1. 30 Jul, 2015 1 commit
    • Linus Torvalds's avatar
      Merge tag 'dm-4.2-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm · d0db3a39
      Linus Torvalds authored
      Pull device mapper fixes from Mike Snitzer:
      
       - fix DM thinp to consistently return -ENOSPC when out of data space
      
       - fix a logic bug in the DM cache smq policy's creation error path
      
       - revert a DM cache 4.2-rc3 change that reduced writeback efficiency
      
       - fix a hang on DM cache device destruction due to improper
         prealloc_used accounting introduced in 4.2-rc3
      
       - update URL for dm-crypt wiki page
      
      * tag 'dm-4.2-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm cache: fix device destroy hang due to improper prealloc_used accounting
        Revert "dm cache: do not wake_worker() in free_migration()"
        dm crypt: update wiki page URL
        dm cache policy smq: fix alloc_bitset check that always evaluates as false
        dm thin: return -ENOSPC when erroring retry list due to out of data space
      d0db3a39
  2. 29 Jul, 2015 5 commits
    • Mike Snitzer's avatar
      dm cache: fix device destroy hang due to improper prealloc_used accounting · 795e633a
      Mike Snitzer authored
      Commit 665022d7 ("dm cache: avoid calls to prealloc_free_structs() if
      possible") introduced a regression that caused the removal of a DM cache
      device to hang in cache_postsuspend()'s call to wait_for_migrations()
      with the following stack trace:
      
        [<ffffffff81651457>] schedule+0x37/0x80
        [<ffffffffa041e21b>] cache_postsuspend+0xbb/0x470 [dm_cache]
        [<ffffffff810ba970>] ? prepare_to_wait_event+0xf0/0xf0
        [<ffffffffa0006f77>] dm_table_postsuspend_targets+0x47/0x60 [dm_mod]
        [<ffffffffa0001eb5>] __dm_destroy+0x215/0x250 [dm_mod]
        [<ffffffffa0004113>] dm_destroy+0x13/0x20 [dm_mod]
        [<ffffffffa00098cd>] dev_remove+0x10d/0x170 [dm_mod]
        [<ffffffffa00097c0>] ? dev_suspend+0x240/0x240 [dm_mod]
        [<ffffffffa0009f85>] ctl_ioctl+0x255/0x4d0 [dm_mod]
        [<ffffffff8127ac00>] ? SYSC_semtimedop+0x280/0xe10
        [<ffffffffa000a213>] dm_ctl_ioctl+0x13/0x20 [dm_mod]
        [<ffffffff811fd432>] do_vfs_ioctl+0x2d2/0x4b0
        [<ffffffff81117d5f>] ? __audit_syscall_entry+0xaf/0x100
        [<ffffffff81022636>] ? do_audit_syscall_entry+0x66/0x70
        [<ffffffff811fd689>] SyS_ioctl+0x79/0x90
        [<ffffffff81023e58>] ? syscall_trace_leave+0xb8/0x110
        [<ffffffff81654f6e>] entry_SYSCALL_64_fastpath+0x12/0x71
      
      Fix this by accounting for the call to prealloc_data_structs()
      immediately _before_ the call as opposed to after.  This is needed
      because it is possible to break out of the control loop after the call
      to prealloc_data_structs() but before prealloc_used was set to true.
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      795e633a
    • Mike Snitzer's avatar
      Revert "dm cache: do not wake_worker() in free_migration()" · 3508e659
      Mike Snitzer authored
      This reverts commit 386cb7cd.
      
      Taking the wake_worker() out of free_migration() will slow writeback
      dramatically, and hence adaptability.
      
      Say we have 10k blocks that need writing back, but are only able to
      issue 5 concurrently due to the migration bandwidth: it's imperative
      that we wake_worker() immediately after migration completion; waiting
      for the next 1 second wake up (via do_waker) means it'll take a long
      time to write that all back.
      Reported-by: default avatarJoe Thornber <ejt@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      3508e659
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 86ea07ca
      Linus Torvalds authored
      Pull s390 fixes from Martin Schwidefsky:
       "Two bug fixes:
      
         - fix a crash on pre-z10 hardware due to cache-info
      
         - fix an issue with classic BPF programs in the eBPF JIT"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/cachinfo: add missing facility check to init_cache_level()
        s390/bpf: clear correct BPF accumulator register
      86ea07ca
    • Linus Torvalds's avatar
      Merge tag 'vfio-v4.2-rc5' of git://github.com/awilliam/linux-vfio · d9065f44
      Linus Torvalds authored
      Pull VFIO fix from Alex Williamson:
       "Fix a lockdep reported deadlock in device open error path"
      
      * tag 'vfio-v4.2-rc5' of git://github.com/awilliam/linux-vfio:
        vfio: Fix lockdep issue
      d9065f44
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending · 733db573
      Linus Torvalds authored
      Pull SCSI target fixes from Nicholas Bellinger:
       "This series is larger than what I'd normally be conformable with
        sending for a -rc5 PULL request..
      
