Commit graph

102 commits

Author SHA1 Message Date
Greg Kroah-Hartman
a94efb1c27 This is the 4.4.160 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlu9oZ4ACgkQONu9yGCS
 aT5wmw/6As7cB5ufEFIVzCU3xJdf2yrD/+iaAY4fJUFWrgsqvImvwTeGyGm05AK2
 /7VHaIW3ATmfLbgE4Qsq+eP/rfNPqkfDd7rVCIfrP3r51XhmP/e6/Mnfd3NN9K+O
 FbRDc5U9kirzItAUsm1z9ntCuZDRfMdbazDAHB7eFlO2DgmV+u+o5KbzoeGM4mRk
 IIDbdROW3sRmoPhubHBYZmGKFL+WNMxG/V1x+3iVnM1TNeGFgfR0NXaQ4s2lqdz8
 tiJ0SNxcfEy/rAa1BgyuaKCcIXrD3OjaWOLYTB8Lr2PDn3WIyvpTw3sD2puCYWB9
 zKLzKL/zPo4VK4wFAXZwbEhJuYrxRv4EsqyKKIdVzHeKtyMfHzMZg2uhnT1luLd8
 yFiagE66H/Nn4SUznkD/bZNn1Zvyz7ME1AXq/L5go8HfuF2qVxaq/tczTJSCKsmH
 M195RmR6JJ9ZF63mvyfopdyErcPXmBjnOgVb7TNXRa3yNyjZBFXvAUQQg/ZPkidl
 81WsNVRyOr2LKpHmhceEcrXICqLmederLW/ZYc3+Ti8GnCf0AVL1bcnwAFygqvfp
 Liq1YTWfqZl3/LHTCn1Jp3PduCgUAIREjP4g/YaHHJs+HfnZuvZcSa5maf1TieVk
 IYbVtzkeKW8nTMGQnDazMl/LVmjV0bsA8tLakDW4ClUKRxX4nNI=
 =99U3
 -----END PGP SIGNATURE-----

Merge 4.4.160 into android-4.4

Changes in 4.4.160
	crypto: skcipher - Fix -Wstringop-truncation warnings
	tsl2550: fix lux1_input error in low light
	vmci: type promotion bug in qp_host_get_user_memory()
	x86/numa_emulation: Fix emulated-to-physical node mapping
	staging: rts5208: fix missing error check on call to rtsx_write_register
	uwb: hwa-rc: fix memory leak at probe
	power: vexpress: fix corruption in notifier registration
	Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
	USB: serial: kobil_sct: fix modem-status error handling
	6lowpan: iphc: reset mac_header after decompress to fix panic
	md-cluster: clear another node's suspend_area after the copy is finished
	media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
	powerpc/kdump: Handle crashkernel memory reservation failure
	media: fsl-viu: fix error handling in viu_of_probe()
	x86/tsc: Add missing header to tsc_msr.c
	x86/entry/64: Add two more instruction suffixes
	scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size
	scsi: klist: Make it safe to use klists in atomic context
	scsi: ibmvscsi: Improve strings handling
	usb: wusbcore: security: cast sizeof to int for comparison
	powerpc/powernv/ioda2: Reduce upper limit for DMA window size
	alarmtimer: Prevent overflow for relative nanosleep
	s390/extmem: fix gcc 8 stringop-overflow warning
	ALSA: snd-aoa: add of_node_put() in error path
	media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
	media: soc_camera: ov772x: correct setting of banding filter
	media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
	staging: android: ashmem: Fix mmap size validation
	drivers/tty: add error handling for pcmcia_loop_config
	media: tm6000: add error handling for dvb_register_adapter
	ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
	ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
	rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
	wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
	ARM: mvebu: declare asm symbols as character arrays in pmsu.c
	HID: hid-ntrig: add error handling for sysfs_create_group
	scsi: bnx2i: add error handling for ioremap_nocache
	EDAC, i7core: Fix memleaks and use-after-free on probe and remove
	ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
	module: exclude SHN_UNDEF symbols from kallsyms api
	nfsd: fix corrupted reply to badly ordered compound
	ARM: dts: dra7: fix DCAN node addresses
	floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
	serial: cpm_uart: return immediately from console poll
	spi: tegra20-slink: explicitly enable/disable clock
	spi: sh-msiof: Fix invalid SPI use during system suspend
	spi: sh-msiof: Fix handling of write value for SISTR register
	spi: rspi: Fix invalid SPI use during system suspend
	spi: rspi: Fix interrupted DMA transfers
	USB: fix error handling in usb_driver_claim_interface()
	USB: handle NULL config in usb_find_alt_setting()
	slub: make ->cpu_partial unsigned int
	media: uvcvideo: Support realtek's UVC 1.5 device
	USB: usbdevfs: sanitize flags more
	USB: usbdevfs: restore warning for nonsensical flags
	Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()"
	USB: remove LPM management from usb_driver_claim_interface()
	Input: elantech - enable middle button of touchpad on ThinkPad P72
	IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
	scsi: target: iscsi: Use bin2hex instead of a re-implementation
	serial: imx: restore handshaking irq for imx1
	arm64: KVM: Tighten guest core register access from userspace
	ext4: never move the system.data xattr out of the inode body
	thermal: of-thermal: disable passive polling when thermal zone is disabled
	net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
	e1000: check on netif_running() before calling e1000_up()
	e1000: ensure to free old tx/rx rings in set_ringparam()
	hwmon: (ina2xx) fix sysfs shunt resistor read access
	hwmon: (adt7475) Make adt7475_read_word() return errors
	i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
	arm64: cpufeature: Track 32bit EL0 support
	arm64: KVM: Sanitize PSTATE.M when being set from userspace
	media: v4l: event: Prevent freeing event subscriptions while accessed
	KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
	mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
	mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
	gpio: adp5588: Fix sleep-in-atomic-context bug
	mac80211: mesh: fix HWMP sequence numbering to follow standard
	cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
	RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
	i2c: uniphier: issue STOP only for last message or I2C_M_STOP
	i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP
	net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx()
	fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
	cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
	mac80211: fix a race between restart and CSA flows
	mac80211: Fix station bandwidth setting after channel switch
	mac80211: shorten the IBSS debug messages
	tools/vm/slabinfo.c: fix sign-compare warning
	tools/vm/page-types.c: fix "defined but not used" warning
	mm: madvise(MADV_DODUMP): allow hugetlbfs pages
	usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
	perf probe powerpc: Ignore SyS symbols irrespective of endianness
	RDMA/ucma: check fd type in ucma_migrate_id()
	USB: yurex: Check for truncation in yurex_read()
	drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
	fs/cifs: suppress a string overflow warning
	dm thin metadata: try to avoid ever aborting transactions
	arch/hexagon: fix kernel/dma.c build warning
	hexagon: modify ffs() and fls() to return int
	arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto"
	r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
	s390/qeth: don't dump past end of unknown HW header
	cifs: read overflow in is_valid_oplock_break()
	xen/manage: don't complain about an empty value in control/sysrq node
	xen: avoid crash in disable_hotplug_cpu
	xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
	smb2: fix missing files in root share directory listing
	ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
	crypto: mxs-dcp - Fix wait logic on chan threads
	proc: restrict kernel stack dumps to root
	ocfs2: fix locking for res->tracking and dlm->tracking_list
	dm thin metadata: fix __udivdi3 undefined on 32-bit
	Linux 4.4.160

Change-Id: I54d72945f741d6b4442adcd7bc18cb5417accb0f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2018-10-10 20:12:41 +02:00
Theodore Ts'o
cd3d646375 ext4: never move the system.data xattr out of the inode body
commit 8cdb5240ec5928b20490a2bb34cb87e9a5f40226 upstream.

When expanding the extra isize space, we must never move the
system.data xattr out of the inode body.  For performance reasons, it
doesn't make any sense, and the inline data implementation assumes
that system.data xattr is never in the external xattr block.

