1. 24 Mar, 2019 3 commits
    • Linus Torvalds's avatar
      Merge tag '5.1-rc1-cifs-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 38104c00
      Linus Torvalds authored
      Pull smb3 fixes from Steve French:
      
       - two fixes for stable for guest mount problems with smb3.1.1
      
       - two fixes for crediting (SMB3 flow control) on resent requests
      
       - a byte range lock leak fix
      
       - two fixes for incorrect rc mappings
      
      * tag '5.1-rc1-cifs-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: update internal module version number
        SMB3: Fix SMB3.1.1 guest mounts to Samba
        cifs: Fix slab-out-of-bounds when tracing SMB tcon
        cifs: allow guest mounts to work for smb3.11
        fix incorrect error code mapping for OBJECTID_NOT_FOUND
        cifs: fix that return -EINVAL when do dedupe operation
        CIFS: Fix an issue with re-sending rdata when transport returning -EAGAIN
        CIFS: Fix an issue with re-sending wdata when transport returning -EAGAIN
      38104c00
    • Linus Torvalds's avatar
      Merge tag 'auxdisplay-for-linus-v5.1-rc2' of git://github.com/ojeda/linux · e0046bb3
      Linus Torvalds authored
      Pull auxdisplay updates from Miguel Ojeda:
       "A few fixes and improvements for auxdisplay:
      
         - Series to fix a memory leak in hd44780 while introducing
           charlcd_free(). From Andy Shevchenko
      
         - Series to clean up the Kconfig menus and a couple of improvements
           for charlcd. From Mans Rullgard"
      
      * tag 'auxdisplay-for-linus-v5.1-rc2' of git://github.com/ojeda/linux:
        auxdisplay: charlcd: make backlight initial state configurable
        auxdisplay: charlcd: simplify init message display
        auxdisplay: deconfuse configuration
        auxdisplay: hd44780: Convert to use charlcd_free()
        auxdisplay: panel: Convert to use charlcd_free()
        auxdisplay: charlcd: Introduce charlcd_free() helper
        auxdisplay: charlcd: Move to_priv() to charlcd namespace
        auxdisplay: hd44780: Fix memory leak on ->remove()
      e0046bb3
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 1fa8109f
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Six fixes to four drivers and two core fixes.
      
        One core fix simply corrects a missed destroy_rcu_head() but the other
        is hopefully the end of an ongoing effort to make suspend/resume play
        nicely with scsi quiesce"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: ibmvscsi: Fix empty event pool access during host removal
        scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton
        scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset()
        scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID
        scsi: qla2xxx: Fix FC-AL connection target discovery
        scsi: core: Avoid that a kernel warning appears during system resume
        scsi: core: Also call destroy_rcu_head() for passthrough requests
        scsi: iscsi: flush running unbind operations when removing a session
      1fa8109f
  2. 23 Mar, 2019 11 commits
    • Linus Torvalds's avatar
      Merge tag 'io_uring-20190323' of git://git.kernel.dk/linux-block · 1bdd3dbf
      Linus Torvalds authored
      Pull io_uring fixes and improvements from Jens Axboe:
       "The first five in this series are heavily inspired by the work Al did
        on the aio side to fix the races there.
      
        The last two re-introduce a feature that was in io_uring before it got
        merged, but which I pulled since we didn't have a good way to have
        BVEC iters that already have a stable reference. These aren't
        necessarily related to block, it's just how io_uring pins fixed
        buffers"
      
      * tag 'io_uring-20190323' of git://git.kernel.dk/linux-block:
        block: add BIO_NO_PAGE_REF flag
        iov_iter: add ITER_BVEC_FLAG_NO_REF flag
        io_uring: mark me as the maintainer
        io_uring: retry bulk slab allocs as single allocs
        io_uring: fix poll races
        io_uring: fix fget/fput handling
        io_uring: add prepped flag
        io_uring: make io_read/write return an integer
        io_uring: use regular request ref counts
      1bdd3dbf
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20190323' of git://git.kernel.dk/linux-block · 2335cbe6
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A set of fixes/changes that should go into this series. This contains:
      
         - Kernel doc / comment updates (Bart, Shenghui)
      
         - Un-export of core-only used function (Bart)
      
