1. 05 Sep, 2018 7 commits
    • Chao Yu's avatar
      f2fs: fix to avoid NULL pointer dereference on se->discard_map · 7d20c8ab
      Chao Yu authored
      https://bugzilla.kernel.org/show_bug.cgi?id=200951
      
      These is a NULL pointer dereference issue reported in bugzilla:
      
      Hi,
      in the setup there is a SATA SSD connected to a SATA-to-USB bridge.
      
      The disc is "Samsung SSD 850 PRO 256G" which supports TRIM.
      There are four partitions:
       sda1: FAT  /boot
       sda2: F2FS /
       sda3: F2FS /home
       sda4: F2FS
      
      The bridge is ASMT1153e which uses the "uas" driver.
      There is no TRIM pass-through, so, when mounting it reports:
       mounting with "discard" option, but the device does not support discard
      
      The USB host is USB3.0 and UASP capable. It is the one on RK3399.
      
      Given this everything works fine, except there is no TRIM support.
      
      In order to enable TRIM a new UDEV rule is added [1]:
       /etc/udev/rules.d/10-sata-bridge-trim.rules:
       ACTION=="add|change", ATTRS{idVendor}=="174c", ATTRS{idProduct}=="55aa", SUBSYSTEM=="scsi_disk", ATTR{provisioning_mode}="unmap"
      After reboot any F2FS write hangs forever and dmesg reports:
       Unable to handle kernel NULL pointer dereference
      
      Also tested on a x86_64 system: works fine even with TRIM enabled.
       same disc
       same bridge
       different usb host controller
       different cpu architecture
       not root filesystem
      
      Regards,
        Vicenç.
      
      [1] Post #5 in https://bbs.archlinux.org/viewtopic.php?id=236280
      
       Unable to handle kernel NULL pointer dereference at virtual address 000000000000003e
       Mem abort info:
         ESR = 0x96000004
         Exception class = DABT (current EL), IL = 32 bits
         SET = 0, FnV = 0
         EA = 0, S1PTW = 0
       Data abort info:
         ISV = 0, ISS = 0x00000004
         CM = 0, WnR = 0
       user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000626e3122
       [000000000000003e] pgd=0000000000000000
       Internal error: Oops: 96000004 [#1] SMP
       Modules linked in: overlay snd_soc_hdmi_codec rc_cec dw_hdmi_i2s_audio dw_hdmi_cec snd_soc_simple_card snd_soc_simple_card_utils snd_soc_rockchip_i2s rockchip_rga snd_soc_rockchip_pcm rockchipdrm videobuf2_dma_sg v4l2_mem2mem rtc_rk808 videobuf2_memops analogix_dp videobuf2_v4l2 videobuf2_common dw_hdmi dw_wdt cec rc_core videodev drm_kms_helper media drm rockchip_thermal rockchip_saradc realtek drm_panel_orientation_quirks syscopyarea sysfillrect sysimgblt fb_sys_fops dwmac_rk stmmac_platform stmmac pwm_bl squashfs loop crypto_user gpio_keys hid_kensington
       CPU: 5 PID: 957 Comm: nvim Not tainted 4.19.0-rc1-1-ARCH #1
       Hardware name: Sapphire-RK3399 Board (DT)
       pstate: 00000005 (nzcv daif -PAN -UAO)
       pc : update_sit_entry+0x304/0x4b0
       lr : update_sit_entry+0x108/0x4b0
       sp : ffff00000ca13bd0
       x29: ffff00000ca13bd0 x28: 000000000000003e
       x27: 0000000000000020 x26: 0000000000080000
       x25: 0000000000000048 x24: ffff8000ebb85cf8
       x23: 0000000000000253 x22: 00000000ffffffff
       x21: 00000000000535f2 x20: 00000000ffffffdf
       x19: ffff8000eb9e6800 x18: ffff8000eb9e6be8
       x17: 0000000007ce6926 x16: 000000001c83ffa8
       x15: 0000000000000000 x14: ffff8000f602df90
       x13: 0000000000000006 x12: 0000000000000040
       x11: 0000000000000228 x10: 0000000000000000
       x9 : 0000000000000000 x8 : 0000000000000000
       x7 : 00000000000535f2 x6 : ffff8000ebff3440
       x5 : ffff8000ebff3440 x4 : ffff8000ebe3a6c8
       x3 : 00000000ffffffff x2 : 0000000000000020
       x1 : 0000000000000000 x0 : ffff8000eb9e5800
       Process nvim (pid: 957, stack limit = 0x0000000063a78320)
       Call trace:
        update_sit_entry+0x304/0x4b0
        f2fs_invalidate_blocks+0x98/0x140
        truncate_node+0x90/0x400
        f2fs_remove_inode_page+0xe8/0x340
        f2fs_evict_inode+0x2b0/0x408
        evict+0xe0/0x1e0
        iput+0x160/0x260
        do_unlinkat+0x214/0x298
        __arm64_sys_unlinkat+0x3c/0x68
        el0_svc_handler+0x94/0x118
        el0_svc+0x8/0xc
       Code: f9400800 b9488400 36080140 f9400f01 (387c4820)
       ---[ end trace a0f21a307118c477 ]---
      
      The reason is it is possible to enable discard flag on block queue via
      UDEV, but during mount, f2fs will initialize se->discard_map only if
      this flag is set, once the flag is set after mount, f2fs may dereference
      NULL pointer on se->discard_map.
      
