summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2016-07-04ovl: Copy up underlying inode's ->i_mode to overlay inodeVivek Goyal2-2/+2
Right now when a new overlay inode is created, we initialize overlay inode's ->i_mode from underlying inode ->i_mode but we retain only file type bits (S_IFMT) and discard permission bits. This patch changes it and retains permission bits too. This should allow overlay to do permission checks on overlay inode itself in task context. [SzM] It also fixes clearing suid/sgid bits on write. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Reported-by: Eryu Guan <eguan@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay") Cc: <stable@vger.kernel.org>
2016-07-04ovl: handle ATTR_KILL*Miklos Szeredi1-0/+3
Before 4bacc9c9234c ("overlayfs: Make f_path...") file->f_path pointed to the underlying file, hence suid/sgid removal on write worked fine. After that patch file->f_path pointed to the overlay file, and the file mode bits weren't copied to overlay_inode->i_mode. So the suid/sgid removal simply stopped working. The fix is to copy the mode bits, but then ovl_setattr() needs to clear ATTR_MODE to avoid the BUG() in notify_change(). So do this first, then in the next patch copy the mode. Reported-by: Eryu Guan <eguan@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay") Cc: <stable@vger.kernel.org>
2016-07-04Linux 4.7-rc6v4.7-rc6Linus Torvalds1-1/+1
2016-07-03Merge branch 'for-linus' of ↵Linus Torvalds4-2/+37
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse Pull fuse fix from Miklos Szeredi: "This makes sure userspace filesystems are not broken by the parallel lookups and readdir feature" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: serialize dirops by default
2016-07-03Merge branch 'overlayfs-linus' of ↵Linus Torvalds2-8/+33
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs fixes from Miklos Szeredi: "This contains fixes for a dentry leak, a regression in 4.6 noticed by Docker users and missing write access checking in truncate" * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: warn instead of error if d_type is not supported ovl: get_write_access() in truncate ovl: fix dentry leak for default_permissions
2016-07-03ovl: warn instead of error if d_type is not supportedVivek Goyal1-5/+7
overlay needs underlying fs to support d_type. Recently I put in a patch in to detect this condition and started failing mount if underlying fs did not support d_type. But this breaks existing configurations over kernel upgrade. Those who are running docker (partially broken configuration) with xfs not supporting d_type, are surprised that after kernel upgrade docker does not run anymore. https://github.com/docker/docker/issues/22937#issuecomment-229881315 So instead of erroring out, detect broken configuration and warn about it. This should allow existing docker setups to continue working after kernel upgrade. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Fixes: 45aebeaf4f67 ("ovl: Ensure upper filesystem supports d_type") Cc: <stable@vger.kernel.org> 4.6
2016-07-03Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linusLinus Torvalds1-4/+6
Pull MIPS fix from Ralf Baechle: "Only a single fix for 4.7 pending at this point. It fixes an issue that may lead to corruption of the cache mode bits in the page table" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: Fix possible corruption of cache mode by mprotect.
2016-07-03Merge tag 'powerpc-4.7-5' of ↵Linus Torvalds7-19/+65
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: - tm: Always reclaim in start_thread() for exec() class syscalls from Cyril Bur - tm: Avoid SLB faults in treclaim/trecheckpoint when RI=0 from Michael Neuling - eeh: Fix wrong argument passed to eeh_rmv_device() from Gavin Shan - Initialise pci_io_base as early as possible from Darren Stevens * tag 'powerpc-4.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc: Initialise pci_io_base as early as possible powerpc/tm: Avoid SLB faults in treclaim/trecheckpoint when RI=0 powerpc/eeh: Fix wrong argument passed to eeh_rmv_device() powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
2016-07-02Merge tag 'drm-fixes-for-v4.7-rc6' of ↵Linus Torvalds12-78/+160
git://people.freedesktop.org/~airlied/linux Pull drm fixes frlm Dave Airlie: "Just some AMD and Intel fixes, the AMD ones are further production Polaris fixes, and the Intel ones fix some early timeouts, some PCI ID changes and a couple of other fixes. Still a bit Internet challenged here, hopefully end of next week will solve it" * tag 'drm-fixes-for-v4.7-rc6' of git://people.freedesktop.org/~airlied/linux: drm/i915: Fix missing unlock on error in i915_ppgtt_info() drm/amd/powerplay: workaround for UVD clock issue drm/amdgpu: add ACLK_CNTL setting for polaris10 drm/amd/powerplay: fix issue uvd dpm can't enabled on Polaris11. drm/amd/powerplay: Workaround for Memory EDC Error on Polaris10. drm/i915: Removing PCI IDs that are no longer listed as Kabylake. drm/i915: Add more Kabylake PCI IDs. drm/i915: Avoid early timeout during AUX transfers drm/i915/hsw: Avoid early timeout during LCPLL disable/restore drm/i915/lpt: Avoid early timeout during FDI PHY reset drm/i915/bxt: Avoid early timeout during PLL enable drm/i915: Refresh cached DP port register value on resume drm/amd/powerplay: Update CKS on/ CKS off voltage offset calculation drm/amd/powerplay: disable FFC. drm/amd/powerplay: add some definition for FFC feature on polaris.
