summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* libfdt: Add overlay application functionMaxime Ripard2018-07-192-0/+32
| | | | | | | | | | | The device tree overlays are a good way to deal with user-modifyable boards or boards with some kind of an expansion mechanism where we can easily plug new board in (like the BBB, the Raspberry Pi or the CHIP). Add a new function to merge overlays with a base device tree. Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* libfdt: Extend the reach of FDT_ERR_BADPHANDLEMaxime Ripard2018-07-191-2/+4
| | | | | | | | So far, the BADPHANDLE error was only used for incorrect phandle values. Extend that meaning to an improperly formatted phandle property. Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* libfdt: Add new errors for the overlay codeMaxime Ripard2018-07-192-1/+13
| | | | | | | | | | | | | Add a few new error codes to report the failure conditions we might encounter in the overlay application code: - FDT_ERR_BADOVERLAY, when an overlay cannot be parsed, even though its structure is correct - FDT_ERR_NOPHANDLES, when we ran out of available phandles and we cannot use a new phandle without either using an invalid one (-1 or 0), or one already used. Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* Fix some typing errors in libfdt.h and livetree.cThomas Huth2018-07-191-2/+2
| | | | | | | Correct some typos discovered with the codespell utility. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* libfdt: simplify fdt_del_mem_rsv()Masahiro Yamada2018-07-191-5/+1
| | | | | | | The variable "err" is unneeded. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* libfdt: Add fdt_setprop_inplace_namelen_partialMaxime Ripard2018-07-192-4/+46
| | | | | | | | | | | | | Add a function to modify inplace only a portion of a property.. This is especially useful when the property is an array of values, and you want to update one of them without changing the DT size. Acked-by: Simon Glass <sjg@chromium.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com> [dwg: Remove unnecessary unsigned qualifier, correct a comment] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* libfdt: Add fdt_getprop_namelen_wMaxime Ripard2018-07-191-0/+7
| | | | | | | | | Add a function to retrieve a writeable property only by the first characters of its name. Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* libfdt: Add max phandle retrieval functionMaxime Ripard2018-07-192-0/+41
| | | | | | | | | | Add a function to retrieve the highest phandle in a given device tree. Acked-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stefan Agner <stefan@agner.ch> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* libfdt: Add iterator over propertiesMaxime Ripard2018-07-191-0/+27
| | | | | | | | | | | Implement a macro based on fdt_first_property_offset and fdt_next_property_offset that provides a convenience to iterate over all the properties of a given node. Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com> Acked-by: Simon Glass <sjg@chromium.org> [dwg: Removed a stray trailing blank line] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* libfdt: Add a subnodes iterator macroThierry Reding2018-07-191-0/+28
| | | | | | | | | | The fdt_for_each_subnode() iterator macro provided by this patch can be used to iterate over a device tree node's subnodes. At each iteration a loop variable will be set to the next subnode. Signed-off-by: Thierry Reding <treding@nvidia.com> Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* Correct a missing space in a fdt_header castSimon Glass2018-07-191-1/+1
| | | | | | | The code style here is slightly incorrect. Fix it. Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* Correct line lengths in libfdt.hSimon Glass2018-07-191-12/+23
| | | | | | | There are a few lines that are over 80 columns. Fix these. Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* Correct space-after-tab in libfdt.hSimon Glass2018-07-191-13/+12
| | | | | | | There are a few places with a space before a tab in this file. Fix them. Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* libfdt: simplify fdt_node_check_compatible()Masahiro Yamada2018-07-191-4/+2
| | | | | | | | Because fdt_stringlist_contains() returns 1 or 0, fdt_node_check_compatible() can just return the inverted value. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* libfdt: Fix undefined behaviour in fdt_offset_ptr()David Gibson2018-07-191-6/+7
| | | | | | | | | | | | Using pointer arithmetic to generate a pointer outside a known object is, technically, undefined behaviour in C. Unfortunately, we were using that in fdt_offset_ptr() to detect overflows. To fix this we need to do our bounds / overflow checking on the offsets before constructing pointers from them. Reported-by: David Binderman <dcb314@hotmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* libfdt: check for potential overrun in _fdt_splice()Courtney Cavin2018-07-191-0/+2
| | | | | | | | | | | | This patch catches the conditions where: - 'splicepoint' is set to a point outside of [ fdt, fdt_totalsize(fdt) ) - 'newlen' is negative, or 'splicepoint' plus 'newlen' results in overflow Either of these cases can be caused by math which overflows in calling functions, or by sizes specified through dynamic means. Signed-off-by: Courtney Cavin <courtney.cavin@sonymobile.com> Signed-off-by: Bjorn Andersson <bjorn.andersson@sonymobile.com>
* score: Add a FALLTHROUGH comment to kvprintf()Sebastian Huber2018-07-181-1/+4
| | | | | | This change was added to the FreeBSD version of this function. This was spotted by Coverity Scan.
