From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, Denis Kirjanov <kda@linux-powerpc.org>,
"David Sterba" <dsterba@suse.com>,
"Filipe Manana" <fdmanana@suse.com>,
"Nikolay Borisov" <nborisov@suse.com>,
"Josef Bacik" <josef@toxicpanda.com>
Subject: [PATCH 3.16 86/99] Btrfs: fix race between adding and putting tree mod seq elements and nodes
Date: Wed, 20 May 2020 15:14:54 +0100 [thread overview]
Message-ID: <lsq.1589984009.798531406@decadent.org.uk> (raw)
In-Reply-To: <lsq.1589984008.673931885@decadent.org.uk>
3.16.84-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 7227ff4de55d931bbdc156c8ef0ce4f100c78a5b upstream.
There is a race between adding and removing elements to the tree mod log
list and rbtree that can lead to use-after-free problems.
Consider the following example that explains how/why the problems happens:
1) Task A has mod log element with sequence number 200. It currently is
the only element in the mod log list;
2) Task A calls btrfs_put_tree_mod_seq() because it no longer needs to
access the tree mod log. When it enters the function, it initializes
'min_seq' to (u64)-1. Then it acquires the lock 'tree_mod_seq_lock'
before checking if there are other elements in the mod seq list.
Since the list it empty, 'min_seq' remains set to (u64)-1. Then it
unlocks the lock 'tree_mod_seq_lock';
3) Before task A acquires the lock 'tree_mod_log_lock', task B adds
itself to the mod seq list through btrfs_get_tree_mod_seq() and gets a
sequence number of 201;
4) Some other task, name it task C, modifies a btree and because there
elements in the mod seq list, it adds a tree mod elem to the tree
mod log rbtree. That node added to the mod log rbtree is assigned
a sequence number of 202;
5) Task B, which is doing fiemap and resolving indirect back references,
calls btrfs get_old_root(), with 'time_seq' == 201, which in turn
calls tree_mod_log_search() - the search returns the mod log node
from the rbtree with sequence number 202, created by task C;
6) Task A now acquires the lock 'tree_mod_log_lock', starts iterating
the mod log rbtree and finds the node with sequence number 202. Since
202 is less than the previously computed 'min_seq', (u64)-1, it
removes the node and frees it;
7) Task B still has a pointer to the node with sequence number 202, and
it dereferences the pointer itself and through the call to
__tree_mod_log_rewind(), resulting in a use-after-free problem.
This issue can be triggered sporadically with the test case generic/561
from fstests, and it happens more frequently with a higher number of
duperemove processes. When it happens to me, it either freezes the VM or
it produces a trace like the following before crashing:
[ 1245.321140] general protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
[ 1245.321200] CPU: 1 PID: 26997 Comm: pool Not tainted 5.5.0-rc6-btrfs-next-52 #1
[ 1245.321235] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
[ 1245.321287] RIP: 0010:rb_next+0x16/0x50
[ 1245.321307] Code: ....
