linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 3.18 00/12] 3.18.86-stable review
@ 2017-12-04 15:59 Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 3.18 01/12] netlink: add a start callback for starting a netlink dump Greg Kroah-Hartman
                   ` (9 more replies)
  0 siblings, 10 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuahkh, patches,
	ben.hutchings, lkft-triage, stable

This is the start of the stable review cycle for the 3.18.86 release.
There are 12 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Wed Dec  6 15:59:06 UTC 2017.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.86-rc1.gz
or in the git tree and branch at:
  git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 3.18.86-rc1

Ville Syrjälä <ville.syrjala@linux.intel.com>
    drm/i915: Prevent zero length "index" write

Ville Syrjälä <ville.syrjala@linux.intel.com>
    drm/i915: Don't try indexed reads to alternate slave addresses

NeilBrown <neilb@suse.com>
    NFS: revalidate "." etc correctly on "open".

Jonathan Liu <net147@gmail.com>
    drm/panel: simple: Add missing panel_simple_unprepare() calls

Heiner Kallweit <hkallweit1@gmail.com>
    eeprom: at24: check at24_read/write arguments

Paolo Bonzini <pbonzini@redhat.com>
    KVM: x86: inject exceptions produced by x86_decode_insn

Liran Alon <liran.alon@oracle.com>
    KVM: x86: Exit to user-mode on #UD intercept when emulator requires

Josef Bacik <jbacik@fb.com>
    btrfs: clear space cache inode generation always

chenjie <chenjie6@huawei.com>
    mm/madvise.c: fix madvise() infinite loop under special circumstances

Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
    mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()

Herbert Xu <herbert@gondor.apana.org.au>
    ipsec: Fix aborted xfrm policy dump crash

Tom Herbert <tom@herbertland.com>
    netlink: add a start callback for starting a netlink dump


-------------

Diffstat:

 Makefile                             |  4 ++--
 arch/x86/kvm/svm.c                   |  2 ++
 arch/x86/kvm/vmx.c                   |  2 ++
 arch/x86/kvm/x86.c                   |  2 ++
 drivers/gpu/drm/i915/intel_i2c.c     |  4 +++-
 drivers/gpu/drm/panel/panel-simple.c |  2 ++
 drivers/misc/eeprom/at24.c           |  6 ++++++
 fs/btrfs/extent-tree.c               | 14 +++++++-------
 fs/nfs/dir.c                         |  3 ++-
 include/linux/netlink.h              |  2 ++
 include/net/genetlink.h              |  2 ++
 mm/huge_memory.c                     | 14 ++++----------
 mm/madvise.c                         |  3 +--
 net/netlink/af_netlink.c             |  4 ++++
 net/netlink/genetlink.c              | 16 ++++++++++++++++
 net/xfrm/xfrm_user.c                 | 25 +++++++++++++++----------
 16 files changed, 72 insertions(+), 33 deletions(-)

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [PATCH 3.18 01/12] netlink: add a start callback for starting a netlink dump
  2017-12-04 15:59 [PATCH 3.18 00/12] 3.18.86-stable review Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 3.18 02/12] ipsec: Fix aborted xfrm policy dump crash Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tom Herbert, David S. Miller, Guenter Roeck

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Tom Herbert <tom@herbertland.com>

commit fc9e50f5a5a4e1fa9ba2756f745a13e693cf6a06 upstream.

The start callback allows the caller to set up a context for the
dump callbacks. Presumably, the context can then be destroyed in
the done callback.

Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/linux/netlink.h  |    2 ++
 include/net/genetlink.h  |    2 ++
 net/netlink/af_netlink.c |    4 ++++
 net/netlink/genetlink.c  |   16 ++++++++++++++++
 4 files changed, 24 insertions(+)

