commit b98f0ec91c42d87a70da42726b852ac8d78a3257 upstream.
The afs_deliver_fs_rename() and yfs_deliver_fs_rename() functions both only
decode the second file status returned unless the parent directories are
different - unfortunately, this means that the xdr pointer isn't advanced
and the volsync record will be read incorrectly in such an instance.
Fix this by always decoding the second status into the second
status/callback block which wasn't being used if the dirs were the same.
The afs_update_dentry_version() calls that update the directory data
version numbers on the dentries can then unconditionally use the second
status record as this will always reflect the state of the destination dir
(the two records will be identical if the destination dir is the same as
the source dir)
Fixes: 260a980317 ("[AFS]: Add "directory write" support.")
Fixes: 30062bd13e ("afs: Implement YFS support in the fs client")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3e0d9892c0e7fa426ca6bf921cb4b543ca265714 upstream.
If we're decoding an AFSFetchStatus record and we see that the version is 1
and the abort code is set and we're expecting inline errors, then we store
the abort code and ignore the remaining status record (which is correct),
but we don't set the flag to say we got a valid abort code.
This can affect operation of YFS.RemoveFile2 when removing a file and the
operation of {,Y}FS.InlineBulkStatus when prospectively constructing or
updating of a set of inodes during a lookup.
Fix this to indicate the reception of a valid abort code.
Fixes: a38a75581e ("afs: Fix unlink to handle YFS.RemoveFile2 better")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c72057b56f7e24865840a6961d801a7f21d30a5f upstream.
If we receive a status record that has VNOVNODE set in the abort field,
xdr_decode_AFSFetchStatus() and xdr_decode_YFSFetchStatus() don't advance
the XDR pointer, thereby corrupting anything subsequent decodes from the
same block of data.
This has the potential to affect AFS.InlineBulkStatus and
YFS.InlineBulkStatus operation, but probably doesn't since the status
records are extracted as individual blocks of data and the buffer pointer
is reset between blocks.
It does affect YFS.RemoveFile2 operation, corrupting the volsync record -
though that is not currently used.
Other operations abort the entire operation rather than returning an error
inline, in which case there is no decoding to be done.
Fix this by unconditionally advancing the xdr pointer.
Fixes: 684b0f68cf ("afs: Fix AFSFetchStatus decoder to provide OpenAFS compatibility")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6ZbdIACgkQONu9yGCS
aT5Jqw/7BZ639nTAAmz809yOF1JBhvBptRg9tBKYAfw62DzfZe5s9IZA6znIt0f0
nlluLvnhHlDSpgycHNkFry5AkiCUpRQW6NY681xITm918w3BxsKX2pfCawojIOSw
YBaTWoWqNFQQWlC18L1CWJmIvIktSCHXBMTVDpnvRv7sw5A4Oe/zarzVDNb0A6OJ
ThaR7LAKJrUEDDLuCOuB/IrYCOpOzg2SkViFmlo4wmmhvCSi8PXvf3royrSFXxM/
Y1bs67Hu/uqeHl8Y2RaMZpXf1aW9F31sooca4GD+UnVoWppjIOKRyuGLTrXKv7pw
/goIzlE8wfJz5K0iQ4UcbXwwdY81L9UlMdVsmIWHHgxMjSp1J5mfQ5TLUC/VK3UO
Ll9tCYBwH4FjzxNRJq7if8TDAfgPzyhw4BMchgXZWzW1oasl51T2uEye3KgFXQSb
u6TwCx4KGS0w/Q81SKis83Pb0unHGanJOSCZxI1B44raf0ruCBpTYUc713pfegWT
46YtwoorAK8N+GpFQA1tsTJvVclqCF5bHVE19TMvXV4UX/VTPtbIAUE7vnvcxcqO
uh0b9Jfmd6Fcgh7VZQCH7CUYnsyJmGqj2kycB1p+T8UB6H+PCeuQBZBl8sJnf8oj
d5NIzB7WWXBQuEG5XuPtxg6+ARMPEIpd2exEVn9ZOv5qhesBo04=
=pjAq
-----END PGP SIGNATURE-----
Merge 5.4.33 into android-5.4-stable
Changes in 5.4.33
ARM: dts: sun8i-a83t-tbs-a711: HM5065 doesn't like such a high voltage
bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
ARM: dts: Fix dm814x Ethernet by changing to use rgmii-id mode
bpf: Fix deadlock with rq_lock in bpf_send_signal()
iwlwifi: mvm: Fix rate scale NSS configuration
Input: tm2-touchkey - add support for Coreriver TC360 variant
soc: fsl: dpio: register dpio irq handlers after dpio create
rxrpc: Abstract out the calculation of whether there's Tx space
rxrpc: Fix call interruptibility handling
net: stmmac: platform: Fix misleading interrupt error msg
net: vxge: fix wrong __VA_ARGS__ usage
hinic: fix a bug of waitting for IO stopped
hinic: fix the bug of clearing event queue
hinic: fix out-of-order excution in arm cpu
hinic: fix wrong para of wait_for_completion_timeout
hinic: fix wrong value of MIN_SKB_LEN
selftests/net: add definition for SOL_DCCP to fix compilation errors for old libc
cxgb4/ptp: pass the sign of offset delta in FW CMD
drm/scheduler: fix rare NULL ptr race
cfg80211: Do not warn on same channel at the end of CSA
qlcnic: Fix bad kzalloc null test
i2c: st: fix missing struct parameter description
i2c: pca-platform: Use platform_irq_get_optional
media: rc: add keymap for Videostrong KII Pro
cpufreq: imx6q: Fixes unwanted cpu overclocking on i.MX6ULL
staging: wilc1000: avoid double unlocking of 'wilc->hif_cs' mutex
media: venus: hfi_parser: Ignore HEVC encoding for V1
firmware: arm_sdei: fix double-lock on hibernate with shared events
null_blk: Fix the null_add_dev() error path
null_blk: Handle null_add_dev() failures properly
null_blk: fix spurious IO errors after failed past-wp access
media: imx: imx7_mipi_csis: Power off the source when stopping streaming
media: imx: imx7-media-csi: Fix video field handling
xhci: bail out early if driver can't accress host in resume
ACPI: EC: Do not clear boot_ec_is_ecdt in acpi_ec_add()
x86: Don't let pgprot_modify() change the page encryption bit
dma-mapping: Fix dma_pgprot() for unencrypted coherent pages
block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices
debugfs: Check module state before warning in {full/open}_proxy_open()
irqchip/versatile-fpga: Handle chained IRQs properly
time/sched_clock: Expire timer in hardirq context
media: allegro: fix type of gop_length in channel_create message
sched: Avoid scale real weight down to zero
selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
PCI/switchtec: Fix init_completion race condition with poll_wait()
block, bfq: move forward the getting of an extra ref in bfq_bfqq_move
media: i2c: video-i2c: fix build errors due to 'imply hwmon'
libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
pstore/platform: fix potential mem leak if pstore_init_fs failed
gfs2: Do log_flush in gfs2_ail_empty_gl even if ail list is empty
gfs2: Don't demote a glock until its revokes are written
cpufreq: imx6q: fix error handling
x86/boot: Use unsigned comparison for addresses
efi/x86: Ignore the memory attributes table on i386
genirq/irqdomain: Check pointer in irq_domain_alloc_irqs_hierarchy()
block: Fix use-after-free issue accessing struct io_cq
media: i2c: ov5695: Fix power on and off sequences
usb: dwc3: core: add support for disabling SS instances in park mode
irqchip/gic-v4: Provide irq_retrigger to avoid circular locking dependency
md: check arrays is suspended in mddev_detach before call quiesce operations
firmware: fix a double abort case with fw_load_sysfs_fallback
spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion
locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
block, bfq: fix use-after-free in bfq_idle_slice_timer_body
btrfs: qgroup: ensure qgroup_rescan_running is only set when the worker is at least queued
btrfs: remove a BUG_ON() from merge_reloc_roots()
btrfs: restart relocate_tree_blocks properly
btrfs: track reloc roots based on their commit root bytenr
ASoC: fix regwmask
ASoC: dapm: connect virtual mux with default value
ASoC: dpcm: allow start or stop during pause for backend
ASoC: topology: use name_prefix for new kcontrol
usb: gadget: f_fs: Fix use after free issue as part of queue failure
usb: gadget: composite: Inform controller driver of self-powered
ALSA: usb-audio: Add mixer workaround for TRX40 and co
ALSA: hda: Add driver blacklist
ALSA: hda: Fix potential access overflow in beep helper
ALSA: ice1724: Fix invalid access for enumerated ctl items
ALSA: pcm: oss: Fix regression by buffer overflow fix
ALSA: hda/realtek: Enable mute LED on an HP system
ALSA: hda/realtek - a fake key event is triggered by running shutup
ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256
ALSA: hda/realtek - Set principled PC Beep configuration for ALC256
ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups
ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen
ALSA: hda/realtek - Add quirk for MSI GL63
media: venus: firmware: Ignore secure call error on first resume
media: hantro: Read be32 words starting at every fourth byte
media: ti-vpe: cal: fix disable_irqs to only the intended target
media: ti-vpe: cal: fix a kernel oops when unloading module
seccomp: Add missing compat_ioctl for notify
acpi/x86: ignore unspecified bit positions in the ACPI global lock field
ACPICA: Allow acpi_any_gpe_status_set() to skip one GPE
ACPI: PM: s2idle: Refine active GPEs check
thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
nvmet-tcp: fix maxh2cdata icresp parameter
nvme-fc: Revert "add module to ops template to allow module references"
efi/x86: Add TPM related EFI tables to unencrypted mapping checks
PCI: pciehp: Fix indefinite wait on sysfs requests
PCI/ASPM: Clear the correct bits when enabling L1 substates
PCI: Add boot interrupt quirk mechanism for Xeon chipsets
PCI: qcom: Fix the fixup of PCI_VENDOR_ID_QCOM
PCI: endpoint: Fix for concurrent memory allocation in OB address region
sched/fair: Fix enqueue_task_fair warning
tpm: Don't make log failures fatal
tpm: tpm1_bios_measurements_next should increase position index
tpm: tpm2_bios_measurements_next should increase position index
KEYS: reaching the keys quotas correctly
cpu/hotplug: Ignore pm_wakeup_pending() for disable_nonboot_cpus()
genirq/debugfs: Add missing sanity checks to interrupt injection
irqchip/versatile-fpga: Apply clear-mask earlier
io_uring: remove bogus RLIMIT_NOFILE check in file registration
pstore: pstore_ftrace_seq_next should increase position index
MIPS/tlbex: Fix LDDIR usage in setup_pw() for Loongson-3
MIPS: OCTEON: irq: Fix potential NULL pointer dereference
PM / Domains: Allow no domain-idle-states DT property in genpd when parsing
PM: sleep: wakeup: Skip wakeup_source_sysfs_remove() if device is not there
ath9k: Handle txpower changes even when TPC is disabled
signal: Extend exec_id to 64bits
x86/tsc_msr: Use named struct initializers
x86/tsc_msr: Fix MSR_FSB_FREQ mask for Cherry Trail devices
x86/tsc_msr: Make MSR derived TSC frequency more accurate
x86/entry/32: Add missing ASM_CLAC to general_protection entry
platform/x86: asus-wmi: Support laptops where the first battery is named BATT
KVM: nVMX: Properly handle userspace interrupt window request
KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks
KVM: s390: vsie: Fix delivery of addressing exceptions
KVM: x86: Allocate new rmap and large page tracking when moving memslot
KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support
KVM: x86: Gracefully handle __vmalloc() failure during VM allocation
KVM: VMX: Add a trampoline to fix VMREAD error handling
KVM: VMX: fix crash cleanup when KVM wasn't used
smb3: fix performance regression with setting mtime
CIFS: Fix bug which the return value by asynchronous read is error
mtd: spinand: Stop using spinand->oobbuf for buffering bad block markers
mtd: spinand: Do not erase the block before writing a bad block marker
btrfs: Don't submit any btree write bio if the fs has errors
Btrfs: fix crash during unmount due to race with delayed inode workers
btrfs: reloc: clean dirty subvols if we fail to start a transaction
btrfs: set update the uuid generation as soon as possible
btrfs: drop block from cache on error in relocation
btrfs: fix missing file extent item for hole after ranged fsync
btrfs: unset reloc control if we fail to recover
btrfs: fix missing semaphore unlock in btrfs_sync_file
btrfs: use nofs allocations for running delayed items
remoteproc: qcom_q6v5_mss: Don't reassign mpss region on shutdown
remoteproc: qcom_q6v5_mss: Reload the mba region on coredump
remoteproc: Fix NULL pointer dereference in rproc_virtio_notify
crypto: rng - Fix a refcounting bug in crypto_rng_reset()
crypto: mxs-dcp - fix scatterlist linearization for hash
erofs: correct the remaining shrink objects
io_uring: honor original task RLIMIT_FSIZE
mmc: sdhci-of-esdhc: fix esdhc_reset() for different controller versions
powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init()
tools: gpio: Fix out-of-tree build regression
net: qualcomm: rmnet: Allow configuration updates to existing devices
arm64: dts: allwinner: h6: Fix PMU compatible
sched/core: Remove duplicate assignment in sched_tick_remote()
arm64: dts: allwinner: h5: Fix PMU compatible
mm, memcg: do not high throttle allocators based on wraparound
dm writecache: add cond_resched to avoid CPU hangs
dm integrity: fix a crash with unusually large tag size
dm verity fec: fix memory leak in verity_fec_dtr
dm clone: Add overflow check for number of regions
dm clone metadata: Fix return type of dm_clone_nr_of_hydrated_regions()
XArray: Fix xas_pause for large multi-index entries
xarray: Fix early termination of xas_for_each_marked
crypto: caam/qi2 - fix chacha20 data size error
crypto: caam - update xts sector size for large input length
crypto: ccree - protect against empty or NULL scatterlists
crypto: ccree - only try to map auth tag if needed
crypto: ccree - dec auth tag size from cryptlen map
scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
scsi: ufs: fix Auto-Hibern8 error detection
scsi: lpfc: Fix lpfc_io_buf resource leak in lpfc_get_scsi_buf_s4 error path
ARM: dts: exynos: Fix polarity of the LCD SPI bus on UniversalC210 board
arm64: dts: ti: k3-am65: Add clocks to dwc3 nodes
arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
selftests: vm: drop dependencies on page flags from mlock2 tests
selftests/vm: fix map_hugetlb length used for testing read and write
selftests/powerpc: Add tlbie_test in .gitignore
vfio: platform: Switch to platform_get_irq_optional()
drm/i915/gem: Flush all the reloc_gpu batch
drm/etnaviv: rework perfmon query infrastructure
drm: Remove PageReserved manipulation from drm_pci_alloc
drm/amdgpu/powerplay: using the FCLK DPM table to set the MCLK
drm/amdgpu: unify fw_write_wait for new gfx9 asics
powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable
nfsd: fsnotify on rmdir under nfsd/clients/
NFS: Fix use-after-free issues in nfs_pageio_add_request()
NFS: Fix a page leak in nfs_destroy_unlinked_subrequests()
ext4: fix a data race at inode->i_blocks
fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once()
ocfs2: no need try to truncate file beyond i_size
perf tools: Support Python 3.8+ in Makefile
s390/diag: fix display of diagnose call statistics
Input: i8042 - add Acer Aspire 5738z to nomux list
ftrace/kprobe: Show the maxactive number on kprobe_events
clk: ingenic/jz4770: Exit with error if CGU init failed
clk: ingenic/TCU: Fix round_rate returning error
kmod: make request_module() return an error when autoloading is disabled
cpufreq: powernv: Fix use-after-free
hfsplus: fix crash and filesystem corruption when deleting files
libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set
ipmi: fix hung processes in __get_guid()
xen/blkfront: fix memory allocation flags in blkfront_setup_indirect()
powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries
powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs
powerpc/64: Setup a paca before parsing device tree etc.
powerpc/xive: Fix xmon support on the PowerNV platform
powerpc/kprobes: Ignore traps that happened in real mode
powerpc/64: Prevent stack protection in early boot
scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug
powerpc: Make setjmp/longjmp signature standard
arm64: Always force a branch protection mode when the compiler has one
dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone()
dm clone: replace spin_lock_irqsave with spin_lock_irq
dm clone: Fix handling of partial region discards
dm clone: Add missing casts to prevent overflows and data corruption
scsi: lpfc: Add registration for CPU Offline/Online events
scsi: lpfc: Fix Fabric hostname registration if system hostname changes
scsi: lpfc: Fix configuration of BB credit recovery in service parameters
scsi: lpfc: Fix broken Credit Recovery after driver load
Revert "drm/dp_mst: Remove VCPI while disabling topology mgr"
drm/dp_mst: Fix clearing payload state on topology disable
drm/amdgpu: fix gfx hang during suspend with video playback (v2)
drm/i915/icl+: Don't enable DDI IO power on a TypeC port in TBT mode
powerpc/kasan: Fix kasan_remap_early_shadow_ro()
mmc: sdhci: Convert sdhci_set_timeout_irq() to non-static
mmc: sdhci: Refactor sdhci_set_timeout()
bpf: Fix tnum constraints for 32-bit comparisons
mfd: dln2: Fix sanity checking for endpoints
efi/x86: Fix the deletion of variables in mixed mode
ASoC: stm32: sai: Add missing cleanup
scsi: lpfc: fix inlining of lpfc_sli4_cleanup_poll_list()
Linux 5.4.33
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6c37e2c64801a572781c46fc5883bcc74e6a7a1a
[ Upstream commit e138aa7d3271ac1b0690ae2c9b04d51468dce1d6 ]
Fix the interruptibility of kernel-initiated client calls so that they're
either only interruptible when they're waiting for a call slot to come
available or they're not interruptible at all. Either way, they're not
interruptible during transmission.