* score: Fix _Scheduler_EDF_SMP_Set_affinity()Sebastian Huber2018-07-186-7/+177
| | | | | | Commit 8744498752ad4f0eaf9fb5640c6a0e0f2dc92fda broke the _Scheduler_EDF_SMP_Set_affinity() implementation. We must test the overall affinity against the online processors.
* bsp/realview-pbx-a9: Support unassigned processorsSebastian Huber2018-07-181-3/+11
|
* score: Avoid structurally dead codeSebastian Huber2018-07-161-3/+2
| | | | This was spotted by Coverity Scan.
* posix: Fix rwlock auto initializationSebastian Huber2018-07-164-1/+50
| | | | Add more test cases.
* jffs2: Add READMESebastian Huber2018-07-161-0/+35
| | | | | | | Add README to document the corrspending Linux version and the update procedure. Close #3465.
* mtd: Unconditionally update ->fail_addr and ->addr in part_erase()Boris Brezillon2018-07-161-1/+0
| | | | | | | | | | | | | | | | | ->fail_addr and ->addr can be updated no matter the result of parent->_erase(), we just need to remove the code doing the same thing in mtd_erase_callback() to avoid adjusting those fields twice. Note that this can be done because all MTD users have been converted to not pass an erase_info->callback() and are thus only taking the ->addr_fail and ->addr fields into account after part_erase() has returned. While we're at it, get rid of the erase_info->mtd field which was only needed to let mtd_erase_callback() get the partition device back. Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com> Reviewed-by: Richard Weinberger <richard@nod.at>
* mtd: Stop assuming mtd_erase() is asynchronousBoris Brezillon2018-07-161-31/+5
| | | | | | | | | | None of the mtd->_erase() implementations work in an asynchronous manner, so let's simplify MTD users that call mtd_erase(). All they need to do is check the value returned by mtd_erase() and assume that != 0 means failure. Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com> Reviewed-by: Richard Weinberger <richard@nod.at>
* jffs2: fix spelling mistake: "requestied" -> "requested"Colin Ian King2018-07-161-1/+1
| | | | | | | | trivial fix to spelling mistake in JFFS2_ERROR message Signed-off-by: Colin Ian King <colin.king@canonical.com> [Brian: also fix 'an' -> 'a'] Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* sched/headers: Prepare to move signal wakeup & sigpending methods from ↵Ingo Molnar2018-07-162-1/+1
| | | | | | | | | | | | | <linux/sched.h> into <linux/sched/signal.h> Fix up affected files that include this signal functionality via sched.h. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
* jffs2: Remove jffs2_{get,set,remove}xattr macrosAndreas Gruenbacher2018-07-161-6/+0
| | | | | | | | | | When CONFIG_JFFS2_FS_XATTR is off, jffs2_xattr_handlers is defined as NULL. With sb->s_xattr == NULL, the generic_{get,set,remove}xattr functions produce the same result as setting the {get,set,remove}xattr inode operations to NULL, so there is no need for these macros. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* vfs: make the string hashes salt the hashLinus Torvalds2018-07-165-6/+7
