1. 01 Dec, 2015 7 commits
  2. 30 Nov, 2015 15 commits
    • Seth Forshee's avatar
      userns: Replace in_userns with current_in_userns · 9977ba76
      Seth Forshee authored
      All current callers of in_userns pass current_user_ns as the
      first argument. Simplify by replacing in_userns with
      current_in_userns which checks whether current_user_ns is in the
      namespace supplied as an argument.
      Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
      Acked-by: default avatarJames Morris <james.l.morris@oracle.com>
      9977ba76
    • Seth Forshee's avatar
      selinux: Add support for unprivileged mounts from user namespaces · d0210b59
      Seth Forshee authored
      Security labels from unprivileged mounts in user namespaces must
      be ignored. Force superblocks from user namespaces whose labeling
      behavior is to use xattrs to use mountpoint labeling instead.
      For the mountpoint label, default to converting the current task
      context into a form suitable for file objects, but also allow the
      policy writer to specify a different label through policy
      transition rules.
      
      Pieced together from code snippets provided by Stephen Smalley.
      Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Acked-by: default avatarJames Morris <james.l.morris@oracle.com>
      d0210b59
    • Andy Lutomirski's avatar
      fs: Treat foreign mounts as nosuid · 4253b10f
      Andy Lutomirski authored
      If a process gets access to a mount from a different user
      namespace, that process should not be able to take advantage of
      setuid files or selinux entrypoints from that filesystem.  Prevent
      this by treating mounts from other mount namespaces and those not
      owned by current_user_ns() or an ancestor as nosuid.
      
      This will make it safer to allow more complex filesystems to be
      mounted in non-root user namespaces.
      
      This does not remove the need for MNT_LOCK_NOSUID.  The setuid,
      setgid, and file capability bits can no longer be abused if code in
      a user namespace were to clear nosuid on an untrusted filesystem,
      but this patch, by itself, is insufficient to protect the system
      from abuse of files that, when execed, would increase MAC privilege.
      
      As a more concrete explanation, any task that can manipulate a
      vfsmount associated with a given user namespace already has
      capabilities in that namespace and all of its descendents.  If they
      can cause a malicious setuid, setgid, or file-caps executable to
      appear in that mount, then that executable will only allow them to
      elevate privileges in exactly the set of namespaces in which they
      are already privileges.
      
      On the other hand, if they can cause a malicious executable to
      appear with a dangerous MAC label, running it could change the
      caller's security context in a way that should not have been
      possible, even inside the namespace in which the task is confined.
      
      As a hardening measure, this would have made CVE-2014-5207 much
      more difficult to exploit.
      Signed-off-by: default avatarAndy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
      Acked-by: default avatarJames Morris <james.l.morris@oracle.com>
      4253b10f
    • Seth Forshee's avatar
      block_dev: Check permissions towards block device inode when mounting · 8826be7f
      Seth Forshee authored
      Unprivileged users should not be able to mount block devices when
      they lack sufficient privileges towards the block device inode.
      Update blkdev_get_by_path() to validate that the user has the
      required access to the inode at the specified path. The check
      will be skipped for CAP_SYS_ADMIN, so privileged mounts will
      continue working as before.
      Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
      8826be7f
    • Seth Forshee's avatar
      block_dev: Support checking inode permissions in lookup_bdev() · 60bbc16a
      Seth Forshee authored
      When looking up a block device by path no permission check is
      done to verify that the user has access to the block device inode
      at the specified path. In some cases it may be necessary to
      check permissions towards the inode, such as allowing
      unprivileged users to mount block devices in user namespaces.
      
      Add an argument to lookup_bdev() to optionally perform this
      permission check. A value of 0 skips the permission check and
      behaves the same as before. A non-zero value specifies the mask
      of access rights required towards the inode at the specified
      path. The check is always skipped if the user has CAP_SYS_ADMIN.
      
