- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "afs: Migrate vlocation fields to 64-bit" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Migrate vlocation fields to 64-bit to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-migrate-vlocation-fields-to-64-bit.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:47:43 CET 2017 From: Tina Ruchandani <ruchandani.tina(a)gmail.com> Date: Thu, 16 Mar 2017 16:27:46 +0000 Subject: afs: Migrate vlocation fields to 64-bit From: Tina Ruchandani <ruchandani.tina(a)gmail.com> [ Upstream commit 8a79790bf0b7da216627ffb85f52cfb4adbf1e4e ] get_seconds() returns real wall-clock seconds. On 32-bit systems this value will overflow in year 2038 and beyond. This patch changes afs's vlocation record to use ktime_get_real_seconds() instead, for the fields time_of_death and update_at. Signed-off-by: Tina Ruchandani <ruchandani.tina(a)gmail.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/callback.c | 7 ++++--- fs/afs/internal.h | 7 ++++--- fs/afs/server.c | 6 +++--- fs/afs/vlocation.c | 16 +++++++++------- 4 files changed, 20 insertions(+), 16 deletions(-) --- a/fs/afs/callback.c +++ b/fs/afs/callback.c @@ -362,7 +362,7 @@ static void afs_callback_updater(struct { struct afs_server *server; struct afs_vnode *vnode, *xvnode; - time_t now; + time64_t now; long timeout; int ret; @@ -370,7 +370,7 @@ static void afs_callback_updater(struct _enter(""); - now = get_seconds(); + now = ktime_get_real_seconds(); /* find the first vnode to update */ spin_lock(&server->cb_lock); @@ -424,7 +424,8 @@ static void afs_callback_updater(struct /* and then reschedule */ _debug("reschedule"); - vnode->update_at = get_seconds() + afs_vnode_update_timeout; + vnode->update_at = ktime_get_real_seconds() + + afs_vnode_update_timeout; spin_lock(&server->cb_lock); --- a/fs/afs/internal.h +++ b/fs/afs/internal.h @@ -11,6 +11,7 @@ #include <linux/compiler.h> #include <linux/kernel.h> +#include <linux/ktime.h> #include <linux/fs.h> #include <linux/pagemap.h> #include <linux/skbuff.h> @@ -247,7 +248,7 @@ struct afs_cache_vhash { */ struct afs_vlocation { atomic_t usage; - time_t time_of_death; /* time at which put reduced usage to 0 */ + time64_t time_of_death; /* time at which put reduced usage to 0 */ struct list_head link; /* link in cell volume location list */ struct list_head grave; /* link in master graveyard list */ struct list_head update; /* link in master update list */ @@ -258,7 +259,7 @@ struct afs_vlocation { struct afs_cache_vlocation vldb; /* volume information DB record */ struct afs_volume *vols[3]; /* volume access record pointer (index by type) */ wait_queue_head_t waitq; /* status change waitqueue */ - time_t update_at; /* time at which record should be updated */ + time64_t update_at; /* time at which record should be updated */ spinlock_t lock; /* access lock */ afs_vlocation_state_t state; /* volume location state */ unsigned short upd_rej_cnt; /* ENOMEDIUM count during update */ @@ -271,7 +272,7 @@ struct afs_vlocation { */ struct afs_server { atomic_t usage; - time_t time_of_death; /* time at which put reduced usage to 0 */ + time64_t time_of_death; /* time at which put reduced usage to 0 */ struct in_addr addr; /* server address */ struct afs_cell *cell; /* cell in which server resides */ struct list_head link; /* link in cell's server list */ --- a/fs/afs/server.c +++ b/fs/afs/server.c @@ -237,7 +237,7 @@ void afs_put_server(struct afs_server *s spin_lock(&afs_server_graveyard_lock); if (atomic_read(&server->usage) == 0) { list_move_tail(&server->grave, &afs_server_graveyard); - server->time_of_death = get_seconds(); + server->time_of_death = ktime_get_real_seconds(); queue_delayed_work(afs_wq, &afs_server_reaper, afs_server_timeout * HZ); } @@ -272,9 +272,9 @@ static void afs_reap_server(struct work_ LIST_HEAD(corpses); struct afs_server *server; unsigned long delay, expiry; - time_t now; + time64_t now; - now = get_seconds(); + now = ktime_get_real_seconds(); spin_lock(&afs_server_graveyard_lock); while (!list_empty(&afs_server_graveyard)) { --- a/fs/afs/vlocation.c +++ b/fs/afs/vlocation.c @@ -340,7 +340,8 @@ static void afs_vlocation_queue_for_upda struct afs_vlocation *xvl; /* wait at least 10 minutes before updating... */ - vl->update_at = get_seconds() + afs_vlocation_update_timeout; + vl->update_at = ktime_get_real_seconds() + + afs_vlocation_update_timeout; spin_lock(&afs_vlocation_updates_lock); @@ -506,7 +507,7 @@ void afs_put_vlocation(struct afs_vlocat if (atomic_read(&vl->usage) == 0) { _debug("buried"); list_move_tail(&vl->grave, &afs_vlocation_graveyard); - vl->time_of_death = get_seconds(); + vl->time_of_death = ktime_get_real_seconds(); queue_delayed_work(afs_wq, &afs_vlocation_reap, afs_vlocation_timeout * HZ); @@ -543,11 +544,11 @@ static void afs_vlocation_reaper(struct LIST_HEAD(corpses); struct afs_vlocation *vl; unsigned long delay, expiry; - time_t now; + time64_t now; _enter(""); - now = get_seconds(); + now = ktime_get_real_seconds(); spin_lock(&afs_vlocation_graveyard_lock); while (!list_empty(&afs_vlocation_graveyard)) { @@ -622,13 +623,13 @@ static void afs_vlocation_updater(struct { struct afs_cache_vlocation vldb; struct afs_vlocation *vl, *xvl; - time_t now; + time64_t now; long timeout; int ret; _enter(""); - now = get_seconds(); + now = ktime_get_real_seconds(); /* find a record to update */ spin_lock(&afs_vlocation_updates_lock); @@ -684,7 +685,8 @@ static void afs_vlocation_updater(struct /* and then reschedule */ _debug("reschedule"); - vl->update_at = get_seconds() + afs_vlocation_update_timeout; + vl->update_at = ktime_get_real_seconds() + + afs_vlocation_update_timeout; spin_lock(&afs_vlocation_updates_lock); Patches currently in stable-queue which might be from ruchandani.tina(a)gmail.com are queue-4.4/afs-prevent-callback-expiry-timer-overflow.patch queue-4.4/afs-migrate-vlocation-fields-to-64-bit.