OSDN Git Service
Linux Build Service Account [Fri, 1 Feb 2019 01:42:11 +0000 (17:42 -0800)]
Merge "staging: android/sync: Signal fences if timeline is destroyed"
Tomasz Figa [Wed, 22 Feb 2017 09:23:05 +0000 (18:23 +0900)]
staging: android/sync: Signal fences if timeline is destroyed
The original implementation of sw_sync in 3.14 kernel signaled all
active fences with error status on timeline release. However, after the
conversion to use DMA-buf fence code under the hood, the behavior was
(most likely by mistake) changed and the fences are being left active,
with their users possibly getting stuck in sync_wait().
There is indeed a sign of this not being an intentional behavior change,
as timeline retained its ->destroyed field, which is being set in
sync_timeline_destroy(). However there is no code checking it anymore.
Let's fix this by adding a check for timeline->destroyed in
android_fence_signaled(), so if the fence is neither signaled nor in
error state and timeline was destroyed, it will end up in -ENOENT error
state.
Change-Id: I0313b12b37e9d391d5caf218f381fa4b07a2a5e5
Signed-off-by: Tomasz Figa <tfiga@chromium.org>
Git-commit:
85839014db07d3c675d5a8f2f9f94f2aeb33fc5e
Git-repo: https://chromium.googlesource.com/chromiumos/third_party/kernel
Signed-off-by: Firoz Khan <firozk@codeaurora.org>
Linux Build Service Account [Thu, 31 Jan 2019 06:22:38 +0000 (22:22 -0800)]
Merge "Revert "i2c: add virtual i2c driver""
Linux Build Service Account [Thu, 31 Jan 2019 06:22:34 +0000 (22:22 -0800)]
Merge "Merge android-4.4.171 (
b355d4f) into msm-4.4"
xianzhu [Tue, 29 Jan 2019 08:43:15 +0000 (16:43 +0800)]
Revert "i2c: add virtual i2c driver"
This reverts commit
320b7b16475357b630b5f612bb3ebaf8e5159559.
This change refers to an inappropriate document, so we'd
better revert it first.
Change-Id: Ia7b806e911665d89a84b8d8377c2a5da5982f372
Signed-off-by: xianzhu <xianzhu@codeaurora.org>
Linux Build Service Account [Tue, 29 Jan 2019 12:23:21 +0000 (04:23 -0800)]
Merge "arm64: dts: gvm: Add support for USB Host suspend"
Srinivasarao P [Fri, 25 Jan 2019 10:32:42 +0000 (16:02 +0530)]
Merge android-4.4.171 (
b355d4f) into msm-4.4
* refs/heads/tmp-
b355d4f
Linux 4.4.171
sunrpc: use-after-free in svc_process_common()
ext4: fix a potential fiemap/page fault deadlock w/ inline_data
crypto: cts - fix crash on short inputs
i2c: dev: prevent adapter retries and timeout being set as minus value
ACPI: power: Skip duplicate power resource references in _PRx
PCI: altera: Move retrain from fixup to altera_pcie_host_init()
PCI: altera: Rework config accessors for use without a struct pci_bus
PCI: altera: Poll for link training status after retraining the link
PCI: altera: Poll for link up status after retraining the link
PCI: altera: Check link status before retrain link
PCI: altera: Reorder read/write functions
PCI: altera: Fix altera_pcie_link_is_up()
slab: alien caches must not be initialized if the allocation of the alien cache failed
USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
USB: storage: add quirk for SMI SM3350
USB: storage: don't insert sane sense for SPC3+ when bad sense specified
usb: cdc-acm: send ZLP for Telit 3G Intel based modems
cifs: Fix potential OOB access of lock element array
CIFS: Do not hide EINTR after sending network packets
btrfs: tree-checker: Fix misleading group system information
btrfs: tree-checker: Check level for leaves and nodes
btrfs: Verify that every chunk has corresponding block group at mount time
btrfs: Check that each block group has corresponding chunk at mount time
btrfs: validate type when reading a chunk
btrfs: tree-checker: Detect invalid and empty essential trees
btrfs: tree-checker: Verify block_group_item
btrfs: tree-check: reduce stack consumption in check_dir_item
btrfs: tree-checker: use %zu format string for size_t
btrfs: tree-checker: Add checker for dir item
btrfs: tree-checker: Fix false panic for sanity test
btrfs: tree-checker: Enhance btrfs_check_node output
btrfs: Move leaf and node validation checker to tree-checker.c
btrfs: Add checker for EXTENT_CSUM
btrfs: Add sanity check for EXTENT_DATA when reading out leaf
btrfs: Check if item pointer overlaps with the item itself
btrfs: Refactor check_leaf function for later expansion
btrfs: struct-funcs, constify readers
Btrfs: fix emptiness check for dirtied extent buffers at check_leaf()
Btrfs: memset to avoid stale content in btree leaf
Btrfs: kill BUG_ON in run_delayed_tree_ref
Btrfs: improve check_node to avoid reading corrupted nodes
Btrfs: memset to avoid stale content in btree node block
Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty
Btrfs: check btree node's nritems
Btrfs: detect corruption when non-root leaf has zero item
Btrfs: fix em leak in find_first_block_group
Btrfs: check inconsistence between chunk and block group
Btrfs: add validadtion checks for chunk loading
btrfs: Enhance chunk validation check
btrfs: cleanup, stop casting for extent_map->lookup everywhere
ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
UPSTREAM: virtio: new feature to detect IOMMU device quirk
UPSTREAM: vring: Use the DMA API on Xen
UPSTREAM: virtio_ring: Support DMA APIs
UPSTREAM: vring: Introduce vring_use_dma_api()
ANDROID: cuttlefish_defconfig: Enable vsock options
UPSTREAM: vhost/vsock: fix reset orphans race with close timeout
UPSTREAM: vhost/vsock: fix use-after-free in network stack callers
UPSTREAM: vhost: correctly check the iova range when waking virtqueue
UPSTREAM: vhost: synchronize IOTLB message with dev cleanup
UPSTREAM: vhost: fix info leak due to uninitialized memory
UPSTREAM: vhost: fix vhost_vq_access_ok() log check
UPSTREAM: vhost: validate log when IOTLB is enabled
UPSTREAM: vhost_net: add missing lock nesting notation
UPSTREAM: vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
UPSTREAM: vhost/vsock: fix uninitialized vhost_vsock->guest_cid
UPSTREAM: vhost_net: correctly check tx avail during rx busy polling
UPSTREAM: vsock: use new wait API for vsock_stream_sendmsg()
UPSTREAM: vsock: cancel packets when failing to connect
UPSTREAM: vhost-vsock: add pkt cancel capability
UPSTREAM: vsock: track pkt owner vsock
UPSTREAM: vhost: fix initialization for vq->is_le
UPSTREAM: vhost/vsock: handle vhost_vq_init_access() error
UPSTREAM: vsock: lookup and setup guest_cid inside vhost_vsock_lock
UPSTREAM: vhost-vsock: fix orphan connection reset
UPSTREAM: vsock/virtio: fix src/dst cid format
UPSTREAM: VSOCK: Don't dec ack backlog twice for rejected connections
UPSTREAM: vhost/vsock: drop space available check for TX vq
UPSTREAM: virtio-vsock: fix include guard typo
UPSTREAM: vhost/vsock: fix vhost virtio_vsock_pkt use-after-free
UPSTREAM: VSOCK: Use kvfree()
BACKPORT: vhost: split out vringh Kconfig
UPSTREAM: vhost: drop vringh dependency
UPSTREAM: vhost: drop vringh dependency
UPSTREAM: vhost: detect 32 bit integer wrap around
UPSTREAM: VSOCK: Add Makefile and Kconfig
UPSTREAM: VSOCK: Introduce vhost_vsock.ko
UPSTREAM: VSOCK: Introduce virtio_transport.ko
BACKPORT: VSOCK: Introduce virtio_vsock_common.ko
UPSTREAM: VSOCK: defer sock removal to transports
UPSTREAM: VSOCK: transport-specific vsock_transport functions
UPSTREAM: vsock: make listener child lock ordering explicit
UPSTREAM: vhost: new device IOTLB API
BACKPORT: vhost: convert pre sorted vhost memory array to interval tree
UPSTREAM: vhost: introduce vhost memory accessors
UPSTREAM: vhost_net: stop polling socket during rx processing
UPSTREAM: VSOCK: constify vsock_transport structure
UPSTREAM: vhost: lockless enqueuing
UPSTREAM: vhost: simplify work flushing
UPSTREAM: VSOCK: Only check error on skb_recv_datagram when skb is NULL
BACKPORT: AF_VSOCK: Shrink the area influenced by prepare_to_wait
UPSTREAM: vhost_net: basic polling support
UPSTREAM: vhost: introduce vhost_vq_avail_empty()
UPSTREAM: vhost: introduce vhost_has_work()
UPSTREAM: vhost: rename vhost_init_used()
UPSTREAM: vhost: rename cross-endian helpers
UPSTREAM: vhost: fix error path in vhost_init_used()
UPSTREAM: virtio: make find_vqs() checkpatch.pl-friendly
UPSTREAM: net: move napi_hash[] into read mostly section
ANDROID: cuttlefish_defconfig: remove DM_VERITY_HASH_PREFETCH_MIN_SIZE
Revert "ANDROID: dm verity: add minimum prefetch size"
ANDROID: f2fs: Complement "android_fs" tracepoint of read path
Removed config DM_VERITY_HASH_PREFETCH_MIN_SIZE in defconfig files
as this feature got reverted.
