25 Jan, 2021
1 commit
-
Change-Id: I173bc0325c93daaf82bb894f77ba35fa827864de
06 Jan, 2021
1 commit
-
commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream.
when directory item has an invalid value set for ih_entry_count it might
trigger use-after-free or out-of-bounds read in bin_search_in_dir_item()ih_entry_count * IH_SIZE for directory item should not be larger than
ih_item_lenLink: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com
Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7
Signed-off-by: Rustam Kovhaev
Signed-off-by: Jan Kara
Signed-off-by: Greg Kroah-Hartman
26 Oct, 2020
1 commit
-
…scm/linux/kernel/git/hyperv/linux") into android-mainline
Steps on the way to 5.10-rc1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1a4319d3921c77e672ffa5a0efec4882736a74f7
01 Oct, 2020
1 commit
-
With suitably crafted reiserfs image and mount command reiserfs will
crash when trying to verify that XATTR_ROOT directory can be looked up
in / as that recurses back to xattr code like:xattr_lookup+0x24/0x280 fs/reiserfs/xattr.c:395
reiserfs_xattr_get+0x89/0x540 fs/reiserfs/xattr.c:677
reiserfs_get_acl+0x63/0x690 fs/reiserfs/xattr_acl.c:209
get_acl+0x152/0x2e0 fs/posix_acl.c:141
check_acl fs/namei.c:277 [inline]
acl_permission_check fs/namei.c:309 [inline]
generic_permission+0x2ba/0x550 fs/namei.c:353
do_inode_permission fs/namei.c:398 [inline]
inode_permission+0x234/0x4a0 fs/namei.c:463
lookup_one_len+0xa6/0x200 fs/namei.c:2557
reiserfs_lookup_privroot+0x85/0x1e0 fs/reiserfs/xattr.c:972
reiserfs_fill_super+0x2b51/0x3240 fs/reiserfs/super.c:2176
mount_bdev+0x24f/0x360 fs/super.c:1417Fix the problem by bailing from reiserfs_xattr_get() when xattrs are not
yet initialized.CC: stable@vger.kernel.org
Reported-by: syzbot+9b33c9b118d77ff59b6f@syzkaller.appspotmail.com
Signed-off-by: Jan Kara
22 Sep, 2020
1 commit
-
reiserfs_read_locked_inode() didn't initialize key length properly. Use
_make_cpu_key() macro for key initialization so that all key member are
properly initialized.CC: stable@vger.kernel.org
Reported-by: syzbot+d94d02749498bb7bab4b@syzkaller.appspotmail.com
Signed-off-by: Jan Kara
16 Sep, 2020
1 commit
-
unlock_new_inode() is only meant to be called after a new inode has
already been inserted into the hash table. But reiserfs_new_inode() can
call it even before it has inserted the inode, triggering the WARNING in
unlock_new_inode(). Fix this by only calling unlock_new_inode() if the
inode has the I_NEW flag set, indicating that it's in the table.This addresses the syzbot report "WARNING in unlock_new_inode"
(https://syzkaller.appspot.com/bug?extid=187510916eb6a14598f7).Link: https://lore.kernel.org/r/20200628070057.820213-1-ebiggers@kernel.org
Reported-by: syzbot+187510916eb6a14598f7@syzkaller.appspotmail.com
Signed-off-by: Eric Biggers
Signed-off-by: Jan Kara
28 Aug, 2020
1 commit
-
When a usrjquota or grpjquota mount option is used multiple times, we
will leak memory allocated for the file name. Make sure the last setting
is used and all the previous ones are properly freed.Reported-by: syzbot+c9e294bbe0333a6b7640@syzkaller.appspotmail.com
