From patchwork Mon Aug 24 08:30:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265149 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5727C433E1 for ; Mon, 24 Aug 2020 08:49:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8871B2072D for ; Mon, 24 Aug 2020 08:49:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598258988; bh=rsO0Mge3Fyu9w0ytzbKM5dzgdzpTXz3fx22bKZ4jLjI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=VJlAw5KmbVuR6rpEGy3iyWd+/QIZNuY63yPujD9nX6bue1nUdi36sLuSYP6MjYvSJ U2NFghfxw+Nury2lR7zbI+4XCwlHRs9nLHhp/xAgxeD8UGYSJxrqS8xw5f+DpAikQl I8V9WtP9lfXhHWzMP5bXBeyLQqsf027b8MlNCxJw= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729767AbgHXItq (ORCPT ); Mon, 24 Aug 2020 04:49:46 -0400 Received: from mail.kernel.org ([198.145.29.99]:52492 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729763AbgHXItp (ORCPT ); Mon, 24 Aug 2020 04:49:45 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F37B32072D; Mon, 24 Aug 2020 08:49:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598258984; bh=rsO0Mge3Fyu9w0ytzbKM5dzgdzpTXz3fx22bKZ4jLjI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=j93gyRi9SqPjM5o2zg4ynZIplKnI9b2vqW6kqmkSBOHC6liE2Uv6tTJIIxCg10HtO qQm0uBY5ZDx1+8nOwu+g+Xhglkz/06N7znEsfS3FmGoqDXFmkYLB9bzmkeZXQ0ZgWs C7yoWXguFlNuwTaJcAJ3a/Q53h8GBjAvdhJ0buoQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Masami Hiramatsu , Srikar Dronamraju , Andi Kleen , Oleg Nesterov , Arnaldo Carvalho de Melo , Sasha Levin Subject: [PATCH 4.4 02/33] perf probe: Fix memory leakage when the probe point is not found Date: Mon, 24 Aug 2020 10:30:58 +0200 Message-Id: <20200824082346.622728804@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Masami Hiramatsu [ Upstream commit 12d572e785b15bc764e956caaa8a4c846fd15694 ] Fix the memory leakage in debuginfo__find_trace_events() when the probe point is not found in the debuginfo. If there is no probe point found in the debuginfo, debuginfo__find_probes() will NOT return -ENOENT, but 0. Thus the caller of debuginfo__find_probes() must check the tf.ntevs and release the allocated memory for the array of struct probe_trace_event. The current code releases the memory only if the debuginfo__find_probes() hits an error but not checks tf.ntevs. In the result, the memory allocated on *tevs are not released if tf.ntevs == 0. This fixes the memory leakage by checking tf.ntevs == 0 in addition to ret < 0. Fixes: ff741783506c ("perf probe: Introduce debuginfo to encapsulate dwarf information") Signed-off-by: Masami Hiramatsu Reviewed-by: Srikar Dronamraju Cc: Andi Kleen Cc: Oleg Nesterov Cc: stable@vger.kernel.org Link: http://lore.kernel.org/lkml/159438668346.62703.10887420400718492503.stgit@devnote2 Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Sasha Levin --- tools/perf/util/probe-finder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c index c694f10d004cc..1b73537af91db 100644 --- a/tools/perf/util/probe-finder.c +++ b/tools/perf/util/probe-finder.c @@ -1274,7 +1274,7 @@ int debuginfo__find_trace_events(struct debuginfo *dbg, tf.ntevs = 0; ret = debuginfo__find_probes(dbg, &tf.pf); - if (ret < 0) { + if (ret < 0 || tf.ntevs == 0) { for (i = 0; i < tf.ntevs; i++) clear_probe_trace_event(&tf.tevs[i]); zfree(tevs); From patchwork Mon Aug 24 08:30:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265052 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 07EBCC433DF for ; Mon, 24 Aug 2020 09:33:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D4F08206F0 for ; Mon, 24 Aug 2020 09:33:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261603; bh=f75tl17vxQarEIOmbQCAPyjN44tFzQmDBYKWO4ULK34=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=Kmd67O5bUscKIaUjmfzCQLoCE6YOQSWR1znxprSpgUCB/eQQXhmBwXUJxvaZ5P7U9 ifWm4pj3SDHpzp23mbq25WdUQ0Eqtu+QiL1h/rOErQCOqGNk1e3QVfNTJHnCabGfqY ge/+dYzjJxM0A4eIj38/GOw3EmRpMxBLdsP3Q6u8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728561AbgHXJdS (ORCPT ); Mon, 24 Aug 2020 05:33:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:52558 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728661AbgHXItr (ORCPT ); Mon, 24 Aug 2020 04:49:47 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 425C02075B; Mon, 24 Aug 2020 08:49:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598258986; bh=f75tl17vxQarEIOmbQCAPyjN44tFzQmDBYKWO4ULK34=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cw6H7NrDuXldc+a4TguUiUtyEP5UBwc3MCf9gpfiikW8O/Q7PzdWb7H4V1x41ugvD u9z3ZaLwbwPkuB58ch/pawMYK1l2cCZ0zreqBZWr/84EPymeZmOfKO+/yvHzWDpz9O CpvgHXJwhaQR8JsSwsaqOUUnAin6oWUy1L7IhCjg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Christoph Hellwig , Sargun Dhillon , Jakub Kicinski , Christian Brauner , Kees Cook , Sasha Levin Subject: [PATCH 4.4 03/33] net/compat: Add missing sock updates for SCM_RIGHTS Date: Mon, 24 Aug 2020 10:30:59 +0200 Message-Id: <20200824082346.694200004@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Kees Cook [ Upstream commit d9539752d23283db4692384a634034f451261e29 ] Add missed sock updates to compat path via a new helper, which will be used more in coming patches. (The net/core/scm.c code is left as-is here to assist with -stable backports for the compat path.) Cc: Christoph Hellwig Cc: Sargun Dhillon Cc: Jakub Kicinski Cc: stable@vger.kernel.org Fixes: 48a87cc26c13 ("net: netprio: fd passed in SCM_RIGHTS datagram not set correctly") Fixes: d84295067fc7 ("net: net_cls: fd passed in SCM_RIGHTS datagram not set correctly") Acked-by: Christian Brauner Signed-off-by: Kees Cook Signed-off-by: Sasha Levin --- include/net/sock.h | 4 ++++ net/compat.c | 1 + net/core/sock.c | 21 +++++++++++++++++++++ 3 files changed, 26 insertions(+) diff --git a/include/net/sock.h b/include/net/sock.h index 426a57874964c..31198b32d9122 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -779,6 +779,8 @@ static inline int sk_memalloc_socks(void) { return static_key_false(&memalloc_socks); } + +void __receive_sock(struct file *file); #else static inline int sk_memalloc_socks(void) @@ -786,6 +788,8 @@ static inline int sk_memalloc_socks(void) return 0; } +static inline void __receive_sock(struct file *file) +{ } #endif static inline gfp_t sk_gfp_atomic(const struct sock *sk, gfp_t gfp_mask) diff --git a/net/compat.c b/net/compat.c index d676840104556..20c5e5f215f23 100644 --- a/net/compat.c +++ b/net/compat.c @@ -284,6 +284,7 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) break; } /* Bump the usage count and install the file. */ + __receive_sock(fp[i]); fd_install(new_fd, get_file(fp[i])); } diff --git a/net/core/sock.c b/net/core/sock.c index 120d5058d81ae..82f9a7dbea6fe 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -2275,6 +2275,27 @@ int sock_no_mmap(struct file *file, struct socket *sock, struct vm_area_struct * } EXPORT_SYMBOL(sock_no_mmap); +/* + * When a file is received (via SCM_RIGHTS, etc), we must bump the + * various sock-based usage counts. + */ +void __receive_sock(struct file *file) +{ + struct socket *sock; + int error; + + /* + * The resulting value of "error" is ignored here since we only + * need to take action when the file is a socket and testing + * "sock" for NULL is sufficient. + */ + sock = sock_from_file(file, &error); + if (sock) { + sock_update_netprioidx(sock->sk); + sock_update_classid(sock->sk); + } +} + ssize_t sock_no_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags) { ssize_t res; From patchwork Mon Aug 24 08:31:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265053 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F3A8C433DF for ; Mon, 24 Aug 2020 09:32:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0AC79206F0 for ; Mon, 24 Aug 2020 09:32:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261579; bh=7lsbmAPE+osnBo1JtRXsGT97WYY4/pQeVP4SvQXn9B0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=0DNBMTZn2s71zJAGGihhtBLuzGm3cJ/oJz/1/0JmhOQJabx+sCC+9XCSlCHdlgbqp amtTbMLJoddQPS4A8GbHBBSqTR4jxbVTaH7F5qBVdg4X0gWse0QdGvSTsFvMsujbVM L8hagCXLLl6qHddYj/tI8M11c7LN2mtGJ1MKpzSg= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728129AbgHXJc5 (ORCPT ); Mon, 24 Aug 2020 05:32:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:52654 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729779AbgHXItt (ORCPT ); Mon, 24 Aug 2020 04:49:49 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B50D42087D; Mon, 24 Aug 2020 08:49:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598258989; bh=7lsbmAPE+osnBo1JtRXsGT97WYY4/pQeVP4SvQXn9B0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TWBfd3rkOwNsfW7QtEIkrCwek6LbHRXXDobnEDzQeP8y7PVbISRBK83rubH2Gkmbo h6UGH6VfA1347aNyR6dHGiP316f3tH2YLofRGeH3oy7C35F0SOeXS3rk+H34Gly82K nXWO//rVPZQX7PtfnpAzZn2u8vwOM+5z2ODsI9vs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ahmad Fatoum , Guenter Roeck , Wim Van Sebroeck , Sasha Levin Subject: [PATCH 4.4 04/33] watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options Date: Mon, 24 Aug 2020 10:31:00 +0200 Message-Id: <20200824082346.743864011@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Ahmad Fatoum [ Upstream commit e871e93fb08a619dfc015974a05768ed6880fd82 ] The driver supports populating bootstatus with WDIOF_CARDRESET, but so far userspace couldn't portably determine whether absence of this flag meant no watchdog reset or no driver support. Or-in the bit to fix this. Fixes: b97cb21a4634 ("watchdog: f71808e_wdt: Fix WDTMOUT_STS register read") Cc: stable@vger.kernel.org Signed-off-by: Ahmad Fatoum Reviewed-by: Guenter Roeck Link: https://lore.kernel.org/r/20200611191750.28096-3-a.fatoum@pengutronix.de Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck Signed-off-by: Sasha Levin --- drivers/watchdog/f71808e_wdt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/watchdog/f71808e_wdt.c b/drivers/watchdog/f71808e_wdt.c index 2048aad91add8..3577e356e08cc 100644 --- a/drivers/watchdog/f71808e_wdt.c +++ b/drivers/watchdog/f71808e_wdt.c @@ -644,7 +644,8 @@ static int __init watchdog_init(int sioaddr) watchdog.sioaddr = sioaddr; watchdog.ident.options = WDIOC_SETTIMEOUT | WDIOF_MAGICCLOSE - | WDIOF_KEEPALIVEPING; + | WDIOF_KEEPALIVEPING + | WDIOF_CARDRESET; snprintf(watchdog.ident.identity, sizeof(watchdog.ident.identity), "%s watchdog", From patchwork Mon Aug 24 08:31:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265054 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0FE6BC433E1 for ; Mon, 24 Aug 2020 09:32:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E118C20738 for ; Mon, 24 Aug 2020 09:32:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261559; bh=7CNvVz8rGhDFYm7q2EFtNcKpYiN/FyhHfc/Pr+CZ0p0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=cK5HWCKzDRf4DDTm8SMiOPZz+AMOuK+ElRxs3SOmRZcEa4ejQWWUrbVQj5fRc+21F TTfO5doScIatq25t/aWx5Lli7CiEvMX1yhhpXPoaQ8gWvQdvkU3mxPX4cXJIqTuF9w inSmAFRGw2WFfr6/t4U9Iyc79QuTfY9107jYuzlU= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729763AbgHXItz (ORCPT ); Mon, 24 Aug 2020 04:49:55 -0400 Received: from mail.kernel.org ([198.145.29.99]:52816 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729506AbgHXIty (ORCPT ); Mon, 24 Aug 2020 04:49:54 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B175D204FD; Mon, 24 Aug 2020 08:49:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598258994; bh=7CNvVz8rGhDFYm7q2EFtNcKpYiN/FyhHfc/Pr+CZ0p0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=w5aZV2SgyK6u//X1ChrrUXHoVyQKpVjuNMqjxBPOWL6X2JrgVPcn1058WedJZSnkT DJ8+iYIPgIpZBICdXE2OaG3XYkvE1ntZi9cL9rGAoLxbtf2Bn6GgrIK+T3MglyfsjY LkuU6tGllQV3M6HwHixMhRy0eiQRcJefx7qUyPb8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andrea Arcangeli , Michal Hocko , "Kirill A. Shutemov" , Oleg Nesterov , Jann Horn , Hugh Dickins , Mike Rapoport , Mike Kravetz , Peter Xu , Jason Gunthorpe , Andrew Morton , Linus Torvalds , Sasha Levin Subject: [PATCH 4.4 06/33] coredump: fix race condition between collapse_huge_page() and core dumping Date: Mon, 24 Aug 2020 10:31:02 +0200 Message-Id: <20200824082346.835996655@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Andrea Arcangeli [ Upstream commit 59ea6d06cfa9247b586a695c21f94afa7183af74 ] When fixing the race conditions between the coredump and the mmap_sem holders outside the context of the process, we focused on mmget_not_zero()/get_task_mm() callers in 04f5866e41fb70 ("coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping"), but those aren't the only cases where the mmap_sem can be taken outside of the context of the process as Michal Hocko noticed while backporting that commit to older -stable kernels. If mmgrab() is called in the context of the process, but then the mm_count reference is transferred outside the context of the process, that can also be a problem if the mmap_sem has to be taken for writing through that mm_count reference. khugepaged registration calls mmgrab() in the context of the process, but the mmap_sem for writing is taken later in the context of the khugepaged kernel thread. collapse_huge_page() after taking the mmap_sem for writing doesn't modify any vma, so it's not obvious that it could cause a problem to the coredump, but it happens to modify the pmd in a way that breaks an invariant that pmd_trans_huge_lock() relies upon. collapse_huge_page() needs the mmap_sem for writing just to block concurrent page faults that call pmd_trans_huge_lock(). Specifically the invariant that "!pmd_trans_huge()" cannot become a "pmd_trans_huge()" doesn't hold while collapse_huge_page() runs. The coredump will call __get_user_pages() without mmap_sem for reading, which eventually can invoke a lockless page fault which will need a functional pmd_trans_huge_lock(). So collapse_huge_page() needs to use mmget_still_valid() to check it's not running concurrently with the coredump... as long as the coredump can invoke page faults without holding the mmap_sem for reading. This has "Fixes: khugepaged" to facilitate backporting, but in my view it's more a bug in the coredump code that will eventually have to be rewritten to stop invoking page faults without the mmap_sem for reading. So the long term plan is still to drop all mmget_still_valid(). Link: http://lkml.kernel.org/r/20190607161558.32104-1-aarcange@redhat.com Fixes: ba76149f47d8 ("thp: khugepaged") Signed-off-by: Andrea Arcangeli Reported-by: Michal Hocko Acked-by: Michal Hocko Acked-by: Kirill A. Shutemov Cc: Oleg Nesterov Cc: Jann Horn Cc: Hugh Dickins Cc: Mike Rapoport Cc: Mike Kravetz Cc: Peter Xu Cc: Jason Gunthorpe Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin --- include/linux/mm.h | 4 ++++ mm/huge_memory.c | 3 +++ 2 files changed, 7 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 03cf5526e4456..2b17d2fca4299 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1123,6 +1123,10 @@ void unmap_vmas(struct mmu_gather *tlb, struct vm_area_struct *start_vma, * followed by taking the mmap_sem for writing before modifying the * vmas or anything the coredump pretends not to change from under it. * + * It also has to be called when mmgrab() is used in the context of + * the process, but then the mm_count refcount is transferred outside + * the context of the process to run down_write() on that pinned mm. + * * NOTE: find_extend_vma() called from GUP context is the only place * that can modify the "mm" (notably the vm_start/end) under mmap_sem * for reading and outside the context of the process, so it is also diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 465786cd6490e..c5628ebc0fc29 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2587,6 +2587,9 @@ static void collapse_huge_page(struct mm_struct *mm, * handled by the anon_vma lock + PG_lock. */ down_write(&mm->mmap_sem); + result = SCAN_ANY_PROCESS; + if (!mmget_still_valid(mm)) + goto out; if (unlikely(khugepaged_test_exit(mm))) goto out; From patchwork Mon Aug 24 08:31:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265065 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7FD77C433DF for ; Mon, 24 Aug 2020 09:29:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 60A8E207D3 for ; Mon, 24 Aug 2020 09:29:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261349; bh=oO0dZwfGj4Y6n706qO+SnIlv1vaIK4Y+d8ortXkuYlc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=laqw7ctJfQ9SVe18Sa/j05n3XGXRerMByJCkFCj3fOpGGd0/09pe36awN5/tHAm6U r7TKyaQbklUO8PMHso8i/sfkraMbxIJ0b292B2OyvyXW8dN81oaJ3q7plEdVSNPM56 ZJZzhU1tp0SD1MvSua5ZeqXJA416XIF5YUwtDeBQ= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729900AbgHXIvJ (ORCPT ); Mon, 24 Aug 2020 04:51:09 -0400 Received: from mail.kernel.org ([198.145.29.99]:55734 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729896AbgHXIvI (ORCPT ); Mon, 24 Aug 2020 04:51:08 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 19B182072D; Mon, 24 Aug 2020 08:51:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259067; bh=oO0dZwfGj4Y6n706qO+SnIlv1vaIK4Y+d8ortXkuYlc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IH20dnCfe7vbNzFvXFvwDCaULXBx6fXLQVyZvpT8gy/NXJE2gLiPO6Wi6DRvfDyk/ eCNJUSL3fZtD5dFfyaGczDMI1oAduYTkKc9J2q9EOPVjIWnX14Yp7vwIjlU2eBnSB6 zY0itd1LhUay03b9AeX/uEvwStuzqs4nJfpmUqig= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot , Hugh Dickins , Andrew Morton , Yang Shi , "Kirill A. Shutemov" , Andrea Arcangeli , Song Liu , Mike Kravetz , Eric Dumazet , Linus Torvalds , Sasha Levin Subject: [PATCH 4.4 08/33] khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter() Date: Mon, 24 Aug 2020 10:31:04 +0200 Message-Id: <20200824082346.936562325@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Hugh Dickins [ Upstream commit f3f99d63a8156c7a4a6b20aac22b53c5579c7dc1 ] syzbot crashes on the VM_BUG_ON_MM(khugepaged_test_exit(mm), mm) in __khugepaged_enter(): yes, when one thread is about to dump core, has set core_state, and is waiting for others, another might do something calling __khugepaged_enter(), which now crashes because I lumped the core_state test (known as "mmget_still_valid") into khugepaged_test_exit(). I still think it's best to lump them together, so just in this exceptional case, check mm->mm_users directly instead of khugepaged_test_exit(). Fixes: bbe98f9cadff ("khugepaged: khugepaged_test_exit() check mmget_still_valid()") Reported-by: syzbot Signed-off-by: Hugh Dickins Signed-off-by: Andrew Morton Acked-by: Yang Shi Cc: "Kirill A. Shutemov" Cc: Andrea Arcangeli Cc: Song Liu Cc: Mike Kravetz Cc: Eric Dumazet Cc: [4.8+] Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2008141503370.18085@eggly.anvils Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin --- mm/huge_memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 1c4d7d2f53d22..f38d24bb8a1bc 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2149,7 +2149,7 @@ int __khugepaged_enter(struct mm_struct *mm) return -ENOMEM; /* __khugepaged_exit() must not run from under us */ - VM_BUG_ON_MM(khugepaged_test_exit(mm), mm); + VM_BUG_ON_MM(atomic_read(&mm->mm_users) == 0, mm); if (unlikely(test_and_set_bit(MMF_VM_HUGEPAGE, &mm->flags))) { free_mm_slot(mm_slot); return 0; From patchwork Mon Aug 24 08:31:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265055 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B4E9C433E4 for ; Mon, 24 Aug 2020 09:32:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3A0A22224D for ; Mon, 24 Aug 2020 09:32:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261543; bh=zKQ8ZtWYpiM4WvCVnO7PZSUwlvnZhnWf8oE8kLvil2E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=EO035e/iCt1DqLq8Rd5tdWRDpcyH2AGC/bWAe6c+1Ip3EOGJeQ1Wxe0VJZ8BfwpHs 7ojcotCog5+PVrZ4feUuNlebaIh5mT7EeJ9ClTgLVJN542jYR8ucQQeXfWXmkR1OUa 1K1913m+NTH+ZswpHppvxz0ZdM/yTzguktAw0V88= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729497AbgHXIuF (ORCPT ); Mon, 24 Aug 2020 04:50:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:53140 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729811AbgHXIuD (ORCPT ); Mon, 24 Aug 2020 04:50:03 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 88B00207D3; Mon, 24 Aug 2020 08:50:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259002; bh=zKQ8ZtWYpiM4WvCVnO7PZSUwlvnZhnWf8oE8kLvil2E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qj8YaQTjSrNrnv3fhi5zYT4DWd1eoEvAsrGqA8CDq2sKGrB1nAF8pz9apUmtolR6w 690vRqdOom6wuJi+YMlC6moQ7IZ+o0vUheT9pbnCeiZb0BZZo2u6k6yRHTDsQx/YeP KitZUeyKqzLiKKzUZpA1W+fYHaAuuifqZSN7nkV0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Marcos Paulo de Souza , David Sterba , Sasha Levin Subject: [PATCH 4.4 09/33] btrfs: export helpers for subvolume name/id resolution Date: Mon, 24 Aug 2020 10:31:05 +0200 Message-Id: <20200824082346.992358892@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Marcos Paulo de Souza [ Upstream commit c0c907a47dccf2cf26251a8fb4a8e7a3bf79ce84 ] The functions will be used outside of export.c and super.c to allow resolving subvolume name from a given id, eg. for subvolume deletion by id ioctl. Signed-off-by: Marcos Paulo de Souza Reviewed-by: David Sterba [ split from the next patch ] Signed-off-by: David Sterba Signed-off-by: Sasha Levin --- fs/btrfs/ctree.h | 2 ++ fs/btrfs/export.c | 8 ++++---- fs/btrfs/export.h | 5 +++++ fs/btrfs/super.c | 8 ++++---- 4 files changed, 15 insertions(+), 8 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 0b06d4942da77..8fb9a1e0048be 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -4096,6 +4096,8 @@ ssize_t btrfs_listxattr(struct dentry *dentry, char *buffer, size_t size); /* super.c */ int btrfs_parse_options(struct btrfs_root *root, char *options); int btrfs_sync_fs(struct super_block *sb, int wait); +char *btrfs_get_subvol_name_from_objectid(struct btrfs_fs_info *fs_info, + u64 subvol_objectid); #ifdef CONFIG_PRINTK __printf(2, 3) diff --git a/fs/btrfs/export.c b/fs/btrfs/export.c index 2513a7f533342..92f80ed642194 100644 --- a/fs/btrfs/export.c +++ b/fs/btrfs/export.c @@ -55,9 +55,9 @@ static int btrfs_encode_fh(struct inode *inode, u32 *fh, int *max_len, return type; } -static struct dentry *btrfs_get_dentry(struct super_block *sb, u64 objectid, - u64 root_objectid, u32 generation, - int check_generation) +struct dentry *btrfs_get_dentry(struct super_block *sb, u64 objectid, + u64 root_objectid, u32 generation, + int check_generation) { struct btrfs_fs_info *fs_info = btrfs_sb(sb); struct btrfs_root *root; @@ -150,7 +150,7 @@ static struct dentry *btrfs_fh_to_dentry(struct super_block *sb, struct fid *fh, return btrfs_get_dentry(sb, objectid, root_objectid, generation, 1); } -static struct dentry *btrfs_get_parent(struct dentry *child) +struct dentry *btrfs_get_parent(struct dentry *child) { struct inode *dir = d_inode(child); struct btrfs_root *root = BTRFS_I(dir)->root; diff --git a/fs/btrfs/export.h b/fs/btrfs/export.h index 074348a95841f..7a305e5549991 100644 --- a/fs/btrfs/export.h +++ b/fs/btrfs/export.h @@ -16,4 +16,9 @@ struct btrfs_fid { u64 parent_root_objectid; } __attribute__ ((packed)); +struct dentry *btrfs_get_dentry(struct super_block *sb, u64 objectid, + u64 root_objectid, u32 generation, + int check_generation); +struct dentry *btrfs_get_parent(struct dentry *child); + #endif diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 404051bf5cba9..540e6f141745a 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -843,8 +843,8 @@ out: return error; } -static char *get_subvol_name_from_objectid(struct btrfs_fs_info *fs_info, - u64 subvol_objectid) +char *btrfs_get_subvol_name_from_objectid(struct btrfs_fs_info *fs_info, + u64 subvol_objectid) { struct btrfs_root *root = fs_info->tree_root; struct btrfs_root *fs_root; @@ -1323,8 +1323,8 @@ static struct dentry *mount_subvol(const char *subvol_name, u64 subvol_objectid, goto out; } } - subvol_name = get_subvol_name_from_objectid(btrfs_sb(mnt->mnt_sb), - subvol_objectid); + subvol_name = btrfs_get_subvol_name_from_objectid( + btrfs_sb(mnt->mnt_sb), subvol_objectid); if (IS_ERR(subvol_name)) { root = ERR_CAST(subvol_name); subvol_name = NULL; From patchwork Mon Aug 24 08:31:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265059 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C3EFC433E3 for ; Mon, 24 Aug 2020 09:31:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1D0D82075B for ; Mon, 24 Aug 2020 09:31:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261482; bh=0g7kyKxXgmcJ4N2m051xYs1jjPbheP0S6zKtTzT7HMw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=NR+ejaz0BshHdveSq2JIEGPIhDfhQXDiscyalpWAp3dZqcDbUFV93hVu8kbaOWcVF k1FhlmtsZdReRCkw3ehk2vCJ+rnvTxfrpUBrlaVmBcOGvEBGOVDNMORQFMghkba+xx UAFBWvg04YAfBn2Og43K89QSPfP43Fny04ChAU4Q= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728678AbgHXJbP (ORCPT ); Mon, 24 Aug 2020 05:31:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:54210 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729644AbgHXIua (ORCPT ); Mon, 24 Aug 2020 04:50:30 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4AD76204FD; Mon, 24 Aug 2020 08:50:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259029; bh=0g7kyKxXgmcJ4N2m051xYs1jjPbheP0S6zKtTzT7HMw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HkZXQL2oDNW2GZiAKjKIzFsYUpinxWTwNSADhN1JoWFG7/3ia6k2OYh5X+aR9ULQ+ JLglhl2Kt2l0Vx9H81sv3g8DQLOkNj/K6Ryy3K4kRKtSP4r7ymbd1yhhzeMxPwXXb0 coVjojyaT/w/IdHEwsPJHXb2wKpt+p3JBYXaNe0A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chris Murphy , Josef Bacik , David Sterba , Sasha Levin Subject: [PATCH 4.4 10/33] btrfs: dont show full path of bind mounts in subvol= Date: Mon, 24 Aug 2020 10:31:06 +0200 Message-Id: <20200824082347.038480018@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Josef Bacik [ Upstream commit 3ef3959b29c4a5bd65526ab310a1a18ae533172a ] Chris Murphy reported a problem where rpm ostree will bind mount a bunch of things for whatever voodoo it's doing. But when it does this /proc/mounts shows something like /dev/sda /mnt/test btrfs rw,relatime,subvolid=256,subvol=/foo 0 0 /dev/sda /mnt/test/baz btrfs rw,relatime,subvolid=256,subvol=/foo/bar 0 0 Despite subvolid=256 being subvol=/foo. This is because we're just spitting out the dentry of the mount point, which in the case of bind mounts is the source path for the mountpoint. Instead we should spit out the path to the actual subvol. Fix this by looking up the name for the subvolid we have mounted. With this fix the same test looks like this /dev/sda /mnt/test btrfs rw,relatime,subvolid=256,subvol=/foo 0 0 /dev/sda /mnt/test/baz btrfs rw,relatime,subvolid=256,subvol=/foo 0 0 Reported-by: Chris Murphy CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Josef Bacik Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Sasha Levin --- fs/btrfs/super.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 540e6f141745a..77e6ce0e1e351 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -1120,6 +1120,7 @@ static int btrfs_show_options(struct seq_file *seq, struct dentry *dentry) struct btrfs_fs_info *info = btrfs_sb(dentry->d_sb); struct btrfs_root *root = info->tree_root; char *compress_type; + const char *subvol_name; if (btrfs_test_opt(root, DEGRADED)) seq_puts(seq, ",degraded"); @@ -1204,8 +1205,13 @@ static int btrfs_show_options(struct seq_file *seq, struct dentry *dentry) #endif seq_printf(seq, ",subvolid=%llu", BTRFS_I(d_inode(dentry))->root->root_key.objectid); - seq_puts(seq, ",subvol="); - seq_dentry(seq, dentry, " \t\n\\"); + subvol_name = btrfs_get_subvol_name_from_objectid(info, + BTRFS_I(d_inode(dentry))->root->root_key.objectid); + if (!IS_ERR(subvol_name)) { + seq_puts(seq, ",subvol="); + seq_escape(seq, subvol_name, " \t\n\\"); + kfree(subvol_name); + } return 0; } From patchwork Mon Aug 24 08:31:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265062 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8AF88C433DF for ; Mon, 24 Aug 2020 09:30:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5DB03206B5 for ; Mon, 24 Aug 2020 09:30:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261438; bh=nstCH6mn71s6+t+b0/T4hwQQsqc+bqiv7+SPeqwEVLc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=bKWX68TqaL6cMAmsz6yIDdaA+R7mhdY6kg7s3v2WcXY8j2phUAMacLv46qLdFbZoz fuyU64uV3AWevwjMXMjqXK4XKmTdpfu+zzr+8rgoL2quE8lMLNL+EZ17hymj4XtGfN OQRnKYZgdwdU8aCwUo1GbBKKzkBC+Qi4LO0JMKr4= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728037AbgHXIuu (ORCPT ); Mon, 24 Aug 2020 04:50:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:54966 