2016-07-02Merge tag 'spi-fix-v4.7-rc5' of ↵Linus Torvalds4-6/+38
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi fixes from Mark Brown: "A few small driver-specific fixes for SPI, all in the normal important if you hit them category especially the rockchip driver fix which addresses a race which has been exposed more frequently with some recent performance improvements" * tag 'spi-fix-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: sunxi: fix transfer timeout spi: sun4i: fix FIFO limit spi: rockchip: Signal unfinished DMA transfers spi: spi-ti-qspi: Suspend the queue before removing the device
2016-07-02Merge tag 'regulator-fix-v4.7-rc5' of ↵Linus Torvalds2-2/+7
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator fixes from Mark Brown: "Two small fixes for the regulator subsystem - one fixing a crash with one of the devices supported by the max77620 driver, another fixing startup for the anatop regulator when it starts up with the regulator in bypass mode" * tag 'regulator-fix-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: max77620: check for valid regulator info regulator: anatop: allow regulator to be in bypass mode
2016-07-02Merge tag 'clk-fixes-for-linus' of ↵Linus Torvalds4-17/+11
git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fixes from Stephen Boyd: "A small fix for the newly added oxnas clk driver and a handful of rockchip clk driver fixes for newly added rk3399 support" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: Fix return value check in oxnas_stdclk_probe() clk: rockchip: release io resource when failing to init clk on rk3399 clk: rockchip: fix cpuclk registration error handling clk: rockchip: Revert "clk: rockchip: reset init state before mmc card initialization" clk: rockchip: fix incorrect parent for rk3399's {c,g}pll_aclk_perihp_src clk: rockchip: mark rk3399 GIC clocks as critical clk: rockchip: initialize flags of clk_init_data in mmc-phase clock
2016-07-02Merge tag 'drm-intel-fixes-2016-06-30' of ↵Dave Airlie5-22/+22
git://anongit.freedesktop.org/drm-intel into drm-fixes here's a batch of i915 fixes for 4.7. * tag 'drm-intel-fixes-2016-06-30' of git://anongit.freedesktop.org/drm-intel: drm/i915: Fix missing unlock on error in i915_ppgtt_info() drm/i915: Removing PCI IDs that are no longer listed as Kabylake. drm/i915: Add more Kabylake PCI IDs. drm/i915: Avoid early timeout during AUX transfers drm/i915/hsw: Avoid early timeout during LCPLL disable/restore drm/i915/lpt: Avoid early timeout during FDI PHY reset drm/i915/bxt: Avoid early timeout during PLL enable drm/i915: Refresh cached DP port register value on resume
2016-07-02Merge branch 'drm-fixes-4.7' of git://people.freedesktop.org/~agd5f/linux ↵Dave Airlie7-56/+138
into drm-fixes Just a few more late fixes for Polaris cards. * 'drm-fixes-4.7' of git://people.freedesktop.org/~agd5f/linux: drm/amd/powerplay: workaround for UVD clock issue drm/amdgpu: add ACLK_CNTL setting for polaris10 drm/amd/powerplay: fix issue uvd dpm can't enabled on Polaris11. drm/amd/powerplay: Workaround for Memory EDC Error on Polaris10. drm/amd/powerplay: Update CKS on/ CKS off voltage offset calculation drm/amd/powerplay: disable FFC. drm/amd/powerplay: add some definition for FFC feature on polaris.