| | | | | | | | | | | | | | | | | | We always mixed in the parent pointer into the dentry name hash, but we did it late at lookup time. It turns out that we can simplify that lookup-time action by salting the hash with the parent pointer early instead of late. A few other users of our string hashes also wanted to mix in their own pointers into the hash, and those are updated to use the same mechanism. Hash users that don't have any particular initial salt can just use the NULL pointer as a no-salt. Cc: Vegard Nossum <vegard.nossum@oracle.com> Cc: George Spelvin <linux@sciencehorizons.net> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macrosKirill A. Shutemov2018-07-164-15/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} macros were introduced *long* time ago with promise that one day it will be possible to implement page cache with bigger chunks than PAGE_SIZE. This promise never materialized. And unlikely will. We have many places where PAGE_CACHE_SIZE assumed to be equal to PAGE_SIZE. And it's constant source of confusion on whether PAGE_CACHE_* or PAGE_* constant should be used in a particular case, especially on the border between fs and mm. Global switching to PAGE_CACHE_SIZE != PAGE_SIZE would cause to much breakage to be doable. Let's stop pretending that pages in page cache are special. They are not. The changes are pretty straight-forward: - <foo> << (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>; - <foo> >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>; - PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} -> PAGE_{SIZE,SHIFT,MASK,ALIGN}; - page_cache_get() -> get_page(); - page_cache_release() -> put_page(); This patch contains automated changes generated with coccinelle using script below. For some reason, coccinelle doesn't patch header files. I've called spatch for them manually. The only adjustment after coccinelle is revert of changes to PAGE_CAHCE_ALIGN definition: we are going to drop it later. There are few places in the code where coccinelle didn't reach. I'll fix them manually in a separate patch. Comments and documentation also will be addressed with the separate patch. virtual patch @@ expression E; @@ - E << (PAGE_CACHE_SHIFT - PAGE_SHIFT) + E @@ expression E; @@ - E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) + E @@ @@ - PAGE_CACHE_SHIFT + PAGE_SHIFT @@ @@ - PAGE_CACHE_SIZE + PAGE_SIZE @@ @@ - PAGE_CACHE_MASK + PAGE_MASK @@ expression E; @@ - PAGE_CACHE_ALIGN(E) + PAGE_ALIGN(E) @@ expression E; @@ - page_cache_get(E) + get_page(E) @@ expression E; @@ - page_cache_release(E) + put_page(E) Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* jffs2: Improve post-mount CRC scan efficiencyDavid Woodhouse2018-07-163-25/+45
| | | | | | | | | | | | | | | | | We need to finish doing the CRC checks before we can allow writes to happen, and we currently process the inodes in order. This means a call to jffs2_get_ino_cache() for each possible inode# up to c->highest_ino. There may be a lot of lookups which fail, if the inode# space is used sparsely. And the inode# space is *often* used sparsely, if a file system contains a lot of stuff that was put there in the original image, followed by lots of creation and deletion of new files. Instead of processing them numerically with a lookup each time, just walk the hash buckets instead. [fix locking typo reported by Dan Carpenter] Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
* Fix directory hardlinks from deleted directoriesDavid Woodhouse2018-07-162-19/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | When a directory is deleted, we don't take too much care about killing off all the dirents that belong to it — on the basis that on remount, the scan will conclude that the directory is dead anyway. This doesn't work though, when the deleted directory contained a child directory which was moved *out*. In the early stages of the fs build we can then end up with an apparent hard link, with the child directory appearing both in its true location, and as