Signed-off-by: Jan Kara
07 Aug, 2020
3 commits
-
…ernel/git/teigland/linux-dlm") into android-mainline
Steps along the way to 5.9-rc1
Fixed conflicts in:
drivers/scsi/ufs/Kconfig
drivers/scsi/ufs/ufshcd-crypto.c
drivers/scsi/ufs/ufshcd.h
drivers/staging/android/ion/ion.c
drivers/staging/android/ion/ion_heap.c
include/linux/ion.hSigned-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia2602190d5960b7ad1beaf49a00489d49f144a4e -
Pull ext2, udf, reiserfs, quota cleanups and minor fixes from Jan Kara:
"A few ext2 fixups and then several (mostly comment and documentation)
cleanups in ext2, udf, reiserfs, and quota"* tag 'for_v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
reiserfs: delete duplicated words
udf: osta_udf.h: delete a duplicated word
reiserfs: reiserfs.h: delete a duplicated word
ext2: ext2.h: fix duplicated word + typos
udf: Replace HTTP links with HTTPS ones
quota: Fixup http links in quota doc
Replace HTTP links with HTTPS ones: DISKQUOTA
ext2: initialize quota info in ext2_xattr_set()
ext2: fix some incorrect comments in inode.c
ext2: remove nocheck option
ext2: fix missing percpu_counter_inc
ext2: ext2_find_entry() return -ENOENT if no entry found
ext2: propagate errors up to ext2_find_entry()'s callers
ext2: fix improper assignment for e_value_offs -
…el.dk/linux-block") into android-mainline
Conflicts:
drivers/md/dm-bow.c
drivers/md/dm-default-key.c
drivers/md/dm.c
fs/crypto/inline_crypt.cReplace bdev->bd_queue with bdev_get_queue(bdev).
Bug: 129280212
Bug: 160883801
Bug: 160885805
Bug: 162257830
Change-Id: I9b0b295472080dfc0990dcb769205e68d706ce0e
Signed-off-by: Eric Biggers <ebiggers@google.com>
05 Aug, 2020
1 commit
-
Delete repeated words in fs/reiserfs/.
{from, not, we, are}Link: https://lore.kernel.org/r/20200805024925.12281-1-rdunlap@infradead.org
Signed-off-by: Randy Dunlap
To: linux-fsdevel@vger.kernel.org
Cc: Jan Kara
Cc: Jeff Mahoney
Cc: Andrew Morton
Cc: reiserfs-devel@vger.kernel.org
Signed-off-by: Jan Kara
27 Jul, 2020
1 commit
-
Drop the repeated word "than" in a comment.
Link: https://lore.kernel.org/r/20200720001431.29718-1-rdunlap@infradead.org
Signed-off-by: Randy Dunlap
Cc: Jan Kara
Cc: Jeff Mahoney
Cc: reiserfs-devel@vger.kernel.org
Signed-off-by: Jan Kara
24 Jun, 2020
1 commit
-
Move most of the block related definition out of fs.h into more suitable
headers.Signed-off-by: Christoph Hellwig
Signed-off-by: Jens Axboe
23 Jun, 2020
1 commit
-
…nux/kernel/git/jack/linux-fs") into android-mainline
Small steps on the way to 5.8-rc1
Change-Id: I664ad93f8264c07f34ac1fefb4046d879e6129ed
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
18 Jun, 2020
1 commit
-
…rnel.dk/linux-block") into android-mainline
Conflicts:
block/blk-core.c
block/blk-crypto-fallback.c
block/blk-crypto.c
block/keyslot-manager.c
drivers/md/dm.c
include/linux/blk-crypto.h
include/linux/blk_types.h
include/linux/keyslot-manager.hChange-Id: Ie757c41fa41e6a9aacdf123d82d4f681623a02a8
Signed-off-by: Eric Biggers <ebiggers@google.com>
12 Jun, 2020
1 commit
-
Tiny merge resolutions along the way to 5.8-rc1.
