1. 02 Jun, 2018 8 commits
  2. 01 Jun, 2018 14 commits
  3. 31 May, 2018 4 commits
    • Linus Torvalds's avatar
      Merge tag 'xfs-4.17-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 0512e013
      Linus Torvalds authored
      Pull xfs fix from Darrick Wong:
       "Clear out i_mapping error state when we're reinitializing inodes.
      
        This last minute fix prevents writeback error state from persisting
        past the end of the in-core inode lifecycle and causing EIO errors to
        be reported to userspace when no error has occurred.
      
        This fix for the behavioral regression has been soaking in for-next
        for a while, but various fs developers persuaded me to try to get it
        upstream for 4.17 because the patch that broke things was introduced
        in 4.17-rc4"
      
      * tag 'xfs-4.17-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        fs: clear writeback errors in inode_init_always
      0512e013
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v4.17-4' of git://git.infradead.org/linux-platform-drivers-x86 · dd52cb87
      Linus Torvalds authored
      Pull x86 platform driver fix from Andy Shevchenko:
       "Fix NULL pointer dereference in asus-wmi on rfkill cleanup.
      
        The effective change is just one new condition - two lines of code.
        But it required moving one static helper function, which is why the
        diff looks a bit bigger"
      
      * tag 'platform-drivers-x86-v4.17-4' of git://git.infradead.org/linux-platform-drivers-x86:
        platform/x86: asus-wmi: Fix NULL pointer dereference
      dd52cb87
    • João Paulo Rechi Vita's avatar
      platform/x86: asus-wmi: Fix NULL pointer dereference · 32ffd6e8
      João Paulo Rechi Vita authored
      Do not perform the rfkill cleanup routine when
      (asus->driver->wlan_ctrl_by_user && ashs_present()) is true, since
      nothing is registered with the rfkill subsystem in that case. Doing so
      leads to the following kernel NULL pointer dereference:
      
        BUG: unable to handle kernel NULL pointer dereference at           (null)
        IP: [<ffffffff816c7348>] __mutex_lock_slowpath+0x98/0x120
        PGD 1a3aa8067
        PUD 1a3b3d067
        PMD 0
      
        Oops: 0002 [#1] PREEMPT SMP
        Modules linked in: bnep ccm binfmt_misc uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core hid_a4tech videodev x86_pkg_temp_thermal intel_powerclamp coretemp ath3k btusb btrtl btintel bluetooth kvm_intel snd_hda_codec_hdmi kvm snd_hda_codec_realtek snd_hda_codec_generic irqbypass crc32c_intel arc4 i915 snd_hda_intel snd_hda_codec ath9k ath9k_common ath9k_hw ath i2c_algo_bit snd_hwdep mac80211 ghash_clmulni_intel snd_hda_core snd_pcm snd_timer cfg80211 ehci_pci xhci_pci drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm xhci_hcd ehci_hcd asus_nb_wmi(-) asus_wmi sparse_keymap r8169 rfkill mxm_wmi serio_raw snd mii mei_me lpc_ich i2c_i801 video soundcore mei i2c_smbus wmi i2c_core mfd_core
        CPU: 3 PID: 3275 Comm: modprobe Not tainted 4.9.34-gentoo #34
        Hardware name: ASUSTeK COMPUTER INC. K56CM/K56CM, BIOS K56CM.206 08/21/2012
        task: ffff8801a639ba00 task.stack: ffffc900014cc000
        RIP: 0010:[<ffffffff816c7348>]  [<ffffffff816c7348>] __mutex_lock_slowpath+0x98/0x120
        RSP: 0018:ffffc900014cfce0  EFLAGS: 00010282
        RAX: 0000000000000000 RBX: ffff8801a54315b0 RCX: 00000000c0000100
        RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff8801a54315b4
        RBP: ffffc900014cfd30 R08: 0000000000000000 R09: 0000000000000002
        R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801a54315b4
        R13: ffff8801a639ba00 R14: 00000000ffffffff R15: ffff8801a54315b8
        FS:  00007faa254fb700(0000) GS:ffff8801aef80000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: 0000000000000000 CR3: 00000001a3b1b000 CR4: 00000000001406e0
        Stack:
         ffff8801a54315b8 0000000000000000 ffffffff814733ae ffffc900014cfd28
         ffffffff8146a28c ffff8801a54315b0 0000000000000000 ffff8801a54315b0
         ffff8801a66f3820 0000000000000000 ffffc900014cfd48 ffffffff816c73e7
        Call Trace:
         [<ffffffff814733ae>] ? acpi_ut_release_mutex+0x5d/0x61
         [<ffffffff8146a28c>] ? acpi_ns_get_node+0x49/0x52
         [<ffffffff816c73e7>] mutex_lock+0x17/0x30
         [<ffffffffa00a3bb4>] asus_rfkill_hotplug+0x24/0x1a0 [asus_wmi]
         [<ffffffffa00a4421>] asus_wmi_rfkill_exit+0x61/0x150 [asus_wmi]
         [<ffffffffa00a49f1>] asus_wmi_remove+0x61/0xb0 [asus_wmi]
         [<ffffffff814a5128>] platform_drv_remove+0x28/0x40
         [<ffffffff814a2901>] __device_release_driver+0xa1/0x160
         [<ffffffff814a29e3>] device_release_driver+0x23/0x30
         [<ffffffff814a1ffd>] bus_remove_device+0xfd/0x170
         [<ffffffff8149e5a9>] device_del+0x139/0x270
         [<ffffffff814a5028>] platform_device_del+0x28/0x90
         [<ffffffff814a50a2>] platform_device_unregister+0x12/0x30
         [<ffffffffa00a4209>] asus_wmi_unregister_driver+0x19/0x30 [asus_wmi]
         [<ffffffffa00da0ea>] asus_nb_wmi_exit+0x10/0xf26 [asus_nb_wmi]
         [<ffffffff8110c692>] SyS_delete_module+0x192/0x270
         [<ffffffff810022b2>] ? exit_to_usermode_loop+0x92/0xa0
         [<ffffffff816ca560>] entry_SYSCALL_64_fastpath+0x13/0x94
        Code: e8 5e 30 00 00 8b 03 83 f8 01 0f 84 93 00 00 00 48 8b 43 10 4c 8d 7b 08 48 89 63 10 41 be ff ff ff ff 4c 89 3c 24 48 89 44 24 08 <48> 89 20 4c 89 6c 24 10 eb 1d 4c 89 e7 49 c7 45 08 02 00 00 00
        RIP  [<ffffffff816c7348>] __mutex_lock_slowpath+0x98/0x120
         RSP <ffffc900014cfce0>
        CR2: 0000000000000000
        ---[ end trace 8d484233fa7cb512 ]---
        note: modprobe[3275] exited with preempt_count 2
      