This should help prevent StoreData calls from being interrupted when
writeback is in progress. It doesn't, however, handle interruption during
the receive phase.
Userspace-initiated calls are still interruptable. After the signal has
been handled, sendmsg() will return the amount of data copied out of the
buffer and userspace can perform another sendmsg() call to continue
transmission.
Fixes: bc5e3a546d ("rxrpc: Use MSG_WAITALL to tell sendmsg() to temporarily ignore signals")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6EWJoACgkQONu9yGCS
aT6ZpBAApiZRWKEHEnsYCbcfR3Kgvz9hQoIVjQWhXyCGVwJISbviBgw+GZB34j4j
UrI/Y7av/b7YRjvTm9+HkfmqEZSmlOnc8Z5jr4/u6jTSlAyMEluFT/OPm4eUuwJt
ea0D4piISja770zfO7SZ4qsuO2QxzIhyJcmlOgnxnk+keyYBE/ZVtrJalSZs7hc9
eUKqLpN1YG/RztcjFK/v7mIXLBQ317s6ZbfuMHvUSmkvPrweQjj3Tm36K9mQqVwB
22YrirWFLBBuotTSZJmU4YCFgrCHLo4ByI6Of2PDY3eBWui88h47frKIcxLExA9c
2F9ZM1TzV5MbtkMLmhakG4ugd2bVKbxGlKU9JosgdseaTHu2v53itDqmKuDGzh12
yktnA/3gmhusfQu6uUACXgXeyTSxMK6WsKLI7qYKrF3ZL8IUfhMVofhjS/yDSznd
nt+8K4aBD0ZTn+CQFNNidX+hAeCZCo9gVK7XmUniuPNq4hpH4vRt+a54zyi4vXGX
2U3fsz4bvES4EYQeJQiRvhcAQlO+X2icD7VU5b1N3S8KbntzA3QOAiedvfJXSYE9
lEPmZKbJreY1c+jrCJZluAltmY9uNIu/NdwdPp5S1puFuuZAljPeuuSqVvE/xyPA
9pIwqQ7X/WIJEvI/z5UOVGPq6WQ81TsA12LRwSi6eZONqbJ0740=
=Vc7I
-----END PGP SIGNATURE-----
Merge 5.4.29 into android-5.4
Changes in 5.4.29
mmc: core: Allow host controllers to require R1B for CMD6
mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for erase/trim/discard
mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for eMMC sleep command
mmc: sdhci-omap: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY
mmc: sdhci-tegra: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY
ACPI: PM: s2idle: Rework ACPI events synchronization
cxgb4: fix throughput drop during Tx backpressure
cxgb4: fix Txq restart check during backpressure
geneve: move debug check after netdev unregister
hsr: fix general protection fault in hsr_addr_is_self()
ipv4: fix a RCU-list lock in inet_dump_fib()
macsec: restrict to ethernet devices
mlxsw: pci: Only issue reset when system is ready
mlxsw: spectrum_mr: Fix list iteration in error path
net/bpfilter: fix dprintf usage for /dev/kmsg
net: cbs: Fix software cbs to consider packet sending time
net: dsa: Fix duplicate frames flooded by learning
net: dsa: mt7530: Change the LINK bit to reflect the link status
net: dsa: tag_8021q: replace dsa_8021q_remove_header with __skb_vlan_pop
net: ena: Add PCI shutdown handler to allow safe kexec
net: mvneta: Fix the case where the last poll did not process all rx
net/packet: tpacket_rcv: avoid a producer race condition
net: phy: dp83867: w/a for fld detect threshold bootstrapping issue
net: phy: mdio-bcm-unimac: Fix clock handling
net: phy: mdio-mux-bcm-iproc: check clk_prepare_enable() return value
net: qmi_wwan: add support for ASKEY WWHC050
net/sched: act_ct: Fix leak of ct zone template on replace
net_sched: cls_route: remove the right filter from hashtable
net_sched: hold rtnl lock in tcindex_partial_destroy_work()
net_sched: keep alloc_hash updated after hash allocation
net: stmmac: dwmac-rk: fix error path in rk_gmac_probe
NFC: fdp: Fix a signedness bug in fdp_nci_send_patch()
r8169: re-enable MSI on RTL8168c
slcan: not call free_netdev before rtnl_unlock in slcan_open
tcp: also NULL skb->dev when copy was needed
tcp: ensure skb->dev is NULL before leaving TCP stack
tcp: repair: fix TCP_QUEUE_SEQ implementation
vxlan: check return value of gro_cells_init()
bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S.
bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets()
bnxt_en: Return error if bnxt_alloc_ctx_mem() fails.
bnxt_en: Free context memory after disabling PCI in probe error path.
bnxt_en: Reset rings if ring reservation fails during open()
net: ip_gre: Separate ERSPAN newlink / changelink callbacks
net: ip_gre: Accept IFLA_INFO_DATA-less configuration
hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
hsr: add restart routine into hsr_get_node_list()
hsr: set .netnsok flag
net/mlx5: DR, Fix postsend actions write length
net/mlx5e: Enhance ICOSQ WQE info fields
net/mlx5e: Fix missing reset of SW metadata in Striding RQ reset
net/mlx5e: Fix ICOSQ recovery flow with Striding RQ
net/mlx5e: Do not recover from a non-fatal syndrome
cgroup-v1: cgroup_pidlist_next should update position index
nfs: add minor version to nfs_server_key for fscache
cpupower: avoid multiple definition with gcc -fno-common
drivers/of/of_mdio.c:fix of_mdiobus_register()
cgroup1: don't call release_agent when it is ""
dt-bindings: net: FMan erratum A050385
arm64: dts: ls1043a: FMan erratum A050385
fsl/fman: detect FMan erratum A050385
drm/amd/display: update soc bb for nv14
drm/amdgpu: correct ROM_INDEX/DATA offset for VEGA20
drm/exynos: Fix cleanup of IOMMU related objects
iommu/vt-d: Silence RCU-list debugging warnings
s390/qeth: don't reset default_out_queue
s390/qeth: handle error when backing RX buffer
scsi: ipr: Fix softlockup when rescanning devices in petitboot
mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom
sxgbe: Fix off by one in samsung driver strncpy size arg
net: hns3: fix "tc qdisc del" failed issue
iommu/vt-d: Fix debugfs register reads
iommu/vt-d: Populate debugfs if IOMMUs are detected
iwlwifi: mvm: fix non-ACPI function
i2c: hix5hd2: add missed clk_disable_unprepare in remove
Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger()
Input: fix stale timestamp on key autorepeat events
Input: synaptics - enable RMI on HP Envy 13-ad105ng
Input: avoid BIT() macro usage in the serio.h UAPI header
IB/rdmavt: Free kernel completion queue when done
RDMA/core: Fix missing error check on dev_set_name()
gpiolib: Fix irq_disable() semantics
RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET
RDMA/mad: Do not crash if the rdma device does not have a umad interface
ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL
ceph: fix memory leak in ceph_cleanup_snapid_map()
ARM: dts: dra7: Add bus_dma_limit for L3 bus
ARM: dts: omap5: Add bus_dma_limit for L3 bus
x86/ioremap: Fix CONFIG_EFI=n build
perf probe: Fix to delete multiple probe event
perf probe: Do not depend on dwfl_module_addrsym()
rtlwifi: rtl8188ee: Fix regression due to commit d1d1a96bdb
tools: Let O= makes handle a relative path with -C option
scripts/dtc: Remove redundant YYLOC global declaration
scsi: sd: Fix optimal I/O size for devices that change reported values
nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type
mac80211: drop data frames without key on encrypted links
mac80211: mark station unauthorized before key removal
mm/swapfile.c: move inode_lock out of claim_swapfile
drivers/base/memory.c: indicate all memory blocks as removable
mm/sparse: fix kernel crash with pfn_section_valid check
mm: fork: fix kernel_stack memcg stats for various stack implementations
gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk
gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model
bpf: Fix cgroup ref leak in cgroup_bpf_inherit on out-of-memory
RDMA/core: Ensure security pkey modify is not lost
afs: Fix handling of an abort from a service handler
genirq: Fix reference leaks on irq affinity notifiers
xfrm: handle NETDEV_UNREGISTER for xfrm device
vti[6]: fix packet tx through bpf_redirect() in XinY cases
RDMA/mlx5: Fix the number of hwcounters of a dynamic counter
RDMA/mlx5: Fix access to wrong pointer while performing flush due to error
RDMA/mlx5: Block delay drop to unprivileged users
xfrm: fix uctx len check in verify_sec_ctx_len
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
xfrm: policy: Fix doulbe free in xfrm_policy_timer
afs: Fix client call Rx-phase signal handling
afs: Fix some tracing details
afs: Fix unpinned address list during probing
ieee80211: fix HE SPR size calculation
mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX
netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6}
netfilter: nft_fwd_netdev: validate family and chain type
netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress
i2c: nvidia-gpu: Handle timeout correctly in gpu_i2c_check_status()
bpf, x32: Fix bug with JMP32 JSET BPF_X checking upper bits
bpf: Initialize storage pointers to NULL to prevent freeing garbage pointer
bpf/btf: Fix BTF verification of enum members in struct/union
bpf, sockmap: Remove bucket->lock from sock_{hash|map}_free
ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection
vti6: Fix memory leak of skb if input policy check fails
r8169: fix PHY driver check on platforms w/o module softdeps
clocksource/drivers/hyper-v: Untangle stimers and timesync from clocksources
bpf: Undo incorrect __reg_bound_offset32 handling
USB: serial: option: add support for ASKEY WWHC050
USB: serial: option: add BroadMobi BM806U
USB: serial: option: add Wistron Neweb D19Q1
USB: cdc-acm: restore capability check order
USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback
usb: musb: fix crash with highmen PIO and usbmon
media: flexcop-usb: fix endpoint sanity check
media: usbtv: fix control-message timeouts
staging: kpc2000: prevent underflow in cpld_reconfigure()
staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table
staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb
staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
ahci: Add Intel Comet Lake H RAID PCI ID
libfs: fix infoleak in simple_attr_read()
media: ov519: add missing endpoint sanity checks
media: dib0700: fix rc endpoint lookup
media: stv06xx: add missing descriptor sanity checks
media: xirlink_cit: add missing descriptor sanity checks
media: v4l2-core: fix a use-after-free bug of sd->devnode
net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build
Linux 5.4.29
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iebce1f1b95935de9229e2deb83dae66cf8661a88
commit 9efcc4a129363187c9bf15338692f107c5c9b6f0 upstream.
When it's probing all of a fileserver's interfaces to find which one is
best to use, afs_do_probe_fileserver() takes a lock on the server record
and notes the pointer to the address list.
It doesn't, however, pin the address list, so as soon as it drops the
lock, there's nothing to stop the address list from being freed under
us.
Fix this by taking a ref on the address list inside the locked section
and dropping it at the end of the function.
Fixes: 3bf0fb6f33 ("afs: Probe multiple fileservers simultaneously")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4636cf184d6d9a92a56c2554681ea520dd4fe49a upstream.
Fix a couple of tracelines to indicate the usage count after the atomic op,
not the usage count before it to be consistent with other afs and rxrpc
trace lines.
Change the wording of the afs_call_trace_work trace ID label from "WORK" to
"QUEUE" to reflect the fact that it's queueing work, not doing work.
Fixes: 341f741f04 ("afs: Refcount the afs_call struct")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7d7587db0d7fd1138f2afcffdc46a8e15630b944 upstream.
Fix the handling of signals in client rxrpc calls made by the afs
filesystem. Ignore signals completely, leaving call abandonment or
connection loss to be detected by timeouts inside AF_RXRPC.
Allowing a filesystem call to be interrupted after the entire request has
been transmitted and an abort sent means that the server may or may not
have done the action - and we don't know. It may even be worse than that
for older servers.
Fixes: bc5e3a546d ("rxrpc: Use MSG_WAITALL to tell sendmsg() to temporarily ignore signals")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit dde9f095583b3f375ba23979045ee10dfcebec2f upstream.
When an AFS service handler function aborts a call, AF_RXRPC marks the call
as complete - which means that it's not going to get any more packets from
the receiver. This is a problem because reception of the final ACK is what
triggers afs_deliver_to_call() to drop the final ref on the afs_call
object.
Instead, aborted AFS service calls may then just sit around waiting for
ever or until they're displaced by a new call on the same connection
channel or a connection-level abort.
Fix this by calling afs_set_call_complete() to finalise the afs_call struct
representing the call.
However, we then need to drop the ref that stops the call from being
deallocated. We can do this in afs_set_call_complete(), as the work queue
is holding a separate ref of its own, but then we shouldn't do it in
afs_process_async_call() and afs_delete_async_call().
call->drop_ref is set to indicate that a ref needs dropping for a call and
this is dealt with when we transition a call to AFS_CALL_COMPLETE.
But then we also need to get rid of the ref that pins an asynchronous
client call. We can do this by the same mechanism, setting call->drop_ref
for an async client call too.
We can also get rid of call->incoming since nothing ever sets it and only
one thing ever checks it (futilely).
A trace of the rxrpc_call and afs_call struct ref counting looks like:
<idle>-0 [001] ..s5 164.764892: rxrpc_call: c=00000002 SEE u=3 sp=rxrpc_new_incoming_call+0x473/0xb34 a=00000000442095b5
<idle>-0 [001] .Ns5 164.766001: rxrpc_call: c=00000002 QUE u=4 sp=rxrpc_propose_ACK+0xbe/0x551 a=00000000442095b5
<idle>-0 [001] .Ns4 164.766005: rxrpc_call: c=00000002 PUT u=3 sp=rxrpc_new_incoming_call+0xa3f/0xb34 a=00000000442095b5
<idle>-0 [001] .Ns7 164.766433: afs_call: c=00000002 WAKE u=2 o=11 sp=rxrpc_notify_socket+0x196/0x33c
kworker/1:2-1810 [001] ...1 164.768409: rxrpc_call: c=00000002 SEE u=3 sp=rxrpc_process_call+0x25/0x7ae a=00000000442095b5
kworker/1:2-1810 [001] ...1 164.769439: rxrpc_tx_packet: c=00000002 e9f1a7a8:95786a88:00000008:09c5 00000001 00000000 02 22 ACK CallAck
kworker/1:2-1810 [001] ...1 164.769459: rxrpc_call: c=00000002 PUT u=2 sp=rxrpc_process_call+0x74f/0x7ae a=00000000442095b5
kworker/1:2-1810 [001] ...1 164.770794: afs_call: c=00000002 QUEUE u=3 o=12 sp=afs_deliver_to_call+0x449/0x72c
kworker/1:2-1810 [001] ...1 164.770829: afs_call: c=00000002 PUT u=2 o=12 sp=afs_process_async_call+0xdb/0x11e
kworker/1:2-1810 [001] ...2 164.771084: rxrpc_abort: c=00000002 95786a88:00000008 s=0 a=1 e=1 K-1
kworker/1:2-1810 [001] ...1 164.771461: rxrpc_tx_packet: c=00000002 e9f1a7a8:95786a88:00000008:09c5 00000002 00000000 04 00 ABORT CallAbort
kworker/1:2-1810 [001] ...1 164.771466: afs_call: c=00000002 PUT u=1 o=12 sp=SRXAFSCB_ProbeUuid+0xc1/0x106
The abort generated in SRXAFSCB_ProbeUuid(), labelled "K-1", indicates that
the local filesystem/cache manager didn't recognise the UUID as its own.