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728307AbgHXIus (ORCPT ); Mon, 24 Aug 2020 04:50:48 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5D837204FD; Mon, 24 Aug 2020 08:50:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259047; bh=nstCH6mn71s6+t+b0/T4hwQQsqc+bqiv7+SPeqwEVLc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IbAmazxZEmM2z3oDSQb2bvTeaiUdqTa+Wzghv+rNN4uSE6KmRY3zPZBM3FneR0pbO rUtQRWO62hduv4jvBePQJuoR/axGwGICSLGvXUo4+wFQE6i1wjFNpcrrVpu+BcoAyN hfek/5rHZ1ZqGkzUiTkH47nfYy31HLgBwKMp+LSA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jann Horn , Andrew Morton , David Howells , Linus Torvalds Subject: [PATCH 4.4 11/33] romfs: fix uninitialized memory leak in romfs_dev_read() Date: Mon, 24 Aug 2020 10:31:07 +0200 Message-Id: <20200824082347.084399389@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jann Horn commit bcf85fcedfdd17911982a3e3564fcfec7b01eebd upstream. romfs has a superblock field that limits the size of the filesystem; data beyond that limit is never accessed. romfs_dev_read() fetches a caller-supplied number of bytes from the backing device. It returns 0 on success or an error code on failure; therefore, its API can't represent short reads, it's all-or-nothing. However, when romfs_dev_read() detects that the requested operation would cross the filesystem size limit, it currently silently truncates the requested number of bytes. This e.g. means that when the content of a file with size 0x1000 starts one byte before the filesystem size limit, ->readpage() will only fill a single byte of the supplied page while leaving the rest uninitialized, leaking that uninitialized memory to userspace. Fix it by returning an error code instead of truncating the read when the requested read operation would go beyond the end of the filesystem. Fixes: da4458bda237 ("NOMMU: Make it possible for RomFS to use MTD devices directly") Signed-off-by: Jann Horn Signed-off-by: Andrew Morton Reviewed-by: Greg Kroah-Hartman Cc: David Howells Cc: Link: http://lkml.kernel.org/r/20200818013202.2246365-1-jannh@google.com Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- fs/romfs/storage.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/fs/romfs/storage.c +++ b/fs/romfs/storage.c @@ -221,10 +221,8 @@ int romfs_dev_read(struct super_block *s size_t limit; limit = romfs_maxsize(sb); - if (pos >= limit) + if (pos >= limit || buflen > limit - pos) return -EIO; - if (buflen > limit - pos) - buflen = limit - pos; #ifdef CONFIG_ROMFS_ON_MTD if (sb->s_mtd) From patchwork Mon Aug 24 08:31:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265146 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11A9FC433DF for ; Mon, 24 Aug 2020 08:50:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E20122075B for ; Mon, 24 Aug 2020 08:50:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259053; bh=AZuEdAa3dc7A9sCRftHBLwrUEAyQJME8CGSaJxfPhMA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=OX2BnaNit11Ptjwnf1WN4m7j3pi8gM/MTEa0Rv0PFsyPaf5g82ceAvAd9Nmp2i63L spVof5N6ZujVugqT3kGDMv+29nY9wBKSQB3S3mgL5NbN3dkyKn/xB4kC9YxqRP8lek FdJR3j+PE5eiilCwb4n3M0VSOf03qgl+JaLmGcaU= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729869AbgHXIuw (ORCPT ); Mon, 24 Aug 2020 04:50:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:55048 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729866AbgHXIuv (ORCPT ); Mon, 24 Aug 2020 04:50:51 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AF3D42075B; Mon, 24 Aug 2020 08:50:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259050; bh=AZuEdAa3dc7A9sCRftHBLwrUEAyQJME8CGSaJxfPhMA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=o1Dn5gdxMFgXy+MJa5NKjif6MMUBBPgPJlr4XBAJjDqbcMLa+EGYlgRcSwuhrH6NE YlNZffazv7JjMrFMOHzaPQA9RhDlXd801INxb0BxUZp7E6v4uxjyowpB4Q3vbFuEXJ QQhgEtOGb3oi6MkNo9+UmFYeeHtKdrN+rygI2XRk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Doug Berger , Andrew Morton , Michal Hocko , Jason Baron , David Rientjes , "Kirill A. Shutemov" , Linus Torvalds Subject: [PATCH 4.4 12/33] mm: include CMA pages in lowmem_reserve at boot Date: Mon, 24 Aug 2020 10:31:08 +0200 Message-Id: <20200824082347.135518615@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Doug Berger commit e08d3fdfe2dafa0331843f70ce1ff6c1c4900bf4 upstream. The lowmem_reserve arrays provide a means of applying pressure against allocations from lower zones that were targeted at higher zones. Its values are a function of the number of pages managed by higher zones and are assigned by a call to the setup_per_zone_lowmem_reserve() function. The function is initially called at boot time by the function init_per_zone_wmark_min() and may be called later by accesses of the /proc/sys/vm/lowmem_reserve_ratio sysctl file. The function init_per_zone_wmark_min() was moved up from a module_init to a core_initcall to resolve a sequencing issue with khugepaged. Unfortunately this created a sequencing issue with CMA page accounting. The CMA pages are added to the managed page count of a zone when cma_init_reserved_areas() is called at boot also as a core_initcall. This makes it uncertain whether the CMA pages will be added to the managed page counts of their zones before or after the call to init_per_zone_wmark_min() as it becomes dependent on link order. With the current link order the pages are added to the managed count after the lowmem_reserve arrays are initialized at boot. This means the lowmem_reserve values at boot may be lower than the values used later if /proc/sys/vm/lowmem_reserve_ratio is accessed even if the ratio values are unchanged. In many cases the difference is not significant, but for example an ARM platform with 1GB of memory and the following memory layout cma: Reserved 256 MiB at 0x0000000030000000 Zone ranges: DMA [mem 0x0000000000000000-0x000000002fffffff] Normal empty HighMem [mem 0x0000000030000000-0x000000003fffffff] would result in 0 lowmem_reserve for the DMA zone. This would allow userspace to deplete the DMA zone easily. Funnily enough $ cat /proc/sys/vm/lowmem_reserve_ratio would fix up the situation because as a side effect it forces setup_per_zone_lowmem_reserve. This commit breaks the link order dependency by invoking init_per_zone_wmark_min() as a postcore_initcall so that the CMA pages have the chance to be properly accounted in their zone(s) and allowing the lowmem_reserve arrays to receive consistent values. Fixes: bc22af74f271 ("mm: update min_free_kbytes from khugepaged after core initialization") Signed-off-by: Doug Berger Signed-off-by: Andrew Morton Acked-by: Michal Hocko Cc: Jason Baron Cc: David Rientjes Cc: "Kirill A. Shutemov" Cc: Link: http://lkml.kernel.org/r/1597423766-27849-1-git-send-email-opendmb@gmail.com Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -6285,7 +6285,7 @@ int __meminit init_per_zone_wmark_min(vo setup_per_zone_inactive_ratio(); return 0; } -core_initcall(init_per_zone_wmark_min) +postcore_initcall(init_per_zone_wmark_min) /* * min_free_kbytes_sysctl_handler - just a wrapper around proc_dointvec() so From patchwork Mon Aug 24 08:31:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265063 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 028B0C433DF for ; Mon, 24 Aug 2020 09:30:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D4014207D3 for ; Mon, 24 Aug 2020 09:30:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261417; bh=JybTueb32MztoA3mhfLUfMFI647wfKdR59gapxgWM/E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=C/0OIp9Rzz4EtvFGKwC2sacSBrgY1t4kllYuWeZdaFpGokgPk5fV5zXkLL4caz7c8 4UGdLka6zWtt6hhF+t+0ONs2lBQaBaN2A8UWzJwqqJq7bTLMlKr1A3MMoEIb8s1bJX Stn0C048QvqTIpkAr0TrfgaoxZo7IXrSBfHH0CGY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725921AbgHXJaI (ORCPT ); Mon, 24 Aug 2020 05:30:08 -0400 Received: from mail.kernel.org ([198.145.29.99]:55344 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729878AbgHXIu5 (ORCPT ); Mon, 24 Aug 2020 04:50:57 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C64DE2075B; Mon, 24 Aug 2020 08:50:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259056; bh=JybTueb32MztoA3mhfLUfMFI647wfKdR59gapxgWM/E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=D0J/3/WbhaEPhM2S0Ho1kSdERuQOvILdtSo/FWxa7r9fkCLpnrPIv+ymxhZGmglZe 7rr1Y9e6re0b1Amk+QilgrI6VBAevBMV/26d5uR3gdQjwXtkTqLX9RHfAt0JPpERtm 8jUiKLzIk6HiIANM2AhCC/cebWLn/4aNF9IhRVfM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Theodore Tso , Sasha Levin Subject: [PATCH 4.4 14/33] ext4: clean up ext4_match() and callers Date: Mon, 24 Aug 2020 10:31:10 +0200 Message-Id: <20200824082347.245673019@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Eric Biggers [ Upstream commit d9b9f8d5a88cb7881d9f1c2b7e9de9a3fe1dc9e2 ] When ext4 encryption was originally merged, we were encrypting the user-specified filename in ext4_match(), introducing a lot of additional complexity into ext4_match() and its callers. This has since been changed to encrypt the filename earlier, so we can remove the gunk that's no longer needed. This more or less reverts ext4_search_dir() and ext4_find_dest_de() to the way they were in the v4.0 kernel. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Signed-off-by: Sasha Levin --- fs/ext4/namei.c | 81 +++++++++++++++---------------------------------- 1 file changed, 25 insertions(+), 56 deletions(-) diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index 566a8b08ccdd6..eb41fb189d4b3 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -1226,19 +1226,18 @@ static void dx_insert_block(struct dx_frame *frame, u32 hash, ext4_lblk_t block) } /* - * NOTE! unlike strncmp, ext4_match returns 1 for success, 0 for failure. + * Test whether a directory entry matches the filename being searched for. * - * `len <= EXT4_NAME_LEN' is guaranteed by caller. - * `de != NULL' is guaranteed by caller. + * Return: %true if the directory entry matches, otherwise %false. */ -static inline int ext4_match(struct ext4_filename *fname, - struct ext4_dir_entry_2 *de) +static inline bool ext4_match(const struct ext4_filename *fname, + const struct ext4_dir_entry_2 *de) { const void *name = fname_name(fname); u32 len = fname_len(fname); if (!de->inode) - return 0; + return false; #ifdef CONFIG_EXT4_FS_ENCRYPTION if (unlikely(!name)) { @@ -1270,48 +1269,31 @@ int ext4_search_dir(struct buffer_head *bh, char *search_buf, int buf_size, struct ext4_dir_entry_2 * de; char * dlimit; int de_len; - int res; de = (struct ext4_dir_entry_2 *)search_buf; dlimit = search_buf + buf_size; while ((char *) de < dlimit) { /* this code is executed quadratically often */ /* do minimal checking `by hand' */ - if ((char *) de + de->name_len <= dlimit) { - res = ext4_match(fname, de); - if (res < 0) { - res = -1; - goto return_result; - } - if (res > 0) { - /* found a match - just to be sure, do - * a full check */ - if (ext4_check_dir_entry(dir, NULL, de, bh, - bh->b_data, - bh->b_size, offset)) { - res = -1; - goto return_result; - } - *res_dir = de; - res = 1; - goto return_result; - } - + if ((char *) de + de->name_len <= dlimit && + ext4_match(fname, de)) { + /* found a match - just to be sure, do + * a full check */ + if (ext4_check_dir_entry(dir, NULL, de, bh, bh->b_data, + bh->b_size, offset)) + return -1; + *res_dir = de; + return 1; } /* prevent looping on a bad block */ de_len = ext4_rec_len_from_disk(de->rec_len, dir->i_sb->s_blocksize); - if (de_len <= 0) { - res = -1; - goto return_result; - } + if (de_len <= 0) + return -1; offset += de_len; de = (struct ext4_dir_entry_2 *) ((char *) de + de_len); } - - res = 0; -return_result: - return res; + return 0; } static int is_dx_internal_node(struct inode *dir, ext4_lblk_t block, @@ -1824,24 +1806,15 @@ int ext4_find_dest_de(struct inode *dir, struct inode *inode, int nlen, rlen; unsigned int offset = 0; char *top; - int res; de = (struct ext4_dir_entry_2 *)buf; top = buf + buf_size - reclen; while ((char *) de <= top) { if (ext4_check_dir_entry(dir, NULL, de, bh, - buf, buf_size, offset)) { - res = -EFSCORRUPTED; - goto return_result; - } - /* Provide crypto context and crypto buffer to ext4 match */ - res = ext4_match(fname, de); - if (res < 0) - goto return_result; - if (res > 0) { - res = -EEXIST; - goto return_result; - } + buf, buf_size, offset)) + return -EFSCORRUPTED; + if (ext4_match(fname, de)) + return -EEXIST; nlen = EXT4_DIR_REC_LEN(de->name_len); rlen = ext4_rec_len_from_disk(de->rec_len, buf_size); if ((de->inode ? rlen - nlen : rlen) >= reclen) @@ -1849,15 +1822,11 @@ int ext4_find_dest_de(struct inode *dir, struct inode *inode, de = (struct ext4_dir_entry_2 *)((char *)de + rlen); offset += rlen; } - if ((char *) de > top) - res = -ENOSPC; - else { - *dest_de = de; - res = 0; - } -return_result: - return res; + return -ENOSPC; + + *dest_de = de; + return 0; } int ext4_insert_dentry(struct inode *dir, From patchwork Mon Aug 24 08:31:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265064 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F7B4C433E1 for ; Mon, 24 Aug 2020 09:29:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 65757207D3 for ; Mon, 24 Aug 2020 09:29:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261356; bh=aGLp3zmK/pZ7U2zYcovkf1Te9IJe7NFiu1HuOT6reYU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=pqFigzm7O1RpEEWw2oQ2ov5V8HsPxOR7WQ6ywWpRNZqd13SN0/d1wqMG9Do8vTvVq 4KnAGE/+9UQ6yfXwr7TXP7B7L2zsBWehZpDIx/3H0+6NjoTAMak3FJ7xB29T0/paKG OVvZDdfKMCOkj5pEOyd2slBKJqvkwpAFPGw1ivLM= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729509AbgHXJ3M (ORCPT ); Mon, 24 Aug 2020 05:29:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:55446 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729886AbgHXIvA (ORCPT ); Mon, 24 Aug 2020 04:51:00 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 26AF2204FD; Mon, 24 Aug 2020 08:50:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259059; bh=aGLp3zmK/pZ7U2zYcovkf1Te9IJe7NFiu1HuOT6reYU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZOtTzZ/Dl7RPP4/wCDr34WSALD7GWuGEWsCVXPOvNG6ghEdMq64Bz7D4mWyixijlH fQoYyVlRpr4diUOSViV91JK6LpGbJc8MOlglY2j+fHG/S91O/13ilUXBDyIe58e/lZ uMe9fsneLDK9jnfCDifPUecAaCzTBUgI4qhgJsgA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jan Kara , Theodore Tso , Sasha Levin Subject: [PATCH 4.4 15/33] ext4: fix checking of directory entry validity for inline directories Date: Mon, 24 Aug 2020 10:31:11 +0200 Message-Id: <20200824082347.295184080@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jan Kara [ Upstream commit 7303cb5bfe845f7d43cd9b2dbd37dbb266efda9b ] ext4_search_dir() and ext4_generic_delete_entry() can be called both for standard director blocks and for inline directories stored inside inode or inline xattr space. For the second case we didn't call ext4_check_dir_entry() with proper constraints that could result in accepting corrupted directory entry as well as false positive filesystem errors like: EXT4-fs error (device dm-0): ext4_search_dir:1395: inode #28320400: block 113246792: comm dockerd: bad entry in directory: directory entry too close to block end - offset=0, inode=28320403, rec_len=32, name_len=8, size=4096 Fix the arguments passed to ext4_check_dir_entry(). Fixes: 109ba779d6cc ("ext4: check for directory entries too close to block end") CC: stable@vger.kernel.org Signed-off-by: Jan Kara Link: https://lore.kernel.org/r/20200731162135.8080-1-jack@suse.cz Signed-off-by: Theodore Ts'o Signed-off-by: Sasha Levin --- fs/ext4/namei.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index eb41fb189d4b3..faf142a6fa8bb 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -1279,8 +1279,8 @@ int ext4_search_dir(struct buffer_head *bh, char *search_buf, int buf_size, ext4_match(fname, de)) { /* found a match - just to be sure, do * a full check */ - if (ext4_check_dir_entry(dir, NULL, de, bh, bh->b_data, - bh->b_size, offset)) + if (ext4_check_dir_entry(dir, NULL, de, bh, search_buf, + buf_size, offset)) return -1; *res_dir = de; return 1; @@ -2312,7 +2312,7 @@ int ext4_generic_delete_entry(handle_t *handle, de = (struct ext4_dir_entry_2 *)entry_buf; while (i < buf_size - csum_size) { if (ext4_check_dir_entry(dir, NULL, de, bh, - bh->b_data, bh->b_size, i)) + entry_buf, buf_size, i)) return -EFSCORRUPTED; if (de == de_del) { if (pde) From patchwork Mon Aug 24 08:31:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265145 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CA85C433DF for ; Mon, 24 Aug 2020 08:51:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 303EB207DF for ; Mon, 24 Aug 2020 08:51:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259068; bh=Bj3DVBVlYSQg01Azg3GPbjL/vH1bmbuoq0bMb+Oz7H4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=edLexODj5YOSnpLP7EHlkfULO1FUR5kDenJtuNPnwdC0QpNXJ0BxHFn1jjrIkxzwp 3U3nS36UrR8mLG+p92IdDJQP7aozVZ2nTEti9bjYh4LR5kN7VW/574qqx6vF57SUAx vL/JzSwFMrg+bgp1r137UPDBKw83QCpm/4iydtDM= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729892AbgHXIvF (ORCPT ); Mon, 24 Aug 2020 04:51:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:55546 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729866AbgHXIvC (ORCPT ); Mon, 24 Aug 2020 04:51:02 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 947BD2072D; Mon, 24 Aug 2020 08:51:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259062; bh=Bj3DVBVlYSQg01Azg3GPbjL/vH1bmbuoq0bMb+Oz7H4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pH/ycSIswC2oGogRiw8yYoBzXoa9Av2unlo3tRjg2rUh6fvAen34l4j2YbkCSK+J0 DkfpAqIHNYRJrUVMDSDAt5m/0Muu9F3WTFlkEaTzNQwhHWdsUAFvA2ptPSiORJyaUW 4HFQ7iGjasmzVlEfjGqAMZu1TeU6u8yL2DEz6T9E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chuhong Yuan , Sean Young , Mauro Carvalho Chehab , Sasha Levin Subject: [PATCH 4.4 16/33] media: budget-core: Improve exception handling in budget_register() Date: Mon, 24 Aug 2020 10:31:12 +0200 Message-Id: <20200824082347.347122924@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Chuhong Yuan [ Upstream commit fc0456458df8b3421dba2a5508cd817fbc20ea71 ] budget_register() has no error handling after its failure. Add the missed undo functions for error handling to fix it. Signed-off-by: Chuhong Yuan Signed-off-by: Sean Young Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin --- drivers/media/pci/ttpci/budget-core.