This is the start of the stable review cycle for the 5.0.12 release.
There are 101 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat 04 May 2019 02:32:10 PM UTC.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.0.12-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.0.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 5.0.12-rc1
Rasmus Villemoes <[email protected]>
leds: trigger: netdev: use memcpy in device_name_store
Kangjie Lu <[email protected]>
leds: pca9532: fix a potential NULL pointer dereference
Andrei Vagin <[email protected]>
ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
Qian Cai <[email protected]>
kasan: fix variable 'tag' set but not used warning
Joerg Roedel <[email protected]>
iommu/amd: Reserve exclusion range in iova-domain
Changbin Du <[email protected]>
kconfig/[mn]conf: handle backspace (^H) key
Wei Li <[email protected]>
perf machine: Update kernel map address and re-order properly
Solomon Tan <[email protected]>
perf cs-etm: Add missing case value
Max Gurtovoy <[email protected]>
nvmet: fix error flow during ns enable
Ming Lei <[email protected]>
nvmet: fix building bvec from sg list
Martin George <[email protected]>
nvme-multipath: relax ANA state check
Geert Uytterhoeven <[email protected]>
gpio: of: Fix of_gpiochip_add() error path
Sean Christopherson <[email protected]>
KVM: selftests: complete IO before migrating guest state
Sean Christopherson <[email protected]>
KVM: selftests: disable stack protector for all KVM tests
Sean Christopherson <[email protected]>
KVM: selftests: explicitly disable PIE for tests
Sean Christopherson <[email protected]>
KVM: selftests: assert on exit reason in CR4/cpuid sync test
Vitaly Kuznetsov <[email protected]>
x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init
Xiaoyao Li <[email protected]>
kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs
Singh, Brijesh <[email protected]>
KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
Sean Christopherson <[email protected]>
KVM: nVMX: Do not inherit quadrant and invalid for the root shadow EPT
Andrey Smirnov <[email protected]>
gpio: of: Check for "spi-cs-high" in child instead of parent node
Andrey Smirnov <[email protected]>
gpio: of: Check propname before applying "cs-gpios" quirks
David Howells <[email protected]>
afs: Fix StoreData op marshalling
Masahiro Yamada <[email protected]>
kbuild: skip parsing pre sub-make code for recursion
raymond pang <[email protected]>
libata: fix using DMA buffers on stack
Ralph Campbell <[email protected]>
x86/mm: Don't exceed the valid physical address space
Steffen Maier <[email protected]>
scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
Al Viro <[email protected]>
ceph: fix use-after-free on symlink traversal
Mukesh Ojha <[email protected]>
usb: u132-hcd: fix resource leak
Matteo Croce <[email protected]>
x86/realmode: Don't leak the trampoline kernel address
Alakesh Haloi <[email protected]>
SUNRPC: fix uninitialized variable warning
Rafał Miłecki <[email protected]>
leds: trigger: netdev: fix refcnt leak on interface rename
Aditya Pakki <[email protected]>
usb: usb251xb: fix to avoid potential NULL pointer dereference
Kangjie Lu <[email protected]>
scsi: qla4xxx: fix a potential NULL pointer dereference
Dave Carroll <[email protected]>
scsi: aacraid: Insure we don't access PCIe space during AER/EEH
Sreekanth Reddy <[email protected]>
scsi: mpt3sas: Fix kernel panic during expander reset
Dan Carpenter <[email protected]>
staging: vc04_services: Fix an error code in vchiq_probe()
Ming Lei <[email protected]>
sbitmap: order READ/WRITE freed instance and setting clear bit
Sekhar Nori <[email protected]>
ARM: davinci: fix build failure with allnoconfig
Jean-Philippe Brucker <[email protected]>
drm/meson: Uninstall IRQ handler
Jean-Philippe Brucker <[email protected]>
drm/meson: Fix invalid pointer in meson_drv_unbind()
Kangjie Lu <[email protected]>
gpio: aspeed: fix a potential NULL pointer dereference
Noralf Trønnes <[email protected]>
drm: Fix drm_release() and device unplug
Wen Yang <[email protected]>
net: ethernet: ti: fix possible object reference leak
Wen Yang <[email protected]>
net: ibm: fix possible object reference leak
Wen Yang <[email protected]>
net: xilinx: fix possible object reference leak
Trond Myklebust <[email protected]>
NFS: Fix a typo in nfs_init_timeout_values()
Thierry Reding <[email protected]>
drm/tegra: hub: Fix dereference before check
Masanari Iida <[email protected]>
ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi
Davide Caratti <[email protected]>
net/sched: don't dereference a->goto_chain to read the chain index
Harini Katakam <[email protected]>
net: macb: Add null check for PCLK and HCLK
Dan Murphy <[email protected]>
net: phy: Add DP83825I to the DP83822 driver
Aditya Pakki <[email protected]>
staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc
Dan Carpenter <[email protected]>
staging: rtl8712: uninitialized memory in read_bbreg_hdl()
Aditya Pakki <[email protected]>
staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
Aditya Pakki <[email protected]>
staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
Lukas Wunner <[email protected]>
net: ks8851: Set initial carrier state to down
Lukas Wunner <[email protected]>
net: ks8851: Delay requesting IRQ until opened
Lukas Wunner <[email protected]>
net: ks8851: Reassert reset pin if chip ID check fails
Lukas Wunner <[email protected]>
net: ks8851: Dequeue RX packets explicitly
Suzuki K Poulose <[email protected]>