This addresses CVE-2018-10880

https://bugzilla.kernel.org/show_bug.cgi?id=200005

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-10-10 08:52:08 +02:00
Greg Kroah-Hartman
d762e28031 This is the 4.4.154 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAluPg1EACgkQONu9yGCS
 aT537Q/+O5bk1aabRFnyL9hsPlL/fRi9uHkpyvO6/upcu+J0Vrx6NQPGDEGLsbc1
 V1yk0V8bzDBdpfIHzqd3ttSzMdlL/ozKesUtG5Eg9gtyo3YDGf5vkrL2A4PRAI3R
 TbwxnPfmy5C2hgAn/N4XXLJj0k95IKrs0HteOS3R1Jyt0FQ0sdHxlfFwE5FoPMGX
 oL1zC/vDq8dNBuf9slVBwaq0QTtFl/cy1yoDKtybOkFOP7NSmXUIkHqhZthDodCu
 kHYAe/E6lxspsZ2GgE+3hyI+UApqMhpqFO53EIFMom9eH6FgVi6nLewDZybm7Wgj
 Oc1S1eo/8WNeoVjCjKNwcBPv4UMX6gsuBZQ3akmv2ib5Qkxe94+DQLcGputKZhQ6
 XxuaTmiY7A4moALGpAt5lJaJ6NQdEl8HlgjKhxhtYnAPsNTOTLH91NY/ND30y02o
 /W2LBf3ossbsWQJuzamldGSAstkbK/+JAw0CMTGhCS4V7bzfFhIo3y169/xb5ReV
 edsMsnXanYXNTyn8jpCb4keCY9mMGwp9SPqhlQ+Kyh6E0mDPvTVQPyd5h4NTkmvN
 881MIwkMmufM8MQhNsTrMSFhr94z6H1kARbzoK3AUd/nJtkCJfl0Zp3wQZjiOUy/
 0kpso+xDmMMmB1Pu7c0Wevt40jadhMrxxREgjFUaN7KzD/PyLtA=
 =GkQW
 -----END PGP SIGNATURE-----

Merge 4.4.154 into android-4.4

Changes in 4.4.154
	sched/sysctl: Check user input value of sysctl_sched_time_avg
	Cipso: cipso_v4_optptr enter infinite loop
	vti6: fix PMTU caching and reporting on xmit
	xfrm: fix missing dst_release() after policy blocking lbcast and multicast
	xfrm: free skb if nlsk pointer is NULL
	mac80211: add stations tied to AP_VLANs during hw reconfig
	nl80211: Add a missing break in parse_station_flags
	drm/bridge: adv7511: Reset registers on hotplug
	scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
	drm/imx: imx-ldb: disable LDB on driver bind
	drm/imx: imx-ldb: check if channel is enabled before printing warning
	usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller()
	usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue()
	usb/phy: fix PPC64 build errors in phy-fsl-usb.c
	tools: usb: ffs-test: Fix build on big endian systems
	usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
	tools/power turbostat: fix -S on UP systems
	net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
	qed: Fix possible race for the link state value.
	atl1c: reserve min skb headroom
	net: prevent ISA drivers from building on PPC32
	can: mpc5xxx_can: check of_iomap return before use
	i2c: davinci: Avoid zero value of CLKH
	media: staging: omap4iss: Include asm/cacheflush.h after generic includes
	bnx2x: Fix invalid memory access in rss hash config path.
	net: axienet: Fix double deregister of mdio
	fscache: Allow cancelled operations to be enqueued
	cachefiles: Fix refcounting bug in backing-file read monitoring
	cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
	selftests/ftrace: Add snapshot and tracing_on test case
	zswap: re-check zswap_is_full() after do zswap_shrink()
	tools/power turbostat: Read extended processor family from CPUID
	Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
	enic: handle mtu change for vf properly
	arc: fix build errors in arc/include/asm/delay.h
	arc: fix type warnings in arc/mm/cache.c
	drivers: net: lmc: fix case value for target abort error
	scsi: fcoe: drop frames in ELS LOGO error path
	scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED
	mm/memory.c: check return value of ioremap_prot
	cifs: add missing debug entries for kconfig options
	cifs: check kmalloc before use
	smb3: Do not send SMB3 SET_INFO if nothing changed
	smb3: don't request leases in symlink creation and query
	btrfs: don't leak ret from do_chunk_alloc
	s390/kvm: fix deadlock when killed by oom
	ext4: check for NUL characters in extended attribute's name
	ext4: sysfs: print ext4_super_block fields as little-endian
	ext4: reset error code in ext4_find_entry in fallback
	arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
	KVM: arm/arm64: Skip updating PTE entry if no change
	KVM: arm/arm64: Skip updating PMD entry if no change
	x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
	x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM
	x86/speculation/l1tf: Suggest what to do on systems with too much RAM
	x86/process: Re-export start_thread()
	fuse: Don't access pipe->buffers without pipe_lock()
	fuse: fix double request_end()
	fuse: fix unlocked access to processing queue
	fuse: umount should wait for all requests
	fuse: Fix oops at process_init_reply()
	fuse: Add missed unlock_page() to fuse_readpages_fill()
	udl-kms: change down_interruptible to down
	udl-kms: handle allocation failure
	udl-kms: fix crash due to uninitialized memory
	ASoC: dpcm: don't merge format from invalid codec dai
	ASoC: sirf: Fix potential NULL pointer dereference
	pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
	x86/irqflags: Mark native_restore_fl extern inline
	x86/spectre: Add missing family 6 check to microcode check
	s390: fix br_r1_trampoline for machines without exrl
	s390/qdio: reset old sbal_state flags
	s390/pci: fix out of bounds access during irq setup
	kprobes: Make list and blacklist root user read only
	MIPS: Correct the 64-bit DSP accumulator register size
	MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
	scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
	scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
	iscsi target: fix session creation failure handling
	cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
	Linux 4.4.154

Change-Id: Ia008eef23c91fbd095f7b3343737cb2864875c52
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2018-09-05 11:09:59 +02:00
Theodore Ts'o
ac92782e4e ext4: check for NUL characters in extended attribute's name
commit 7d95178c77014dbd8dce36ee40bbbc5e6c121ff5 upstream.

Extended attribute names are defined to be NUL-terminated, so the name
must not contain a NUL character.  This is important because there are
places when remove extended attribute, the code uses strlen to
determine the length of the entry.  That should probably be fixed at
some point, but code is currently really messy, so the simplest fix
for now is to simply validate that the extended attributes are sane.

https://bugzilla.kernel.org/show_bug.cgi?id=200401

Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-09-05 09:18:37 +02:00
Greg Kroah-Hartman
b1c4836e57 This is the 4.4.129 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlre3XwACgkQONu9yGCS
 aT5KcRAAxB6w9SbjjlGv+PsN3ISQgnIPjWadBQ12WWnpr1sqZi0wrMZRsNiK5+UN
 wPalUBiLiAIqNoDVSrDUgjyqC+wnQjhM/9tudEBqXQ6TQbSHQfQpZHQabLEtXxCP
 Yd1EHwEgJrCHqaj17oFZFkps20ooKtSnYQ57pyZNem5EPR/ayaMWvo6WM7k6d2hD
 E2WE57ShLbvslYaSvmDXML6o9f/bBKHOuL0GymVtDEUcyTLuw3GZaplnuaSLz6kc
 o7tU2xVV+yajmpiEt4iR40Pgk+pygEGC14OI8dj/YHVotDzJKWnMgQ/HKxr8kyra
 ImQPwu9DmaWqAUGr2SRmE/SXJpKdeYM1rxA/H3pMSaP9nRc2ccHyQF/ASGfHs+Mv
 9hNQBjRugS4UXDzFhRlEh97CyfVa/ZuF0WgiBtBYnXSdXKA1xDq9cVf3UJg7k6om
 1X7HLEVLhVLR7/liPjhOlTj9vrUzc6NcN+uVdfnmspI1BjTBe3ezzLqEP8VTUsNQ
 p/V9r0i6TGR3gYQuTzjU/MaAuBZwj1D5sCnVUphCNUtSJf/0cjQsfYUcgtrtk67U
 9Bjlo0pWHpAXxARiegBY3n5ClkZpdqEnt4Dp2MdR65pTSJ4MfC2UDLemUgB18arU
 IllNzG2GywgQSouH3s5XPNZLkEvX8iK5lUWqRQ7ZiaA/0jVkn70=
 =K6Qy
 -----END PGP SIGNATURE-----