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/media/pci/ttpci/budget-core.c b/drivers/media/pci/ttpci/budget-core.c index e9674b40007c1..6107c469efa07 100644 --- a/drivers/media/pci/ttpci/budget-core.c +++ b/drivers/media/pci/ttpci/budget-core.c @@ -386,20 +386,25 @@ static int budget_register(struct budget *budget) ret = dvbdemux->dmx.add_frontend(&dvbdemux->dmx, &budget->hw_frontend); if (ret < 0) - return ret; + goto err_release_dmx; budget->mem_frontend.source = DMX_MEMORY_FE; ret = dvbdemux->dmx.add_frontend(&dvbdemux->dmx, &budget->mem_frontend); if (ret < 0) - return ret; + goto err_release_dmx; ret = dvbdemux->dmx.connect_frontend(&dvbdemux->dmx, &budget->hw_frontend); if (ret < 0) - return ret; + goto err_release_dmx; dvb_net_init(&budget->dvb_adapter, &budget->dvb_net, &dvbdemux->dmx); return 0; + +err_release_dmx: + dvb_dmxdev_release(&budget->dmxdev); + dvb_dmx_release(&budget->demux); + return ret; } static void budget_unregister(struct budget *budget) From patchwork Mon Aug 24 08:31:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265148 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A99FCC433E1 for ; Mon, 24 Aug 2020 08:50:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7C3AE207D3 for ; Mon, 24 Aug 2020 08:50:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259006; bh=zzPswJhfQd/4W/b2P8W2qrcTfu+qr2gLdqmk0us4tzs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=esAXUKjvXfXPT/nv7aw9usE4/mnYpq2oWlH8Z85WRsbDePGuCGBas2i8czTgmn/a7 r7s+rNODgMntMQPpUSVTLyMU+zrNQzzvDZj/jH3pQ9Z7QB+ONQbnLhSSxNr6zuJjh3 fJMQ9aRpVCZ+DZ2kVK1v8AwRjXadQtLKRobJzb9o= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729518AbgHXIuF (ORCPT ); Mon, 24 Aug 2020 04:50:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:53214 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728670AbgHXIuE (ORCPT ); Mon, 24 Aug 2020 04:50:04 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DF5CD208E4; Mon, 24 Aug 2020 08:50:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259004; bh=zzPswJhfQd/4W/b2P8W2qrcTfu+qr2gLdqmk0us4tzs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nuCzg/3TSjKi/yoF93wn9UEJf73n7/WTqMe06WbIfn+cR6wum8DSINEl7fqpzDjNl pW4UmEQvebAFt2AbWV5v2DwZTPXTyUAFYHm27XZzTwA9c++/3jGXA4a1fNfYM3+/Wb VBXlFeXz54mgyOISLx4dFGkwtiQwZ0dRuY7RHRK4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xiongfeng Wang , Dmitry Torokhov , Sasha Levin Subject: [PATCH 4.4 18/33] Input: psmouse - add a newline when printing proto by sysfs Date: Mon, 24 Aug 2020 10:31:14 +0200 Message-Id: <20200824082347.452493240@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Xiongfeng Wang [ Upstream commit 4aec14de3a15cf9789a0e19c847f164776f49473 ] When I cat parameter 'proto' by sysfs, it displays as follows. It's better to add a newline for easy reading. root@syzkaller:~# cat /sys/module/psmouse/parameters/proto autoroot@syzkaller:~# Signed-off-by: Xiongfeng Wang Link: https://lore.kernel.org/r/20200720073846.120724-1-wangxiongfeng2@huawei.com Signed-off-by: Dmitry Torokhov Signed-off-by: Sasha Levin --- drivers/input/mouse/psmouse-base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c index ad18dab0ac476..5bd9633541b07 100644 --- a/drivers/input/mouse/psmouse-base.c +++ b/drivers/input/mouse/psmouse-base.c @@ -1911,7 +1911,7 @@ static int psmouse_get_maxproto(char *buffer, const struct kernel_param *kp) { int type = *((unsigned int *)kp->arg); - return sprintf(buffer, "%s", psmouse_protocol_by_type(type)->name); + return sprintf(buffer, "%s\n", psmouse_protocol_by_type(type)->name); } static int __init psmouse_init(void) From patchwork Mon Aug 24 08:31:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265056 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D409BC433DF for ; Mon, 24 Aug 2020 09:32:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B1D2420738 for ; Mon, 24 Aug 2020 09:32:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261538; bh=iJe/3JHxc52K59A8RyXOFoprL91A7wLriuBsahOuwoo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=ajJUznDC1Z+1vbFG6jIubFwoJkyKvJTDMPVSL69k8cpGdvsNxMIw5b3nI5pRUKbZ1 Q643MR4KPK3aT4xdDLoLGabfKG4M91sXetOIUX87DBX4zkKiZjCBuJx3kbtsQZkX+r kuLjKDR//v2sa0+At7mk4H3zcb4gTx40eNeIHAKQ= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729295AbgHXIuO (ORCPT ); Mon, 24 Aug 2020 04:50:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:53392 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729824AbgHXIuJ (ORCPT ); Mon, 24 Aug 2020 04:50:09 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D15DF207D3; Mon, 24 Aug 2020 08:50:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259009; bh=iJe/3JHxc52K59A8RyXOFoprL91A7wLriuBsahOuwoo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pWen/vtQEqlwx/tGCOK+gZX9okcOrhOdZEukARlBotBIkqyf3FXmNfXdLG51Xd2PU Ps6shK+dWYpSdtP6HN3wsYTzdkYfFZkIXQWXoqwnycIdqyCycccP5gNU72MnYf2/Ys jzAKjA3k6PxsBcUetB99Etwelw7r+vnPoaOKO0WQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Darrick J. Wong" , Allison Collins , Chandan Babu R , Christoph Hellwig , Sasha Levin Subject: [PATCH 4.4 20/33] xfs: fix inode quota reservation checks Date: Mon, 24 Aug 2020 10:31:16 +0200 Message-Id: <20200824082347.559533589@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Darrick J. Wong [ Upstream commit f959b5d037e71a4d69b5bf71faffa065d9269b4a ] xfs_trans_dqresv is the function that we use to make reservations against resource quotas. Each resource contains two counters: the q_core counter, which tracks resources allocated on disk; and the dquot reservation counter, which tracks how much of that resource has either been allocated or reserved by threads that are working on metadata updates. For disk blocks, we compare the proposed reservation counter against the hard and soft limits to decide if we're going to fail the operation. However, for inodes we inexplicably compare against the q_core counter, not the incore reservation count. Since the q_core counter is always lower than the reservation count and we unlock the dquot between reservation and transaction commit, this means that multiple threads can reserve the last inode count before we hit the hard limit, and when they commit, we'll be well over the hard limit. Fix this by checking against the incore inode reservation counter, since we would appear to maintain that correctly (and that's what we report in GETQUOTA). Signed-off-by: Darrick J. Wong Reviewed-by: Allison Collins Reviewed-by: Chandan Babu R Reviewed-by: Christoph Hellwig Signed-off-by: Sasha Levin --- fs/xfs/xfs_trans_dquot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/xfs/xfs_trans_dquot.c b/fs/xfs/xfs_trans_dquot.c index ce78534a047ee..bb8de2dddabe2 100644 --- a/fs/xfs/xfs_trans_dquot.c +++ b/fs/xfs/xfs_trans_dquot.c @@ -662,7 +662,7 @@ xfs_trans_dqresv( } } if (ninos > 0) { - total_count = be64_to_cpu(dqp->q_core.d_icount) + ninos; + total_count = dqp->q_res_icount + ninos; timer = be32_to_cpu(dqp->q_core.d_itimer); warns = be16_to_cpu(dqp->q_core.d_iwarns); warnlimit = dqp->q_mount->m_quotainfo->qi_iwarnlimit; From patchwork Mon Aug 24 08:31:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265057 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA976C433DF for ; Mon, 24 Aug 2020 09:31:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 88CDA20738 for ; Mon, 24 Aug 2020 09:31:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261519; bh=5nk3NJXNopBSzjnj7Lpg8MhVeJiX9H+Pd26H61xczsw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=ZF5NhVRl9D5IjTYDSxWj+P57iROPFRTJhEn5RmXvPERm1Qxv+/hNTDdNE4JYjuzxI R3d63iqZ1kdcn4Bm1dHoCVcy5+r2qx3IOPKwkxUugmP0mCPuglG/Urzlvh7jJnXTaX nd0SxE7GZj1+jabA7xaP+r4i3kxlMnRY9p5PUEL4= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729836AbgHXIuP (ORCPT ); Mon, 24 Aug 2020 04:50:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:53610 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729828AbgHXIuP (ORCPT ); Mon, 24 Aug 2020 04:50:15 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E6DEB207D3; Mon, 24 Aug 2020 08:50:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259014; bh=5nk3NJXNopBSzjnj7Lpg8MhVeJiX9H+Pd26H61xczsw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rpQaNR9EYKGpA3BlD36YhvG2Ke1i0LY3Ix1XJv+GTfFRuuualSlGlWvJ8c8LYBtok nGBeHbfI43a2aDsBtcPgJe6MILJzNCGy2QX4I/OybNuMR5AnhfbNz7+93xlgZb8py7 0ucWUchuoFXIrPfGBZuisY6Jy0vAfyspujBTuPFo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Girish Basrur , Santosh Vernekar , Saurav Kashyap , Shyam Sundar , Javed Hasan , "Martin K. Petersen" , Sasha Levin Subject: [PATCH 4.4 22/33] scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases Date: Mon, 24 Aug 2020 10:31:18 +0200 Message-Id: <20200824082347.642172839@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Javed Hasan [ Upstream commit ec007ef40abb6a164d148b0dc19789a7a2de2cc8 ] In fc_disc_gpn_id_resp(), skb is supposed to get freed in all cases except for PTR_ERR. However, in some cases it didn't. This fix is to call fc_frame_free(fp) before function returns. Link: https://lore.kernel.org/r/20200729081824.30996-2-jhasan@marvell.com Reviewed-by: Girish Basrur Reviewed-by: Santosh Vernekar Reviewed-by: Saurav Kashyap Reviewed-by: Shyam Sundar Signed-off-by: Javed Hasan Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin --- drivers/scsi/libfc/fc_disc.