        However, the bulk of the series is localized to qla2xxx target
        specific fixes that address a number of real-world correctness issues,
        that have been outstanding on the list for ~6 weeks now.  They where
        submitted + verified + acked by the HW LLD vendor, contributed by a
        major production customer of the code, and are marked for v3.18.y
        stable code.
      
        That said, I don't see a good reason to wait another month to get
        these fixes into mainline.
      
        Beyond the qla2xx specific fixes, this series also includes:
      
         - bugfix for a long standing use-after-free in iscsi-target during
           TPG shutdown + demo-mode sessions.
      
         - bugfix for a >= v4.0 regression OOPs in iscsi-target during a
           iscsi_start_kthreads() failure.
      
         - bugfix for a >= v4.0 regression hang in iscsi-target for iser
           explicit session/connection logout.
      
         - bugfix for a iser-target bug where a early CMA REJECTED status
           during login triggers a NULL pointer dereference OOPs.
      
         - bugfixes for a handful of v4.2-rc1 specific regressions related to
           the larger set of recent backend configfs attribute changes.
      
        A big thanks to QLogic + Pure Storage for the qla2xxx target bugfixes"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (28 commits)
        Documentation/target: Fix tcm_mod_builder.py build breakage
        iser-target: Fix REJECT CM event use-after-free OOPs
        iscsi-target: Fix iser explicit logout TX kthread leak
        iscsi-target: Fix iscsit_start_kthreads failure OOPs
        iscsi-target: Fix use-after-free during TPG session shutdown
        qla2xxx: terminate exchange when command is aborted by LIO
        qla2xxx: drop cmds/tmrs arrived while session is being deleted
        qla2xxx: disable scsi_transport_fc registration in target mode
        qla2xxx: added sess generations to detect RSCN update races
        qla2xxx: Abort stale cmds on qla_tgt_wq when plogi arrives
        qla2xxx: delay plogi/prli ack until existing sessions are deleted
        qla2xxx: cleanup cmd in qla workqueue before processing TMR
        qla2xxx: kill sessions/log out initiator on RSCN and port down events
        qla2xxx: fix command initialization in target mode.
        qla2xxx: Remove msleep in qlt_send_term_exchange
        qla2xxx: adjust debug flags
        qla2xxx: release request queue reservation.
        qla2xxx: Add flush after updating ATIOQ consumer index.
        qla2xxx: Enable target mode for ISP27XX
        qla2xxx: Fix hardware lock/unlock issue causing kernel panic.
        ...
      733db573
  3. 28 Jul, 2015 13 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma · 956325bd
      Linus Torvalds authored
      Pull rdma fixes from Doug Ledford:
      
       - two minor bug fixes
      
       - relicense ocrdma driver to dual license, GPL or BSD
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
        RDMA/ocrdma: update ocrdma module license string
        RDMA/ocrdma: update ocrdma license to dual-license
        IB/ipoib: Fix CONFIG_INFINIBAND_IPOIB_CM
        RDMA/cxgb3: fail get_dma_mr on 64 bit arches
      956325bd
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · d4ec1f18
      Linus Torvalds authored
      Pull key fix from James Morris.
      
      Fix memory leak.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        KEYS: ensure we free the assoc array edit if edit is valid
      d4ec1f18
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · d61be4b3
      Linus Torvalds authored
      Pull arm64 fix from Catalin Marinas:
       "Fix buffer overflow when UTF-16 UEFI vendor string is copied from the
        system table into a char array with a size of 100 bytes"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64/efi: map the entire UEFI vendor string before reading it
      d61be4b3
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/egtvedt/linux-avr32 · 67eb890e
      Linus Torvalds authored
      Pull AVR32 fix from Hans-Christian Egtvedt.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/egtvedt/linux-avr32:
        avr32: handle NULL as a valid clock object
      67eb890e
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · 02ff371a
      Linus Torvalds authored
      Pull devicetree fixes from Rob Herring:
       "A handful of DT related fixes for 4.2-rc"
      
      * tag 'devicetree-fixes-for-4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        of: Drop owner assignment from platform and i2c driver
        DEVICETREE: Misc fix for the AR7100 SPI controller binding
        of: constify drv arg of of_driver_match_device stub
        of: add HAS_IOMEM depends to OF_ADDRESS
      02ff371a
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 90c8acce
      Linus Torvalds authored
      Pull vhost fixes from Michael Tsirkin:
       "Two bugfixes only here"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        vhost: fix error handling for memory region alloc
        vhost: actually track log eventfd file
      90c8acce
    • Linus Torvalds's avatar
      Merge tag 'linux-kselftest-4.2-rc5' of... · 30b4f0fa
      Linus Torvalds authored
      Merge tag 'linux-kselftest-4.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull kselftest fix from Shuah Khan.
      