Merge 4.4.129 into android-4.4

Changes in 4.4.129
	media: v4l2-compat-ioctl32: don't oops on overlay
	parisc: Fix out of array access in match_pci_device()
	perf intel-pt: Fix overlap detection to identify consecutive buffers correctly
	perf intel-pt: Fix sync_switch
	perf intel-pt: Fix error recovery from missing TIP packet
	perf intel-pt: Fix timestamp following overflow
	radeon: hide pointless #warning when compile testing
	Revert "perf tests: Decompress kernel module before objdump"
	block/loop: fix deadlock after loop_set_status
	s390/qdio: don't retry EQBS after CCQ 96
	s390/qdio: don't merge ERROR output buffers
	s390/ipl: ensure loadparm valid flag is set
	getname_kernel() needs to make sure that ->name != ->iname in long case
	rtl8187: Fix NULL pointer dereference in priv->conf_mutex
	hwmon: (ina2xx) Fix access to uninitialized mutex
	cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN
	slip: Check if rstate is initialized before uncompressing
	lan78xx: Correctly indicate invalid OTP
	x86/hweight: Get rid of the special calling convention
	x86/hweight: Don't clobber %rdi
	tty: make n_tty_read() always abort if hangup is in progress
	ubifs: Check ubifs_wbuf_sync() return code
	ubi: fastmap: Don't flush fastmap work on detach
	ubi: Fix error for write access
	ubi: Reject MLC NAND
	fs/reiserfs/journal.c: add missing resierfs_warning() arg
	resource: fix integer overflow at reallocation
	ipc/shm: fix use-after-free of shm file via remap_file_pages()
	mm, slab: reschedule cache_reap() on the same CPU
	usb: musb: gadget: misplaced out of bounds check
	ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
	ARM: dts: at91: sama5d4: fix pinctrl compatible string
	xen-netfront: Fix hang on device removal
	regmap: Fix reversed bounds check in regmap_raw_write()
	ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
	ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
	USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
	usb: dwc3: pci: Properly cleanup resource
	HID: i2c-hid: fix size check and type usage
	powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
	powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
	powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
	powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
	HID: Fix hid_report_len usage
	HID: core: Fix size as type u32
	ASoC: ssm2602: Replace reg_default_raw with reg_default
	thunderbolt: Resume control channel after hibernation image is created
	random: use a tighter cap in credit_entropy_bits_safe()
	jbd2: if the journal is aborted then don't allow update of the log tail
	ext4: don't update checksum of new initialized bitmaps
	ext4: fail ext4_iget for root directory if unallocated
	RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
	ALSA: pcm: Fix UAF at PCM release via PCM timer access
	IB/srp: Fix srp_abort()
	IB/srp: Fix completion vector assignment algorithm
	dmaengine: at_xdmac: fix rare residue corruption
	um: Use POSIX ucontext_t instead of struct ucontext
	iommu/vt-d: Fix a potential memory leak
	mmc: jz4740: Fix race condition in IRQ mask update
	clk: mvebu: armada-38x: add support for 1866MHz variants
	clk: mvebu: armada-38x: add support for missing clocks
	clk: bcm2835: De-assert/assert PLL reset signal when appropriate
	thermal: imx: Fix race condition in imx_thermal_probe()
	watchdog: f71808e_wdt: Fix WD_EN register read
	ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc
	ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
	ALSA: pcm: Avoid potential races between OSS ioctls and read/write
	ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
	ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
	ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
	vfio-pci: Virtualize PCIe & AF FLR
	vfio/pci: Virtualize Maximum Payload Size
	vfio/pci: Virtualize Maximum Read Request Size
	ext4: don't allow r/w mounts if metadata blocks overlap the superblock
	drm/radeon: Fix PCIe lane width calculation
	ext4: fix crashes in dioread_nolock mode
	ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()
	ALSA: line6: Use correct endpoint type for midi output
	ALSA: rawmidi: Fix missing input substream checks in compat ioctls
	ALSA: hda - New VIA controller suppor no-snoop path
	HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
	MIPS: uaccess: Add micromips clobbers to bzero invocation
	MIPS: memset.S: EVA & fault support for small_memset
	MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
	MIPS: memset.S: Fix clobber of v1 in last_fixup
	powerpc/eeh: Fix enabling bridge MMIO windows
	powerpc/lib: Fix off-by-one in alternate feature patching
	jffs2_kill_sb(): deal with failed allocations
	hypfs_kill_super(): deal with failed allocations
	rpc_pipefs: fix double-dput()
	Don't leak MNT_INTERNAL away from internal mounts
	autofs: mount point create should honour passed in mode
	mm: allow GFP_{FS,IO} for page_cache_read page cache allocation
	mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
	ext4: bugfix for mmaped pages in mpage_release_unused_pages()
	fanotify: fix logic of events on child
	writeback: safer lock nesting
	Linux 4.4.129

Change-Id: I8806d2cc92fe512f27a349e8f630ced0cac9a8d7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2018-04-24 10:42:34 +02:00
Theodore Ts'o
9b06cce3ca ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()
commit c755e251357a0cee0679081f08c3f4ba797a8009 upstream.

The xattr_sem deadlock problems fixed in commit 2e81a4eeedca: "ext4:
avoid deadlock when expanding inode size" didn't include the use of
xattr_sem in fs/ext4/inline.c.  With the addition of project quota
which added a new extra inode field, this exposed deadlocks in the
inline_data code similar to the ones fixed by 2e81a4eeedca.

The deadlock can be reproduced via:

   dmesg -n 7
   mke2fs -t ext4 -O inline_data -Fq -I 256 /dev/vdc 32768
   mount -t ext4 -o debug_want_extra_isize=24 /dev/vdc /vdc
   mkdir /vdc/a
   umount /vdc
   mount -t ext4 /dev/vdc /vdc
   echo foo > /vdc/a/foo

and looks like this:

