Openwrt-EcoNet/kernel-49
1
0
Fork 0
Code Activity
Files
kernel-49/fs/minix/itree_common.c
Greg Kroah-Hartman e51ef120e8 Merge 4.9.233 into android-4.9-q 
Changes in 4.9.233
	xfs: catch inode allocation state mismatch corruption
	xfs: validate cached inodes are free when allocated
	xfs: don't call xfs_da_shrink_inode with NULL bp
	net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
	crypto: ccp - Release all allocated memory if sha type is invalid
	media: rc: prevent memory leak in cx23888_ir_probe
	ath9k_htc: release allocated buffer if timed out
	ath9k: release allocated buffer if timed out
	PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
	ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
	drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
	drm: hold gem reference until object is no longer accessed
	f2fs: check memory boundary by insane namelen
	f2fs: check if file namelen exceeds max value
	9p/trans_fd: abort p9_read_work if req status changed
	9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work
	x86/build/lto: Fix truncated .bss with -fdata-sections
	x86, vmlinux.lds: Page-align end of ..page_aligned sections
	fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
	rds: Prevent kernel-infoleak in rds_notify_queue_get()
	xfs: fix missed wakeup on l_flush_wait
	uapi: includes linux/types.h before exporting files
	install several missing uapi headers
	net/x25: Fix x25_neigh refcnt leak when x25 disconnect
	net/x25: Fix null-ptr-deref in x25_disconnect
	sh: Fix validation of system call number
	net: lan78xx: add missing endpoint sanity check
	net: lan78xx: fix transfer-buffer memory leak
	mlx4: disable device on shutdown
	mlxsw: core: Increase scope of RCU read-side critical section
	mlxsw: core: Free EMAD transactions using kfree_rcu()
	ibmvnic: Fix IRQ mapping disposal in error path
	mac80211: mesh: Free ie data when leaving mesh
	mac80211: mesh: Free pending skb when destroying a mpath
	arm64: csum: Fix handling of bad packets
	usb: hso: Fix debug compile warning on sparc32
	qed: Disable "MFW indication via attention" SPAM every 5 minutes
	nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
	parisc: add support for cmpxchg on u8 pointers
	net: ethernet: ravb: exit if re-initialization fails in tx timeout
	Revert "i2c: cadence: Fix the hold bit setting"
	xen-netfront: fix potential deadlock in xennet_remove()
	KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
	x86/i8259: Use printk_deferred() to prevent deadlock
	random32: update the net random state on interrupt and activity
	ARM: percpu.h: fix build error
	random: fix circular include dependency on arm64 after addition of percpu.h
	random32: remove net_rand_state from the latent entropy gcc plugin
	random32: move the pseudo-random 32-bit definitions to prandom.h
	ext4: fix direct I/O read error
	USB: serial: qcserial: add EM7305 QDL product ID
	net/mlx5e: Don't support phys switch id if not in switchdev mode
	ALSA: seq: oss: Serialize ioctls
	Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
	Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
	Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
	omapfb: dss: Fix max fclk divider for omap36xx
	vgacon: Fix for missing check in scrollback handling
	mtd: properly check all write ioctls for permissions
	leds: wm831x-status: fix use-after-free on unbind
	leds: da903x: fix use-after-free on unbind
	leds: lm3533: fix use-after-free on unbind
	leds: 88pm860x: fix use-after-free on unbind
	net/9p: validate fds in p9_fd_open
	drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
	cfg80211: check vendor command doit pointer before use
	igb: reinit_locked() should be called with rtnl_lock
	atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
	tools lib traceevent: Fix memory leak in process_dynamic_array_len
	xattr: break delegations in {set,remove}xattr
	binder: Prevent context manager from incrementing ref 0
	ipv4: Silence suspicious RCU usage warning
	ipv6: fix memory leaks on IPV6_ADDRFORM path
	vxlan: Ensure FDB dump is performed under RCU
	net: lan78xx: replace bogus endpoint lookup
