4.5-rc4 that resolve some reported issues. One of them got reverted as it wasn't correct based on testing, and all have been in linux-next for a while" * tag 'tty-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: Revert "8250: uniphier: allow modular build with 8250 console" pty: make sure super_block is still valid in final /dev/tty close pty: fix possible use after free of tty->driver_data tty: Add support for PCIe WCH382 2S multi-IO card serial/omap: mark wait_for_xmitr as __maybe_unused serial: omap: Prevent DoS using unprivileged ioctl(TIOCSRS485) 8250: uniphier: allow modular build with 8250 console tty: Drop krefs for interrupted tty lock
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbLinus Torvalds authored
Pull PHY fixes from Greg KH: "Here are a couple of PHY driver fixes for 4.5-rc4. A few small phy issues. All have been in linux-next with no reported issues" * tag 'usb-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: phy: twl4030-usb: Fix unbalanced pm_runtime_enable on module reload phy: twl4030-usb: Relase usb phy on unload phy: core: fix wrong err handle for phy_power_on phy: Restrict phy-hi6220-usb to HiSilicon arm64
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull perf tooling fixes from Thomas Gleixner: "Another round of fixes for the perf tooling side: - Prevent a NULL pointer dereference in tracepoint error handling - Fix a thread handling bug in the intel_pt error handling code - Search both .eh_frame and .debug_frame sections as toolchains seem to have random choices of storing the CFI information - Fix the perf state interval output values, which got broken when fixing the overall output" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf stat: Fix interval output values perf probe: Search both .eh_frame and .debug_frame sections for probe location perf tools: Fix thread lifetime related segfaut in intel_pt perf tools: tracepoint_error() can receive e=NULL, robustify it
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull lockdep fix from Thomas Gleixner: "A single fix for the stack trace caching logic in lockdep, where the duplicate avoidance managed to store no back trace at all" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/lockdep: Fix stack trace caching logic
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull timer fix from Thomas Gleixner: "A single fix preventing a 32bit overflow in timespec/val to cputime conversions on 32bit machines" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull irqchip fixes from Thomas Gleixner: "Another set of ARM SoC related irqchip fixes: - Plug a memory leak in gicv3-its - Limit features to the root gic interrupt controller - Add a missing barrier in the gic-v3 IAR access - Another compile test fix for sun4i" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/gic-v3: Make sure read from ICC_IAR1_EL1 is visible on redestributor irqchip/gic: Only set the EOImodeNS bit for the root controller irqchip/gic: Only populate set_affinity for the root controller irqchip/gicv3-its: Fix memory leak in its_free_tables() irqchip/sun4i: Fix compilation outside of arch/arm
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 fixes from Thomas Gleixner: "Two small fixlets for x86: - Prevent a KASAN false positive in thread_saved_pc() - Fix a 32-bit truncation problem in the x86 numa code" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mm/numa: Fix 32-bit memblock range truncation bug on 32-bit NUMA kernels x86: Fix KASAN false positives in thread_saved_pc()
-
git://git.linux-mips.org/pub/scm/ralf/upstream-linusLinus Torvalds authored
Pull MIPS fixes from Ralf Baechle: "Here's the first round of MIPS fixes after the merge window: - Detect Octeon III's PCI correctly. - Fix return value of the MT7620 probing function. - Wire up the copy_file_range syscall. - Fix 64k page support on 32 bit kernels. - Fix the early Coherency Manager probe. - Allow only hardware-supported page sizes to be selected for R6000. - Fix corner cases for the RDHWR nstruction emulation on old hardware. - Fix FPU handling corner cases. - Remove stale entry for BCM33xx from the MAINTAINERS file. - 32 and 64 bit ELF headers are different, handle them correctly" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: mips: Differentiate between 32 and 64 bit ELF header MIPS: Octeon: Update OCTEON_FEATURE_PCIE for Octeon III MIPS: pci-mt7620: Fix return value check in mt7620_pci_probe() MIPS: Fix early CM probing MIPS: Wire up copy_file_range syscall. MIPS: Fix 64k page support for 32 bit kernels. MIPS: R6000: Don't allow 64k pages for R6000. MIPS: traps.c: Correct microMIPS RDHWR emulation MIPS: traps.c: Don't emulate RDHWR in the CpU #0 exception handler MAINTAINERS: Remove stale entry for BCM33xx chips MIPS: Fix FPU disable with preemption MIPS: Properly disable FPU in start_thread() MIPS: Fix buffer overflow in syscall_get_arguments()
-
git://ftp.arm.linux.org.uk/~rmk/linux-armLinus Torvalds authored