         - Fix race on loop file access (Dongli)
      
         - pf/pcd queue cleanup fixes (me)
      
         - Use appropriate helper for RESTART bit set (Yufen)
      
         - Use named identifier for classic poll (Yufen)"
      
      * tag 'for-linus-20190323' of git://git.kernel.dk/linux-block:
        sbitmap: trivial - update comment for sbitmap_deferred_clear_bit
        blkcg: Fix kernel-doc warnings
        blk-iolatency: #include "blk.h"
        block: Unexport blk_mq_add_to_requeue_list()
        block: add BLK_MQ_POLL_CLASSIC for hybrid poll and return EINVAL for unexpected value
        blk-mq: remove unused 'nr_expired' from blk_mq_hw_ctx
        loop: access lo_backing_file only when the loop device is Lo_bound
        blk-mq: use blk_mq_sched_mark_restart_hctx to set RESTART
        paride/pcd: cleanup queues when detection fails
        paride/pf: cleanup queues when detection fails
      2335cbe6
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-5.1-rc2' of git://github.com/ceph/ceph-client · 9a1050ad
      Linus Torvalds authored
      Pull ceph fixes from Ilya Dryomov:
       "A follow up for the new alloc_size logic and a blacklisting fix,
        marked for stable"
      
      * tag 'ceph-for-5.1-rc2' of git://github.com/ceph/ceph-client:
        rbd: drop wait_for_latest_osdmap()
        libceph: wait for latest osdmap in ceph_monc_blacklist_add()
        rbd: set io_min, io_opt and discard_granularity to alloc_size
      9a1050ad
    • Steve French's avatar
      cifs: update internal module version number · cf7d624f
      Steve French authored
      To 2.19
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      cf7d624f
    • Steve French's avatar
      SMB3: Fix SMB3.1.1 guest mounts to Samba · 8c11a607
      Steve French authored
      Workaround problem with Samba responses to SMB3.1.1
      null user (guest) mounts.  The server doesn't set the
      expected flag in the session setup response so we have
      to do a similar check to what is done in smb3_validate_negotiate
      where we also check if the user is a null user (but not sec=krb5
      since username might not be passed in on mount for Kerberos case).
      
      Note that the commit below tightened the conditions and forced signing
      for the SMB2-TreeConnect commands as per MS-SMB2.
      However, this should only apply to normal user sessions and not for
      cases where there is no user (even if server forgets to set the flag
      in the response) since we don't have anything useful to sign with.
      This is especially important now that the more secure SMB3.1.1 protocol
      is in the default dialect list.
      
      An earlier patch ("cifs: allow guest mounts to work for smb3.11") fixed
      the guest mounts to Windows.
      
          Fixes: 6188f28b ("Tree connect for SMB3.1.1 must be signed for non-encrypted shares")
      Reviewed-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
      Reviewed-by: default avatarPaulo Alcantara <palcantara@suse.de>
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      8c11a607
    • Paulo Alcantara (SUSE)'s avatar
      cifs: Fix slab-out-of-bounds when tracing SMB tcon · 68ddb496
      Paulo Alcantara (SUSE) authored
      This patch fixes the following KASAN report:
      
      [  779.044746] BUG: KASAN: slab-out-of-bounds in string+0xab/0x180
      [  779.044750] Read of size 1 at addr ffff88814f327968 by task trace-cmd/2812
      