a child of the original directory which are this stage of the mount process we don't *yet* know is defunct. To resolve this, take out the early special-casing of the "directories shall not have hard links" rule in jffs2_build_inode_pass1(), and let the normal nlink processing happen for directories as well as other inodes. Then later in the build process we can set ic->pino_nlink to the parent inode#, as is required for directories during normal operaton, instead of the nlink. And complain only *then* about hard links which are still in evidence even after killing off all the unreachable paths. Reported-by: Liu Song <liu.song11@zte.com.cn> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Cc: stable@vger.kernel.org
* jffs2: Fix page lock / f->sem deadlockDavid Woodhouse2018-07-161-7/+10
| | | | | | | | | | With this fix, all code paths should now be obtaining the page lock before f->sem. Reported-by: Szabó Tamás <sztomi89@gmail.com> Tested-by: Thomas Betker <thomas.betker@rohde-schwarz.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Cc: stable@vger.kernel.org
* tree wide: use kvfree() than conditional kfree()/vfree()Tetsuo Handa2018-07-163-6/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | There are many locations that do if (memory_was_allocated_by_vmalloc) vfree(ptr); else kfree(ptr); but kvfree() can handle both kmalloc()ed memory and vmalloc()ed memory using is_vmalloc_addr(). Unless callers have special reasons, we can replace this branch with kvfree(). Please check and reply if you found problems. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Jan Kara <jack@suse.com> Acked-by: Russell King <rmk+kernel@arm.linux.org.uk> Reviewed-by: Andreas Dilger <andreas.dilger@intel.com> Acked-by: "Rafael J. Wysocki" <rjw@rjwysocki.net> Acked-by: David Rientjes <rientjes@google.com> Cc: "Luck, Tony" <tony.luck@intel.com> Cc: Oleg Drokin <oleg.drokin@intel.com> Cc: Boris Petkov <bp@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* jffs2: fix a memleak in read_direntry()Wei Fang2018-07-161-1/+5
| | | | | | | | Need to free the memory allocated for 'fd' if failed to read all of the remainder name. Signed-off-by: Wei Fang <fangwei1@huawei.com> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* jffs2: fix unbalanced lockingBrian Norris2018-07-161-23/+4
| | | | | | | | | | | | | | | | | | | Li Zefan reported an unbalanced locking issue, found by his internal debugging feature on runtime. The particular case he was looking at doesn't lead to a deadlock, as the structure that this lock is embedded in is freed on error. But we should straighten out the error handling. Because several callers of jffs2_do_read_inode_internal() / jffs2_do_read_inode() already handle the locking/unlocking and inode clearing at their own level, let's just push any unlocks/clearing down to the caller. This consistency is much easier to verify. Reported-by: Li Zefan <lizefan@huawei.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* jffs2: fix handling of corrupted summary lengthChen Jie2018-07-161-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sm->offset maybe wrong but magic maybe right, the offset do not have CRC. Badness at c00c7580 [verbose debug info unavailable] NIP: c00c7580 LR: c00c718c CTR: 00000014 REGS: df07bb40 TRAP: 0700 Not tainted (2.6.34.13-WR4.3.0.0_standard) MSR: 00029000 <EE,ME,CE> CR: 22084f84 XER: 00000000 TASK = df84d6e0[908] 'mount' THREAD: df07a000 GPR00: 00000001 df07bbf0 df84d6e0 00000000 00000001 00000000 df07bb58 00000041 GPR08: 00000041 c0638860 