Fixes: 2067b2b3f4 ("afs: Fix the CB.ProbeUuid service handler to reply correctly")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4xqJ4ACgkQONu9yGCS
aT5BdxAAwpqN58x/Y9hfA57/jOyjmB/slYHOnZ+JsGMF3HTaPAjztu/8KpTixbd2
+ypoysWhXlBCeSdhndEQBbzXflabi748lxRBVzAnYjjYsQsCRuPgEVgcw7CAyEdW
3/pbYN5XvQvN7SjDICMdkaCOj5zOJ/mIvZi+koLrq+mBVMs+qSOPxulobDD8tUl5
JbetuWegVwe6wuADI0fsGOzIbiPMK0UoqgRzV5Y7KMbBNL5OGAdzCAFL0IudyTaD
EH6ED/jcLqgULravhYQ3U4k+HxeADDL0/wf8Ki0XzVENXYTRwh/R1KMDbIH6nQm1
scgIAB0d8Gt18eKDavd+cckCVBKV9sJZtfGywL61Q234SvT8aK19aKJS643M21Ey
td1c7wvOXWrCdtNJT15uFTa0fRz7YZnT49dwFzdeKXMrYS+BnJQen3IzC+7nSp8Q
4176BkbmpQdJ7a4twkBgJYPuNCpKyVMLFB+OIVO+dnzlqMMApH8StYhx51m21B7r
8r/7e2TsCWqfmsiZ1I+WuFPoTvXGn7nm03H7mvfuo6d7MfvvJLXLTiIfMv+VjL1Q
sh/NCaVAXz9aaLE5WYHa8FzUHnK6v/twZBA2AffpgkwNBRbfIQxHKBl3QMDpwpft
92yAh3bHQXNfc17jpuFCIEgjD5haG7d5kwD6BvlBCfSjbIBE1B0=
=ApNn
-----END PGP SIGNATURE-----
Merge 5.4.16 into android-5.4
Changes in 5.4.16
can, slip: Protect tty->disc_data in write_wakeup and close with RCU
firestream: fix memory leaks
gtp: make sure only SOCK_DGRAM UDP sockets are accepted
ipv6: sr: remove SKB_GSO_IPXIP6 on End.D* actions
net: bcmgenet: Use netif_tx_napi_add() for TX NAPI
net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
net: ip6_gre: fix moving ip6gre between namespaces
net, ip6_tunnel: fix namespaces move
net, ip_tunnel: fix namespaces move
net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
net_sched: fix datalen for ematch
net_sched: use validated TCA_KIND attribute in tc_new_tfilter()
net-sysfs: Fix reference count leak
net: usb: lan78xx: Add .ndo_features_check
Revert "udp: do rmem bulk free even if the rx sk queue is empty"
tcp_bbr: improve arithmetic division in bbr_update_bw()
tcp: do not leave dangling pointers in tp->highest_sack
tun: add mutex_unlock() call and napi.skb clearing in tun_get_user()
airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE
airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE
mlxsw: spectrum_acl: Fix use-after-free during reload
fou: Fix IPv6 netlink policy
net: Fix packet reordering caused by GRO and listified RX cooperation
net/mlx5: Fix lowest FDB pool size
net/mlx5: Update the list of the PCI supported devices
net/mlx5: DR, Enable counter on non-fwd-dest objects
net/mlx5: E-Switch, Prevent ingress rate configuration of uplink rep
net/mlx5: DR, use non preemptible call to get the current cpu number
net/mlx5e: kTLS, Fix corner-case checks in TX resync flow
net/mlx5e: kTLS, Remove redundant posts in TX resync flow
net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path
ipv4: Detect rollover in specific fib table dump
Revert "io_uring: only allow submit from owning task"
afs: Fix characters allowed into cell names
hwmon: (adt7475) Make volt2reg return same reg as reg2volt input
hwmon: (core) Do not use device managed functions for memory allocations
ceph: hold extra reference to r_parent over life of request
PCI: Mark AMD Navi14 GPU rev 0xc5 ATS as broken
drm/panfrost: Add the panfrost_gem_mapping concept
drm/i915: Align engine->uabi_class/instance with i915_drm.h
PM: hibernate: fix crashes with init_on_free=1
tracing: trigger: Replace unneeded RCU-list traversals
tracing/uprobe: Fix double perf_event linking on multiprobe uprobe
tracing: Do not set trace clock if tracefs lockdown is in effect
tracing: Fix histogram code when expression has same var as value
powerpc/mm/hash: Fix sharing context ids between kernel & userspace
powerpc/xive: Discard ESB load value when interrupt is invalid
Revert "iwlwifi: mvm: fix scan config command size"
iwlwifi: mvm: don't send the IWL_MVM_RXQ_NSSN_SYNC notif to Rx queues
XArray: Fix infinite loop with entry at ULONG_MAX
XArray: Fix xa_find_after with multi-index entries
XArray: Fix xas_find returning too many entries
pinctrl: sunrisepoint: Add missing Interrupt Status register offset
iommu/vt-d: Call __dmar_remove_one_dev_info with valid pointer
Input: keyspan-remote - fix control-message timeouts
Revert "Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers"
ARM: 8950/1: ftrace/recordmcount: filter relocation types
mmc: tegra: fix SDR50 tuning override
mmc: sdhci: fix minimum clock rate for v3 controller
mmc: sdhci_am654: Remove Inverted Write Protect flag
mmc: sdhci_am654: Reset Command and Data line after tuning
mlxsw: switchx2: Do not modify cloned SKBs during xmit
net/tls: fix async operation
Input: pm8xxx-vib - fix handling of separate enable register
Input: sur40 - fix interface sanity checks
Input: gtco - fix endpoint sanity check
Input: aiptek - fix endpoint sanity check
Input: pegasus_notetaker - fix endpoint sanity check
Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register
netfilter: nft_osf: add missing check for DREG attribute
lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user()
iommu/amd: Fix IOMMU perf counter clobbering during init
readdir: make user_access_begin() use the real access range
leds: gpio: Fix uninitialized gpio label for fwnode based probe
hsr: Fix a compilation error
hwmon: (nct7802) Fix voltage limits to wrong registers
hwmon: (nct7802) Fix non-working alarm on voltages
scsi: RDMA/isert: Fix a recently introduced regression related to logout
tracing: xen: Ordered comparison of function pointers
iwlwifi: mvm: fix SKB leak on invalid queue
iwlwifi: mvm: fix potential SKB leak on TXQ TX
drm/i915/userptr: fix size calculation
xfrm: support output_mark for offload ESP packets
net, sk_msg: Don't check if sock is locked when tearing down psock
do_last(): fetch directory ->i_mode and ->i_uid before it's too late
readdir: be more conservative with directory entry names
net/sonic: Add mutual exclusion for accessing shared state
net/sonic: Clear interrupt flags immediately
net/sonic: Use MMIO accessors
net/sonic: Fix interface error stats collection
net/sonic: Fix receive buffer handling
net/sonic: Avoid needless receive descriptor EOL flag updates
net/sonic: Improve receive descriptor status flag check
net/sonic: Fix receive buffer replenishment
net/sonic: Quiesce SONIC before re-initializing descriptor memory
net/sonic: Fix command register usage
net/sonic: Fix CAM initialization
net/sonic: Prevent tx watchdog timeout
libertas: Fix two buffer overflows at parsing bss descriptor
media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT
netfilter: ipset: use bitmap infrastructure completely
netfilter: nf_tables: add __nft_chain_type_get()
netfilter: nf_tables: autoload modules from the abort path
net/x25: fix nonblocking connect
Linux 5.4.16
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9e45fa24244d45c31254748eb2ce698084ca06ac
commit a45ea48e2bcd92c1f678b794f488ca0bda9835b8 upstream.
The afs filesystem needs to prohibit certain characters from cell names,
such as '/', as these are used to form filenames in procfs, leading to
the following warning being generated:
WARNING: CPU: 0 PID: 3489 at fs/proc/generic.c:178
Fix afs_alloc_cell() to disallow nonprintable characters, '/', '@' and
names that begin with a dot.
Remove the check for "@cell" as that is then redundant.
This can be tested by running:
echo add foo/.bar 1.2.3.4 >/proc/fs/afs/cells
Note that we will also need to deal with:
- Names ending in ".invalid" shouldn't be passed to the DNS.
- Names that contain non-valid domainname chars shouldn't be passed to
the DNS.
- DNS replies that say "your-dns-needs-immediate-attention.<gTLD>" and
replies containing A records that say 127.0.53.53 should be
considered invalid.
[https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf]
but these need to be dealt with by the kafs-client DNS program rather
than the kernel.
Reported-by: syzbot+b904ba7c947a37b4b291@syzkaller.appspotmail.com
Cc: stable@kernel.org
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4tVVcACgkQONu9yGCS
aT6IZQ/+J/hKVxK9S0E4nfHy8IC87wRnjmIBsjnZ8jx9+KAhYyHsL5iUL5U0YQPj
O1ZYO2Yly8DzzU1RLwkMgZ+eGYBnNuSGtZN/v9IQrQYrV77F7fNM0S59f/ucQJLh
lAMbaAbttR05bb48YieZm1HksoRsHmFEg0LsUbQqjm74CWJ+/JA+bZcdnTi9iiJm
HELavBOM5NoO/g8Iuh0Xn5Y3W1mOTv3lG7Vn51TynUtJjlyJaaO9cVxDJzDBLabO
SKYqH5X2yCBmKw3rH6F4KTDXAiM+v+EzvDwM12aEvG0TkkPEwNcFrkA4hgDFXUWi
QEe24R/UP4J2W/jAH46VaeEELo0cNLzt0e9sVi6BsxtkTaf/KknxE93PSOyY40TF
CM/nMJAlVv5KYmhQYPa9ZTEoUBNGcAVjsI2Pi7t86oLsFtaN6Sb1BvJTdHPwLA5Z
OIi64ZBLy3jWHC4We3ajXI+PD6qlbzyTrjAE6Se5Zfmy05m936XNAfMup4mFMoBv
MDEAG0f5XyyAXwARugq46xTlfjI1QO6XOnufxzFCaFETbtr+yYvmdmzWE1I+qyst
Xugd94gchuWVH62YPbf+r9H2FpoHZjAroQHTV3hJ+pt/tJqYCcvISG2uv2pJePvm
oRt/DO9CA2N5ls0z7WC55Kk746E5NSgsLmF4nktphnshqZR5VFs=
=iz+j
-----END PGP SIGNATURE-----
Merge 5.4.15 into android-5.4
Changes in 5.4.15
drm/i915: Fix pid leak with banned clients
libbpf: Fix compatibility for kernels without need_wakeup
libbpf: Fix memory leak/double free issue
libbpf: Fix potential overflow issue
libbpf: Fix another potential overflow issue in bpf_prog_linfo
libbpf: Make btf__resolve_size logic always check size error condition
bpf: Force .BTF section start to zero when dumping from vmlinux
samples: bpf: update map definition to new syntax BTF-defined map
samples/bpf: Fix broken xdp_rxq_info due to map order assumptions
ARM: dts: logicpd-torpedo-37xx-devkit-28: Reference new DRM panel
ARM: OMAP2+: Add missing put_device() call in omapdss_init_of()
xfs: Sanity check flags of Q_XQUOTARM call
i2c: stm32f7: rework slave_id allocation
i2c: i2c-stm32f7: fix 10-bits check in slave free id search loop
mfd: intel-lpss: Add default I2C device properties for Gemini Lake
SUNRPC: Fix svcauth_gss_proxy_init()
SUNRPC: Fix backchannel latency metrics
powerpc/security: Fix debugfs data leak on 32-bit
powerpc/pseries: Enable support for ibm,drc-info property
powerpc/kasan: Fix boot failure with RELOCATABLE && FSL_BOOKE
powerpc/archrandom: fix arch_get_random_seed_int()
tipc: reduce sensitive to retransmit failures
tipc: update mon's self addr when node addr generated
tipc: fix potential memory leak in __tipc_sendmsg()
tipc: fix wrong socket reference counter after tipc_sk_timeout() returns
tipc: fix wrong timeout input for tipc_wait_for_cond()
net/mlx5e: Fix free peer_flow when refcount is 0
phy: lantiq: vrx200-pcie: fix error return code in ltq_vrx200_pcie_phy_power_on()
net: phy: broadcom: Fix RGMII delays configuration for BCM54210E
phy: ti: gmii-sel: fix mac tx internal delay for rgmii-rxid
mt76: mt76u: fix endpoint definition order
mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
ice: fix stack leakage
s390/pkey: fix memory leak within _copy_apqns_from_user()
nfsd: depend on CRYPTO_MD5 for legacy client tracking
crypto: amcc - restore CRYPTO_AES dependency
crypto: sun4i-ss - fix big endian issues
perf map: No need to adjust the long name of modules
leds: tlc591xx: update the maximum brightness
soc/tegra: pmc: Fix crashes for hierarchical interrupts
soc: qcom: llcc: Name regmaps to avoid collisions
soc: renesas: Add missing check for non-zero product register address
soc: aspeed: Fix snoop_file_poll()'s return type
watchdog: sprd: Fix the incorrect pointer getting from driver data
ipmi: Fix memory leak in __ipmi_bmc_register
sched/core: Further clarify sched_class::set_next_task()
gpiolib: No need to call gpiochip_remove_pin_ranges() twice
rtw88: fix beaconing mode rsvd_page memory violation issue
rtw88: fix error handling when setup efuse info
drm/panfrost: Add missing check for pfdev->regulator
drm: panel-lvds: Potential Oops in probe error handling
drm/amdgpu: remove excess function parameter description
hwrng: omap3-rom - Fix missing clock by probing with device tree
dpaa2-eth: Fix minor bug in ethtool stats reporting
drm/rockchip: Round up _before_ giving to the clock framework
software node: Get reference to parent swnode in get_parent op
PCI: mobiveil: Fix csr_read()/write() build issue
drm: rcar_lvds: Fix color mismatches on R-Car H2 ES2.0 and later
net: netsec: Correct dma sync for XDP_TX frames
ACPI: platform: Unregister stale platform devices
pwm: sun4i: Fix incorrect calculation of duty_cycle/period
regulator: bd70528: Add MODULE_ALIAS to allow module auto loading
drm/amdgpu/vi: silence an uninitialized variable warning
power: supply: bd70528: Add MODULE_ALIAS to allow module auto loading
firmware: imx: Remove call to devm_of_platform_populate
libbpf: Don't use kernel-side u32 type in xsk.c
rcu: Fix uninitialized variable in nocb_gp_wait()
dpaa_eth: perform DMA unmapping before read
dpaa_eth: avoid timestamp read on error paths
scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
net: openvswitch: don't unlock mutex when changing the user_features fails
hv_netvsc: flag software created hash value
rt2800: remove errornous duplicate condition
net: neigh: use long type to store jiffies delta
net: axienet: Fix error return code in axienet_probe()
selftests: gen_kselftest_tar.sh: Do not clobber kselftest/
rtc: bd70528: fix module alias to autoload module
packet: fix data-race in fanout_flow_is_huge()
i2c: stm32f7: report dma error during probe
kselftests: cgroup: Avoid the reuse of fd after it is deallocated
firmware: arm_scmi: Fix doorbell ring logic for !CONFIG_64BIT
mmc: sdio: fix wl1251 vendor id
mmc: core: fix wl1251 sdio quirks
tee: optee: Fix dynamic shm pool allocations
tee: optee: fix device enumeration error handling
workqueue: Add RCU annotation for pwq list walk
SUNRPC: Fix another issue with MIC buffer space
sched/cpufreq: Move the cfs_rq_util_change() call to cpufreq_update_util()
mt76: mt76u: rely on usb_interface instead of usb_dev
dma-direct: don't check swiotlb=force in dma_direct_map_resource
afs: Remove set but not used variables 'before', 'after'
dmaengine: ti: edma: fix missed failure handling
drm/radeon: fix bad DMA from INTERRUPT_CNTL2
xdp: Fix cleanup on map free for devmap_hash map type
platform/chrome: wilco_ec: fix use after free issue
block: fix memleak of bio integrity data
s390/qeth: fix dangling IO buffers after halt/clear
net-sysfs: Call dev_hold always in netdev_queue_add_kobject
gpio: aspeed: avoid return type warning
phy/rockchip: inno-hdmi: round clock rate down to closest 1000 Hz
optee: Fix multi page dynamic shm pool alloc
Linux 5.4.15
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I28b2a19657d40804406dc0e7c266296ce8768eb7
[ Upstream commit 51590df4f3306cb1f43dca54e3ccdd121ab89594 ]
Fixes gcc '-Wunused-but-set-variable' warning:
fs/afs/dir_edit.c: In function afs_set_contig_bits:
fs/afs/dir_edit.c:75:20: warning: variable after set but not used [-Wunused-but-set-variable]
fs/afs/dir_edit.c: In function afs_set_contig_bits:
fs/afs/dir_edit.c:75:12: warning: variable before set but not used [-Wunused-but-set-variable]
fs/afs/dir_edit.c: In function afs_clear_contig_bits:
fs/afs/dir_edit.c💯20: warning: variable after set but not used [-Wunused-but-set-variable]
fs/afs/dir_edit.c: In function afs_clear_contig_bits:
fs/afs/dir_edit.c💯12: warning: variable before set but not used [-Wunused-but-set-variable]
They are never used since commit 63a4681ff3.