      [  779.044756] CPU: 1 PID: 2812 Comm: trace-cmd Not tainted 5.1.0-rc1+ #62
      [  779.044760] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-0-ga698c89-prebuilt.qemu.org 04/01/2014
      [  779.044761] Call Trace:
      [  779.044769]  dump_stack+0x5b/0x90
      [  779.044775]  ? string+0xab/0x180
      [  779.044781]  print_address_description+0x6c/0x23c
      [  779.044787]  ? string+0xab/0x180
      [  779.044792]  ? string+0xab/0x180
      [  779.044797]  kasan_report.cold.3+0x1a/0x32
      [  779.044803]  ? string+0xab/0x180
      [  779.044809]  string+0xab/0x180
      [  779.044816]  ? widen_string+0x160/0x160
      [  779.044822]  ? vsnprintf+0x5bf/0x7f0
      [  779.044829]  vsnprintf+0x4e7/0x7f0
      [  779.044836]  ? pointer+0x4a0/0x4a0
      [  779.044841]  ? seq_buf_vprintf+0x79/0xc0
      [  779.044848]  seq_buf_vprintf+0x62/0xc0
      [  779.044855]  trace_seq_printf+0x113/0x210
      [  779.044861]  ? trace_seq_puts+0x110/0x110
      [  779.044867]  ? trace_raw_output_prep+0xd8/0x110
      [  779.044876]  trace_raw_output_smb3_tcon_class+0x9f/0xc0
      [  779.044882]  print_trace_line+0x377/0x890
      [  779.044888]  ? tracing_buffers_read+0x300/0x300
      [  779.044893]  ? ring_buffer_read+0x58/0x70
      [  779.044899]  s_show+0x6e/0x140
      [  779.044906]  seq_read+0x505/0x6a0
      [  779.044913]  vfs_read+0xaf/0x1b0
      [  779.044919]  ksys_read+0xa1/0x130
      [  779.044925]  ? kernel_write+0xa0/0xa0
      [  779.044931]  ? __do_page_fault+0x3d5/0x620
      [  779.044938]  do_syscall_64+0x63/0x150
      [  779.044944]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      [  779.044949] RIP: 0033:0x7f62c2c2db31
      [ 779.044955] Code: fe ff ff 48 8d 3d 17 9e 09 00 48 83 ec 08 e8 96 02
      02 00 66 0f 1f 44 00 00 8b 05 fa fc 2c 00 48 63 ff 85 c0 75 13 31 c0
      0f 05 <48> 3d 00 f0 ff ff 77 57 f3 c3 0f 1f 44 00 00 55 53 48 89 d5 48
      89
      [  779.044958] RSP: 002b:00007ffd6e116678 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
      [  779.044964] RAX: ffffffffffffffda RBX: 0000560a38be9260 RCX: 00007f62c2c2db31
      [  779.044966] RDX: 0000000000002000 RSI: 00007ffd6e116710 RDI: 0000000000000003
      [  779.044966] RDX: 0000000000002000 RSI: 00007ffd6e116710 RDI: 0000000000000003
      [  779.044969] RBP: 00007f62c2ef5420 R08: 0000000000000000 R09: 0000000000000003
      [  779.044972] R10: ffffffffffffffa8 R11: 0000000000000246 R12: 00007ffd6e116710
      [  779.044975] R13: 0000000000002000 R14: 0000000000000d68 R15: 0000000000002000
      
      [  779.044981] Allocated by task 1257:
      [  779.044987]  __kasan_kmalloc.constprop.5+0xc1/0xd0
      [  779.044992]  kmem_cache_alloc+0xad/0x1a0
      [  779.044997]  getname_flags+0x6c/0x2a0
      [  779.045003]  user_path_at_empty+0x1d/0x40
      [  779.045008]  do_faccessat+0x12a/0x330
      [  779.045012]  do_syscall_64+0x63/0x150
      [  779.045017]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      [  779.045019] Freed by task 1257:
      [  779.045023]  __kasan_slab_free+0x12e/0x180
      [  779.045029]  kmem_cache_free+0x85/0x1b0
      [  779.045034]  filename_lookup.part.70+0x176/0x250
      [  779.045039]  do_faccessat+0x12a/0x330
      [  779.045043]  do_syscall_64+0x63/0x150
      [  779.045048]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      [  779.045052] The buggy address belongs to the object at ffff88814f326600
      which belongs to the cache names_cache of size 4096
      [  779.045057] The buggy address is located 872 bytes to the right of
      4096-byte region [ffff88814f326600, ffff88814f327600)
      [  779.045058] The buggy address belongs to the page:
      [  779.045062] page:ffffea00053cc800 count:1 mapcount:0 mapping:ffff88815b191b40 index:0x0 compound_mapcount: 0
      [  779.045067] flags: 0x200000000010200(slab|head)
      [  779.045075] raw: 0200000000010200 dead000000000100 dead000000000200 ffff88815b191b40
      [  779.045081] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
      [  779.045083] page dumped because: kasan: bad access detected
      