00000000 00000010 22084f88 100636c8 df814ff8 00000000 GPR16: df84d6e0 dfa558cc c05adb90 00000048 c0452d30 00000000 000240d0 000040d0 GPR24: 00000014 c05ae734 c05be2e0 00000000 00000001 00000000 00000000 c05ae730 NIP [c00c7580] __alloc_pages_nodemask+0x4d0/0x638 LR [c00c718c] __alloc_pages_nodemask+0xdc/0x638 Call Trace: [df07bbf0] [c00c718c] __alloc_pages_nodemask+0xdc/0x638 (unreliable) [df07bc90] [c00c7708] __get_free_pages+0x20/0x48 [df07bca0] [c00f4a40] __kmalloc+0x15c/0x1ec [df07bcd0] [c01fc880] jffs2_scan_medium+0xa58/0x14d0 [df07bd70] [c01ff38c] jffs2_do_mount_fs+0x1f4/0x6b4 [df07bdb0] [c020144c] jffs2_do_fill_super+0xa8/0x260 [df07bdd0] [c020230c] jffs2_fill_super+0x104/0x184 [df07be00] [c0335814] get_sb_mtd_aux+0x9c/0xec [df07be20] [c033596c] get_sb_mtd+0x84/0x1e8 [df07be60] [c0201ed0] jffs2_get_sb+0x1c/0x2c [df07be70] [c0103898] vfs_kern_mount+0x78/0x1e8 [df07bea0] [c0103a58] do_kern_mount+0x40/0x100 [df07bec0] [c011fe90] do_mount+0x240/0x890 [df07bf10] [c0120570] sys_mount+0x90/0xd8 [df07bf40] [c00110d8] ret_from_syscall+0x0/0x4 === Exception: c01 at 0xff61a34 LR = 0x100135f0 Instruction dump: 38800005 38600000 48010f41 4bfffe1c 4bfc2d15 4bfffe8c 72e90200 4082fc28 3d20c064 39298860 8809000d 68000001 <0f000000> 2f800000 419efc0c 38000001 mount: mounting /dev/mtdblock3 on /common failed: Input/output error Signed-off-by: Chen Jie <chenjie6@huawei.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
* jffs2: compr_rubin: Remove unused functionRickard Strandqvist2018-07-161-5/+0
| | | | | | | | | | Remove the function pulledbits() that is not used anywhere. This was partially found by using a static code analysis program called cppcheck. Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> Reviewed-by: Richard Weinberger <richard@nod.at> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* jffs2: Drop bogus if in commentGeert Uytterhoeven2018-07-161-1/+1
| | | | | | | Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Cc: David Woodhouse <dwmw2@infradead.org> Cc: linux-mtd@lists.infradead.org Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* kill wbuf_queued/wbuf_dwork_lockAl Viro2018-07-161-2/+0
| | | | | | | | | | | | | schedule_delayed_work() happening when the work is already pending is a cheap no-op. Don't bother with ->wbuf_queued logics - it's both broken (cancelling ->wbuf_dwork leaves it set, as spotted by Jeff Harris) and pointless. It's cheaper to let schedule_delayed_work() handle that case. Reported-by: Jeff Harris <jefftharris@gmail.com> Tested-by: Jeff Harris <jefftharris@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* initramfs: support initramfs that is bigger than 2GiBYinghai Lu2018-07-161-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now with 64bit bzImage and kexec tools, we support ramdisk that size is bigger than 2g, as we could put it above 4G. Found compressed initramfs image could not be decompressed properly. It turns out that image length is int during decompress detection, and it will become < 0 when length is more than 2G. Furthermore, during decompressing len as int is used for inbuf count, that has problem too. Change len to long, that should be ok as on 32 bit platform long is 32bits. Tested with following compressed initramfs image as root with kexec. gzip, bzip2, xz, lzma, lzop, lz4. run time for populate_rootfs(): size name Nehalem-EX Westmere-EX Ivybridge-EX 9034400256 root_img : 26s 24s 30s 3561095057 root_img.lz4 : 28s 27s 27s 3459554629 root_img.lzo : 29s 29s 28s 3219399480 root_img.gz : 64s 62s 49s 2251594592 root_img.xz : 262s 260s 183s 2226366598 root_img.lzma: 386s 376s 277s 2901482513 root_img.bz2 : 635s 599s Signed-off-by: Yinghai Lu <yinghai@kernel.org> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Rashika Kheria <rashika.kheria@gmail.com> Cc: Josh Triplett <josh@joshtriplett.org> Cc: Kyungsik Lee <kyungsik.lee@lge.com> Cc: P J P <ppandit@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Cc: "Daniel M. Weeks" <dan@danweeks.net> Cc: Alexandre Courbot <acourbot@nvidia.com> Cc: Jan Beulich <JBeulich@suse.