      * tag 'linux-kselftest-4.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        selftests/futex: Fix futex_cmp_requeue_pi() error handling
      30b4f0fa
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-4.2-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · d8132e08
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
       "Highlights include:
      
        Stable patches:
         - Fix a situation where the client uses the wrong (zero) stateid.
         - Fix a memory leak in nfs_do_recoalesce
      
        Bugfixes:
         - Plug a memory leak when ->prepare_layoutcommit fails
         - Fix an Oops in the NFSv4 open code
         - Fix a backchannel deadlock
         - Fix a livelock in sunrpc when sendmsg fails due to low memory
           availability
         - Don't revalidate the mapping if both size and change attr are up to
           date
         - Ensure we don't miss a file extension when doing pNFS
         - Several fixes to handle NFSv4.1 sequence operation status bits
           correctly
         - Several pNFS layout return bugfixes"
      
      * tag 'nfs-for-4.2-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (28 commits)
        nfs: Fix an oops caused by using other thread's stack space in ASYNC mode
        nfs: plug memory leak when ->prepare_layoutcommit fails
        SUNRPC: Report TCP errors to the caller
        sunrpc: translate -EAGAIN to -ENOBUFS when socket is writable.
        NFSv4.2: handle NFS-specific llseek errors
        NFS: Don't clear desc->pg_moreio in nfs_do_recoalesce()
        NFS: Fix a memory leak in nfs_do_recoalesce
        NFS: nfs_mark_for_revalidate should always set NFS_INO_REVAL_PAGECACHE
        NFS: Remove the "NFS_CAP_CHANGE_ATTR" capability
        NFS: Set NFS_INO_REVAL_PAGECACHE if the change attribute is uninitialised
        NFS: Don't revalidate the mapping if both size and change attr are up to date
        NFSv4/pnfs: Ensure we don't miss a file extension
        NFSv4: We must set NFS_OPEN_STATE flag in nfs_resync_open_stateid_locked
        SUNRPC: xprt_complete_bc_request must also decrement the free slot count
        SUNRPC: Fix a backchannel deadlock
        pNFS: Don't throw out valid layout segments
        pNFS: pnfs_roc_drain() fix a race with open
        pNFS: Fix races between return-on-close and layoutreturn.
        pNFS: pnfs_roc_drain should return 'true' when sleeping
        pNFS: Layoutreturn must invalidate all existing layout segments.
        ...
      d8132e08
    • Linus Torvalds's avatar
      Merge tag 'for-f2fs-v4.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs · 2ee6b000
      Linus Torvalds authored
      Pull f2fs fixes from Jaegeuk Kim.
      
      * tag 'for-f2fs-v4.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs:
        f2fs: call set_page_dirty to attach i_wb for cgroup
        f2fs: handle error cases in move_encrypted_block
      2ee6b000
    • Kinglong Mee's avatar
      nfs: Fix an oops caused by using other thread's stack space in ASYNC mode · a49c2691
      Kinglong Mee authored
      An oops caused by using other thread's stack space in sunrpc ASYNC sending thread.
      