	Revert "vxlan: fix tos value before xmit"
	usb: hso: check for return value in hso_serial_common_create()
	Smack: fix use-after-free in smk_write_relabel_self()
	tracepoint: Mark __tracepoint_string's __used
	gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
	cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
	EDAC: Fix reference count leaks
	arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
	arm64: dts: exynos: Fix silent hang after boot on Espresso
	m68k: mac: Don't send IOP message until channel is idle
	m68k: mac: Fix IOP status/control register writes
	platform/x86: intel-hid: Fix return value check in check_acpi_dev()
	platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
	ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
	ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
	drm/tilcdc: fix leak & null ref in panel_connector_get_modes
	Bluetooth: add a mutex lock to avoid UAF in do_enale_set
	fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
	drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
	video: fbdev: neofb: fix memory leak in neo_scan_monitor()
	md-cluster: fix wild pointer of unlock_all_bitmaps()
	drm/nouveau: fix multiple instances of reference count leaks
	drm/debugfs: fix plain echo to connector "force" attribute
	mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
	brcmfmac: To fix Bss Info flag definition Bug
	iwlegacy: Check the return value of pcie_capability_read_*()
	usb: gadget: net2280: fix memory leak on probe error handling paths
	bdc: Fix bug causing crash after multiple disconnects
	dyndbg: fix a BUG_ON in ddebug_describe_flags
	bcache: fix super block seq numbers comparision in register_cache_set()
	ACPICA: Do not increment operation_region reference counts for field units
	agp/intel: Fix a memory leak on module initialisation failure
	video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
	console: newport_con: fix an issue about leak related system resources
	video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
	iio: improve IIO_CONCENTRATION channel type description
	leds: lm355x: avoid enum conversion warning
	media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
	scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
	drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
	cxl: Fix kobject memleak
	drm/radeon: fix array out-of-bounds read and write issues
	scsi: powertec: Fix different dev_id between request_irq() and free_irq()
	scsi: eesox: Fix different dev_id between request_irq() and free_irq()
	media: firewire: Using uninitialized values in node_probe()
	media: exynos4-is: Add missed check for pinctrl_lookup_state()
	xfs: fix reflink quota reservation accounting error
	PCI: Fix pci_cfg_wait queue locking problem
	leds: core: Flush scheduled work for system suspend
	drm: panel: simple: Fix bpc for LG LB070WV8 panel
	scsi: scsi_debug: Add check for sdebug_max_queue during module init
	mwifiex: Prevent memory corruption handling keys
	powerpc/vdso: Fix vdso cpu truncation
	staging: rtl8192u: fix a dubious looking mask before a shift
	PCI/ASPM: Add missing newline in sysfs 'policy'
	drm/imx: tve: fix regulator_disable error path
	USB: serial: iuu_phoenix: fix led-activity helpers
	usb: dwc2: Fix error path in gadget registration
	scsi: mesh: Fix panic after host or bus reset
	Smack: fix another vsscanf out of bounds
	Smack: prevent underflow in smk_set_cipso()
	power: supply: check if calc_soc succeeded in pm860x_init_battery
	selftests/powerpc: Fix CPU affinity for child process
	selftests/powerpc: Fix online CPU selection
	s390/qeth: don't process empty bridge port events
	wl1251: fix always return 0 error
	net: spider_net: Fix the size used in a 'dma_free_coherent()' call
	fsl/fman: use 32-bit unsigned integer
	fsl/fman: fix dereference null return value
	fsl/fman: fix unreachable code
	fsl/fman: check dereferencing null pointer
	fsl/fman: fix eth hash table allocation
	dlm: Fix kobject memleak
	pinctrl-single: fix pcs_parse_pinconf() return value
	drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
	net/nfc/rawsock.c: add CAP_NET_RAW check.