      All callers of lookup_bdev() currently pass a mask of 0, so this
      patch results in no functional change. Subsequent patches will
      add permission checks where appropriate.
      Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
      60bbc16a
    • Seth Forshee's avatar
      Smack: Add support for unprivileged mounts from user namespaces · 460e9697
      Seth Forshee authored
      Security labels from unprivileged mounts cannot be trusted.
      Ideally for these mounts we would assign the objects in the
      filesystem the same label as the inode for the backing device
      passed to mount. Unfortunately it's currently impossible to
      determine which inode this is from the LSM mount hooks, so we
      settle for the label of the process doing the mount.
      
      This label is assigned to s_root, and also to smk_default to
      ensure that new inodes receive this label. The transmute property
      is also set on s_root to make this behavior more explicit, even
      though it is technically not necessary.
      
      If a filesystem has existing security labels, access to inodes is
      permitted if the label is the same as smk_root, otherwise access
      is denied. The SMACK64EXEC xattr is completely ignored.
      
      Explicit setting of security labels continues to require
      CAP_MAC_ADMIN in init_user_ns.
      
      Altogether, this ensures that filesystem objects are not
      accessible to subjects which cannot already access the backing
      store, that MAC is not violated for any objects in the fileystem
      which are already labeled, and that a user cannot use an
      unprivileged mount to gain elevated MAC privileges.
      
      sysfs, tmpfs, and ramfs are already mountable from user
      namespaces and support security labels. We can't rule out the
      possibility that these filesystems may already be used in mounts
      from user namespaces with security lables set from the init
      namespace, so failing to trust lables in these filesystems may
      introduce regressions. It is safe to trust labels from these
      filesystems, since the unprivileged user does not control the
      backing store and thus cannot supply security labels, so an
      explicit exception is made to trust labels from these
      filesystems.
      Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      460e9697
    • Seth Forshee's avatar
      fs: Limit file caps to the user namespace of the super block · 2e4aa5b0
      Seth Forshee authored
      Capability sets attached to files must be ignored except in the
      user namespaces where the mounter is privileged, i.e. s_user_ns
      and its descendants. Otherwise a vector exists for gaining
      privileges in namespaces where a user is not already privileged.
      
      Add a new helper function, in_user_ns(), to test whether a user
      namespace is the same as or a descendant of another namespace.
      Use this helper to determine whether a file's capability set
      should be applied to the caps constructed during exec.
      Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      2e4aa5b0
    • Eric W. Biederman's avatar
      userns: Simpilify MNT_NODEV handling. · acb5b686
      Eric W. Biederman authored
      - Consolidate the testing if a device node may be opened in a new
        function may_open_dev.
      
      - Move the check for allowing access to device nodes on filesystems
        not mounted in the initial user namespace from mount time to open
        time and include it in may_open_dev.
      
      This set of changes removes the implicit adding of MNT_NODEV which
      simplifies the logic in fs/namespace.c and removes a potentially
      problematic difference in how normal and unprivileged mount
      namespaces work.  This is a user visible change in behavior for
      remount in unpriviliged mount namespaces but is unlikely to cause
      problems for existing software.
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      acb5b686
    • Seth Forshee's avatar
      fs: Add user namesapace member to struct super_block · 21209fc7
      Seth Forshee authored
      Initially this will be used to eliminate the implicit MNT_NODEV
      flag for mounts from user namespaces. In the future it will also
      be used for translating ids and checking capabilities for
      filesystems mounted from user namespaces.
      
      s_user_ns is initialized in alloc_super() and is generally set to
      current_user_ns(). To avoid security and corruption issues, two
      additional mount checks are also added:
      
       - do_new_mount() gains a check that the user has CAP_SYS_ADMIN
         in current_user_ns().
      