--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -120,6 +120,7 @@ netlink_skb_clone(struct sk_buff *skb, g
 struct netlink_callback {
 	struct sk_buff		*skb;
 	const struct nlmsghdr	*nlh;
+	int			(*start)(struct netlink_callback *);
 	int			(*dump)(struct sk_buff * skb,
 					struct netlink_callback *cb);
 	int			(*done)(struct netlink_callback *cb);
@@ -142,6 +143,7 @@ struct nlmsghdr *
 __nlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, int type, int len, int flags);
 
 struct netlink_dump_control {
+	int (*start)(struct netlink_callback *);
 	int (*dump)(struct sk_buff *skb, struct netlink_callback *);
 	int (*done)(struct netlink_callback *);
 	void *data;
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -106,6 +106,7 @@ static inline void genl_info_net_set(str
  * @flags: flags
  * @policy: attribute validation policy
  * @doit: standard command callback
+ * @start: start callback for dumps
  * @dumpit: callback for dumpers
  * @done: completion callback for dumps
  * @ops_list: operations list
@@ -114,6 +115,7 @@ struct genl_ops {
 	const struct nla_policy	*policy;
 	int		       (*doit)(struct sk_buff *skb,
 				       struct genl_info *info);
+	int		       (*start)(struct netlink_callback *cb);
 	int		       (*dumpit)(struct sk_buff *skb,
 					 struct netlink_callback *cb);
 	int		       (*done)(struct netlink_callback *cb);
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2043,6 +2043,7 @@ int __netlink_dump_start(struct sock *ss
 
 	cb = &nlk->cb;
 	memset(cb, 0, sizeof(*cb));
+	cb->start = control->start;
 	cb->dump = control->dump;
 	cb->done = control->done;
 	cb->nlh = nlh;
@@ -2056,6 +2057,9 @@ int __netlink_dump_start(struct sock *ss
 
 	mutex_unlock(nlk->cb_mutex);
 
+	if (cb->start)
+		cb->start(cb);
+
 	ret = netlink_dump(sk);
 	sock_put(sk);
 
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -507,6 +507,20 @@ void *genlmsg_put(struct sk_buff *skb, u
 }
 EXPORT_SYMBOL(genlmsg_put);
 
+static int genl_lock_start(struct netlink_callback *cb)
+{
+	/* our ops are always const - netlink API doesn't propagate that */
+	const struct genl_ops *ops = cb->data;
+	int rc = 0;
+
+	if (ops->start) {
+		genl_lock();
+		rc = ops->start(cb);
+		genl_unlock();
+	}
+	return rc;
+}
+
 static int genl_lock_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
 {
 	/* our ops are always const - netlink API doesn't propagate that */
@@ -571,6 +585,7 @@ static int genl_family_rcv_msg(struct ge
 				.module = family->module,
 				/* we have const, but the netlink API doesn't */
 				.data = (void *)ops,
+				.start = genl_lock_start,
 				.dump = genl_lock_dumpit,
 				.done = genl_lock_done,
 			};
@@ -582,6 +597,7 @@ static int genl_family_rcv_msg(struct ge
 		} else {
 			struct netlink_dump_control c = {
 				.module = family->module,
+				.start = ops->start,
 				.dump = ops->dumpit,
 				.done = ops->done,
 			};

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [PATCH 3.18 02/12] ipsec: Fix aborted xfrm policy dump crash
  2017-12-04 15:59 [PATCH 3.18 00/12] 3.18.86-stable review Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 3.18 01/12] netlink: add a start callback for starting a netlink dump Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 3.18 03/12] mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Herbert Xu, Steffen Klassert, Guenter Roeck

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Herbert Xu <herbert@gondor.apana.org.au>

commit 1137b5e2529a8f5ca8ee709288ecba3e68044df2 upstream.

An independent security researcher, Mohamed Ghannam, has reported
this vulnerability to Beyond Security's SecuriTeam Secure Disclosure
program.

The xfrm_dump_policy_done function expects xfrm_dump_policy to
have been called at least once or it will crash.  This can be
triggered if a dump fails because the target socket's receive
buffer is full.

This patch fixes it by using the cb->start mechanism to ensure that
the initialisation is always done regardless of the buffer situation.

Fixes: 12a169e7d8f4 ("ipsec: Put dumpers on the dump list")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/xfrm/xfrm_user.c |   25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1625,32 +1625,34 @@ static int dump_one_policy(struct xfrm_p
 
 static int xfrm_dump_policy_done(struct netlink_callback *cb)
 {
-	struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1];
+	struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
 	struct net *net = sock_net(cb->skb->sk);
 
 	xfrm_policy_walk_done(walk, net);
 	return 0;
 }
 
+static int xfrm_dump_policy_start(struct netlink_callback *cb)
+{
+	struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
+
+	BUILD_BUG_ON(sizeof(*walk) > sizeof(cb->args));
+
+	xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);
+	return 0;
+}
+
 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb)
 {
 	struct net *net = sock_net(skb->sk);
-	struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1];
+	struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
 	struct xfrm_dump_info info;
 