Fixes: 63a4681ff3 ("afs: Locally edit directory data for mkdir/create/unlink/...")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4iAaQACgkQONu9yGCS
aT5vIg/+Lj4wdF3UuUWonHdWBhnfG2FKCWFTYJKPpFXFRMltAa27XKns/CvR8CBW
9ztOH928CR8K9BS7HbfGtsgOEOVzILb4+akco5UhrTH93dc2T6RwSDiMpaULgeIF
x/n834yNlsHs1NSmjjuimBe1j4NcZwPnnNVGKmFojkv04QPsFjP6HCp7PR2/PMXP
CVO5JBXqMYtMRprY0xkpAGCStqVZPF6uwfTPrKRgaOCTpkKsqBEFJbwqOoqGQWou
fQPOmEFjw+e9rIKzJgou6k4YGrWITcpNnUMdxavCszcQFTeUnY1vpLTiVxyZC1E3
R+7ulfe+/zoQvWIer9H85ySLuOjSmmXb5CM9Fc0WLSsvKmTKfUNe/g5Cce+rngPY
x/+tIBvXgFSoGR4oO5dEHhXn9Hzqr0OHbZy1dLKY1RU4NzxLsAtR2DH4ps25I4ux
Ty2P0kYwm5Sz43MspnFAPTaU5kC3qHVNMjanbb5I7xGF2m0HZmh0zRHBC50DqP4Y
nmLUklpX4EGVAYGb94YZMa3ugksSvie2SLgk838UQG+lGqaQoxAyAeRmDdyR1zE7
GHlkNxWj8cbkBsPDSYt6Wvrt+7+e8Bbk5Y/fM5+j02h6ehs9wqOaQ985CfvrrYix
RyGc7pWt1FPL7Kqv/CtbDieglS/P0BMPPGYX2rfidk6i+0knWaE=
=53PP
-----END PGP SIGNATURE-----
Merge 5.4.13 into android-5.4
Changes in 5.4.13
HID: hidraw, uhid: Always report EPOLLOUT
rtc: mt6397: fix alarm register overwrite
phy: mapphone-mdm6600: Fix uninitialized status value regression
RDMA/bnxt_re: Avoid freeing MR resources if dereg fails
RDMA/bnxt_re: Fix Send Work Entry state check while polling completions
IB/hfi1: Don't cancel unused work item
mtd: rawnand: stm32_fmc2: avoid to lock the CPU bus
i2c: bcm2835: Store pointer to bus clock
ASoC: SOF: imx8: fix memory allocation failure check on priv->pd_dev
ASoC: soc-core: Set dpcm_playback / dpcm_capture
ASoC: stm32: spdifrx: fix inconsistent lock state
ASoC: stm32: spdifrx: fix race condition in irq handler
ASoC: stm32: spdifrx: fix input pin state management
pinctrl: lochnagar: select GPIOLIB
netfilter: nft_flow_offload: fix underflow in flowtable reference counter
ASoC: SOF: imx8: Fix dsp_box offset
mtd: onenand: omap2: Pass correct flags for prep_dma_memcpy
gpio: zynq: Fix for bug in zynq_gpio_restore_context API
pinctrl: meson: Fix wrong shift value when get drive-strength
selftests: loopback.sh: skip this test if the driver does not support
iommu/vt-d: Unlink device if failed to add to group
iommu: Remove device link to group on failure
bpf: cgroup: prevent out-of-order release of cgroup bpf
fs: move guard_bio_eod() after bio_set_op_attrs
scsi: mpt3sas: Fix double free in attach error handling
gpio: Fix error message on out-of-range GPIO in lookup table
PM / devfreq: tegra: Add COMMON_CLK dependency
PCI: amlogic: Fix probed clock names
drm/tegra: Fix ordering of cleanup code
hsr: add hsr root debugfs directory
hsr: rename debugfs file when interface name is changed
hsr: reset network header when supervision frame is created
s390/qeth: fix qdio teardown after early init error
s390/qeth: fix false reporting of VNIC CHAR config failure
s390/qeth: Fix vnicc_is_in_use if rx_bcast not set
s390/qeth: vnicc Fix init to default
s390/qeth: fix initialization on old HW
cifs: Adjust indentation in smb2_open_file
scsi: smartpqi: Update attribute name to `driver_version`
MAINTAINERS: Append missed file to the database
ath9k: use iowrite32 over __raw_writel
can: j1939: fix address claim code example
dt-bindings: reset: Fix brcmstb-reset example
reset: brcmstb: Remove resource checks
afs: Fix missing cell comparison in afs_test_super()
perf vendor events s390: Remove name from L1D_RO_EXCL_WRITES description
syscalls/x86: Wire up COMPAT_SYSCALL_DEFINE0
syscalls/x86: Use COMPAT_SYSCALL_DEFINE0 for IA32 (rt_)sigreturn
syscalls/x86: Use the correct function type for sys_ni_syscall
syscalls/x86: Fix function types in COND_SYSCALL
hsr: fix slab-out-of-bounds Read in hsr_debugfs_rename()
btrfs: simplify inode locking for RWF_NOWAIT
netfilter: nf_tables_offload: release flow_rule on error from commit path
netfilter: nft_meta: use 64-bit time arithmetic
ASoC: dt-bindings: mt8183: add missing update
ASoC: simple_card_utils.h: Add missing include
ASoC: fsl_esai: Add spin lock to protect reset, stop and start
ASoC: SOF: Intel: Broadwell: clarify mutual exclusion with legacy driver
ASoC: core: Fix compile warning with CONFIG_DEBUG_FS=n
ASoC: rsnd: fix DALIGN register for SSIU
RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size()
RDMA/hns: remove a redundant le16_to_cpu
RDMA/hns: Modify return value of restrack functions
RDMA/counter: Prevent QP counter manual binding in auto mode
RDMA/siw: Fix port number endianness in a debug message
RDMA/hns: Fix build error again
RDMA/hns: Release qp resources when failed to destroy qp
xprtrdma: Add unique trace points for posting Local Invalidate WRs
xprtrdma: Connection becomes unstable after a reconnect
xprtrdma: Fix MR list handling
xprtrdma: Close window between waking RPC senders and posting Receives
RDMA/hns: Fix to support 64K page for srq
RDMA/hns: Bugfix for qpc/cqc timer configuration
rdma: Remove nes ABI header
RDMA/mlx5: Return proper error value
RDMA/srpt: Report the SCSI residual to the initiator
uaccess: Add non-pagefault user-space write function
bpf: Make use of probe_user_write in probe write helper
bpf: skmsg, fix potential psock NULL pointer dereference
bpf: Support pre-2.25-binutils objcopy for vmlinux BTF
libbpf: Fix Makefile' libbpf symbol mismatch diagnostic
afs: Fix use-after-loss-of-ref
afs: Fix afs_lookup() to not clobber the version on a new dentry
keys: Fix request_key() cache
scsi: enclosure: Fix stale device oops with hot replug
scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
platform/mellanox: fix potential deadlock in the tmfifo driver
platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
platform/x86: GPD pocket fan: Use default values when wrong modparams are given
asm-generic/nds32: don't redefine cacheflush primitives
Documentation/ABI: Fix documentation inconsistency for mlxreg-io sysfs interfaces
Documentation/ABI: Add missed attribute for mlxreg-io sysfs interfaces
xprtrdma: Fix create_qp crash on device unload
xprtrdma: Fix completion wait during device removal
xprtrdma: Fix oops in Receive handler after device removal
dm: add dm-clone to the documentation index
scsi: ufs: Give an unique ID to each ufs-bsg
crypto: cavium/nitrox - fix firmware assignment to AE cores
crypto: hisilicon - select NEED_SG_DMA_LENGTH in qm Kconfig
crypto: arm64/aes-neonbs - add return value of skcipher_walk_done() in __xts_crypt()
crypto: virtio - implement missing support for output IVs
crypto: algif_skcipher - Use chunksize instead of blocksize
crypto: geode-aes - convert to skcipher API and make thread-safe
NFSv2: Fix a typo in encode_sattr()
nfsd: Fix cld_net->cn_tfm initialization
nfsd: v4 support requires CRYPTO_SHA256
NFSv4.x: Handle bad/dead sessions correctly in nfs41_sequence_process()
NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn
iio: imu: st_lsm6dsx: fix gyro gain definitions for LSM9DS1
iio: imu: adis16480: assign bias value only if operation succeeded
mei: fix modalias documentation
clk: meson: axg-audio: fix regmap last register
clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume
clk: Fix memory leak in clk_unregister()
dmaengine: dw: platform: Mark 'hclk' clock optional
clk: imx: pll14xx: Fix quick switch of S/K parameter
rsi: fix potential null dereference in rsi_probe()
affs: fix a memory leak in affs_remount
pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call
pinctrl: sh-pfc: Fix PINMUX_IPSR_PHYS() to set GPSR
pinctrl: sh-pfc: Do not use platform_get_irq() to count interrupts
pinctrl: lewisburg: Update pin list according to v1.1v6
PCI: pciehp: Do not disable interrupt twice on suspend
Revert "drm/virtio: switch virtio_gpu_wait_ioctl() to gem helper."
drm/amdgpu: cleanup creating BOs at fixed location (v2)
drm/amdgpu/discovery: reserve discovery data at the top of VRAM
scsi: sd: enable compat ioctls for sed-opal
arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD
gfs2: add compat_ioctl support
af_unix: add compat_ioctl support
compat_ioctl: handle SIOCOUTQNSD
PCI: aardvark: Use LTSSM state to build link training flag
PCI: aardvark: Fix PCI_EXP_RTCTL register configuration
PCI: dwc: Fix find_next_bit() usage
PCI: Fix missing bridge dma_ranges resource list cleanup
PCI/PM: Clear PCIe PME Status even for legacy power management
tools: PCI: Fix fd leakage
PCI/PTM: Remove spurious "d" from granularity message
powerpc/powernv: Disable native PCIe port management
MIPS: PCI: remember nasid changed by set interrupt affinity
MIPS: Loongson: Fix return value of loongson_hwmon_init
MIPS: SGI-IP27: Fix crash, when CPUs are disabled via nr_cpus parameter
tty: serial: imx: use the sg count from dma_map_sg
tty: serial: pch_uart: correct usage of dma_unmap_sg
ARM: 8943/1: Fix topology setup in case of CPU hotplug for CONFIG_SCHED_MC
media: ov6650: Fix incorrect use of JPEG colorspace
media: ov6650: Fix some format attributes not under control
media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
media: ov6650: Fix default format not applied on device probe
media: rcar-vin: Fix incorrect return statement in rvin_try_format()
media: hantro: h264: Fix the frame_num wraparound case
media: v4l: cadence: Fix how unsued lanes are handled in 'csi2rx_start()'
media: exynos4-is: Fix recursive locking in isp_video_release()
media: coda: fix deadlock between decoder picture run and start command
media: cedrus: Use correct H264 8x8 scaling list
media: hantro: Do not reorder H264 scaling list
media: aspeed-video: Fix memory leaks in aspeed_video_probe
media: hantro: Set H264 FIELDPIC_FLAG_E flag correctly
iommu/mediatek: Correct the flush_iotlb_all callback
iommu/mediatek: Add a new tlb_lock for tlb_flush
memory: mtk-smi: Add PM suspend and resume ops
Revert "ubifs: Fix memory leak bug in alloc_ubifs_info() error path"
ubifs: Fixed missed le64_to_cpu() in journal
ubifs: do_kill_orphans: Fix a memory leak bug
spi: sprd: Fix the incorrect SPI register
mtd: spi-nor: fix silent truncation in spi_nor_read()
mtd: spi-nor: fix silent truncation in spi_nor_read_raw()
spi: pxa2xx: Set controller->max_transfer_size in dma mode
spi: atmel: fix handling of cs_change set on non-last xfer
spi: rspi: Use platform_get_irq_byname_optional() for optional irqs
spi: lpspi: fix memory leak in fsl_lpspi_probe
iwlwifi: mvm: consider ieee80211 station max amsdu value
rtlwifi: Remove unnecessary NULL check in rtl_regd_init
iwlwifi: mvm: fix support for single antenna diversity
sch_cake: Add missing NLA policy entry TCA_CAKE_SPLIT_GSO
f2fs: fix potential overflow
NFSD fixing possible null pointer derefering in copy offload
rtc: msm6242: Fix reading of 10-hour digit
rtc: brcmstb-waketimer: add missed clk_disable_unprepare
rtc: bd70528: Add MODULE ALIAS to autoload module
gpio: mpc8xxx: Add platform device to gpiochip->parent
scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
scsi: target/iblock: Fix protection error with blocks greater than 512B
selftests: firmware: Fix it to do root uid check and skip
rseq/selftests: Turn off timeout setting
riscv: export flush_icache_all to modules
mips: cacheinfo: report shared CPU map
mips: Fix gettimeofday() in the vdso library
tomoyo: Suppress RCU warning at list_for_each_entry_rcu().
MIPS: Prevent link failure with kcov instrumentation
drm/arm/mali: make malidp_mw_connector_helper_funcs static
rxrpc: Unlock new call in rxrpc_new_incoming_call() rather than the caller
rxrpc: Don't take call->user_mutex in rxrpc_new_incoming_call()
rxrpc: Fix missing security check on incoming calls
dmaengine: k3dma: Avoid null pointer traversal
s390/qeth: lock the card while changing its hsuid
ioat: ioat_alloc_ring() failure handling.
drm/amdgpu: enable gfxoff for raven1 refresh
media: intel-ipu3: Align struct ipu3_uapi_awb_fr_config_s to 32 bytes
kbuild/deb-pkg: annotate libelf-dev dependency as :native
hexagon: parenthesize registers in asm predicates
hexagon: work around compiler crash
ocfs2: call journal flush to mark journal as empty after journal recovery when mount
Linux 5.4.13
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I90734cd9d80f000e05a8109a529916ae641cdede
commit f52b83b0b1c40ada38df917973ab719a4a753951 upstream.
Fix afs_lookup() to not clobber the version set on a new dentry by
afs_do_lookup() - especially as it's using the wrong version of the
version (we need to use the one given to us by whatever op the dir
contents correspond to rather than what's in the afs_vnode).
Fixes: 9dd0b82ef5 ("afs: Fix missing dentry data version updating")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 40a708bd622b78582ae3d280de29b09b50bd04c0 upstream.
afs_lookup() has a tracepoint to indicate the outcome of
d_splice_alias(), passing it the inode to retrieve the fid from.
However, the function gave up its ref on that inode when it called
d_splice_alias(), which may have failed and dropped the inode.
Fix this by caching the fid.
Fixes: 80548b0399 ("afs: Add more tracepoints")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 106bc79843c3c6f4f00753d1f46e54e815f99377 upstream.
Fix missing cell comparison in afs_test_super(). Without this, any pair
volumes that have the same volume ID will share a superblock, no matter the
cell, unless they're in different network namespaces.
Normally, most users will only deal with a single cell and so they won't
see this. Even if they do look into a second cell, they won't see a
problem unless they happen to hit a volume with the same ID as one they've
already got mounted.
Before the patch:
# ls /afs/grand.central.org/archive
linuxdev/ mailman/ moin/ mysql/ pipermail/ stage/ twiki/
# ls /afs/kth.se/
linuxdev/ mailman/ moin/ mysql/ pipermail/ stage/ twiki/
# cat /proc/mounts | grep afs
none /afs afs rw,relatime,dyn,autocell 0 0
#grand.central.org:root.cell /afs/grand.central.org afs ro,relatime 0 0
#grand.central.org:root.archive /afs/grand.central.org/archive afs ro,relatime 0 0
#grand.central.org:root.archive /afs/kth.se afs ro,relatime 0 0
After the patch:
# ls /afs/grand.central.org/archive
linuxdev/ mailman/ moin/ mysql/ pipermail/ stage/ twiki/
# ls /afs/kth.se/
admin/ common/ install/ OldFiles/ service/ system/
bakrestores/ home/ misc/ pkg/ src/ wsadmin/
# cat /proc/mounts | grep afs
none /afs afs rw,relatime,dyn,autocell 0 0
#grand.central.org:root.cell /afs/grand.central.org afs ro,relatime 0 0
#grand.central.org:root.archive /afs/grand.central.org/archive afs ro,relatime 0 0
#kth.se:root.cell /afs/kth.se afs ro,relatime 0 0
Fixes: ^1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: Carsten Jacobi <jacobi@de.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Tested-by: Jonathan Billings <jsbillings@jsbillings.org>
cc: Todd DeSantis <atd@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4W8EgACgkQONu9yGCS
aT4szA//fqXI1OQ3xcCt5s9MYZYYa6IpX/VZ0H7lNC/7pkJzccKo+aSer7ppEn4o
ND8sHNx/lhfZorhvLdqJK4PLThC+fXmXnLvFOzqvZeUVyesnv9zlhd/5JNu18Fvc
RNjcIRIAHFwanZLAw8uft1DIZXcZ8wNkAAugn/WQV3FN/TG+FsrDzWYnmbBhRIQS
XC/2jSlFpMTKoExNzEdbduG0XH5plWeE+AdY3a+DQsOBUO2XrAuk5HTEByM1jzPV
W7U9vMqvw3OyrERcA0lmjs37Waw1e0qzfUaa8Bman5Uc0StOTq0UwschX21SB5yP
MvbAKhqaKtSff7b4lNrDP9Kj1O/lH84WPSn/aao9D083m/ZYdkkd4AWMlS480lL5
oJ28tFbgwLayIqDbwCggHluTsNUdQSTwahVbnp4GMqxfjWrApdLPCqloSb+x9JCF
9pWJf3awI53mA864pH/uOM7pDOz5/c/oJ4QzVmOmR48dsddorY+gPcwk+YpElJcZ
+xCBQDN5JkNC7lwqu2lvaoq/5cMC5lO/v6aeTfsYCRVnlNY12TY8z352zzMZfCKG
GRkNvDqWZ5ZmQ+LblWRVbgdGxU42wIYXUS1jUdFd+5DRzz17+ZKUy7YbLNmZMcpY
UyiM2Ij7X7HsNGrYDKFq0lZPw6k7v3FshvMwQ8C6dNk+l3o9oCA=
=M+hs
-----END PGP SIGNATURE-----
Merge 5.4.9 into android-5.4
Changes in 5.4.9
drm/mcde: dsi: Fix invalid pointer dereference if panel cannot be found
nvme_fc: add module to ops template to allow module references
nvme-fc: fix double-free scenarios on hw queues
drm/amdgpu: add check before enabling/disabling broadcast mode
drm/amdgpu: add header line for power profile on Arcturus
drm/amdgpu: add cache flush workaround to gfx8 emit_fence
drm/amd/display: Map DSC resources 1-to-1 if numbers of OPPs and DSCs are equal
drm/amd/display: Fixed kernel panic when booting with DP-to-HDMI dongle
drm/amd/display: Change the delay time before enabling FEC
drm/amd/display: Reset steer fifo before unblanking the stream
drm/amd/display: update dispclk and dppclk vco frequency
nvme/pci: Fix write and poll queue types
nvme/pci: Fix read queue count
iio: st_accel: Fix unused variable warning
iio: adc: max9611: Fix too short conversion time delay
PM / devfreq: Fix devfreq_notifier_call returning errno
PM / devfreq: Set scaling_max_freq to max on OPP notifier error
PM / devfreq: Don't fail devfreq_dev_release if not in list
afs: Fix afs_find_server lookups for ipv4 peers
afs: Fix SELinux setting security label on /afs
RDMA/cma: add missed unregister_pernet_subsys in init failure
rxe: correctly calculate iCRC for unaligned payloads
scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
scsi: qla2xxx: Use explicit LOGO in target mode
scsi: qla2xxx: Drop superfluous INIT_WORK of del_work
scsi: qla2xxx: Don't call qlt_async_event twice
scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length
scsi: qla2xxx: Configure local loop for N2N target
scsi: qla2xxx: Send Notify ACK after N2N PLOGI
scsi: qla2xxx: Don't defer relogin unconditonally
scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI
scsi: iscsi: qla4xxx: fix double free in probe
scsi: libsas: stop discovering if oob mode is disconnected
scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
staging/wlan-ng: add CRC32 dependency in Kconfig
drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit
drm/nouveau: Fix drm-core using atomic code-paths on pre-nv50 hardware
drm/nouveau/kms/nv50-: fix panel scaling
usb: gadget: fix wrong endpoint desc
net: make socket read/write_iter() honor IOCB_NOWAIT
afs: Fix mountpoint parsing
afs: Fix creation calls in the dynamic root to fail with EOPNOTSUPP
raid5: need to set STRIPE_HANDLE for batch head
md: raid1: check rdev before reference in raid1_sync_request func
s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits
s390/cpum_sf: Avoid SBD overflow condition in irq handler
RDMA/counter: Prevent auto-binding a QP which are not tracked with res
IB/mlx4: Follow mirror sequence of device add during device removal
IB/mlx5: Fix steering rule of drop and count
xen-blkback: prevent premature module unload
xen/balloon: fix ballooned page accounting without hotplug enabled
PM / hibernate: memory_bm_find_bit(): Tighten node optimisation
ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker
ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC
PCI: Add a helper to check Power Resource Requirements _PR3 existence
ALSA: hda: Allow HDA to be runtime suspended when dGPU is not bound to a driver
PCI: Fix missing inline for pci_pr3_present()
ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen
tcp: fix data-race in tcp_recvmsg()
shmem: pin the file in shmem_fault() if mmap_sem is dropped
taskstats: fix data-race
ALSA: hda - Downgrade error message for single-cmd fallback
netfilter: nft_tproxy: Fix port selector on Big Endian
block: add bio_truncate to fix guard_bio_eod
mm: drop mmap_sem before calling balance_dirty_pages() in write fault
ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
ALSA: usb-audio: fix set_format altsetting sanity check
ALSA: usb-audio: set the interface format after resume on Dell WD19
ALSA: hda - Apply sync-write workaround to old Intel platforms, too
ALSA: hda/realtek - Add headset Mic no shutup for ALC283
drm/sun4i: hdmi: Remove duplicate cleanup calls
drm/amdgpu/smu: add metrics table lock
drm/amdgpu/smu: add metrics table lock for arcturus (v2)
drm/amdgpu/smu: add metrics table lock for navi (v2)
drm/amdgpu/smu: add metrics table lock for vega20 (v2)
MIPS: BPF: Disable MIPS32 eBPF JIT
MIPS: BPF: eBPF JIT: check for MIPS ISA compliance in Kconfig
MIPS: Avoid VDSO ABI breakage due to global register variable
media: pulse8-cec: fix lost cec_transmit_attempt_done() call
media: cec: CEC 2.0-only bcast messages were ignored
media: cec: avoid decrementing transmit_queue_sz if it is 0
media: cec: check 'transmit_in_progress', not 'transmitting'
mm/memory_hotplug: shrink zones when offlining memory
mm/zsmalloc.c: fix the migrated zspage statistics.