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Flush outstanding writes when an fd is closed" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Flush outstanding writes when an fd is closed to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-flush-outstanding-writes-when-an-fd-is-closed.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:47:43 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:45 +0000 Subject: afs: Flush outstanding writes when an fd is closed From: David Howells <dhowells(a)redhat.com> [ Upstream commit 58fed94dfb17e89556b5705f20f90e5b2971b6a1 ] Flush outstanding writes in afs when an fd is closed. This is what NFS and CIFS do. Reported-by: Marc Dionne <marc.c.dionne(a)gmail.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/file.c | 1 + fs/afs/internal.h | 1 + fs/afs/write.c | 14 ++++++++++++++ 3 files changed, 16 insertions(+) --- a/fs/afs/file.c +++ b/fs/afs/file.c @@ -29,6 +29,7 @@ static int afs_readpages(struct file *fi const struct file_operations afs_file_operations = { .open = afs_open, + .flush = afs_flush, .release = afs_release, .llseek = generic_file_llseek, .read_iter = generic_file_read_iter, --- a/fs/afs/internal.h +++ b/fs/afs/internal.h @@ -749,6 +749,7 @@ extern int afs_writepages(struct address extern void afs_pages_written_back(struct afs_vnode *, struct afs_call *); extern ssize_t afs_file_write(struct kiocb *, struct iov_iter *); extern int afs_writeback_all(struct afs_vnode *); +extern int afs_flush(struct file *, fl_owner_t); extern int afs_fsync(struct file *, loff_t, loff_t, int); --- a/fs/afs/write.c +++ b/fs/afs/write.c @@ -741,6 +741,20 @@ out: } /* + * Flush out all outstanding writes on a file opened for writing when it is + * closed. + */ +int afs_flush(struct file *file, fl_owner_t id) +{ + _enter(""); + + if ((file->f_mode & FMODE_WRITE) == 0) + return 0; + + return vfs_fsync(file, 0); +} + +/* * notification that a previously read-only page is about to become writable * - if it returns an error, the caller will deliver a bus error signal */ Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.4/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.4/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.4/afs-populate-group-id-from-vnode-status.patch queue-4.4/afs-prevent-callback-expiry-timer-overflow.patch queue-4.4/keys-add-missing-permission-check-for-request_key-destination.patch queue-4.4/afs-adjust-mode-bits-processing.patch queue-4.4/afs-fix-page-leak-in-afs_write_begin.patch queue-4.4/afs-fix-missing-put_page.patch queue-4.4/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.4/afs-populate-and-use-client-modification-time.patch queue-4.4/afs-fix-afs_kill_pages.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Fix the maths in afs_fs_store_data()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Fix the maths in afs_fs_store_data() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-fix-the-maths-in-afs_fs_store_data.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:47:43 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:47 +0000 Subject: afs: Fix the maths in afs_fs_store_data() From: David Howells <dhowells(a)redhat.com> [ Upstream commit 146a1192783697810b63a1e41c4d59fc93387340 ] afs_fs_store_data() works out of the size of the write it's going to make, but it uses 32-bit unsigned subtraction in one place that gets automatically cast to loff_t. However, if to < offset, then the number goes negative, but as the result isn't signed, this doesn't get sign-extended to 64-bits when placed in a loff_t. Fix by casting the operands to loff_t. Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/fsclient.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/afs/fsclient.c +++ b/fs/afs/fsclient.c @@ -1225,7 +1225,7 @@ int afs_fs_store_data(struct afs_server _enter(",%x,{%x:%u},,", key_serial(wb->key), vnode->fid.vid, vnode->fid.vnode); - size = to - offset; + size = (loff_t)to - (loff_t)offset; if (first != last) size += (loff_t)(last - first) << PAGE_SHIFT; pos = (loff_t)first << PAGE_SHIFT; Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.4/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.4/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.4/afs-populate-group-id-from-vnode-status.patch queue-4.4/afs-prevent-callback-expiry-timer-overflow.patch queue-4.4/keys-add-missing-permission-check-for-request_key-destination.patch queue-4.4/afs-adjust-mode-bits-processing.patch queue-4.4/afs-fix-page-leak-in-afs_write_begin.patch queue-4.4/afs-fix-missing-put_page.patch queue-4.4/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.4/afs-populate-and-use-client-modification-time.patch queue-4.4/afs-fix-afs_kill_pages.