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/libfc/fc_disc.c b/drivers/scsi/libfc/fc_disc.c index 880a9068ca126..ef06af4e3611d 100644 --- a/drivers/scsi/libfc/fc_disc.c +++ b/drivers/scsi/libfc/fc_disc.c @@ -595,8 +595,12 @@ static void fc_disc_gpn_id_resp(struct fc_seq *sp, struct fc_frame *fp, mutex_lock(&disc->disc_mutex); if (PTR_ERR(fp) == -FC_EX_CLOSED) goto out; - if (IS_ERR(fp)) - goto redisc; + if (IS_ERR(fp)) { + mutex_lock(&disc->disc_mutex); + fc_disc_restart(disc); + mutex_unlock(&disc->disc_mutex); + goto out; + } cp = fc_frame_payload_get(fp, sizeof(*cp)); if (!cp) @@ -621,7 +625,7 @@ static void fc_disc_gpn_id_resp(struct fc_seq *sp, struct fc_frame *fp, new_rdata->disc_id = disc->disc_id; lport->tt.rport_login(new_rdata); } - goto out; + goto free_fp; } rdata->disc_id = disc->disc_id; lport->tt.rport_login(rdata); @@ -635,6 +639,8 @@ static void fc_disc_gpn_id_resp(struct fc_seq *sp, struct fc_frame *fp, redisc: fc_disc_restart(disc); } +free_fp: + fc_frame_free(fp); out: mutex_unlock(&disc->disc_mutex); kref_put(&rdata->kref, lport->tt.rport_destroy); From patchwork Mon Aug 24 08:31:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265058 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A506C433E1 for ; Mon, 24 Aug 2020 09:31:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E97A8206F0 for ; Mon, 24 Aug 2020 09:31:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261506; bh=E9RoHVS97+ZIu745TjSEl0N6lC02FWnHn7mS2W69IC4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=It6/zXa5SlpytJZWLQVcik2JCRKYOY5Or0WQk6tJD/oVn++OroUQ196nmfolqY2UK Gju+JeVuNmM1Wb9TDQPjSTXTrlejs+PNa6SQj7R04feM7cSenJdkRNU0QNcXxBWbRu WT7uXdkMiCq2RTiHFeD9F6zfAEhSnd9oTdkjphNY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729313AbgHXIuS (ORCPT ); Mon, 24 Aug 2020 04:50:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:53706 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729805AbgHXIuR (ORCPT ); Mon, 24 Aug 2020 04:50:17 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A399D204FD; Mon, 24 Aug 2020 08:50:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259017; bh=E9RoHVS97+ZIu745TjSEl0N6lC02FWnHn7mS2W69IC4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sM63lY00xXs1wf2yGEJGxIP6P6pHQBaCXYkjksv3wiZ47FCEmZDlD5TsilFEd4w4+ iknAUT2DUK+gUepGRLbAqe9sn0CrmYFGAQQMRSDMq50mW1I8ms4XFqwHt+CTPCPekM FgUaSQe0xPn67wK6FbL6hCKzpqVPwY/ODDJwT49g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mao Wenan , "Michael S. Tsirkin" , Jason Wang , Sasha Levin Subject: [PATCH 4.4 23/33] virtio_ring: Avoid loop when vq is broken in virtqueue_poll Date: Mon, 24 Aug 2020 10:31:19 +0200 Message-Id: <20200824082347.692579325@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Mao Wenan [ Upstream commit 481a0d7422db26fb63e2d64f0652667a5c6d0f3e ] The loop may exist if vq->broken is true, virtqueue_get_buf_ctx_packed or virtqueue_get_buf_ctx_split will return NULL, so virtnet_poll will reschedule napi to receive packet, it will lead cpu usage(si) to 100%. call trace as below: virtnet_poll virtnet_receive virtqueue_get_buf_ctx virtqueue_get_buf_ctx_packed virtqueue_get_buf_ctx_split virtqueue_napi_complete virtqueue_poll //return true virtqueue_napi_schedule //it will reschedule napi to fix this, return false if vq is broken in virtqueue_poll. Signed-off-by: Mao Wenan Acked-by: Michael S. Tsirkin Link: https://lore.kernel.org/r/1596354249-96204-1-git-send-email-wenan.mao@linux.alibaba.com Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang Signed-off-by: Sasha Levin --- drivers/virtio/virtio_ring.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index a01a41a412693..6b3565feddb21 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -603,6 +603,9 @@ bool virtqueue_poll(struct virtqueue *_vq, unsigned last_used_idx) { struct vring_virtqueue *vq = to_vvq(_vq); + if (unlikely(vq->broken)) + return false; + virtio_mb(vq->weak_barriers); return (u16)last_used_idx != virtio16_to_cpu(_vq->vdev, vq->vring.used->idx); } From patchwork Mon Aug 24 08:31:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265147 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8CADC433E1 for ; Mon, 24 Aug 2020 08:50:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 95722207DF for ; Mon, 24 Aug 2020 08:50:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259037; bh=KI4nHsoMqAoZx3i9lJvTrT3QIhvE7d2/J9/s0nvnO98=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=c2psCFBDCtI8Yx/TidXejIiK47x25pHP+0FcAN46dwvhsK3T0Pcvasn40H8j9rweX Ukz9PZphmlo5Arj76YlavF8EswMCxFZJY2PKMIVSb+E1aZTkDJ30r5jg8PaA+IwsgS XWHjVC0YvkC4deKvbZc5YQwfF35LMvKP1iFKdQsE= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729142AbgHXIuf (ORCPT ); Mon, 24 Aug 2020 04:50:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:54318 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729697AbgHXIud (ORCPT ); Mon, 24 Aug 2020 04:50:33 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AE62E2075B; Mon, 24 Aug 2020 08:50:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259032; bh=KI4nHsoMqAoZx3i9lJvTrT3QIhvE7d2/J9/s0nvnO98=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kzQ4N27ZjScAQQLeugF1frRvpTwI+T86s88YG7rYu0AOmGvHmgcP5GJZgZS+wqh0M WGwlEH4E1/hSOPmMbEXJEwpJtfQJhWsjyBpt/0733TZlIep4L8fcGTD/K0a10DdQpv 89ESHFGqXe/srMgZKKdMESlGLLYDf0DLohwOusy4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tom Lane , Daniel Axtens , Michael Ellerman Subject: [PATCH 4.4 28/33] powerpc: Allow 4224 bytes of stack expansion for the signal frame Date: Mon, 24 Aug 2020 10:31:24 +0200 Message-Id: <20200824082347.948251307@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Michael Ellerman commit 63dee5df43a31f3844efabc58972f0a206ca4534 upstream. We have powerpc specific logic in our page fault handling to decide if an access to an unmapped address below the stack pointer should expand the stack VMA. The code was originally added in 2004 "ported from 2.4". The rough logic is that the stack is allowed to grow to 1MB with no extra checking. Over 1MB the access must be within 2048 bytes of the stack pointer, or be from a user instruction that updates the stack pointer. The 2048 byte allowance below the stack pointer is there to cover the 288 byte "red zone" as well as the "about 1.5kB" needed by the signal delivery code. Unfortunately since then the signal frame has expanded, and is now 4224 bytes on 64-bit kernels with transactional memory enabled. This means if a process has consumed more than 1MB of stack, and its stack pointer lies less than 4224 bytes from the next page boundary, signal delivery will fault when trying to expand the stack and the process will see a SEGV. The total size of the signal frame is the size of struct rt_sigframe (which includes the red zone) plus __SIGNAL_FRAMESIZE (128 bytes on 64-bit). The 2048 byte allowance was correct until 2008 as the signal frame was: struct rt_sigframe { struct ucontext uc; /* 0 1440 */ /* --- cacheline 11 boundary (1408 bytes) was 32 bytes ago --- */ long unsigned int _unused[2]; /* 1440 16 */ unsigned int tramp[6]; /* 1456 24 */ struct siginfo * pinfo; /* 1480 8 */ void * puc; /* 1488 8 */ struct siginfo info; /* 1496 128 */ /* --- cacheline 12 boundary (1536 bytes) was 88 bytes ago --- */ char abigap[288]; /* 1624 288 */ /* size: 1920, cachelines: 15, members: 7 */ /* padding: 8 */ }; 1920 + 128 = 2048 Then in commit ce48b2100785 ("powerpc: Add VSX context save/restore, ptrace and signal support") (Jul 2008) the signal frame expanded to 2304 bytes: struct rt_sigframe { struct ucontext uc; /* 0 1696 */ <-- /* --- cacheline 13 boundary (1664 bytes) was 32 bytes ago --- */ long unsigned int _unused[2]; /* 1696 16 */ unsigned int tramp[6]; /* 1712 24 */ struct siginfo * pinfo; /* 1736 8 */ void * puc; /* 1744 8 */ struct siginfo info; /* 1752 128 */ /* --- cacheline 14 boundary (1792 bytes) was 88 bytes ago --- */ char abigap[288]; /* 1880 288 */ /* size: 2176, cachelines: 17, members: 7 */ /* padding: 8 */ }; 2176 + 128 = 2304 At this point we should have been exposed to the bug, though as far as I know it was never reported. I no longer have a system old enough to easily test on. Then in 2010 commit 320b2b8de126 ("mm: keep a guard page below a grow-down stack segment") caused our stack expansion code to never trigger, as there was always a VMA found for a write up to PAGE_SIZE below r1. That meant the bug was hidden as we continued to expand the signal frame in commit 2b0a576d15e0 ("powerpc: Add new transactional memory state to the signal context") (Feb 2013): struct rt_sigframe { struct ucontext uc; /* 0 1696 */ /* --- cacheline 13 boundary (1664 bytes) was 32 bytes ago --- */ struct ucontext uc_transact; /* 1696 1696 */ <-- /* --- cacheline 26 boundary (3328 bytes) was 64 bytes ago --- */ long unsigned int _unused[2]; /* 3392 16 */ unsigned int tramp[6]; /* 3408 24 */ struct siginfo * pinfo; /* 3432 8 */ void * puc; /* 3440 8 */ struct siginfo info; /* 3448 128 */ /* --- cacheline 27 boundary (3456 bytes) was 120 bytes ago --- */ char abigap[288]; /* 3576 288 */ /* size: 3872, cachelines: 31, members: 8 */ /* padding: 8 */ /* last cacheline: 32 bytes */ }; 3872 + 128 = 4000 And commit 573ebfa6601f ("powerpc: Increase stack redzone for 64-bit userspace to 512 bytes") (Feb 2014): struct rt_sigframe { struct ucontext uc; /* 0 1696 */ /* --- cacheline 13 boundary (1664 bytes) was 32 bytes ago --- */ struct ucontext uc_transact; /* 1696 1696 */ /* --- cacheline 26 boundary (3328 bytes) was 64 bytes ago --- */ long unsigned int _unused[2]; /* 3392 16 */ unsigned int tramp[6]; /* 3408 24 */ struct siginfo * pinfo; /* 3432 8 */ void * puc; /* 3440 8 */ struct siginfo info; /* 3448 128 */ /* --- cacheline 27 boundary (3456 bytes) was 120 bytes ago --- */ char abigap[512]; /* 3576 512 */ <-- /* size: 4096, cachelines: 32, members: 8 */ /* padding: 8 */ }; 4096 + 128 = 4224 Then finally in 2017, commit 1be7107fbe18 ("mm: larger stack guard gap, between vmas") exposed us to the existing bug, because it changed the stack VMA to be the correct/real size, meaning our stack expansion code is now triggered. Fix it by increasing the allowance to 4224 bytes. Hard-coding 4224 is obviously unsafe against future expansions of the signal frame in the same way as the existing code. We can't easily use sizeof() because the signal frame structure is not in a header. We will either fix that, or rip out all the custom stack expansion checking logic entirely. Fixes: ce48b2100785 ("powerpc: Add VSX context save/restore, ptrace and signal support") Cc: stable@vger.kernel.org # v2.6.27+ Reported-by: Tom Lane Tested-by: Daniel Axtens Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200724092528.1578671-2-mpe@ellerman.id.au Signed-off-by: Daniel Axtens Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/mm/fault.