[ 1245.321372] RSP: 0018:ffffa151c4d039b0 EFLAGS: 00010202
[ 1245.321388] RAX: 6b6b6b6b6b6b6b6b RBX: ffff8ae221363c80 RCX: 6b6b6b6b6b6b6b6b
[ 1245.321409] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff8ae221363c80
[ 1245.321439] RBP: ffff8ae20fcc4688 R08: 0000000000000002 R09: 0000000000000000
[ 1245.321475] R10: ffff8ae20b120910 R11: 00000000243f8bb1 R12: 0000000000000038
[ 1245.321506] R13: ffff8ae221363c80 R14: 000000000000075f R15: ffff8ae223f762b8
[ 1245.321539] FS: 00007fdee1ec7700(0000) GS:ffff8ae236c80000(0000) knlGS:0000000000000000
[ 1245.321591] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1245.321614] CR2: 00007fded4030c48 CR3: 000000021da16003 CR4: 00000000003606e0
[ 1245.321642] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1245.321668] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1245.321706] Call Trace:
[ 1245.321798] __tree_mod_log_rewind+0xbf/0x280 [btrfs]
[ 1245.321841] btrfs_search_old_slot+0x105/0xd00 [btrfs]
[ 1245.321877] resolve_indirect_refs+0x1eb/0xc60 [btrfs]
[ 1245.321912] find_parent_nodes+0x3dc/0x11b0 [btrfs]
[ 1245.321947] btrfs_check_shared+0x115/0x1c0 [btrfs]
[ 1245.321980] ? extent_fiemap+0x59d/0x6d0 [btrfs]
[ 1245.322029] extent_fiemap+0x59d/0x6d0 [btrfs]
[ 1245.322066] do_vfs_ioctl+0x45a/0x750
[ 1245.322081] ksys_ioctl+0x70/0x80
[ 1245.322092] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1245.322113] __x64_sys_ioctl+0x16/0x20
[ 1245.322126] do_syscall_64+0x5c/0x280
[ 1245.322139] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1245.322155] RIP: 0033:0x7fdee3942dd7
[ 1245.322177] Code: ....
[ 1245.322258] RSP: 002b:00007fdee1ec6c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1245.322294] RAX: ffffffffffffffda RBX: 00007fded40210d8 RCX: 00007fdee3942dd7
[ 1245.322314] RDX: 00007fded40210d8 RSI: 00000000c020660b RDI: 0000000000000004
[ 1245.322337] RBP: 0000562aa89e7510 R08: 0000000000000000 R09: 00007fdee1ec6d44
[ 1245.322369] R10: 0000000000000073 R11: 0000000000000246 R12: 00007fdee1ec6d48
[ 1245.322390] R13: 00007fdee1ec6d40 R14: 00007fded40210d0 R15: 00007fdee1ec6d50
[ 1245.322423] Modules linked in: ....
[ 1245.323443] ---[ end trace 01de1e9ec5dff3cd ]---
Fix this by ensuring that btrfs_put_tree_mod_seq() computes the minimum
sequence number and iterates the rbtree while holding the lock
'tree_mod_log_lock' in write mode. Also get rid of the 'tree_mod_seq_lock'
lock, since it is now redundant.
Fixes: bd989ba359f2ac ("Btrfs: add tree modification log functions")
Fixes: 097b8a7c9e48e2 ("Btrfs: join tree mod log code with the code holding back delayed refs")
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 3.16:
- Use tree_mod_log_write_{,un}lock() in ctree.c for consistency
- Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
fs/btrfs/ctree.c | 8 ++------
fs/btrfs/ctree.h | 6 ++----
fs/btrfs/delayed-ref.c | 8 ++++----
fs/btrfs/disk-io.c | 1 -
fs/btrfs/tests/btrfs-tests.c | 1 -
5 files changed, 8 insertions(+), 16 deletions(-)
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -365,12 +365,10 @@ u64 btrfs_get_tree_mod_seq(struct btrfs_
struct seq_list *elem)
{
tree_mod_log_write_lock(fs_info);
- spin_lock(&fs_info->tree_mod_seq_lock);
if (!elem->seq) {
elem->seq = btrfs_inc_tree_mod_seq(fs_info);
list_add_tail(&elem->list, &fs_info->tree_mod_seq_list);
}
- spin_unlock(&fs_info->tree_mod_seq_lock);
tree_mod_log_write_unlock(fs_info);
return elem->seq;
@@ -390,7 +388,7 @@ void btrfs_put_tree_mod_seq(struct btrfs
if (!seq_putting)
return;
- spin_lock(&fs_info->tree_mod_seq_lock);
+ tree_mod_log_write_lock(fs_info);
list_del(&elem->list);
elem->seq = 0;
@@ -401,19 +399,17 @@ void btrfs_put_tree_mod_seq(struct btrfs
* blocker with lower sequence number exists, we
* cannot remove anything from the log
*/
- spin_unlock(&fs_info->tree_mod_seq_lock);
+ tree_mod_log_write_unlock(fs_info);
return;
}
min_seq = cur_elem->seq;
}
}
- spin_unlock(&fs_info->tree_mod_seq_lock);
/*
* anything that's lower than the lowest existing (read: blocked)
* sequence number can be removed from the tree.