Change-Id: I9117e3080eaf0e0c99888468037855fc7713ff88
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Linux Build Service Account [Mon, 28 Jan 2019 12:55:54 +0000 (04:55 -0800)]
Merge "ARM: dts: msm8996: add the ext node and clock entries for hdmi"
Venkata Rao Kakani [Mon, 28 Jan 2019 11:20:51 +0000 (16:50 +0530)]
arm64: dts: gvm: Add support for USB Host suspend
Enable USB2 suspend in LA Guest when the touch
is connected to host port.
Change-Id: Id211fc0e170079fadba610617a5faa0f1f96360d
Signed-off-by: Venkata Rao Kakani <vkakani@codeaurora.org>
Linux Build Service Account [Sat, 26 Jan 2019 10:20:51 +0000 (02:20 -0800)]
Merge "soc: qcom: Fix identified corner cases."
Linux Build Service Account [Sat, 26 Jan 2019 10:20:50 +0000 (02:20 -0800)]
Merge "usb: misc: ks_bridge: Enable enumeration on second xHCI port"
Linux Build Service Account [Sat, 26 Jan 2019 10:20:49 +0000 (02:20 -0800)]
Merge "usb: misc: diag_ipc_bridge: Move dev cleanup to delete function"
Linux Build Service Account [Fri, 25 Jan 2019 20:34:48 +0000 (12:34 -0800)]
Merge "ARM: dts: msm: DRM: Change eDRM display pipe"
Linux Build Service Account [Fri, 25 Jan 2019 20:34:46 +0000 (12:34 -0800)]
Merge "drm/msm: Early DRM Driver"
Vivek Kumar [Tue, 18 Dec 2018 05:42:19 +0000 (11:12 +0530)]
soc: qcom: Fix identified corner cases.
Fix identified corner cases with respect to
early services.
1. Allow hot adding of non-earlydomain cpus.
2. NOP for apis when earlydomain is inactive.
3. Loop for size of cpumask and not cpumask_t
Change-Id: Iad00ee6468232e2072eb3bbcd2e70faedc7c7886
Signed-off-by: Vivek Kumar <vivekuma@codeaurora.org>
Linux Build Service Account [Fri, 25 Jan 2019 10:56:46 +0000 (02:56 -0800)]
Merge "usb: gadget: uac1: Increase number of requests to 8"
Srinivasarao P [Mon, 21 Jan 2019 07:22:03 +0000 (12:52 +0530)]
Merge android-4.4.170 (
241f76b1) into msm-4.4
* refs/heads/tmp-
241f76b1
Linux 4.4.170
power: supply: olpc_battery: correct the temperature units
intel_th: msu: Fix an off-by-one in attribute store
genwqe: Fix size check
ceph: don't update importing cap's mseq when handing cap export
iommu/vt-d: Handle domain agaw being less than iommu agaw
9p/net: put a lower bound on msize
b43: Fix error in cordic routine
gfs2: Fix loop in gfs2_rbm_find
dlm: memory leaks on error path in dlm_user_request()
dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
dlm: possible memory leak on error path in create_lkb()
dlm: fixed memory leaks after failed ls_remove_names allocation
ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
ALSA: cs46xx: Potential NULL dereference in probe
crypto: x86/chacha20 - avoid sleeping with preemption disabled
sunrpc: use SVC_NET() in svcauth_gss_* functions
sunrpc: fix cache_head leak due to queued request
mm, devm_memremap_pages: kill mapping "System RAM" support
mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
fork: record start_time late
scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown
Input: omap-keypad - fix idle configuration to not block SoC idle states
scsi: bnx2fc: Fix NULL dereference in error handling
xfrm: Fix bucket count reported to userspace
checkstack.pl: fix for aarch64
Input: restore EV_ABS ABS_RESERVED
ARM: imx: update the cpu power up timing setting on i.mx6sx
powerpc: Fix COFF zImage booting on old powermacs
spi: bcm2835: Unbreak the build of esoteric configs
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
MIPS: Align kernel load address to 64KB
MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
media: vivid: free bitmap_cap when updating std/timings/etc.
cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
spi: bcm2835: Fix book-keeping of DMA termination
spi: bcm2835: Fix race on DMA termination
ext4: force inode writes when nfsd calls commit_metadata()
ext4: fix EXT4_IOC_GROUP_ADD ioctl
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
ext4: fix possible use after free in ext4_quota_enable
perf pmu: Suppress potential format-truncation warning
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
USB: serial: option: add Fibocom NL678 series
USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
ALSA: hda/tegra: clear pending irq handlers
ALSA: hda: add mute LED support for HP EliteBook 840 G4
ALSA: emux: Fix potential Spectre v1 vulnerabilities
ALSA: pcm: Fix potential Spectre v1 vulnerability
ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
ALSA: rme9652: Fix potential Spectre v1 vulnerability
sock: Make sock->sk_stamp thread-safe
gro_cell: add napi_disable in gro_cells_destroy
xen/netfront: tolerate frags with no data
VSOCK: Send reset control packet when socket is partially bound
vhost: make sure used idx is seen before log in vhost_add_used_n()
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
packet: validate address length if non-zero
packet: validate address length
netrom: fix locking in nr_find_socket()
isdn: fix kernel-infoleak in capi_unlocked_ioctl
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
ieee802154: lowpan_header_create check must check daddr
ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
ax25: fix a use-after-free in ax25_fillin_cb()
ipv4: Fix potential Spectre v1 vulnerability
ip6mr: Fix potential Spectre v1 vulnerability
drm/ioctl: Fix Spectre v1 vulnerabilities
x86/mtrr: Don't copy uninitialized gentry fields back to userspace
Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
mmc: omap_hsmmc: fix DMA API warning
mmc: core: Reset HPI enabled state during re-init and in case of errors
USB: serial: option: add Telit LN940 series
USB: serial: option: add Fibocom NL668 series
USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
USB: serial: option: add HP lt4132
USB: serial: option: add GosunCn ZTE WeLink ME3630
xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
f2fs: don't access node/meta inode mapping after iput
f2fs: wait on atomic writes to count F2FS_CP_WB_DATA
f2fs: sanity check of xattr entry size
f2fs: fix use-after-free issue when accessing sbi->stat_info
f2fs: check PageWriteback flag for ordered case
f2fs: fix validation of the block count in sanity_check_raw_super
f2fs: fix missing unlock(sbi->gc_mutex)
f2fs: clean up structure extent_node
f2fs: fix block address for __check_sit_bitmap
f2fs: fix sbi->extent_list corruption issue
f2fs: clean up checkpoint flow
f2fs: flush stale issued discard candidates
f2fs: correct wrong spelling, issing_*
f2fs: use kvmalloc, if kmalloc is failed
f2fs: remove redundant comment of unused wio_mutex
f2fs: fix to reorder set_page_dirty and wait_on_page_writeback
f2fs: clear PG_writeback if IPU failed
f2fs: add an ioctl() to explicitly trigger fsck later
f2fs: avoid frequent costly fsck triggers
f2fs: fix m_may_create to make OPU DIO write correctly
f2fs: fix to update new block address correctly for OPU
f2fs: adjust trace print in f2fs_get_victim() to cover all paths
f2fs: fix to allow node segment for GC by ioctl path
f2fs: make "f2fs_fault_name[]" const char *
f2fs: read page index before freeing
f2fs: fix wrong return value of f2fs_acl_create
f2fs: avoid build warn of fall_through
f2fs: fix race between write_checkpoint and write_begin
f2fs: check memory boundary by insane namelen
f2fs: only flush the single temp bio cache which owns the target page
f2fs: fix out-place-update DIO write
f2fs: fix to be aware discard/preflush/dio command in is_idle()
f2fs: add to account direct IO
f2fs: move dir data flush to write checkpoint process
f2fs: change segment to section in f2fs_ioc_gc_range
f2fs: export migration_granularity sysfs entry
f2fs: support subsectional garbage collection
f2fs: introduce __is_large_section() for cleanup
f2fs: clean up f2fs_sb_has_##feature_name
f2fs: remove codes of unused wio_mutex
f2fs: fix count of seg_freed to make sec_freed correct
f2fs: fix to account preflush command for noflush_merge mode
f2fs: avoid GC causing encrypted file corrupted
ANDROID: cuttlefish_defconfig: Enable VIRTIO_INPUT
Conflicts:
mm/memory_hotplug.c
Change-Id: I8dc4545b59eff285a0fdb22cd06e8d5dffbe1330
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Ajay Agarwal [Fri, 25 Jan 2019 05:02:53 +0000 (10:32 +0530)]
usb: gadget: uac1: Increase number of requests to 8
Increase number of USB requests from 2 to 8 so as to improve
sound quality.