       - sget() will fail with EBUSY when the filesystem it's looking
         for is already mounted from another user namespace.
      
      proc requires some special handling. The user namespace of
      current isn't appropriate when forking as a result of clone (2)
      with CLONE_NEWPID|CLONE_NEWUSER, as it will set s_user_ns to the
      namespace of the parent and make proc unmountable in the new user
      namespace. Instead, the user namespace which owns the new pid
      namespace is used. sget_userns() is allowed to allow passing in
      a namespace other than that of current, and sget becomes a
      wrapper around sget_userns() which passes current_user_ns().
      
      Changes to original version of this patch
        * Documented @user_ns in sget_userns, alloc_super and fs.h
        * Kept an blank line in fs.h
        * Removed unncessary include of user_namespace.h from fs.h
        * Tweaked the location of get_user_ns and put_user_ns so
          the security modules can (if they wish) depend on it.
        -- EWB
      Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      21209fc7
    • Linus Torvalds's avatar
      Linux 4.4-rc3 · 31ade3b8
      Linus Torvalds authored
      31ade3b8
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · c5bc1c93
      Linus Torvalds authored
      Pull nouveau and radeon fixes from Dave Airlie:
       "Just some nouveau and radeon/amdgpu fixes.
      
        The nouveau fixes look large as the firmware context files are
        regenerated, but the actual change is quite small"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/radeon: make some dpm errors debug only
        drm/nouveau/volt/pwm/gk104: fix an off-by-one resulting in the voltage not being set
        drm/nouveau/nvif: allow userspace access to its own client object
        drm/nouveau/gr/gf100-: fix oops when calling zbc methods
        drm/nouveau/gr/gf117-: assume no PPC if NV_PGRAPH_GPC_GPM_PD_PES_TPC_ID_MASK is zero
        drm/nouveau/gr/gf117-: read NV_PGRAPH_GPC_GPM_PD_PES_TPC_ID_MASK from correct GPC
        drm/nouveau/gr/gf100-: split out per-gpc address calculation macro
        drm/nouveau/bios: return actual size of the buffer retrieved via _ROM
        drm/nouveau/instmem: protect instobj list with a spinlock
        drm/nouveau/pci: enable c800 magic for some unknown Samsung laptop
        drm/nouveau/pci: enable c800 magic for Clevo P157SM
        drm/radeon: make rv770_set_sw_state failures non-fatal
        drm/amdgpu: move dependency handling out of atomic section v2
        drm/amdgpu: optimize scheduler fence handling
        drm/amdgpu: remove vm->mutex
        drm/amdgpu: add mutex for ba_va->valids/invalids
        drm/amdgpu: adapt vce session create interface changes
        drm/amdgpu: vce use multiple cache surface starting from stoney
        drm/amdgpu: reset vce trap interrupt flag
      c5bc1c93
    • Linus Torvalds's avatar
      Merge tag 'rtc-4.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux · 818aba30
      Linus Torvalds authored
      Pull RTC fixes from Alexandre Belloni:
       "Two fixes for the ds1307 alarm and wakeup"
      
      * tag 'rtc-4.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux:
        rtc: ds1307: fix alarm reading at probe time
        rtc: ds1307: fix kernel splat due to wakeup irq handling
      818aba30
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 00fd6a71
      Linus Torvalds authored
      Pull MIPS fix from Ralf Baechle:
       "Just a fix for empty loops that may be removed by non-antique GCC"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: Fix delay loops which may be removed by GCC.
      00fd6a71
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k · d72aee78
      Linus Torvalds authored
      Pull m68k fixes from Geert Uytterhoeven:
       "Summary:
      
         - Add missing initialization of max_pfn, which is needed to make
           selftests/vm/mlock2-tests succeed,
      
         - Wire up new mlock2 syscall"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
        m68k: Wire up mlock2
        m68knommu: Add missing initialization of max_pfn and {min,max}_low_pfn
        m68k/mm: sun3 - Add missing initialization of max_pfn and {min,max}_low_pfn
        m68k/mm: m54xx - Add missing initialization of max_pfn
        m68k/mm: motorola - Add missing initialization of max_pfn
      d72aee78
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm · 04527fda
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "Just two changes this time around:
      