memcg: account security cred as well to kmemcg
mm: move_pages: return valid node id in status if the page is already on the target node
mm/oom: fix pgtables units mismatch in Killed process message
ocfs2: fix the crash due to call ocfs2_get_dlm_debug once less
pstore/ram: Write new dumps to start of recycled zones
pstore/ram: Fix error-path memory leak in persistent_ram_new() callers
gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again
locks: print unsigned ino in /proc/locks
selftests/seccomp: Zero out seccomp_notif
seccomp: Check that seccomp_notif is zeroed out by the user
samples/seccomp: Zero out members based on seccomp_notif_sizes
selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV
dmaengine: Fix access to uninitialized dma_slave_caps
dmaengine: dma-jz4780: Also break descriptor chains on JZ4725B
Btrfs: fix infinite loop during nocow writeback due to race
compat_ioctl: block: handle Persistent Reservations
compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE
compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES
bpf: Fix precision tracking for unbounded scalars
ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys()
ata: ahci_brcm: Fix AHCI resources management
ata: ahci_brcm: Add missing clock management during recovery
ata: ahci_brcm: BCM7425 AHCI requires AHCI_HFLAG_DELAY_ENGINE
libata: Fix retrieving of active qcs
gpio: xtensa: fix driver build
gpiolib: fix up emulated open drain outputs
clocksource: riscv: add notrace to riscv_sched_clock
riscv: ftrace: correct the condition logic in function graph tracer
rseq/selftests: Fix: Namespace gettid() for compatibility with glibc 2.30
tracing: Fix lock inversion in trace_event_enable_tgid_record()
tracing: Avoid memory leak in process_system_preds()
tracing: Have the histogram compare functions convert to u64 first
tracing: Fix endianness bug in histogram trigger
samples/trace_printk: Wait for IRQ work to finish
io_uring: use current task creds instead of allocating a new one
mm/gup: fix memory leak in __gup_benchmark_ioctl
apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock
dmaengine: virt-dma: Fix access after free in vchan_complete()
gen_initramfs_list.sh: fix 'bad variable name' error
ALSA: cs4236: fix error return comparison of an unsigned integer
ALSA: pcm: Yet another missing check of non-cached buffer type
ALSA: firewire-motu: Correct a typo in the clock proc string
scsi: lpfc: Fix rpi release when deleting vport
exit: panic before exit_mm() on global init exit
arm64: Revert support for execute-only user mappings
ftrace: Avoid potential division by zero in function profiler
spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode
drm/msm: include linux/sched/task.h
PM / devfreq: Check NULL governor in available_governors_show
sunrpc: fix crash when cache_head become valid before update
arm64: dts: qcom: msm8998-clamshell: Remove retention idle state
nfsd4: fix up replay_matches_cache()
powerpc: Chunk calls to flush_dcache_range in arch_*_memory
HID: i2c-hid: Reset ALPS touchpads on resume
net/sched: annotate lockless accesses to qdisc->empty
kernel/module.c: wakeup processes in module_wq on module unload
ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100
perf callchain: Fix segfault in thread__resolve_callchain_sample()
iommu/vt-d: Remove incorrect PSI capability check
of: overlay: add_changeset_property() memory leak
cifs: Fix potential softlockups while refreshing DFS cache
firmware: arm_scmi: Avoid double free in error flow
xfs: don't check for AG deadlock for realtime files in bunmapi
platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table
netfilter: nf_queue: enqueue skbs with NULL dst
net, sysctl: Fix compiler warning when only cBPF is present
watchdog: tqmx86_wdt: Fix build error
regulator: axp20x: Fix axp20x_set_ramp_delay
regulator: bd70528: Remove .set_ramp_delay for bd70528_ldo_ops
spi: uniphier: Fix FIFO threshold
regulator: axp20x: Fix AXP22x ELDO2 regulator enable bitmask
powerpc/mm: Mark get_slice_psize() & slice_addr_is_low() as notrace
Bluetooth: btusb: fix PM leak in error case of setup
Bluetooth: delete a stray unlock
Bluetooth: Fix memory leak in hci_connect_le_scan
arm64: dts: meson-gxl-s905x-khadas-vim: fix uart_A bluetooth node
arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node
media: flexcop-usb: ensure -EIO is returned on error condition
regulator: ab8500: Remove AB8505 USB regulator
media: usb: fix memory leak in af9005_identify_state
dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in example
arm64: dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed warning
phy: renesas: rcar-gen3-usb2: Use platform_get_irq_optional() for optional irq
tty: serial: msm_serial: Fix lockup for sysrq and oops
cifs: Fix lookup of root ses in DFS referral cache
fs: cifs: Fix atime update check vs mtime
fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP
ath9k_htc: Modify byte order for an error message
ath9k_htc: Discard undersized packets
drm/i915/execlists: Fix annotation for decoupling virtual request
xfs: periodically yield scrub threads to the scheduler
net: add annotations on hh->hh_len lockless accesses
ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps
btrfs: get rid of unique workqueue helper functions
Btrfs: only associate the locked page with one async_chunk struct
s390/smp: fix physical to logical CPU map for SMT
mm/sparse.c: mark populate_section_memmap as __meminit
xen/blkback: Avoid unmapping unmapped grant pages
lib/ubsan: don't serialize UBSAN report
efi: Don't attempt to map RCI2 config table if it doesn't exist
perf/x86/intel/bts: Fix the use of page_private()
net: annotate lockless accesses to sk->sk_pacing_shift
hsr: avoid debugfs warning message when module is remove
hsr: fix error handling routine in hsr_dev_finalize()
hsr: fix a race condition in node list insertion and deletion
mm/hugetlb: defer freeing of huge pages if in non-task context
Linux 5.4.9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8eebcdac421faf74f70af8e8666abfdcdc45c86b
[ Upstream commit 1da4bd9f9d187f53618890d7b66b9628bbec3c70 ]
Fix the lookup method on the dynamic root directory such that creation
calls, such as mkdir, open(O_CREAT), symlink, etc. fail with EOPNOTSUPP
rather than failing with some odd error (such as EEXIST).
lookup() itself tries to create automount directories when it is invoked.
These are cached locally in RAM and not committed to storage.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Tested-by: Jonathan Billings <jsbillings@jsbillings.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 158d58335393af3956a9c06f0816ee75ed1f1447 ]
Each AFS mountpoint has strings that define the target to be mounted. This
is required to end in a dot that is supposed to be stripped off. The
string can include suffixes of ".readonly" or ".backup" - which are
supposed to come before the terminal dot. To add to the confusion, the "fs
lsmount" afs utility does not show the terminal dot when displaying the
string.
The kernel mount source string parser, however, assumes that the terminal
dot marks the suffix and that the suffix is always "" and is thus ignored.
In most cases, there is no suffix and this is not a problem - but if there
is a suffix, it is lost and this affects the ability to mount the correct
volume.
The command line mount command, on the other hand, is expected not to
include a terminal dot - so the problem doesn't arise there.
Fix this by making sure that the dot exists and then stripping it when
passing the string to the mount configuration.
Fixes: bec5eb6141 ("AFS: Implement an autocell mount capability [ver #2]")
Reported-by: Jonathan Billings <jsbillings@jsbillings.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Tested-by: Jonathan Billings <jsbillings@jsbillings.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit bcbccaf2edcf1b76f73f890e968babef446151a4 ]
Make the AFS dynamic root superblock R/W so that SELinux can set the
security label on it. Without this, upgrades to, say, the Fedora
filesystem-afs RPM fail if afs is mounted on it because the SELinux label
can't be (re-)applied.
It might be better to make it possible to bypass the R/O check for LSM
label application through setxattr.
Fixes: 4d673da145 ("afs: Support the AFS dynamic root")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
cc: selinux@vger.kernel.org
cc: linux-security-module@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 9bd0160d12370a076e44f8d1320cde9c83f2c647 ]
afs_find_server tries to find a server that has an address that
matches the transport address of an rxrpc peer. The code assumes
that the transport address is always ipv6, with ipv4 represented
as ipv4 mapped addresses, but that's not the case. If the transport
family is AF_INET, srx->transport.sin6.sin6_addr.s6_addr32[] will
be beyond the actual ipv4 address and will always be 0, and all
ipv4 addresses will be seen as matching.
As a result, the first ipv4 address seen on any server will be
considered a match, and the server returned may be the wrong one.
One of the consequences is that callbacks received over ipv4 will
only be correctly applied for the server that happens to have the
first ipv4 address on the fs_addresses4 list. Callbacks over ipv4
from all other servers are dropped, causing the client to serve stale
data.
This is fixed by looking at the transport family, and comparing ipv4
addresses based on a sockaddr_in structure rather than a sockaddr_in6.
Fixes: d2ddc776a4 ("afs: Overhaul volume and server record caching and fileserver rotation")
Signed-off-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
By default s_maxbytes is set to MAX_NON_LFS, which limits the usable
file size to 2GB, enforced by the vfs.
Commit b9b1f8d593 ("AFS: write support fixes") added support for the
64-bit fetch and store server operations, but did not change this value.
As a result, attempts to write past the 2G mark result in EFBIG errors:
$ dd if=/dev/zero of=foo bs=1M count=1 seek=2048
dd: error writing 'foo': File too large
Set s_maxbytes to MAX_LFS_FILESIZE.
Fixes: b9b1f8d593 ("AFS: write support fixes")
Signed-off-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Servers sending callback breaks to the YFS_CM_SERVICE service may
send up to YFSCBMAX (1024) fids in a single RPC. Anything over
AFSCBMAX (50) will cause the assert in afs_break_callbacks to trigger.
Remove the assert, as the count has already been checked against
the appropriate max values in afs_deliver_cb_callback and
afs_deliver_yfs_cb_callback.
Fixes: 35dbfba311 ("afs: Implement the YFS cache manager service")
Signed-off-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In afs_wait_for_call_to_complete(), rather than immediately aborting an
operation if a signal occurs, the code attempts to wait for it to
complete, using a schedule timeout of 2*RTT (or min 2 jiffies) and a
check that we're still receiving relevant packets from the server before
we consider aborting the call. We may even ping the server to check on
the status of the call.
However, there's a missing timeout reset in the event that we do
actually get a packet to process, such that if we then get a couple of
short stalls, we then time out when progress is actually being made.
Fix this by resetting the timeout any time we get something to process.
If it's the failure of the call then the call state will get changed and
we'll exit the loop shortly thereafter.
A symptom of this is data fetches and stores failing with EINTR when
they really shouldn't.
Fixes: bc5e3a546d ("rxrpc: Use MSG_WAITALL to tell sendmsg() to temporarily ignore signals")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When a lookup is done, the afs filesystem will perform a bulk status-fetch
operation on the requested vnode (file) plus the next 49 other vnodes from
the directory list (in AFS, directory contents are downloaded as blobs and
parsed locally). When the results are received, it will speculatively
populate the inode cache from the extra data.
However, if the lookup races with another lookup on the same directory, but
for a different file - one that's in the 49 extra fetches, then if the bulk
status-fetch operation finishes first, it will try and update the inode
from the other lookup.
If this other inode is still in the throes of being created, however, this
will cause an assertion failure in afs_apply_status():
BUG_ON(test_bit(AFS_VNODE_UNSET, &vnode->flags));
on or about fs/afs/inode.c:175 because it expects data to be there already
that it can compare to.
Fix this by skipping the update if the inode is being created as the
creator will presumably set up the inode with the same information.
Fixes: 39db9815da ("afs: Fix application of the results of a inline bulk status fetch")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Add a flag option to get xattr method that could have a bit flag of
XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then
set in the __vfs_getxattr path when called by security
infrastructure.
This handles the case of a union filesystem driver that is being
requested by the security layer to report back the xattr data.
For the use case where access is to be blocked by the security layer.
The path then could be security(dentry) ->
__vfs_getxattr(dentry...XATTR_NOSECURITY) ->
handler->get(dentry...XATTR_NOSECURITY) ->
__vfs_getxattr(lower_dentry...XATTR_NOSECURITY) ->
lower_handler->get(lower_dentry...XATTR_NOSECURITY)
which would report back through the chain data and success as
expected, the logging security layer at the top would have the
data to determine the access permissions and report back the target
context that was blocked.
Without the get handler flag, the path on a union filesystem would be
the errant security(dentry) -> __vfs_getxattr(dentry) ->
handler->get(dentry) -> vfs_getxattr(lower_dentry) -> nested ->
security(lower_dentry, log off) -> lower_handler->get(lower_dentry)
which would report back through the chain no data, and -EACCES.
For selinux for both cases, this would translate to a correctly
determined blocked access. In the first case with this change a correct avc
log would be reported, in the second legacy case an incorrect avc log
would be reported against an uninitialized u:object_r:unlabeled:s0
context making the logs cosmetically useless for audit2allow.
This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Acked-by: Jan Kara <jack@suse.cz>
Acked-by: Jeff Layton <jlayton@kernel.org>
Acked-by: David Sterba <dsterba@suse.com>
Acked-by: Darrick J. Wong <darrick.wong@oracle.com>
Acked-by: Mike Marshall <hubcap@omnibond.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: linux-kernel@vger.kernel.org
Cc: kernel-team@android.com
Cc: linux-security-module@vger.kernel.org
(cherry picked from (rejected from archive because of too many recipients))
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 133515582
Bug: 136124883
Bug: 129319403
Change-Id: Iabbb8771939d5f66667a26bb23ddf4c562c349a1
Pull more vfs updates from Al Viro:
"A couple of misc patches"
* 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
afs dynroot: switch to simple_dir_operations
fs/handle.c - fix up kerneldoc
Make afs_permission() and afs_d_revalidate() do initial checks in RCU-mode
pathwalk to reduce latency in pathwalk elements that get done multiple
times. We don't need to query the server unless we've received a
notification from it that something has changed or the callback has
expired.
This requires that we can request a key and check permits under RCU
conditions if we need to.
Signed-off-by: David Howells <dhowells@redhat.com>
Provide an RCU-capable key lookup function. We don't want to call
afs_request_key() in RCU-mode pathwalk as request_key() might sleep, even if
we don't ask it to construct anything as it might find a key that is currently
undergoing construction.
Signed-off-by: David Howells <dhowells@redhat.com>
Use afs_extract_discard() rather than iov_iter_discard() as the former is a
wrapper for the latter, providing a place to put tracepoints.