Change-Id: I0b92c50a4dd62563b2fd31f00d67196edc4e0fba
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
Linux Build Service Account [Thu, 24 Jan 2019 11:31:06 +0000 (03:31 -0800)]
Merge "ARM: dts: msm: add device tree overlay for 8996"
Ajay Agarwal [Tue, 8 Jan 2019 05:40:18 +0000 (11:10 +0530)]
usb: misc: diag_ipc_bridge: Move dev cleanup to delete function
Currently the driver does the diag_briddge_dev's members' cleanup
in disconnect function. This can lead to race between read/write
and disconnect functions where the read/write mutex is being
destroyed when it is in locked state. Also, the read/write
function can be called after disconnect leading to mutex_lock
warning on a destroyed mutex. Finally, since the close function
can be called after disconnect, it can lead to null pointer
dereference from dev->ifc since it is being assigned null in
disconnect. Also, there can be a use-after-free if the interface
structure is used after disconnect function has been called and
core has freed the intf.
Fix this by moving the dev member cleanup from disconnect to the
delete function. This will ensure that mutex and dev->ifc exists
when the diag core can still queue read/write and call close.
Also do a get and put of interface from probe and delete
respectively to prevent the use-after-free issue.
Change-Id: I1a1fa4440560b0c0b77880fb3f5a37c3c24c7e67
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
Ajay Agarwal [Thu, 24 Jan 2019 08:51:47 +0000 (14:21 +0530)]
usb: misc: diag_ipc_bridge: Patch debug statements
Remove pr_fmt declaration and add function name and new line
functionality to the debug prints instead. Add more debug logs
where necessary.
Change-Id: Iedf27473174eeae1c8032c133250a190978d38e5
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
Linux Build Service Account [Thu, 24 Jan 2019 05:24:28 +0000 (21:24 -0800)]
Merge "mmc: host: sdhci-msm: Temperature controlled clock scaling"
Linux Build Service Account [Thu, 24 Jan 2019 05:24:27 +0000 (21:24 -0800)]
Merge "mmc: core: Initialize temperature controlled clock scaling"
Linux Build Service Account [Thu, 24 Jan 2019 05:24:25 +0000 (21:24 -0800)]
Merge "msm-camera: add cx-ipeak support for vfe"
Swetha Chikkaboraiah [Thu, 17 Jan 2019 03:49:08 +0000 (09:19 +0530)]
ARM: dts: msm: add device tree overlay for 8996
Add device tree overlay support for 8996.
Change-Id: Ibdeab45acad17d3e487ba1108cd0cc3cff7fb377
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
Linux Build Service Account [Wed, 23 Jan 2019 21:58:05 +0000 (13:58 -0800)]
Merge "i2c: add virtual i2c driver"
Srikanth Uyyala [Mon, 24 Dec 2018 10:45:00 +0000 (16:15 +0530)]
msm-camera: add cx-ipeak support for vfe
Add support in vfe driver to vote for cx_ipeak when moving
to turbo clock and unvote when moving out of turbo.
Change-Id: I6b95594adbf05c0797c2748981a6b06f042adc20
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>
Linux Build Service Account [Wed, 23 Jan 2019 07:51:10 +0000 (23:51 -0800)]
Merge "usb: pd: Don't reject sink request based on max current"
raghavendra ambadas [Wed, 23 Jan 2019 06:33:47 +0000 (12:03 +0530)]
ARM: dts: msm8996: add the ext node and clock entries for hdmi
Add HDMI extension node and clock entries to device tree
for msm8996 device.
Change-Id: I0e4ac2ec66c2be691cbb26dead1fa8093324669c
Signed-off-by: Raghavendra Ambadas <rambad@codeaurora.org>
Linux Build Service Account [Tue, 22 Jan 2019 22:52:13 +0000 (14:52 -0800)]
Merge "cnss2: Return 0 from susped/resume for driver_ops null"
Linux Build Service Account [Tue, 22 Jan 2019 12:06:45 +0000 (04:06 -0800)]
Merge "msm: adsprpc: Fix memory out of bounds error"
Camus Wong [Thu, 13 Dec 2018 06:06:24 +0000 (01:06 -0500)]
ARM: dts: msm: DRM: Change eDRM display pipe
Change eDRM to use VIG display pipe. This allows early application
to display YUV frames.
Change-Id: I16050c3d0d22a84c394a2f13d87e6df77e7c995f
Signed-off-by: Camus Wong <camusw@codeaurora.org>
Camus Wong [Sun, 9 Dec 2018 20:16:21 +0000 (15:16 -0500)]
msm: ekms: Support more Color Format in eDRM
Add more color format into eDRM plane. Add YUV420, NV12, YUYV,
RGB565, RGB888 color to eDRM.
Change-Id: I73aa22e811ca061ea1a59194e4f76ae9fff47f46
Signed-off-by: Camus Wong <camusw@codeaurora.org>
Camus Wong [Fri, 26 Oct 2018 07:25:32 +0000 (03:25 -0400)]
ARM: dts: msm: DRM: Device tree for early DRM
Add device tree setting to enable early DRM probe. Add reserved
pipe into main DRM. Also add assigned display and pipe into
early DRM.
Change-Id: I3163aa808313b10cd2fb3dee156a746ef650bc68
Signed-off-by: Camus Wong <camusw@codeaurora.org>
Camus Wong [Fri, 26 Oct 2018 06:47:37 +0000 (02:47 -0400)]
drm/msm: Early DRM Driver
Add new DRM node to handle early display service. The early DRM
driver is to workaround Andriod display framework long boot time
problem and DRM single master limitation. The early DRM node provides
display function for early application that is outside Android
framework. The early application can use early DRM to draw early
UI and bootloader review camera menu function. Android framework will
not use early DRM node. It will continue to use the main DRM node.
Early DRM is another KMS driver that designed for bootup application.
Early DRM is not based on SDE framework and it will not initialize
display hardware. Early DRM rely on bootloader to initialize display
hardware and interfaces. For power and SMMU, early DRM relies on main
DRM to initialize them. Early DRM only provide limited display
functionality such as RGB buffer display. Early DRM only expected to
run during bootup time to work with bootloader/early RVC. When Android
UI is ready, early DRM will handoff all display resource to main DRM.
After that, no application can open early DRM node.
Early DRM is enabled in device tree. User must specify which display
to enable early DRM and which display pipes are assigned to eDRM.
Change-Id: Ic9f68726677c5db26507caec79c7da1e6d745f44
Signed-off-by: Camus Wong <camusw@codeaurora.org>
Linux Build Service Account [Mon, 21 Jan 2019 10:43:14 +0000 (02:43 -0800)]
Merge "iommu/iommu-debug: fix buffer overflows in debugfs read functions"
Rajasekaran Kalidoss [Fri, 18 Jan 2019 14:02:50 +0000 (19:32 +0530)]
cnss2: Return 0 from susped/resume for driver_ops null
During usb suspend/resume call from USB SS, if driver
ops is not present cnss should return success. presently
it is returning -EINVAL if driver_ops is NULL.
Change-Id: I43a268489107bdad1945b4a842bb9ab3abe1b4ea
Signed-off-by: Rajasekaran Kalidoss <rkalidos@codeaurora.org>
Linux Build Service Account [Sat, 19 Jan 2019 04:47:36 +0000 (20:47 -0800)]
Merge "msm: wlan: Update ETSI1 and ETSI13 countries"
Jack Pham [Fri, 17 Aug 2018 17:52:17 +0000 (10:52 -0700)]
usb: pd: Don't reject sink request based on max current
A fixed sink PDO request includes both operating current and
max current. Although the max current requested may be greater
than the available source advertisement, as per spec only the
operating current request needs to be considered. The sink will
likely have also set the Capability Mismatch bit as well. Hence,
don't reject the request otherwise the sink will keep
re-requesting and never enter a contract.
Change-Id: Ia15e2e17abe43f2bcbc1fe7011b70ab0e0f5d9eb
Signed-off-by: Jack Pham <jackp@codeaurora.org>
Linux Build Service Account [Fri, 18 Jan 2019 16:05:13 +0000 (08:05 -0800)]
Merge "msm: wlan: Update regulatory database"
xianzhu [Thu, 10 Jan 2019 02:17:47 +0000 (10:17 +0800)]
i2c: add virtual i2c driver
add virtual i2c driver for virtualization platform.
Change-Id: I806e49fa99346bddfc66a7153a24cb679b88404a
Signed-off-by: xianzhu <xianzhu@codeaurora.org>
Rajeev Kumar Sirasanagandla [Fri, 18 Jan 2019 08:13:25 +0000 (13:43 +0530)]
msm: wlan: Update ETSI1 and ETSI13 countries
In db.txt, update ETSI1 and ETSI13 countries with NO-OUTDOOR flag
for frequency ranges: (5170 - 5250) and (5250 - 5330).