KVM: arm/arm64: Fix handling of stage2 huge mappings
Jarkko Nikula <[email protected]>
i2c: i801: Add support for Intel Comet Lake
Marco Felsch <[email protected]>
ARM: dts: pfla02: increase phy reset duration
Guido Kiener <[email protected]>
usb: gadget: net2272: Fix net2272_dequeue()
Guido Kiener <[email protected]>
usb: gadget: net2280: Fix net2280_dequeue()
Guido Kiener <[email protected]>
usb: gadget: net2280: Fix overrun of OUT messages
Felipe Balbi <[email protected]>
usb: dwc3: pci: add support for Comet Lake PCH ID
Marc Zyngier <[email protected]>
KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots
Marc Zyngier <[email protected]>
KVM: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory
Marc Zyngier <[email protected]>
arm64: KVM: Always set ICH_HCR_EL2.EN if GICv4 is enabled
Marc Zyngier <[email protected]>
KVM: arm64: Reset the PMU in preemptible context
Petr Štetiar <[email protected]>
serial: ar933x_uart: Fix build failure with disabled console
Mao Wenan <[email protected]>
sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
Wen Yang <[email protected]>
ARM: imx51: fix a leaked reference by adding missing of_node_put
Julian Wiedmann <[email protected]>
s390/qeth: fix race when initializing the IP address table
Kangjie Lu <[email protected]>
netfilter: ip6t_srh: fix NULL pointer dereferences
Arnd Bergmann <[email protected]>
netfilter: fix NETFILTER_XT_TARGET_TEE dependencies
Xin Long <[email protected]>
netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
Pablo Neira Ayuso <[email protected]>
netfilter: nft_set_rbtree: check for inactive element after flag mismatch
Maxim Zhukov <[email protected]>
staging, mt7621-pci: fix build without pci support
Arnd Bergmann <[email protected]>
staging: axis-fifo: add CONFIG_OF dependency
Björn Töpel <[email protected]>
xsk: fix umem memory leak on cleanup
Aditya Pakki <[email protected]>
qlcnic: Avoid potential NULL pointer dereference
Aaro Koskinen <[email protected]>
net: stmmac: fix jumbo frame sending with non-linear skbs
Aaro Koskinen <[email protected]>
net: stmmac: don't set own bit too early for jumbo frames
Filipe Manana <[email protected]>
Btrfs: fix file corruption after snapshotting due to mix of buffered/DIO writes
Li RongQing <[email protected]>
ieee802154: hwsim: propagate genlmsg_reply return code
Kangjie Lu <[email protected]>
net: ieee802154: fix a potential NULL pointer dereference
Felix Fietkau <[email protected]>
mt76: mt76x2: fix 2.4 GHz channel gain settings
Felix Fietkau <[email protected]>
mt76: mt76x2: fix external LNA gain settings
Stanislaw Gruszka <[email protected]>
mt76x02: fix hdr pointer in write txwi for USB
Martin Schwidefsky <[email protected]>
s390: limit brk randomization to 32MB
Helen Koike <[email protected]>
ARM: dts: bcm283x: Fix hdmi hpd gpio pull
Takeshi Kihara <[email protected]>
arm64: dts: renesas: r8a77990: Fix SCIF5 DMA channels
Matthew Wilcox <[email protected]>
fs: prevent page refcount overflow in pipe_buf_get
Linus Torvalds <[email protected]>
mm: prevent get_user_pages() from overflowing page refcount
Linus Torvalds <[email protected]>
mm: add 'try_get_page()' helper function
Linus Torvalds <[email protected]>
mm: make page ref count overflow check tighter and more explicit
Ville Syrjälä <[email protected]>
drm/i915: Do not enable FEC without DSC
Rafael J. Wysocki <[email protected]>
Revert "ACPICA: Clear status of GPEs before enabling them"
Paulo Alcantara <[email protected]>
selinux: use kernel linux/socket.h for genheaders and mdp
-------------
Diffstat:
Documentation/i2c/busses/i2c-i801 | 1 +
Makefile | 12 +++--
arch/arm/Kconfig | 1 +
arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts | 2 +-
arch/arm/boot/dts/imx6qdl-icore-rqs.dtsi | 4 +-
arch/arm/boot/dts/imx6qdl-phytec-pfla02.dtsi | 1 +
arch/arm/include/asm/kvm_mmu.h | 11 ++++
arch/arm/include/asm/stage2_pgtable.h | 2 +
arch/arm/mach-imx/mach-imx51.c | 1 +
arch/arm64/boot/dts/renesas/r8a77990.dtsi | 7 ++-
arch/arm64/include/asm/kvm_mmu.h | 11 ++++
arch/arm64/kvm/reset.c | 6 +--
arch/s390/include/asm/elf.h | 11 ++--
arch/x86/include/asm/kvm_host.h | 2 +
arch/x86/kvm/hyperv.c | 9 +++-
arch/x86/kvm/mmu.c | 21 +++++---
arch/x86/kvm/svm.c | 32 ++++++++++++
arch/x86/kvm/vmx/vmx.c | 6 +++
arch/x86/kvm/x86.c | 3 +-
arch/x86/mm/mmap.c | 2 +-
arch/x86/realmode/init.c | 2 -
drivers/acpi/acpica/evgpe.c | 6 +--
drivers/ata/libata-zpodd.c | 34 +++++++++----
drivers/gpio/gpio-aspeed.c | 2 +
drivers/gpio/gpiolib-of.c | 17 +++++--
drivers/gpu/drm/drm_drv.c | 6 +--
drivers/gpu/drm/drm_file.c | 6 +--
drivers/gpu/drm/i915/intel_dp.c | 6 +--
drivers/gpu/drm/meson/meson_drv.c | 9 ++--
drivers/gpu/drm/tegra/hub.c | 4 +-
drivers/i2c/busses/Kconfig | 1 +
drivers/i2c/busses/i2c-i801.c | 4 ++
drivers/iommu/amd_iommu.c | 9 ++--
drivers/iommu/amd_iommu_init.c | 7 +--
drivers/iommu/amd_iommu_types.h | 2 +
drivers/leds/leds-pca9532.c | 8 ++-
drivers/leds/trigger/ledtrig-netdev.c | 16 +++---
drivers/net/ethernet/cadence/macb_main.c | 10 +++-
drivers/net/ethernet/ibm/ehea/ehea_main.c | 1 +
drivers/net/ethernet/micrel/ks8851.c | 36 ++++++-------
.../net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c | 2 +
drivers/net/ethernet/stmicro/stmmac/ring_mode.c | 8 +--
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 14 ++---
drivers/net/ethernet/ti/netcp_ethss.c | 8 ++-
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 2 +
drivers/net/ieee802154/adf7242.c | 4 ++
drivers/net/ieee802154/mac802154_hwsim.c | 2 +-
drivers/net/phy/dp83822.c | 34 ++++++++-----