2016-07-02MIPS: Fix possible corruption of cache mode by mprotect.Ralf Baechle1-4/+6
The following testcase may result in a page table entries with a invalid CCA field being generated: static void *bindstack; static int sysrqfd; static void protect_low(int protect) { mprotect(bindstack, BINDSTACK_SIZE, protect); } static void sigbus_handler(int signal, siginfo_t * info, void *context) { void *addr = info->si_addr; write(sysrqfd, "x", 1); printf("sigbus, fault address %p (should not happen, but might)\n", addr); abort(); } static void run_bind_test(void) { unsigned int *p = bindstack; p[0] = 0xf001f001; write(sysrqfd, "x", 1); /* Set trap on access to p[0] */ protect_low(PROT_NONE); write(sysrqfd, "x", 1); /* Clear trap on access to p[0] */ protect_low(PROT_READ | PROT_WRITE | PROT_EXEC); write(sysrqfd, "x", 1); /* Check the contents of p[0] */ if (p[0] != 0xf001f001) { write(sysrqfd, "x", 1); /* Reached, but shouldn't be */ printf("badness, shouldn't happen but does\n"); abort(); } } int main(void) { struct sigaction sa; sysrqfd = open("/proc/sysrq-trigger", O_WRONLY); if (sigprocmask(SIG_BLOCK, NULL, &sa.sa_mask)) { perror("sigprocmask"); return 0; } sa.sa_sigaction = sigbus_handler; sa.sa_flags = SA_SIGINFO | SA_NODEFER | SA_RESTART; if (sigaction(SIGBUS, &sa, NULL)) { perror("sigaction"); return 0; } bindstack = mmap(NULL, BINDSTACK_SIZE, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); if (bindstack == MAP_FAILED) { perror("mmap bindstack"); return 0; } printf("bindstack: %p\n", bindstack); run_bind_test(); printf("done\n"); return 0; } There are multiple ingredients for this: 1) PAGE_NONE is defined to _CACHE_CACHABLE_NONCOHERENT, which is CCA 3 on all platforms except SB1 where it's CCA 5. 2) _page_cachable_default must have bits set which are not set _CACHE_CACHABLE_NONCOHERENT. 3) Either the defective version of pte_modify for XPA or the standard version must be in used. However pte_modify for the 36 bit address space support is no affected. In that case additional bits in the final CCA mode may generate an invalid value for the CCA field. On the R10000 system where this was tracked down for example a CCA 7 has been observed, which is Uncached Accelerated. Fixed by: 1) Using the proper CCA mode for PAGE_NONE just like for all the other PAGE_* pte/pmd bits. 2) Fix the two affected variants of pte_modify. Further code inspection also shows the same issue to exist in pmd_modify which would affect huge page systems. Issue in pte_modify tracked down by Alastair Bridgewater, PAGE_NONE and pmd_modify issue found by me. The history of this goes back beyond Linus' git history. Chris Dearman's commit 351336929ccf222ae38ff0cb7a8dd5fd5c6236a0 ("[MIPS] Allow setting of the cache attribute at run time.") missed the opportunity to fix this but it was originally introduced in lmo commit d523832cf12007b3242e50bb77d0c9e63e0b6518 ("Missing from last commit.") and 32cc38229ac7538f2346918a09e75413e8861f87 ("New configuration option CONFIG_MIPS_UNCACHED.") Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Reported-by: Alastair Bridgewater <alastair.bridgewater@gmail.com>
2016-07-02Merge tag 'acpi-4.7-rc6' of ↵Linus Torvalds1-1/+1
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fix from Rafael Wysocki: "Fix an expression in the ACPI PCI IRQ management code added by a recent commit that overlooked missing parens in it, so the result of the computation is incorrect in some cases (Sinan Kaya)" * tag 'acpi-4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI,PCI,IRQ: correct operator precedence
2016-07-02Merge tag 'pm-4.7-rc6' of ↵Linus Torvalds3-5/+11
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "Three cpufreq fixes, one in the core (stable-candidate) and two in drivers (intel_pstate and cpufreq-dt). Specifics: - Fix a recent intel_pstate regression that caused the number of wakeups to increase significantly on an idle system in some cases due to excessive synchronize_sched() invocations (Rafael Wysocki). - Fix unnecessary invocations of WARN_ON() in the cpufreq core after cpufreq has been suspended introduced during the 4.6 cycla (Rafael Wysocki). - Fix an error code path in the cpufreq-dt-platdev driver that forgets to drop a reference to a DT node (Masahiro Yamada)" * tag 'pm-4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: Avoid false-positive WARN_ON()s in cpufreq_update_policy() cpufreq: dt: call of_node_put() before error out intel_pstate: Do not clear utilization update hooks on policy changes