         - wire up the new mlock2 syscall added during the last merge window
      
         - fix a build problem with certain configurations provoked by making
           CONFIG_OF user selectable"
      
      * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
        ARM: 8454/1: OF implies OF_FLATTREE
        ARM: wire up mlock2 syscall
      04527fda
  3. 29 Nov, 2015 12 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending · 36511e86
      Linus Torvalds authored
      Pull SCSI target fixes from Nicholas Bellinger:
       - fix tcm-user backend driver expired cmd time processing (agrover)
       - eliminate kref_put_spinlock_irqsave() for I/O completion (bart)
       - fix iscsi login kthread failure case hung task regression (nab)
       - fix COMPARE_AND_WRITE completion use-after-free race (nab)
       - fix COMPARE_AND_WRITE with SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC non zero
         SGL offset data corruption.  (Jan + Doug)
       - fix >= v4.4-rc1 regression for tcm_qla2xxx enable configfs attribute
         (Himanshu + HCH)
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
        target/stat: print full t10_wwn.model buffer
        target: fix COMPARE_AND_WRITE non zero SGL offset data corruption
        qla2xxx: Fix regression introduced by target configFS changes
        kref: Remove kref_put_spinlock_irqsave()
        target: Invoke release_cmd() callback without holding a spinlock
        target: Fix race for SCF_COMPARE_AND_WRITE_POST checking
        iscsi-target: Fix rx_login_comp hang after login failure
        iscsi-target: return -ENOMEM instead of -1 in case of failed kmalloc()
        target/user: Do not set unused fields in tcmu_ops
        target/user: Fix time calc in expired cmd processing
      36511e86
    • Linus Torvalds's avatar
      Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux · 75a29ec1
      Linus Torvalds authored
      Pull thermal management fixes from Zhang Rui:
       "Specifics:
      
       - several fixes and cleanups on Rockchip thermal drivers.
      
       - add the missing support of RK3368 SoCs in Rockchip driver.
      
       - small fixes on of-thermal, power_allocator, rcar driver, IMX, and
         QCOM drivers, and also compilation fixes, on thermal.h, when thermal
         is not selected"
      
      * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux:
        imx: thermal: use CPU temperature grade info for thresholds
        thermal: fix thermal_zone_bind_cooling_device prototype
        Revert "thermal: qcom_spmi: allow compile test"
        thermal: rcar_thermal: remove redundant operation
        thermal: of-thermal: Reduce log level for message when can't fine thermal zone
        thermal: power_allocator: Use temperature reading from tz
        thermal: rockchip: Support the RK3368 SoCs in thermal driver
        thermal: rockchip: consistently use int for temperatures
        thermal: rockchip: Add the sort mode for adc value increment or decrement
        thermal: rockchip: improve the conversion function
        thermal: rockchip: trivial: fix typo in commit
        thermal: rockchip: better to compatible the driver for different SoCs
        dt-bindings: rockchip-thermal: Support the RK3368 SoCs compatible
      75a29ec1
    • David Disseldorp's avatar
      target/stat: print full t10_wwn.model buffer · 8f903539
      David Disseldorp authored
      Cut 'n paste error saw it only process sizeof(t10_wwn.vendor) characters.
      Signed-off-by: default avatarDavid Disseldorp <ddiss@suse.de>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      8f903539
    • Jan Engelhardt's avatar
      target: fix COMPARE_AND_WRITE non zero SGL offset data corruption · d94e5a61
      Jan Engelhardt authored
      target_core_sbc's compare_and_write functionality suffers from taking
      data at the wrong memory location when writing a CAW request to disk
      when a SGL offset is non-zero.
      
      This can happen with loopback and vhost-scsi fabric drivers when
      SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is used to map existing user-space
      SGL memory into COMPARE_AND_WRITE READ/WRITE payload buffers.
      