[   11.158815]
[   11.160276] =============================================
[   11.161960] [ INFO: possible recursive locking detected ]
[   11.161960] 4.10.0-rc3-00015-g011b30a8a3cf #160 Tainted: G        W
[   11.161960] ---------------------------------------------
[   11.161960] bash/2519 is trying to acquire lock:
[   11.161960]  (&ei->xattr_sem){++++..}, at: [<c1225a4b>] ext4_expand_extra_isize_ea+0x3d/0x4cd
[   11.161960]
[   11.161960] but task is already holding lock:
[   11.161960]  (&ei->xattr_sem){++++..}, at: [<c1227941>] ext4_try_add_inline_entry+0x3a/0x152
[   11.161960]
[   11.161960] other info that might help us debug this:
[   11.161960]  Possible unsafe locking scenario:
[   11.161960]
[   11.161960]        CPU0
[   11.161960]        ----
[   11.161960]   lock(&ei->xattr_sem);
[   11.161960]   lock(&ei->xattr_sem);
[   11.161960]
[   11.161960]  *** DEADLOCK ***
[   11.161960]
[   11.161960]  May be due to missing lock nesting notation
[   11.161960]
[   11.161960] 4 locks held by bash/2519:
[   11.161960]  #0:  (sb_writers#3){.+.+.+}, at: [<c11a2414>] mnt_want_write+0x1e/0x3e
[   11.161960]  #1:  (&type->i_mutex_dir_key){++++++}, at: [<c119508b>] path_openat+0x338/0x67a
[   11.161960]  #2:  (jbd2_handle){++++..}, at: [<c123314a>] start_this_handle+0x582/0x622
[   11.161960]  #3:  (&ei->xattr_sem){++++..}, at: [<c1227941>] ext4_try_add_inline_entry+0x3a/0x152
[   11.161960]
[   11.161960] stack backtrace:
[   11.161960] CPU: 0 PID: 2519 Comm: bash Tainted: G        W       4.10.0-rc3-00015-g011b30a8a3cf #160
[   11.161960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1 04/01/2014
[   11.161960] Call Trace:
[   11.161960]  dump_stack+0x72/0xa3
[   11.161960]  __lock_acquire+0xb7c/0xcb9
[   11.161960]  ? kvm_clock_read+0x1f/0x29
[   11.161960]  ? __lock_is_held+0x36/0x66
[   11.161960]  ? __lock_is_held+0x36/0x66
[   11.161960]  lock_acquire+0x106/0x18a
[   11.161960]  ? ext4_expand_extra_isize_ea+0x3d/0x4cd
[   11.161960]  down_write+0x39/0x72
[   11.161960]  ? ext4_expand_extra_isize_ea+0x3d/0x4cd
[   11.161960]  ext4_expand_extra_isize_ea+0x3d/0x4cd
[   11.161960]  ? _raw_read_unlock+0x22/0x2c
[   11.161960]  ? jbd2_journal_extend+0x1e2/0x262
[   11.161960]  ? __ext4_journal_get_write_access+0x3d/0x60
[   11.161960]  ext4_mark_inode_dirty+0x17d/0x26d
[   11.161960]  ? ext4_add_dirent_to_inline.isra.12+0xa5/0xb2
[   11.161960]  ext4_add_dirent_to_inline.isra.12+0xa5/0xb2
[   11.161960]  ext4_try_add_inline_entry+0x69/0x152
[   11.161960]  ext4_add_entry+0xa3/0x848
[   11.161960]  ? __brelse+0x14/0x2f
[   11.161960]  ? _raw_spin_unlock_irqrestore+0x44/0x4f
[   11.161960]  ext4_add_nondir+0x17/0x5b
[   11.161960]  ext4_create+0xcf/0x133
[   11.161960]  ? ext4_mknod+0x12f/0x12f
[   11.161960]  lookup_open+0x39e/0x3fb
[   11.161960]  ? __wake_up+0x1a/0x40
[   11.161960]  ? lock_acquire+0x11e/0x18a
[   11.161960]  path_openat+0x35c/0x67a
[   11.161960]  ? sched_clock_cpu+0xd7/0xf2
[   11.161960]  do_filp_open+0x36/0x7c
[   11.161960]  ? _raw_spin_unlock+0x22/0x2c
[   11.161960]  ? __alloc_fd+0x169/0x173
[   11.161960]  do_sys_open+0x59/0xcc
[   11.161960]  SyS_open+0x1d/0x1f
[   11.161960]  do_int80_syscall_32+0x4f/0x61
[   11.161960]  entry_INT80_32+0x2f/0x2f
[   11.161960] EIP: 0xb76ad469
[   11.161960] EFLAGS: 00000286 CPU: 0
[   11.161960] EAX: ffffffda EBX: 08168ac8 ECX: 00008241 EDX: 000001b6
[   11.161960] ESI: b75e46bc EDI: b7755000 EBP: bfbdb108 ESP: bfbdafc0
[   11.161960]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b

Cc: stable@vger.kernel.org # 3.10 (requires 2e81a4eeedca as a prereq)
Reported-by: George Spelvin <linux@sciencehorizons.net>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-04-24 09:32:10 +02:00
Greg Kroah-Hartman
230683f5da This is the 4.4.122 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlquPNIACgkQONu9yGCS
 aT6LURAAjSz1VBeImaAE0gwA95OTImKYIGvaltpP9Gls7o7brrheSiBXUIYHNFkQ
 2TGGJQL7aJD+t0cTi4qqJndEq9Znq8VosA0xAUpDddv/Ebz9vtwh88Sjhspomjw0
 cNHNQZC/+voKfl29aTATb/UilBb5Oku9ENlPrD7tKHIyHR82t6pt5Pp4Fj33L2p0
 0EvJXXjBTJayOk8HqIquOOL+qGf+egRn80xCmMOmAhqf+/8OXFC5SI6F351NiVwa
 dHK2v5LrTqTI6bUBIx7TYTAdkt6g5QNxm2dW/VmW5GWrCcWaiopTLRkd/7Lz8AAp
 N/0dKERm1Y9dPhZ9c8+FsDB5uRosSw/CgU8ONUJskC9XTIJTGk5kdBsw2U6O6aMG
 llO1Xg+hFqdiw/9GRojrt6WwXmDukjz5UsIKkoh8QB0cxFk5CQQpvXOcKOEIEr6A
 fE+T+zobka0gdv9agbdxwq7fd49ZddrIgTwtg9QMXSX5LJ4xzdt34d8cwmaSOTER
 Jxn3Y0p8Y0ZHEgRG2rojMF1Ic3CPOS/0Jm5tROWw3el43WHl3U4tM3Kh6sso56TF
 5R6GI83+xupQOyt4fcCglcdHth6cmZzz+7draXdvRzDB1EhGlbjXo7R3rcM4ptdl
 x8uU9dclirciWGrQmcp5UsR7/xADlvSzsTJaDjvxIf34C2KKXNE=
 =x2eC
 -----END PGP SIGNATURE-----

Merge 4.4.122 into android-4.4

Changes in 4.4.122
	RDMA/ucma: Limit possible option size
	RDMA/ucma: Check that user doesn't overflow QP state
	RDMA/mlx5: Fix integer overflow while resizing CQ
	scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
	workqueue: Allow retrieval of current task's work struct
	drm: Allow determining if current task is output poll worker
	drm/nouveau: Fix deadlock on runtime suspend
	drm/radeon: Fix deadlock on runtime suspend
	drm/amdgpu: Fix deadlock on runtime suspend
	drm/amdgpu: Notify sbios device ready before send request
	drm/radeon: fix KV harvesting
	drm/amdgpu: fix KV harvesting
	MIPS: BMIPS: Do not mask IPIs during suspend
	MIPS: ath25: Check for kzalloc allocation failure
	MIPS: OCTEON: irq: Check for null return on kzalloc allocation
	Input: matrix_keypad - fix race when disabling interrupts
	loop: Fix lost writes caused by missing flag
	kbuild: Handle builtin dtb file names containing hyphens
	bcache: don't attach backing with duplicate UUID
	x86/MCE: Serialize sysfs changes
	ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
	ALSA: seq: Don't allow resizing pool in use
	ALSA: seq: More protection for concurrent write and ioctl races
	ALSA: hda: add dock and led support for HP EliteBook 820 G3
	ALSA: hda: add dock and led support for HP ProBook 640 G2
	nospec: Include <asm/barrier.h> dependency
	watchdog: hpwdt: SMBIOS check
	watchdog: hpwdt: Check source of NMI
	watchdog: hpwdt: fix unused variable warning
	netfilter: nfnetlink_queue: fix timestamp attribute
	ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
	Input: tca8418_keypad - remove double read of key event register
	tc358743: fix register i2c_rd/wr function fix
	netfilter: add back stackpointer size checks
	netfilter: x_tables: fix missing timer initialization in xt_LED
	netfilter: nat: cope with negative port range
	netfilter: IDLETIMER: be syzkaller friendly
	netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
	netfilter: bridge: ebt_among: add missing match size checks
	netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
	netfilter: use skb_to_full_sk in ip_route_me_harder
	netfilter: x_tables: pass xt_counters struct instead of packet counter
	netfilter: x_tables: pass xt_counters struct to counter allocator
	netfilter: x_tables: pack percpu counter allocations
	ext4: inplace xattr block update fails to deduplicate blocks
	ubi: Fix race condition between ubi volume creation and udev
	scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
	NFS: Fix an incorrect type in struct nfs_direct_req
	Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux"
	x86/module: Detect and skip invalid relocations
	x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
	serial: sh-sci: prevent lockup on full TTY buffers
	tty/serial: atmel: add new version check for usart
	uas: fix comparison for error code
	staging: comedi: fix comedi_nsamples_left.
	staging: android: ashmem: Fix lockdep issue during llseek
	USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
	usb: quirks: add control message delay for 1b1c:1b20
	USB: usbmon: remove assignment from IS_ERR argument
	usb: usbmon: Read text within supplied buffer size
	usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
	serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
	fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
	Linux 4.4.122