Pull ARM fixes from Russell King: "A couple of ARM fixes from Linus for the ICST clock generator code" [ "Linus" here is Linus Walleij. Name-stealer. Linus "there can be only one" Torvalds ] * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: ARM: 8519/1: ICST: try other dividends than 1 ARM: 8517/1: ICST: avoid arithmetic overflow in icst_hz()
-
git://ftp.arm.linux.org.uk/~rmk/linux-armLinus Torvalds authored
Pull component helper fixes from Russell King: "A few fixes for problems people have encountered with the recent update to the component helpers" * 'component' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: component: remove device from master match list on failed add component: Detach components when deleting master struct component: fix crash on x86_64 with hda audio drivers
-
git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdmaLinus Torvalds authored
Pull more rdma fixes from Doug Ledford: "I think we are getting pretty close to done now. There are four one-off fixes in this update: - fix ipoib multicast joins - fix mlx4 error handling - fix mlx5 size computation - fix a thinko in core code" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: IB/mlx5: Fix RC transport send queue overhead computation IB/ipoib: fix for rare multicast join race condition IB/core: Fix reading capability mask of the port info class net/mlx4: fix some error handling in mlx4_multi_func_init()
-
git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pendingLinus Torvalds authored
Pull SCSI target fixes from Nicholas Bellinger: "This includes the long awaited series to address a set of bugs around active I/O remote-port LUN_RESET, as well as properly handling this same case with concurrent fabric driver session disconnect -> reconnect. Note this set of LUN_RESET bug-fixes has been surviving extended testing on both v4.5-rc1 and v3.14.y code over the last weeks, and is CC'ed for stable as it's something folks using multiple ESX connected hosts with slow backends can certainly trigger. The highlights also include: - Fix WRITE_SAME/DISCARD emulation 4k sector conversion in target/iblock (Mike Christie) - Fix TMR abort interaction and AIO type TMR response in qla2xxx target (Quinn Tran + Swapnil Nagle) - Fix >= v3.17 stale descriptor pointer regression in qla2xxx target (Quinn Tran) - Fix >= v4.5-rc1 return regression with unmap_zeros_data_store new configfs store handler (nab) - Add CPU affinity flag + convert qla2xxx to use bit (Quinn + HCH + Bart)" * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: qla2xxx: use TARGET_SCF_USE_CPUID flag to indiate CPU Affinity target/transport: add flag to indicate CPU Affinity is observed target: Fix incorrect unmap_zeroes_data_store return qla2xxx: Use ATIO type to send correct tmr response qla2xxx: Fix stale pointer access. target/user: Fix cast from pointer to phys_addr_t target: Drop legacy se_cmd->task_stop_comp + REQUEST_STOP usage target: Fix race with SCF_SEND_DELAYED_TAS handling target: Fix remote-port TMR ABORT + se_cmd fabric stop target: Fix TAS handling for multi-session se_node_acls target: Fix LUN_RESET active TMR descriptor handling target: Fix LUN_RESET active I/O handling for ACK_KREF qla2xxx: Fix TMR ABORT interaction issue between qla2xxx and TCM qla2xxx: Fix warning reported by static checker target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
-
- 13 Feb, 2016 4 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermalLinus Torvalds authored
Pull thermal management fixes from Eduardo Valentin: "Specifics in this pull request: - Compilation fixes on SPEAR, and U8500 thermal drivers. - RCAR thermal driver now recognizes OF-thermal based thermal zones. - Small code rework on OF-thermal. - These change have been CI tested using KernelCI bot [1,2]. \o/ I am taking over on Rui's behalf while he is out. Happy New Chinese Year! [1] - https://kernelci.org/build/evalenti/kernel/v4.5-rc3-16-ga53b8394ec3c/ [2] - https://kernelci.org/boot/all/job/evalenti/kernel/v4.5-rc3-16-ga53b8394ec3c/" * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal: thermal: cpu_cooling: fix out of bounds access in time_in_idle thermal: allow u8500-thermal driver to be a module thermal: allow spear-thermal driver to be a module thermal: spear: use __maybe_unused for PM functions thermal: rcar: enable to use thermal-zone on DT thermal: of: use for_each_available_child_of_node for child iterator
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/soundLinus Torvalds authored
Pull another sound fix from Takashi Iwai: "This contains a fix for the double-free of usb-audio MIDI device at probe failure" * tag 'sound-fix-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: usb-audio: avoid freeing umidi object twice
-
git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arcLinus Torvalds authored
