1. 21 Nov, 2014 10 commits
    • Filipe Manana's avatar
      Btrfs: add helper btrfs_fdatawrite_range · 728404da
      Filipe Manana authored
      To avoid duplicating this double filemap_fdatawrite_range() call for
      inodes with async extents (compressed writes) so often.
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      728404da
    • Filipe Manana's avatar
      Btrfs: correctly flush compressed data before/after direct IO · 075bdbdb
      Filipe Manana authored
      For compressed writes, after doing the first filemap_fdatawrite_range() we
      don't get the pages tagged for writeback immediately. Instead we create
      a workqueue task, which is run by other kthread, and keep the pages locked.
      That other kthread compresses data, creates the respective ordered extent/s,
      tags the pages for writeback and unlocks them. Therefore we need a second
      call to filemap_fdatawrite_range() if we have compressed writes, as this
      second call will wait for the pages to become unlocked, then see they became
      tagged for writeback and finally wait for the writeback to finish.
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      075bdbdb
    • Filipe Manana's avatar
      Btrfs: make inode.c:compress_file_range() return void · c44f649e
      Filipe Manana authored
      Its return value is useless, its single caller ignores it and can't do
      anything with it anyway, since it's a workqueue task and not the task
      calling filemap_fdatawrite_range (writepages) nor filemap_fdatawait_range().
      Failure is communicated to such functions via start and end of writeback
      with the respective pages tagged with an error and AS_EIO flag set in the
      inode's imapping.
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      c44f649e
    • Shilong Wang's avatar
      Btrfs: fix incorrect compression ratio detection · 4bcbb332
      Shilong Wang authored
      Steps to reproduce:
       # mkfs.btrfs -f /dev/sdb
       # mount -t btrfs /dev/sdb /mnt -o compress=lzo
       # dd if=/dev/zero of=/mnt/data bs=$((33*4096)) count=1
      
      after previous steps, inode will be detected as bad compression ratio,
      and NOCOMPRESS flag will be set for that inode.
      
      Reason is that compress have a max limit pages every time(128K), if a
      132k write in, it will be splitted into two write(128k+4k), this bug
      is a leftover for commit 68bb462d(Btrfs: don't compress for a small write)
      
      Fix this problem by checking every time before compression, if it is a
      small write(<=blocksize), we bail out and fall into nocompression directly.
      Signed-off-by: default avatarWang Shilong <wangshilong1991@gmail.com>
      Reviewed-by: default avatarMiao Xie <miaox@cn.fujitsu.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      4bcbb332
    • Filipe Manana's avatar
      Btrfs: don't ignore compressed bio write errors · 7bdcefc1
      Filipe Manana authored
      Our compressed bio write end callback was essentially ignoring the error
      parameter. When a write error happens, it must pass a value of 0 to the
      inode's write_page_end_io_hook callback, SetPageError on the respective
      pages and set AS_EIO in the inode's mapping flags, so that a call to
      filemap_fdatawait_range() / filemap_fdatawait() can find out that errors
      happened (we surely don't want silent failures on fsync for example).
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      7bdcefc1
    • Filipe Manana's avatar
      Btrfs: make inode.c:submit_compressed_extents() return void · dec8f175
      Filipe Manana authored
      Its return value is completely ignored by its single caller and it's
      useless anyway, since errors are indicated through SetPageError and
      the bit AS_EIO set in the flags of the inode's mapping. The caller
      can't do anything with the value, as it's invoked from a workqueue
      task and not by the task calling filemap_fdatawrite_range (which calls
      the writepages address space callback, which in turn calls the inode's
      fill_delalloc callback).
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      dec8f175
    • Filipe Manana's avatar
      Btrfs: process all async extents on compressed write failure · 3d7a820f
      Filipe Manana authored
      If we had an error when processing one of the async extents from our list,
      we were not processing the remaining async extents, meaning we would leak
      those async_extent structs, never release the pages with the compressed
      data and never unlock and clear the dirty flag from the inode's pages (those
      that correspond to the uncompressed content).
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      3d7a820f
    • Filipe Manana's avatar
      Btrfs: don't leak pages and memory on compressed write error · 40ae837b
      Filipe Manana authored
      In inode.c:submit_compressed_extents(), if we fail before calling
      btrfs_submit_compressed_write(), or when that function fails, we
      were freeing the async_extent structure without releasing its pages
      and freeing the pages array.
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      40ae837b
    • Filipe Manana's avatar
      Btrfs: fix hang on compressed write error · fce2a4e6
      Filipe Manana authored
      In inode.c:submit_compressed_extents(), before calling btrfs_submit_compressed_write()
      we start writeback for all pages, clear their dirty flag, unlock them, etc, but if
      btrfs_submit_compressed_write() fails (at the moment it can only fail with -ENOMEM),
      we never end the writeback on the pages, so any filemap_fdatawait_range() call will
      hang forever. We were also not calling the writepage end io hook, which means the
      corresponding ordered extent will never complete and all its waiters will block
      forever, such as a full fsync (via btrfs_wait_ordered_range()).
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      fce2a4e6
    • Filipe Manana's avatar
      Btrfs: set page and mapping error on compressed write failure · 704de49d
      Filipe Manana authored
      If we fail in submit_compressed_extents() before calling btrfs_submit_compressed_write(),
      we start and end the writeback for the pages (clear their dirty flag, unlock them, etc)
      but we don't tag the pages, nor the inode's mapping, with an error. This makes it
      impossible for a caller of filemap_fdatawait_range() (fsync, or transaction commit
      for e.g.) know that there was an error.
      