2016-07-02Merge branch 'for-linus' of ↵Linus Torvalds4-48/+78
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs fixes from Al Viro: "Tmpfs readdir throughput regression fix (this cycle) + some -stable fodder all over the place. One missing bit is Miklos' tonight locks.c fix - NFS folks had already grabbed that one by the time I woke up ;-)" [ The locks.c fix came through the nfsd tree just moments ago ] * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: namespace: update event counter when umounting a deleted dentry 9p: use file_dentry() ceph: fix d_obtain_alias() misuses lockless next_positive() libfs.c: new helper - next_positive() dcache_{readdir,dir_lseek}(): don't bother with nested ->d_lock
2016-07-02Merge tag 'nfsd-4.7-3' of git://linux-nfs.org/~bfields/linuxLinus Torvalds2-4/+11
Pull lockd/locks fixes from Bruce Fields: "One fix for lockd soft lookups in an error path, and one fix for file leases on overlayfs" * tag 'nfsd-4.7-3' of git://linux-nfs.org/~bfields/linux: locks: use file_inode() lockd: unregister notifier blocks if the service fails to come up completely
2016-07-02Merge tag 'mfd-fixes-4.7.1' of ↵Linus Torvalds3-3/+5
git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull more MFD fixes from Lee Jones: "Apologies for missing these from the first pull request. Final patches fixing Reset API change" * tag 'mfd-fixes-4.7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: usb: dwc3: st: Use explicit reset_control_get_exclusive() API phy: phy-stih407-usb: Use explicit reset_control_get_exclusive() API phy: miphy28lp: Inform the reset framework that our reset line may be shared
2016-07-02Merge branch 'libnvdimm-fixes' of ↵Linus Torvalds5-26/+60
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm fixes from Dan Williams: "1/ Two regression fixes since v4.6: one for the byte order of a sysfs attribute (bz121161) and another for QEMU 2.6's NVDIMM _DSM (ACPI Device Specific Method) implementation that gets tripped up by new auto-probing behavior in the NFIT driver. 2/ A fix tagged for -stable that stops the kernel from clobbering/ignoring changes to the configuration of a 'pfn' instance ("struct page" driver). For example changing the alignment from 2M to 1G may silently revert to 2M if that value is currently stored on media. 3/ A fix from Eric for an xfstests failure in dax. It is not currently tagged for -stable since it requires an 8-exabyte file system to trigger, and there appear to be no user visible side effects" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: nfit: fix format interface code byte order dax: fix offset overflow in dax_io acpi, nfit: fix acpi_check_dsm() vs zero functions implemented libnvdimm, pfn, dax: fix initialization vs autodetect for mode + alignment
2016-07-01Merge tag 'staging-4.7-rc6' of ↵Linus Torvalds6-11/+15
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging and IIO fixes from Greg KH: "Here are a few small staging and iio driver fixes for 4.7-rc6. Nothing major here, just a number of small fixes, all have been in linux-next for a while, and the full details are in the shortlog" * tag 'staging-4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: iio:ad7266: Fix probe deferral for vref iio:ad7266: Fix support for optional regulators iio:ad7266: Fix broken regulator error handling iio: accel: kxsd9: fix the usage of spi_w8r8() staging: iio: accel: fix error check staging: iio: ad5933: fix order of cycle conditions staging: iio: fix ad7606_spi regression iio: inv_mpu6050: Fix use-after-free in ACPI code
2016-07-01Merge tag 'tty-4.7-rc6' of ↵Linus Torvalds2-2/+6
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty fixes from Greg KH: "Here are two tty fixes for some reported issues. One resolves a crash in devpts, and the other resolves a problem with the fbcon cursor blink causing lockups. Both have been in linux-next with no reported problems" * tag 'tty-4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: devpts: fix null pointer dereference on failed memory allocation tty: vt: Fix soft lockup in fbcon cursor blink timer.