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Fix page leak in afs_write_begin()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Fix page leak in afs_write_begin() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-fix-page-leak-in-afs_write_begin.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:47:43 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:48 +0000 Subject: afs: Fix page leak in afs_write_begin() From: David Howells <dhowells(a)redhat.com> [ Upstream commit 6d06b0d25209c80e99c1e89700f1e09694a3766b ] afs_write_begin() leaks a ref and a lock on a page if afs_fill_page() fails. Fix the leak by unlocking and releasing the page in the error path. Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/write.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/fs/afs/write.c +++ b/fs/afs/write.c @@ -148,12 +148,12 @@ int afs_write_begin(struct file *file, s kfree(candidate); return -ENOMEM; } - *pagep = page; - /* page won't leak in error case: it eventually gets cleaned off LRU */ if (!PageUptodate(page) && len != PAGE_CACHE_SIZE) { ret = afs_fill_page(vnode, key, index << PAGE_CACHE_SHIFT, page); if (ret < 0) { + unlock_page(page); + put_page(page); kfree(candidate); _leave(" = %d [prep]", ret); return ret; @@ -161,6 +161,9 @@ int afs_write_begin(struct file *file, s SetPageUptodate(page); } + /* page won't leak in error case: it eventually gets cleaned off LRU */ + *pagep = page; + try_again: spin_lock(&vnode->writeback_lock); Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.4/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.4/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.4/afs-populate-group-id-from-vnode-status.patch queue-4.4/afs-prevent-callback-expiry-timer-overflow.patch queue-4.4/keys-add-missing-permission-check-for-request_key-destination.patch queue-4.4/afs-adjust-mode-bits-processing.patch queue-4.4/afs-fix-page-leak-in-afs_write_begin.patch queue-4.4/afs-fix-missing-put_page.patch queue-4.4/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.4/afs-populate-and-use-client-modification-time.patch queue-4.4/afs-fix-afs_kill_pages.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Fix missing put_page()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Fix missing put_page() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-fix-missing-put_page.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:47:43 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:43 +0000 Subject: afs: Fix missing put_page() From: David Howells <dhowells(a)redhat.com> [ Upstream commit 29c8bbbd6e21daa0997d1c3ee886b897ee7ad652 ] In afs_writepages_region(), inside the loop where we find dirty pages to deal with, one of the if-statements is missing a put_page(). Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/write.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/afs/write.c +++ b/fs/afs/write.c @@ -503,6 +503,7 @@ static int afs_writepages_region(struct if (PageWriteback(page) || !PageDirty(page)) { unlock_page(page); + put_page(page); continue; } Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.4/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.4/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.4/afs-populate-group-id-from-vnode-status.patch queue-4.4/afs-prevent-callback-expiry-timer-overflow.patch queue-4.4/keys-add-missing-permission-check-for-request_key-destination.patch queue-4.4/afs-adjust-mode-bits-processing.patch queue-4.4/afs-fix-page-leak-in-afs_write_begin.patch queue-4.4/afs-fix-missing-put_page.patch queue-4.4/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.4/afs-populate-and-use-client-modification-time.patch queue-4.4/afs-fix-afs_kill_pages.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Fix afs_kill_pages()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Fix afs_kill_pages() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-fix-afs_kill_pages.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:47:43 CET 2017 From: David Howells <dhowells(a)redhat.com> Date: Thu, 16 Mar 2017 16:27:48 +0000 Subject: afs: Fix afs_kill_pages() From: David Howells <dhowells(a)redhat.com> [ Upstream commit 7286a35e893176169b09715096a4aca557e2ccd2 ] Fix afs_kill_pages() in two ways: (1) If a writeback has been partially flushed, then if we try and kill the pages it contains, some of them may no longer be undergoing writeback and end_page_writeback() will assert. Fix this by checking to see whether the page in question is actually undergoing writeback before ending that writeback. (2) The loop that scans for pages to kill doesn't increase the first page index, and so the loop may not terminate, but it will try to process the same pages over and over again. Fix this by increasing the first page index to one after the last page we processed. Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/write.