CRs-Fixed:
2379868
Change-Id: I8a9ce955e82b14814ead5f0bf118608ea90cbc53
Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
Linux Build Service Account [Fri, 18 Jan 2019 07:33:47 +0000 (23:33 -0800)]
Merge "msm-camera: add support for cx_ipeak"
Linux Build Service Account [Fri, 18 Jan 2019 07:33:46 +0000 (23:33 -0800)]
Merge "soc: qcom: hab: adapt to the new get_user_pages()"
Linux Build Service Account [Thu, 17 Jan 2019 22:03:35 +0000 (14:03 -0800)]
Merge "msm: camera: isp: Fix invalid type conversion"
Linux Build Service Account [Thu, 17 Jan 2019 22:03:34 +0000 (14:03 -0800)]
Merge "defconfig: Enable and disable few configs for MSM8996"
Linux Build Service Account [Thu, 17 Jan 2019 22:03:33 +0000 (14:03 -0800)]
Merge "ARM: dts: msm: msm8996-mtp bringup changes"
Linux Build Service Account [Thu, 17 Jan 2019 22:03:31 +0000 (14:03 -0800)]
Merge "arm: dts: msm: add msm8996-auto.dtsi"
Srikanth Uyyala [Mon, 24 Dec 2018 10:34:27 +0000 (16:04 +0530)]
msm-camera: add support for cx_ipeak
camera drivers need to vote when moving to turbo clock
and unvote when moving out of turbo. cx_ipeak driver
then makes sure to limit the current drawn from cx
based on this vote. This dirver provides common utility
functions to track vote and unvote.
Change-Id: I34d860003518924ab3233d8de24ccdb11f513f7e
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>
gaolez [Fri, 8 Jun 2018 11:44:47 +0000 (19:44 +0800)]
msm: wlan: Update regulatory database
Update country ETSI13 related country's frequency range and tx
power.
Change-Id: Iae27b12df3b36621c395ef9e8a3b1b46461848b6
CRs-Fixed:
2246140
Signed-off-by: Gaole Zhang <gaolez@codeaurora.org>
Swetha Chikkaboraiah [Tue, 18 Dec 2018 08:13:09 +0000 (13:43 +0530)]
ARM: dts: msm: msm8996-mtp bringup changes
Changes done to bringup msm8996 on 4.4 kernel.
Change-Id: Ie0629dddeed2ef861e3b15f47015a7a8fb482ba7
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
Swetha Chikkaboraiah [Tue, 18 Dec 2018 10:01:44 +0000 (15:31 +0530)]
defconfig: Enable and disable few configs for MSM8996
This change enables and disables below list of configs to
address the MSM8996-MTP bootup issue on 4.4 kernel.
Enable configs:
CONFIG_QUOTA
CONFIG_QUOTA_NETLINK_INTERFACE
CONFIG_QFMT_V2
Disable config
CONFIG_PRINT_QUOTA_WARNING
Change-Id: Iccd69be08842926e00c3d24321ec51683fabd406
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
Linux Build Service Account [Thu, 17 Jan 2019 05:41:55 +0000 (21:41 -0800)]
Merge "msm: drm: add hibernation support"
Linux Build Service Account [Thu, 17 Jan 2019 05:41:54 +0000 (21:41 -0800)]
Merge "fbdev: msm: validate mdp clk rate and cwb for msm8996"
Linux Build Service Account [Thu, 17 Jan 2019 05:41:53 +0000 (21:41 -0800)]
Merge "cnss2: USB:skip ce config for USB transport"
Greg Kroah-Hartman [Wed, 16 Jan 2019 21:54:09 +0000 (22:54 +0100)]
Merge 4.4.171 into android-4.4
Changes in 4.4.171
ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
btrfs: cleanup, stop casting for extent_map->lookup everywhere
btrfs: Enhance chunk validation check
Btrfs: add validadtion checks for chunk loading
Btrfs: check inconsistence between chunk and block group
Btrfs: fix em leak in find_first_block_group
Btrfs: detect corruption when non-root leaf has zero item
Btrfs: check btree node's nritems
Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty
Btrfs: memset to avoid stale content in btree node block
Btrfs: improve check_node to avoid reading corrupted nodes
Btrfs: kill BUG_ON in run_delayed_tree_ref
Btrfs: memset to avoid stale content in btree leaf
Btrfs: fix emptiness check for dirtied extent buffers at check_leaf()
btrfs: struct-funcs, constify readers
btrfs: Refactor check_leaf function for later expansion
btrfs: Check if item pointer overlaps with the item itself
btrfs: Add sanity check for EXTENT_DATA when reading out leaf
btrfs: Add checker for EXTENT_CSUM
btrfs: Move leaf and node validation checker to tree-checker.c
btrfs: tree-checker: Enhance btrfs_check_node output
btrfs: tree-checker: Fix false panic for sanity test
btrfs: tree-checker: Add checker for dir item
btrfs: tree-checker: use %zu format string for size_t
btrfs: tree-check: reduce stack consumption in check_dir_item
btrfs: tree-checker: Verify block_group_item
btrfs: tree-checker: Detect invalid and empty essential trees
btrfs: validate type when reading a chunk
btrfs: Check that each block group has corresponding chunk at mount time
btrfs: Verify that every chunk has corresponding block group at mount time
btrfs: tree-checker: Check level for leaves and nodes
btrfs: tree-checker: Fix misleading group system information
CIFS: Do not hide EINTR after sending network packets
cifs: Fix potential OOB access of lock element array
usb: cdc-acm: send ZLP for Telit 3G Intel based modems
USB: storage: don't insert sane sense for SPC3+ when bad sense specified
USB: storage: add quirk for SMI SM3350
USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
slab: alien caches must not be initialized if the allocation of the alien cache failed
PCI: altera: Fix altera_pcie_link_is_up()
PCI: altera: Reorder read/write functions
PCI: altera: Check link status before retrain link
PCI: altera: Poll for link up status after retraining the link
PCI: altera: Poll for link training status after retraining the link
PCI: altera: Rework config accessors for use without a struct pci_bus
PCI: altera: Move retrain from fixup to altera_pcie_host_init()
ACPI: power: Skip duplicate power resource references in _PRx
i2c: dev: prevent adapter retries and timeout being set as minus value
crypto: cts - fix crash on short inputs
ext4: fix a potential fiemap/page fault deadlock w/ inline_data
sunrpc: use-after-free in svc_process_common()
Linux 4.4.171
Change-Id: If59c94897d4f135b24d45772a7db116503695ba7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Greg Kroah-Hartman [Wed, 16 Jan 2019 21:16:12 +0000 (22:16 +0100)]
Linux 4.4.171
Vasily Averin [Mon, 24 Dec 2018 11:44:52 +0000 (14:44 +0300)]
sunrpc: use-after-free in svc_process_common()
commit
d4b09acf924b84bae77cad090a9d108e70b43643 upstream.
if node have NFSv41+ mounts inside several net namespaces
it can lead to use-after-free in svc_process_common()
svc_process_common()
/* Setup reply header */
rqstp->rq_xprt->xpt_ops->xpo_prep_reply_hdr(rqstp); <<< HERE
svc_process_common() can use incorrect rqstp->rq_xprt,
its caller function bc_svc_process() takes it from serv->sv_bc_xprt.
The problem is that serv is global structure but sv_bc_xprt
is assigned per-netnamespace.
According to Trond, the whole "let's set up rqstp->rq_xprt
for the back channel" is nothing but a giant hack in order
to work around the fact that svc_process_common() uses it
to find the xpt_ops, and perform a couple of (meaningless
for the back channel) tests of xpt_flags.
All we really need in svc_process_common() is to be able to run
rqstp->rq_xprt->xpt_ops->xpo_prep_reply_hdr()
Bruce J Fields points that this xpo_prep_reply_hdr() call
is an awfully roundabout way just to do "svc_putnl(resv, 0);"
in the tcp case.
This patch does not initialiuze rqstp->rq_xprt in bc_svc_process(),
now it calls svc_process_common() with rqstp->rq_xprt = NULL.
To adjust reply header svc_process_common() just check
rqstp->rq_prot and calls svc_tcp_prep_reply_hdr() for tcp case.
To handle rqstp->rq_xprt = NULL case in functions called from
svc_process_common() patch intruduces net namespace pointer
svc_rqst->rq_bc_net and adjust SVC_NET() definition.
Some other function was also adopted to properly handle described case.
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Cc: stable@vger.kernel.org
Fixes:
23c20ecd4475 ("NFS: callback up - users counting cleanup")
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
v2: - added lost extern svc_tcp_prep_reply_hdr()
- dropped trace_svc_process() changes
- context fixes in svc_process_common()
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Theodore Ts'o [Tue, 25 Dec 2018 05:56:33 +0000 (00:56 -0500)]
ext4: fix a potential fiemap/page fault deadlock w/ inline_data
commit
2b08b1f12cd664dc7d5c84ead9ff25ae97ad5491 upstream.
The ext4_inline_data_fiemap() function calls fiemap_fill_next_extent()
while still holding the xattr semaphore. This is not necessary and it
triggers a circular lockdep warning. This is because
fiemap_fill_next_extent() could trigger a page fault when it writes
into page which triggers a page fault. If that page is mmaped from
the inline file in question, this could very well result in a
deadlock.
This problem can be reproduced using generic/519 with a file system
configuration which has the inline_data feature enabled.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Eric Biggers [Mon, 14 Jan 2019 23:21:45 +0000 (15:21 -0800)]
crypto: cts - fix crash on short inputs
[It's a minimal fix for a bug that was fixed incidentally by a large
refactoring in v4.8.]