      [  779.045085] Memory state around the buggy address:
      [  779.045089]  ffff88814f327800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [  779.045093]  ffff88814f327880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [  779.045097] >ffff88814f327900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [  779.045099]                                                           ^
      [  779.045103]  ffff88814f327980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [  779.045107]  ffff88814f327a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [  779.045109] ==================================================================
      [  779.045110] Disabling lock debugging due to kernel taint
      
      Correctly assign tree name str for smb3_tcon event.
      Signed-off-by: default avatarPaulo Alcantara (SUSE) <paulo@paulo.ac>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      68ddb496
    • Ronnie Sahlberg's avatar
      cifs: allow guest mounts to work for smb3.11 · e71ab2aa
      Ronnie Sahlberg authored
      Fix Guest/Anonymous sessions so that they work with SMB 3.11.
      
      The commit noted below tightened the conditions and forced signing for
      the SMB2-TreeConnect commands as per MS-SMB2.
      However, this should only apply to normal user sessions and not for
      Guest/Anonumous sessions.
      
      Fixes: 6188f28b ("Tree connect for SMB3.1.1 must be signed for non-encrypted shares")
      Signed-off-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      e71ab2aa
    • Steve French's avatar
      fix incorrect error code mapping for OBJECTID_NOT_FOUND · 85f9987b
      Steve French authored
      It was mapped to EIO which can be confusing when user space
      queries for an object GUID for an object for which the server
      file system doesn't support (or hasn't saved one).
      
      As Amir Goldstein suggested this is similar to ENOATTR
      (equivalently ENODATA in Linux errno definitions) so
      changing NT STATUS code mapping for OBJECTID_NOT_FOUND
      to ENODATA.
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      CC: Amir Goldstein <amir73il@gmail.com>
      85f9987b
    • Xiaoli Feng's avatar
      cifs: fix that return -EINVAL when do dedupe operation · b073a080
      Xiaoli Feng authored
      dedupe_file_range operations is combiled into remap_file_range.
      But it's always skipped for dedupe operations in function
      cifs_remap_file_range.
      
      Example to test:
      Before this patch:
        # dd if=/dev/zero of=cifs/file bs=1M count=1
        # xfs_io -c "dedupe cifs/file 4k 64k 4k" cifs/file
        XFS_IOC_FILE_EXTENT_SAME: Invalid argument
      
      After this patch:
        # dd if=/dev/zero of=cifs/file bs=1M count=1
        # xfs_io -c "dedupe cifs/file 4k 64k 4k" cifs/file
        XFS_IOC_FILE_EXTENT_SAME: Operation not supported
      
      Influence for xfstests:
      generic/091
      generic/112
      generic/127
      generic/263
      These tests report this error "do_copy_range:: Invalid
      argument" instead of "FIDEDUPERANGE: Invalid argument".
      Because there are still two bugs cause these test failed.
      https://bugzilla.kernel.org/show_bug.cgi?id=202935
      https://bugzilla.kernel.org/show_bug.cgi?id=202785Signed-off-by: default avatarXiaoli Feng <fengxiaoli0714@gmail.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      b073a080
    • Long Li's avatar
      CIFS: Fix an issue with re-sending rdata when transport returning -EAGAIN · 0b0dfd59
      Long Li authored
      When sending a rdata, transport may return -EAGAIN. In this case
      we should re-obtain credits because the session may have been
      reconnected.
      
      Change in v2: adjust_credits before re-sending
      Signed-off-by: default avatarLong Li <longli@microsoft.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      Reviewed-by: default avatarPavel Shilovsky <pshilov@microsoft.com>
      0b0dfd59
    • Long Li's avatar
      CIFS: Fix an issue with re-sending wdata when transport returning -EAGAIN · d53e292f
      Long Li authored
      When sending a wdata, transport may return -EAGAIN. In this case
      we should re-obtain credits because the session may have been
      reconnected.
      
      Change in v2: adjust_credits before re-sending
      Signed-off-by: default avatarLong Li <longli@microsoft.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      Reviewed-by: default avatarPavel Shilovsky <pshilov@microsoft.com>
      d53e292f
  3. 22 Mar, 2019 18 commits
  4. 21 Mar, 2019 8 commits