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* jffs2: Fix crash due to truncation of csizeAjesh Kunhipurayil Vijayan2018-07-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mounting JFFS2 partition sometimes crashes with this call trace: [ 1322.240000] Kernel bug detected[#1]: [ 1322.244000] Cpu 2 [ 1322.244000] $ 0 : 0000000000000000 0000000000000018 000000003ff00070 0000000000000001 [ 1322.252000] $ 4 : 0000000000000000 c0000000f3980150 0000000000000000 0000000000010000 [ 1322.260000] $ 8 : ffffffffc09cd5f8 0000000000000001 0000000000000088 c0000000ed300de8 [ 1322.268000] $12 : e5e19d9c5f613a45 ffffffffc046d464 0000000000000000 66227ba5ea67b74e [ 1322.276000] $16 : c0000000f1769c00 c0000000ed1e0200 c0000000f3980150 0000000000000000 [ 1322.284000] $20 : c0000000f3a80000 00000000fffffffc c0000000ed2cfbd8 c0000000f39818f0 [ 1322.292000] $24 : 0000000000000004 0000000000000000 [ 1322.300000] $28 : c0000000ed2c0000 c0000000ed2cfab8 0000000000010000 ffffffffc039c0b0 [ 1322.308000] Hi : 000000000000023c [ 1322.312000] Lo : 000000000003f802 [ 1322.316000] epc : ffffffffc039a9f8 check_tn_node+0x88/0x3b0 [ 1322.320000] Not tainted [ 1322.324000] ra : ffffffffc039c0b0 jffs2_do_read_inode_internal+0x1250/0x1e48 [ 1322.332000] Status: 5400f8e3 KX SX UX KERNEL EXL IE [ 1322.336000] Cause : 00800034 [ 1322.340000] PrId : 000c1004 (Netlogic XLP) [ 1322.344000] Modules linked in: [ 1322.348000] Process jffs2_gcd_mtd7 (pid: 264, threadinfo=c0000000ed2c0000, task=c0000000f0e68dd8, tls=0000000000000000) [ 1322.356000] Stack : c0000000f1769e30 c0000000ed010780 c0000000ed010780 c0000000ed300000 c0000000f1769c00 c0000000f3980150 c0000000f3a80000 00000000fffffffc c0000000ed2cfbd8 ffffffffc039c0b0 ffffffffc09c6340 0000000000001000 0000000000000dec ffffffffc016c9d8 c0000000f39805a0 c0000000f3980180 0000008600000000 0000000000000000 0000000000000000 0000000000000000 0001000000000dec c0000000f1769d98 c0000000ed2cfb18 0000000000010000 0000000000010000 0000000000000044 c0000000f3a80000 c0000000f1769c00 c0000000f3d207a8 c0000000f1769d98 c0000000f1769de0 ffffffffc076f9c0 0000000000000009 0000000000000000 0000000000000000 ffffffffc039cf90 0000000000000017 ffffffffc013fbdc 0000000000000001 000000010003e61c ... [ 1322.424000] Call Trace: [ 1322.428000] [<ffffffffc039a9f8>] check_tn_node+0x88/0x3b0 [ 1322.432000] [<ffffffffc039c0b0>] jffs2_do_read_inode_internal+0x1250/0x1e48 [ 1322.440000] [<ffffffffc039cf90>] jffs2_do_crccheck_inode+0x70/0xd0 [ 1322.448000] [<ffffffffc03a1b80>] jffs2_garbage_collect_pass+0x160/0x870 [ 1322.452000] [<ffffffffc03a392c>] jffs2_garbage_collect_thread+0xdc/0x1f0 [ 1322.460000] [<ffffffffc01541c8>] kthread+0xb8/0xc0 [ 1322.464000] [<ffffffffc0106d18>] kernel_thread_helper+0x10/0x18 [ 1322.472000] [ 1322.472000] Code: 67bd0050 94a4002c 2c830001 <00038036> de050218 2403fffc 0080a82d 00431824 24630044 [ 1322.480000] ---[ end trace b052bb90e97dfbf5 ]--- The variable csize in structure jffs2_tmp_dnode_info is of type uint16_t, but it is used to hold the