Change-Id: I24b3cca28ed36f32c92b6374dae5d7f006d3bced
Signed-off-by: Greg Kroah-Hartman
05 Jun, 2020
1 commit
-
Pull ext2 and reiserfs cleanups from Jan Kara:
"Two small cleanups for ext2 and one for reiserfs"* tag 'for_v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
reiserfs: Replace kmalloc with kcalloc in the comment
ext2: code cleanup by removing ifdef macro surrounding
ext2: Fix i_op setting for special inode
03 Jun, 2020
2 commits
-
Pull block updates from Jens Axboe:
"Core block changes that have been queued up for this release:- Remove dead blk-throttle and blk-wbt code (Guoqing)
- Include pid in blktrace note traces (Jan)
- Don't spew I/O errors on wouldblock termination (me)
- Zone append addition (Johannes, Keith, Damien)
- IO accounting improvements (Konstantin, Christoph)
- blk-mq hardware map update improvements (Ming)
- Scheduler dispatch improvement (Salman)
- Inline block encryption support (Satya)
- Request map fixes and improvements (Weiping)
- blk-iocost tweaks (Tejun)
- Fix for timeout failing with error injection (Keith)
- Queue re-run fixes (Douglas)
- CPU hotplug improvements (Christoph)
- Queue entry/exit improvements (Christoph)
- Move DMA drain handling to the few drivers that use it (Christoph)
- Partition handling cleanups (Christoph)"
* tag 'for-5.8/block-2020-06-01' of git://git.kernel.dk/linux-block: (127 commits)
block: mark bio_wouldblock_error() bio with BIO_QUIET
blk-wbt: rename __wbt_update_limits to wbt_update_limits
blk-wbt: remove wbt_update_limits
blk-throttle: remove tg_drain_bios
blk-throttle: remove blk_throtl_drain
null_blk: force complete for timeout request
blk-mq: drain I/O when all CPUs in a hctx are offline
blk-mq: add blk_mq_all_tag_iter
blk-mq: open code __blk_mq_alloc_request in blk_mq_alloc_request_hctx
blk-mq: use BLK_MQ_NO_TAG in more places
blk-mq: rename BLK_MQ_TAG_FAIL to BLK_MQ_NO_TAG
blk-mq: move more request initialization to blk_mq_rq_ctx_init
blk-mq: simplify the blk_mq_get_request calling convention
blk-mq: remove the bio argument to ->prepare_request
nvme: force complete cancelled requests
blk-mq: blk-mq: provide forced completion method
block: fix a warning when blkdev.h is included for !CONFIG_BLOCK builds
block: blk-crypto-fallback: remove redundant initialization of variable err
block: reduce part_stat_lock() scope
block: use __this_cpu_add() instead of access by smp_processor_id()
... -
Implement the new readahead aop and convert all callers (block_dev,
exfat, ext2, fat, gfs2, hpfs, isofs, jfs, nilfs2, ocfs2, omfs, qnx6,
reiserfs & udf).The callers are all trivial except for GFS2 & OCFS2.
Signed-off-by: Matthew Wilcox (Oracle)
Signed-off-by: Andrew Morton
Reviewed-by: Junxiao Bi # ocfs2
Reviewed-by: Joseph Qi # ocfs2
Reviewed-by: Dave Chinner
Reviewed-by: John Hubbard
Reviewed-by: Christoph Hellwig
Reviewed-by: William Kucharski
Cc: Chao Yu
Cc: Cong Wang
Cc: Darrick J. Wong
Cc: Eric Biggers
Cc: Gao Xiang
Cc: Jaegeuk Kim
Cc: Michal Hocko
Cc: Zi Yan
Cc: Johannes Thumshirn
Cc: Miklos Szeredi
Link: http://lkml.kernel.org/r/20200414150233.24495-17-willy@infradead.org
Signed-off-by: Linus Torvalds
29 May, 2020
1 commit
-
Use kcalloc instead of kmalloc in the comment according to
the previous kcalloc() call.Link: https://lore.kernel.org/r/1590714150-15895-1-git-send-email-wang.yi59@zte.com.cn
Signed-off-by: Liao Pingfang
Signed-off-by: Jan Kara
22 May, 2020
1 commit
-
The argument isn't used by any caller, and drivers don't fill out
bi_sector for flush requests either.Signed-off-by: Christoph Hellwig
Signed-off-by: Jens Axboe
10 Apr, 2020
1 commit
-
…x") into android-mainline
Baby steps on the way to 5.7-rc1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I89095a90046a14eab189aab257a75b3dfdb5b1db
08 Apr, 2020
1 commit
-
There are several places where code is indented incorrectly. Fix these.