Signed-off-by: David Howells <dhowells@redhat.com>
fs/afs/fsclient.c:18:29: warning:
afs_zero_fid defined but not used [-Wunused-const-variable=]
It is never used since commit 025db80c9e ("afs: Trace
the initiation and completion of client calls")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David Howells <dhowells@redhat.com>
fs/afs/volume.c:15:26: warning:
afs_voltypes defined but not used [-Wunused-const-variable=]
It is not used since commit d2ddc776a4 ("afs: Overhaul
volume and server record caching and fileserver rotation")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David Howells <dhowells@redhat.com>
It seems that 'yfs_RXYFSStoreOpaqueACL2' should be use in
yfs_fs_store_opaque_acl2().
Fixes: f5e4546347 ("afs: Implement YFS ACL setting")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David Howells <dhowells@redhat.com>
The afs_lookup trace event can cause the following:
[ 216.576777] BUG: kernel NULL pointer dereference, address: 000000000000023b
[ 216.576803] #PF: supervisor read access in kernel mode
[ 216.576813] #PF: error_code(0x0000) - not-present page
...
[ 216.576913] RIP: 0010:trace_event_raw_event_afs_lookup+0x9e/0x1c0 [kafs]
If the inode from afs_do_lookup() is an error other than ENOENT, or if it
is ENOENT and afs_try_auto_mntpt() returns an error, the trace event will
try to dereference the error pointer as a valid pointer.
Use IS_ERR_OR_NULL to only pass a valid pointer for the trace, or NULL.
Ideally the trace would include the error value, but for now just avoid
the oops.
Fixes: 80548b0399 ("afs: Add more tracepoints")
Signed-off-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Fix a leak on the cell refcount in afs_lookup_cell_rcu() due to
non-clearance of the default error in the case a NULL cell name is passed
and the workstation default cell is used.
Also put a bit at the end to make sure we don't leak a cell ref if we're
going to be returning an error.
This leak results in an assertion like the following when the kafs module is
unloaded:
AFS: Assertion failed
2 == 1 is false
0x2 == 0x1 is false
------------[ cut here ]------------
kernel BUG at fs/afs/cell.c:770!
...
RIP: 0010:afs_manage_cells+0x220/0x42f [kafs]
...
process_one_work+0x4c2/0x82c
? pool_mayday_timeout+0x1e1/0x1e1
? do_raw_spin_lock+0x134/0x175
worker_thread+0x336/0x4a6
? rescuer_thread+0x4af/0x4af
kthread+0x1de/0x1ee
? kthread_park+0xd4/0xd4
ret_from_fork+0x24/0x30
Fixes: 989782dcdc ("afs: Overhaul cell database management")
Signed-off-by: David Howells <dhowells@redhat.com>
In the in-kernel afs filesystem, the d_fsdata dentry field is used to hold
the data version of the parent directory when it was created or when
d_revalidate() last caused it to be updated. This is compared to the
->invalid_before field in the directory inode, rather than the actual data
version number, thereby allowing changes due to local edits to be ignored.
Only if the server data version gets bumped unexpectedly (eg. by a
competing client), do we need to revalidate stuff.
However, the d_fsdata field should also be updated if an rpc op is
performed that modifies that particular dentry. Such ops return the
revised data version of the directory(ies) involved, so we should use that.
This is particularly problematic for rename, since a dentry from one
directory may be moved directly into another directory (ie. mv a/x b/x).
It would then be sporting the wrong data version - and if this is in the
future, for the destination directory, revalidations would be missed,
leading to foreign renames and hard-link deletion being missed.
Fix this by the following means:
(1) Return the data version number from operations that read the directory
contents - if they issue the read. This starts in afs_dir_iterate()
and is used, ignored or passed back by its callers.
(2) In afs_lookup*(), set the dentry version to the version returned by
(1) before d_splice_alias() is called and the dentry published.
(3) In afs_d_revalidate(), set the dentry version to that returned from
(1) if an rpc call was issued. This means that if a parallel
procedure, such as mkdir(), modifies the directory, we won't
accidentally use the data version from that.
(4) In afs_{mkdir,create,link,symlink}(), set the new dentry's version to
the directory data version before d_instantiate() is called.
(5) In afs_{rmdir,unlink}, update the target dentry's version to the
directory data version as soon as we've updated the directory inode.
(6) In afs_rename(), we need to unhash the old dentry before we start so
that we don't get afs_d_revalidate() reverting the version change in
cross-directory renames.
We then need to set both the old and the new dentry versions the data
version of the new directory before we call d_move() as d_move() will
rehash them.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: David Howells <dhowells@redhat.com>
In the in-kernel afs filesystem, d_fsdata is set with the data version of
the parent directory. afs_d_revalidate() will update this to the current
directory version, but it shouldn't do this if it the value it read from
d_fsdata is the same as no lock is held and cmpxchg() is not used.
Fix the code to only change the value if it is different from the current
directory version.
Fixes: 260a980317 ("[AFS]: Add "directory write" support.")
Signed-off-by: David Howells <dhowells@redhat.com>
When afs_rename() calculates the expected data version of the target
directory in a cross-directory rename, it doesn't increment it as it
should, so it always thinks that the target inode is unexpectedly modified
on the server.
Fixes: a58823ac45 ("afs: Fix application of status and callback to be under same lock")
Signed-off-by: David Howells <dhowells@redhat.com>
In afs_read_dir(), there is an if statement on line 255 to check whether
req->pages is NULL:
if (!req->pages)
goto error;
If req->pages is NULL, afs_put_read() on line 337 is executed.
In afs_put_read(), req->pages[i] is used on line 195.
Thus, a possible null-pointer dereference may occur in this case.
To fix this possible bug, an if statement is added in afs_put_read() to
check req->pages.
This bug is found by a static analysis tool STCheck written by us.
Fixes: f3ddee8dc4 ("afs: Fix directory handling")
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
afs_deliver_vl_get_entry_by_name_u() scans through the vl entry
received from the volume location server and builds a return list
containing the sites that are currently valid. When assigning
values for the return list, the index into the vl entry (i) is used
rather than the one for the new list (entry->nr_server). If all
sites are usable, this works out fine as the indices will match.
If some sites are not valid, for example if AFS_VLSF_DONTUSE is
set, fs_mask and the uuid will be set for the wrong return site.
Fix this by using entry->nr_server as the index into the arrays
being filled in rather than i.
This can lead to EDESTADDRREQ errors if none of the returned sites
have a valid fs_mask.
Fixes: d2ddc776a4 ("afs: Overhaul volume and server record caching and fileserver rotation")
Signed-off-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Fix the service handler function for the CB.ProbeUuid RPC call so that it
replies in the correct manner - that is an empty reply for success and an
abort of 1 for failure.
Putting 0 or 1 in an integer in the body of the reply should result in the
fileserver throwing an RX_PROTOCOL_ERROR abort and discarding its record of
the client; older servers, however, don't necessarily check that all the
data got consumed, and so might incorrectly think that they got a positive
response and associate the client with the wrong host record.
If the client is incorrectly associated, this will result in callbacks
intended for a different client being delivered to this one and then, when
the other client connects and responds positively, all of the callback
promises meant for the client that issued the improper response will be
lost and it won't receive any further change notifications.
Fixes: 9396d496d7 ("afs: support the CB.ProbeUuid RPC op")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.
This patch fixes the following warnings:
Warning level 3 was used: -Wimplicit-fallthrough=3
fs/afs/fsclient.c: In function ‘afs_deliver_fs_fetch_acl’:
fs/afs/fsclient.c:2199:19: warning: this statement may fall through [-Wimplicit-fallthrough=]
call->unmarshall++;
~~~~~~~~~~~~~~~~^~
fs/afs/fsclient.c:2202:2: note: here
case 1:
^~~~
fs/afs/fsclient.c:2216:19: warning: this statement may fall through [-Wimplicit-fallthrough=]
call->unmarshall++;
~~~~~~~~~~~~~~~~^~
fs/afs/fsclient.c:2219:2: note: here
case 2:
^~~~
fs/afs/fsclient.c:2225:19: warning: this statement may fall through [-Wimplicit-fallthrough=]
call->unmarshall++;
~~~~~~~~~~~~~~~~^~
fs/afs/fsclient.c:2228:2: note: here
case 3:
^~~~
This patch is part of the ongoing efforts to enable
-Wimplicit-fallthrough.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.
This patch fixes the following warnings:
fs/afs/yfsclient.c: In function ‘yfs_deliver_fs_fetch_opaque_acl’:
fs/afs/yfsclient.c:1984:19: warning: this statement may fall through [-Wimplicit-fallthrough=]
call->unmarshall++;
~~~~~~~~~~~~~~~~^~
fs/afs/yfsclient.c:1987:2: note: here
case 1:
^~~~
fs/afs/yfsclient.c:2005:19: warning: this statement may fall through [-Wimplicit-fallthrough=]
call->unmarshall++;
~~~~~~~~~~~~~~~~^~
fs/afs/yfsclient.c:2008:2: note: here
case 2:
^~~~
fs/afs/yfsclient.c:2014:19: warning: this statement may fall through [-Wimplicit-fallthrough=]
call->unmarshall++;
~~~~~~~~~~~~~~~~^~
fs/afs/yfsclient.c:2017:2: note: here
case 3:
^~~~
fs/afs/yfsclient.c:2035:19: warning: this statement may fall through [-Wimplicit-fallthrough=]
call->unmarshall++;
~~~~~~~~~~~~~~~~^~
fs/afs/yfsclient.c:2038:2: note: here
case 4:
^~~~
fs/afs/yfsclient.c:2047:19: warning: this statement may fall through [-Wimplicit-fallthrough=]
call->unmarshall++;
~~~~~~~~~~~~~~~~^~
fs/afs/yfsclient.c:2050:2: note: here
case 5:
^~~~
Warning level 3 was used: -Wimplicit-fallthrough=3
Also, fix some commenting style issues.
This patch is part of the ongoing efforts to enable
-Wimplicit-fallthrough.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Pull networking updates from David Miller:
"Some highlights from this development cycle:
1) Big refactoring of ipv6 route and neigh handling to support
nexthop objects configurable as units from userspace. From David
Ahern.
2) Convert explored_states in BPF verifier into a hash table,
significantly decreased state held for programs with bpf2bpf
calls, from Alexei Starovoitov.
3) Implement bpf_send_signal() helper, from Yonghong Song.
4) Various classifier enhancements to mvpp2 driver, from Maxime
Chevallier.
5) Add aRFS support to hns3 driver, from Jian Shen.
6) Fix use after free in inet frags by allocating fqdirs dynamically
and reworking how rhashtable dismantle occurs, from Eric Dumazet.
7) Add act_ctinfo packet classifier action, from Kevin
Darbyshire-Bryant.
8) Add TFO key backup infrastructure, from Jason Baron.
9) Remove several old and unused ISDN drivers, from Arnd Bergmann.
10) Add devlink notifications for flash update status to mlxsw driver,
from Jiri Pirko.
11) Lots of kTLS offload infrastructure fixes, from Jakub Kicinski.
12) Add support for mv88e6250 DSA chips, from Rasmus Villemoes.
13) Various enhancements to ipv6 flow label handling, from Eric
Dumazet and Willem de Bruijn.
14) Support TLS offload in nfp driver, from Jakub Kicinski, Dirk van
der Merwe, and others.
15) Various improvements to axienet driver including converting it to
phylink, from Robert Hancock.
16) Add PTP support to sja1105 DSA driver, from Vladimir Oltean.
17) Add mqprio qdisc offload support to dpaa2-eth, from Ioana
Radulescu.
18) Add devlink health reporting to mlx5, from Moshe Shemesh.
19) Convert stmmac over to phylink, from Jose Abreu.
20) Add PTP PHC (Physical Hardware Clock) support to mlxsw, from
Shalom Toledo.
21) Add nftables SYNPROXY support, from Fernando Fernandez Mancera.
22) Convert tcp_fastopen over to use SipHash, from Ard Biesheuvel.
23) Track spill/fill of constants in BPF verifier, from Alexei
Starovoitov.
24) Support bounded loops in BPF, from Alexei Starovoitov.
25) Various page_pool API fixes and improvements, from Jesper Dangaard
Brouer.
26) Just like ipv4, support ref-countless ipv6 route handling. From
Wei Wang.
27) Support VLAN offloading in aquantia driver, from Igor Russkikh.
28) Add AF_XDP zero-copy support to mlx5, from Maxim Mikityanskiy.
29) Add flower GRE encap/decap support to nfp driver, from Pieter
Jansen van Vuuren.
30) Protect against stack overflow when using act_mirred, from John
Hurley.
31) Allow devmap map lookups from eBPF, from Toke Høiland-Jørgensen.
32) Use page_pool API in netsec driver, Ilias Apalodimas.
33) Add Google gve network driver, from Catherine Sullivan.
34) More indirect call avoidance, from Paolo Abeni.
35) Add kTLS TX HW offload support to mlx5, from Tariq Toukan.
36) Add XDP_REDIRECT support to bnxt_en, from Andy Gospodarek.
37) Add MPLS manipulation actions to TC, from John Hurley.
38) Add sending a packet to connection tracking from TC actions, and
then allow flower classifier matching on conntrack state. From
Paul Blakey.
39) Netfilter hw offload support, from Pablo Neira Ayuso"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (2080 commits)
net/mlx5e: Return in default case statement in tx_post_resync_params
mlx5: Return -EINVAL when WARN_ON_ONCE triggers in mlx5e_tls_resync().
net: dsa: add support for BRIDGE_MROUTER attribute
pkt_sched: Include const.h
net: netsec: remove static declaration for netsec_set_tx_de()
net: netsec: remove superfluous if statement
netfilter: nf_tables: add hardware offload support
net: flow_offload: rename tc_cls_flower_offload to flow_cls_offload
net: flow_offload: add flow_block_cb_is_busy() and use it
net: sched: remove tcf block API
drivers: net: use flow block API
net: sched: use flow block API
net: flow_offload: add flow_block_cb_{priv, incref, decref}()
net: flow_offload: add list handling functions
net: flow_offload: add flow_block_cb_alloc() and flow_block_cb_free()
net: flow_offload: rename TCF_BLOCK_BINDER_TYPE_* to FLOW_BLOCK_BINDER_TYPE_*
net: flow_offload: rename TC_BLOCK_{UN}BIND to FLOW_BLOCK_{UN}BIND
net: flow_offload: add flow_block_cb_setup_simple()
net: hisilicon: Add an tx_desc to adapt HI13X1_GMAC
net: hisilicon: Add an rx_desc to adapt HI13X1_GMAC
...
-----BEGIN PGP SIGNATURE-----
iQIVAwUAXRyW8vu3V2unywtrAQIhsw//cVtxLx4ZCox5Z/93cdqych8RoCrwcUEG
Cli0NAjlp/0HETvCsIqdkPKf+4OYCW1tHB2KTdbFdQLZptLgoEhykx89k70z9ggb
ViieEa1GvAKhdamVqkPUC+3Q33uzyRaK7Gi5N3phJoaO+o328SlrPG0LerQgY0Np
Rf3je56A1gIjEgWTmpStxiY262jlgaR3IuvpOqbu2G0TQVWV8CsBKw61fTdmEEQp
dIkNO/xFXS+PvPdmQe5zCAjD/W2D+ggeBMbBwHF411qA60plGinubBYKZ98ikliZ
OnQQPExI7mroIMzpYT+rzEQyxui2nz5t+Hj+d6t7iIvitNcX/Q53sVTq3RfQ0FjG
QCd+j/l2p7fkXK4Sxgb/UBkj/pRr6W+FYSbQ/tmpD8UypEf5B3ln6GuA6yTMuNRF
wVb744slKWq0c7KUuXmz806B2qJoyFG206jyFnoByvs6cPmB1+JqhBBYOKHcwjbo
HIK+oUKkEfE6ofjQ3B9xOQ1anfbRnjjfJCmXvns9v57y/nRP2P78HUJNnEsOolk2
nc3Ep41OgeZdwkts9KnSjmwy6VF3UZ2NQEiWXsUIOxGMtcodw9ci1bpquJ71oyut
4sFMJvMU4eJD+XuCOlAgpbTaQ0Wuf11kFpl1Cof4fj0Z09C25Ahj6iKEKnumtO+4
edfNLlwO6oo=
=wgib
-----END PGP SIGNATURE-----
Merge tag 'afs-next-20190628' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
Pull afs updates from David Howells:
"A set of minor changes for AFS:
- Remove an unnecessary check in afs_unlink()
- Add a tracepoint for tracking callback management
- Add a tracepoint for afs_server object usage
- Use struct_size()
- Add mappings for AFS UAE abort codes to Linux error codes, using
symbolic names rather than hex numbers in the .c file"
* tag 'afs-next-20190628' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
afs: Add support for the UAE error table
fs/afs: use struct_size() in kzalloc()
afs: Trace afs_server usage
afs: Add some callback management tracepoints
afs: afs_unlink() doesn't need to check dentry->d_inode
-----BEGIN PGP SIGNATURE-----
iQIVAwUAXRyyVvu3V2unywtrAQL3xQ//eifjlELkRAPm2EReWwwahdM+9QL/0bAy
e8eAzP9EaphQGUhpIzM9Y7Cx+a8XW2xACljY8hEFGyxXhDMoLa35oSoJOeay6vQt
QcgWnDYsET8Z7HOsFCP3ZQqlbbqfsB6CbIKtZoEkZ8ib7eXpYcy1qTydu7wqrl4A
AaJalAhlUKKUx9hkGGJTh2xvgmxgSJkxx3cNEWJQ2uGgY/ustBpqqT4iwFDsgA/q
fcYTQFfNQBsC8/SmvQgxJSc+reUdQdp0z1vd8qjpSdFFcTq1qOtK0qDdz1Bbyl24
hAxvNM1KKav83C8aF7oHhEwLrkD+XiYKixdEiCJJp+A2i+vy2v8JnfgtFTpTgLNK
5xu2VmaiWmee9SLCiDIBKE4Ghtkr8DQ/5cKFCwthT8GXgQUtdsdwAaT3bWdCNfRm
DqgU/AyyXhoHXrUM25tPeF3hZuDn2yy6b1TbKA9GCpu5TtznZIHju40Px/XMIpQH
8d6s/pg+u/SnkhjYWaTvTcvsQ2FB/vZY/UzAVyosnoMBkVfL4UtAHGbb8FBVj1nf
Dv5VjSjl4vFjgOr3jygEAeD2cJ7L6jyKbtC/jo4dnOmPrSRShIjvfSU04L3z7FZS
XFjMmGb2Jj8a7vAGFmsJdwmIXZ1uoTwX56DbpNL88eCgZWFPGKU7TisdIWAmJj8U
N9wholjHJgw=
=E3bF
-----END PGP SIGNATURE-----
Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
Pull keyring ACL support from David Howells:
"This changes the permissions model used by keys and keyrings to be
based on an internal ACL by the following means:
- Replace the permissions mask internally with an ACL that contains a
list of ACEs, each with a specific subject with a permissions mask.