compressed data length(csize) which is declared as uint32_t. So, when the value of csize exceeds 16bits, it gets truncated when assigned to tn->csize. This is causing a kernel BUG. Changing the definition of csize in jffs2_tmp_dnode_info to uint32_t fixes the issue. Signed-off-by: Ajesh Kunhipurayil Vijayan <ajesh@broadcom.com> Signed-off-by: Kamlakant Patel <kamlakant.patel@broadcom.com> Cc: <stable@vger.kernel.org> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* jffs2: Fix segmentation fault found in stress testKamlakant Patel2018-07-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Creating a large file on a JFFS2 partition sometimes crashes with this call trace: [ 306.476000] CPU 13 Unable to handle kernel paging request at virtual address c0000000dfff8002, epc == ffffffffc03a80a8, ra == ffffffffc03a8044 [ 306.488000] Oops[#1]: [ 306.488000] Cpu 13 [ 306.492000] $ 0 : 0000000000000000 0000000000000000 0000000000008008 0000000000008007 [ 306.500000] $ 4 : c0000000dfff8002 000000000000009f c0000000e0007cde c0000000ee95fa58 [ 306.508000] $ 8 : 0000000000000001 0000000000008008 0000000000010000 ffffffffffff8002 [ 306.516000] $12 : 0000000000007fa9 000000000000ff0e 000000000000ff0f 80e55930aebb92bb [ 306.524000] $16 : c0000000e0000000 c0000000ee95fa5c c0000000efc80000 ffffffffc09edd70 [ 306.532000] $20 : ffffffffc2b60000 c0000000ee95fa58 0000000000000000 c0000000efc80000 [ 306.540000] $24 : 0000000000000000 0000000000000004 [ 306.548000] $28 : c0000000ee950000 c0000000ee95f738 0000000000000000 ffffffffc03a8044 [ 306.556000] Hi : 00000000000574a5 [ 306.560000] Lo : 6193b7a7e903d8c9 [ 306.564000] epc : ffffffffc03a80a8 jffs2_rtime_compress+0x98/0x198 [ 306.568000] Tainted: G W [ 306.572000] ra : ffffffffc03a8044 jffs2_rtime_compress+0x34/0x198 [ 306.580000] Status: 5000f8e3 KX SX UX KERNEL EXL IE [ 306.584000] Cause : 00800008 [ 306.588000] BadVA : c0000000dfff8002 [ 306.592000] PrId : 000c1100 (Netlogic XLP) [ 306.596000] Modules linked in: [ 306.596000] Process dd (pid: 170, threadinfo=c0000000ee950000, task=c0000000ee6e0858, tls=0000000000c47490) [ 306.608000] Stack : 7c547f377ddc7ee4 7ffc7f967f5d7fae 7f617f507fc37ff4 7e7d7f817f487f5f 7d8e7fec7ee87eb3 7e977ff27eec7f9e 7d677ec67f917f67 7f3d7e457f017ed7 7fd37f517f867eb2 7fed7fd17ca57e1d 7e5f7fe87f257f77 7fd77f0d7ede7fdb 7fba7fef7e197f99 7fde7fe07ee37eb5 7f5c7f8c7fc67f65 7f457fb87f847e93 7f737f3e7d137cd9 7f8e7e9c7fc47d25 7dbb7fac7fb67e52 7ff17f627da97f64 7f6b7df77ffa7ec5 80057ef17f357fb3 7f767fa27dfc7fd5 7fe37e8e7fd07e53 7e227fcf7efb7fa1 7f547e787fa87fcc 7fcb7fc57f5a7ffb 7fc07f6c7ea97e80 7e2d7ed17e587ee0 7fb17f9d7feb7f31 7f607e797e887faa 7f757fdd7c607ff3 7e877e657ef37fbd 7ec17fd67fe67ff7 7ff67f797ff87dc4 7eef7f3a7c337fa6 7fe57fc97ed87f4b 7ebe7f097f0b8003 7fe97e2a7d997cba 7f587f987f3c7fa9 ... [ 306.676000] Call Trace: [ 306.680000] [<ffffffffc03a80a8>] jffs2_rtime_compress+0x98/0x198 [ 306.684000] [<ffffffffc0394f10>] jffs2_selected_compress+0x110/0x230 [ 306.692000] [<ffffffffc039508c>] jffs2_compress+0x5c/0x388 [ 306.696000] [<ffffffffc039dc58>] jffs2_write_inode_range+0xd8/0x388 [ 306.704000] [<ffffffffc03971bc>] jffs2_write_end+0x16c/0x2d0 [ 306.708000] [<ffffffffc01d3d90>] generic_file_buffered_write+0xf8/0x2b8 [ 306.716000] [<ffffffffc01d4e7c>] __generic_file_aio_write+0x1ac/0x350 [ 306.720000] [<ffffffffc01d50a0>] generic_file_aio_write+0x80/0x168 [ 306.728000] [<ffffffffc021f7dc>] do_sync_write+0x94/0xf8 [ 306.732000] [<ffffffffc021ff6c>] vfs_write+0xa4/0x1a0 [ 306.736000] [<ffffffffc02202e8>] SyS_write+0x50/0x90 [ 