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/fs/afs/write.c +++ b/fs/afs/write.c @@ -299,10 +299,14 @@ static void afs_kill_pages(struct afs_vn ASSERTCMP(pv.nr, ==, count); for (loop = 0; loop < count; loop++) { - ClearPageUptodate(pv.pages[loop]); + struct page *page = pv.pages[loop]; + ClearPageUptodate(page); if (error) - SetPageError(pv.pages[loop]); - end_page_writeback(pv.pages[loop]); + SetPageError(page); + if (PageWriteback(page)) + end_page_writeback(page); + if (page->index >= first) + first = page->index + 1; } __pagevec_release(&pv); Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.4/afs-flush-outstanding-writes-when-an-fd-is-closed.patch queue-4.4/afs-fix-the-maths-in-afs_fs_store_data.patch queue-4.4/afs-populate-group-id-from-vnode-status.patch queue-4.4/afs-prevent-callback-expiry-timer-overflow.patch queue-4.4/keys-add-missing-permission-check-for-request_key-destination.patch queue-4.4/afs-adjust-mode-bits-processing.patch queue-4.4/afs-fix-page-leak-in-afs_write_begin.patch queue-4.4/afs-fix-missing-put_page.patch queue-4.4/afs-migrate-vlocation-fields-to-64-bit.patch queue-4.4/afs-populate-and-use-client-modification-time.patch queue-4.4/afs-fix-afs_kill_pages.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "afs: Adjust mode bits processing" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Adjust mode bits processing to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-adjust-mode-bits-processing.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:47:43 CET 2017 From: Marc Dionne <marc.dionne(a)auristor.com> Date: Thu, 16 Mar 2017 16:27:44 +0000 Subject: afs: Adjust mode bits processing From: Marc Dionne <marc.dionne(a)auristor.com> [ Upstream commit 627f46943ff90bcc32ddeb675d881c043c6fa2ae ] Mode bits for an afs file should not be enforced in the usual way. For files, the absence of user bits can restrict file access with respect to what is granted by the server. These bits apply regardless of the owner or the current uid; the rest of the mode bits (group, other) are ignored. Signed-off-by: Marc Dionne <marc.dionne(a)auristor.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/security.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/fs/afs/security.c +++ b/fs/afs/security.c @@ -340,17 +340,22 @@ int afs_permission(struct inode *inode, } else { if (!(access & AFS_ACE_LOOKUP)) goto permission_denied; + if ((mask & MAY_EXEC) && !(inode->i_mode & S_IXUSR)) + goto permission_denied; if (mask & (MAY_EXEC | MAY_READ)) { if (!(access & AFS_ACE_READ)) goto permission_denied; + if (!(inode->i_mode & S_IRUSR)) + goto permission_denied; } else if (mask & MAY_WRITE) { if (!(access & AFS_ACE_WRITE)) goto permission_denied; + if (!(inode->i_mode & S_IWUSR)) + goto permission_denied; } } key_put(key); - ret = generic_permission(inode, mask); _leave(" = %d", ret); return ret; Patches currently in stable-queue which might be from marc.dionne(a)auristor.com are queue-4.4/afs-populate-group-id-from-vnode-status.patch queue-4.4/afs-adjust-mode-bits-processing.patch queue-4.4/afs-populate-and-use-client-modification-time.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] [GIT PULL] commits for Linux 4.9

by alexander.levin＠verizon.com

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 284bbc782445283e9a5124666dda8010f379f179: Linux 4.9.67 (2017-12-05 11:24:35 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-14122017 for you to fetch changes up to 5a61e82fa8ae21ab86109805e7697c9d53fd046f: ath9k: fix tx99 potential info leak (2017-12-14 10:24:24 -0500) - ---------------------------------------------------------------- for-greg-4.9-14122017 - ---------------------------------------------------------------- Alex Deucher (2): drm/radeon/si: add dpm quirk for Oland drm/radeon: reinstate oland workaround for sclk Alex Vesker (1): IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop Alex Williamson (1): PCI: Detach driver before procfs & sysfs teardown on device remove Alexander Duyck (1): macvlan: Only deliver one copy of the frame to the macvlan interface Alexander Potapenko (1): net: initialize msg.msg_flags in recvfrom Alexander Shishkin (1): intel_th: pci: Add Gemini Lake support Andrea Arcangeli (2): userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE userfaultfd: selftest: vm: allow to build in vm/ directory Arnd Bergmann (2): irqchip/mvebu-odmi: Select GENERIC_MSI_IRQ_DOMAIN drm: amd: remove broken include path Bart Van Assche (2): target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() RDMA/cma: Avoid triggering undefined behavior Bob Peterson (1): GFS2: Take inode off order_write list when setting jdata flag Brian Foster (1): xfs: fix log block underflow during recovery cycle verification Chen Zhong (1): clk: mediatek: add the option for determining PLL source clock Christoph Hellwig (2): nvme: use kref_get_unless_zero in nvme_find_get_ns xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real Christophe JAILLET (3): video: fbdev: au1200fb: Release some resources if a memory allocation fails video: fbdev: au1200fb: Return an error code if a memory allocation fails btrfs: tests: Fix a memory leak in error handling path in 'run_test()' Christophe Leroy (1): powerpc/ipic: Fix status get and status clear Chunfeng Yun (1): usb: xhci-mtk: check hcc_params after adding primary hcd Dan Carpenter (1): scsi: bfa: integer overflow in debugfs Daniel