	net: Set fput_needed iff FDPUT_FPUT is set
	USB: serial: cp210x: re-enable auto-RTS on open
	USB: serial: cp210x: enable usb generic throttle/unthrottle
	ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
	ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
	ALSA: usb-audio: add quirk for Pioneer DDJ-RB
	crypto: qat - fix double free in qat_uclo_create_batch_init_list
	crypto: ccp - Fix use of merged scatterlists
	fs/minix: check return value of sb_getblk()
	fs/minix: don't allow getting deleted inodes
	fs/minix: reject too-large maximum file size
	ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
	9p: Fix memory leak in v9fs_mount
	parisc: mask out enable and reserved bits from sba imask
	ARM: 8992/1: Fix unwind_frame for clang-built kernels
	xen/balloon: fix accounting in alloc_xenballooned_pages error path
	xen/balloon: make the balloon wait interruptible
	smb3: warn on confusing error scenario with sec=krb5
	PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
	btrfs: don't allocate anonymous block device for user invisible roots
	btrfs: only search for left_info if there is no right_info in try_merge_free_space
	btrfs: fix memory leaks after failure to lookup checksums during inode logging
	iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
	xtensa: fix xtensa_pmu_setup prototype
	powerpc: Fix circular dependency between percpu.h and mmu.h
	net: ethernet: stmmac: Disable hardware multicast filter
	net: stmmac: dwmac1000: provide multicast filter fallback
	net/compat: Add missing sock updates for SCM_RIGHTS
	md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
	bcache: allocate meta data pages as compound pages
	mac80211: fix misplaced while instead of if
	MIPS: CPU#0 is not hotpluggable
	ext2: fix missing percpu_counter_inc
	ocfs2: change slot number type s16 to u16
	ftrace: Setup correct FTRACE_FL_REGS flags for module
	kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
	watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
	watchdog: f71808e_wdt: remove use of wrong watchdog_info option
	watchdog: f71808e_wdt: clear watchdog timeout occurred flag
	pseries: Fix 64 bit logical memory block panic
	mfd: arizona: Ensure 32k clock is put on driver unbind and error
	USB: serial: ftdi_sio: make process-packet buffer unsigned
	USB: serial: ftdi_sio: clean up receive processing
	gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
	iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
	iommu/vt-d: Enforce PASID devTLB field mask
	i2c: rcar: slave: only send STOP event when we have been addressed
	clk: clk-atlas6: fix return value check in atlas6_clk_init()
	pwm: bcm-iproc: handle clk_get_rate() return
	Input: sentelic - fix error return when fsp_reg_write fails
	drm/vmwgfx: Fix two list_for_each loop exit tests
	net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
	nfs: Fix getxattr kernel panic and memory overflow
	fs/ufs: avoid potential u32 multiplication overflow
	mfd: dln2: Run event handler loop under spinlock
	ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
	sh: landisk: Add missing initialization of sh_io_port_base
	khugepaged: retract_page_tables() remember to test exit
	mm: Avoid calling build_all_zonelists_init under hotplug context
	Linux 4.9.233

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ied62cb0768f5bd8e989d75e7c2ccf6f1e6f2efd4
2020-09-09 21:39:13 +03:00

371 lines
7.8 KiB
C
Raw Permalink Blame History

/* Generic part */
typedef struct {
block_t *p;
block_t key;
struct buffer_head *bh;
} Indirect;
static DEFINE_RWLOCK(pointers_lock);
static inline void add_chain(Indirect *p, struct buffer_head *bh, block_t *v)