-	BUILD_BUG_ON(sizeof(struct xfrm_policy_walk) >
-		     sizeof(cb->args) - sizeof(cb->args[0]));
-
 	info.in_skb = cb->skb;
 	info.out_skb = skb;
 	info.nlmsg_seq = cb->nlh->nlmsg_seq;
 	info.nlmsg_flags = NLM_F_MULTI;
 
-	if (!cb->args[0]) {
-		cb->args[0] = 1;
-		xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);
-	}
-
 	(void) xfrm_policy_walk(net, walk, dump_one_policy, &info);
 
 	return skb->len;
@@ -2384,6 +2386,7 @@ static const struct nla_policy xfrma_spd
 
 static const struct xfrm_link {
 	int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **);
+	int (*start)(struct netlink_callback *);
 	int (*dump)(struct sk_buff *, struct netlink_callback *);
 	int (*done)(struct netlink_callback *);
 	const struct nla_policy *nla_pol;
@@ -2397,6 +2400,7 @@ static const struct xfrm_link {
 	[XFRM_MSG_NEWPOLICY   - XFRM_MSG_BASE] = { .doit = xfrm_add_policy    },
 	[XFRM_MSG_DELPOLICY   - XFRM_MSG_BASE] = { .doit = xfrm_get_policy    },
 	[XFRM_MSG_GETPOLICY   - XFRM_MSG_BASE] = { .doit = xfrm_get_policy,
+						   .start = xfrm_dump_policy_start,
 						   .dump = xfrm_dump_policy,
 						   .done = xfrm_dump_policy_done },
 	[XFRM_MSG_ALLOCSPI    - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi },
@@ -2443,6 +2447,7 @@ static int xfrm_user_rcv_msg(struct sk_b
 
 		{
 			struct netlink_dump_control c = {
+				.start = link->start,
 				.dump = link->dump,
 				.done = link->done,
 			};

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [PATCH 3.18 03/12] mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
  2017-12-04 15:59 [PATCH 3.18 00/12] 3.18.86-stable review Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 3.18 01/12] netlink: add a start callback for starting a netlink dump Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 3.18 02/12] ipsec: Fix aborted xfrm policy dump crash Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 3.18 04/12] mm/madvise.c: fix madvise() infinite loop under special circumstances Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kirill A. Shutemov, Michal Hocko,
	Hugh Dickins, Linus Torvalds, Ben Hutchings

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>

commit a8f97366452ed491d13cf1e44241bc0b5740b1f0 upstream.

Currently, we unconditionally make page table dirty in touch_pmd().
It may result in false-positive can_follow_write_pmd().

We may avoid the situation, if we would only make the page table entry
dirty if caller asks for write access -- FOLL_WRITE.

The patch also changes touch_pud() in the same way.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[Salvatore Bonaccorso: backport for 3.16:
 - Adjust context
 - Drop specific part for PUD-sized transparent hugepages. Support
   for PUD-sized transparent hugepages was added in v4.11-rc1
]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 mm/huge_memory.c |   14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -1240,17 +1240,11 @@ struct page *follow_trans_huge_pmd(struc
 	VM_BUG_ON_PAGE(!PageHead(page), page);
 	if (flags & FOLL_TOUCH) {
 		pmd_t _pmd;
-		/*
-		 * We should set the dirty bit only for FOLL_WRITE but
-		 * for now the dirty bit in the pmd is meaningless.
-		 * And if the dirty bit will become meaningful and
-		 * we'll only set it with FOLL_WRITE, an atomic
-		 * set_bit will be required on the pmd to set the
-		 * young bit, instead of the current set_pmd_at.
-		 */
-		_pmd = pmd_mkyoung(pmd_mkdirty(*pmd));
+		_pmd = pmd_mkyoung(*pmd);
+		if (flags & FOLL_WRITE)
+			_pmd = pmd_mkdirty(_pmd);
 		if (pmdp_set_access_flags(vma, addr & HPAGE_PMD_MASK,
-					  pmd, _pmd,  1))
+					  pmd, _pmd, flags & FOLL_WRITE))
 			update_mmu_cache_pmd(vma, addr, pmd);
 	}
 	if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [PATCH 3.18 04/12] mm/madvise.c: fix madvise() infinite loop under special circumstances
  2017-12-04 15:59 [PATCH 3.18 00/12] 3.18.86-stable review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 3.18 03/12] mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 3.18 05/12] btrfs: clear space cache inode generation always Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, chenjie, guoxuenan, Michal Hocko,
	Minchan Kim, zhangyi (F),
	Miao Xie, Mike Rapoport, Shaohua Li, Andrea Arcangeli,
	Mel Gorman, Kirill A. Shutemov, David Rientjes,
	Anshuman Khandual, Rik van Riel, Carsten Otte, Dan Williams,
	Andrew Morton, Linus Torvalds