.../net/wireless/mediatek/mt76/mt76x02_usb_core.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt76x2/phy.c | 30 ++++++++---
drivers/nvme/host/multipath.c | 5 +-
drivers/nvme/target/core.c | 4 +-
drivers/nvme/target/io-cmd-file.c | 20 ++++----
drivers/s390/net/qeth_l3_main.c | 4 +-
drivers/s390/scsi/zfcp_fc.c | 21 ++++++--
drivers/scsi/aacraid/aacraid.h | 7 ++-
drivers/scsi/aacraid/commsup.c | 4 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 6 +++
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 12 +++++
drivers/scsi/qla4xxx/ql4_os.c | 2 +
drivers/staging/axis-fifo/Kconfig | 1 +
drivers/staging/mt7621-pci/Kconfig | 1 +
drivers/staging/rtl8188eu/core/rtw_xmit.c | 9 +++-
drivers/staging/rtl8188eu/include/rtw_xmit.h | 2 +-
drivers/staging/rtl8712/rtl8712_cmd.c | 10 +---
drivers/staging/rtl8712/rtl8712_cmd.h | 2 +-
drivers/staging/rtl8723bs/core/rtw_xmit.c | 14 ++---
drivers/staging/rtl8723bs/include/rtw_xmit.h | 2 +-
drivers/staging/rtlwifi/phydm/rtl_phydm.c | 2 +
drivers/staging/rtlwifi/rtl8822be/fw.c | 2 +
.../vc04_services/interface/vchiq_arm/vchiq_arm.c | 8 ++-
drivers/tty/serial/ar933x_uart.c | 24 +++------
drivers/tty/serial/sc16is7xx.c | 12 ++++-
drivers/usb/dwc3/dwc3-pci.c | 4 ++
drivers/usb/gadget/udc/net2272.c | 1 +
drivers/usb/gadget/udc/net2280.c | 8 ++-
drivers/usb/host/u132-hcd.c | 3 ++
drivers/usb/misc/usb251xb.c | 2 +-
fs/afs/fsclient.c | 6 +--
fs/afs/yfsclient.c | 2 +-
fs/btrfs/transaction.c | 49 +++++++++++++++---
fs/ceph/inode.c | 2 +-
fs/fuse/dev.c | 12 ++---
fs/nfs/client.c | 2 +-
fs/pipe.c | 4 +-
fs/splice.c | 12 ++++-
include/linux/mm.h | 15 +++++-
include/linux/pipe_fs_i.h | 10 ++--
include/linux/sched/signal.h | 18 +++++++
include/net/tc_act/tc_gact.h | 2 +-
include/net/xdp_sock.h | 1 -
kernel/ptrace.c | 15 +++++-
kernel/trace/trace.c | 6 ++-
lib/sbitmap.c | 11 ++++
mm/gup.c | 48 +++++++++++++-----
mm/hugetlb.c | 13 +++++
mm/kasan/kasan.h | 5 +-
net/bridge/br_netfilter_hooks.c | 1 +
net/bridge/br_netfilter_ipv6.c | 2 +
net/ipv6/netfilter/ip6t_srh.c | 6 +++
net/netfilter/Kconfig | 1 +
net/netfilter/nft_set_rbtree.c | 7 ++-
net/sunrpc/xprtsock.c | 4 +-
net/xdp/xdp_umem.c | 19 +------
scripts/kconfig/lxdialog/inputbox.c | 3 +-
scripts/kconfig/nconf.c | 2 +-
scripts/kconfig/nconf.gui.c | 3 +-
scripts/selinux/genheaders/genheaders.c | 1 -
scripts/selinux/mdp/mdp.c | 1 -
security/selinux/include/classmap.h | 1 +
tools/build/feature/test-libopencsd.c | 4 +-
tools/perf/util/cs-etm-decoder/cs-etm-decoder.c | 1 +
tools/perf/util/machine.c | 32 +++++++-----
tools/testing/selftests/kvm/Makefile | 4 +-
tools/testing/selftests/kvm/include/kvm_util.h | 1 +
tools/testing/selftests/kvm/lib/kvm_util.c | 16 ++++++
.../selftests/kvm/x86_64/cr4_cpuid_sync_test.c | 35 +++++++------
tools/testing/selftests/kvm/x86_64/state_test.c | 18 ++++++-
virt/kvm/arm/hyp/vgic-v3-sr.c | 4 +-
virt/kvm/arm/mmu.c | 59 ++++++++++++++++------
virt/kvm/arm/vgic/vgic-its.c | 21 +++++---
virt/kvm/arm/vgic/vgic-v3.c | 4 +-
virt/kvm/arm/vgic/vgic.c | 14 +++--
123 files changed, 777 insertions(+), 350 deletions(-)
[ Upstream commit 544e784188f1dd7c797c70b213385e67d92005b6 ]
Raspberry pi board model B revison 2 have the hot plug detector gpio
active high (and not low as it was in the dts).
Signed-off-by: Helen Koike <[email protected]>
Fixes: 49ac67e0c39c ("ARM: bcm2835: Add VC4 to the device tree.")
Reviewed-by: Eric Anholt <[email protected]>
Signed-off-by: Eric Anholt <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts b/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
index 5641d162dfdb..28e7513ce617 100644
--- a/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
+++ b/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
@@ -93,7 +93,7 @@
};
&hdmi {
- hpd-gpios = <&gpio 46 GPIO_ACTIVE_LOW>;
+ hpd-gpios = <&gpio 46 GPIO_ACTIVE_HIGH>;
};
&pwm {
--
2.19.1
[ Upstream commit 05b7639da55f5555b9866a1f4b7e8995232a6323 ]
Otherwise, we hit bogus ENOENT when removing elements.
Fixes: e701001e7cbe ("netfilter: nft_rbtree: allow adjacent intervals with dynamic updates")
Reported-by: Václav Zindulka <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
net/netfilter/nft_set_rbtree.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index fa61208371f8..321a0036fdf5 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -308,10 +308,6 @@ static void *nft_rbtree_deactivate(const struct net *net,
else if (d > 0)
parent = parent->rb_right;
else {
- if (!nft_set_elem_active(&rbe->ext, genmask)) {
- parent = parent->rb_left;
- continue;
- }
if (nft_rbtree_interval_end(rbe) &&
!nft_rbtree_interval_end(this)) {
parent = parent->rb_left;
@@ -320,6 +316,9 @@ static void *nft_rbtree_deactivate(const struct net *net,
nft_rbtree_interval_end(this)) {
parent = parent->rb_right;
continue;
+ } else if (!nft_set_elem_active(&rbe->ext, genmask)) {
+ parent = parent->rb_left;
+ continue;
}
nft_rbtree_flush(net, set, rbe);
return rbe;
--
2.19.1
From: Rafael J. Wysocki <[email protected]>
commit 2c2a2fb1e2a9256714338875bede6b7cbd4b9542 upstream.
Revert commit c8b1917c8987 ("ACPICA: Clear status of GPEs before
enabling them") that causes problems with Thunderbolt controllers
to occur if a dock device is connected at init time (the xhci_hcd
and thunderbolt modules crash which prevents peripherals connected
through them from working).
Commit c8b1917c8987 effectively causes commit ecc1165b8b74 ("ACPICA:
Dispatch active GPEs at init time") to get undone, so the problem
addressed by commit ecc1165b8b74 appears again as a result of it.