      Note that the return value of submit_compressed_extents() is useless, as that function
      is executed by a workqueue task and not directly by the fill_delalloc callback. This
      means the writepage/s callbacks of the inode's address space operations don't get that
      return value.
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      704de49d
  2. 17 Nov, 2014 3 commits
    • Linus Torvalds's avatar
      Linux 3.18-rc5 · fc14f9c1
      Linus Torvalds authored
      fc14f9c1
    • Linus Torvalds's avatar
      Merge tag 'armsoc-for-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · e35c5a27
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "Another small set of fixes:
      
         - some DT compatible typo fixes
         - irq setup fix dealing with irq storms on orion
         - i2c quirk generalization for mvebu
         - a handful of smaller fixes for OMAP
         - a couple of added file patterns for OMAP entries in MAINTAINERS"
      
      * tag 'armsoc-for-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        ARM: at91/dt: Fix sama5d3x typos
        pinctrl: dra: dt-bindings: Fix output pull up/down
        MAINTAINERS: Update entry for omap related .dts files to cover new SoCs
        MAINTAINERS: add more files under OMAP SUPPORT
        ARM: dts: AM437x-SK-EVM: Fix DCDC3 voltage
        ARM: dts: AM437x-GP-EVM: Fix DCDC3 voltage
        ARM: dts: AM43x-EPOS-EVM: Fix DCDC3 voltage
        ARM: dts: am335x-evm: Fix 5th NAND partition's name
        ARM: orion: Fix for certain sequence of request_irq can cause irq storm
        ARM: mvebu: armada xp: Generalize use of i2c quirk
      e35c5a27
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 435e46f5
      Linus Torvalds authored
      Pull sparc fixes from David Miller:
      
       1) Fix NULL oops in Schizo PCI controller error handler.
      
       2) Fix race between xchg and other operations on 32-bit sparc, from
          Andreas Larsson.
      
       3) swab*() helpers need a dummy memory input operand to show data flow
          on 64-bit sparc.
      
       4) Fix RCU warnings due to missing irq_{enter,exit}() around
          generic_smp_call_function*() calls.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc64: Fix constraints on swab helpers.
        sparc32: Implement xchg and atomic_xchg using ATOMIC_HASH locks
        sparc64: Do irq_{enter,exit}() around generic_smp_call_function*().
        sparc64: Fix crashes in schizo_pcierr_intr_other().
      435e46f5
  3. 16 Nov, 2014 9 commits
  4. 15 Nov, 2014 6 commits
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm · 5f01feb8
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "Two fixes this time, one to ensure that the kuser helper option
        depends on MMU as they aren't available for noMMU targets (and if the
        option is selected, we end up oopsing.)
      