Borkmann (1): perf symbols: Fix symbols__fixup_end heuristic for corner cases Daniel Bristot de Oliveira (2): sched/deadline: Make sure the replenishment timer fires in the next period sched/deadline: Throttle a constrained deadline task activated after the deadline Daniel Drake (1): efi/esrt: Cleanup bad memory map log messages Daniel Jurgens (1): net/mlx5: Don't save PCI state when PCI error is detected Daniel Lezcano (1): thermal/drivers/step_wise: Fix temperature regulation misbehavior Dave Airlie (1): drm/amdgpu: fix parser init error path to avoid crash in parser fini David Ahern (1): net: mpls: Fix nexthop alive tracking on down events David Howells (10): rxrpc: Wake up the transmitter if Rx window size increases on the peer afs: Fix missing put_page() afs: Flush outstanding writes when an fd is closed afs: Fix the maths in afs_fs_store_data() afs: Invalid op ID should abort with RXGEN_OPCODE afs: Better abort and net error handling afs: Fix page leak in afs_write_begin() afs: Fix afs_kill_pages() afs: Fix abort on signal while waiting for call completion rxrpc: Ignore BUSY packets on old calls Dmitry Torokhov (1): Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list Dmitry Vyukov (2): tty: don't panic on OOM in tty_set_ldisc() tty: fix data race in tty_ldisc_ref_wait() Don Brace (3): scsi: hpsa: update check for logical volume status scsi: hpsa: limit outstanding rescans scsi: hpsa: do not timeout reset operations Dou Liyang (1): Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when booting" Doug Berger (6): net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values net: bcmgenet: correct MIB access of UniMAC RUNT counters net: bcmgenet: reserved phy revisions must be checked first net: bcmgenet: power down internal phy if open or resume fails net: bcmgenet: synchronize irq0 status between the isr and task net: bcmgenet: Power up the internal PHY before probing the MII Douglas Gilbert (1): scsi: scsi_debug: write_same: fix error report Eryu Guan (1): xfs: truncate pagecache before writeback in xfs_setattr_size() Florian Westphal (1): netfilter: bridge: honor frag_max_size when refragmenting Gao Feng (1): ppp: Destroy the mutex when cleanup Gary R Hook (1): iommu/amd: Limit the IOVA page range to the specified addresses Geert Uytterhoeven (1): fbdev: controlfb: Add missing modes to fix out of bounds access Guoqing Jiang (1): md-cluster: free md_cluster_info if node leave cluster Hiroyuki Yokoyama (2): ASoC: rsnd: fix sound route path when using SRC6/SRC9 dmaengine: rcar-dmac: use TCRB instead of TCR for residue Jack Morgenstein (1): net/mlx4_core: Avoid delays during VF driver device shutdown Jan Kara (2): mm: Handle 0 flags in _calc_vm_trans() macro udf: Avoid overflow when session starts at large offset Javier Martinez Canillas (1): usb: phy: isp1301: Add OF device ID table Jia-Ju Bai (3): vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd Jiang Yi (1): target/file: Do not return error for UNMAP if length is zero Jiri Pirko (2): mlxsw: reg: Fix SPVM max record count mlxsw: reg: Fix SPVMLR max record count Jiri Slaby (1): l2tp: cleanup l2tp_tunnel_delete calls Johan Hovold (1): net: wimax/i2400m: fix NULL-deref at probe KUWAZAWA Takuya (1): netfilter: ipvs: Fix inappropriate output of procfs Kuninori Morimoto (2): ASoC: rcar: clear DE bit only in PDMACHCR when it stops ASoC: rsnd: rsnd_ssi_run_mods() needs to care ssi_parent_mod Kuppuswamy Sathyanarayanan (1): platform/x86: intel_punit_ipc: Fix resource ioremap warning Kurt Garloff (1): scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry Ladislav Michl (1): video: udlfb: Fix read EDID timeout Leo Yan (1): clk: hi6220: mark clock cs_atb_syspll as critical Leon Romanovsky (1): RDMA/cxgb4: Declare stag as __be32 Liang Chen (1): bcache: explicitly destroy mutex while exiting Linus Walleij (1): pinctrl: adi2: Fix Kconfig build problem Liu Bo (1): badblocks: fix wrong return value in badblocks_set if badblocks are disabled Marc Dionne (4): afs: Populate group ID from vnode status afs: Adjust mode bits processing afs: Deal with an empty callback array afs: Populate and use client modification time Markus Elfring (1): platform/x86: sony-laptop: Fix error handling in sony_nc_setup_rfkill() Martin Wilck (2): scsi: hpsa: cleanup sas_phy structures in sysfs when unloading scsi: hpsa: destroy sas transport properties before scsi_host Matteo Croce (1): icmp: don't fail on fragment reassembly time exceeded Matthias Brugger (2): iommu/mediatek: Fix driver name soc: mediatek: pwrap: fix compiler errors Matthias Kaehlcke (1): dmaengine: Fix array index out of bounds warning in __get_unmap_pool() Miaoqing Pan (1): ath9k: fix tx99 potential info leak Michael Chan (1): bnxt_en: Ignore 0 value in autoneg supported speed from firmware. Michael Ellerman (1): powerpc/perf/hv-24x7: Fix incorrect comparison in memord Michał Mirosław (1): clk: tegra: Fix cclk_lp divisor register Mika Westerberg (1): PCI: Do not allocate more buses than available in parent Mike Christie (3): target: Use system workqueue for ALUA transitions target: fix ALUA transition timeout handling target: fix race during implicit transition work flushes Mintz, Yuval (1): qed: Fix mapping leak on