      Given the following sample LIO subtopology,
      
      % targetcli ls /loopback/
      o- loopback ................................. [1 Target]
        o- naa.6001405ebb8df14a ....... [naa.60014059143ed2b3]
          o- luns ................................... [2 LUNs]
            o- lun0 ................ [iblock/ram0 (/dev/ram0)]
            o- lun1 ................ [iblock/ram1 (/dev/ram1)]
      % lsscsi -g
      [3:0:1:0]    disk    LIO-ORG  IBLOCK           4.0   /dev/sdc   /dev/sg3
      [3:0:1:1]    disk    LIO-ORG  IBLOCK           4.0   /dev/sdd   /dev/sg4
      
      the following bug can be observed in Linux 4.3 and 4.4~rc1:
      
      % perl -e 'print chr$_ for 0..255,reverse 0..255' >rand
      % perl -e 'print "\0" x 512' >zero
      % cat rand >/dev/sdd
      % sg_compare_and_write -i rand -D zero --lba 0 /dev/sdd
      % sg_compare_and_write -i zero -D rand --lba 0 /dev/sdd
      Miscompare reported
      % hexdump -Cn 512 /dev/sdd
      00000000  0f 0e 0d 0c 0b 0a 09 08  07 06 05 04 03 02 01 00
      00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
      *
      00000200
      
      Rather than writing all-zeroes as instructed with the -D file, it
      corrupts the data in the sector by splicing some of the original
      bytes in. The page of the first entry of cmd->t_data_sg includes the
      CDB, and sg->offset is set to a position past the CDB. I presume that
      sg->offset is also the right choice to use for subsequent sglist
      members.
      Signed-off-by: default avatarJan Engelhardt <jengelh@netitwork.de>
      Tested-by: default avatarDouglas Gilbert <dgilbert@interlog.com>
      Cc: <stable@vger.kernel.org> # v3.12+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      d94e5a61
    • Himanshu Madhani's avatar
      qla2xxx: Fix regression introduced by target configFS changes · 3786dc45
      Himanshu Madhani authored
      this patch fixes following regression
      
       # targetcli
       [Errno 13] Permission denied: '/sys/kernel/config/target/qla2xxx/21:00:00:0e:1e:08:c7:20/tpgt_1/enable'
      
      Fixes: 2eafd729 ("target: use per-attribute show and store methods")
      Signed-off-by: default avatarHimanshu Madhani <himanshu.madhani@qlogic.com>
      Signed-off-by: default avatarGiridhar Malavali <giridhar.malavali@qlogic.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      3786dc45
    • Bart Van Assche's avatar
      kref: Remove kref_put_spinlock_irqsave() · 3a66d7dc
      Bart Van Assche authored
      The last user is gone. Hence remove this function.
      Signed-off-by: default avatarBart Van Assche <bart.vanassche@sandisk.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Joern Engel <joern@logfs.org>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      3a66d7dc
    • Bart Van Assche's avatar
      target: Invoke release_cmd() callback without holding a spinlock · 9ff9d15e
      Bart Van Assche authored
      This patch fixes the following kernel warning because it avoids that
      IRQs are disabled while ft_release_cmd() is invoked (fc_seq_set_resp()
      invokes spin_unlock_bh()):
      