      https://bugzilla.kernel.org/show_bug.cgi?id=196467
      
      Reported-by: red.f0xyz@gmail.com
      Signed-off-by: default avatarJoão Paulo Rechi Vita <jprvita@endlessm.com>
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      32ffd6e8
    • Darrick J. Wong's avatar
      fs: clear writeback errors in inode_init_always · 829bc787
      Darrick J. Wong authored
      In inode_init_always(), we clear the inode mapping flags, which clears
      any retained error (AS_EIO, AS_ENOSPC) bits.  Unfortunately, we do not
      also clear wb_err, which means that old mapping errors can leak through
      to new inodes.
      
      This is crucial for the XFS inode allocation path because we recycle old
      in-core inodes and we do not want error state from an old file to leak
      into the new file.  This bug was discovered by running generic/036 and
      generic/047 in a loop and noticing that the EIOs generated by the
      collision of direct and buffered writes in generic/036 would survive the
      remount between 036 and 047, and get reported to the fsyncs (on
      different files!) in generic/047.
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
      Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
      829bc787
  4. 30 May, 2018 6 commits
  5. 29 May, 2018 4 commits
  6. 28 May, 2018 3 commits
    • Steven Rostedt (VMware)'s avatar
      tracing: Make the snapshot trigger work with instances · 2824f503
      Steven Rostedt (VMware) authored
      The snapshot trigger currently only affects the main ring buffer, even when
      it is used by the instances. This can be confusing as the snapshot trigger
      is listed in the instance.
      
       > # cd /sys/kernel/tracing
       > # mkdir instances/foo
       > # echo snapshot > instances/foo/events/syscalls/sys_enter_fchownat/trigger
       > # echo top buffer > trace_marker
       > # echo foo buffer > instances/foo/trace_marker
       > # touch /tmp/bar
       > # chown rostedt /tmp/bar
       > # cat instances/foo/snapshot
       # tracer: nop
       #
       #
       # * Snapshot is freed *
       #
       # Snapshot commands:
       # echo 0 > snapshot : Clears and frees snapshot buffer
       # echo 1 > snapshot : Allocates snapshot buffer, if not already allocated.
       #                      Takes a snapshot of the main buffer.
       # echo 2 > snapshot : Clears snapshot buffer (but does not allocate or free)
       #                      (Doesn't have to be '2' works with any number that
       #                       is not a '0' or '1')
      
       > # cat snapshot
       # tracer: nop
       #
       #                              _-----=> irqs-off
       #                             / _----=> need-resched
       #                            | / _---=> hardirq/softirq
       #                            || / _--=> preempt-depth
       #                            ||| /     delay
       #           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
       #              | |       |   ||||       |         |
                   bash-1189  [000] ....   111.488323: tracing_mark_write: top buffer
      
      Not only did the snapshot occur in the top level buffer, but the instance
      snapshot buffer should have been allocated, and it is still free.
      