LL2 rx flow NeilBrown (3): NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) NFSD: fix nfsd_reset_versions for NFSv4. raid5: Set R5_Expanded on parity devices as well as data. Nick Desaulniers (1): arm64: prevent regressions in compressed kernel image size when upgrading to binutils 2.27 Oleksandr Tyshchenko (1): iommu/io-pgtable-arm-v7s: Check for leaf entry before dereferencing it Olga Kornievskaia (1): NFSv4.1 respect server's max size in CREATE_SESSION Osama Khan (1): platform/x86: hp_accel: Add quirk for HP ProBook 440 G4 Pankaj Bharadiya (1): ASoC: Intel: Skylake: Fix uuid_module memory leak in failure case Parav Pandit (1): IB/core: Fix calculation of maximum RoCE MTU Patel Jay P (1): Ib/hfi1: Return actual operational VLs in port info query Paul Blakey (1): net/mlx5: Fix create autogroup prev initializer Peter Ujfalusi (1): dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type Philipp Zabel (1): rtc: pcf8563: fix output clock rate Qiang (1): PCI/PME: Handle invalid data when reading Root Status Radim Krčmář (1): KVM: nVMX: do not warn when MSR bitmap address is not backed Ram Amrani (2): qed: Align CIDs according to DORQ requirement qed: Fix interrupt flags on Rx LL2 Robert Baronescu (1): crypto: tcrypt - fix buffer lengths in test_aead_speed() Robert Stonehouse (1): sfc: don't warn on successful change of MAC Sagi Grimberg (4): blk-mq: Fix tagset reinit in the presence of cpu hot-unplug nvme-loop: fix a possible use-after-free when destroying the admin queue nvmet: confirm sq percpu has scheduled and switched to atomic nvmet-rdma: Fix a possible uninitialized variable dereference Sara Sharon (1): iwlwifi: mvm: cleanup pending frames in DQA mode Shriya (1): powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo Stafford Horne (1): openrisc: fix issue handling 8 byte get_user calls Steven Rostedt (VMware) (1): sched/deadline: Use deadline instead of period when calculating overflow Suzuki K Poulose (1): arm-ccn: perf: Prevent module unload while PMU is in use Sébastien Szymanski (2): HID: cp2112: fix broken gpio_direction_input callback clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU Tahsin Erdogan (1): writeback: fix memory leak in wb_queue_work() Taku Izumi (1): fjes: Fix wrong netdevice feature flags Tina Ruchandani (2): afs: Migrate vlocation fields to 64-bit afs: Prevent callback expiry timer overflow Tomi Valkeinen (1): drm/omap: fix dmabuf mmap for dma_alloc'ed buffers Vitaly Kuznetsov (1): Drivers: hv: util: move waiting for release to hv_utils_transport itself Vlad Yasevich (1): net: Resend IGMP memberships upon peer notification. Wanpeng Li (1): sched/deadline: Add missing update_rq_clock() in dl_task_timer() William A. Kennington III (1): powerpc/opal: Fix EBUSY bug in acquiring tokens Zygo Blaxell (1): btrfs: add missing memset while reading compressed inline extents nixiaoming (1): tty fix oops when rmmod 8250 tang.junhui (1): bcache: fix wrong cache_misses statistics tangwenji (2): iscsi-target: fix memory leak in lio_target_tiqn_addtpg() target:fix condition return in core_pr_dump_initiator_port() weiping zhang (2): scsi: sd: change manage_start_stop to bool in sysfs interface scsi: sd: change allow_restart to bool in sysfs interface yong mao (1): mmc: mediatek: Fixed bug where clock frequency could be set wrong arch/arm64/Makefile | 8 +- arch/blackfin/Kconfig | 7 +- arch/blackfin/Kconfig.debug | 1 + arch/openrisc/include/asm/uaccess.h | 2 +- arch/powerpc/perf/hv-24x7.c | 2 +- arch/powerpc/platforms/powernv/opal-async.c | 6 +- arch/powerpc/platforms/powernv/setup.c | 2 +- arch/powerpc/sysdev/ipic.c | 4 +- arch/x86/kernel/acpi/boot.c | 2 +- arch/x86/kvm/vmx.c | 4 +- block/badblocks.c | 2 +- block/blk-mq-tag.c | 3 + crypto/tcrypt.c | 6 +- drivers/acpi/acpi_processor.c | 5 - drivers/acpi/bus.c | 1 - drivers/acpi/processor_core.c | 73 ---------- drivers/bus/arm-ccn.c | 1 + drivers/clk/hisilicon/clk-hi6220.c | 2 +- drivers/clk/imx/clk-imx6q.c | 2 +- drivers/clk/mediatek/clk-mtk.h | 1 + drivers/clk/mediatek/clk-pll.c | 5 +- drivers/clk/tegra/clk-tegra30.c | 2 +- drivers/dma/dmaengine.c | 2 + drivers/dma/sh/rcar-dmac.c | 2 +- drivers/dma/ti-dma-crossbar.c | 8 +- drivers/firmware/efi/efi.c | 1 - drivers/firmware/efi/esrt.c | 2 +- drivers/gpu/drm/amd/acp/Makefile | 2 - drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 + drivers/gpu/drm/omapdrm/omap_gem_dmabuf.c | 3 - drivers/gpu/drm/radeon/si_dpm.c | 10 ++ drivers/hid/hid-cp2112.c | 8 +- drivers/hv/hv_fcopy.c | 4 - drivers/hv/hv_kvp.c | 4 - drivers/hv/hv_snapshot.c | 4 - drivers/hv/hv_utils_transport.c | 12 +- drivers/hv/hv_utils_transport.h | 1 + drivers/hwtracing/intel_th/pci.c | 5 + drivers/infiniband/core/cma.c | 11 +- drivers/infiniband/hw/cxgb4/t4.h | 2 +- drivers/infiniband/hw/hfi1/chip.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_ib.c | 7 +- drivers/input/serio/i8042-x86ia64io.h | 7 + drivers/iommu/amd_iommu.c | 2 +- drivers/iommu/io-pgtable-arm-v7s.c | 6 +- drivers/iommu/mtk_iommu_v1.c | 2 +- drivers/irqchip/Kconfig | 1 + drivers/md/bcache/request.c | 6 +- drivers/md/bcache/super.c | 6 +- drivers/md/md-cluster.c | 1 + drivers/md/raid5.c | 5 +- drivers/mmc/host/mtk-sd.