Change-Id: I0946c4a7c59be33f18bed6498c3cdb748e82bbaf
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2018-03-18 12:01:19 +01:00
Tahsin Erdogan
0683564edc ext4: inplace xattr block update fails to deduplicate blocks
commit ec00022030da5761518476096626338bd67df57a upstream.

When an xattr block has a single reference, block is updated inplace
and it is reinserted to the cache. Later, a cache lookup is performed
to see whether an existing block has the same contents. This cache
lookup will most of the time return the just inserted entry so
deduplication is not achieved.

Running the following test script will produce two xattr blocks which
can be observed in "File ACL: " line of debugfs output:

  mke2fs -b 1024 -I 128 -F -O extent /dev/sdb 1G
  mount /dev/sdb /mnt/sdb

  touch /mnt/sdb/{x,y}

  setfattr -n user.1 -v aaa /mnt/sdb/x
  setfattr -n user.2 -v bbb /mnt/sdb/x

  setfattr -n user.1 -v aaa /mnt/sdb/y
  setfattr -n user.2 -v bbb /mnt/sdb/y

  debugfs -R 'stat x' /dev/sdb | cat
  debugfs -R 'stat y' /dev/sdb | cat

This patch defers the reinsertion to the cache so that we can locate
other blocks with the same contents.

Signed-off-by: Tahsin Erdogan <tahsin@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-03-18 11:17:52 +01:00
Greg Kroah-Hartman
24ac44dc5c This is the 4.4.66 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlkJWpMACgkQONu9yGCS
 aT7guA/+JdSobjlRUshtcbUGVEwMjSuNFkZEpeTUWxxkrnNVPnIefP4jcCXEctvL
 OxY4TxtvCQO/m+4Yx0ImVkcPBajd55OWiV90fZ0khVwu+4abLPgizj9lUhrXmmGV
 LZjRyurtYFAwoGCvNsPE8NHxf923SFB8j1og0dEmoFGrH4tI+K5A9KPYKaYASU9Q
 uT5rQMU0YrZBvJYzTc9DNKWHD4ekLzn7o/ORodFwQVC7pdQdGpOCq3Ap+LZbtYnn
 146ziEfycRBSt3x9kYf7gztdGLv4tLZJJv7McI6qfX8+Vrt+Wgy4ObSblmTl57RH
 4WAxed2gZ8NW+fnSJZFR8iomRBu1dsyyTESSt1lCEC6i29ardQip5y4/yGLaBtiJ
 nbcUp1Ld+twQYm0p1UMJVo0DUE6xcrwnCoNyhkGzz1XfdQQwvFCaq30PlsjKxI6E
 X/1rRfuICH2dmIn1ziiCb8qBBjHvKbZY5Mg7W8s6E12yIGKuY08m3KaimSMdWt1D
 jKUKMGD9AunC2l4OAGggObMoTG5SaGSSDr8yPG9QxVvD0AvpnpSEFJ8PIi5O7JiB
 jcFNZawAljzIf0VYGrbGAzbrijiaan/WHm3va7U7K1JzIdFzbOlUANpJLhBR70Mb
 Gc3GEcdMflqJUJ6lapEaaFyC8qPjNI5Ks0/7ER0pgTICBoFVSyg=
 =eMmm
 -----END PGP SIGNATURE-----

Merge 4.4.66 into android-4.4

Changes in 4.4.66:
	f2fs: do more integrity verification for superblock
	xc2028: unlock on error in xc2028_set_config()
	ARM: OMAP2+: timer: add probe for clocksources
	clk: sunxi: Add apb0 gates for H3
	crypto: testmgr - fix out of bound read in __test_aead()
	drm/amdgpu: fix array out of bounds
	ext4: check if in-inode xattr is corrupted in ext4_expand_extra_isize_ea()
	md:raid1: fix a dead loop when read from a WriteMostly disk
	MIPS: Fix crash registers on non-crashing CPUs
	net: cavium: liquidio: Avoid dma_unmap_single on uninitialized ndata
	net_sched: close another race condition in tcf_mirred_release()
	RDS: Fix the atomicity for congestion map update
	regulator: core: Clear the supply pointer if enabling fails
	usb: gadget: f_midi: Fixed a bug when buflen was smaller than wMaxPacketSize
	xen/x86: don't lose event interrupts
	sparc64: kern_addr_valid regression
	sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write()
	net: neigh: guard against NULL solicit() method
	net: phy: handle state correctly in phy_stop_machine
	l2tp: purge socket queues in the .destruct() callback
	net/packet: fix overflow in check for tp_frame_nr
	net/packet: fix overflow in check for tp_reserve
	l2tp: take reference on sessions being dumped
	l2tp: fix PPP pseudo-wire auto-loading
	net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
	sctp: listen on the sock only when it's state is listening or closed
	tcp: clear saved_syn in tcp_disconnect()
	dp83640: don't recieve time stamps twice
	net: ipv6: RTF_PCPU should not be settable from userspace
	netpoll: Check for skb->queue_mapping
	ip6mr: fix notification device destruction
	macvlan: Fix device ref leak when purging bc_queue
	ipv6: check skb->protocol before lookup for nexthop
	ipv6: check raw payload size correctly in ioctl
	ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned type
	ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
	MIPS: KGDB: Use kernel context for sleeping threads
	MIPS: Avoid BUG warning in arch_check_elf
	p9_client_readdir() fix
	Input: i8042 - add Clevo P650RS to the i8042 reset list
	nfsd: check for oversized NFSv2/v3 arguments
	ARCv2: save r30 on kernel entry as gcc uses it for code-gen
	ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
	Linux 4.4.66

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2017-05-03 08:50:11 -07:00
Theodore Ts'o
28320756e7 ext4: check if in-inode xattr is corrupted in ext4_expand_extra_isize_ea()
commit 9e92f48c34eb2b9af9d12f892e2fe1fce5e8ce35 upstream.

We aren't checking to see if the in-inode extended attribute is
corrupted before we try to expand the inode's extra isize fields.

This can lead to potential crashes caused by the BUG_ON() check in
ext4_xattr_shift_entries().

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-02 21:19:48 -07:00
Jan Kara
e29de4e871 BACKPORT [UPSTREAM] ext4: convert to mbcache2
(Cherry-pick from commit 82939d7999dfc1f1998c4b1c12e2f19edbdff272)

The conversion is generally straightforward. The only tricky part is
that xattr block corresponding to found mbcache entry can get freed
before we get buffer lock for that block. So we have to check whether
the entry is still valid after getting buffer lock.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Bug; 32461228
2017-04-18 18:24:55 -07:00
Daeho Jeong
1d12bad745 ext4: avoid modifying checksum fields directly during checksum verification
commit b47820edd1634dc1208f9212b7ecfb4230610a23 upstream.