        The second fix plugs a corner case with the decompressor, ensuring
        that the instruction stream can see the relocated code in every case
        on ARMv7 CPUs"
      
      * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
        ARM: 8198/1: make kuser helpers depend on MMU
        ARM: 8191/1: decompressor: ensure I-side picks up relocated code
      5f01feb8
    • Linus Torvalds's avatar
      Merge branch 'parisc-3.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · 555e5986
      Linus Torvalds authored
      Pull parisc updates from Helge Deller:
       "Changes include:
         - wire up the bpf syscall
         - remove CONFIG_64BIT usage from some userspace-exported header files
         - use compat functions for msgctl, shmat, shmctl and semtimedop
           syscalls"
      
      * 'parisc-3.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Avoid using CONFIG_64BIT in userspace exported headers
        parisc: Use compat layer for msgctl, shmat, shmctl and semtimedop syscalls
        parisc: Use BUILD_BUG() instead of undefined functions
        parisc: Wire up bpf syscall
      555e5986
    • Linus Torvalds's avatar
      Merge tag 'for-v3.18-rc' of git://git.infradead.org/battery-2.6 · ec7de656
      Linus Torvalds authored
      Pull power supply updates from Sebastian Reichel:
       "Power supply and reset changes for the v3.18-rc:
      
         - misc. charger-manager fixes
         - year 2038 fix in ab8500_fg
         - fix error handling of bq2415x_charger"
      
      * tag 'for-v3.18-rc' of git://git.infradead.org/battery-2.6:
        power: charger-manager: Fix accessing invalidated power supply after charger unbind
        power: charger-manager: Fix accessing invalidated power supply after fuel gauge unbind
        power: charger-manager: Avoid recursive thermal get_temp call
        power_supply: Add no_thermal property to prevent recursive get_temp calls
        power: bq2415x_charger: Fix memory leak on DTS parsing error
        power: bq2415x_charger: Properly handle ENODEV from power_supply_get_by_phandle
        power: ab8500_fg.c: use 64-bit time types
      ec7de656
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · e0611671
      Linus Torvalds authored
      Pull drm gixes from Dave Airlie:
       - exynos: infinite loop regressions fixed
       - i915: one regression
       - radeon: one race condition on monitor probing
       - noveau: two regressions
       - tegra: one vblank regression fix
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/tegra: dc: Add missing call to drm_vblank_on()
        drm/nouveau/nv50/disp: Fix modeset on G94
        drm/gk20a/fb: fix setting of large page size bit
        drm/radeon: add locking around atombios scratch space usage
        drm/i915: Fix obj->map_and_fenceable across tiling changes
        drm/exynos: fix possible infinite loop issue
        drm/exynos: g2d: fix null pointer dereference
        drm/exynos: resolve infinite loop issue on non multi-platform
        drm/exynos: resolve infinite loop issue on multi-platform
      e0611671
    • Kirill A. Shutemov's avatar
      kernel: use the gnu89 standard explicitly · 51b97e35
      Kirill A. Shutemov authored
      Sasha Levin reports:
       "gcc5 changes the default standard to c11, which makes kernel build
        unhappy
      
        Explicitly define the kernel standard to be gnu89 which should keep
        everything working exactly like it was before gcc5"
      
      There are multiple small issues with the new default, but the biggest
      issue seems to be that the old - and very useful - GNU extension to
      allow a cast in front of an initializer has gone away.
      
      Patch updated by Kirill:
       "I'm pretty sure all gcc versions you can build kernel with supports
        -std=gnu89.  cc-option is redunrant.
      