*/
- tree_mod_log_write_lock(fs_info);
tm_root = &fs_info->tree_mod_log;
for (node = rb_first(tm_root); node; node = next) {
next = rb_next(node);
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -1502,14 +1502,12 @@ struct btrfs_fs_info {
spinlock_t delayed_iput_lock;
struct list_head delayed_iputs;
- /* this protects tree_mod_seq_list */
- spinlock_t tree_mod_seq_lock;
atomic64_t tree_mod_seq;
- struct list_head tree_mod_seq_list;
- /* this protects tree_mod_log */
+ /* this protects tree_mod_log and tree_mod_seq_list */
rwlock_t tree_mod_log_lock;
struct rb_root tree_mod_log;
+ struct list_head tree_mod_seq_list;
atomic_t nr_async_submits;
atomic_t async_submit_draining;
--- a/fs/btrfs/delayed-ref.c
+++ b/fs/btrfs/delayed-ref.c
@@ -344,7 +344,7 @@ void btrfs_merge_delayed_refs(struct btr
if (head->is_data)
return;
- spin_lock(&fs_info->tree_mod_seq_lock);
+ read_lock(&fs_info->tree_mod_log_lock);
if (!list_empty(&fs_info->tree_mod_seq_list)) {
struct seq_list *elem;
@@ -352,7 +352,7 @@ void btrfs_merge_delayed_refs(struct btr
struct seq_list, list);
seq = elem->seq;
}
- spin_unlock(&fs_info->tree_mod_seq_lock);
+ read_unlock(&fs_info->tree_mod_log_lock);
node = rb_first(&head->ref_root);
while (node) {
@@ -377,7 +377,7 @@ int btrfs_check_delayed_seq(struct btrfs
struct seq_list *elem;
int ret = 0;
- spin_lock(&fs_info->tree_mod_seq_lock);
+ read_lock(&fs_info->tree_mod_log_lock);
if (!list_empty(&fs_info->tree_mod_seq_list)) {
elem = list_first_entry(&fs_info->tree_mod_seq_list,
struct seq_list, list);
@@ -390,7 +390,7 @@ int btrfs_check_delayed_seq(struct btrfs
}
}
- spin_unlock(&fs_info->tree_mod_seq_lock);
+ read_unlock(&fs_info->tree_mod_log_lock);
return ret;
}
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -2167,7 +2167,6 @@ int open_ctree(struct super_block *sb,
spin_lock_init(&fs_info->delayed_iput_lock);
spin_lock_init(&fs_info->defrag_inodes_lock);
spin_lock_init(&fs_info->free_chunk_lock);
- spin_lock_init(&fs_info->tree_mod_seq_lock);
spin_lock_init(&fs_info->super_lock);
spin_lock_init(&fs_info->qgroup_op_lock);
spin_lock_init(&fs_info->buffer_lock);
--- a/fs/btrfs/tests/btrfs-tests.c
+++ b/fs/btrfs/tests/btrfs-tests.c
@@ -109,7 +109,6 @@ struct btrfs_fs_info *btrfs_alloc_dummy_
spin_lock_init(&fs_info->qgroup_op_lock);
spin_lock_init(&fs_info->super_lock);
spin_lock_init(&fs_info->fs_roots_radix_lock);
- spin_lock_init(&fs_info->tree_mod_seq_lock);
mutex_init(&fs_info->qgroup_ioctl_lock);
mutex_init(&fs_info->qgroup_rescan_lock);
rwlock_init(&fs_info->tree_mod_log_lock);
next prev parent reply other threads:[~2020-05-20 14:25 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-20 14:13 [PATCH 3.16 00/99] 3.16.84-rc1 review Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 01/99] fs/namespace.c: fix mountpoint reference counter race Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 02/99] propagate_one(): mnt_set_mountpoint() needs mount_lock Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 03/99] spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 04/99] padata: Remove unused but set variables Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 05/99] padata: avoid race in reordering Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 06/99] padata: get_next is never NULL Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 07/99] padata: ensure the reorder timer callback runs on the correct CPU Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 08/99] padata: ensure padata_do_serial() " Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 09/99] padata: Replace delayed timer with immediate workqueue in padata_reorder Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 10/99] padata: initialize pd->cpu with effective cpumask Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 11/99] padata: Remove broken queue flushing Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 12/99] padata: purge get_cpu and reorder_via_wq from padata_do_serial Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 13/99] crypto: pcrypt - Fix user-after-free on module unload Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 14/99] crypto: pcrypt - Do not clear MAY_SLEEP flag in original request Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 15/99] padata: always acquire cpu_hotplug_lock before pinst->lock Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 16/99] crypto: af_alg - Use bh_lock_sock in sk_destruct Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 17/99] crypto: api - Check spawn->alg under lock in