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: chenjie <chenjie6@huawei.com>

commit 6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 upstream.

MADVISE_WILLNEED has always been a noop for DAX (formerly XIP) mappings.
Unfortunately madvise_willneed() doesn't communicate this information
properly to the generic madvise syscall implementation.  The calling
convention is quite subtle there.  madvise_vma() is supposed to either
return an error or update &prev otherwise the main loop will never
advance to the next vma and it will keep looping for ever without a way
to get out of the kernel.

It seems this has been broken since introduction.  Nobody has noticed
because nobody seems to be using MADVISE_WILLNEED on these DAX mappings.

[mhocko@suse.com: rewrite changelog]
Link: http://lkml.kernel.org/r/20171127115318.911-1-guoxuenan@huawei.com
Fixes: fe77ba6f4f97 ("[PATCH] xip: madvice/fadvice: execute in place")
Signed-off-by: chenjie <chenjie6@huawei.com>
Signed-off-by: guoxuenan <guoxuenan@huawei.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: zhangyi (F) <yi.zhang@huawei.com>
Cc: Miao Xie <miaoxie@huawei.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Shaohua Li <shli@fb.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Anshuman Khandual <khandual@linux.vnet.ibm.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Carsten Otte <cotte@de.ibm.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 mm/madvise.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -221,9 +221,9 @@ static long madvise_willneed(struct vm_a
 {
 	struct file *file = vma->vm_file;
 
+	*prev = vma;
 #ifdef CONFIG_SWAP
 	if (!file || mapping_cap_swap_backed(file->f_mapping)) {
-		*prev = vma;
 		if (!file)
 			force_swapin_readahead(vma, start, end);
 		else
@@ -241,7 +241,6 @@ static long madvise_willneed(struct vm_a
 		return 0;
 	}
 
-	*prev = vma;
 	start = ((start - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
 	if (end > vma->vm_end)
 		end = vma->vm_end;

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [PATCH 3.18 05/12] btrfs: clear space cache inode generation always
  2017-12-04 15:59 [PATCH 3.18 00/12] 3.18.86-stable review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 3.18 04/12] mm/madvise.c: fix madvise() infinite loop under special circumstances Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 3.18 08/12] eeprom: at24: check at24_read/write arguments Greg Kroah-Hartman
                   ` (4 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Josef Bacik, David Sterba

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Josef Bacik <jbacik@fb.com>

commit 8e138e0d92c6c9d3d481674fb14e3439b495be37 upstream.

We discovered a box that had double allocations, and suspected the space
cache may be to blame.  While auditing the write out path I noticed that
if we've already setup the space cache we will just carry on.  This
means that any error we hit after cache_save_setup before we go to
actually write the cache out we won't reset the inode generation, so
whatever was already written will be considered correct, except it'll be
stale.  Fix this by _always_ resetting the generation on the block group
inode, this way we only ever have valid or invalid cache.

With this patch I was no longer able to reproduce cache corruption with
dm-log-writes and my bpf error injection tool.

Signed-off-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/btrfs/extent-tree.c |   14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -3219,13 +3219,6 @@ again:
 		goto again;
 	}
 
-	/* We've already setup this transaction, go ahead and exit */
-	if (block_group->cache_generation == trans->transid &&
-	    i_size_read(inode)) {
-		dcs = BTRFS_DC_SETUP;
-		goto out_put;
-	}
-
 	/*
 	 * We want to set the generation to 0, that way if anything goes wrong
 	 * from here on out we know not to trust this cache when we load up next
@@ -3235,6 +3228,13 @@ again:
 	ret = btrfs_update_inode(trans, root, inode);
 	WARN_ON(ret);
 