2016-07-01Merge tag 'usb-4.7-rc6' of ↵Linus Torvalds7-35/+22
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB and PHY fixes from Greg KH: "Here are a number of small USB and PHY driver fixes for 4.7-rc6. Nothing major here, all are described in the shortlog below. All have been in linux-next with no reported issues" * tag 'usb-4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: USB: don't free bandwidth_mutex too early USB: EHCI: declare hostpc register as zero-length array phy-sun4i-usb: Fix irq free conditions to match request conditions phy: bcm-ns-usb2: checking the wrong variable phy-sun4i-usb: fix missing __iomem * phy: phy-sun4i-usb: Fix optional gpios failing probe phy: rockchip-dp: fix return value check in rockchip_dp_phy_probe() phy: rcar-gen3-usb2: fix unexpected repeat interrupts of VBUS change usb: common: otg-fsm: add license to usb-otg-fsm
2016-07-01Merge tag 'iommu-fixes-v4.7-rc5' of ↵Linus Torvalds3-4/+8
git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull IOMMU fixes from Joerg Roedel: "Three fixes: - Fix use of smp_processor_id() in preemptible code in the IOVA allocation code. This got introduced with the scalability improvements in this release cycle. - A VT-d fix for out-of-bounds access of the iommu->domains array. The bug showed during suspend/resume. - AMD IOMMU fix to print the correct device id in the ACPI parsing code" * tag 'iommu-fixes-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/amd: Initialize devid variable before using it iommu/vt-d: Fix overflow of iommu->domains array iommu/iova: Disable preemption around use of this_cpu_ptr()
2016-07-01Merge remote-tracking branches 'regulator/fix/anatop' and ↵Mark Brown2-2/+7
'regulator/fix/max77620' into regulator-linus
2016-07-01locks: use file_inode()Miklos Szeredi1-1/+1
(Another one for the f_path debacle.) ltp fcntl33 testcase caused an Oops in selinux_file_send_sigiotask. The reason is that generic_add_lease() used filp->f_path.dentry->inode while all the others use file_inode(). This makes a difference for files opened on overlayfs since the former will point to the overlay inode the latter to the underlying inode. So generic_add_lease() added the lease to the overlay inode and generic_delete_lease() removed it from the underlying inode. When the file was released the lease remained on the overlay inode's lock list, resulting in use after free. Reported-by: Eryu Guan <eguan@redhat.com> Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay") Cc: <stable@vger.kernel.org> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2016-07-01usb: dwc3: st: Use explicit reset_control_get_exclusive() APILee Jones1-1/+2
We're making all reset line users specify whether their lines are shared with other IP or they operate them exclusively. In this case the line is exclusively used only by this IP, so use the *_exclusive() API accordingly. Acked-by: Felipe Balbi <felipe.balbi@linux.intel.com> Signed-off-by: Lee Jones <lee.jones@linaro.org>
2016-07-01phy: phy-stih407-usb: Use explicit reset_control_get_exclusive() APILee Jones1-1/+1
We're making all reset line users specify whether their lines are shared with other IP or they operate them exclusively. In this case the line is exclusively used only by this IP, so use the *_exclusive() API accordingly. Acked-by: Kishon Vijay Abraham I <kishon@ti.com> Signed-off-by: Lee Jones <lee.jones@linaro.org>
2016-07-01phy: miphy28lp: Inform the reset framework that our reset line may be sharedLee Jones1-1/+2
On the STiH410 B2120 development board the MiPHY28lp shares its reset line with the Synopsys DWC3 SuperSpeed (SS) USB 3.0 Dual-Role-Device (DRD). New functionality in the reset subsystems forces consumers to be explicit when requesting shared/exclusive reset lines. Acked-by: Kishon Vijay Abraham I <kishon@ti.com> Signed-off-by: Lee Jones <lee.jones@linaro.org>
2016-07-01namespace: update event counter when umounting a deleted dentryAndrey Ulanov1-0/+1
- m_start() in fs/namespace.c expects that ns->event is incremented each time a mount added or removed from ns->list. - umount_tree() removes items from the list but does not increment event counter, expecting that it's done before the function is called. - There are some codepaths that call umount_tree() without updating "event" counter. e.g. from __detach_mounts(). - When this happens m_start may reuse a cached mount structure that no longer belongs to ns->list (i.e. use after free which usually leads to infinite loop). This change fixes the above problem by incrementing global event counter before invoking umount_tree(). Change-Id: I622c8e84dcb9fb63542372c5dbf0178ee86bb589 Cc: stable@vger.kernel.org Signed-off-by: Andrey Ulanov <andreyu@google.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-07-019p: use file_dentry()Miklos Szeredi1-3/+3