      [ 9839.007187] ------------[ cut here ]------------
      [ 9839.007923] kernel BUG at fs/nfs/nfs4xdr.c:910!
      [ 9839.008069] invalid opcode: 0000 [#1] SMP
      [ 9839.008069] Modules linked in: blocklayoutdriver rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache snd_hda_codec_generic snd_hda_intel snd_hda_controller snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm joydev iosf_mbi crct10dif_pclmul snd_timer crc32_pclmul crc32c_intel ghash_clmulni_intel snd soundcore ppdev pvpanic parport_pc i2c_piix4 serio_raw virtio_balloon parport acpi_cpufreq nfsd nfs_acl lockd grace auth_rpcgss sunrpc qxl drm_kms_helper virtio_net virtio_console virtio_blk ttm drm virtio_pci virtio_ring virtio ata_generic pata_acpi
      [ 9839.008069] CPU: 0 PID: 308 Comm: kworker/0:1H Not tainted 4.0.0-0.rc4.git1.3.fc23.x86_64 #1
      [ 9839.008069] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      [ 9839.008069] Workqueue: rpciod rpc_async_schedule [sunrpc]
      [ 9839.008069] task: ffff8800d8b4d8e0 ti: ffff880036678000 task.ti: ffff880036678000
      [ 9839.008069] RIP: 0010:[<ffffffffa0339cc9>]  [<ffffffffa0339cc9>] reserve_space.part.73+0x9/0x10 [nfsv4]
      [ 9839.008069] RSP: 0018:ffff88003667ba58  EFLAGS: 00010246
      [ 9839.008069] RAX: 0000000000000000 RBX: 000000001fc15e18 RCX: ffff8800c0193800
      [ 9839.008069] RDX: ffff8800e4ae3f24 RSI: 000000001fc15e2c RDI: ffff88003667bcd0
      [ 9839.008069] RBP: ffff88003667ba58 R08: ffff8800d9173008 R09: 0000000000000003
      [ 9839.008069] R10: ffff88003667bcd0 R11: 000000000000000c R12: 0000000000010000
      [ 9839.008069] R13: ffff8800d9173350 R14: 0000000000000000 R15: ffff8800c0067b98
      [ 9839.008069] FS:  0000000000000000(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000
      [ 9839.008069] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 9839.008069] CR2: 00007f988c9c8bb0 CR3: 00000000d99b6000 CR4: 00000000000407f0
      [ 9839.008069] Stack:
      [ 9839.008069]  ffff88003667bbc8 ffffffffa03412c5 00000000c6c55680 ffff880000000003
      [ 9839.008069]  0000000000000088 00000010c6c55680 0001000000000002 ffffffff816e87e9
      [ 9839.008069]  0000000000000000 00000000477290e2 ffff88003667bab8 ffffffff81327ba3
      [ 9839.008069] Call Trace:
      [ 9839.008069]  [<ffffffffa03412c5>] encode_attrs+0x435/0x530 [nfsv4]
      [ 9839.008069]  [<ffffffff816e87e9>] ? inet_sendmsg+0x69/0xb0
      [ 9839.008069]  [<ffffffff81327ba3>] ? selinux_socket_sendmsg+0x23/0x30
      [ 9839.008069]  [<ffffffff8164c1df>] ? do_sock_sendmsg+0x9f/0xc0
      [ 9839.008069]  [<ffffffff8164c278>] ? kernel_sendmsg+0x58/0x70
      [ 9839.008069]  [<ffffffffa011acc0>] ? xdr_reserve_space+0x20/0x170 [sunrpc]
      [ 9839.008069]  [<ffffffffa011acc0>] ? xdr_reserve_space+0x20/0x170 [sunrpc]
      [ 9839.008069]  [<ffffffffa0341b40>] ? nfs4_xdr_enc_open_noattr+0x130/0x130 [nfsv4]
      [ 9839.008069]  [<ffffffffa03419a5>] encode_open+0x2d5/0x340 [nfsv4]
      [ 9839.008069]  [<ffffffffa0341b40>] ? nfs4_xdr_enc_open_noattr+0x130/0x130 [nfsv4]
      [ 9839.008069]  [<ffffffffa011ab89>] ? xdr_encode_opaque+0x19/0x20 [sunrpc]
      [ 9839.008069]  [<ffffffffa0339cfb>] ? encode_string+0x2b/0x40 [nfsv4]
      [ 9839.008069]  [<ffffffffa0341bf3>] nfs4_xdr_enc_open+0xb3/0x140 [nfsv4]
      [ 9839.008069]  [<ffffffffa0110a4c>] rpcauth_wrap_req+0xac/0xf0 [sunrpc]
      [ 9839.008069]  [<ffffffffa01017db>] call_transmit+0x18b/0x2d0 [sunrpc]
      [ 9839.008069]  [<ffffffffa0101650>] ? call_decode+0x860/0x860 [sunrpc]
      [ 9839.008069]  [<ffffffffa0101650>] ? call_decode+0x860/0x860 [sunrpc]
      [ 9839.008069]  [<ffffffffa010caa0>] __rpc_execute+0x90/0x460 [sunrpc]
      [ 9839.008069]  [<ffffffffa010ce85>] rpc_async_schedule+0x15/0x20 [sunrpc]
      [ 9839.008069]  [<ffffffff810b452b>] process_one_work+0x1bb/0x410
      [ 9839.008069]  [<ffffffff810b47d3>] worker_thread+0x53/0x470
      [ 9839.008069]  [<ffffffff810b4780>] ? process_one_work+0x410/0x410
      [ 9839.008069]  [<ffffffff810b4780>] ? process_one_work+0x410/0x410
      [ 9839.008069]  [<ffffffff810ba7b8>] kthread+0xd8/0xf0
      [ 9839.008069]  [<ffffffff810ba6e0>] ? kthread_worker_fn+0x180/0x180
      [ 9839.008069]  [<ffffffff81786418>] ret_from_fork+0x58/0x90
      [ 9839.008069]  [<ffffffff810ba6e0>] ? kthread_worker_fn+0x180/0x180
      [ 9839.008069] Code: 00 00 48 c7 c7 21 fa 37 a0 e8 94 1c d6 e0 c6 05 d2 17 05 00 01 8b 03 eb d7 66 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 89 e5 <0f> 0b 0f 1f 44 00 00 66 66 66 66 90 55 48 89 e5 41 54 53 89 f3
      [ 9839.008069] RIP  [<ffffffffa0339cc9>] reserve_space.part.73+0x9/0x10 [nfsv4]
      [ 9839.008069]  RSP <ffff88003667ba58>
      [ 9839.071114] ---[ end trace cc14c03adb522e94 ]---
      Signed-off-by: default avatarKinglong Mee <kinglongmee@gmail.com>
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
      a49c2691
    • Jeff Layton's avatar
      nfs: plug memory leak when ->prepare_layoutcommit fails · 3471648a
      Jeff Layton authored
      "data" is currently leaked when the prepare_layoutcommit operation
      returns an error. Put the cred before taking the spinlock in that
      case, take the lock and then goto out_unlock which will drop the
      lock and then free "data".
      Signed-off-by: default avatarJeff Layton <jeff.layton@primarydata.com>
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
      3471648a
    • Heiko Carstens's avatar
      s390/cachinfo: add missing facility check to init_cache_level() · 0b991f5c
      Heiko Carstens authored
      Stephen Powell reported the following crash on a z890 machine:
      