Fixes: c8b1917c8987 ("ACPICA: Clear status of GPEs before enabling them")
Link: https://lore.kernel.org/lkml/[email protected]/T/#u
Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1132943
Reported-by: Michael Hirmke <[email protected]>
Reported-by: Takashi Iwai <[email protected]>
Cc: 4.17+ <[email protected]> # 4.17+
Signed-off-by: Rafael J. Wysocki <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/acpi/acpica/evgpe.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
--- a/drivers/acpi/acpica/evgpe.c
+++ b/drivers/acpi/acpica/evgpe.c
@@ -81,12 +81,8 @@ acpi_status acpi_ev_enable_gpe(struct ac
ACPI_FUNCTION_TRACE(ev_enable_gpe);
- /* Clear the GPE status */
- status = acpi_hw_clear_gpe(gpe_event_info);
- if (ACPI_FAILURE(status))
- return_ACPI_STATUS(status);
-
/* Enable the requested GPE */
+
status = acpi_hw_low_set_gpe(gpe_event_info, ACPI_GPE_ENABLE);
return_ACPI_STATUS(status);
}
[ Upstream commit 58f2ce6f61615dfd8dd3cc01c9e5bb54ed35637e ]
When sending non-linear skbs with jumbo frames, we set up the non-paged
data and mark that as a last segment, although the paged fragments are
also prepared. This will stall the TX queue and trigger a watchdog warning
(a simple reproducer is to run an iperf client mode TCP test with a large
MTU - networking fails instantly).
Fix by checking if the skb is non-linear.
Signed-off-by: Aaro Koskinen <[email protected]>
Acked-by: Jose Abreu <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
drivers/net/ethernet/stmicro/stmmac/ring_mode.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/ring_mode.c b/drivers/net/ethernet/stmicro/stmmac/ring_mode.c
index afed0f0f4027..4d9bcb4d0378 100644
--- a/drivers/net/ethernet/stmicro/stmmac/ring_mode.c
+++ b/drivers/net/ethernet/stmicro/stmmac/ring_mode.c
@@ -79,7 +79,8 @@ static int jumbo_frm(void *p, struct sk_buff *skb, int csum)
desc->des3 = cpu_to_le32(des2 + BUF_SIZE_4KiB);
stmmac_prepare_tx_desc(priv, desc, 0, len, csum,
- STMMAC_RING_MODE, 1, true, skb->len);
+ STMMAC_RING_MODE, 1, !skb_is_nonlinear(skb),
+ skb->len);
} else {
des2 = dma_map_single(priv->device, skb->data,
nopaged_len, DMA_TO_DEVICE);
@@ -91,7 +92,8 @@ static int jumbo_frm(void *p, struct sk_buff *skb, int csum)
tx_q->tx_skbuff_dma[entry].is_jumbo = true;
desc->des3 = cpu_to_le32(des2 + BUF_SIZE_4KiB);
stmmac_prepare_tx_desc(priv, desc, 1, nopaged_len, csum,
- STMMAC_RING_MODE, 0, true, skb->len);
+ STMMAC_RING_MODE, 0, !skb_is_nonlinear(skb),
+ skb->len);
}
tx_q->cur_tx = entry;
--
2.19.1
From: Linus Torvalds <[email protected]>
commit 8fde12ca79aff9b5ba951fce1a2641901b8d8e64 upstream.
If the page refcount wraps around past zero, it will be freed while
there are still four billion references to it. One of the possible
avenues for an attacker to try to make this happen is by doing direct IO
on a page multiple times. This patch makes get_user_pages() refuse to
take a new page reference if there are already more than two billion
references to the page.
Reported-by: Jann Horn <[email protected]>
Acked-by: Matthew Wilcox <[email protected]>
Cc: [email protected]
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
mm/gup.c | 48 ++++++++++++++++++++++++++++++++++++------------
mm/hugetlb.c | 13 +++++++++++++
2 files changed, 49 insertions(+), 12 deletions(-)
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -157,8 +157,12 @@ retry:
goto retry;
}
- if (flags & FOLL_GET)
- get_page(page);
+ if (flags & FOLL_GET) {
+ if (unlikely(!try_get_page(page))) {
+ page = ERR_PTR(-ENOMEM);
+ goto out;
+ }
+ }
if (flags & FOLL_TOUCH) {
if ((flags & FOLL_WRITE) &&
!pte_dirty(pte) && !PageDirty(page))
@@ -295,7 +299,10 @@ retry_locked:
if (pmd_trans_unstable(pmd))
ret = -EBUSY;
} else {
- get_page(page);
+ if (unlikely(!try_get_page(page))) {
+ spin_unlock(ptl);
+ return ERR_PTR(-ENOMEM);
+ }
spin_unlock(ptl);
lock_page(page);
ret = split_huge_page(page);
@@ -497,7 +504,10 @@ static int get_gate_page(struct mm_struc
if (is_device_public_page(*page))
goto unmap;
}
- get_page(*page);
+ if (unlikely(!try_get_page(*page))) {
+ ret = -ENOMEM;
+ goto unmap;
+ }
out:
ret = 0;
unmap:
@@ -1393,6 +1403,20 @@ static void undo_dev_pagemap(int *nr, in
}
}
+/*
+ * Return the compund head page with ref appropriately incremented,
+ * or NULL if that failed.
+ */
+static inline struct page *try_get_compound_head(struct page *page, int refs)
+{
+ struct page *head = compound_head(page);
+ if (WARN_ON_ONCE(page_ref_count(head) < 0))
+ return NULL;
+ if (unlikely(!page_cache_add_speculative(head, refs)))
+ return NULL;
+ return head;
+}
+
#ifdef CONFIG_ARCH_HAS_PTE_SPECIAL
static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
int write, struct page **pages, int *nr)
@@ -1427,9 +1451,9 @@ static int gup_pte_range(pmd_t pmd, unsi
VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
page = pte_page(pte);
- head = compound_head(page);
- if (!page_cache_get_speculative(head))
+ head = try_get_compound_head(page, 1);
+ if (!head)
goto pte_unmap;
if (unlikely(pte_val(pte) != pte_val(*ptep))) {
@@ -1568,8 +1592,8 @@ static int gup_huge_pmd(pmd_t orig, pmd_
refs++;
} while (addr += PAGE_SIZE, addr != end);
- head = compound_head(pmd_page(orig));
- if (!page_cache_add_speculative(head, refs)) {
+ head = try_get_compound_head(pmd_page(orig), refs);
+ if (!head) {
*nr -= refs;
return 0;
}
@@ -1606,8 +1630,8 @@ static int gup_huge_pud(pud_t orig, pud_
refs++;
} while (addr += PAGE_SIZE, addr != end);
- head = compound_head(pud_page(orig));
- if (!page_cache_add_speculative(head, refs)) {
+ head = try_get_compound_head(pud_page(orig), refs);
+ if (!head) {
*nr -= refs;
return 0;
}
@@ -1643,8 +1667,8 @@ static int gup_huge_pgd(pgd_t orig, pgd_
refs++;
} while (addr += PAGE_SIZE, addr != end);
- head = compound_head(pgd_page(orig));
- if (!page_cache_add_speculative(head, refs)) {
+ head = try_get_compound_head(pgd_page(orig), refs);
+ if (!head) {
*nr -= refs;
return 0;
}
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -4298,6 +4298,19 @@ long follow_hugetlb_page(struct mm_struc
pfn_offset = (vaddr & ~huge_page_mask(h)) >> PAGE_SHIFT;
page = pte_page(huge_ptep_get(pte));
+
+ /*
+ * Instead of doing 'try_get_page()' below in the same_page
+ * loop, just check the count once here.