We temporally change checksum fields in buffers of some types of
metadata into '0' for verifying the checksum values. By doing this
without locking the buffer, some metadata's checksums, which are
being committed or written back to the storage, could be damaged.
In our test, several metadata blocks were found with damaged metadata
checksum value during recovery process. When we only verify the
checksum value, we have to avoid modifying checksum fields directly.

Signed-off-by: Daeho Jeong <daeho.jeong@samsung.com>
Signed-off-by: Youngjin Gil <youngjin.gil@samsung.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Cc: Török Edwin <edwin@etorok.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-15 08:27:51 +02:00
Jan Kara
77ae14d006 ext4: avoid deadlock when expanding inode size
commit 2e81a4eeedcaa66e35f58b81e0755b87057ce392 upstream.

When we need to move xattrs into external xattr block, we call
ext4_xattr_block_set() from ext4_expand_extra_isize_ea(). That may end
up calling ext4_mark_inode_dirty() again which will recurse back into
the inode expansion code leading to deadlocks.

Protect from recursion using EXT4_STATE_NO_EXPAND inode flag and move
its management into ext4_expand_extra_isize_ea() since its manipulation
is safe there (due to xattr_sem) from possible races with
ext4_xattr_set_handle() which plays with it as well.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-15 08:27:50 +02:00
Jan Kara
a79f1f7fcb ext4: properly align shifted xattrs when expanding inodes
commit 443a8c41cd49de66a3fda45b32b9860ea0292b84 upstream.

We did not count with the padding of xattr value when computing desired
shift of xattrs in the inode when expanding i_extra_isize. As a result
we could create unaligned start of inline xattrs. Account for alignment
properly.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-15 08:27:50 +02:00
Jan Kara
e6abdbf8ac ext4: fix xattr shifting when expanding inodes part 2
commit 418c12d08dc64a45107c467ec1ba29b5e69b0715 upstream.

When multiple xattrs need to be moved out of inode, we did not properly
recompute total size of xattr headers in the inode and the new header
position. Thus when moving the second and further xattr we asked
ext4_xattr_shift_entries() to move too much and from the wrong place,
resulting in possible xattr value corruption or general memory
corruption.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-15 08:27:50 +02:00
Jan Kara
f2c06c7321 ext4: fix xattr shifting when expanding inodes
commit d0141191a20289f8955c1e03dad08e42e6f71ca9 upstream.

The code in ext4_expand_extra_isize_ea() treated new_extra_isize
argument sometimes as the desired target i_extra_isize and sometimes as
the amount by which we need to grow current i_extra_isize. These happen
to coincide when i_extra_isize is 0 which used to be the common case and
so nobody noticed this until recently when we added i_projid to the
inode and so i_extra_isize now needs to grow from 28 to 32 bytes.

The result of these bugs was that we sometimes unnecessarily decided to
move xattrs out of inode even if there was enough space and we often
ended up corrupting in-inode xattrs because arguments to
ext4_xattr_shift_entries() were just wrong. This could demonstrate
itself as BUG_ON in ext4_xattr_shift_entries() triggering.

Fix the problem by introducing new isize_diff variable and use it where
appropriate.

Reported-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-15 08:27:50 +02:00
Andreas Gruenbacher
d9a82a0403 xattr handlers: Pass handler to operations instead of flags
The xattr_handler operations are currently all passed a file system
specific flags value which the operations can use to disambiguate between
different handlers; some file systems use that to distinguish the xattr
namespace, for example.  In some oprations, it would be useful to also have
access to the handler prefix.  To allow that, pass a pointer to the handler
to operations instead of the flags value alone.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2015-11-13 20:34:32 -05:00
Darrick J. Wong
e2b911c535 ext4: clean up feature test macros with predicate functions
Create separate predicate functions to test/set/clear feature flags,
thereby replacing the wordy old macros.  Furthermore, clean out the
places where we open-coded feature tests.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2015-10-17 16:18:43 -04:00
Darrick J. Wong
6a797d2737 ext4: call out CRC and corruption errors with specific error codes
Instead of overloading EIO for CRC errors and corrupt structures,
return the same error codes that XFS returns for the same issues.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2015-10-17 16:16:04 -04:00
Linus Torvalds
9ec3a646fe Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull fourth vfs update from Al Viro:
 "d_inode() annotations from David Howells (sat in for-next since before
  the beginning of merge window) + four assorted fixes"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  RCU pathwalk breakage when running into a symlink overmounting something
  fix I_DIO_WAKEUP definition
  direct-io: only inc/dec inode->i_dio_count for file systems
  fs/9p: fix readdir()
  VFS: assorted d_backing_inode() annotations
  VFS: fs/inode.c helpers: d_inode() annotations
  VFS: fs/cachefiles: d_backing_inode() annotations
  VFS: fs library helpers: d_inode() annotations
  VFS: assorted weird filesystems: d_inode() annotations
  VFS: normal filesystems (and lustre): d_inode() annotations
  VFS: security/: d_inode() annotations
  VFS: security/: d_backing_inode() annotations
  VFS: net/: d_inode() annotations
  VFS: net/unix: d_backing_inode() annotations
  VFS: kernel/: d_inode() annotations
  VFS: audit: d_backing_inode() annotations
  VFS: Fix up some ->d_inode accesses in the chelsio driver
  VFS: Cachefiles should perform fs modifications on the top layer only
  VFS: AF_UNIX sockets should call mknod on the top layer only
2015-04-26 17:22:07 -07:00
David Howells
2b0143b5c9 VFS: normal filesystems (and lustre): d_inode() annotations
that's the bulk of filesystem drivers dealing with inodes of their own

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2015-04-15 15:06:57 -04:00
Wei Yuan
5f80f62ada ext4: remove useless condition in if statement.
In this if statement, the previous condition is useless, the later one
has covered it.

Signed-off-by: Weiyuan <weiyuan.wei@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
2015-04-02 23:50:48 -04:00
Sheng Yong
72b8e0f9fa ext4: remove unused header files
Remove unused header files and header files which are included in
ext4.h.

Signed-off-by: Sheng Yong <shengyong1@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2015-04-02 23:47:42 -04:00
Dmitry Monakhov
9aa5d32ba2 ext4: Replace open coded mdata csum feature to helper function
Besides the fact that this replacement improves code readability
it also protects from errors caused direct EXT4_S(sb)->s_es manipulation
which may result attempt to use uninitialized  csum machinery.

#Testcase_BEGIN
IMG=/dev/ram0
MNT=/mnt
mkfs.ext4 $IMG
mount $IMG $MNT
#Enable feature directly on disk, on mounted fs
tune2fs -O metadata_csum  $IMG
# Provoke metadata update, likey result in OOPS
touch $MNT/test
umount $MNT
#Testcase_END

# Replacement script
@@
expression E;
@@
- EXT4_HAS_RO_COMPAT_FEATURE(E, EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)
+ ext4_has_metadata_csum(E)

https://bugzilla.kernel.org/show_bug.cgi?id=82201

Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
2014-10-13 03:36:16 -04:00
Darrick J. Wong
a0626e7595 ext4: check EA value offset when loading
When loading extended attributes, check each entry's value offset to
make sure it doesn't collide with the entries.

Without this check it is easy to crash the kernel by mounting a
malicious FS containing a file with an EA wherein e_value_offs = 0 and
e_value_size > 0 and then deleting the EA, which corrupts the name
list.

(See the f_ea_value_crash test's FS image in e2fsprogs for an example.)

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
2014-09-16 14:34:59 -04:00
Theodore Ts'o
e3cf5d5d9a ext4: prepare to drop EXT4_STATE_DELALLOC_RESERVED
The EXT4_STATE_DELALLOC_RESERVED flag was originally implemented
because it was too hard to make sure the mballoc and get_block flags
could be reliably passed down through all of the codepaths that end up
calling ext4_mb_new_blocks().

Since then, we have mb_flags passed down through most of the code
paths, so getting rid of EXT4_STATE_DELALLOC_RESERVED isn't as tricky
as it used to.