306.744000] [<ffffffffc0116cc0>] handle_sys+0x180/0x1a0 [ 306.748000] [ 306.748000] Code: 020b202d 0205282d 90a50000 <90840000> 14a40038 00000000 0060602d 0000282d 016c5823 [ 306.760000] ---[ end trace 79dd088435be02d0 ]--- Segmentation fault This crash is caused because the 'positions' is declared as an array of signed short. The value of position is in the range 0..65535, and will be converted to a negative number when the position is greater than 32767 and causes a corruption and crash. Changing the definition to 'unsigned short' fixes this issue Signed-off-by: Jayachandran C <jchandra@broadcom.com> Signed-off-by: Kamlakant Patel <kamlakant.patel@broadcom.com> Cc: <stable@vger.kernel.org> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* jffs2: avoid soft-lockup in jffs2_reserve_space_gc()Li Zefan2018-07-161-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We triggered soft-lockup under stress test on 2.6.34 kernel. BUG: soft lockup - CPU#1 stuck for 60009ms! [lockf2.test:14488] ... [<bf09a4d4>] (jffs2_do_reserve_space+0x420/0x440 [jffs2]) [<bf09a528>] (jffs2_reserve_space_gc+0x34/0x78 [jffs2]) [<bf0a1350>] (jffs2_garbage_collect_dnode.isra.3+0x264/0x478 [jffs2]) [<bf0a2078>] (jffs2_garbage_collect_pass+0x9c0/0xe4c [jffs2]) [<bf09a670>] (jffs2_reserve_space+0x104/0x2a8 [jffs2]) [<bf09dc48>] (jffs2_write_inode_range+0x5c/0x4d4 [jffs2]) [<bf097d8c>] (jffs2_write_end+0x198/0x2c0 [jffs2]) [<c00e00a4>] (generic_file_buffered_write+0x158/0x200) [<c00e14f4>] (__generic_file_aio_write+0x3a4/0x414) [<c00e15c0>] (generic_file_aio_write+0x5c/0xbc) [<c012334c>] (do_sync_write+0x98/0xd4) [<c0123a84>] (vfs_write+0xa8/0x150) [<c0123d74>] (sys_write+0x3c/0xc0)] Fix this by adding a cond_resched() in the while loop. [akpm@linux-foundation.org: don't initialize `ret'] Signed-off-by: Li Zefan <lizefan@huawei.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* jffs2: remove from wait queue after schedule()Li Zefan2018-07-161-0/+1
| | | | | | | | | | | | | | @wait is a local variable, so if we don't remove it from the wait queue list, later wake_up() may end up accessing invalid memory. This was spotted by eyes. Signed-off-by: Li Zefan <lizefan@huawei.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* jffs2: use generic posix ACL infrastructureChristoph Hellwig2018-07-161-5/+2
| | | | | | | | Also don't bother to set up a .get_acl method for symlinks as we do not support access control (ACLs or even mode bits) for symlinks in Linux. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* fs/jffs2: use rbtree postorder iteration helper instead of opencodingCody P Schafer2018-07-162-49/+5
| | | | | | | | | | | | Use rbtree_postorder_for_each_entry_safe() to destroy the rbtree instead of opencoding an alternate postorder iteration that modifies the tree Signed-off-by: Cody P Schafer <cody@linux.vnet.ibm.com> Cc: Michel Lespinasse <walken@google.com> Cc: Jan Kara <jack@suse.cz> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* linux: Add rbtree_postorder_for_each_entry_safe()Sebastian Huber2018-07-162-0/+38
| | | | Update #3465.
* linux: Simplify <linux/rbtree.h>Sebastian Huber2018-07-162-47/+39
| | | | | | | Remove the placeholder struct rb_node and use RBTree_Node directly via some C pre-processor defines to adjust the member names. Update #3465.
* linux: Install <linux/rbtree.h>Sebastian Huber2018-07-162-0/+1
| | | | | | This makes it possible to test this API. Update #3465.
* score: Add postorder tree iteration supportSebastian Huber2018-07-164-0/+330
| | | | Update #3465.