+ */
+ if (unlikely(page_count(page) <= 0)) {
+ if (pages) {
+ spin_unlock(ptl);
+ remainder = 0;
+ err = -ENOMEM;
+ break;
+ }
+ }
same_page:
if (pages) {
pages[i] = mem_map_offset(page, pfn_offset);
[ Upstream commit 80acbed9f8fca1db3fbe915540b756f048aa0fd7 ]
Commit 0e80bdc9a72d ("stmmac: first frame prep at the end of xmit
routine") overlooked jumbo frames when re-ordering the code, and as a
result the own bit was not getting set anymore for the first jumbo frame
descriptor. Commit 487e2e22ab79 ("net: stmmac: Set OWN bit for jumbo
frames") tried to fix this, but now the bit is getting set too early and
the DMA may start while we are still setting up the remaining descriptors.
And with the chain mode the own bit remains still unset.
Fix by setting the own bit at the end of xmit also with jumbo frames.
Fixes: 0e80bdc9a72d ("stmmac: first frame prep at the end of xmit routine")
Fixes: 487e2e22ab79 ("net: stmmac: Set OWN bit for jumbo frames")
Signed-off-by: Aaro Koskinen <[email protected]>
Acked-by: Jose Abreu <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
drivers/net/ethernet/stmicro/stmmac/ring_mode.c | 4 ++--
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 14 ++++++++------
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/ring_mode.c b/drivers/net/ethernet/stmicro/stmmac/ring_mode.c
index c0c75c111abb..afed0f0f4027 100644
--- a/drivers/net/ethernet/stmicro/stmmac/ring_mode.c
+++ b/drivers/net/ethernet/stmicro/stmmac/ring_mode.c
@@ -59,7 +59,7 @@ static int jumbo_frm(void *p, struct sk_buff *skb, int csum)
desc->des3 = cpu_to_le32(des2 + BUF_SIZE_4KiB);
stmmac_prepare_tx_desc(priv, desc, 1, bmax, csum,
- STMMAC_RING_MODE, 1, false, skb->len);
+ STMMAC_RING_MODE, 0, false, skb->len);
tx_q->tx_skbuff[entry] = NULL;
entry = STMMAC_GET_ENTRY(entry, DMA_TX_SIZE);
@@ -91,7 +91,7 @@ static int jumbo_frm(void *p, struct sk_buff *skb, int csum)
tx_q->tx_skbuff_dma[entry].is_jumbo = true;
desc->des3 = cpu_to_le32(des2 + BUF_SIZE_4KiB);
stmmac_prepare_tx_desc(priv, desc, 1, nopaged_len, csum,
- STMMAC_RING_MODE, 1, true, skb->len);
+ STMMAC_RING_MODE, 0, true, skb->len);
}
tx_q->cur_tx = entry;
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index 1d8d6f2ddfd6..0bc3632880b5 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -3190,14 +3190,16 @@ static netdev_tx_t stmmac_xmit(struct sk_buff *skb, struct net_device *dev)
stmmac_prepare_tx_desc(priv, first, 1, nopaged_len,
csum_insertion, priv->mode, 1, last_segment,
skb->len);
-
- /* The own bit must be the latest setting done when prepare the
- * descriptor and then barrier is needed to make sure that
- * all is coherent before granting the DMA engine.
- */
- wmb();
+ } else {
+ stmmac_set_tx_owner(priv, first);
}
+ /* The own bit must be the latest setting done when prepare the
+ * descriptor and then barrier is needed to make sure that
+ * all is coherent before granting the DMA engine.
+ */
+ wmb();
+
netdev_tx_sent_queue(netdev_get_tx_queue(dev, queue), skb->len);
stmmac_enable_dma_transmission(priv, priv->ioaddr);
--
2.19.1
[ Upstream commit 7221b727f0079a32aca91f657141e1de564d4b97 ]
The ucast IP table is utilized by some of the L3-specific sysfs attributes
that qeth_l3_create_device_attributes() provides. So initialize the table
_before_ registering the attributes.
Fixes: ebccc7397e4a ("s390/qeth: add missing hash table initializations")
Signed-off-by: Julian Wiedmann <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
drivers/s390/net/qeth_l3_main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/s390/net/qeth_l3_main.c b/drivers/s390/net/qeth_l3_main.c
index df34bff4ac31..f73ce96e9603 100644
--- a/drivers/s390/net/qeth_l3_main.c
+++ b/drivers/s390/net/qeth_l3_main.c
@@ -2316,12 +2316,14 @@ static int qeth_l3_probe_device(struct ccwgroup_device *gdev)
struct qeth_card *card = dev_get_drvdata(&gdev->dev);
int rc;
+ hash_init(card->ip_htable);
+
if (gdev->dev.type == &qeth_generic_devtype) {
rc = qeth_l3_create_device_attributes(&gdev->dev);
if (rc)
return rc;
}
- hash_init(card->ip_htable);
+
hash_init(card->ip_mc_htable);
card->info.hwtrap = 0;
return 0;
--
2.19.1
[ Upstream commit b8cfd87ac24273e36fbd3ecda631f3ba6566d493 ]
AGC register 35, 37 override for the low gain setting should only be done
on 5 GHz. Also, 2.4 GHz needs a different value for register 35
Signed-off-by: Felix Fietkau <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
.../net/wireless/mediatek/mt76/mt76x2/phy.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76x2/phy.c b/drivers/net/wireless/mediatek/mt76/mt76x2/phy.c
index 11167b7af668..2f618536ef2a 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x2/phy.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x2/phy.c
@@ -285,6 +285,7 @@ void mt76x2_phy_update_channel_gain(struct mt76x02_dev *dev)
{
u8 *gain = dev->cal.agc_gain_init;
u8 low_gain_delta, gain_delta;
+ u32 agc_35, agc_37;
bool gain_change;
int low_gain;
u32 val;
@@ -321,6 +322,16 @@ void mt76x2_phy_update_channel_gain(struct mt76x02_dev *dev)
else
low_gain_delta = 14;
+ agc_37 = 0x2121262c;
+ if (dev->mt76.chandef.chan->band == NL80211_BAND_2GHZ)
+ agc_35 = 0x11111516;
+ else if (low_gain == 2)
+ agc_35 = agc_37 = 0x08080808;
+ else if (dev->mt76.chandef.width == NL80211_CHAN_WIDTH_80)
+ agc_35 = 0x10101014;
+ else
+ agc_35 = 0x11111116;
+
if (low_gain == 2) {
mt76_wr(dev, MT_BBP(RXO, 18), 0xf000a990);