v9fs may be used as lower layer of overlayfs and accessing f_path.dentry can lead to a crash. In this case it's a NULL pointer dereference in p9_fid_create(). Fix by replacing direct access of file->f_path.dentry with the file_dentry() accessor, which will always return a native object. Reported-by: Alessio Igor Bogani <alessioigorbogani@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Tested-by: Alessio Igor Bogani <alessioigorbogani@gmail.com> Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay") Cc: <stable@vger.kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-06-30lockd: unregister notifier blocks if the service fails to come up completelyScott Mayhew1-3/+10
If the lockd service fails to start up then we need to be sure that the notifier blocks are not registered, otherwise a subsequent start of the service could cause the same notifier to be registered twice, leading to soft lockups. Signed-off-by: Scott Mayhew <smayhew@redhat.com> Cc: stable@vger.kernel.org Fixes: 0751ddf77b6a "lockd: Register callbacks on the inetaddr_chain..." Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2016-06-30Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds8-39/+41
Pull KVM fixes from Paolo Bonzini: "ARM and x86 fixes" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: nVMX: VMX instructions: fix segment checks when L1 is in long mode. KVM: LAPIC: cap __delay at lapic_timer_advance_ns KVM: x86: move nsec_to_cycles from x86.c to x86.h pvclock: Get rid of __pvclock_read_cycles in function pvclock_read_flags pvclock: Cleanup to remove function pvclock_get_nsec_offset pvclock: Add CPU barriers to get correct version value KVM: arm/arm64: Stop leaking vcpu pid references arm64: KVM: fix build with CONFIG_ARM_PMU disabled
2016-06-30Merge tag 'arc-4.7-rc6-fixes' of ↵Linus Torvalds2-3/+1
git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC fix from Vineet Gupta: "Reinstate dwarf unwinder/loadable-modules with new gnu tools" * tag 'arc-4.7-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: arc: unwind: warn only once if DW2_UNWIND is disabled ARC: unwind: ensure that .debug_frame is generated (vs. .eh_frame)
2016-06-30Merge tag 'pwm/for-4.7-rc6' of ↵Linus Torvalds1-6/+10
git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm Pull pwm fixes from Thierry Reding: "One more fix for some fallout observed after the introduction of the atomic API" * tag 'pwm/for-4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: pwm: Fix pwm_apply_args()
2016-06-30Merge tag 'mfd-fixes-4.7' of ↵Linus Torvalds7-51/+181
git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull MFD fixes from Lee Jones: "Contained are some standard fixes and unusually an extension to the Reset API. Some of those changes are required to fix a bug introduced in -rc1, which introduces extra 'reset line checks' i.e. whether the line is shared or not. If a line is shared and the new *_shared() API is not used, the request fails with an error. This breaks USB in v4.7 for ST's platforms. Admittedly, there are some patches contained in our (MFD/Reset) immutable branch which are not true -fixes, but there isn't anything I can do about that. Rest assured though, there aren't any API 'changes'. Everything is the same from the consumer's perspective. - Use new reset_*_get_shared() variant to prevent reset line obtainment failure (Fixes commit 0b52297f2288: "reset: Add support for shared reset controls") - Fix unintentional switch() fall-through into error path - Fix uninitialised variable compiler warning" * tag 'mfd-fixes-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: mfd: da9053: Fix compiler warning message for uninitialised variable mfd: max77620: Fix FPS switch statements phy: phy-stih407-usb: Inform the reset framework that our reset line may be shared usb: dwc3: st: Inform the reset framework that our reset line may be shared usb: host: ehci-st: Inform the reset framework that our reset line may be shared usb: host: ohci-st: Inform the reset framework that our reset line may be shared reset: TRIVIAL: Add line break at same place for similar APIs reset: Supply *_shared variant calls when using *_optional APIs reset: Supply *_shared variant calls when using of_* API reset: Ensure drivers are explicit when requesting reset lines reset: Reorder inline reset_control_get*() wrappers
2016-06-30Merge tag 'kvm-arm-for-v4.7-rc6' of ↵Paolo Bonzini2-2/+3
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into kvm-master KVM/ARM Fixes for v4.7-rc6: Fixes a build issue without CONFIG_ARM_PMU and plugs pid leak on arm/arm64.