In the CTS template, when the input length is <= one block cipher block
(e.g. <= 16 bytes for AES) pass the correct length to the underlying CBC
transform rather than one block. This matches the upstream behavior and
makes the encryption/decryption operation correctly return -EINVAL when
1 <= nbytes < bsize or succeed when nbytes == 0, rather than crashing.
This was fixed upstream incidentally by a large refactoring,
commit
0605c41cc53c ("crypto: cts - Convert to skcipher"). But
syzkaller easily trips over this when running on older kernels, as it's
easily reachable via AF_ALG. Therefore, this patch makes the minimal
fix for older kernels.
Cc: linux-crypto@vger.kernel.org
Fixes:
76cb9521795a ("[CRYPTO] cts: Add CTS mode required for Kerberos AES support")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Yi Zeng [Wed, 9 Jan 2019 07:33:07 +0000 (15:33 +0800)]
i2c: dev: prevent adapter retries and timeout being set as minus value
commit
6ebec961d59bccf65d08b13fc1ad4e6272a89338 upstream.
If adapter->retries is set to a minus value from user space via ioctl,
it will make __i2c_transfer and __i2c_smbus_xfer skip the calling to
adapter->algo->master_xfer and adapter->algo->smbus_xfer that is
registered by the underlying bus drivers, and return value 0 to all the
callers. The bus driver will never be accessed anymore by all users,
besides, the users may still get successful return value without any
error or information log print out.
If adapter->timeout is set to minus value from user space via ioctl,
it will make the retrying loop in __i2c_transfer and __i2c_smbus_xfer
always break after the the first try, due to the time_after always
returns true.
Signed-off-by: Yi Zeng <yizeng@asrmicro.com>
[wsa: minor grammar updates to commit message]
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Hans de Goede [Sun, 30 Dec 2018 17:25:00 +0000 (18:25 +0100)]
ACPI: power: Skip duplicate power resource references in _PRx
commit
7d7b467cb95bf29597b417d4990160d4ea6d69b9 upstream.
Some ACPI tables contain duplicate power resource references like this:
Name (_PR0, Package (0x04) // _PR0: Power Resources for D0
{
P28P,
P18P,
P18P,
CLK4
})
This causes a WARN_ON in sysfs_add_link_to_group() because we end up
adding a link to the same acpi_device twice:
sysfs: cannot create duplicate filename '/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/
808622C1:00/OVTI2680:00/power_resources_D0/LNXPOWER:0a'
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.12-301.fc29.x86_64 #1
Hardware name: Insyde CherryTrail/Type2 - Board Product Name, BIOS jumperx.T87.KFBNEEA02 04/13/2016
Call Trace:
dump_stack+0x5c/0x80
sysfs_warn_dup.cold.3+0x17/0x2a
sysfs_do_create_link_sd.isra.2+0xa9/0xb0
sysfs_add_link_to_group+0x30/0x50
acpi_power_expose_list+0x74/0xa0
acpi_power_add_remove_device+0x50/0xa0
acpi_add_single_object+0x26b/0x5f0
acpi_bus_check_add+0xc4/0x250
...
To address this issue, make acpi_extract_power_resources() check for
duplicates and simply skip them when found.
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
[ rjw: Subject & changelog, comments ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ley Foon Tan [Fri, 26 Aug 2016 01:47:25 +0000 (09:47 +0800)]
PCI: altera: Move retrain from fixup to altera_pcie_host_init()
commit
ce4f1c7ad490aa7129bde5632d6e53943f8a866c upstream.
Previously we used a PCI early fixup to initiate a link retrain on Altera
devices. But Altera PCIe IP can be configured as either a Root Port or an
Endpoint, and they might have same vendor ID, so the fixup would be run for
both.
We only want to initiate a link retrain for Altera Root Port devices, not
for Endpoints, so move the link retrain functionality from the fixup to
altera_pcie_host_init().
[bhelgaas: changelog]
Signed-off-by: Ley Foon Tan <lftan@altera.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Claudius Heine <claudius.heine.ext@siemens.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ley Foon Tan [Fri, 26 Aug 2016 01:47:24 +0000 (09:47 +0800)]
PCI: altera: Rework config accessors for use without a struct pci_bus
commit
31fc0ad47e2e0b8417616aa0f1ddcc67edf1e109 upstream.
Rework configs accessors so a future patch can use them in _probe() with
struct altera_pcie instead of struct pci_bus.
Signed-off-by: Ley Foon Tan <lftan@altera.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Claudius Heine <claudius.heine.ext@siemens.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ley Foon Tan [Mon, 15 Aug 2016 06:06:02 +0000 (14:06 +0800)]
PCI: altera: Poll for link training status after retraining the link
commit
411dc32d8810e0a204c799ce5c97cb56990de1cb upstream.
Poll for link training status is cleared before poll for link up status.
This can help to get the reliable link up status, especially when PCIe is
in Gen 3 speed.
Signed-off-by: Ley Foon Tan <lftan@altera.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Claudius Heine <claudius.heine.ext@siemens.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ley Foon Tan [Tue, 21 Jun 2016 08:53:13 +0000 (16:53 +0800)]
PCI: altera: Poll for link up status after retraining the link
commit
3a928e98a833e1a470a60d2fedf3c55502185fb7 upstream.
Some PCIe devices take a long time to reach link up state after retrain.
Poll for link up status after retraining the link. This is to make sure
the link is up before we access configuration space.
[bhelgaas: changelog]
Signed-off-by: Ley Foon Tan <lftan@altera.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Claudius Heine <claudius.heine.ext@siemens.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ley Foon Tan [Tue, 21 Jun 2016 08:53:12 +0000 (16:53 +0800)]
PCI: altera: Check link status before retrain link
commit
c622032ebc538cb3869c312ae3ad235a99da84b6 upstream.
Check the link status before retraining. If the link is not up, don't
bother trying to retrain it.
[bhelgaas: split code move to separate patch, changelog]
Signed-off-by: Ley Foon Tan <lftan@altera.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Claudius Heine <claudius.heine.ext@siemens.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bjorn Helgaas [Fri, 22 Jul 2016 20:54:41 +0000 (15:54 -0500)]
PCI: altera: Reorder read/write functions
commit
f8be11ae3d2c9a1338da37ff91ff4c65922d21be upstream.
Move cra_writel(), cra_readl(), and altera_pcie_link_is_up() so a future
patch can use them in altera_pcie_retrain(). No functional change
intended.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Claudius Heine <claudius.heine.ext@siemens.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ley Foon Tan [Wed, 2 Mar 2016 09:43:07 +0000 (17:43 +0800)]
PCI: altera: Fix altera_pcie_link_is_up()
commit
eff31f4002c4e25b9b8c39d0a3a551c6c64c77e8 upstream.
Originally altera_pcie_link_is_up() decided the link was up if any of the
low four bits of the LTSSM register were set. But the link is only up if
the LTSSM state is L0, so check for that exact value.
[bhelgaas: changelog]
Signed-off-by: Ley Foon Tan <lftan@altera.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Claudius Heine <claudius.heine.ext@siemens.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Christoph Lameter [Tue, 8 Jan 2019 23:23:00 +0000 (15:23 -0800)]
slab: alien caches must not be initialized if the allocation of the alien cache failed
commit
09c2e76ed734a1d36470d257a778aaba28e86531 upstream.
Callers of __alloc_alien() check for NULL. We must do the same check in
__alloc_alien_cache to avoid NULL pointer dereferences on allocation
failures.
Link: http://lkml.kernel.org/r/010001680f42f192-82b4e12e-1565-4ee0-ae1f-1e98974906aa-000000@email.amazonses.com
Fixes:
49dfc304ba241 ("slab: use the lock on alien_cache, instead of the lock on array_cache")
Fixes:
c8522a3a5832b ("Slab: introduce alloc_alien")
Signed-off-by: Christoph Lameter <cl@linux.com>
Reported-by: syzbot+d6ed4ec679652b4fd4e4@syzkaller.appspotmail.com
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jack Stocker [Thu, 3 Jan 2019 21:56:53 +0000 (21:56 +0000)]
USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
commit
3483254b89438e60f719937376c5e0ce2bc46761 upstream.
To match the Corsair Strafe RGB, the Corsair K70 RGB also requires
USB_QUIRK_DELAY_CTRL_MSG to completely resolve boot connection issues
discussed here: https://github.com/ckb-next/ckb-next/issues/42.
Otherwise roughly 1 in 10 boots the keyboard will fail to be detected.
Patch that applied delay control quirk for Corsair Strafe RGB:
cb88a0588717 ("usb: quirks: add control message delay for 1b1c:1b20")
Previous K70 RGB patch to add delay-init quirk:
7a1646d92257 ("Add delay-init quirk for Corsair K70 RGB keyboards")
Signed-off-by: Jack Stocker <jackstocker.93@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Icenowy Zheng [Thu, 3 Jan 2019 03:26:18 +0000 (11:26 +0800)]
USB: storage: add quirk for SMI SM3350
commit
0a99cc4b8ee83885ab9f097a3737d1ab28455ac0 upstream.