mt76_wr(dev, MT_BBP(AGC, 35), 0x08080808);
@@ -329,15 +340,13 @@ void mt76x2_phy_update_channel_gain(struct mt76x02_dev *dev)
dev->cal.agc_gain_adjust = 0;
} else {
mt76_wr(dev, MT_BBP(RXO, 18), 0xf000a991);
- if (dev->mt76.chandef.width == NL80211_CHAN_WIDTH_80)
- mt76_wr(dev, MT_BBP(AGC, 35), 0x10101014);
- else
- mt76_wr(dev, MT_BBP(AGC, 35), 0x11111116);
- mt76_wr(dev, MT_BBP(AGC, 37), 0x2121262C);
gain_delta = 0;
dev->cal.agc_gain_adjust = low_gain_delta;
}
+ mt76_wr(dev, MT_BBP(AGC, 35), agc_35);
+ mt76_wr(dev, MT_BBP(AGC, 37), agc_37);
+
dev->cal.agc_gain_cur[0] = gain[0] - gain_delta;
dev->cal.agc_gain_cur[1] = gain[1] - gain_delta;
mt76x2_phy_set_gain_val(dev);
--
2.19.1
[ Upstream commit d1fa381033eb718df5c602f64b6e88676138dfc6 ]
With NETFILTER_XT_TARGET_TEE=y and IP6_NF_IPTABLES=m, we get a link
error when referencing the NF_DUP_IPV6 module:
net/netfilter/xt_TEE.o: In function `tee_tg6':
xt_TEE.c:(.text+0x14): undefined reference to `nf_dup_ipv6'
The problem here is the 'select NF_DUP_IPV6 if IP6_NF_IPTABLES'
that forces NF_DUP_IPV6 to be =m as well rather than setting it
to =y as was intended here. Adding a soft dependency on
IP6_NF_IPTABLES avoids that broken configuration.
Fixes: 5d400a4933e8 ("netfilter: Kconfig: Change select IPv6 dependencies")
Cc: Máté Eckl <[email protected]>
Cc: Taehee Yoo <[email protected]>
Link: https://patchwork.ozlabs.org/patch/999498/
Link: https://lore.kernel.org/patchwork/patch/960062/
Reported-by: Randy Dunlap <[email protected]>
Reported-by: Stephen Rothwell <[email protected]>
Signed-off-by: Arnd Bergmann <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
net/netfilter/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index beb3a69ce1d4..0f0e5806bf77 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -995,6 +995,7 @@ config NETFILTER_XT_TARGET_TEE
depends on NETFILTER_ADVANCED
depends on IPV6 || IPV6=n
depends on !NF_CONNTRACK || NF_CONNTRACK
+ depends on IP6_NF_IPTABLES || !IP6_NF_IPTABLES
select NF_DUP_IPV4
select NF_DUP_IPV6 if IP6_NF_IPTABLES
---help---
--
2.19.1
[ Upstream commit 19b39a25388e71390e059906c979f87be4ef0c71 ]
genlmsg_reply can fail, so propagate its return code
Signed-off-by: Li RongQing <[email protected]>
Signed-off-by: Stefan Schmidt <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
drivers/net/ieee802154/mac802154_hwsim.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c
index b6743f03dce0..3b88846de31b 100644
--- a/drivers/net/ieee802154/mac802154_hwsim.c
+++ b/drivers/net/ieee802154/mac802154_hwsim.c
@@ -324,7 +324,7 @@ static int hwsim_get_radio_nl(struct sk_buff *msg, struct genl_info *info)
goto out_err;
}
- genlmsg_reply(skb, info);
+ res = genlmsg_reply(skb, info);
break;
}
--
2.19.1
[ Upstream commit 7b25d3b8e485c7721cba9c71b44d1c286e61c8e7 ]
Since we add txwi at the begining of skb->data, it no longer point
to ieee80211_hdr. This breaks settings TS bit for probe response and
beacons.
Acked-by: Lorenzo Bianconi <[email protected]>
Signed-off-by: Stanislaw Gruszka <[email protected]>
Signed-off-by: Felix Fietkau <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
index 81970cf777c0..8cafa5a749ca 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
@@ -81,8 +81,9 @@ int mt76x02u_tx_prepare_skb(struct mt76_dev *mdev, void *data,
mt76x02_insert_hdr_pad(skb);
- txwi = skb_push(skb, sizeof(struct mt76x02_txwi));
+ txwi = (struct mt76x02_txwi *)(skb->data - sizeof(struct mt76x02_txwi));
mt76x02_mac_write_txwi(dev, txwi, skb, wcid, sta, len);
+ skb_push(skb, sizeof(struct mt76x02_txwi));
pid = mt76_tx_status_skb_add(mdev, wcid, skb);
txwi->pktid = pid;
--
2.19.1
[ Upstream commit 1beea6204e2304dd11600791d8dad8e7350af6ad ]
When building without CONFIG_OF, the compiler loses track of the flow
control in axis_fifo_probe(), and thinks that many variables are used
without an initialization even though we actually leave the function
before the first use:
drivers/staging/axis-fifo/axis-fifo.c: In function 'axis_fifo_probe':
drivers/staging/axis-fifo/axis-fifo.c:900:5: error: 'rxd_tdata_width' may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (rxd_tdata_width != 32) {
^
drivers/staging/axis-fifo/axis-fifo.c:907:5: error: 'txd_tdata_width' may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (txd_tdata_width != 32) {
^
drivers/staging/axis-fifo/axis-fifo.c:914:5: error: 'has_tdest' may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (has_tdest) {
^
drivers/staging/axis-fifo/axis-fifo.c:919:5: error: 'has_tid' may be used uninitialized in this function [-Werror=maybe-uninitialized]
When CONFIG_OF is set, this does not happen, and since the driver cannot
work without it, just add that option as a Kconfig dependency.
Signed-off-by: Arnd Bergmann <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
drivers/staging/axis-fifo/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/staging/axis-fifo/Kconfig b/drivers/staging/axis-fifo/Kconfig
index 687537203d9c..d9725888af6f 100644
--- a/drivers/staging/axis-fifo/Kconfig
+++ b/drivers/staging/axis-fifo/Kconfig
@@ -3,6 +3,7 @@
#
config XIL_AXIS_FIFO
tristate "Xilinx AXI-Stream FIFO IP core driver"
+ depends on OF
default n
help
This adds support for the Xilinx AXI-Stream
--
2.19.1
[ Upstream commit 5bf7295fe34a5251b1d241b9736af4697b590670 ]
netdev_alloc_skb can fail and return a NULL pointer which is
dereferenced without a check. The patch avoids such a scenario.
Signed-off-by: Aditya Pakki <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c
index 3b0adda7cc9c..a4cd6f2cfb86 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c
@@ -1048,6 +1048,8 @@ int qlcnic_do_lb_test(struct qlcnic_adapter *adapter, u8 mode)
for (i = 0; i < QLCNIC_NUM_ILB_PKT; i++) {
skb = netdev_alloc_skb(adapter->netdev, QLCNIC_ILB_PKT_SIZE);
+ if (!skb)
+ break;
qlcnic_create_loopback_buff(skb->data, adapter->mac_addr);
skb_put(skb, QLCNIC_ILB_PKT_SIZE);
adapter->ahw->diag_cnt = 0;
--
2.19.1
[ Upstream commit 609e804d771f59dc5d45a93e5ee0053c74bbe2bf ]
When we are mixing buffered writes with direct IO writes against the same
file and snapshotting is happening concurrently, we can end up with a
corrupt file content in the snapshot. Example:
1) Inode/file is empty.
2) Snapshotting starts.
2) Buffered write at offset 0 length 256Kb. This updates the i_size of the
inode to 256Kb, disk_i_size remains zero. This happens after the task
doing the snapshot flushes all existing delalloc.
3) DIO write at offset 256Kb length 768Kb. Once the ordered extent
completes it sets the inode's disk_i_size to 1Mb (256Kb + 768Kb) and
updates the inode item in the fs tree with a size of 1Mb (which is
the value of disk_i_size).
4) The dealloc for the range [0, 256Kb[ did not start yet.
5) The transaction used in the DIO ordered extent completion, which updated
the inode item, is committed by the snapshotting task.
6) Snapshot creation completes.
7) Dealloc for the range [0, 256Kb[ is flushed.
After that when reading the file from the snapshot we always get zeroes for
the range [0, 256Kb[, the file has a size of 1Mb and the data written by
the direct IO write is found. From an application's point of view this is
a corruption, since in the source subvolume it could never read a version
of the file that included the data from the direct IO write without the
data from the buffered write included as well. In the snapshot's tree,
file extent items are missing for the range [0, 256Kb[.
The issue, obviously, does not happen when using the -o flushoncommit
mount option.
Fix this by flushing delalloc for all the roots that are about to be
snapshotted when committing a transaction. This guarantees total ordering
when updating the disk_i_size of an inode since the flush for dealloc is
done when a transaction is in the TRANS_STATE_COMMIT_START state and wait
is done once no more external writers exist. This is similar to what we
do when using the flushoncommit mount option, but we do it only if the
transaction has snapshots to create and only for the roots of the
subvolumes to be snapshotted. The bulk of the dealloc is flushed in the
snapshot creation ioctl, so the flush work we do inside the transaction
is minimized.
This issue, involving buffered and direct IO writes with snapshotting, is
often triggered by fstest btrfs/078, and got reported by fsck when not
using the NO_HOLES features, for example:
$ cat results/btrfs/078.full
(...)
_check_btrfs_filesystem: filesystem on /dev/sdc is inconsistent
*** fsck.btrfs output ***
[1/7] checking root items
[2/7] checking extents
[3/7] checking free space cache
[4/7] checking fs roots
root 258 inode 264 errors 100, file extent discount
Found file extent holes:
start: 524288, len: 65536
ERROR: errors found in fs roots
Signed-off-by: Filipe Manana <[email protected]>
Signed-off-by: David Sterba <[email protected]>
Signed-off-by: Sasha Levin (Microsoft) <[email protected]>
---
fs/btrfs/transaction.c | 49 ++++++++++++++++++++++++++++++++++++------
1 file changed, 43 insertions(+), 6 deletions(-)
diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
index 4ec2b660d014..7f3ece91a4d0 100644
--- a/fs/btrfs/transaction.c
+++ b/fs/btrfs/transaction.c
@@ -1886,8 +1886,10 @@ static void btrfs_cleanup_pending_block_groups(struct btrfs_trans_handle *trans)
}
}
-static inline int btrfs_start_delalloc_flush(struct btrfs_fs_info *fs_info)
+static inline int btrfs_start_delalloc_flush(struct btrfs_trans_handle *trans)
{
+ struct btrfs_fs_info *fs_info = trans->fs_info;
+
/*
* We use writeback_inodes_sb here because if we used
* btrfs_start_delalloc_roots we would deadlock with fs freeze.
@@ -1897,15 +1899,50 @@ static inline int btrfs_start_delalloc_flush(struct btrfs_fs_info *fs_info)
* from already being in a transaction and our join_transaction doesn't
* have to re-take the fs freeze lock.
*/
- if (btrfs_test_opt(fs_info, FLUSHONCOMMIT))
+ if (btrfs_test_opt(fs_info, FLUSHONCOMMIT)) {
writeback_inodes_sb(fs_info->sb, WB_REASON_SYNC);
+ } else {
+ struct btrfs_pending_snapshot *pending;
+ struct list_head *head = &trans->transaction->pending_snapshots;
+
+ /*
+ * Flush dellaloc for any root that is going to be snapshotted.
+ * This is done to avoid a corrupted version of files, in the
+ * snapshots, that had both buffered and direct IO writes (even
+ * if they were done sequentially) due to an unordered update of
+ * the inode's size on disk.
+ */
+ list_for_each_entry(pending, head, list) {
+ int ret;
+
+ ret = btrfs_start_delalloc_snapshot(pending->root);
+ if (ret)
+ return ret;
+ }
+ }
return 0;
}
-static inline void btrfs_wait_delalloc_flush(struct btrfs_fs_info *fs_info)
+static inline void btrfs_wait_delalloc_flush(struct btrfs_trans_handle *trans)
{
- if (btrfs_test_opt(fs_info, FLUSHONCOMMIT))
+ struct btrfs_fs_info *fs_info = trans->fs_info;
+
+ if (btrfs_test_opt(fs_info, FLUSHONCOMMIT)) {
btrfs_wait_ordered_roots(fs_info, U64_MAX, 0, (u64)-1);
+ } else {
+ struct btrfs_pending_snapshot *pending;
+ struct list_head *head = &trans->transaction->pending_snapshots;
+
+ /*
+ * Wait for any dellaloc that we started previously for the roots
+ * that are going to be snapshotted. This is to avoid a corrupted
+ * version of files in the snapshots that had both buffered and
+ * direct IO writes (even if they were done sequentially).