Signed-off-by: Colin Ian King
Signed-off-by: Andrew Morton
Link: http://lkml.kernel.org/r/20200325135018.113431-1-colin.king@canonical.com
Signed-off-by: Linus Torvalds
31 Mar, 2020
1 commit
-
…/scm/linux/kernel/git/tip/tip into android-mainline
In a quest to make the huge -rc1 merge easier to handle and bisect,
merge the first chunk of 5.7-rc1 patches into android-mainline.Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib54436e9515660a4c0c25c49c21bfb399eb57921
24 Mar, 2020
1 commit
-
There is no good reason for __bdevname to exist. Just open code
printing the string in the callers. For three of them the format
string can be trivially merged into existing printk statements,
and in init/do_mounts.c we can at least do the scnprintf once at
the start of the function, and unconditional of CONFIG_BLOCK to
make the output for tiny configfs a little more helpful.Acked-by: Theodore Ts'o # for ext4
Signed-off-by: Christoph Hellwig
Signed-off-by: Jens Axboe
08 Feb, 2020
1 commit
-
…x/kernel/git/andersson/remoteproc") into android-mainline
Another "small" merge point to handle conflicts in a sane way.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5dc2f5f11275b29f3c9b5b8d4dd59864ceb6faf9
01 Feb, 2020
2 commits
-
Pull updates from Andrew Morton:
"Most of -mm and quite a number of other subsystems: hotfixes, scripts,
ocfs2, misc, lib, binfmt, init, reiserfs, exec, dma-mapping, kcov.MM is fairly quiet this time. Holidays, I assume"
* emailed patches from Andrew Morton : (118 commits)
kcov: ignore fault-inject and stacktrace
include/linux/io-mapping.h-mapping: use PHYS_PFN() macro in io_mapping_map_atomic_wc()
execve: warn if process starts with executable stack
reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
init/main.c: fix misleading "This architecture does not have kernel memory protection" message
init/main.c: fix quoted value handling in unknown_bootoption
init/main.c: remove unnecessary repair_env_string in do_initcall_level
init/main.c: log arguments and environment passed to init
fs/binfmt_elf.c: coredump: allow process with empty address space to coredump
fs/binfmt_elf.c: coredump: delete duplicated overflow check
fs/binfmt_elf.c: coredump: allocate core ELF header on stack
fs/binfmt_elf.c: make BAD_ADDR() unlikely
fs/binfmt_elf.c: better codegen around current->mm
fs/binfmt_elf.c: don't copy ELF header around
fs/binfmt_elf.c: fix ->start_code calculation
fs/binfmt_elf.c: smaller code generation around auxv vector fill
lib/find_bit.c: uninline helper _find_next_bit()
lib/find_bit.c: join _find_next_bit{_le}
uapi: rename ext2_swab() to swab() and share globally in swab.h
lib/scatterlist.c: adjust indentation in __sg_alloc_table
... -
The variable inode may be NULL in reiserfs_insert_item(), but there is
no check before accessing the member of inode.Fix this by adding NULL pointer check before calling reiserfs_debug().