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -192,6 +192,9 @@ static int mm_fault_error(struct pt_regs return MM_FAULT_CONTINUE; } +// This comes from 64-bit struct rt_sigframe + __SIGNAL_FRAMESIZE +#define SIGFRAME_MAX_SIZE (4096 + 128) + /* * For 600- and 800-family processors, the error_code parameter is DSISR * for a data fault, SRR1 for an instruction fault. For 400-family processors @@ -341,7 +344,7 @@ retry: /* * N.B. The POWER/Open ABI allows programs to access up to * 288 bytes below the stack pointer. - * The kernel signal delivery code writes up to about 1.5kB + * The kernel signal delivery code writes up to about 4kB * below the stack pointer (r1) before decrementing it. * The exec code can write slightly over 640kB to the stack * before setting the user r1. Thus we allow the stack to @@ -365,7 +368,7 @@ retry: * between the last mapped region and the stack will * expand the stack rather than segfaulting. */ - if (address + 2048 < uregs->gpr[1] && !store_update_sp) + if (address + SIGFRAME_MAX_SIZE < uregs->gpr[1] && !store_update_sp) goto bad_area; } if (expand_stack(vma, address)) From patchwork Mon Aug 24 08:31:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265060 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AC3AC433DF for ; Mon, 24 Aug 2020 09:31:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DB26C206F0 for ; Mon, 24 Aug 2020 09:31:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261460; bh=6CWT5yFJGbIhKo0odsI5tP10yt8cR+KoeyWEK6OjVoc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=FBZsQgtiXPNKVqq1VZzmbiw/qGhpK+OsEHiTkzoS/QfA2JdP2sYNobhRpQfuNJbKc qTj9Hlh5BL4/SVV940xcwobQk4iDCWTGOIb2UEJoIk8Qch7Iemt1j6OLXVBOAURI9f D0fgNrESF0RzfEHaZvRlZEQAHo1FoqXGoLmNpHYU= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727815AbgHXJav (ORCPT ); Mon, 24 Aug 2020 05:30:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:54480 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729345AbgHXIuh (ORCPT ); Mon, 24 Aug 2020 04:50:37 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B612A2075B; Mon, 24 Aug 2020 08:50:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259037; bh=6CWT5yFJGbIhKo0odsI5tP10yt8cR+KoeyWEK6OjVoc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KGBsNAsQsNoZHA27Zj50RSev44yX+5B+4JEVx8XEfI0nDK341tWveSkYU2gcFKxn7 NL4FsAQ17rZoP58OmPEusDKys9Hs5noByZ8cg0bVQuT76E0MkenwaWfAP/CF62uCG9 FeuhIStSBptY3GGrbDfVWwnF0ILDk4htPKR/qc5Q= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Al Viro , Marc Zyngier Subject: [PATCH 4.4 30/33] do_epoll_ctl(): clean the failure exits up a bit Date: Mon, 24 Aug 2020 10:31:26 +0200 Message-Id: <20200824082348.042955499@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Al Viro commit 52c479697c9b73f628140dcdfcd39ea302d05482 upstream. Signed-off-by: Al Viro Signed-off-by: Marc Zyngier Signed-off-by: Greg Kroah-Hartman --- fs/eventpoll.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -1905,10 +1905,8 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, in mutex_lock(&epmutex); if (is_file_epoll(tf.file)) { error = -ELOOP; - if (ep_loop_check(ep, tf.file) != 0) { - clear_tfile_check_list(); + if (ep_loop_check(ep, tf.file) != 0) goto error_tgt_fput; - } } else { get_file(tf.file); list_add(&tf.file->f_tfile_llink, @@ -1937,8 +1935,6 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, in error = ep_insert(ep, &epds, tf.file, fd, full_check); } else error = -EEXIST; - if (full_check) - clear_tfile_check_list(); break; case EPOLL_CTL_DEL: if (epi) @@ -1959,8 +1955,10 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, in mutex_unlock(&ep->mtx); error_tgt_fput: - if (full_check) + if (full_check) { + clear_tfile_check_list(); mutex_unlock(&epmutex); + } fdput(tf); error_fput: From patchwork Mon Aug 24 08:31:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265061 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9BFDC433E1 for ; Mon, 24 Aug 2020 09:30:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 897012072D for ; Mon, 24 Aug 2020 09:30:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598261447; bh=Ugp5lYXLez/YXQk+NIdZCZFpUpaFzz9EnvVK/Mz/9/o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=wWJnFn2mnw1ecf3L6KiVVijd5U0Q5QtwCtDlMyZwtDwdPbkPvV0LoxCqJy9GM5cP+ cm2t0MZyExuxTtlLp/o6M8eUzBMUXX2YhO575zEQtHOuL7e6jpzG07jUWx7Jb16n1F FdlDO2qvhscSnwFCVwxyHYxvpBK2S6s38yQ97BQo= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729857AbgHXIup (ORCPT ); Mon, 24 Aug 2020 04:50:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:54740 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729855AbgHXIum (ORCPT ); Mon, 24 Aug 2020 04:50:42 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B768F207DF; Mon, 24 Aug 2020 08:50:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598259042; bh=Ugp5lYXLez/YXQk+NIdZCZFpUpaFzz9EnvVK/Mz/9/o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AyddoIxEJHOhFdya1lMxLOjwWiMd7yj0WMoXfAXYRmDijGp6BrwSGrPdKYK+ti2sH GlMq4s/tgAHC1QN59pUS8njKaYyfOqT3VTm3Beqhu53/mkLLYOX1re9t9AcrUbVNJP VMFIXoewdgUnXAbtHFln/7ZhxqdVNU+kGR9eB9ww= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Sarah Newman , Juergen Gross , Chris Brannon Subject: [PATCH 4.4 32/33] xen: dont reschedule in preemption off sections Date: Mon, 24 Aug 2020 10:31:28 +0200 Message-Id: <20200824082348.141846246@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200824082346.498653578@linuxfoundation.org> References: <20200824082346.498653578@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Juergen Gross For support of long running hypercalls xen_maybe_preempt_hcall() is calling cond_resched() in case a hypercall marked as preemptible has been interrupted. Normally this is no problem, as only hypercalls done via some ioctl()s are marked to be preemptible. In rare cases when during such a preemptible hypercall an interrupt occurs and any softirq action is started from irq_exit(), a further hypercall issued by the softirq handler will be regarded to be preemptible, too. This might lead to rescheduling in spite of the softirq handler potentially having set preempt_disable(), leading to splats like: BUG: sleeping function called from invalid context at drivers/xen/preempt.c:37 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 20775, name: xl INFO: lockdep is turned off. CPU: 1 PID: 20775 Comm: xl Tainted: G D W 5.4.46-1_prgmr_debug.el7.x86_64 #1 Call Trace: dump_stack+0x8f/0xd0 ___might_sleep.cold.76+0xb2/0x103 xen_maybe_preempt_hcall+0x48/0x70 xen_do_hypervisor_callback+0x37/0x40 RIP: e030:xen_hypercall_xen_version+0xa/0x20 Code: ... RSP: e02b:ffffc900400dcc30 EFLAGS: 00000246 RAX: 000000000004000d RBX: 0000000000000200 RCX: ffffffff8100122a RDX: ffff88812e788000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffffff83ee3ad0 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: ffff8881824aa0b0 R13: 0000000865496000 R14: 0000000865496000 R15: ffff88815d040000 ? xen_hypercall_xen_version+0xa/0x20 ? xen_force_evtchn_callback+0x9/0x10 ? check_events+0x12/0x20 ? xen_restore_fl_direct+0x1f/0x20 ? _raw_spin_unlock_irqrestore+0x53/0x60 ? debug_dma_sync_single_for_cpu+0x91/0xc0 ? _raw_spin_unlock_irqrestore+0x53/0x60 ? xen_swiotlb_sync_single_for_cpu+0x3d/0x140 ? mlx4_en_process_rx_cq+0x6b6/0x1110 [mlx4_en] ? mlx4_en_poll_rx_cq+0x64/0x100 [mlx4_en] ? net_rx_action+0x151/0x4a0 ? __do_softirq+0xed/0x55b ? irq_exit+0xea/0x100 ? xen_evtchn_do_upcall+0x2c/0x40 ? xen_do_hypervisor_callback+0x29/0x40 ? xen_hypercall_domctl+0xa/0x20 ? xen_hypercall_domctl+0x8/0x20 ? privcmd_ioctl+0x221/0x990 [xen_privcmd] ? do_vfs_ioctl+0xa5/0x6f0 ? ksys_ioctl+0x60/0x90 ? trace_hardirqs_off_thunk+0x1a/0x20 ? __x64_sys_ioctl+0x16/0x20 ? do_syscall_64+0x62/0x250 ? entry_SYSCALL_64_after_hwframe+0x49/0xbe Fix that by testing preempt_count() before calling cond_resched(). In kernel 5.8 this can't happen any more due to the entry code rework (more than 100 patches, so not a candidate for backporting). The issue was introduced in kernel 4.3, so this patch should go into all stable kernels in [4.3 ... 5.7]. Reported-by: Sarah Newman Fixes: 0fa2f5cb2b0ecd8 ("sched/preempt, xen: Use need_resched() instead of should_resched()") Cc: Sarah Newman Cc: stable@vger.kernel.org Signed-off-by: Juergen Gross Tested-by: Chris Brannon Signed-off-by: Greg Kroah-Hartman --- drivers/xen/preempt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/xen/preempt.c +++ b/drivers/xen/preempt.c @@ -31,7 +31,7 @@ EXPORT_SYMBOL_GPL(xen_in_preemptible_hca asmlinkage __visible void xen_maybe_preempt_hcall(void) { if (unlikely(__this_cpu_read(xen_in_preemptible_hcall) - && need_resched())) { + && need_resched() && !preempt_count())) { /* * Clear flag as we may be rescheduled on a different * cpu.