1. 28 Aug, 2019 1 commit
    • Darrick J. Wong's avatar
      xfs: fix maxicount division by zero error · c94613fe
      Darrick J. Wong authored
      In xfs_ialloc_setup_geometry, it's possible for a malicious/corrupt fs
      image to set an unreasonably large value for sb_inopblog which will
      cause ialloc_blks to be zero.  If sb_imax_pct is also set, this results
      in a division by zero error in the second do_div call.  Therefore, force
      maxicount to zero if ialloc_blks is zero.
      
      Note that the kernel metadata verifiers will catch the garbage inopblog
      value and abort the fs mount long before it tries to set up the inode
      geometry; this is needed to avoid a crash in xfs_db while setting up the
      xfs_mount structure.
      
      Found by fuzzing sb_inopblog to 122 in xfs/350.
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarCarlos Maiolino <cmaiolino@redhat.com>
      c94613fe
  2. 27 Aug, 2019 5 commits
    • Darrick J. Wong's avatar
      xfs: bmap scrub should only scrub records once · 519e5869
      Darrick J. Wong authored
      The inode block mapping scrub function does more work for btree format
      extent maps than is absolutely necessary -- first it will walk the bmbt
      and check all the entries, and then it will load the incore tree and
      check every entry in that tree, possibly for a second time.
      
      Simplify the code and decrease check runtime by separating the two
      responsibilities.  The bmbt walk will make sure the incore extent
      mappings are loaded, check the shape of the bmap btree (via xchk_btree)
      and check that every bmbt record has a corresponding incore extent map;
      and the incore extent map walk takes all the responsibility for checking
      the mapping records and cross referencing them with other AG metadata.
      
      This enables us to clean up some messy parameter handling and reduce
      redundant code.  Rename a few functions to make the split of
      responsibilities clearer.
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
      519e5869
    • zhengbin's avatar
      xfs: remove excess function parameter description in 'xfs_btree_sblock_v5hdr_verify' · 71912e08
      zhengbin authored
      Fixes gcc warning:
      
      fs/xfs/libxfs/xfs_btree.c:4475: warning: Excess function parameter 'max_recs' description in 'xfs_btree_sblock_v5hdr_verify'
      fs/xfs/libxfs/xfs_btree.c:4475: warning: Excess function parameter 'pag_max_level' description in 'xfs_btree_sblock_v5hdr_verify'
      
      Fixes: c5ab131b ("libxfs: refactor short btree block verification")
      Signed-off-by: default avatarzhengbin <zhengbin13@huawei.com>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      71912e08
    • Dave Chinner's avatar
      xfs: add kmem_alloc_io() · f8f9ee47
      Dave Chinner authored
      Memory we use to submit for IO needs strict alignment to the
      underlying driver contraints. Worst case, this is 512 bytes. Given
      that all allocations for IO are always a power of 2 multiple of 512
      bytes, the kernel heap provides natural alignment for objects of
      these sizes and that suffices.
      
      Until, of course, memory debugging of some kind is turned on (e.g.
      red zones, poisoning, KASAN) and then the alignment of the heap
      objects is thrown out the window. Then we get weird IO errors and
      data corruption problems because drivers don't validate alignment
      and do the wrong thing when passed unaligned memory buffers in bios.
      
      TO fix this, introduce kmem_alloc_io(), which will guaranteeat least
      512 byte alignment of buffers for IO, even if memory debugging
      options are turned on. It is assumed that the minimum allocation
      size will be 512 bytes, and that sizes will be power of 2 mulitples
      of 512 bytes.
      
      Use this everywhere we allocate buffers for IO.
      
      This no longer fails with log recovery errors when KASAN is enabled
      due to the brd driver not handling unaligned memory buffers:
      
      # mkfs.xfs -f /dev/ram0 ; mount /dev/ram0 /mnt/test
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      f8f9ee47
    • Dave Chinner's avatar
      xfs: get allocation alignment from the buftarg · d916275a
      Dave Chinner authored
      Needed to feed into the allocation routine to guarantee the memory
      buffers we add to bios are correctly aligned to the underlying
      device.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      d916275a
    • Dave Chinner's avatar
      xfs: add kmem allocation trace points · 0ad95687
      Dave Chinner authored
      When trying to correlate XFS kernel allocations to memory reclaim
      behaviour, it is useful to know what allocations XFS is actually
      attempting. This information is not directly available from
      tracepoints in the generic memory allocation and reclaim
      tracepoints, so these new trace points provide a high level
      indication of what the XFS memory demand actually is.
      
      There is no per-filesystem context in this code, so we just trace
      the type of allocation, the size and the allocation constraints.
      The kmem code also doesn't include much of the common XFS headers,
      so there are a few definitions that need to be added to the trace
      headers and a couple of types that need to be made common to avoid
      needing to include the whole world in the kmem code.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      0ad95687
  3. 26 Aug, 2019 1 commit
  4. 25 Aug, 2019 22 commits
  5. 24 Aug, 2019 8 commits
  6. 23 Aug, 2019 3 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · 9140d8bd
      Linus Torvalds authored
      Pull rdma fixes from Doug Ledford:
       "No beating around the bush: this is a monster pull request for an -rc5
        kernel. Intel hit me with a series of fixes for TID processing.
        Mellanox hit me with a series for their UMR memory support.
      