{
p->key = *(p->p = v);
p->bh = bh;
}
static inline int verify_chain(Indirect *from, Indirect *to)
{
while (from <= to && from->key == *from->p)
from++;
return (from > to);
}
static inline block_t *block_end(struct buffer_head *bh)
{
return (block_t *)((char*)bh->b_data + bh->b_size);
}
static inline Indirect *get_branch(struct inode *inode,
int depth,
int *offsets,
Indirect chain[DEPTH],
int *err)
{
struct super_block *sb = inode->i_sb;
Indirect *p = chain;
struct buffer_head *bh;
*err = 0;
/* i_data is not going away, no lock needed */
add_chain (chain, NULL, i_data(inode) + *offsets);
if (!p->key)
goto no_block;
while (--depth) {
bh = sb_bread(sb, block_to_cpu(p->key));
if (!bh)
goto failure;
read_lock(&pointers_lock);
if (!verify_chain(chain, p))
goto changed;
add_chain(++p, bh, (block_t *)bh->b_data + *++offsets);
read_unlock(&pointers_lock);
if (!p->key)
goto no_block;
}
return NULL;
changed:
read_unlock(&pointers_lock);
brelse(bh);
*err = -EAGAIN;
goto no_block;
failure:
*err = -EIO;
no_block:
return p;
}
static int alloc_branch(struct inode *inode,
int num,
int *offsets,
Indirect *branch)
{
int n = 0;
int i;
int parent = minix_new_block(inode);
int err = -ENOSPC;
branch[0].key = cpu_to_block(parent);
if (parent) for (n = 1; n < num; n++) {
struct buffer_head *bh;
/* Allocate the next block */
int nr = minix_new_block(inode);
if (!nr)
break;
branch[n].key = cpu_to_block(nr);
bh = sb_getblk(inode->i_sb, parent);
if (!bh) {
minix_free_block(inode, nr);
err = -ENOMEM;
break;
}
lock_buffer(bh);
memset(bh->b_data, 0, bh->b_size);
branch[n].bh = bh;
branch[n].p = (block_t*) bh->b_data + offsets[n];
*branch[n].p = branch[n].key;
set_buffer_uptodate(bh);
unlock_buffer(bh);
mark_buffer_dirty_inode(bh, inode);
parent = nr;
}
if (n == num)
return 0;
/* Allocation failed, free what we already allocated */
for (i = 1; i < n; i++)
bforget(branch[i].bh);
for (i = 0; i < n; i++)
minix_free_block(inode, block_to_cpu(branch[i].key));
return err;
}
static inline int splice_branch(struct inode *inode,
Indirect chain[DEPTH],
Indirect *where,
int num)
{
int i;
write_lock(&pointers_lock);
/* Verify that place we are splicing to is still there and vacant */
if (!verify_chain(chain, where-1) || *where->p)
goto changed;
*where->p = where->key;
write_unlock(&pointers_lock);
/* We are done with atomic stuff, now do the rest of housekeeping */
inode->i_ctime = current_time(inode);
/* had we spliced it onto indirect block? */
if (where->bh)
mark_buffer_dirty_inode(where->bh, inode);
mark_inode_dirty(inode);
return 0;
changed:
write_unlock(&pointers_lock);
for (i = 1; i < num; i++)
bforget(where[i].bh);
for (i = 0; i < num; i++)
minix_free_block(inode, block_to_cpu(where[i].key));
return -EAGAIN;
}
static inline int get_block(struct inode * inode, sector_t block,
struct buffer_head *bh, int create)
{
int err = -EIO;
int offsets[DEPTH];
Indirect chain[DEPTH];
Indirect *partial;
int left;
int depth = block_to_path(inode, block, offsets);
if (depth == 0)
goto out;
reread:
partial = get_branch(inode, depth, offsets, chain, &err);
/* Simplest case - block found, no allocation needed */
if (!partial) {
got_it:
map_bh(bh, inode->i_sb, block_to_cpu(chain[depth-1].key));
/* Clean up and exit */
partial = chain+depth-1; /* the whole chain */
goto cleanup;
}
/* Next simple case - plain lookup or failed read of indirect block */
if (!create || err == -EIO) {
cleanup:
while (partial > chain) {
brelse(partial->bh);
partial--;
}
out:
return err;
}
/*
* Indirect block might be removed by truncate while we were
* reading it. Handling of that case (forget what we've got and
* reread) is taken out of the main path.
