1. 16 Oct, 2018 3 commits
  2. 15 Oct, 2018 4 commits
    • David Howells's avatar
      afs: Fix clearance of reply · f0a7d188
      David Howells authored
      The recent patch to fix the afs_server struct leak didn't actually fix the
      bug, but rather fixed some of the symptoms.  The problem is that an
      asynchronous call that holds a resource pointed to by call->reply[0] will
      find the pointer cleared in the call destructor, thereby preventing the
      resource from being cleaned up.
      
      In the case of the server record leak, the afs_fs_get_capabilities()
      function in devel code sets up a call with reply[0] pointing at the server
      record that should be altered when the result is obtained, but this was
      being cleared before the destructor was called, so the put in the
      destructor does nothing and the record is leaked.
      
      Commit f014ffb0 removed the additional ref obtained by
      afs_install_server(), but the removal of this ref is actually used by the
      garbage collector to mark a server record as being defunct after the record
      has expired through lack of use.
      
      The offending clearance of call->reply[0] upon completion in
      afs_process_async_call() has been there from the origin of the code, but
      none of the asynchronous calls actually use that pointer currently, so it
      should be safe to remove (note that synchronous calls don't involve this
      function).
      
      Fix this by the following means:
      
       (1) Revert commit f014ffb0.
      
       (2) Remove the clearance of reply[0] from afs_process_async_call().
      
      Without this, afs_manage_servers() will suffer an assertion failure if it
      sees a server record that didn't get used because the usage count is not 1.
      
      Fixes: f014ffb0 ("afs: Fix afs_server struct leak")
      Fixes: 08e0e7c8 ("[AF_RXRPC]: Make the in-kernel AFS filesystem use AF_RXRPC.")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f0a7d188
    • Greg Kroah-Hartman's avatar
      Linux 4.19-rc8 · 35a7f35a
      Greg Kroah-Hartman authored
      35a7f35a
    • David S. Miller's avatar
      sparc64: Set %l4 properly on trap return after handling signals. · d1f1f98c
      David S. Miller authored
      If we did some signal processing, we have to reload the pt_regs
      tstate register because it's value may have changed.
      
      In doing so we also have to extract the %pil value contained in there
      anre load that into %l4.
      
      This value is at bit 20 and thus needs to be shifted down before we
      later write it into the %pil register.
      
      Most of the time this is harmless as we are returning to userspace
      and the %pil is zero for that case.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d1f1f98c
    • David S. Miller's avatar
      sparc64: Make proc_id signed. · b3e1eb8e
      David S. Miller authored
      So that when it is unset, ie. '-1', userspace can see it
      properly.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b3e1eb8e
  3. 14 Oct, 2018 2 commits
  4. 13 Oct, 2018 11 commits
  5. 12 Oct, 2018 20 commits