        We also need to adjust HOSTCFLAGS otherwise allmodconfig fails for me"
      
      Note by Andrew Pinski:
       "Yes it was reported and both problems relating to this extension has
        been added to gnu99 and gnu11.  Though there are other issues with the
        kernel dealing with extern inline have different semantics between
        gnu89 and gnu99/11"
      
      End result: we may be able to move up to a newer stdc model eventually,
      but right now the newer models have some annoying deficiencies, so the
      traditional "gnu89" model ends up being the preferred one.
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      Singed-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      51b97e35
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-3.18-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 1afcb6ed
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
       "Highlights include:
      
         - stable patches to fix NFSv4.x delegation reclaim error paths
         - fix a bug whereby we were advertising NFSv4.1 but using NFSv4.2
           features
         - fix a use-after-free problem with pNFS block layouts
         - fix a memory leak in the pNFS files O_DIRECT code
         - replace an intrusive and Oops-prone performance fix in the NFSv4
           atomic open code with a safer one-line version and revert the two
           original patches"
      
      * tag 'nfs-for-3.18-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        sunrpc: fix sleeping under rcu_read_lock in gss_stringify_acceptor
        NFS: Don't try to reclaim delegation open state if recovery failed
        NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are revoked
        NFSv4: Fix races between nfs_remove_bad_delegation() and delegation return
        NFSv4.1: nfs41_clear_delegation_stateid shouldn't trust NFS_DELEGATED_STATE
        NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired
        NFS: SEEK is an NFS v4.2 feature
        nfs: Fix use of uninitialized variable in nfs_getattr()
        nfs: Remove bogus assignment
        nfs: remove spurious WARN_ON_ONCE in write path
        pnfs/blocklayout: serialize GETDEVICEINFO calls
        nfs: fix pnfs direct write memory leak
        Revert "NFS: nfs4_do_open should add negative results to the dcache."
        Revert "NFS: remove BUG possibility in nfs4_open_and_get_state"
        NFSv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT
      1afcb6ed
  5. 14 Nov, 2014 12 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 56c381f9
      Linus Torvalds authored
      Pull input subsystem updates from Dmitry Torokhov:
       "Mostly small fixups to PS/2 tochpad drivers (ALPS, Elantech,
        Synaptics) to better deal with specific hardware"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: elantech - update the documentation
        Input: elantech - provide a sysfs knob for crc_enabled
        Input: elantech - report the middle button of the touchpad
        Input: alps - ignore bad data on Dell Latitudes E6440 and E7440
        Input: alps - allow up to 2 invalid packets without resetting device
        Input: alps - ignore potential bare packets when device is out of sync
        Input: elantech - fix crc_enabled for Fujitsu H730
        Input: elantech - use elantech_report_trackpoint for hardware v4 too
        Input: twl4030-pwrbutton - ensure a wakeup event is recorded.
        Input: synaptics - add min/max quirk for Lenovo T440s
      56c381f9
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 0861fd1c
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
      
       - fix EFI stub cache maintenance causing aborts during boot on certain
         platforms
      
       - handle byte stores in __clear_user without panicking
      
       - fix race condition in aarch64_insn_patch_text_sync() (instruction
         patching)
      
       - Couple of type fixes
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: ARCH_PFN_OFFSET should be unsigned long
        Correct the race condition in aarch64_insn_patch_text_sync()
        arm64: __clear_user: handle exceptions on strb
        arm64: Fix data type for physical address
        arm64: efi: Fix stub cache maintenance
      0861fd1c
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v3.18-3' of... · 5ae93760
      Linus Torvalds authored
      Merge tag 'platform-drivers-x86-v3.18-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86
      
      Pull x86 platform drivers fixlets from Darren Hart:
       "Just two patches to remove hp_accel events from the keyboard bus
        stream via an i8042 filter"
      
      * tag 'platform-drivers-x86-v3.18-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86:
        platform: hp_accel: Add SERIO_I8042 as a dependency since it now includes i8042.h/serio.h
        platform: hp_accel: add a i8042 filter to remove HPQ6000 data from kb bus stream
      5ae93760
    • Linus Torvalds's avatar
      Merge branch 'for-3.18-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata · e57c641f
      Linus Torvalds authored
      Pull libata fixes from Tejun Heo:
       "The most notable is the revert of lock splitting optimization in ahci.
        This also made the IRQ handling threaded even when there's only one
        IRQ in use.  The conversion missed IRFQ_SHARED leading to screaming
        IRQs problem in some cases and the threaded IRQ handling showed
        performance regression in some LKP test cases.  The changes are
        reverted for now.  It'll probably be retried once threaded IRQ
        handling is removed from ahci.
      