Pull ARC fixes from Vineet Gupta: "I've been sitting on some of these fixes for a while. - Corner case of returning to delay slot from interrupt - Changing default interrupt prioiry level - Kconfig'ize support for super pages - Other minor fixes" * tag 'arc-4.5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: mm: Introduce explicit super page size support ARCv2: intc: Allow interruption by lowest priority interrupt ARCv2: Check for LL-SC livelock only if LLSC is enabled ARC: shrink cpuinfo by not saving full timer BCR ARCv2: clocksource: Rename GRTC -> GFRC ... ARCv2: STAR 9000950267: Handle return from intr to Delay Slot #2
-
Andrey Konovalov authored
The 'umidi' object will be free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface. So we shouldn't try to free it in snd_usbmidi_create() after having registered the rawmidi interface. Found by KASAN. Signed-off-by: Andrey Konovalov <andreyknvl@gmail.com> Acked-by: Clemens Ladisch <clemens@ladisch.de> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
- 12 Feb, 2016 4 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pciLinus Torvalds authored
Pull PCI fixes from Bjorn Helgaas: "These are some Renesas binding updates for PCI host controllers, a Broadcom fix for a regression we added in v4.5-rc1, and a fix for an AER use-after-free problem that can cause memory corruption. Summary: AER: Flush workqueue on device remove to avoid use-after-free (Sebastian Andrzej Siewior) Broadcom iProc host bridge driver: Allow multiple devices except on PAXC (Ray Jui) Renesas R-Car host bridge driver: Add gen2 device tree support for r8a7793 (Simon Horman) Add device tree support for r8a7793 (Simon Horman)" * tag 'pci-v4.5-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: rcar: Add device tree support for r8a7793 PCI: rcar: Add gen2 device tree support for r8a7793 PCI: iproc: Allow multiple devices except on PAXC PCI/AER: Flush workqueue on device remove to avoid use-after-free
-
Linus Torvalds authored
Merge fixes from Andrew Morton: "10 fixes" The lockdep hlist conversion is in the locking tree too, waiting for the next merge window. Andrew thought it should go in now. I'll take it, since it fixes a real problem and looks trivially correct (famous last words). * emailed patches from Andrew Morton <akpm@linux-foundation.org>: arch/x86/Kconfig: CONFIG_X86_UV should depend on CONFIG_EFI mm: fix pfn_t vs highmem kernel/locking/lockdep.c: convert hash tables to hlists mm,thp: fix spellos in describing __HAVE_ARCH_FLUSH_PMD_TLB_RANGE mm,thp: khugepaged: call pte flush at the time of collapse mm/backing-dev.c: fix error path in wb_init() mm, dax: check for pmd_none() after split_huge_pmd() vsprintf: kptr_restrict is okay in IRQ when 2 mm: fix filemap.c kernel doc warning ubsan: cosmetic fix to Kconfig text
-
Leon Romanovsky authored
Fix the RC QPs send queue overhead computation to take into account two additional segments in the WQE which are needed for registration operations. The ATOMIC and UMR segments can't coexist together, so chose maximum out of them. The commit 9e65dc37 ("IB/mlx5: Fix RC transport send queue overhead computation") was intended to update RC transport as commit messages states, but added the code to UC transport. Fixes: 9e65dc37 ("IB/mlx5: Fix RC transport send queue overhead computation") Signed-off-by: Kamal Heib <kamalh@mellanox.com> Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Doug Ledford <dledford@redhat.com>
-
Alex Estrin authored
A narrow window for race condition still exist between multicast join thread and *dev_flush workers. A kernel crash caused by prolong erratic link state changes was observed (most likely a faulty cabling): [167275.656270] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [167275.665973] IP: [<ffffffffa05f8f2e>] ipoib_mcast_join+0xae/0x1d0 [ib_ipoib] [167275.674443] PGD 0 [167275.677373] Oops: 0000 [#1] SMP ... [167275.977530] Call Trace: [167275.982225] [<ffffffffa05f92f0>] ? ipoib_mcast_free+0x200/0x200 [ib_ipoib] [167275.992024] [<ffffffffa05fa1b7>] ipoib_mcast_join_task+0x2a7/0x490 [ib_ipoib] [167276.002149] [<ffffffff8109d5fb>] process_one_work+0x17b/0x470 [167276.010754] [<ffffffff8109e3cb>] worker_thread+0x11b/0x400 [167276.019088] [<ffffffff8109e2b0>] ? rescuer_thread+0x400/0x400 [167276.027737] [<ffffffff810a5aef>] kthread+0xcf/0xe0 Here was a hit spot: ipoib_mcast_join() { .............. rec.qkey = priv->broadcast->mcmember.qkey; ^^^^^^^ ..... } Proposed patch should prevent multicast join task to continue if link state change is detected. Signed-off-by: Alex Estrin <alex.estrin@intel.com> Changes from v4: - as suggested by Doug Ledford, optimized spinlock usage, i.e. ipoib_mcast_join() is called with lock held. Changes from v3: - sync with priv->lock before flag check. Chages from v2: - Move check for OPER_UP flag state to mcast_join() to ensure no event worker is in progress. - minor style fixes. Changes from v1: - No need to lock again if error detected. Signed-off-by: Doug Ledford <dledford@redhat.com>
-