Potted default ACLs are available for new keys and keyrings.
ACE subjects can be macroised to indicate the UID and GID specified
on the key (which remain). Future commits will be able to add
additional subject types, such as specific UIDs or domain
tags/namespaces.
Also split a number of permissions to give finer control. Examples
include splitting the revocation permit from the change-attributes
permit, thereby allowing someone to be granted permission to revoke
a key without allowing them to change the owner; also the ability
to join a keyring is split from the ability to link to it, thereby
stopping a process accessing a keyring by joining it and thus
acquiring use of possessor permits.
- Provide a keyctl to allow the granting or denial of one or more
permits to a specific subject. Direct access to the ACL is not
granted, and the ACL cannot be viewed"
* tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
keys: Provide KEYCTL_GRANT_PERMISSION
keys: Replace uid/gid/perm permissions checking with an ACL
-----BEGIN PGP SIGNATURE-----
iQIVAwUAXRU89Pu3V2unywtrAQIdBBAAmMBsrfv+LUN4Vru/D6KdUO4zdYGcNK6m
S56bcNfP6oIDEj6HrNNnzKkWIZpdZ61Odv1zle96+v4WZ/6rnLCTpcsdaFNTzaoO
YT2jk7jplss0ImrMv1DSoykGqO3f0ThMIpGCxHKZADGSu0HMbjSEh+zLPV4BaMtT
BVuF7P3eZtDRLdDtMtYcgvf5UlbdoBEY8w1FUjReQx8hKGxVopGmCo5vAeiY8W9S
ybFSZhPS5ka33ynVrLJH2dqDo5A8pDhY8I4bdlcxmNtRhnPCYZnuvTqeAzyUKKdI
YN9zJeDu1yHs9mi8dp45NPJiKy6xLzWmUwqH8AvR8MWEkrwzqbzNZCEHZ41j74hO
YZWI0JXi72cboszFvOwqJERvITKxrQQyVQLPRQE2vVbG0bIZPl8i7oslFVhitsl+
evWqHb4lXY91rI9cC6JIXR1OiUjp68zXPv7DAnxv08O+PGcioU1IeOvPivx8QSx4
5aUeCkYIIAti/GISzv7xvcYh8mfO76kBjZSB35fX+R9DkeQpxsHmmpWe+UCykzWn
EwhHQn86+VeBFP6RAXp8CgNCLbrwkEhjzXQl/70s1eYbwvK81VcpDAQ6+cjpf4Hb
QUmrUJ9iE0wCNl7oqvJZoJvWVGlArvPmzpkTJk3N070X2R0T7x1WCsMlPDMJGhQ2
fVHvA3QdgWs=
=Push
-----END PGP SIGNATURE-----
Merge tag 'keys-namespace-20190627' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
Pull keyring namespacing from David Howells:
"These patches help make keys and keyrings more namespace aware.
Firstly some miscellaneous patches to make the process easier:
- Simplify key index_key handling so that the word-sized chunks
assoc_array requires don't have to be shifted about, making it
easier to add more bits into the key.
- Cache the hash value in the key so that we don't have to calculate
on every key we examine during a search (it involves a bunch of
multiplications).
- Allow keying_search() to search non-recursively.
Then the main patches:
- Make it so that keyring names are per-user_namespace from the point
of view of KEYCTL_JOIN_SESSION_KEYRING so that they're not
accessible cross-user_namespace.
keyctl_capabilities() shows KEYCTL_CAPS1_NS_KEYRING_NAME for this.
- Move the user and user-session keyrings to the user_namespace
rather than the user_struct. This prevents them propagating
directly across user_namespaces boundaries (ie. the KEY_SPEC_*
flags will only pick from the current user_namespace).
- Make it possible to include the target namespace in which the key
shall operate in the index_key. This will allow the possibility of
multiple keys with the same description, but different target
domains to be held in the same keyring.
keyctl_capabilities() shows KEYCTL_CAPS1_NS_KEY_TAG for this.
- Make it so that keys are implicitly invalidated by removal of a
domain tag, causing them to be garbage collected.
- Institute a network namespace domain tag that allows keys to be
differentiated by the network namespace in which they operate. New
keys that are of a type marked 'KEY_TYPE_NET_DOMAIN' are assigned
the network domain in force when they are created.
- Make it so that the desired network namespace can be handed down
into the request_key() mechanism. This allows AFS, NFS, etc. to
request keys specific to the network namespace of the superblock.
This also means that the keys in the DNS record cache are
thenceforth namespaced, provided network filesystems pass the
appropriate network namespace down into dns_query().
For DNS, AFS and NFS are good, whilst CIFS and Ceph are not. Other
cache keyrings, such as idmapper keyrings, also need to set the
domain tag - for which they need access to the network namespace of
the superblock"
* tag 'keys-namespace-20190627' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
keys: Pass the network namespace into request_key mechanism
keys: Network namespace domain tag
keys: Garbage collect keys for which the domain has been removed
keys: Include target namespace in match criteria
keys: Move the user and user-session keyrings to the user_namespace
keys: Namespace keyring names
keys: Add a 'recurse' flag for keyring searches
keys: Cache the hash value to avoid lots of recalculation
keys: Simplify key description management
The new route handling in ip_mc_finish_output() from 'net' overlapped
with the new support for returning congestion notifications from BPF
programs.
In order to handle this I had to take the dev_loopback_xmit() calls
out of the switch statement.
The aquantia driver conflicts were simple overlapping changes.
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
iQIVAwUAXRMn5vu3V2unywtrAQICpA/+IIINk6MJVQDzGhOnvWrbGdPnOdJEUyLN
B9U4bLZJRg/j+Sqodn+fXIfsEO4FQflkSJD+xoBi4pzBZcr0xkLUVOog/1S7dv4J
bPVT9p2f3ITNiatmisOrUe1InuHa6Wb/cUnQaLLRhd7NqbawKGRQG4tv4CGwKn67
dJIOOm/iTCs1ACES4C5QOpU7/DWK38Pn3BbnN21bFzDgfbtbdDTaFFkhFtXy78oB
Gcj5g+ULpkKBcuJThFuJUPZ9E4qICNZR4kJXEULSvykDDRzluhJmQ+v8btm6NJsq
hMqTrT9M2y114V1OqXj3me7tA6wOEAfTQ0WzpzF2SmyFQKnSly/EkWc4HZXFD/8O
BczCcABUbuKNE/pJSELx6k1M0+00QfeLcjHPc6joZFCni3lMdYWOncn/syyHw5P+
rc9JQsy3+dLcFsaVQ5eGmX6NDc70dCrAlS6MllIzSBcwAVCctTKwm0meaSW6B2y6
VymPy+cqi1RxMKyiQ0hAeU7Xe6yqFcl6rtonfCQqRLxkfzrCXkDp6/ELOXBzDft1
ey6+N3WsmWW7YSPuM/SIZKV66rshlflj0w+FRluZEEAF1NYeYqXUDvK/S8KC9kPG
AXUDvhI+tBpxg1AVz94JN714VmkbY23xV0g44eQsdqSQm2YvsxiFCSWZZ6L/KEWe
kWQc6BGDCB0=
=YTdG
-----END PGP SIGNATURE-----
Merge tag 'afs-fixes-20190620' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
Pull AFS fixes from David Howells:
"The in-kernel AFS client has been undergoing testing on opendev.org on
one of their mirror machines. They are using AFS to hold data that is
then served via apache, and Ian Wienand had reported seeing oopses,
spontaneous machine reboots and updates to volumes going missing. This
patch series appears to have fixed the problem, very probably due to
patch (2), but it's not 100% certain.
(1) Fix the printing of the "vnode modified" warning to exclude checks
on files for which we don't have a callback promise from the
server (and so don't expect the server to tell us when it
changes).
Without this, for every file or directory for which we still have
an in-core inode that gets changed on the server, we may get a
message logged when we next look at it. This can happen in bulk
if, for instance, someone does "vos release" to update a R/O
volume from a R/W volume and a whole set of files are all changed
together.
We only really want to log a message if the file changed and the
server didn't tell us about it or we failed to track the state
internally.
(2) Fix accidental corruption of either afs_vlserver struct objects or
the the following memory locations (which could hold anything).
The issue is caused by a union that points to two different
structs in struct afs_call (to save space in the struct). The call
cleanup code assumes that it can simply call the cleanup for one
of those structs if not NULL - when it might be actually pointing
to the other struct.
This means that every Volume Location RPC op is going to corrupt
something.
(3) Fix an uninitialised spinlock. This isn't too bad, it just causes
a one-off warning if lockdep is enabled when "vos release" is
called, but the spinlock still behaves correctly.
(4) Fix the setting of i_block in the inode. This causes du, for
example, to produce incorrect results, but otherwise should not be
dangerous to the kernel"
* tag 'afs-fixes-20190620' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
afs: Fix setting of i_blocks
afs: Fix uninitialised spinlock afs_volume::cb_break_lock
afs: Fix vlserver record corruption
afs: Fix over zealous "vnode modified" warnings
Replace the uid/gid/perm permissions checking on a key with an ACL to allow
the SETATTR and SEARCH permissions to be split. This will also allow a
greater range of subjects to represented.
============
WHY DO THIS?
============
The problem is that SETATTR and SEARCH cover a slew of actions, not all of
which should be grouped together.
For SETATTR, this includes actions that are about controlling access to a
key:
(1) Changing a key's ownership.
(2) Changing a key's security information.
(3) Setting a keyring's restriction.
And actions that are about managing a key's lifetime:
(4) Setting an expiry time.
(5) Revoking a key.
and (proposed) managing a key as part of a cache:
(6) Invalidating a key.
Managing a key's lifetime doesn't really have anything to do with
controlling access to that key.
Expiry time is awkward since it's more about the lifetime of the content
and so, in some ways goes better with WRITE permission. It can, however,
be set unconditionally by a process with an appropriate authorisation token
for instantiating a key, and can also be set by the key type driver when a
key is instantiated, so lumping it with the access-controlling actions is
probably okay.
As for SEARCH permission, that currently covers:
(1) Finding keys in a keyring tree during a search.
(2) Permitting keyrings to be joined.
(3) Invalidation.
But these don't really belong together either, since these actions really
need to be controlled separately.
Finally, there are number of special cases to do with granting the
administrator special rights to invalidate or clear keys that I would like
to handle with the ACL rather than key flags and special checks.
===============
WHAT IS CHANGED
===============
The SETATTR permission is split to create two new permissions:
(1) SET_SECURITY - which allows the key's owner, group and ACL to be
changed and a restriction to be placed on a keyring.
(2) REVOKE - which allows a key to be revoked.
The SEARCH permission is split to create:
(1) SEARCH - which allows a keyring to be search and a key to be found.
(2) JOIN - which allows a keyring to be joined as a session keyring.
(3) INVAL - which allows a key to be invalidated.
The WRITE permission is also split to create:
(1) WRITE - which allows a key's content to be altered and links to be
added, removed and replaced in a keyring.
(2) CLEAR - which allows a keyring to be cleared completely. This is
split out to make it possible to give just this to an administrator.
(3) REVOKE - see above.
Keys acquire ACLs which consist of a series of ACEs, and all that apply are
unioned together. An ACE specifies a subject, such as:
(*) Possessor - permitted to anyone who 'possesses' a key
(*) Owner - permitted to the key owner
(*) Group - permitted to the key group
(*) Everyone - permitted to everyone
Note that 'Other' has been replaced with 'Everyone' on the assumption that
you wouldn't grant a permit to 'Other' that you wouldn't also grant to
everyone else.
Further subjects may be made available by later patches.
The ACE also specifies a permissions mask. The set of permissions is now:
VIEW Can view the key metadata
READ Can read the key content
WRITE Can update/modify the key content
SEARCH Can find the key by searching/requesting
LINK Can make a link to the key
SET_SECURITY Can change owner, ACL, expiry
INVAL Can invalidate
REVOKE Can revoke
JOIN Can join this keyring
CLEAR Can clear this keyring
The KEYCTL_SETPERM function is then deprecated.
The KEYCTL_SET_TIMEOUT function then is permitted if SET_SECURITY is set,
or if the caller has a valid instantiation auth token.
The KEYCTL_INVALIDATE function then requires INVAL.
The KEYCTL_REVOKE function then requires REVOKE.
The KEYCTL_JOIN_SESSION_KEYRING function then requires JOIN to join an
existing keyring.
The JOIN permission is enabled by default for session keyrings and manually
created keyrings only.
======================
BACKWARD COMPATIBILITY
======================
To maintain backward compatibility, KEYCTL_SETPERM will translate the
permissions mask it is given into a new ACL for a key - unless
KEYCTL_SET_ACL has been called on that key, in which case an error will be
returned.
It will convert possessor, owner, group and other permissions into separate
ACEs, if each portion of the mask is non-zero.
SETATTR permission turns on all of INVAL, REVOKE and SET_SECURITY. WRITE
permission turns on WRITE, REVOKE and, if a keyring, CLEAR. JOIN is turned
on if a keyring is being altered.
The KEYCTL_DESCRIBE function translates the ACL back into a permissions
mask to return depending on possessor, owner, group and everyone ACEs.
It will make the following mappings:
(1) INVAL, JOIN -> SEARCH
(2) SET_SECURITY -> SETATTR
(3) REVOKE -> WRITE if SETATTR isn't already set
(4) CLEAR -> WRITE
Note that the value subsequently returned by KEYCTL_DESCRIBE may not match
the value set with KEYCTL_SETATTR.
=======
TESTING
=======
This passes the keyutils testsuite for all but a couple of tests:
(1) tests/keyctl/dh_compute/badargs: The first wrong-key-type test now
returns EOPNOTSUPP rather than ENOKEY as READ permission isn't removed
if the type doesn't have ->read(). You still can't actually read the
key.
(2) tests/keyctl/permitting/valid: The view-other-permissions test doesn't
work as Other has been replaced with Everyone in the ACL.
Signed-off-by: David Howells <dhowells@redhat.com>
As Gustavo said in other patches doing the same replace, we can now
use the new struct_size() helper to avoid leaving these open-coded and
prone to type mistake.
Signed-off-by: Zhengyuan Liu <liuzhengyuan@kylinos.cn>
Signed-off-by: David Howells <dhowells@redhat.com>
Add a couple of tracepoints to track callback management:
(1) afs_cb_miss - Logs when we were unable to apply a callback, either due
to the inode being discarded or due to a competing thread applying a
callback first.
(2) afs_cb_break - Logs when we attempted to clear the noted callback
promise, either due to the server explicitly breaking the callback,
the callback promise lapsing or a local event obsoleting it.
Signed-off-by: David Howells <dhowells@redhat.com>
Don't check that dentry->d_inode is valid in afs_unlink(). We should be
able to take that as given.
This caused Smatch to issue the following warning:
fs/afs/dir.c:1392 afs_unlink() error: we previously assumed 'vnode' could be null (see line 1375)
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
The setting of i_blocks, which is calculated from i_size, has got
accidentally misordered relative to the setting of i_size when initially
setting up an inode. Further, i_blocks isn't updated by afs_apply_status()
when the size is updated.
To fix this, break the i_size/i_blocks setting out into a helper function
and call it from both places.
Fixes: a58823ac45 ("afs: Fix application of status and callback to be under same lock")
Signed-off-by: David Howells <dhowells@redhat.com>
Fix the cb_break_lock spinlock in afs_volume struct by initialising it when
the volume record is allocated.
Also rename the lock to cb_v_break_lock to distinguish it from the lock of
the same name in the afs_server struct.
Without this, the following trace may be observed when a volume-break
callback is received:
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
CPU: 2 PID: 50 Comm: kworker/2:1 Not tainted 5.2.0-rc1-fscache+ #3045
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
Workqueue: afs SRXAFSCB_CallBack
Call Trace:
dump_stack+0x67/0x8e
register_lock_class+0x23b/0x421
? check_usage_forwards+0x13c/0x13c
__lock_acquire+0x89/0xf73
lock_acquire+0x13b/0x166
? afs_break_callbacks+0x1b2/0x3dd
_raw_write_lock+0x2c/0x36
? afs_break_callbacks+0x1b2/0x3dd
afs_break_callbacks+0x1b2/0x3dd
? trace_event_raw_event_afs_server+0x61/0xac
SRXAFSCB_CallBack+0x11f/0x16c
process_one_work+0x2c5/0x4ee
? worker_thread+0x234/0x2ac
worker_thread+0x1d8/0x2ac
? cancel_delayed_work_sync+0xf/0xf
kthread+0x11f/0x127
? kthread_park+0x76/0x76
ret_from_fork+0x24/0x30
Fixes: 68251f0a68 ("afs: Fix whole-volume callback handling")
Signed-off-by: David Howells <dhowells@redhat.com>
Because I made the afs_call struct share pointers to an afs_server object
and an afs_vlserver object to save space, afs_put_call() calls
afs_put_server() on afs_vlserver object (which is only meant for the
afs_server object) because it sees that call->server isn't NULL.