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 168 +++++++++++++++------- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 16 ++- drivers/net/ethernet/mellanox/mlx4/cmd.c | 11 ++ drivers/net/ethernet/mellanox/mlx4/main.c | 11 ++ drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 5 +- drivers/net/ethernet/mellanox/mlxsw/reg.h | 4 +- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 3 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/sfc/ef10.c | 2 +- drivers/net/fjes/fjes_main.c | 2 +- drivers/net/macvlan.c | 2 +- drivers/net/ppp/ppp_generic.c | 1 + drivers/net/wimax/i2400m/usb.c | 3 + drivers/net/wireless/ath/ath9k/tx99.c | 5 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 5 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 11 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 41 +++--- drivers/nvme/host/core.c | 3 +- drivers/nvme/target/core.c | 11 +- drivers/nvme/target/loop.c | 2 +- drivers/nvme/target/nvmet.h | 1 + drivers/nvme/target/rdma.c | 8 +- drivers/pci/pcie/pme.c | 5 +- drivers/pci/probe.c | 7 +- drivers/pci/remove.c | 2 +- drivers/pinctrl/Kconfig | 3 +- drivers/platform/x86/hp_accel.c | 1 + drivers/platform/x86/intel_punit_ipc.c | 8 +- drivers/platform/x86/sony-laptop.c | 14 +- drivers/rtc/rtc-pcf8563.c | 2 +- drivers/scsi/bfa/bfad_debugfs.c | 5 +- drivers/scsi/hpsa.c | 59 ++++---- drivers/scsi/hpsa.h | 1 + drivers/scsi/hpsa_cmd.h | 2 + drivers/scsi/scsi_debug.c | 6 +- drivers/scsi/scsi_devinfo.c | 2 +- drivers/scsi/sd.c | 12 +- drivers/soc/mediatek/mtk-pmic-wrap.c | 2 +- drivers/staging/rtl8188eu/core/rtw_cmd.c | 4 +- drivers/staging/vt6655/device_main.c | 3 +- drivers/target/iscsi/iscsi_target.c | 3 +- drivers/target/iscsi/iscsi_target_configfs.c | 3 +- drivers/target/target_core_alua.c | 33 ++--- drivers/target/target_core_file.c | 4 + drivers/target/target_core_pr.c | 4 +- drivers/thermal/step_wise.c | 11 +- drivers/tty/tty_ldisc.c | 92 +++--------- drivers/usb/host/xhci-mtk.c | 6 +- drivers/usb/phy/phy-isp1301.c | 7 + drivers/video/fbdev/au1200fb.c | 7 +- drivers/video/fbdev/controlfb.h | 2 + drivers/video/fbdev/udlfb.c | 10 +- fs/afs/callback.c | 7 +- fs/afs/cmservice.c | 11 +- fs/afs/file.c | 1 + fs/afs/fsclient.c | 22 +-- fs/afs/inode.c | 11 +- fs/afs/internal.h | 17 ++- fs/afs/misc.c | 2 + fs/afs/rxrpc.c | 52 ++++--- fs/afs/security.c | 7 +- fs/afs/server.c | 6 +- fs/afs/vlocation.c | 16 ++- fs/afs/write.c | 32 ++++- fs/btrfs/inode.c | 14 ++ fs/btrfs/tests/free-space-tree-tests.c | 3 +- fs/fs-writeback.c | 35 +++-- fs/gfs2/file.c | 4 +- fs/nfs/nfs4client.c | 4 +- fs/nfsd/nfssvc.c | 30 ++-- fs/proc/proc_tty.c | 3 +- fs/udf/super.c | 2 +- fs/userfaultfd.c | 2 +- fs/xfs/libxfs/xfs_bmap.c | 2 +- fs/xfs/xfs_iops.c | 36 ++--- fs/xfs/xfs_log_recover.c | 2 +- include/linux/acpi.h | 3 - include/linux/mlx4/device.h | 1 + include/linux/mman.h | 3 +- include/rdma/ib_addr.h | 7 +- include/rdma/ib_pack.h | 19 +-- include/target/target_core_base.h | 2 +- kernel/sched/deadline.c | 63 +++++++- net/bridge/br_netfilter_hooks.c | 12 +- net/core/dev.c | 1 + net/ipv4/icmp.c | 15 +- net/l2tp/l2tp_core.c | 2 +- net/l2tp/l2tp_netlink.c | 2 +- net/mpls/af_mpls.c | 13 +- net/netfilter/ipvs/ip_vs_ctl.c | 4 + net/rxrpc/conn_event.c | 4 + net/rxrpc/input.c | 15 +- net/socket.c | 1 + sound/soc/intel/skylake/skl-sst-utils.c | 15 +- sound/soc/sh/rcar/cmd.c | 36 ++--- sound/soc/sh/rcar/dma.c | 18 ++- sound/soc/sh/rcar/ssi.c | 11 +- tools/perf/util/symbol.c | 2 +- tools/testing/selftests/vm/Makefile | 4 + 154 files changed, 894 insertions(+), 608 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJaMqMnAAoJEN6mb/eXdyzcF+QP/280sLVKmyEUxsBZUeXh08JV 9W3LpSDa3MTKyQLZwBR1Xp/YgryvROK0woem5YwTaec/OYgaPadhugF2qCGpqu44 pJcbx1GjLZKt9zKG32ePU/tRdIzbJQYpsFemqOrprAL416kP34nQ9q0DweP8D39j jAGmBoE6kT5cwK0Ym1ALmxfyVh3jPrJEaVOXfCFDGCJnvKaGaOWWqckTRfUHpXEr xdkLOQdA9VnyGE5I+A+5sQ/xFWwnJsqyG/XiLZ7N4xCIi52qjCjOefCxrMttHUMv /rqASr8OViQDSHHriE9tzjL4BHb6FWbnpNMdteO15sEjGd9R5xGa7+aneEgsBROB X4qrv71fb85MQ2rM9xjk5RybBjBI0QWSXzwT8NOUtSYzSUYLscQkIx95pAylEurj sGBcvq5hvopyTnUdJ0LeBZm2zZWU/2NlaKNc3tXPaVOTQkRydiUF6z87mk8CqkxZ eUVrG6ZN+9ZgvlN3MOvzCojgUx0yoygXVfHT5+9ffio0jzAOPY9TQYS6M3jXP19I 1Dxv1YEVR39PKwK4aRHutRAQQMX6z9iRMqHgwRTkyQiM+xA+3k/qUp1G/U8mUgMt NvKXj0KLO52/MKxtloafIKaLLX7stpe4xWymNFmblXv+l/nnR40qZazRzRBVHmyS nxByMu+iC9dvW3igacXr =wXPp -----END PGP SIGNATURE-----

7 years, 4 months

2
1
0 0

[Linux-stable-mirror] [PATCH] crypto: af_alg - add keylen checking to avoid NULL ptr passing down

by Li Kun

alg_setkey do not check the keylen whether it is zero, so the key may be ZERO_SIZE_PTR when keylen is 0, which will pass the copy_from_user's checking and be passed to the lower functions as key. If the lower functions only check the key if it is NULL, ZERO_SIZE_PTR will pass the checking, and will cause null ptr dereference, so it's better to intercept the invalid parameters in the upper functions. This patch is also suitable to fix CVE-2017-15116 for stable trees. Signed-off-by: Li Kun <hw.likun(a)huawei.com> --- crypto/af_alg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 337cf38..10f22f3 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -210,6 +210,8 @@ static int alg_setkey(struct sock *sk, char __user *ukey, u8 *key; int err; + if (!keylen) + return -EINVAL; key = sock_kmalloc(sk, keylen, GFP_KERNEL); if (!key) return -ENOMEM; -- 1.8.3.4