The SMI SM3350 USB-UFS bridge controller cannot handle long sense request
correctly and will make the chip refuse to do read/write when requested
long sense.
Add a bad sense quirk for it.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Cc: stable <stable@vger.kernel.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Icenowy Zheng [Thu, 3 Jan 2019 03:26:17 +0000 (11:26 +0800)]
USB: storage: don't insert sane sense for SPC3+ when bad sense specified
commit
c5603d2fdb424849360fe7e3f8c1befc97571b8c upstream.
Currently the code will set US_FL_SANE_SENSE flag unconditionally if
device claims SPC3+, however we should allow US_FL_BAD_SENSE flag to
prevent this behavior, because SMI SM3350 UFS-USB bridge controller,
which claims SPC4, will show strange behavior with 96-byte sense
(put the chip into a wrong state that cannot read/write anything).
Check the presence of US_FL_BAD_SENSE when assuming US_FL_SANE_SENSE on
SPC4+ devices.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Cc: stable <stable@vger.kernel.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Daniele Palmas [Fri, 28 Dec 2018 15:15:41 +0000 (16:15 +0100)]
usb: cdc-acm: send ZLP for Telit 3G Intel based modems
commit
34aabf918717dd14e05051896aaecd3b16b53d95 upstream.
Telit 3G Intel based modems require zero packet to be sent if
out data size is equal to the endpoint max packet size.
Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ross Lagerwall [Tue, 8 Jan 2019 18:30:57 +0000 (18:30 +0000)]
cifs: Fix potential OOB access of lock element array
commit
b9a74cde94957d82003fb9f7ab4777938ca851cd upstream.
If maxBuf is small but non-zero, it could result in a zero sized lock
element array which we would then try and access OOB.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Pavel Shilovsky [Thu, 10 Jan 2019 19:27:28 +0000 (11:27 -0800)]
CIFS: Do not hide EINTR after sending network packets
commit
ee13919c2e8d1f904e035ad4b4239029a8994131 upstream.
Currently we hide EINTR code returned from sock_sendmsg()
and return 0 instead. This makes a caller think that we
successfully completed the network operation which is not
true. Fix this by properly returning EINTR to callers.
Cc: <stable@vger.kernel.org>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Shaokun Zhang [Mon, 5 Nov 2018 10:49:09 +0000 (18:49 +0800)]
btrfs: tree-checker: Fix misleading group system information
commit
761333f2f50ccc887aa9957ae829300262c0d15b upstream.
block_group_err shows the group system as a decimal value with a '0x'
prefix, which is somewhat misleading.
Fix it to print hexadecimal, as was intended.
Fixes:
fce466eab7ac6 ("btrfs: tree-checker: Verify block_group_item")
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Shaokun Zhang <zhangshaokun@hisilicon.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Thu, 27 Sep 2018 23:59:34 +0000 (07:59 +0800)]
btrfs: tree-checker: Check level for leaves and nodes
commit
f556faa46eb4e96d0d0772e74ecf66781e132f72 upstream.
Although we have tree level check at tree read runtime, it's completely
based on its parent level.
We still need to do accurate level check to avoid invalid tree blocks
sneak into kernel space.
The check itself is simple, for leaf its level should always be 0.
For nodes its level should be in range [1, BTRFS_MAX_LEVEL - 1].
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Su Yue <suy.fnst@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4:
- Pass root instead of fs_info to generic_err()
- Adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Wed, 1 Aug 2018 02:37:17 +0000 (10:37 +0800)]
btrfs: Verify that every chunk has corresponding block group at mount time
commit
7ef49515fa6727cb4b6f2f5b0ffbc5fc20a9f8c6 upstream.
If a crafted image has missing block group items, it could cause
unexpected behavior and breaks the assumption of 1:1 chunk<->block group
mapping.
Although we have the block group -> chunk mapping check, we still need
chunk -> block group mapping check.
This patch will do extra check to ensure each chunk has its
corresponding block group.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199847
Reported-by: Xu Wen <wen.xu@gatech.edu>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Gu Jinxiang <gujx@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4: adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Wed, 1 Aug 2018 02:37:16 +0000 (10:37 +0800)]
btrfs: Check that each block group has corresponding chunk at mount time
commit
514c7dca85a0bf40be984dab0b477403a6db901f upstream.
A crafted btrfs image with incorrect chunk<->block group mapping will
trigger a lot of unexpected things as the mapping is essential.
Although the problem can be caught by block group item checker
added in "btrfs: tree-checker: Verify block_group_item", it's still not
sufficient. A sufficiently valid block group item can pass the check
added by the mentioned patch but could fail to match the existing chunk.
This patch will add extra block group -> chunk mapping check, to ensure
we have a completely matching (start, len, flags) chunk for each block
group at mount time.
Here we reuse the original helper find_first_block_group(), which is
already doing the basic bg -> chunk checks, adding further checks of the
start/len and type flags.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199837
Reported-by: Xu Wen <wen.xu@gatech.edu>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Su Yue <suy.fnst@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4: Use root->fs_info instead of fs_info]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gu Jinxiang [Wed, 4 Jul 2018 10:16:39 +0000 (18:16 +0800)]
btrfs: validate type when reading a chunk
commit
315409b0098fb2651d86553f0436b70502b29bb2 upstream.
Reported in https://bugzilla.kernel.org/show_bug.cgi?id=199839, with an
image that has an invalid chunk type but does not return an error.
Add chunk type check in btrfs_check_chunk_valid, to detect the wrong
type combinations.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199839
Reported-by: Xu Wen <wen.xu@gatech.edu>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Gu Jinxiang <gujx@cn.fujitsu.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4: Use root->fs_info instead of fs_info]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Tue, 3 Jul 2018 09:10:06 +0000 (17:10 +0800)]
btrfs: tree-checker: Detect invalid and empty essential trees
commit
ba480dd4db9f1798541eb2d1c423fc95feee8d36 upstream.
A crafted image has empty root tree block, which will later cause NULL
pointer dereference.
The following trees should never be empty:
1) Tree root
Must contain at least root items for extent tree, device tree and fs
tree
2) Chunk tree
Or we can't even bootstrap as it contains the mapping.
3) Fs tree
At least inode item for top level inode (.).
4) Device tree
Dev extents for chunks
5) Extent tree
Must have corresponding extent for each chunk.
If any of them is empty, we are sure the fs is corrupted and no need to
mount it.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199847
Reported-by: Xu Wen <wen.xu@gatech.edu>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Tested-by: Gu Jinxiang <gujx@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4: Pass root instead of fs_info to generic_err()]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Tue, 3 Jul 2018 09:10:05 +0000 (17:10 +0800)]
btrfs: tree-checker: Verify block_group_item
commit
fce466eab7ac6baa9d2dcd88abcf945be3d4a089 upstream.
A crafted image with invalid block group items could make free space cache
code to cause panic.
We could detect such invalid block group item by checking:
1) Item size
Known fixed value.
2) Block group size (key.offset)
We have an upper limit on block group item (10G)
3) Chunk objectid
Known fixed value.
4) Type
Only 4 valid type values, DATA, METADATA, SYSTEM and DATA|METADATA.
No more than 1 bit set for profile type.
5) Used space
No more than the block group size.
This should allow btrfs to detect and refuse to mount the crafted image.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199849
Reported-by: Xu Wen <wen.xu@gatech.edu>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Gu Jinxiang <gujx@cn.fujitsu.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Tested-by: Gu Jinxiang <gujx@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4:
- In check_leaf_item(), pass root->fs_info to check_block_group_item()
- Include <linux/sizes.h> (in ctree.h, to match upstream)
- Adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
David Sterba [Wed, 10 Jan 2018 14:13:07 +0000 (15:13 +0100)]
btrfs: tree-check: reduce stack consumption in check_dir_item
commit
e2683fc9d219430f5b78889b50cde7f40efeba7b upstream.
I've noticed that the updated item checker stack consumption increased
dramatically in
542f5385e20cf97447 ("btrfs: tree-checker: Add checker
for dir item")
tree-checker.c:check_leaf +552 (176 -> 728)
The array is 255 bytes long, dynamic allocation would slow down the
sanity checks so it's more reasonable to keep it on-stack. Moving the
variable to the scope of use reduces the stack usage again
tree-checker.c:check_leaf -264 (728 -> 464)
Reviewed-by: Josef Bacik <jbacik@fb.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Arnd Bergmann [Wed, 6 Dec 2017 14:18:14 +0000 (15:18 +0100)]
btrfs: tree-checker: use %zu format string for size_t
commit
7cfad65297bfe0aa2996cd72d21c898aa84436d9 upstream.
The return value of sizeof() is of type size_t, so we must print it
using the %z format modifier rather than %l to avoid this warning
on some architectures:
fs/btrfs/tree-checker.c: In function 'check_dir_item':
fs/btrfs/tree-checker.c:273:50: error: format '%lu' expects argument of type 'long unsigned int', but argument 5 has type 'u32' {aka 'unsigned int'} [-Werror=format=]
Fixes:
005887f2e3e0 ("btrfs: tree-checker: Add checker for dir item")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Wed, 8 Nov 2017 00:54:25 +0000 (08:54 +0800)]
btrfs: tree-checker: Add checker for dir item
commit
ad7b0368f33cffe67fecd302028915926e50ef7e upstream.