      WARNING: CPU: 3 PID: 117 at kernel/softirq.c:150 __local_bh_enable_ip+0xaa/0x110()
      Call Trace:
       [<ffffffff814f71eb>] dump_stack+0x4f/0x7b
       [<ffffffff8105e56a>] warn_slowpath_common+0x8a/0xc0
       [<ffffffff8105e65a>] warn_slowpath_null+0x1a/0x20
       [<ffffffff81062b2a>] __local_bh_enable_ip+0xaa/0x110
       [<ffffffff814ff229>] _raw_spin_unlock_bh+0x39/0x40
       [<ffffffffa03a7f94>] fc_seq_set_resp+0xe4/0x100 [libfc]
       [<ffffffffa02e604a>] ft_free_cmd+0x4a/0x90 [tcm_fc]
       [<ffffffffa02e6972>] ft_release_cmd+0x12/0x20 [tcm_fc]
       [<ffffffffa042bd66>] target_release_cmd_kref+0x56/0x90 [target_core_mod]
       [<ffffffffa042caf0>] target_put_sess_cmd+0xc0/0x110 [target_core_mod]
       [<ffffffffa042cb81>] transport_release_cmd+0x41/0x70 [target_core_mod]
       [<ffffffffa042d975>] transport_generic_free_cmd+0x35/0x420 [target_core_mod]
      Signed-off-by: default avatarBart Van Assche <bart.vanassche@sandisk.com>
      Acked-by: default avatarJoern Engel <joern@logfs.org>
      Reviewed-by: default avatarAndy Grover <agrover@redhat.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: Sagi Grimberg <sagig@mellanox.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      9ff9d15e
    • Nicholas Bellinger's avatar
      target: Fix race for SCF_COMPARE_AND_WRITE_POST checking · 057085e5
      Nicholas Bellinger authored
      This patch addresses a race + use after free where the first
      stage of COMPARE_AND_WRITE in compare_and_write_callback()
      is rescheduled after the backend sends the secondary WRITE,
      resulting in second stage compare_and_write_post() callback
      completing in target_complete_ok_work() before the first
      can return.
      
      Because current code depends on checking se_cmd->se_cmd_flags
      after return from se_cmd->transport_complete_callback(),
      this results in first stage having SCF_COMPARE_AND_WRITE_POST
      set, which incorrectly falls through into second stage CAW
      processing code, eventually triggering a NULL pointer
      dereference due to use after free.
      
      To address this bug, pass in a new *post_ret parameter into
      se_cmd->transport_complete_callback(), and depend upon this
      value instead of ->se_cmd_flags to determine when to return
      or fall through into ->queue_status() code for CAW.
      
      Cc: Sagi Grimberg <sagig@mellanox.com>
      Cc: <stable@vger.kernel.org> # v3.12+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      057085e5
    • Nicholas Bellinger's avatar
      iscsi-target: Fix rx_login_comp hang after login failure · ca82c2bd
      Nicholas Bellinger authored
      This patch addresses a case where iscsi_target_do_tx_login_io()
      fails sending the last login response PDU, after the RX/TX
      threads have already been started.
      
      The case centers around iscsi_target_rx_thread() not invoking
      allow_signal(SIGINT) before the send_sig(SIGINT, ...) occurs
      from the failure path, resulting in RX thread hanging
      indefinately on iscsi_conn->rx_login_comp.
      
      Note this bug is a regression introduced by:
      
        commit e5419865
        Author: Nicholas Bellinger <nab@linux-iscsi.org>
        Date:   Wed Jul 22 23:14:19 2015 -0700
      
            iscsi-target: Fix iscsit_start_kthreads failure OOPs
      
      To address this bug, complete ->rx_login_complete for good
      measure in the failure path, and immediately return from
      RX thread context if connection state did not actually reach
      full feature phase (TARG_CONN_STATE_LOGGED_IN).
      
      Cc: Sagi Grimberg <sagig@mellanox.com>
      Cc: <stable@vger.kernel.org> # v3.10+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      ca82c2bd
    • Luis de Bethencourt's avatar
      iscsi-target: return -ENOMEM instead of -1 in case of failed kmalloc() · 82a819e8
      Luis de Bethencourt authored
      Smatch complains about returning hard coded error codes, silence this
      warning.
      