Link: http://lkml.kernel.org/r/79c5135d-ff25-1cc9-4e99-9f572b88cc00@huawei.com
Signed-off-by: Yunfeng Ye
Cc: zhengbin
Cc: Hu Shiyuan
Cc: Feilong Lin
Cc: Jan Kara
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
31 Jan, 2020
1 commit
-
Pull UDF, quota, reiserfs, ext2 fixes and cleanups from Jan Kara:
"A few assorted fixes and cleanups for udf, quota, reiserfs, and ext2"* tag 'for_v5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
fs/reiserfs: remove unused macros
fs/quota: remove unused macro
udf: Clarify meaning of f_files in udf_statfs
udf: Allow writing to 'Rewritable' partitions
udf: Disallow R/W mode for disk with Metadata partition
udf: Fix meaning of ENTITYID_FLAGS_* macros to be really bitwise-or flags
udf: Fix free space reporting for metadata and virtual partitions
udf: Update header files to UDF 2.60
udf: Move OSTA Identifier Suffix macros from ecma_167.h to osta_udf.h
udf: Fix spelling in EXT_NEXT_EXTENT_ALLOCDESCS
ext2: Adjust indentation in ext2_fill_super
quota: avoid time_t in v1_disk_dqblk definition
reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
reiserfs: Fix memory leak of journal device string
ext2: set proper errno in error case of ext2_fill_super()
27 Jan, 2020
1 commit
-
Linux 5.5
Signed-off-by: Greg Kroah-Hartman
Change-Id: Ib513529bf4f0a72c87251a67f2e601fe503e3a88
22 Jan, 2020
1 commit
-
these macros are never used from introduced. better to
remove them.Link: https://lore.kernel.org/r/1579602338-57079-1-git-send-email-alex.shi@linux.alibaba.com
Signed-off-by: Alex Shi
Cc: Andrew Morton
Cc: Jan Kara
Cc: Bharath Vedartham
Cc: Hariprasad Kelam
Cc: Jason Yan
Cc: zhengbin
Cc: Jia-Ju Bai
Cc: reiserfs-devel@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Jan Kara
16 Jan, 2020
1 commit
-
Commit 60e4cf67a58 (reiserfs: fix extended attributes on the root
directory) introduced a regression open_xa_root started returning
-EOPNOTSUPP but it was not handled properly in reiserfs_for_each_xattr.When the reiserfs module is built without CONFIG_REISERFS_FS_XATTR,
deleting an inode would result in a warning and chowning an inode
would also result in a warning and then fail to complete.With CONFIG_REISERFS_FS_XATTR enabled, the xattr root would always be
present for read-write operations.This commit handles -EOPNOSUPP in the same way -ENODATA is handled.
Fixes: 60e4cf67a582 ("reiserfs: fix extended attributes on the root directory")
CC: stable@vger.kernel.org # Commit 60e4cf67a58 was picked up by stable
Link: https://lore.kernel.org/r/20200115180059.6935-1-jeffm@suse.com
Reported-by: Michael Brunnbauer
Signed-off-by: Jeff Mahoney
Signed-off-by: Jan Kara
16 Dec, 2019
2 commits
-
When we fail to allocate string for journal device name we jump to
'error' label which tries to unlock reiserfs write lock which is not
held. Jump to 'error_unlocked' instead.Fixes: f32485be8397 ("reiserfs: delay reiserfs lock until journal initialization")
Signed-off-by: Jan Kara -
When a filesystem is mounted with jdev mount option, we store the
journal device name in an allocated string in superblock. However we
fail to ever free that string. Fix it.Reported-by: syzbot+1c6756baf4b16b94d2a6@syzkaller.appspotmail.com
Fixes: c3aa077648e1 ("reiserfs: Properly display mount options in /proc/mounts")
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara
09 Dec, 2019
1 commit
-
Linux 5.5-rc1
Signed-off-by: Greg Kroah-Hartman
Change-Id: I6f952ebdd40746115165a2f99bab340482f5c237
06 Nov, 2019
1 commit
-
Add a flag option to get xattr method that could have a bit flag of
XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then
set in the __vfs_getxattr path when called by security
infrastructure.This handles the case of a union filesystem driver that is being
requested by the security layer to report back the xattr data.For the use case where access is to be blocked by the security layer.