Add checker for dir item, for key types DIR_ITEM, DIR_INDEX and
XATTR_ITEM.
This checker does comprehensive checks for:
1) dir_item header and its data size
Against item boundary and maximum name/xattr length.
This part is mostly the same as old verify_dir_item().
2) dir_type
Against maximum file types, and against key type.
Since XATTR key should only have FT_XATTR dir item, and normal dir
item type should not have XATTR key.
The check between key->type and dir_type is newly introduced by this
patch.
3) name hash
For XATTR and DIR_ITEM key, key->offset is name hash (crc32c).
Check the hash of the name against the key to ensure it's correct.
The name hash check is only found in btrfs-progs before this patch.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Su Yue <suy.fnst@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4: BTRFS_MAX_XATTR_SIZE() takes a root instead of an
fs_info, and yields a value of type size_t instead of unsigned int]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Wed, 8 Nov 2017 00:54:24 +0000 (08:54 +0800)]
btrfs: tree-checker: Fix false panic for sanity test
commit
69fc6cbbac542c349b3d350d10f6e394c253c81d upstream.
[BUG]
If we run btrfs with CONFIG_BTRFS_FS_RUN_SANITY_TESTS=y, it will
instantly cause kernel panic like:
------
...
assertion failed: 0, file: fs/btrfs/disk-io.c, line: 3853
...
Call Trace:
btrfs_mark_buffer_dirty+0x187/0x1f0 [btrfs]
setup_items_for_insert+0x385/0x650 [btrfs]
__btrfs_drop_extents+0x129a/0x1870 [btrfs]
...
-----
[Cause]
Btrfs will call btrfs_check_leaf() in btrfs_mark_buffer_dirty() to check
if the leaf is valid with CONFIG_BTRFS_FS_RUN_SANITY_TESTS=y.
However quite some btrfs_mark_buffer_dirty() callers(*) don't really
initialize its item data but only initialize its item pointers, leaving
item data uninitialized.
This makes tree-checker catch uninitialized data as error, causing
such panic.
*: These callers include but not limited to
setup_items_for_insert()
btrfs_split_item()
btrfs_expand_item()
[Fix]
Add a new parameter @check_item_data to btrfs_check_leaf().
With @check_item_data set to false, item data check will be skipped and
fallback to old btrfs_check_leaf() behavior.
So we can still get early warning if we screw up item pointers, and
avoid false panic.
Cc: Filipe Manana <fdmanana@gmail.com>
Reported-by: Lakshmipathi.G <lakshmipathi.g@gmail.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4: adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Mon, 9 Oct 2017 01:51:03 +0000 (01:51 +0000)]
btrfs: tree-checker: Enhance btrfs_check_node output
commit
bba4f29896c986c4cec17bc0f19f2ce644fceae1 upstream.
Use inline function to replace macro since we don't need
stringification.
(Macro still exists until all callers get updated)
And add more info about the error, and replace EIO with EUCLEAN.
For nr_items error, report if it's too large or too small, and output
the valid value range.
For node block pointer, added a new alignment checker.
For key order, also output the next key to make the problem more
obvious.
Signed-off-by: Qu Wenruo <quwenruo.btrfs@gmx.com>
[ wording adjustments, unindented long strings ]
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4:
- Use root->sectorsize instead of root->fs_info->sectorsize
- BTRFS_NODEPTRS_PER_BLOCK() takes a root instead of an fs_info, and yields
a value of type size_t instead of unsigned int]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Mon, 9 Oct 2017 01:51:02 +0000 (01:51 +0000)]
btrfs: Move leaf and node validation checker to tree-checker.c
commit
557ea5dd003d371536f6b4e8f7c8209a2b6fd4e3 upstream.
It's no doubt the comprehensive tree block checker will become larger,
so moving them into their own files is quite reasonable.
Signed-off-by: Qu Wenruo <quwenruo.btrfs@gmx.com>
[ wording adjustments ]
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4:
- The moved code is slightly different
- Adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Wed, 23 Aug 2017 07:57:59 +0000 (16:57 +0900)]
btrfs: Add checker for EXTENT_CSUM
commit
4b865cab96fe2a30ed512cf667b354bd291b3b0a upstream.
EXTENT_CSUM checker is a relatively easy one, only needs to check:
1) Objectid
Fixed to BTRFS_EXTENT_CSUM_OBJECTID
2) Key offset alignment
Must be aligned to sectorsize
3) Item size alignedment
Must be aligned to csum size
Signed-off-by: Qu Wenruo <quwenruo.btrfs@gmx.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4: Use root->sectorsize instead of
root->fs_info->sectorsize]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Wed, 23 Aug 2017 07:57:58 +0000 (16:57 +0900)]
btrfs: Add sanity check for EXTENT_DATA when reading out leaf
commit
40c3c40947324d9f40bf47830c92c59a9bbadf4a upstream.
Add extra checks for item with EXTENT_DATA type. This checks the
following thing:
0) Key offset
All key offsets must be aligned to sectorsize.
Inline extent must have 0 for key offset.
1) Item size
Uncompressed inline file extent size must match item size.
(Compressed inline file extent has no information about its on-disk size.)
Regular/preallocated file extent size must be a fixed value.
2) Every member of regular file extent item
Including alignment for bytenr and offset, possible value for
compression/encryption/type.
3) Type/compression/encode must be one of the valid values.
This should be the most comprehensive and strict check in the context
of btrfs_item for EXTENT_DATA.
Signed-off-by: Qu Wenruo <quwenruo.btrfs@gmx.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ switch to BTRFS_FILE_EXTENT_TYPES, similar to what
BTRFS_COMPRESS_TYPES does ]
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4:
- Use root->sectorsize instead of root->fs_info->sectorsize
- Adjust filename]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Wed, 23 Aug 2017 07:57:57 +0000 (16:57 +0900)]
btrfs: Check if item pointer overlaps with the item itself
commit
7f43d4affb2a254d421ab20b0cf65ac2569909fb upstream.
Function check_leaf() checks if any item pointer points outside of the
leaf, but it doesn't check if the pointer overlaps with the item itself.
Normally only the last item may be the victim, but adding such check is
never a bad idea anyway.
Signed-off-by: Qu Wenruo <quwenruo.btrfs@gmx.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qu Wenruo [Wed, 23 Aug 2017 07:57:56 +0000 (16:57 +0900)]
btrfs: Refactor check_leaf function for later expansion
commit
c3267bbaa9cae09b62960eafe33ad19196803285 upstream.
Current check_leaf() function does a good job checking key order and
item offset/size.
However it only checks from slot 0 to the last but one slot, this is
good but makes later expansion hard.
So this refactoring iterates from slot 0 to the last slot.
For key comparison, it uses a key with all 0 as initial key, so all
valid keys should be larger than that.
And for item size/offset checks, it compares current item end with
previous item offset.
For slot 0, use leaf end as a special case.
This makes later item/key offset checks and item size checks easier to
be implemented.
Also, makes check_leaf() to return -EUCLEAN other than -EIO to indicate
error.
Signed-off-by: Qu Wenruo <quwenruo.btrfs@gmx.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4:
- BTRFS_LEAF_DATA_SIZE() takes a root rather than an fs_info
- Adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jeff Mahoney [Thu, 29 Jun 2017 03:56:53 +0000 (21:56 -0600)]
btrfs: struct-funcs, constify readers
commit
1cbb1f454e5321e47fc1e6b233066c7ccc979d15 upstream.
We have reader helpers for most of the on-disk structures that use
an extent_buffer and pointer as offset into the buffer that are
read-only. We should mark them as const and, in turn, allow consumers
of these interfaces to mark the buffers const as well.
No impact on code, but serves as documentation that a buffer is intended
not to be modified.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Filipe Manana [Wed, 23 Nov 2016 16:21:18 +0000 (16:21 +0000)]
Btrfs: fix emptiness check for dirtied extent buffers at check_leaf()
commit
f177d73949bf758542ca15a1c1945bd2e802cc65 upstream.
We can not simply use the owner field from an extent buffer's header to
get the id of the respective tree when the extent buffer is from a
relocation tree. When we create the root for a relocation tree we leave
(on purpose) the owner field with the same value as the subvolume's tree
root (we do this at ctree.c:btrfs_copy_root()). So we must ignore extent
buffers from relocation trees, which have the BTRFS_HEADER_FLAG_RELOC
flag set, because otherwise we will always consider the extent buffer
as not being the root of the tree (the root of original subvolume tree
is always different from the root of the respective relocation tree).
This lead to assertion failures when running with the integrity checker
enabled (CONFIG_BTRFS_FS_CHECK_INTEGRITY=y) such as the following:
[ 643.393409] BTRFS critical (device sdg): corrupt leaf, non-root leaf's nritems is 0: block=
38506496, root=260, slot=0
[ 643.397609] BTRFS info (device sdg): leaf
38506496 total ptrs 0 free space 3995
[ 643.407075] assertion failed: 0, file: fs/btrfs/disk-io.c, line: 4078
[ 643.408425] ------------[ cut here ]------------
[ 643.409112] kernel BUG at fs/btrfs/ctree.h:3419!