This means that the afs_vlserver object gets unpredictably and randomly
modified, depending on what config options are set (such as lockdep).
Fix this by getting rid of the union and having two non-overlapping
pointers in the afs_call struct.
Fixes: ffba718e93 ("afs: Get rid of afs_call::reply[]")
Signed-off-by: David Howells <dhowells@redhat.com>
Occasionally, warnings like this:
vnode modified 2af7 on {10000b:1} [exp 2af2] YFS.FetchStatus(vnode)
are emitted into the kernel log. This indicates that when we were applying
the updated vnode (file) status retrieved from the server to an inode we
saw that the data version number wasn't what we were expecting (in this
case it's 0x2af7 rather than 0x2af2).
We've usually received a callback from the server prior to this point - or
the callback promise has lapsed - so the warning is merely informative and
the state is to be expected.
Fix this by only emitting the warning if the we still think that we have a
valid callback promise and haven't received a callback.
Also change the format slightly so so that the new data version doesn't
look like part of the text, the like is prefixed with "kAFS: " and the
message is ranked as a warning.
Fixes: 31143d5d51 ("AFS: implement basic file write support")
Reported-by: Ian Wienand <iwienand@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
d_delete() was piggy backed for the fsnotify_nameremove() hook when
in fact not all callers of d_delete() care about fsnotify events.
For all callers of d_delete() that may be interested in fsnotify events,
we made sure to call one of fsnotify_{unlink,rmdir}() hooks before
calling d_delete().
Now we can move the fsnotify_nameremove() call from d_delete() to the
fsnotify_{unlink,rmdir}() hooks.
Two explicit calls to fsnotify_nameremove() from nfs/afs sillyrename
are also removed. This will cause a change of behavior - nfs/afs will
NOT generate an fsnotify delete event when renaming over a positive
dentry. This change is desirable, because it is consistent with the
behavior of all other filesystems.
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Some ISDN files that got removed in net-next had some changes
done in mainline, take the removals.
Signed-off-by: David S. Miller <davem@davemloft.net>
David Howells says:
I'm told that there's not really any point populating the list.
Current OpenAFS ignores it, as does AuriStor - and IBM AFS 3.6 will
do the right thing.
The list is actually useless as it's the client's view of the world,
not the servers, so if there's any NAT in the way its contents are
invalid. Further, it doesn't support IPv6 addresses.
On that basis, feel free to make it an empty list and remove all the
interface enumeration.
V1 of this patch reworked the function to use a new helper for the
ifa_list iteration to avoid sparse warnings once the proper __rcu
annotations get added in struct in_device later.
But, in light of the above, just remove afs_get_ipv4_interfaces.
Compile tested only.
Cc: David Howells <dhowells@redhat.com>
Cc: linux-afs@lists.infradead.org
Signed-off-by: Florian Westphal <fw@strlen.de>
Tested-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation either version 2 of the license or at
your option any later version
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-or-later
has been chosen to replace the boilerplate/reference in 3029 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public licence as published by
the free software foundation either version 2 of the licence or at
your option any later version
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-or-later
has been chosen to replace the boilerplate/reference in 114 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190520170857.552531963@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add SPDX license identifiers to all Make/Kconfig files which:
- Have no license information of any form
These files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:
GPL-2.0-only
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix afs_do_lookup() such that when it does an inline bulk status fetch op,
it will update inodes that are already extant (something that afs_iget()
doesn't do) and to cache permits for each inode created (thereby avoiding a
follow up FS.FetchStatus call to determine this).
Extant inodes need looking up in advance so that their cb_break counters
before and after the operation can be compared. To this end, the inode
pointers are cached so that they don't need looking up again after the op.
Fixes: 5cf9dd55a0 ("afs: Prospectively look up extra files when doing a single lookup")
Signed-off-by: David Howells <dhowells@redhat.com>
Pass the server and volume break counts from before the status fetch
operation that queried the attributes of a file into afs_iget5_set() so
that the new vnode's break counters can be initialised appropriately.
This allows detection of a volume or server break that happened whilst we
were fetching the status or setting up the vnode.
Fixes: c435ee3455 ("afs: Overhaul the callback handling")
Signed-off-by: David Howells <dhowells@redhat.com>
Make use of the status update for the target file that the YFS.RemoveFile2
RPC op returns to correctly update the vnode as to whether the file was
actually deleted or just had nlink reduced.
Fixes: 30062bd13e ("afs: Implement YFS support in the fs client")
Signed-off-by: David Howells <dhowells@redhat.com>
Fix afs_validate() to clear AFS_VNODE_CB_PROMISED on a vnode if we detect
any condition that causes the callback promise to be broken implicitly,
including server break (cb_s_break), volume break (cb_v_break) or callback
expiry.
Fixes: ae3b7361dc ("afs: Fix validation/callback interaction")
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Use RCU-based freeing for afs_cb_interest struct objects and use RCU on
vnode->cb_interest. Use that change to allow afs_check_validity() to use
read_seqbegin_or_lock() instead of read_seqlock_excl().
This also requires the caller of afs_check_validity() to hold the RCU read
lock across the call.
Signed-off-by: David Howells <dhowells@redhat.com>
Split afs_validate() so that the part that decides if the vnode is still
valid can be used under LOOKUP_RCU conditions from afs_d_revalidate().
Signed-off-by: David Howells <dhowells@redhat.com>
Don't save callback version and type fields as the version is about the
format of the callback information and the type is relative to the
particular RPC call.
Signed-off-by: David Howells <dhowells@redhat.com>
When applying the status and callback in the response of an operation,
apply them in the same critical section so that there's no race between
checking the callback state and checking status-dependent state (such as
the data version).
Fix this by:
(1) Allocating a joint {status,callback} record (afs_status_cb) before
calling the RPC function for each vnode for which the RPC reply
contains a status or a status plus a callback. A flag is set in the
record to indicate if a callback was actually received.
(2) These records are passed into the RPC functions to be filled in. The
afs_decode_status() and yfs_decode_status() functions are removed and
the cb_lock is no longer taken.
(3) xdr_decode_AFSFetchStatus() and xdr_decode_YFSFetchStatus() no longer
update the vnode.
(4) xdr_decode_AFSCallBack() and xdr_decode_YFSCallBack() no longer update
the vnode.
(5) vnodes, expected data-version numbers and callback break counters
(cb_break) no longer need to be passed to the reply delivery
functions.
Note that, for the moment, the file locking functions still need
access to both the call and the vnode at the same time.
(6) afs_vnode_commit_status() is now given the cb_break value and the
expected data_version and the task of applying the status and the
callback to the vnode are now done here.
This is done under a single taking of vnode->cb_lock.
(7) afs_pages_written_back() is now called by afs_store_data() rather than
by the reply delivery function.
afs_pages_written_back() has been moved to before the call point and
is now given the first and last page numbers rather than a pointer to
the call.
(8) The indicator from YFS.RemoveFile2 as to whether the target file
actually got removed (status.abort_code == VNOVNODE) rather than
merely dropping a link is now checked in afs_unlink rather than in
xdr_decode_YFSFetchStatus().
Supplementary fixes:
(*) afs_cache_permit() now gets the caller_access mask from the
afs_status_cb object rather than picking it out of the vnode's status
record. afs_fetch_status() returns caller_access through its argument
list for this purpose also.
(*) afs_inode_init_from_status() now uses a write lock on cb_lock rather
than a read lock and now sets the callback inside the same critical
section.
Fixes: c435ee3455 ("afs: Overhaul the callback handling")
Signed-off-by: David Howells <dhowells@redhat.com>
Always ask for the reply time from AF_RXRPC as it's used to calculate the
callback expiry time and lock expiry times, so it's needed by most FS
operations.
Signed-off-by: David Howells <dhowells@redhat.com>
afs_do_lookup() will do an order-1 allocation to allocate status records if
there are more than 39 vnodes to stat.
Fix this by allocating an array of {status,callback} records for each vnode
we want to examine using vmalloc() if larger than a page.
This not only gets rid of the order-1 allocation, but makes it easier to
grow beyond 50 records for YFS servers. It also allows us to move to
{status,callback} tuples for other calls too and makes it easier to lock
across the application of the status and the callback to the vnode.
Fixes: 5cf9dd55a0 ("afs: Prospectively look up extra files when doing a single lookup")
Signed-off-by: David Howells <dhowells@redhat.com>
Replace the afs_call::reply[] array with a bunch of typed members so that
the compiler can use type-checking on them. It's also easier for the eye
to see what's going on.
Signed-off-by: David Howells <dhowells@redhat.com>
Don't pass the vnode pointer through into the inline bulk status op. We
want to process the status records outside of it anyway.
Signed-off-by: David Howells <dhowells@redhat.com>
When __afs_break_callback() clears the CB_PROMISED flag, it increments
vnode->cb_break to trigger a future refetch of the status and callback -
however it also calls afs_clear_permits(), which also increments
vnode->cb_break.
Fix this by removing the increment from afs_clear_permits().
Whilst we're at it, fix the conditional call to afs_put_permits() as the
function checks to see if the argument is NULL, so the check is redundant.
Fixes: be080a6f43 ("afs: Overhaul permit caching");
Signed-off-by: David Howells <dhowells@redhat.com>
__afs_break_callback() holds vnode->lock around its call of
afs_lock_may_be_available() - which also takes that lock.
Fix this by not taking the lock in __afs_break_callback().
Also, there's no point checking the granted_locks and pending_locks queues;
it's sufficient to check lock_state, so move that check out of
afs_lock_may_be_available() into __afs_break_callback() to replace the
queue checks.
Fixes: e8d6c55412 ("AFS: implement file locking")
Signed-off-by: David Howells <dhowells@redhat.com>
Don't invalidate the callback promise on a directory if the
AFS_VNODE_DIR_VALID flag is not set (which indicates that the directory
contents are invalid, due to edit failure, callback break, page reclaim).
The directory will be reloaded next time the directory is accessed, so
clearing the callback flag at this point may race with a reload of the
directory and cancel it's recorded callback promise.
Fixes: f3ddee8dc4 ("afs: Fix directory handling")
Signed-off-by: David Howells <dhowells@redhat.com>
Fix the calculation of the expiry time of a callback promise, as obtained
from operations like FS.FetchStatus and FS.FetchData.
The time should be based on the timestamp of the first DATA packet in the
reply and the calculation needs to turn the ktime_t timestamp into a
time64_t.
Fixes: c435ee3455 ("afs: Overhaul the callback handling")
Signed-off-by: David Howells <dhowells@redhat.com>
Make certain RPC operations non-interruptible, including:
(*) Set attributes
(*) Store data
We don't want to get interrupted during a flush on close, flush on
unlock, writeback or an inode update, leaving us in a state where we
still need to do the writeback or update.
(*) Extend lock
(*) Release lock
We don't want to get lock extension interrupted as the file locks on
the server are time-limited. Interruption during lock release is less
of an issue since the lock is time-limited, but it's better to
complete the release to avoid a several-minute wait to recover it.
*Setting* the lock isn't a problem if it's interrupted since we can
just return to the user and tell them they were interrupted - at
which point they can elect to retry.
(*) Silly unlink
We want to remove silly unlink files if we can, rather than leaving
them for the salvager to clear up.
Note that whilst these calls are no longer interruptible, they do have
timeouts on them, so if the server stops responding the call will fail with
something like ETIME or ECONNRESET.
Without this, the following:
kAFS: Unexpected error from FS.StoreData -512
appears in dmesg when a pending store data gets interrupted and some
processes may just hang.
Additionally, make the code that checks/updates the server record ignore
failure due to interruption if the main call is uninterruptible and if the
server has an address list. The next op will check it again since the
expiration time on the old list has past.
Fixes: d2ddc776a4 ("afs: Overhaul volume and server record caching and fileserver rotation")
Reported-by: Jonathan Billings <jsbillings@jsbillings.org>
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Allow kernel services using AF_RXRPC to indicate that a call should be
non-interruptible. This allows kafs to make things like lock-extension and
writeback data storage calls non-interruptible.
If this is set, signals will be ignored for operations on that call where
possible - such as waiting to get a call channel on an rxrpc connection.
It doesn't prevent UDP sendmsg from being interrupted, but that will be
handled by packet retransmission.
rxrpc_kernel_recv_data() isn't affected by this since that never waits,
preferring instead to return -EAGAIN and leave the waiting to the caller.
Userspace initiated calls can't be set to be uninterruptible at this time.
Signed-off-by: David Howells <dhowells@redhat.com>
afs_check/update_server_record() should be setting fc->error rather than
fc->ac.error as they're called from within the cursor iteration function.
afs_fs_cursor::error is where the error code of the attempt to call the
operation on multiple servers is integrated and is the final result,
whereas afs_addr_cursor::error is used to hold the error from individual
iterations of the call loop. (Note there's also an afs_vl_cursor which
also wraps afs_addr_cursor for accessing VL servers rather than file
servers).
Fix this by setting fc->error in the afs_check/update_server_record() so
that any error incurred whilst talking to the VL server correctly
propagates to the final result.
This results in:
kAFS: Unexpected error from FS.StoreData -512
being seen, even though the store-data op is non-interruptible. The error
is actually coming from the server record update getting interrupted.
Fixes: d2ddc776a4 ("afs: Overhaul volume and server record caching and fileserver rotation")
Signed-off-by: David Howells <dhowells@redhat.com>
If an older AFS server doesn't support an operation, it may accept the call
and then sit on it forever, happily responding to pings that make kafs
think that the call is still alive.
Fix this by setting the maximum lifespan of Volume Location service calls
in particular and probe calls in general so that they don't run on
endlessly if they're not supported.
Signed-off-by: David Howells <dhowells@redhat.com>
Under some circumstances afs_select_fileserver() can return without setting
an error in fc->error. The problem is in the no_more_servers segment where
the accumulated errors from attempts to contact various servers are
integrated into an afs_error-type variable 'e'. The resultant error code
is, however, then abandoned.
Fix this by getting the error out of e.error and putting it in 'error' so
that the next part will store it into fc->error.
Not doing this causes a report like the following:
kAFS: AFS vnode with undefined type 0
kAFS: A=0 m=0 s=0 v=0
kAFS: vnode 20000025:1:1
because the code following the server selection loop then sees what it
thinks is a successful invocation because fc.error is 0. However, it can't
apply the status record because it's all zeros.
The report is followed on the first instance with a trace looking something
like:
dump_stack+0x67/0x8e
afs_inode_init_from_status.isra.2+0x21b/0x487
afs_fetch_status+0x119/0x1df
afs_iget+0x130/0x295
afs_get_tree+0x31d/0x595
vfs_get_tree+0x1f/0xe8
fc_mount+0xe/0x36
afs_d_automount+0x328/0x3c3
follow_managed+0x109/0x20a
lookup_fast+0x3bf/0x3f8
do_last+0xc3/0x6a4
path_openat+0x1af/0x236
do_filp_open+0x51/0xae
? _raw_spin_unlock+0x24/0x2d
? __alloc_fd+0x1a5/0x1b7
do_sys_open+0x13b/0x1e8
do_syscall_64+0x7d/0x1b3
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes: 4584ae96ae ("afs: Fix missing net error handling")
Signed-off-by: David Howells <dhowells@redhat.com>
Currently, once configured, AFS cells are looked up in the DNS at regular
intervals - which is a waste of resources if those cells aren't being
used. It also leads to a problem where cells preloaded, but not
configured, before the network is brought up end up effectively statically
configured with no VL servers and are unable to get any.
Fix this by not doing the DNS lookup until the first time a cell is
touched. It is waited for if we don't have any cached records yet,
otherwise the DNS lookup to maintain the record is done in the background.
This has the downside that the first time you touch a cell, you now have to
wait for the upcall to do the required DNS lookups rather than them already
being cached.
Further, the record is not replaced if the old record has at least one
server in it and the new record doesn't have any.
Fixes: 0a5143f2f8 ("afs: Implement VL server rotation")
Signed-off-by: David Howells <dhowells@redhat.com>
Allow used DNS resolver keys to be invalidated after use if the caller is
doing its own caching of the results. This reduces the amount of resources
required.
Fix AFS to invalidate DNS results to kill off permanent failure records
that get lodged in the resolver keyring and prevent future lookups from
happening.
Fixes: 0a5143f2f8 ("afs: Implement VL server rotation")
Signed-off-by: David Howells <dhowells@redhat.com>
Fix it such that afs_cell records always have a VL server list record
attached, even if it's a dummy one, so that various checks can be removed.
Signed-off-by: David Howells <dhowells@redhat.com>
When afs_update_cell() replaces the cell->vl_servers list, it uses RCU
protocol so that proc is protected, but doesn't take ->vl_servers_lock to
protect afs_start_vl_iteration() (which does actually take a shared lock).
Fix this by making afs_update_cell() take an exclusive lock when replacing
->vl_servers.
Fixes: 0a5143f2f8 ("afs: Implement VL server rotation")
Signed-off-by: David Howells <dhowells@redhat.com>