      drivers/target/iscsi/iscsi_target_parameters.c:211
         iscsi_create_default_params() warn: returning -1 instead of -ENOMEM is sloppy
      Signed-off-by: default avatarLuis de Bethencourt <luisbg@osg.samsung.com>
      Reviewed-by: default avatarSagi Grimberg <sagig@mellanox.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      82a819e8
    • Andy Grover's avatar
      target/user: Do not set unused fields in tcmu_ops · 6ba4bd29
      Andy Grover authored
      TCMU sets TRANSPORT_FLAG_PASSTHROUGH, so INQUIRY commands will not be
      emulated by LIO but passed up to userspace. Therefore TCMU should not
      set these, just like pscsi doesn't.
      Signed-off-by: default avatarAndy Grover <agrover@redhat.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      6ba4bd29
    • Andy Grover's avatar
      target/user: Fix time calc in expired cmd processing · 611e2267
      Andy Grover authored
      Reversed arguments meant that we were doing nothing for cmds whose deadline
      had passed.
      Signed-off-by: default avatarAndy Grover <agrover@redhat.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      611e2267
  4. 28 Nov, 2015 3 commits
    • Arnd Bergmann's avatar
      ARM: 8454/1: OF implies OF_FLATTREE · aa7d5f18
      Arnd Bergmann authored
      On the ARM architecture, individual platforms select CONFIG_USE_OF if they
      need it, but all device tree code is keyed off CONFIG_OF. When building
      a platform without DT support and manually enabling CONFIG_OF, we now
      get a number of build errors, e.g.
      
      arch/arm/kernel/devtree.c: In function 'setup_machine_fdt':
      arch/arm/kernel/devtree.c:215:19: error: implicit declaration of function 'early_init_dt_verify' [-Werror=implicit-function-declaration]
      
      We could now try to separate the use case of booting from DT vs. the
      case of using the dynamic implementation, but that seems more complicated
      than it can gain us.
      
      This simply changes the ARM Kconfig file to always enable OF_RESERVED_MEM
      and OF_EARLY_FLATTREE when CONFIG_OF is enabled. These options add a little
      extra code when we just want the dynamic OF implementation, but that seems
      like a rather obscure case, and this version solves all CONFIG_OF related
      randconfig regressions.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 0166dc11 ("of: make CONFIG_OF user selectable")
      Acked-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      aa7d5f18
    • Linus Torvalds's avatar
      Merge tag 'pci-v4.4-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 081f3698
      Linus Torvalds authored
      Pull PCI fixes from Bjorn Helgaas:
       "Here are a few fixes I'd like to have in v4.4: a generic one for sysfs
        and three for HiSilicon and DesignWare host controllers.
      
        Summary:
      
        NUMA:
         - Prevent out of bounds access in numa_node override (Mathias Krause)
      
        HiSilicon host bridge driver:
         - Fix deferred probing (Arnd Bergmann)
      
        Synopsys DesignWare host bridge driver:
         - Remove incorrect io_base assignment (Stanimir Varbanov)
         - Move align_resource function pointer to pci_host_bridge structure
           (Gabriele Paoloni)"
      
      * tag 'pci-v4.4-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        ARM/PCI: Move align_resource function pointer to pci_host_bridge structure
        PCI: hisi: Fix deferred probing
        PCI: designware: Remove incorrect io_base assignment
        PCI: Prevent out of bounds access in numa_node override
      081f3698
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-4.4-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 8003a573
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
       "Highlights include:
      
        Stable patches:
         - Fix a NFSv4 callback identifier leak that was also causing client
           crashes
         - Fix NFSv4 callback decoding issues when incoming requests are
           truncated
         - Don't declare the attribute cache valid when we call
           nfs_update_inode with an empty attribute structure.
         - Resend LAYOUTGET when there is a race that changes the seqid
      
        Bugfixes:
         - Fix a number of issues with the NFSv4.2 CLONE ioctl()
         - Properly set NFS v4.2 NFSDBG_FACILITY
         - NFSv4 referrals are broken; Cleanup FATTR4_WORD0_FS_LOCATIONS after
           decoding success
         - Use sliding delay when LAYOUTGET gets NFS4ERR_DELAY
         - Ensure that attrcache is revalidated after a SETATTR"
      