[ 643.409773] invalid opcode: 0000 [#1] PREEMPT SMP
[ 643.410447] Modules linked in: dm_flakey dm_mod crc32c_generic btrfs xor raid6_pq ppdev psmouse acpi_cpufreq parport_pc evdev parport tpm_tis tpm_tis_core pcspkr serio_raw i2c_piix4 sg tpm i2c_core button processor loop autofs4 ext4 crc16 jbd2 mbcache sr_mod cdrom sd_mod ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring scsi_mod virtio e1000 floppy
[ 643.414356] CPU: 11 PID: 32726 Comm: btrfs Not tainted 4.8.0-rc8-btrfs-next-35+ #1
[ 643.414356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
[ 643.414356] task:
ffff880145e95b00 task.stack:
ffff88014826c000
[ 643.414356] RIP: 0010:[<
ffffffffa0352759>] [<
ffffffffa0352759>] assfail.constprop.41+0x1c/0x1e [btrfs]
[ 643.414356] RSP: 0018:
ffff88014826fa28 EFLAGS:
00010292
[ 643.414356] RAX:
0000000000000039 RBX:
ffff88014e2d7c38 RCX:
0000000000000001
[ 643.414356] RDX:
ffff88023f4d2f58 RSI:
ffffffff81806c63 RDI:
00000000ffffffff
[ 643.414356] RBP:
ffff88014826fa28 R08:
0000000000000001 R09:
0000000000000000
[ 643.414356] R10:
ffff88014826f918 R11:
ffffffff82f3c5ed R12:
ffff880172910000
[ 643.414356] R13:
ffff880233992230 R14:
ffff8801a68a3310 R15:
fffffffffffffff8
[ 643.414356] FS:
00007f9ca305e8c0(0000) GS:
ffff88023f4c0000(0000) knlGS:
0000000000000000
[ 643.414356] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 643.414356] CR2:
00007f9ca3071000 CR3:
000000015d01b000 CR4:
00000000000006e0
[ 643.414356] Stack:
[ 643.414356]
ffff88014826fa50 ffffffffa02d655a 000000000000000a ffff88014e2d7c38
[ 643.414356]
0000000000000000 ffff88014826faa8 ffffffffa02b72f3 ffff88014826fab8
[ 643.414356]
00ffffffa03228e4 0000000000000000 0000000000000000 ffff8801bbd4e000
[ 643.414356] Call Trace:
[ 643.414356] [<
ffffffffa02d655a>] btrfs_mark_buffer_dirty+0xdf/0xe5 [btrfs]
[ 643.414356] [<
ffffffffa02b72f3>] btrfs_copy_root+0x18a/0x1d1 [btrfs]
[ 643.414356] [<
ffffffffa0322921>] create_reloc_root+0x72/0x1ba [btrfs]
[ 643.414356] [<
ffffffffa03267c2>] btrfs_init_reloc_root+0x7b/0xa7 [btrfs]
[ 643.414356] [<
ffffffffa02d9e44>] record_root_in_trans+0xdf/0xed [btrfs]
[ 643.414356] [<
ffffffffa02db04e>] btrfs_record_root_in_trans+0x50/0x6a [btrfs]
[ 643.414356] [<
ffffffffa030ad2b>] create_subvol+0x472/0x773 [btrfs]
[ 643.414356] [<
ffffffffa030b406>] btrfs_mksubvol+0x3da/0x463 [btrfs]
[ 643.414356] [<
ffffffffa030b406>] ? btrfs_mksubvol+0x3da/0x463 [btrfs]
[ 643.414356] [<
ffffffff810781ac>] ? preempt_count_add+0x65/0x68
[ 643.414356] [<
ffffffff811a6e97>] ? __mnt_want_write+0x62/0x77
[ 643.414356] [<
ffffffffa030b55d>] btrfs_ioctl_snap_create_transid+0xce/0x187 [btrfs]
[ 643.414356] [<
ffffffffa030b67d>] btrfs_ioctl_snap_create+0x67/0x81 [btrfs]
[ 643.414356] [<
ffffffffa030ecfd>] btrfs_ioctl+0x508/0x20dd [btrfs]
[ 643.414356] [<
ffffffff81293e39>] ? __this_cpu_preempt_check+0x13/0x15
[ 643.414356] [<
ffffffff81155eca>] ? handle_mm_fault+0x976/0x9ab
[ 643.414356] [<
ffffffff81091300>] ? arch_local_irq_save+0x9/0xc
[ 643.414356] [<
ffffffff8119a2b0>] vfs_ioctl+0x18/0x34
[ 643.414356] [<
ffffffff8119a8e8>] do_vfs_ioctl+0x581/0x600
[ 643.414356] [<
ffffffff814b9552>] ? entry_SYSCALL_64_fastpath+0x5/0xa8
[ 643.414356] [<
ffffffff81093fe9>] ? trace_hardirqs_on_caller+0x17b/0x197
[ 643.414356] [<
ffffffff8119a9be>] SyS_ioctl+0x57/0x79
[ 643.414356] [<
ffffffff814b9565>] entry_SYSCALL_64_fastpath+0x18/0xa8
[ 643.414356] [<
ffffffff81091b08>] ? trace_hardirqs_off_caller+0x3f/0xaa
[ 643.414356] Code: 89 83 88 00 00 00 31 c0 5b 41 5c 41 5d 5d c3 55 89 f1 48 c7 c2 98 bc 35 a0 48 89 fe 48 c7 c7 05 be 35 a0 48 89 e5 e8 13 46 dd e0 <0f> 0b 55 89 f1 48 c7 c2 9f d3 35 a0 48 89 fe 48 c7 c7 7a d5 35
[ 643.414356] RIP [<
ffffffffa0352759>] assfail.constprop.41+0x1c/0x1e [btrfs]
[ 643.414356] RSP <
ffff88014826fa28>
[ 643.468267] ---[ end trace
6a1b3fb1a9d7d6e3 ]---
This can be easily reproduced by running xfstests with the integrity
checker enabled.
Fixes:
1ba98d086fe3 (Btrfs: detect corruption when non-root leaf has zero item)
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Liu Bo [Fri, 23 Sep 2016 20:44:44 +0000 (13:44 -0700)]
Btrfs: memset to avoid stale content in btree leaf
commit
851cd173f06045816528176001cf82948282029c upstream.
This is an additional patch to
"Btrfs: memset to avoid stale content in btree node block".
This uses memset to initialize the unused space in a leaf to avoid
potential stale content, which may be incurred by pushing items
between sibling leaves.
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Liu Bo [Thu, 15 Sep 2016 02:19:05 +0000 (19:19 -0700)]
Btrfs: kill BUG_ON in run_delayed_tree_ref
commit
02794222c4132ac003e7281fb71f4ec1645ffc87 upstream.
In a corrupted btrfs image, we can come across this BUG_ON and
get an unreponsive system, but if we return errors instead,
its caller can handle everything gracefully by aborting the current
transaction.
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Liu Bo [Thu, 15 Sep 2016 00:23:24 +0000 (17:23 -0700)]
Btrfs: improve check_node to avoid reading corrupted nodes
commit
6b722c1747d533ac6d4df110dc8233db46918b65 upstream.
We need to check items in a node to make sure that we're reading
a valid one, otherwise we could get various crashes while processing
delayed_refs.
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Liu Bo [Thu, 15 Sep 2016 00:22:57 +0000 (17:22 -0700)]
Btrfs: memset to avoid stale content in btree node block
commit
3eb548ee3a8042d95ad81be254e67a5222c24e03 upstream.
During updating btree, we could push items between sibling
nodes/leaves, for leaves data sections starts reversely from
the end of the block while for nodes we only have key pairs
which are stored one by one from the start of the block.
So we could do try to push key pairs from one node to the next
node right in the tree, and after that, we update the node's
nritems to reflect the correct end while leaving the stale
content in the node. One may intentionally corrupt the fs
image and access the stale content by bumping the nritems and
causes various crashes.
This takes the in-memory @nritems as the correct one and
gets to memset the unused part of a btree node.
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Liu Bo [Fri, 2 Sep 2016 19:35:34 +0000 (12:35 -0700)]
Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty
commit
ef85b25e982b5bba1530b936e283ef129f02ab9d upstream.
This can only happen with CONFIG_BTRFS_FS_CHECK_INTEGRITY=y.
Commit
1ba98d0 ("Btrfs: detect corruption when non-root leaf has zero item")
assumes that a leaf is its root when leaf->bytenr == btrfs_root_bytenr(root),
however, we should not use btrfs_root_bytenr(root) since it's mainly got
updated during committing transaction. So the check can fail when doing
COW on this leaf while it is a root.
This changes to use "if (leaf == btrfs_root_node(root))" instead, just like
how we check whether leaf is a root in __btrfs_cow_block().
Fixes:
1ba98d086fe3 (Btrfs: detect corruption when non-root leaf has zero item)
Reported-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>