+ */
+ list_for_each_entry(pending, head, list)
+ btrfs_wait_ordered_extents(pending->root,
+ U64_MAX, 0, U64_MAX);
+ }
}
int btrfs_commit_transaction(struct btrfs_trans_handle *trans)
@@ -2024,7 +2061,7 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans)
extwriter_counter_dec(cur_trans, trans->type);
- ret = btrfs_start_delalloc_flush(fs_info);
+ ret = btrfs_start_delalloc_flush(trans);
if (ret)
goto cleanup_transaction;
@@ -2040,7 +2077,7 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans)
if (ret)
goto cleanup_transaction;
- btrfs_wait_delalloc_flush(fs_info);
+ btrfs_wait_delalloc_flush(trans);
btrfs_scrub_pause(fs_info);
/*
--
2.19.1
stable-rc/linux-5.0.y boot: 129 boots: 4 failed, 121 passed with 3 offline, 1 untried/unknown (v5.0.11-102-g17f93022a8c9)
Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-5.0.y/kernel/v5.0.11-102-g17f93022a8c9/
Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.0.y/kernel/v5.0.11-102-g17f93022a8c9/
Tree: stable-rc
Branch: linux-5.0.y
Git Describe: v5.0.11-102-g17f93022a8c9
Git Commit: 17f93022a8c96d740be0f8dfc01e1ccaa70eea5f
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Tested: 74 unique boards, 24 SoC families, 14 builds out of 208
Boot Regressions Detected:
arm:
multi_v7_defconfig:
gcc-7:
sun8i-h2-plus-libretech-all-h3-cc:
lab-baylibre: new failure (last pass: v5.0.11)
Boot Failures Detected:
arm:
multi_v7_defconfig:
gcc-7:
bcm4708-smartrg-sr400ac: 1 failed lab
bcm72521-bcm97252sffe: 1 failed lab
bcm7445-bcm97445c: 1 failed lab
sun8i-h2-plus-libretech-all-h3-cc: 1 failed lab
Offline Platforms:
arm:
davinci_all_defconfig:
gcc-7
dm365evm,legacy: 1 offline lab
exynos_defconfig:
gcc-7
exynos5800-peach-pi: 1 offline lab
multi_v7_defconfig:
gcc-7
exynos5800-peach-pi: 1 offline lab
---
For more info write to <[email protected]>
On Thu, 2 May 2019 at 21:00, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 5.0.12 release.
> There are 101 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 04 May 2019 02:32:10 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.0.12-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Summary
------------------------------------------------------------------------
kernel: 5.0.12-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-5.0.y
git commit: 17f93022a8c96d740be0f8dfc01e1ccaa70eea5f
git describe: v5.0.11-102-g17f93022a8c9
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.0-oe/build/v5.0.11-102-g17f93022a8c9
No regressions (compared to build v5.0.11)
No fixes (compared to build v5.0.11)
Ran 22922 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c
- hi6220-hikey
- i386
- juno-r2
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15
- x86
Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* libgpiod
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-timers-tests
* perf
* v4l2-compliance
* kvm-unit-tests
* ltp-commands-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fs-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* spectre-meltdown-checker-test
* ltp-open-posix-tests
* kselftest-vsyscall-mode-none
--
Linaro LKFT
https://lkft.linaro.org
On Fri, May 03, 2019 at 12:19:51PM +0530, Naresh Kamboju wrote:
> On Thu, 2 May 2019 at 21:00, Greg Kroah-Hartman
> <[email protected]> wrote:
> >
> > This is the start of the stable review cycle for the 5.0.12 release.
> > There are 101 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat 04 May 2019 02:32:10 PM UTC.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.0.12-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.0.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
> >
>
> Results from Linaro’s test farm.
> No regressions on arm64, arm, x86_64, and i386.
Great! Thanks for testing all of these and letting me know.
greg k-h
On 02/05/2019 16:20, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.0.12 release.
> There are 101 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 04 May 2019 02:32:10 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.0.12-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests are passing for Tegra ...
Test results for stable-v5.0:
12 builds: 12 pass, 0 fail
22 boots: 22 pass, 0 fail
32 tests: 32 pass, 0 fail
Linux version: 5.0.12-rc1-g17f9302
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana, tegra210,
tegra210-p2371-2180, tegra30-cardhu-a04
Cheers
Jon
--
nvpublic
On Thu, May 02, 2019 at 05:20:02PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.0.12 release.
> There are 101 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 04 May 2019 02:32:10 PM UTC.
> Anything received after that time might be too late.
>
Build results:
total: 159 pass: 159 fail: 0
Qemu test results:
total: 349 pass: 349 fail: 0
Guenter
On 5/2/19 9:20 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.0.12 release.
> There are 101 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 04 May 2019 02:32:10 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.0.12-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
thanks,
-- Shuah
On Thu, May 02, 2019 at 05:20:02PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.0.12 release.
> There are 101 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 04 May 2019 02:32:10 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.0.12-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Compiled, booted, and no dmesg regressions on my system.
Cheers,
Kelsey
On Fri, May 03, 2019 at 03:19:03PM -0600, shuah wrote:
> On 5/2/19 9:20 AM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.0.12 release.
> > There are 101 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat 04 May 2019 02:32:10 PM UTC.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.0.12-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.0.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
> >
>
> Compiled and booted on my test system. No dmesg regressions.
Thanks for testing all of these and letting me know.
greg k-h
On Fri, May 03, 2019 at 10:27:56AM +0100, Jon Hunter wrote:
>
> On 02/05/2019 16:20, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.0.12 release.
> > There are 101 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat 04 May 2019 02:32:10 PM UTC.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.0.12-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.0.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
> All tests are passing for Tegra ...
>
> Test results for stable-v5.0:
> 12 builds: 12 pass, 0 fail
> 22 boots: 22 pass, 0 fail
> 32 tests: 32 pass, 0 fail
>
> Linux version: 5.0.12-rc1-g17f9302
> Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
> tegra194-p2972-0000, tegra20-ventana, tegra210,
> tegra210-p2371-2180, tegra30-cardhu-a04
Thanks for testing all of these and letting me know.
greg k-h
On Fri, May 03, 2019 at 10:16:30AM -0700, Guenter Roeck wrote:
> On Thu, May 02, 2019 at 05:20:02PM +0200, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.0.12 release.
> > There are 101 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat 04 May 2019 02:32:10 PM UTC.
> > Anything received after that time might be too late.
> >
>
> Build results:
> total: 159 pass: 159 fail: 0
> Qemu test results:
> total: 349 pass: 349 fail: 0
Thanks for testing all of these and letting me know.
greg k-h
On Fri, May 03, 2019 at 07:28:11PM -0600, Kelsey Skunberg wrote:
> On Thu, May 02, 2019 at 05:20:02PM +0200, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.0.12 release.
> > There are 101 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat 04 May 2019 02:32:10 PM UTC.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.0.12-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.0.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
> Compiled, booted, and no dmesg regressions on my system.
Thanks for testing!