crypto_drop_spawn Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 18/99] crypto: api - Fix race condition in crypto_spawn_alg Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 19/99] mmc: spi: Toggle SPI polarity, do not hardcode it Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 20/99] reiserfs: Fix memory leak of journal device string Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 21/99] reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 22/99] ath9k: fix storage endpoint lookup Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 23/99] rsi: fix use-after-free on failed probe and unbind Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 24/99] brcmfmac: Fix use after free in brcmf_sdio_readframes() Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 25/99] brcmfmac: abort and release host after error Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 26/99] brcmfmac: fix interface sanity check Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 27/99] orinoco_usb: " Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 28/99] rsi_91x_usb: " Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 29/99] zd1211rw: fix storage endpoint lookup Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 30/99] brcmfmac: Fix memory leak in brcmf_usbdev_qinit Ben Hutchings
2020-05-20 14:13 ` [PATCH 3.16 31/99] crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 32/99] scsi: qla2xxx: Fix mtcp dump collection failure Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 33/99] rtc: hym8563: Return -EINVAL if the time is known to be invalid Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 34/99] gianfar: Fix TX timestamping with a stacked DSA driver Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 35/99] pxa168fb: Fix the function used to release some memory in an error handling path Ben Hutchings
2020-05-21 14:09 ` Marion & Christophe JAILLET
2020-05-21 14:31 ` Marion & Christophe JAILLET
2020-05-21 20:28 ` Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 36/99] ALSA: sh: Fix compile warning wrt const Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 37/99] clk: tegra: Mark fuse clock as critical Ben Hutchings
2020-05-20 15:51 ` Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 38/99] ARM: tegra: Enable PLLP bypass during Tegra124 LP1 Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 39/99] media: iguanair: add sanity checks Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 40/99] media: iguanair: fix endpoint sanity check Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 41/99] ARM: dts: at91: sama5d3: fix maximum peripheral clock rates Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 42/99] ARM: dts: at91: sama5d3: define clock rate range for tcb1 Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 43/99] efi: Use early_mem*() instead of early_io*() Ben Hutchings
2020-05-20 15:53 ` Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 44/99] efi/x86: Map the entire EFI vendor string before copying it Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 45/99] PCI: Don't disable bridge BARs when assigning bus resources Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 46/99] power: supply: sbs-battery: Fix a signedness bug in sbs_get_battery_capacity() Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 47/99] dm space map common: fix to ensure new block isn't already in use Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 48/99] usb: dwc3: turn off VBUS when leaving host mode Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 49/99] usb: gadget: f_ncm: Use atomic_t to track in-flight request Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 50/99] usb: gadget: f_ecm: " Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 51/99] staging: wlan-ng: ensure error return is actually returned Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 52/99] nfs: NFS_SWAP should depend on SWAP Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 53/99] ubifs: Fix deadlock in concurrent bulk-read and writepage Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 54/99] x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 55/99] jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 56/99] KVM: arm64: Only sign-extend MMIO up to register width Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 57/99] sparc32: fix struct ipc64_perm type definition Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 58/99] KVM: x86: Don't let userspace set host-reserved cr4 bits Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 59/99] KVM: nVMX: vmread should not set rflags to specify success in case of #PF Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 60/99] x86: kvm: avoid unused variable warning Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 61/99] KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 62/99] USB: serial: ir-usb: add missing endpoint sanity check Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 63/99] USB: serial: ir-usb: fix link-speed handling Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 64/99] USB: serial: ir-usb: fix IrLAP framing Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 65/99] media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 66/99] KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 67/99] KVM: PPC: Book3S PR: Free shared page if mmu initialization fails Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 68/99] KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 69/99] tracing: Fix very unlikely race of registering two stat tracers Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 70/99] tracing: Fix tracing_stat return values in error handling paths Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 71/99] jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 72/99] ext4, jbd2: ensure panic when aborting with zero errno Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 73/99] iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 74/99] CIFS: Fix task struct use-after-free on reconnect Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 75/99] net_sched: ematch: reject invalid TCF_EM_SIMPLE Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 76/99] KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 77/99] KVM: x86: Refactor picdev_write() to prevent " Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 78/99] KVM: x86: Protect ioapic_read_indirect() from " Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 79/99] KVM: x86: Protect ioapic_write_indirect() " Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 80/99] KVM: x86: Protect kvm_lapic_reg_write() " Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 81/99] kvm: x86: use macros to compute bank MSRs Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 82/99] KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 83/99] KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 84/99] KVM: Check for a bad hva before dropping into the ghc slow path Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 85/99] of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc Ben Hutchings
2020-05-20 14:14 ` Ben Hutchings [this message]
2020-05-20 14:14 ` [PATCH 3.16 87/99] mm/mempolicy.c: fix out of bounds write in mpol_parse_str() Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 88/99] media/v4l2-core: set pages dirty upon releasing DMA buffers Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 89/99] tcp: clear tp->total_retrans in tcp_disconnect() Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 90/99] ALSA: dummy: Fix PCM format loop in proc output Ben Hutchings
2020-05-20 14:14 ` [PATCH 3.16 91/99] clocksource: Prevent double add_timer_on() for watchdog_timer Ben Hutchings
2020-05-20 14:15 ` [PATCH 3.16 92/99] cls_rsvp: fix rsvp_policy Ben Hutchings
2020-05-20 14:15 ` [PATCH 3.16 93/99] kconfig: fix broken dependency in randconfig-generated .config Ben Hutchings
2020-05-20 14:15 ` [PATCH 3.16 94/99] nfs: use kmap/kunmap directly Ben Hutchings
2020-05-20 14:15 ` [PATCH 3.16 95/99] NFS: Fix memory leaks and corruption in readdir Ben Hutchings
2020-05-20 14:15 ` [PATCH 3.16 96/99] NFS: Directory page cache pages need to be locked when read Ben Hutchings
2020-05-20 14:15 ` [PATCH 3.16 97/99] cifs: fail i/o on soft mounts if sessionsetup errors out Ben Hutchings
2020-05-20 14:15 ` [PATCH 3.16 98/99] bonding/alb: properly access headers in bond_alb_xmit() Ben Hutchings
2020-05-20 14:15 ` [PATCH 3.16 99/99] sunrpc: expiry_time should be seconds not timeval Ben Hutchings
2020-05-20 21:23 ` [PATCH 3.16 00/99] 3.16.84-rc1 review Guenter Roeck
2020-05-21 2:47 ` Chen-Yu Tsai
2020-05-21 7:40 ` Guenter Roeck
2020-05-21 20:22 ` Ben Hutchings
2020-05-21 20:20 ` Ben Hutchings
2020-05-21 22:37 ` Guenter Roeck
2020-05-22 0:00 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1589984009.798531406@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=dsterba@suse.com \
--cc=fdmanana@suse.com \
--cc=josef@toxicpanda.com \
--cc=kda@linux-powerpc.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nborisov@suse.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).