The path then could be security(dentry) ->
__vfs_getxattr(dentry...XATTR_NOSECURITY) ->
handler->get(dentry...XATTR_NOSECURITY) ->
__vfs_getxattr(lower_dentry...XATTR_NOSECURITY) ->
lower_handler->get(lower_dentry...XATTR_NOSECURITY)
which would report back through the chain data and success as
expected, the logging security layer at the top would have the
data to determine the access permissions and report back the target
context that was blocked.Without the get handler flag, the path on a union filesystem would be
the errant security(dentry) -> __vfs_getxattr(dentry) ->
handler->get(dentry) -> vfs_getxattr(lower_dentry) -> nested ->
security(lower_dentry, log off) -> lower_handler->get(lower_dentry)
which would report back through the chain no data, and -EACCES.For selinux for both cases, this would translate to a correctly
determined blocked access. In the first case with this change a correct avc
log would be reported, in the second legacy case an incorrect avc log
would be reported against an uninitialized u:object_r:unlabeled:s0
context making the logs cosmetically useless for audit2allow.This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Acked-by: Jan Kara
Acked-by: Jeff Layton
Acked-by: David Sterba
Acked-by: Darrick J. Wong
Acked-by: Mike Marshall
Cc: Stephen Smalley
Cc: linux-kernel@vger.kernel.org
Cc: kernel-team@android.com
Cc: linux-security-module@vger.kernel.org(cherry picked from (rejected from archive because of too many recipients))
Signed-off-by: Mark Salyzyn
Bug: 133515582
Bug: 136124883
Bug: 129319403
Change-Id: Iabbb8771939d5f66667a26bb23ddf4c562c349a1
05 Nov, 2019
1 commit
-
Replace the open-coded logic of atomic_dec_and_mutex_lock() in
reiserfs_file_release().Link: https://lore.kernel.org/r/20191103094431.GA18576-nikitas.angelinas@gmail.com
Signed-off-by: Nikitas Angelinas
Signed-off-by: Jan Kara
31 Oct, 2019
1 commit
-
Since commit d0a5b995a308 (vfs: Add IOP_XATTR inode operations flag)
extended attributes haven't worked on the root directory in reiserfs.This is due to reiserfs conditionally setting the sb->s_xattrs handler
array depending on whether it located or create the internal privroot
directory. It necessarily does this after the root inode is already
read in. The IOP_XATTR flag is set during inode initialization, so
it never gets set on the root directory.This commit unconditionally assigns sb->s_xattrs and clears IOP_XATTR on
internal inodes. The old return values due to the conditional assignment
are handled via open_xa_root, which now returns EOPNOTSUPP as the VFS
would have done.Link: https://lore.kernel.org/r/20191024143127.17509-1-jeffm@suse.com
CC: stable@vger.kernel.org
Fixes: d0a5b995a308 ("vfs: Add IOP_XATTR inode operations flag")
Signed-off-by: Jeff Mahoney
Signed-off-by: Jan Kara
26 Sep, 2019
2 commits
-
Fix the following gcc warning:
fs/reiserfs/do_balan.c: In function balance_leaf_insert_right:
fs/reiserfs/do_balan.c:629:6: warning: variable ret set but not used
[-Wunused-but-set-variable]Link: http://lkml.kernel.org/r/20190827032932.46622-2-yanaijie@huawei.com
Signed-off-by: Jason Yan
Cc: zhengbin
Cc: Jan Kara
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Fix the following gcc warning:
fs/reiserfs/journal.c: In function flush_used_journal_lists:
fs/reiserfs/journal.c:1791:6: warning: variable ret set but not used
[-Wunused-but-set-variable]Link: http://lkml.kernel.org/r/20190827032932.46622-1-yanaijie@huawei.com
Signed-off-by: Jason Yan
Cc: zhengbin
Cc: Jan Kara
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