*/
if (err == -EAGAIN)
goto changed;
left = (chain + depth) - partial;
err = alloc_branch(inode, left, offsets+(partial-chain), partial);
if (err)
goto cleanup;
if (splice_branch(inode, chain, partial, left) < 0)
goto changed;
set_buffer_new(bh);
goto got_it;
changed:
while (partial > chain) {
brelse(partial->bh);
partial--;
}
goto reread;
}
static inline int all_zeroes(block_t *p, block_t *q)
{
while (p < q)
if (*p++)
return 0;
return 1;
}
static Indirect *find_shared(struct inode *inode,
int depth,
int offsets[DEPTH],
Indirect chain[DEPTH],
block_t *top)
{
Indirect *partial, *p;
int k, err;
*top = 0;
for (k = depth; k > 1 && !offsets[k-1]; k--)
;
partial = get_branch(inode, k, offsets, chain, &err);
write_lock(&pointers_lock);
if (!partial)
partial = chain + k-1;
if (!partial->key && *partial->p) {
write_unlock(&pointers_lock);
goto no_top;
}
for (p=partial;p>chain && all_zeroes((block_t*)p->bh->b_data,p->p);p--)
;
if (p == chain + k - 1 && p > chain) {
p->p--;
} else {
*top = *p->p;
*p->p = 0;
}
write_unlock(&pointers_lock);
while(partial > p)
{
brelse(partial->bh);
partial--;
}
no_top:
return partial;
}
static inline void free_data(struct inode *inode, block_t *p, block_t *q)
{
unsigned long nr;
for ( ; p < q ; p++) {
nr = block_to_cpu(*p);
if (nr) {
*p = 0;
minix_free_block(inode, nr);
}
}
}
static void free_branches(struct inode *inode, block_t *p, block_t *q, int depth)
{
struct buffer_head * bh;
unsigned long nr;
if (depth--) {
for ( ; p < q ; p++) {
nr = block_to_cpu(*p);
if (!nr)
continue;
*p = 0;
bh = sb_bread(inode->i_sb, nr);
if (!bh)
continue;
free_branches(inode, (block_t*)bh->b_data,
block_end(bh), depth);
bforget(bh);
minix_free_block(inode, nr);
mark_inode_dirty(inode);
}
} else
free_data(inode, p, q);
}
static inline void truncate (struct inode * inode)
{
struct super_block *sb = inode->i_sb;
block_t *idata = i_data(inode);
int offsets[DEPTH];
Indirect chain[DEPTH];
Indirect *partial;
block_t nr = 0;
int n;
int first_whole;
long iblock;
iblock = (inode->i_size + sb->s_blocksize -1) >> sb->s_blocksize_bits;
block_truncate_page(inode->i_mapping, inode->i_size, get_block);
n = block_to_path(inode, iblock, offsets);
if (!n)
return;
if (n == 1) {
free_data(inode, idata+offsets[0], idata + DIRECT);
first_whole = 0;
goto do_indirects;
}
first_whole = offsets[0] + 1 - DIRECT;
partial = find_shared(inode, n, offsets, chain, &nr);
if (nr) {
if (partial == chain)
mark_inode_dirty(inode);
else
mark_buffer_dirty_inode(partial->bh, inode);
free_branches(inode, &nr, &nr+1, (chain+n-1) - partial);
}
/* Clear the ends of indirect blocks on the shared branch */
while (partial > chain) {
free_branches(inode, partial->p + 1, block_end(partial->bh),
(chain+n-1) - partial);
mark_buffer_dirty_inode(partial->bh, inode);
brelse (partial->bh);
partial--;
}
do_indirects:
/* Kill the remaining (whole) subtrees */
while (first_whole < DEPTH-1) {
nr = idata[DIRECT+first_whole];
if (nr) {
idata[DIRECT+first_whole] = 0;
mark_inode_dirty(inode);
free_branches(inode, &nr, &nr+1, first_whole+1);
}
first_whole++;
}
inode->i_mtime = inode->i_ctime = current_time(inode);
mark_inode_dirty(inode);
}
static inline unsigned nblocks(loff_t size, struct super_block *sb)
{
int k = sb->s_blocksize_bits - 10;
unsigned blocks, res, direct = DIRECT, i = DEPTH;
blocks = (size + sb->s_blocksize - 1) >> (BLOCK_SIZE_BITS + k);
res = blocks;
while (--i && blocks > direct) {
blocks -= direct;
blocks += sb->s_blocksize/sizeof(block_t) - 1;
blocks /= sb->s_blocksize/sizeof(block_t);
res += blocks;
direct = 1;
}
return res;
}
View Git Blame Copy Permalink