        And we had one fix for siw that fixes the 32bit build warnings and
        because of the number of casts that had to be changed to properly
        silence the warnings, that one patch alone is a full 40% of the LOC of
        this entire pull request. Given that this is the initial release
        kernel for siw, I'm trying to fix anything in it that we can, so that
        adds to the impetus to take fixes for it like this one.
      
        I had to do a rebase early in the week. Jason had thought he put a
        patch on the rc queue that he needed to be there so he could base some
        work off of it, and it had actually not been placed there. So he asked
        me (on Tuesday) to fix that up before pushing my wip branch to the
        official rc branch. I did, and that's why the early patches look like
        they were all committed at the same time on Tuesday. That bunch had
        been in my queue prior.
      
        The various patches all pass my test for being legitimate fixes and
        not attempts to slide new features or development into a late rc.
        Well, they were all fixes with the exception of a couple clean up
        patches people wrote for making the fixes they also wrote better (like
        a cleanup patch to move UMR checking into a function so that the
        remaining UMR fix patches can reference that function), so I left
        those in place too.
      
        My apologies for the LOC count and the number of patches here, it's
        just how the cards fell this cycle.
      
        Summary:
      
         - Fix siw buffer mapping issue
      
         - Fix siw 32/64 casting issues
      
         - Fix a KASAN access issue in bnxt_re
      
         - Fix several memory leaks (hfi1, mlx4)
      
         - Fix a NULL deref in cma_cleanup
      
         - Fixes for UMR memory support in mlx5 (4 patch series)
      
         - Fix namespace check for restrack
      
         - Fixes for counter support
      
         - Fixes for hfi1 TID processing (5 patch series)
      
         - Fix potential NULL deref in siw
      
         - Fix memory page calculations in mlx5"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: (21 commits)
        RDMA/siw: Fix 64/32bit pointer inconsistency
        RDMA/siw: Fix SGL mapping issues
        RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message
        infiniband: hfi1: fix memory leaks
        infiniband: hfi1: fix a memory leak bug
        IB/mlx4: Fix memory leaks
        RDMA/cma: fix null-ptr-deref Read in cma_cleanup
        IB/mlx5: Block MR WR if UMR is not possible
        IB/mlx5: Fix MR re-registration flow to use UMR properly
        IB/mlx5: Report and handle ODP support properly
        IB/mlx5: Consolidate use_umr checks into single function
        RDMA/restrack: Rewrite PID namespace check to be reliable
        RDMA/counters: Properly implement PID checks
        IB/core: Fix NULL pointer dereference when bind QP to counter
        IB/hfi1: Drop stale TID RDMA packets that cause TIDErr
        IB/hfi1: Add additional checks when handling TID RDMA WRITE DATA packet
        IB/hfi1: Add additional checks when handling TID RDMA READ RESP packet
        IB/hfi1: Unsafe PSN checking for TID RDMA READ Resp packet
        IB/hfi1: Drop stale TID RDMA packets
        RDMA/siw: Fix potential NULL de-ref
        ...
      9140d8bd
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20190823' of git://git.kernel.dk/linux-block · b9bd6806
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "Here's a set of fixes that should go into this release. This contains:
      
         - Three minor fixes for NVMe.
      
         - Three minor tweaks for the io_uring polling logic.
      
         - Officially mark Song as the MD maintainer, after he's been filling
           that role sucessfully for the last 6 months or so"
      
      * tag 'for-linus-20190823' of git://git.kernel.dk/linux-block:
        io_uring: add need_resched() check in inner poll loop
        md: update MAINTAINERS info
        io_uring: don't enter poll loop if we have CQEs pending
        nvme: Add quirk for LiteON CL1 devices running FW 22301111
        nvme: Fix cntlid validation when not using NVMEoF
        nvme-multipath: fix possible I/O hang when paths are updated
        io_uring: fix potential hang with polled IO
      b9bd6806
    • Linus Torvalds's avatar
      Merge tag 'for-5.3/dm-fixes-2' of... · dd469a45
      Linus Torvalds authored
      Merge tag 'for-5.3/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - Revert a DM bufio change from during the 5.3 merge window now that a
         proper fix has been made to the block loopback driver.
      
       - Fix DM kcopyd to wakeup so failed subjobs get completed.
      
       - Various fixes to DM zoned target to address error handling, and other
         small tweaks (SPDX license identifiers and fix typos).
      
       - Fix DM integrity range locking race by tracking whether journal has
         changed.
      
       - Fix DM dust target to detect reads of badblocks beyond the first 512b
         sector (applicable if blocksize is larger than 512b).
      
       - Fix DM persistent-data issue in both the DM btree and DM
         space-map-metadata interfaces.
      
       - Fix out of bounds memory access with certain DM table configurations.
      
      * tag 'for-5.3/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm table: fix invalid memory accesses with too high sector number
        dm space map metadata: fix missing store of apply_bops() return value
        dm btree: fix order of block initialization in btree_split_beneath
        dm raid: add missing cleanup in raid_ctr()
        dm zoned: fix potential NULL dereference in dmz_do_reclaim()
        dm dust: use dust block size for badblocklist index
        dm integrity: fix a crash due to BUG_ON in __journal_read_write()
        dm zoned: fix a few typos
        dm zoned: add SPDX license identifiers
        dm zoned: properly handle backing device failure
        dm zoned: improve error handling in i/o map code
        dm zoned: improve error handling in reclaim
        dm kcopyd: always complete failed jobs
        Revert "dm bufio: fix deadlock with loop device"
      dd469a45