        Other than that, there's one fix for ahci and several patches adding
        device IDs"
      
      * 'for-3.18-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
        ahci: fix AHCI parameters not taken into account
        ata: sata_rcar: Add r8a7793 device support
        ahci: Add Device IDs for Intel Sunrise Point PCH
        ahci: disable MSI instead of NCQ on Samsung pci-e SSDs on macbooks
        Revert "AHCI: Optimize single IRQ interrupt processing"
        Revert "AHCI: Do not acquire ata_host::lock from single IRQ handler"
        ata: sata_rcar: Disable DIPM mode for r8a7790 ES1
      e57c641f
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 6f0d7a9e
      Linus Torvalds authored
      Pull block layer fixes from Jens Axboe:
       "Four small fixes that should be merged for the current 3.18-rc series.
        This pull request contains:
      
         - a minor bugfix for computation of best IO priority given two
           merging requests.  From Jan Kara.
      
         - the final (final) merge count issue that has been plaguing
           virtio-blk.  From Ming Lei.
      
         - enable parallel reinit notify for blk-mq queues, to combine the
           cost of an RCU grace period across lots of devices.  From Tejun
           Heo.
      
         - an error handling fix for the SCSI_IOCTL_SEND_COMMAND ioctl.  From
           Tony Battersby"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        block: blk-merge: fix blk_recount_segments()
        scsi: Fix more error handling in SCSI_IOCTL_SEND_COMMAND
        blk-mq: make mq_queue_reinit_notify() freeze queues in parallel
        block: Fix computation of merged request priority
      6f0d7a9e
    • Linus Torvalds's avatar
      Merge tag 'pm+acpi-3.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 78646f62
      Linus Torvalds authored
      Pull ACPI and power management fixes from Rafael Wysocki:
       "These are three regression fixes, two recent (generic power domains,
        suspend-to-idle) and one older (cpufreq), an ACPI blacklist entry for
        one more machine having problems with Windows 8 compatibility, a minor
        cpufreq driver fix (cpufreq-dt) and a fixup for new callback
        definitions (generic power domains).
      
        Specifics:
      
         - Fix a crash in the suspend-to-idle code path introduced by a recent
           commit that forgot to check a pointer against NULL before
           dereferencing it (Dmitry Eremin-Solenikov).
      
         - Fix a boot crash on Exynos5 introduced by a recent commit making
           that platform use generic Device Tree bindings for power domains
           which exposed a weakness in the generic power domains framework
           leading to that crash (Ulf Hansson).
      
         - Fix a crash during system resume on systems where cpufreq depends
           on Operation Performance Points (OPP) for functionality, but
           CONFIG_OPP is not set.  This leads the cpufreq driver registration
           to fail, but the resume code attempts to restore the pre-suspend
           cpufreq configuration (which does not exist) nevertheless and
           crashes.  From Geert Uytterhoeven.
      
         - Add a new ACPI blacklist entry for Dell Vostro 3546 that has
           problems if it is reported as Windows 8 compatible to the BIOS
           (Adam Lee).
      
         - Fix swapped arguments in an error message in the cpufreq-dt driver
           (Abhilash Kesavan).
      
         - Fix up the prototypes of new callbacks in struct generic_pm_domain
           to make them more useful.  Users of those callbacks will be added
           in 3.19 and it's better for them to be based on the correct struct
           definition in mainline from the start.  From Ulf Hansson and Kevin
           Hilman"
      
      * tag 'pm+acpi-3.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        PM / Domains: Fix initial default state of the need_restore flag
        PM / sleep: Fix entering suspend-to-IDLE if no freeze_oops is set
        PM / Domains: Change prototype for the attach and detach callbacks
        cpufreq: Avoid crash in resume on SMP without OPP
        cpufreq: cpufreq-dt: Fix arguments in clock failure error message
        ACPI / blacklist: blacklist Win8 OSI for Dell Vostro 3546
      78646f62
    • Linus Torvalds's avatar
      Merge tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 · f720d7df
      Linus Torvalds authored
      Pull firewire fix from Stefan Richter:
       "IEEE 1394 (FireWire) subsystem fix: The character device file
        interface for raw 1394 I/O took uninitialized kernel stack as
        substitute for missing ioctl() argument data.  This could partially
        show up in subsequent read() output"
      
      * tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
        firewire: cdev: prevent kernel stack leaking into ioctl arguments
      f720d7df
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 3865efcb
      Linus Torvalds authored
      Pull vfs fix from Al Viro:
       "Fix for a really embarrassing braino in iov_iter.  Kudos to paulus..."
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        Fix thinko in iov_iter_single_seg_count
      3865efcb
    • Rafael J. Wysocki's avatar
      Merge branches 'pm-domains', 'pm-sleep' and 'pm-cpufreq' · 31689497
      Rafael J. Wysocki authored
      * pm-domains:
        PM / Domains: Fix initial default state of the need_restore flag
        PM / Domains: Change prototype for the attach and detach callbacks
      
      * pm-sleep:
        PM / sleep: Fix entering suspend-to-IDLE if no freeze_oops is set
      
      * pm-cpufreq:
        cpufreq: Avoid crash in resume on SMP without OPP
        cpufreq: cpufreq-dt: Fix arguments in clock failure error message
      31689497
    • Rafael J. Wysocki's avatar
      Merge branch 'acpi-blacklist' · a9b70711
      Rafael J. Wysocki authored
      * acpi-blacklist:
        ACPI / blacklist: blacklist Win8 OSI for Dell Vostro 3546
      a9b70711
    • Stefan Richter's avatar
      firewire: cdev: prevent kernel stack leaking into ioctl arguments · eaca2d8e
      Stefan Richter authored
      Found by the UC-KLEE tool:  A user could supply less input to
      firewire-cdev ioctls than write- or write/read-type ioctl handlers
      expect.  The handlers used data from uninitialized kernel stack then.
      
      This could partially leak back to the user if the kernel subsequently
      generated fw_cdev_event_'s (to be read from the firewire-cdev fd)
      which notably would contain the _u64 closure field which many of the
      ioctl argument structures contain.
      
      The fact that the handlers would act on random garbage input is a
      lesser issue since all handlers must check their input anyway.
      
      The fix simply always null-initializes the entire ioctl argument buffer
      regardless of the actual length of expected user input.  That is, a
      runtime overhead of memset(..., 40) is added to each firewirew-cdev
      ioctl() call.  [Comment from Clemens Ladisch:  This part of the stack is
      most likely to be already in the cache.]
      
      Remarks:
        - There was never any leak from kernel stack to the ioctl output
          buffer itself.  IOW, it was not possible to read kernel stack by a
          read-type or write/read-type ioctl alone; the leak could at most
          happen in combination with read()ing subsequent event data.
        - The actual expected minimum user input of each ioctl from
          include/uapi/linux/firewire-cdev.h is, in bytes:
          [0x00] = 32, [0x05] =  4, [0x0a] = 16, [0x0f] = 20, [0x14] = 16,
          [0x01] = 36, [0x06] = 20, [0x0b] =  4, [0x10] = 20, [0x15] = 20,
          [0x02] = 20, [0x07] =  4, [0x0c] =  0, [0x11] =  0, [0x16] =  8,
          [0x03] =  4, [0x08] = 24, [0x0d] = 20, [0x12] = 36, [0x17] = 12,
          [0x04] = 20, [0x09] = 24, [0x0e] =  4, [0x13] = 40, [0x18] =  4.
      Reported-by: default avatarDavid Ramos <daramos@stanford.edu>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarStefan Richter <stefanr@s5r6.in-berlin.de>
      eaca2d8e
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · b23dc5a7
      Linus Torvalds authored
      Pull virtio bugfix from Michael S Tsirkin:
       "This fixes a crash in virtio console multi-channel mode that got
        introduced in -rc1"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        virtio_console: move early VQ enablement
      b23dc5a7