+	/* We've already setup this transaction, go ahead and exit */
+	if (block_group->cache_generation == trans->transid &&
+	    i_size_read(inode)) {
+		dcs = BTRFS_DC_SETUP;
+		goto out_put;
+	}
+
 	if (i_size_read(inode) > 0) {
 		ret = btrfs_check_trunc_cache_free_space(root,
 					&root->fs_info->global_block_rsv);

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [PATCH 3.18 08/12] eeprom: at24: check at24_read/write arguments
  2017-12-04 15:59 [PATCH 3.18 00/12] 3.18.86-stable review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 3.18 05/12] btrfs: clear space cache inode generation always Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 3.18 09/12] drm/panel: simple: Add missing panel_simple_unprepare() calls Greg Kroah-Hartman
                   ` (3 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Heiner Kallweit, Bartosz Golaszewski

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Heiner Kallweit <hkallweit1@gmail.com>

commit d9bcd462daf34aebb8de9ad7f76de0198bb5a0f0 upstream.

So far we completely rely on the caller to provide valid arguments.
To be on the safe side perform an own sanity check.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/misc/eeprom/at24.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/drivers/misc/eeprom/at24.c
+++ b/drivers/misc/eeprom/at24.c
@@ -274,6 +274,9 @@ static ssize_t at24_read(struct at24_dat
 	if (unlikely(!count))
 		return count;
 
+	if (off + count > at24->chip.byte_len)
+		return -EINVAL;
+
 	/*
 	 * Read data from chip, protecting against concurrent updates
 	 * from this host, but not from other I2C masters.
@@ -328,6 +331,9 @@ static ssize_t at24_eeprom_write(struct
 	unsigned long timeout, write_time;
 	unsigned next_page;
 
+	if (offset + count > at24->chip.byte_len)
+		return -EINVAL;
+
 	/* Get corresponding I2C address and adjust offset */
 	client = at24_translate_offset(at24, &offset);
 

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [PATCH 3.18 09/12] drm/panel: simple: Add missing panel_simple_unprepare() calls
  2017-12-04 15:59 [PATCH 3.18 00/12] 3.18.86-stable review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 3.18 08/12] eeprom: at24: check at24_read/write arguments Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 3.18 10/12] NFS: revalidate "." etc correctly on "open" Greg Kroah-Hartman
                   ` (2 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jonathan Liu, Thierry Reding

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jonathan Liu <net147@gmail.com>

commit f3621a8eb59a913612c8e6e37d81f16b649f8b6c upstream.

During panel removal or system shutdown panel_simple_disable() is called
which disables the panel backlight but the panel is still powered due to
missing calls to panel_simple_unprepare().

Fixes: d02fd93e2cd8 ("drm/panel: simple - Disable panel on shutdown")
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20170807115545.27747-1-net147@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/panel/panel-simple.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/gpu/drm/panel/panel-simple.c
+++ b/drivers/gpu/drm/panel/panel-simple.c
@@ -312,6 +312,7 @@ static int panel_simple_remove(struct de
 	drm_panel_remove(&panel->base);
 
 	panel_simple_disable(&panel->base);
+	panel_simple_unprepare(&panel->base);
 
 	if (panel->ddc)
 		put_device(&panel->ddc->dev);
@@ -327,6 +328,7 @@ static void panel_simple_shutdown(struct
 	struct panel_simple *panel = dev_get_drvdata(dev);
 
 	panel_simple_disable(&panel->base);
+	panel_simple_unprepare(&panel->base);
 }
 
 static const struct drm_display_mode auo_b101aw03_mode = {

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [PATCH 3.18 10/12] NFS: revalidate "." etc correctly on "open".
  2017-12-04 15:59 [PATCH 3.18 00/12] 3.18.86-stable review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 3.18 09/12] drm/panel: simple: Add missing panel_simple_unprepare() calls Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 20:14 ` [PATCH 3.18 00/12] 3.18.86-stable review Shuah Khan
  2017-12-04 23:45 ` Guenter Roeck
  9 siblings, 0 replies; 11+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, NeilBrown, Anna Schumaker

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: NeilBrown <neilb@suse.com>

commit b688741cb06695312f18b730653d6611e1bad28d upstream.

For correct close-to-open semantics, NFS must validate
the change attribute of a directory (or file) on open.

Since commit ecf3d1f1aa74 ("vfs: kill FS_REVAL_DOT by adding a
d_weak_revalidate dentry op"), open() of "." or a path ending ".." is
not revalidated reliably (except when that direct is a mount point).