2016-06-30ACPI,PCI,IRQ: correct operator precedenceSinan Kaya1-1/+1
The omitted parenthesis prevents the addition operation when acpi_penalize_isa_irq function is called. Fixes: 103544d86976 (ACPI,PCI,IRQ: reduce resource requirements) Signed-off-by: Sinan Kaya <okaya@codeaurora.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-06-30Merge remote-tracking branches 'spi/fix/ep93xx', 'spi/fix/rockchip', ↵Mark Brown4-6/+38
'spi/fix/sunxi' and 'spi/fix/ti-qspi' into spi-linus
2016-06-30fuse: serialize dirops by defaultMiklos Szeredi4-2/+37
Negotiate with userspace filesystems whether they support parallel readdir and lookup. Disable parallelism by default for fear of breaking fuse filesystems. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Fixes: 9902af79c01a ("parallel lookups: actual switch to rwsem") Fixes: d9b3dbdcfd62 ("fuse: switch to ->iterate_shared()")
2016-06-30drm/i915: Fix missing unlock on error in i915_ppgtt_info()Wei Yongjun1-2/+2
Add the missing unlock before return from function i915_ppgtt_info() in the error handling case. Fixes: 1d2ac403ae3b(drm: Protect dev->filelist with its own mutex) Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: http://patchwork.freedesktop.org/patch/msgid/1465861320-26221-1-git-send-email-weiyj_lk@163.com (cherry picked from commit b0212486909de4f239ca9f20d032de1b1f2dc52e) Signed-off-by: Jani Nikula <jani.nikula@intel.com>
2016-06-30powerpc: Initialise pci_io_base as early as possibleDarren Stevens4-1/+10
Commit d6a9996e84ac ("powerpc/mm: vmalloc abstraction in preparation for radix") turned kernel memory and IO addresses from #defined constants to variables initialised at runtime. On PA6T (pasemi) systems the setup_arch() machine call initialises the onboard PCI-e root-ports, and uses pci_io_base to do this, which is now before its value has been set, resulting in a panic early in boot before console IO is initialised. Move the pci_io_base initialisation to the same place as vmalloc ranges are set (hash__early_init_mmu()/radix__early_init_mmu()) - this is the earliest possible place we can initialise it. Fixes: d6a9996e84ac ("powerpc/mm: vmalloc abstraction in preparation for radix") Reported-by: Christian Zigotzky <chzigotzky@xenosoft.de> Signed-off-by: Darren Stevens <darren@stevens-zone.net> Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> [mpe: Add #ifdef CONFIG_PCI, massage change log slightly] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2016-06-30mfd: da9053: Fix compiler warning message for uninitialised variableSteve Twiss1-1/+1
Fix compiler warning caused by an uninitialised variable inside da9052_group_write() function. Defaulting the value to zero covers the trivial case. Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com> Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Lee Jones <lee.jones@linaro.org>
2016-06-30mfd: max77620: Fix FPS switch statementsRhyland Klein1-0/+2
When configuring FPS during probe, assuming a DT node is present for FPS, the code can run into a problem with the switch statements in max77620_config_fps() and max77620_get_fps_period_reg_value(). Namely, in the case of chip->chip_id == MAX77620, it will set fps_[mix|max]_period but then fall through to the default switch case and return -EINVAL. Returning this from max77620_config_fps() will cause probe to fail. Signed-off-by: Rhyland Klein <rklein@nvidia.com> Reviewed-by: Laxman Dewangan <ldewangan@nvidia.com> Reviewed-by: Thierry Reding <treding@nvidia.com> Tested-by: Thierry Reding <treding@nvidia.com> Tested-by: Alexandre Courbot <acourbot@nvidia.com> Signed-off-by: Lee Jones <lee.jones@linaro.org>