      * tag 'nfs-for-4.4-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        nfs4: resend LAYOUTGET when there is a race that changes the seqid
        nfs: if we have no valid attrs, then don't declare the attribute cache valid
        nfs: ensure that attrcache is revalidated after a SETATTR
        nfs4: limit callback decoding to received bytes
        nfs4: start callback_ident at idr 1
        nfs: use sliding delay when LAYOUTGET gets NFS4ERR_DELAY
        NFS4: Cleanup FATTR4_WORD0_FS_LOCATIONS after decoding success
        NFS: Properly set NFS v4.2 NFSDBG_FACILITY
        nfs: reduce the amount of ifdefs for v4.2 in nfs4file.c
        nfs: use btrfs ioctl defintions for clone
        nfs: allow intra-file CLONE
        nfs: offer native ioctls even if CONFIG_COMPAT is set
        nfs: pass on count for CLONE operations
      8003a573
  5. 27 Nov, 2015 3 commits
    • Linus Torvalds's avatar
      Merge git://www.linux-watchdog.org/linux-watchdog · d0bc387d
      Linus Torvalds authored
      Pull watchdog fixes from Wim Van Sebroeck:
       - a null pointer dereference fix for omap_wdt
       - some clock related fixes for pnx4008
       - an underflow fix in wdt_set_timeout() for w83977f_wdt
       - restart fix for tegra wdt
       - Kconfig change to support Freescale Layerscape platforms
       - fix for stopping the mtk_wdt watchdog
      
      * git://www.linux-watchdog.org/linux-watchdog:
        watchdog: mtk_wdt: Use MODE_KEY when stopping the watchdog
        watchdog: Add support for Freescale Layerscape platforms
        watchdog: tegra: Stop watchdog first if restarting
        watchdog: w83977f_wdt: underflow in wdt_set_timeout()
        watchdog: pnx4008: make global wdt_clk static
        watchdog: pnx4008: fix warnings caused by enabling unprepared clock
        watchdog: omap_wdt: fix null pointer dereference
      d0bc387d
    • Linus Torvalds's avatar
      Merge branch 'for-linus-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 80e0c505
      Linus Torvalds authored
      Pull btrfs fixes from Chris Mason:
       "This has Mark Fasheh's patches to fix quota accounting during subvol
        deletion, which we've been working on for a while now.  The patch is
        pretty small but it's a key fix.
      
        Otherwise it's a random assortment"
      
      * 'for-linus-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        btrfs: fix balance range usage filters in 4.4-rc
        btrfs: qgroup: account shared subtree during snapshot delete
        Btrfs: use btrfs_get_fs_root in resolve_indirect_ref
        btrfs: qgroup: fix quota disable during rescan
        Btrfs: fix race between cleaner kthread and space cache writeout
        Btrfs: fix scrub preventing unused block groups from being deleted
        Btrfs: fix race between scrub and block group deletion
        btrfs: fix rcu warning during device replace
        btrfs: Continue replace when set_block_ro failed
        btrfs: fix clashing number of the enhanced balance usage filter
        Btrfs: fix the number of transaction units needed to remove a block group
        Btrfs: use global reserve when deleting unused block group after ENOSPC
        Btrfs: tests: checking for NULL instead of IS_ERR()
        btrfs: fix signed overflows in btrfs_sync_file
      80e0c505
    • Linus Torvalds's avatar
      Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 7e4b9359
      Linus Torvalds authored
      Pull security layer fixes from James Morris:
       "A fix for SELinux policy processing (regression introduced by
        commit fa1aa143: "selinux: extended permissions for ioctls"), as
        well as a fix for the user-triggerable oops in the Keys code"
      
      * 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        KEYS: Fix handling of stored error in a negatively instantiated user key
        selinux: fix bug in conditional rules handling
      7e4b9359