      Kernel BUG at 00000000001219d0 [verbose debug info unavailable]
      illegal operation: 0001 ilc:3 [#1] SMP
      Krnl PSW : 0704e00180000000 00000000001219d0 (init_cache_level+0x38/0xe0)
      	   R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 EA:3
      Krnl Code: 00000000001219c2: a7840056		brc	8,121a6e
      	   00000000001219c6: a7190000		lghi	%r1,0
      	  #00000000001219ca: eb101000004c	ecag	%r1,%r0,0(%r1)
      	  >00000000001219d0: a7390000		lghi	%r3,0
      	   00000000001219d4: e310f0a00024	stg	%r1,160(%r15)
      	   00000000001219da: a7080000		lhi	%r0,0
      	   00000000001219de: a7b9f000		lghi	%r11,-4096
      	   00000000001219e2: c0a0002899d9	larl	%r10,634d94
      Call Trace:
       [<0000000000478ee2>] detect_cache_attributes+0x2a/0x2b8
       [<000000000097c9b0>] cacheinfo_sysfs_init+0x60/0xc8
       [<00000000001001c0>] do_one_initcall+0x98/0x1c8
       [<000000000094fdc2>] kernel_init_freeable+0x212/0x2d8
       [<000000000062352e>] kernel_init+0x26/0x118
       [<000000000062fd2e>] kernel_thread_starter+0x6/0xc
      
      The illegal operation was executed because of a missing facility check,
      which should have made sure that the ECAG execution would only be executed
      on machines which have the general-instructions-extension facility
      installed.
      Reported-and-tested-by: default avatarStephen Powell <zlinuxman@wowway.com>
      Cc: stable@vger.kernel.org # v4.0+
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      0b991f5c
    • Colin Ian King's avatar
      KEYS: ensure we free the assoc array edit if edit is valid · ca4da5dd
      Colin Ian King authored
      __key_link_end is not freeing the associated array edit structure
      and this leads to a 512 byte memory leak each time an identical
      existing key is added with add_key().
      
      The reason the add_key() system call returns okay is that
      key_create_or_update() calls __key_link_begin() before checking to see
      whether it can update a key directly rather than adding/replacing - which
      it turns out it can.  Thus __key_link() is not called through
      __key_instantiate_and_link() and __key_link_end() must cancel the edit.
      
      CVE-2015-1333
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      ca4da5dd
  4. 27 Jul, 2015 16 commits
  5. 26 Jul, 2015 5 commits