      Cc: stable@vger.kernel.org
      Fixes: 85f2b082 ("tracing: Add basic event trigger framework")
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      2824f503
    • Linus Torvalds's avatar
      Merge tag 'nds32-for-linus-4.17-fixes' of... · 786b71f5
      Linus Torvalds authored
      Merge tag 'nds32-for-linus-4.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linux
      
      Pull nds32 fixes from Greentime Hu:
       "Bug fixes and build error fixes for nds32"
      
      * tag 'nds32-for-linus-4.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linux:
        nds32: Fix compiler warning, Wstringop-overflow, in vdso.c
        nds32: Disable local irq before calling cpu_dcache_wb_page in copy_user_highpage
        nds32: Flush the cache of the page at vmaddr instead of kaddr in flush_anon_page
        nds32: Correct flush_dcache_page function
        nds32: Fix the unaligned access handler
        nds32: Renaming the file for unaligned access
        nds32: To fix a cache inconsistency issue by setting correct cacheability of NTC
        nds32: To refine readability of INT_MASK_INITAIAL_VAL
        nds32: Fix the virtual address may map too much range by tlbop issue.
        nds32: Fix the allmodconfig build. To make sure CONFIG_CPU_LITTLE_ENDIAN is default y
        nds32: Fix build failed because arch_trace_hardirqs_off is changed to trace_hardirqs_off.
        nds32: Fix the unknown type u8 issue.
        nds32: Fix the symbols undefined issue by exporting them.
        nds32: Fix xfs_buf built failed by export invalidate_kernel_vmap_range and flush_kernel_vmap_range
        nds32: Fix drivers/gpu/drm/udl/udl_fb.c building error by defining PAGE_SHARED
        nds32: Fix building error of crypto/xor.c by adding xor.h
        nds32: Fix building error when CONFIG_FREEZE is enabled.
        nds32: lib: To use generic lib instead of libgcc to prevent the symbol undefined issue.
      786b71f5
    • Steven Rostedt (VMware)'s avatar
      tracing: Fix crash when freeing instances with event triggers · 86b389ff
      Steven Rostedt (VMware) authored
      If a instance has an event trigger enabled when it is freed, it could cause
      an access of free memory. Here's the case that crashes:
      
       # cd /sys/kernel/tracing
       # mkdir instances/foo
       # echo snapshot > instances/foo/events/initcall/initcall_start/trigger
       # rmdir instances/foo
      
      Would produce:
      
       general protection fault: 0000 [#1] PREEMPT SMP PTI
       Modules linked in: tun bridge ...
       CPU: 5 PID: 6203 Comm: rmdir Tainted: G        W         4.17.0-rc4-test+ #933
       Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v03.03 07/14/2016
       RIP: 0010:clear_event_triggers+0x3b/0x70
       RSP: 0018:ffffc90003783de0 EFLAGS: 00010286
       RAX: 0000000000000000 RBX: 6b6b6b6b6b6b6b2b RCX: 0000000000000000
       RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8800c7130ba0
       RBP: ffffc90003783e00 R08: ffff8801131993f8 R09: 0000000100230016
       R10: ffffc90003783d80 R11: 0000000000000000 R12: ffff8800c7130ba0
       R13: ffff8800c7130bd8 R14: ffff8800cc093768 R15: 00000000ffffff9c
       FS:  00007f6f4aa86700(0000) GS:ffff88011eb40000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       CR2: 00007f6f4a5aed60 CR3: 00000000cd552001 CR4: 00000000001606e0
       Call Trace:
        event_trace_del_tracer+0x2a/0xc5
        instance_rmdir+0x15c/0x200
        tracefs_syscall_rmdir+0x52/0x90
        vfs_rmdir+0xdb/0x160
        do_rmdir+0x16d/0x1c0
        __x64_sys_rmdir+0x17/0x20
        do_syscall_64+0x55/0x1a0
        entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      This was due to the call the clears out the triggers when an instance is
      being deleted not removing the trigger from the link list.
      
      Cc: stable@vger.kernel.org
      Fixes: 85f2b082 ("tracing: Add basic event trigger framework")
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      86b389ff
  7. 27 May, 2018 1 commit