2016-06-30phy: phy-stih407-usb: Inform the reset framework that our reset line may be ↵Lee Jones1-1/+1
shared On the STiH410 B2120 development board the ports on the Generic PHY share their reset lines with each other. New functionality in the reset subsystems forces consumers to be explicit when requesting shared/exclusive reset lines. Signed-off-by: Lee Jones <lee.jones@linaro.org>
2016-06-30usb: dwc3: st: Inform the reset framework that our reset line may be sharedLee Jones1-1/+2
On the STiH410 B2120 development board the MiPHY28lp shares its reset line with the Synopsys DWC3 SuperSpeed (SS) USB 3.0 Dual-Role-Device (DRD). New functionality in the reset subsystems forces consumers to be explicit when requesting shared/exclusive reset lines. Acked-by: Felipe Balbi <felipe.balbi@linux.intel.com> Signed-off-by: Lee Jones <lee.jones@linaro.org>
2016-06-30usb: host: ehci-st: Inform the reset framework that our reset line may be sharedLee Jones1-2/+4
On the STiH410 B2120 development board the ST EHCI IP shares its reset line with the OHCI IP. New functionality in the reset subsystems forces consumers to be explicit when requesting shared/exclusive reset lines. Acked-by: Peter Griffin <peter.griffin@linaro.org> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Lee Jones <lee.jones@linaro.org>
2016-06-30usb: host: ohci-st: Inform the reset framework that our reset line may be sharedLee Jones1-2/+4
On the STiH410 B2120 development board the ST EHCI IP shares its reset line with the OHCI IP. New functionality in the reset subsystems forces consumers to be explicit when requesting shared/exclusive reset lines. Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Lee Jones <lee.jones@linaro.org>
2016-06-30Merge tag 'nfs-for-4.7-2' of git://git.linux-nfs.org/projects/anna/linux-nfsLinus Torvalds8-23/+45
Pull NFS client bugfixes from Anna Schumaker: "Stable bugfixes: - Fix _cancel_empty_pagelist - Fix a double page unlock - Make nfs_atomic_open() call d_drop() on all ->open_context() errors. - Fix another OPEN_DOWNGRADE bug Other bugfixes: - Ensure we handle delegation errors in nfs4_proc_layoutget() - Layout stateids start out as being invalid - Add sparse lock annotations for pnfs_find_alloc_layout - Handle bad delegation stateids in nfs4_layoutget_handle_exception - Fix up O_DIRECT results - Fix potential use after free of state in nfs4_do_reclaim. - Mark the layout stateid invalid when all segments are removed - Don't let readdirplus revalidate an inode that was marked as stale - Fix potential race in nfs_fhget() - Fix an unused variable warning" * tag 'nfs-for-4.7-2' of git://git.linux-nfs.org/projects/anna/linux-nfs: NFS: Fix another OPEN_DOWNGRADE bug make nfs_atomic_open() call d_drop() on all ->open_context() errors. NFS: Fix an unused variable warning NFS: Fix potential race in nfs_fhget() NFS: Don't let readdirplus revalidate an inode that was marked as stale NFSv4.1/pnfs: Mark the layout stateid invalid when all segments are removed NFS: Fix a double page unlock pnfs_nfs: fix _cancel_empty_pagelist nfs4: Fix potential use after free of state in nfs4_do_reclaim. NFS: Fix up O_DIRECT results NFS/pnfs: handle bad delegation stateids in nfs4_layoutget_handle_exception NFSv4.1/pnfs: Add sparse lock annotations for pnfs_find_alloc_layout NFSv4.1/pnfs: Layout stateids start out as being invalid NFSv4.1/pnfs: Ensure we handle delegation errors in nfs4_proc_layoutget()