This commit plumbs in the last of what is required, and then adds a
WARN_ON check to make sure we haven't missed anything.  If this passes
a full regression test run, we can then drop
EXT4_STATE_DELALLOC_RESERVED.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
2014-09-04 18:07:25 -04:00
liang xie
5d60125530 ext4: add missing BUFFER_TRACE before ext4_journal_get_write_access
Make them more consistently

Signed-off-by: xieliang <xieliang@xiaomi.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2014-05-12 22:06:43 -04:00
Lukas Czerner
c8b459f492 ext4: remove unnecessary double parentheses
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2014-05-12 12:55:07 -04:00
Zhang Zhen
230b8c1a7b ext4: avoid unneeded lookup when xattr name is invalid
In ext4_xattr_set_handle() we have checked the xattr name's length. So
we should also check it in ext4_xattr_get() to avoid unneeded lookup
caused by invalid name.

Signed-off-by: Zhang Zhen <zhenzhang.zhang@huawei.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2014-05-12 09:57:59 -04:00
Jan Kara
ec4cb1aa2b ext4: fix jbd2 warning under heavy xattr load
When heavily exercising xattr code the assertion that
jbd2_journal_dirty_metadata() shouldn't return error was triggered:

WARNING: at /srv/autobuild-ceph/gitbuilder.git/build/fs/jbd2/transaction.c:1237
jbd2_journal_dirty_metadata+0x1ba/0x260()

CPU: 0 PID: 8877 Comm: ceph-osd Tainted: G    W 3.10.0-ceph-00049-g68d04c9 #1
Hardware name: Dell Inc. PowerEdge R410/01V648, BIOS 1.6.3 02/07/2011
 ffffffff81a1d3c8 ffff880214469928 ffffffff816311b0 ffff880214469968
 ffffffff8103fae0 ffff880214469958 ffff880170a9dc30 ffff8802240fbe80
 0000000000000000 ffff88020b366000 ffff8802256e7510 ffff880214469978
Call Trace:
 [<ffffffff816311b0>] dump_stack+0x19/0x1b
 [<ffffffff8103fae0>] warn_slowpath_common+0x70/0xa0
 [<ffffffff8103fb2a>] warn_slowpath_null+0x1a/0x20
 [<ffffffff81267c2a>] jbd2_journal_dirty_metadata+0x1ba/0x260
 [<ffffffff81245093>] __ext4_handle_dirty_metadata+0xa3/0x140
 [<ffffffff812561f3>] ext4_xattr_release_block+0x103/0x1f0
 [<ffffffff81256680>] ext4_xattr_block_set+0x1e0/0x910
 [<ffffffff8125795b>] ext4_xattr_set_handle+0x38b/0x4a0
 [<ffffffff810a319d>] ? trace_hardirqs_on+0xd/0x10
 [<ffffffff81257b32>] ext4_xattr_set+0xc2/0x140
 [<ffffffff81258547>] ext4_xattr_user_set+0x47/0x50
 [<ffffffff811935ce>] generic_setxattr+0x6e/0x90
 [<ffffffff81193ecb>] __vfs_setxattr_noperm+0x7b/0x1c0
 [<ffffffff811940d4>] vfs_setxattr+0xc4/0xd0
 [<ffffffff8119421e>] setxattr+0x13e/0x1e0
 [<ffffffff811719c7>] ? __sb_start_write+0xe7/0x1b0
 [<ffffffff8118f2e8>] ? mnt_want_write_file+0x28/0x60
 [<ffffffff8118c65c>] ? fget_light+0x3c/0x130
 [<ffffffff8118f2e8>] ? mnt_want_write_file+0x28/0x60
 [<ffffffff8118f1f8>] ? __mnt_want_write+0x58/0x70
 [<ffffffff811946be>] SyS_fsetxattr+0xbe/0x100
 [<ffffffff816407c2>] system_call_fastpath+0x16/0x1b

The reason for the warning is that buffer_head passed into
jbd2_journal_dirty_metadata() didn't have journal_head attached. This is
caused by the following race of two ext4_xattr_release_block() calls:

CPU1                                CPU2
ext4_xattr_release_block()          ext4_xattr_release_block()
lock_buffer(bh);
/* False */
if (BHDR(bh)->h_refcount == cpu_to_le32(1))
} else {
  le32_add_cpu(&BHDR(bh)->h_refcount, -1);
  unlock_buffer(bh);
                                    lock_buffer(bh);
                                    /* True */
                                    if (BHDR(bh)->h_refcount == cpu_to_le32(1))
                                      get_bh(bh);
                                      ext4_free_blocks()
                                        ...
                                        jbd2_journal_forget()
                                          jbd2_journal_unfile_buffer()
                                          -> JH is gone
  error = ext4_handle_dirty_xattr_block(handle, inode, bh);
  -> triggers the warning

We fix the problem by moving ext4_handle_dirty_xattr_block() under the
buffer lock. Sadly this cannot be done in nojournal mode as that
function can call sync_dirty_buffer() which would deadlock. Luckily in
nojournal mode the race is harmless (we only dirty already freed buffer)
and thus for nojournal mode we leave the dirtying outside of the buffer
lock.

Reported-by: Sage Weil <sage@inktank.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org
2014-04-07 10:54:21 -04:00
T Makphaibulchoke
9c191f701c ext4: each filesystem creates and uses its own mb_cache
This patch adds new interfaces to create and destory cache,
ext4_xattr_create_cache() and ext4_xattr_destroy_cache(), and remove
the cache creation and destory calls from ex4_init_xattr() and
ext4_exitxattr() in fs/ext4/xattr.c.

fs/ext4/super.c has been changed so that when a filesystem is mounted
a cache is allocated and attched to its ext4_sb_info structure.

fs/mbcache.c has been changed so that only one slab allocator is
allocated and used by all mbcache structures.

Signed-off-by: T. Makphaibulchoke <tmac@hp.com>
2014-03-18 19:24:49 -04:00
Theodore Ts'o
7b1b2c1b9c ext4: don't calculate total xattr header size unless needed
The function ext4_expand_extra_isize_ea() doesn't need the size of all
of the extended attribute headers.  So if we don't calculate it when
it is unneeded, it we can skip some undeeded memory references, and as
a bonus, we eliminate some kvetching by static code analysis tools.

Addresses-Coverity-Id: #741291

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2014-02-19 20:15:21 -05:00
Christoph Hellwig
64e178a711 ext2/3/4: use generic posix ACL infrastructure
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-01-25 23:58:19 -05:00
Theodore Ts'o
dcb9917ba0 ext4: avoid bh leak in retry path of ext4_expand_extra_isize_ea()
Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org
2013-10-31 23:00:24 -04:00
Dave Jones
6e4ea8e33b ext4: fix memory leak in xattr
If we take the 2nd retry path in ext4_expand_extra_isize_ea, we
potentionally return from the function without having freed these
allocations.  If we don't do the return, we over-write the previous
allocation pointers, so we leak either way.

Spotted with Coverity.

[ Fixed by tytso to set is and bs to NULL after freeing these
  pointers, in case in the retry loop we later end up triggering an
  error causing a jump to cleanup, at which point we could have a double
  free bug. -- Ted ]

Signed-off-by: Dave Jones <davej@fedoraproject.org>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Cc: stable@vger.kernel.org
2013-10-12 14:39:49 -04:00
Theodore Ts'o
d6a771056b ext4: fix miscellaneous big endian warnings
None of these result in any bug, but they makes sparse complain.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2013-04-09 23:59:55 -04:00
Lukas Czerner
1231b3a1eb ext4: fix xattr block allocation/release with bigalloc
Currently when new xattr block is created or released we we would call
dquot_free_block() or dquot_alloc_block() respectively, among the else
decrementing or incrementing the number of blocks assigned to the
inode by one block.

This however does not work for bigalloc file system because we always
allocate/free the whole cluster so we have to count with that in
dquot_free_block() and dquot_alloc_block() as well.

Use the clusters-to-blocks conversion EXT4_C2B() when passing number of
blocks to the dquot_alloc/free functions to fix the problem.

The problem has been revealed by xfstests #117 (and possibly others).

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Cc: stable@vger.kernel.org
2013-02-18 12:12:07 -05:00
Theodore Ts'o
95eaefbdec ext4: fix the number of credits needed for acl ops with inline data
Operations which modify extended attributes may need extra journal
credits if inline data is used, since there is a chance that some
extended attributes may need to get pushed to an external attribute
block.

Changes to reflect this was made in xattr.c, but they were missed in
fs/ext4/acl.c.  To fix this, abstract the calculation of the number of
credits needed for xattr operations to an inline function defined in
ext4_jbd2.h, and use it in acl.c and xattr.c.

Also move the function declarations used in inline.c from xattr.h
(where they are non-obviously hidden, and caused problems since
ext4_jbd2.h needs to use the function ext4_has_inline_data), and move
them to ext4.h.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Tao Ma <boyu.mt@taobao.com>
Reviewed-by: Jan Kara <jack@suse.cz>
2013-02-09 15:23:03 -05:00
Theodore Ts'o
9924a92a8c ext4: pass context information to jbd2__journal_start()
So we can better understand what bits of ext4 are responsible for
long-running jbd2 handles, use jbd2__journal_start() so we can pass
context information for logging purposes.

The recommended way for finding the longer-running handles is:

   T=/sys/kernel/debug/tracing
   EVENT=$T/events/jbd2/jbd2_handle_stats
   echo "interval > 5" > $EVENT/filter
   echo 1 > $EVENT/enable

   ./run-my-fs-benchmark

   cat $T/trace > /tmp/problem-handles

This will list handles that were active for longer than 20ms.  Having
longer-running handles is bad, because a commit started at the wrong
time could stall for those 20+ milliseconds, which could delay an
fsync() or an O_SYNC operation.  Here is an example line from the
trace file describing a handle which lived on for 311 jiffies, or over
1.2 seconds:

postmark-2917  [000] ....   196.435786: jbd2_handle_stats: dev 254,32 
   tid 570 type 2 line_no 2541 interval 311 sync 0 requested_blocks 1
   dirtied_blocks 0

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2013-02-08 21:59:22 -05:00
Wang Shilong
aebf02430d ext4: use unlikely to improve the efficiency of the kernel
Because the function 'sb_getblk' seldomly fails to return NULL
value,it will be better to use 'unlikely' to optimize it.

Signed-off-by: Wang Shilong <wangsl-fnst@cn.fujitsu.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2013-01-12 16:28:47 -05:00
Theodore Ts'o
860d21e2c5 ext4: return ENOMEM if sb_getblk() fails
The only reason for sb_getblk() failing is if it can't allocate the
buffer_head.  So ENOMEM is more appropriate than EIO.  In addition,
make sure that the file system is marked as being inconsistent if
sb_getblk() fails.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org
2013-01-12 16:19:36 -05:00
Theodore Ts'o
bd9926e803 ext4: zero out inline data using memset() instead of empty_zero_page
Not all architectures (in particular, sparc64) have empty_zero_page.
So instead of copying from empty_zero_page, use memset to clear the
inline data by signalling to ext4_xattr_set_entry() via a magic
pointer value, EXT4_ZERO_ATTR_VALUE, which is defined by casting -1 to
a pointer.

This fixes a build failure on sparc64, and the memset() should be more
efficient than using memcpy() anyway.

Signed-off-by: Tao Ma <boyu.mt@taobao.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2012-12-11 03:31:49 -05:00
Tao Ma
0d812f77b3 ext4: evict inline data out if we need to strore xattr in inode
Now we that store data in the inode, in case we need to store some
xattrs and inode doesn't have enough space, Andreas suggested that we
should keep the xattr(metadata) in and data should be pushed out.  So
this patch does the work.

Signed-off-by: Tao Ma <boyu.mt@taobao.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2012-12-10 14:06:02 -05:00
Tao Ma
879b38257b ext4: export inline xattr functions
The inline data feature will need some inline xattr functions, so
export them from fs/ext4/xattr.c so that inline.c can use them.

Signed-off-by: Tao Ma <boyu.mt@taobao.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2012-12-05 10:28:46 -05:00
Eric Sandeen
37be2f59d3 ext4: remove ext4_handle_release_buffer()
ext4_handle_release_buffer() was intended to remove journal
write access from a buffer, but it doesn't actually do anything
at all other than add a BUFFER_TRACE point, but it's not reliably
used for that either.  Remove all the associated dead code.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com>
2012-11-08 11:22:46 -05:00
Tao Ma
41eb70dde4 ext4: use s_csum_seed instead of i_csum_seed for xattr block
In xattr block operation, we use h_refcount to indicate whether the
xattr block is shared among many inodes. And xattr block csum uses
s_csum_seed if it is shared and i_csum_seed if it belongs to
one inode. But this has a problem. So consider the block is shared
first bewteen inode A and B, and B has some xattr update and CoW
the xattr block. When it updates the *old* xattr block(because
of the h_refcount change) and calls ext4_xattr_release_block, we
has no idea that inode A is the real owner of the *old* xattr
block and we can't use the i_csum_seed of inode A either in xattr
block csum calculation. And I don't think we have an easy way to
find inode A.

So this patch just removes the tricky i_csum_seed and we now uses
s_csum_seed every time for the xattr block csum. The corresponding
patch for the e2fsprogs will be sent in another patch.

This is spotted by xfstests 117.

Signed-off-by: Tao Ma <boyu.mt@taobao.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Acked-by: Darrick J. Wong <djwong@us.ibm.com>
2012-07-09 16:29:27 -04:00
Darrick J. Wong
cc8e94fd12 ext4: Calculate and verify checksums of extended attribute blocks
Calculate and verify the checksums of extended attribute blocks.  This
only applies to separate EA blocks that are pointed to by
inode->i_file_acl (i.e.  external EA blocks); the checksum lives in
the EA header.

Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2012-04-29 18:43:10 -04:00
Joe Perches
ace36ad431 ext4: add no_printk argument validation, fix fallout
Add argument validation to debug functions.
Use ##__VA_ARGS__.

Fix format and argument mismatches.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2012-03-19 23:11:43 -04:00
Eric Sandeen
c1bb05a657 ext4: avoid deadlock on sync-mounted FS w/o journal
Processes hang forever on a sync-mounted ext2 file system that
is mounted with the ext4 module (default in Fedora 16).

I can reproduce this reliably by mounting an ext2 partition with
"-o sync" and opening a new file an that partition with vim. vim
will hang in "D" state forever.  The same happens on ext4 without
a journal.

I am attaching a small patch here that solves this issue for me.
In the sync mounted case without a journal,
ext4_handle_dirty_metadata() may call sync_dirty_buffer(), which
can't be called with buffer lock held.

Also move mb_cache_entry_release inside lock to avoid race
fixed previously by 8a2bfdcb ext[34]: EA block reference count racing fix
Note too that ext2 fixed this same problem in 2006 with
b2f49033 [PATCH] fix deadlock in ext2

Signed-off-by: Martin.Wilck@ts.fujitsu.com
[sandeen@redhat.com: move mb_cache_entry_release before unlock, edit commit msg]
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2012-02-20 23:06:18 -05:00
Zheng Liu
f1b3a2a753 ext4: remove unneeded variable in ext4_xattr_check_block()
We could return directly from ext4_xattr_check_block(). Thus, we
shouldn't need to define a 'error' variable.

Signed-off-by: Zheng Liu <wenqing.lz@taobao.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2012-02-20 17:53:05 -05:00