      So this patch does below changes to fix this issue:
      - initialize and update se->discard_map all the time.
      - don't clear DISCARD option if device has no QUEUE_FLAG_DISCARD flag
      during mount.
      - don't issue small discard on zoned block device.
      - introduce some functions to enhance the readability.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Tested-by: default avatarVicente Bergas <vicencb@gmail.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      7d20c8ab
    • Chengguang Xu's avatar
      f2fs: add additional sanity check in f2fs_acl_from_disk() · 1618e6e2
      Chengguang Xu authored
      Add additinal sanity check for irregular case(e.g. corruption).
      If size of extended attribution is smaller than size of acl header,
      then return -EINVAL.
      Signed-off-by: default avatarChengguang Xu <cgxu519@gmx.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      1618e6e2
    • Linus Torvalds's avatar
      Merge tag 'gpio-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · b36fdc68
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "Some GPIO fixes. The ACPI stuff is probably the most annoying for
        users that get fixed this time.
      
         - Atomic contexts, cansleep* calls and such fastpath/slopwpath
           things.
      
         - Defer ACPI event handler registration to late_initcall() so IRQs do
           not fire in our face before other drivers have a chance to register
           handlers.
      
         - Race condition if a consumer requests a GPIO after
           gpiochip_add_data_with_key() but before of_gpiochip_add()
      
         - Probe errorpath in the dwapb driver"
      
      * tag 'gpio-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio: Fix crash due to registration race
        gpio: dwapb: Fix error handling in dwapb_gpio_probe()
        gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall
        gpiolib: acpi: Switch to cansleep version of GPIO library call
        gpio: adp5588: Fix sleep-in-atomic-context bug
      b36fdc68
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · f4697d9a
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "A set of very minor fixes and a couple of reverts to fix a major
        problem (the attempt to change the busy count causes a hang when
        attempting to change the drive cache type)"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: aacraid: fix a signedness bug
        Revert "scsi: core: avoid host-wide host_busy counter for scsi_mq"
        Revert "scsi: core: fix scsi_host_queue_ready"
        scsi: libata: Add missing newline at end of file
        scsi: target: iscsi: cxgbit: use pr_debug() instead of pr_info()
        scsi: hpsa: limit transfer length to 1MB, not 512kB
        scsi: lpfc: Correct MDS diag and nvmet configuration
        scsi: lpfc: Default fdmi_on to on
        scsi: csiostor: fix incorrect port capabilities
        scsi: csiostor: add a check for NULL pointer after kmalloc()
        scsi: documentation: add scsi_mod.use_blk_mq to scsi-parameters
        scsi: core: Update SCSI_MQ_DEFAULT help text to match default
      f4697d9a
    • Linus Torvalds's avatar
      Merge tag 'nds32-for-linus-4.19-tag1' of... · d0c1db1d
      Linus Torvalds authored
      Merge tag 'nds32-for-linus-4.19-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linux
      
      Pull nds32 updates from Greentime Hu:
       "Contained in here are the bug fixes, building error fixes and ftrace
        support for nds32"
      
      * tag 'nds32-for-linus-4.19-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linux:
        nds32: linker script: GCOV kernel may refers data in __exit
        nds32: fix build error because of wrong semicolon
        nds32: Fix a kernel panic issue because of wrong frame pointer access.
        nds32: Only print one page of stack when die to prevent printing too much information.
        nds32: Add macro definition for offset of lp register on stack
        nds32: Remove the deprecated ABI implementation
        nds32/stack: Get real return address by using ftrace_graph_ret_addr
        nds32/ftrace: Support dynamic function graph tracer
        nds32/ftrace: Support dynamic function tracer
        nds32/ftrace: Add RECORD_MCOUNT support
        nds32/ftrace: Support static function graph tracer
        nds32/ftrace: Support static function tracer
        nds32: Extract the checking and getting pointer to a macro
        nds32: Clean up the coding style
        nds32: Fix get_user/put_user macro expand pointer problem
        nds32: Fix empty call trace
        nds32: add NULL entry to the end of_device_id array
        nds32: fix logic for module
      d0c1db1d
    • Greentime Hu's avatar
      nds32: linker script: GCOV kernel may refers data in __exit · 3350139c
      Greentime Hu authored
      This patch is used to fix nds32 allmodconfig/allyesconfig build error
      because GCOV kernel embeds counters in the kernel for each line
      and a part of that embed in __exit text. So we need to keep the
      EXIT_TEXT and EXIT_DATA  if CONFIG_GCOV_KERNEL=y.
      
      Link: https://lkml.org/lkml/2018/9/1/125Signed-off-by: default avatarGreentime Hu <greentime@andestech.com>
      Reviewed-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      3350139c
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · 0e9b1039
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "17 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        nilfs2: convert to SPDX license tags
        drivers/dax/device.c: convert variable to vm_fault_t type
        lib/Kconfig.debug: fix three typos in help text
        checkpatch: add __ro_after_init to known $Attribute
        mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal
        uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name
        memory_hotplug: fix kernel_panic on offline page processing
        checkpatch: add optional static const to blank line declarations test
        ipc/shm: properly return EIDRM in shm_lock()
        mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported.
        mm/util.c: improve kvfree() kerneldoc
        tools/vm/page-types.c: fix "defined but not used" warning
        tools/vm/slabinfo.c: fix sign-compare warning
        kmemleak: always register debugfs file
        mm: respect arch_dup_mmap() return value
        mm, oom: fix missing tlb_finish_mmu() in __oom_reap_task_mm().
        mm: memcontrol: print proper OOM header when no eligible victim left
      0e9b1039
  2. 04 Sep, 2018 33 commits