Prior to that commit, "." was revalidated using nfs_lookup_revalidate()
which checks the LOOKUP_OPEN flag and forces revalidation if the flag is
set.
Since that commit, nfs_weak_revalidate() is used for NFSv3 (which
ignores the flags) and nothing is used for NFSv4.

This is fixed by using nfs_lookup_verify_inode() in
nfs_weak_revalidate().  This does the revalidation exactly when needed.
Also, add a definition of .d_weak_revalidate for NFSv4.

The incorrect behavior is easily demonstrated by running "echo *" in
some non-mountpoint NFS directory while watching network traffic.
Without this patch, "echo *" sometimes doesn't produce any traffic.
With the patch it always does.

Fixes: ecf3d1f1aa74 ("vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op")
cc: stable@vger.kernel.org (3.9+)
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/dir.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1266,7 +1266,7 @@ static int nfs_weak_revalidate(struct de
 		return 0;
 	}
 
-	error = nfs_revalidate_inode(NFS_SERVER(inode), inode);
+	error = nfs_lookup_verify_inode(inode, flags);
 	dfprintk(LOOKUPCACHE, "NFS: %s: inode %lu is %s\n",
 			__func__, inode->i_ino, error ? "invalid" : "valid");
 	return !error;
@@ -1426,6 +1426,7 @@ static int nfs4_lookup_revalidate(struct
 
 const struct dentry_operations nfs4_dentry_operations = {
 	.d_revalidate	= nfs4_lookup_revalidate,
+	.d_weak_revalidate	= nfs_weak_revalidate,
 	.d_delete	= nfs_dentry_delete,
 	.d_iput		= nfs_dentry_iput,
 	.d_automount	= nfs_d_automount,

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH 3.18 00/12] 3.18.86-stable review
  2017-12-04 15:59 [PATCH 3.18 00/12] 3.18.86-stable review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 3.18 10/12] NFS: revalidate "." etc correctly on "open" Greg Kroah-Hartman
@ 2017-12-04 20:14 ` Shuah Khan
  2017-12-04 23:45 ` Guenter Roeck
  9 siblings, 0 replies; 11+ messages in thread
From: Shuah Khan @ 2017-12-04 20:14 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
	stable, Shuah Khan

On 12/04/2017 08:59 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.18.86 release.
> There are 12 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed Dec  6 15:59:06 UTC 2017.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.86-rc1.gz
> or in the git tree and branch at:
>   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

thanks,
-- Shuah

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH 3.18 00/12] 3.18.86-stable review
  2017-12-04 15:59 [PATCH 3.18 00/12] 3.18.86-stable review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2017-12-04 20:14 ` [PATCH 3.18 00/12] 3.18.86-stable review Shuah Khan
@ 2017-12-04 23:45 ` Guenter Roeck
  9 siblings, 0 replies; 11+ messages in thread
From: Guenter Roeck @ 2017-12-04 23:45 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuahkh, patches, ben.hutchings,
	lkft-triage, stable

On Mon, Dec 04, 2017 at 04:59:14PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.18.86 release.
> There are 12 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed Dec  6 15:59:06 UTC 2017.
> Anything received after that time might be too late.
> 

Build results:
	total: 136 pass: 136 fail: 0
Qemu test results:
	total: 112 pass: 112 fail: 0

Details are available at http://kerneltests.org/builders.

Guenter

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2017-12-04 23:45 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-04 15:59 [PATCH 3.18 00/12] 3.18.86-stable review Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 3.18 01/12] netlink: add a start callback for starting a netlink dump Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 3.18 02/12] ipsec: Fix aborted xfrm policy dump crash Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 3.18 03/12] mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 3.18 04/12] mm/madvise.c: fix madvise() infinite loop under special circumstances Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 3.18 05/12] btrfs: clear space cache inode generation always Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 3.18 08/12] eeprom: at24: check at24_read/write arguments Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 3.18 09/12] drm/panel: simple: Add missing panel_simple_unprepare() calls Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 3.18 10/12] NFS: revalidate "." etc correctly on "open" Greg Kroah-Hartman
2017-12-04 20:14 ` [PATCH 3.18 00/12] 3.18.86-stable review Shuah Khan
2017-12-04 23:45 ` Guenter Roeck

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).