7 years, 4 months

2
2
0 0

[Linux-stable-mirror] Patch "xfs: truncate pagecache before writeback in xfs_setattr_size()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: truncate pagecache before writeback in xfs_setattr_size() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-truncate-pagecache-before-writeback-in-xfs_setattr_size.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Dec 18 14:12:35 CET 2017 From: Eryu Guan <eguan(a)redhat.com> Date: Wed, 1 Nov 2017 21:43:50 -0700 Subject: xfs: truncate pagecache before writeback in xfs_setattr_size() From: Eryu Guan <eguan(a)redhat.com> [ Upstream commit 350976ae21873b0d36584ea005076356431b8f79 ] On truncate down, if new size is not block size aligned, we zero the rest of block to avoid exposing stale data to user, and iomap_truncate_page() skips zeroing if the range is already in unwritten state or a hole. Then we writeback from on-disk i_size to the new size if this range hasn't been written to disk yet, and truncate page cache beyond new EOF and set in-core i_size. The problem is that we could write data between di_size and newsize before removing the page cache beyond newsize, as the extents may still be in unwritten state right after a buffer write. As such, the page of data that newsize lies in has not been zeroed by page cache invalidation before it is written, and xfs_do_writepage() hasn't triggered it's "zero data beyond EOF" case because we haven't updated in-core i_size yet. Then a subsequent mmap read could see non-zeros past EOF. I occasionally see this in fsx runs in fstests generic/112, a simplified fsx operation sequence is like (assuming 4k block size xfs): fallocate 0x0 0x1000 0x0 keep_size write 0x0 0x1000 0x0 truncate 0x0 0x800 0x1000 punch_hole 0x0 0x800 0x800 mapread 0x0 0x800 0x800 where fallocate allocates unwritten extent but doesn't update i_size, buffer write populates the page cache and extent is still unwritten, truncate skips zeroing page past new EOF and writes the page to disk, punch_hole invalidates the page cache, at last mapread reads the block back and sees non-zero beyond EOF. Fix it by moving truncate_setsize() to before writeback so the page cache invalidation zeros the partial page at the new EOF. This also triggers "zero data beyond EOF" in xfs_do_writepage() at writeback time, because newsize has been set and page straddles the newsize. Also fixed the wrong 'end' param of filemap_write_and_wait_range() call while we're at it, the 'end' is inclusive and should be 'newsize - 1'. Suggested-by: Dave Chinner <dchinner(a)redhat.com> Signed-off-by: Eryu Guan <eguan(a)redhat.com> Acked-by: Dave Chinner <dchinner(a)redhat.com> Reviewed-by: Brian Foster <bfoster(a)redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/xfs_iops.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -871,22 +871,6 @@ xfs_setattr_size( return error; /* - * We are going to log the inode size change in this transaction so - * any previous writes that are beyond the on disk EOF and the new - * EOF that have not been written out need to be written here. If we - * do not write the data out, we expose ourselves to the null files - * problem. Note that this includes any block zeroing we did above; - * otherwise those blocks may not be zeroed after a crash. - */ - if (did_zeroing || - (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) { - error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, - ip->i_d.di_size, newsize); - if (error) - return error; - } - - /* * We've already locked out new page faults, so now we can safely remove * pages from the page cache knowing they won't get refaulted until we * drop the XFS_MMAP_EXCL lock after the extent manipulations are @@ -902,9 +886,29 @@ xfs_setattr_size( * user visible changes). There's not much we can do about this, except * to hope that the caller sees ENOMEM and retries the truncate * operation. + * + * And we update in-core i_size and truncate page cache beyond newsize + * before writeback the [di_size, newsize] range, so we're guaranteed + * not to write stale data past the new EOF on truncate down. */ truncate_setsize(inode, newsize); + /* + * We are going to log the inode size change in this transaction so + * any previous writes that are beyond the on disk EOF and the new + * EOF that have not been written out need to be written here. If we + * do not write the data out, we expose ourselves to the null files + * problem. Note that this includes any block zeroing we did above; + * otherwise those blocks may not be zeroed after a crash. + */ + if (did_zeroing || + (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) { + error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, + ip->i_d.di_size, newsize - 1); + if (error) + return error; + } + error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); if (error) return error; Patches currently in stable-queue which might be from eguan(a)redhat.com are queue-4.9/ext4-fix-fdatasync-2-after-fallocate-2-operation.patch queue-4.9/xfs-truncate-pagecache-before-writeback-in-xfs_setattr_size.patch

7 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror