On Mon, May 11, 2020 at 05:02:51PM -0700, David Miller wrote:
> From: Al Viro
> Date: Mon, 11 May 2020 05:43:28 +0100
>
> > Assorted uaccess-related work in net/*. First, there's
> > getting rid of compat_alloc_user_space() mess in MCAST_...
> > [gs]et
On Wed, May 20, 2020 at 11:13:36PM +0200, Paolo Bonzini wrote:
> On 20/05/20 22:40, Christoph Hellwig wrote:
> > On Wed, May 20, 2020 at 01:21:43PM -0400, Paolo Bonzini wrote:
> >> + unsafe_put_user(val, (unsigned long __user *) from,
> >> err_fault);
> > This adds a way too long
On Wed, May 20, 2020 at 01:40:36PM -0700, Christoph Hellwig wrote:
> On Wed, May 20, 2020 at 01:21:43PM -0400, Paolo Bonzini wrote:
> > + unsafe_put_user(val, (unsigned long __user *) from,
> > err_fault);
>
> This adds a way too long line. In many ways it would be much nicer
On Tue, May 19, 2020 at 04:33:21PM +0200, Christoph Hellwig wrote:
> No callers left.
No callers left after...? IOW, where are the patches? There'd been
several patchsets posted, each with more than one revision...
I realize that some of that went into -mm, but could you repost
the final
On Sun, May 17, 2020 at 11:13:47PM +0100, Al Viro wrote:
> Is virtio-blk-pci more resilent to lost interrupt bug introduced in
> "sun4u: update PCI topology to include simba PCI bridges"? I hadn't tried
> it yet (reverted to the last working mainline qemu commit for now
On Sun, May 17, 2020 at 05:34:34PM +0100, Mark Cave-Ayland wrote:
> FWIW if you're running a more recent version of QEMU (>=3.1) then you can
> also boot
> from the virtio-blk-pci device directly instead of having to switch back to
> the IDE
> device after installation as you have done above.
On Fri, May 15, 2020 at 09:13:57PM +0100, Al Viro wrote:
> On Sat, May 16, 2020 at 12:36:28AM +0900, Tetsuo Handa wrote:
> > On 2020/05/16 0:18, Tetsuo Handa wrote:
[snip]
> > A similar bug (racing inode destruction with open() on proc filesystem) was
> > fixed as
> &
On Sat, May 16, 2020 at 12:36:28AM +0900, Tetsuo Handa wrote:
> On 2020/05/16 0:18, Tetsuo Handa wrote:
> > This is
> >
> > if (sb->s_magic == PROC_SUPER_MAGIC && *pos == '/') {
> > char *ep;
> > const pid_t pid = (pid_t) simple_strtoul(pos + 1, , 10);
> >
r LWN article says it _appears_ that"), none of *BSD do it.
IMO it's a bad idea.
NAKed-by: Al Viro
On Thu, May 14, 2020 at 04:25:35PM +0200, Bartlomiej Zolnierkiewicz wrote:
> Thank you for in-detail explanations, for this patch:
>
> Acked-by: Bartlomiej Zolnierkiewicz
>
> Could you also please take care of adding missing checks for {get,put}_user()
> failures later?
Umm... OK; put_user()
On Thu, May 14, 2020 at 03:45:09PM +0200, Bartlomiej Zolnierkiewicz wrote:
>
> Hi Al,
>
> On 5/10/20 1:45 AM, Al Viro wrote:
> > From: Al Viro
> >
> > addresses passed only to get_user() and put_user()
>
> This driver lacks checks for {get,put}_user() ret
On Thu, May 14, 2020 at 12:36:28AM +0200, Daniel Borkmann wrote:
> > So on say s390 TASK_SIZE_USUALLy is (-PAGE_SIZE), which means we'd alway
> > try the user copy first, which seems odd.
> >
> > I'd really like to here from the bpf folks what the expected use case
> > is here, and if the
On Sun, May 10, 2020 at 12:02:41AM -0700, Christoph Hellwig wrote:
> On Sun, May 10, 2020 at 12:45:41AM +0100, Al Viro wrote:
> > From: Al Viro
> >
> > we use copy_to_user() on that thing anyway (and always had).
>
> I already have this patch in this series:
>
&
On Wed, May 13, 2020 at 08:00:28AM -0700, Patrick Donnelly wrote:
> In newer kernels (at least 5.6), it appears root is not able to write
> to files owned by other users in a sticky directory:
Yes. Controlled by /proc/sys/fs/protected_regular, which systemd crowd
has decided to enable in commit
On Tue, May 12, 2020 at 01:43:05PM -0600, Shuah Khan wrote:
> Fix kernel_read_file_from_fd() to avoid fdput() after a failed fdget().
> fdput() doesn't do fput() on this file since FDPUT_FPUT isn't set
> in fd.flags. Fix it anyway since failed fdget() doesn't require
> a fdput().
>
> This was
On Tue, May 12, 2020 at 01:43:04PM -0600, Shuah Khan wrote:
> @@ -364,15 +364,15 @@ int sync_file_range(struct file *file, loff_t offset,
> loff_t nbytes,
> int ksys_sync_file_range(int fd, loff_t offset, loff_t nbytes,
>unsigned int flags)
> {
> - int ret;
> -
On Tue, May 12, 2020 at 10:20:21AM +0200, Alexander Potapenko wrote:
> On Tue, May 12, 2020 at 5:44 AM Al Viro wrote:
> >
> > On Tue, May 12, 2020 at 02:09:01AM +0100, Al Viro wrote:
> > > On Tue, Apr 21, 2020 at 10:14:25AM +0200, Alexander Potapenko wrote:
> > >
On Tue, May 12, 2020 at 02:09:01AM +0100, Al Viro wrote:
> On Tue, Apr 21, 2020 at 10:14:25AM +0200, Alexander Potapenko wrote:
> > > Not lately and I would also like to hear the details; which regset it is?
> > > Should be reasonably easy to find - just memset() the damn thin
On Tue, Apr 21, 2020 at 10:14:25AM +0200, Alexander Potapenko wrote:
> > Not lately and I would also like to hear the details; which regset it is?
> > Should be reasonably easy to find - just memset() the damn thing to
> > something
> > recognizable, do whatever triggers that KMSAN report and
From: Al Viro
Parallel to what the native setsockopt() does, except that unlike
the native setsockopt() we do not use memdup_user() - we want
the sockaddr_storage fields properly aligned, so we allocate
4 bytes more and copy compat_group_filter at the offset 4,
which yields the proper alignments
From: Al Viro
now we can do MCAST_MSFILTER in compat ->getsockopt() without
playing silly buggers with copying things back and forth.
We can form a native struct group_filter (sans the variable-length
tail) on stack, pass that + pointer to the tail of original request
to the helper do
From: Al Viro
pass the userland pointer to the array in its tail, so that part
gets copied out by our functions; copyout of everything else is
done in the callers. Rationale: reuse for compat; the array
is the same in native and compat, the layout of parts before it
is different for compat
From: Al Viro
We want to get rid of compat_mc_[sg]etsockopt() and to have that stuff
handled without compat_alloc_user_space(), extra copying through
userland, etc. To do that we'll need ipv4 and ipv6 instances of
->compat_[sg]etsockopt() to manipulate the 32bit variants of mcast
requests,
From: Al Viro
that way we'll be able to reuse it for compat case
Signed-off-by: Al Viro
---
include/net/ipv6.h | 3 ++-
net/ipv6/ipv6_sockglue.c | 2 +-
net/ipv6/mcast.c | 7 ---
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/include/net/ipv6.h b/include/net
From: Al Viro
direct parallel to the way these two are handled in the native
->setsockopt() instances - the helpers that do the real work
are already separated and can be reused as-is in this case.
Signed-off-by: Al Viro
---
net/ipv4/ip_sockglue.c | 31 +++
From: Al Viro
Signed-off-by: Al Viro
---
net/ipv6/ipv6_sockglue.c | 65 +++-
1 file changed, 36 insertions(+), 29 deletions(-)
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index b386a2b3668c..fc525ad9ed3c 100644
--- a/net/ipv6
From: Al Viro
Signed-off-by: Al Viro
---
net/atm/ioctl.c | 25 -
1 file changed, 4 insertions(+), 21 deletions(-)
diff --git a/net/atm/ioctl.c b/net/atm/ioctl.c
index 52f2c77e656f..838ebf0cabbf 100644
--- a/net/atm/ioctl.c
+++ b/net/atm/ioctl.c
@@ -286,30 +286,13
From: Al Viro
Signed-off-by: Al Viro
---
net/ipv4/ip_sockglue.c | 83 ++
1 file changed, 44 insertions(+), 39 deletions(-)
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 937f39906419..4f412b0bdda4 100644
--- a/net/ipv4
From: Al Viro
address is passed only to copy_to_user()
Signed-off-by: Al Viro
---
net/batman-adv/icmp_socket.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/batman-adv/icmp_socket.c b/net/batman-adv/icmp_socket.c
index ccb535c77e5d..8bdabc03b0b2 100644
--- a/net/batman-adv
From: Al Viro
not used anymore
Signed-off-by: Al Viro
---
include/net/compat.h | 4 ---
net/compat.c | 90
2 files changed, 94 deletions(-)
diff --git a/include/net/compat.h b/include/net/compat.h
index b6043e759cde..2de4dfcdc11f
From: Al Viro
atm_dev_ioctl() does copyin in two different ways - one for
ATM_GETNAMES, another for everything else. Start with separating
the former into a new helper (atm_getnames()). The next step
will be to lift the copyin into the callers.
Signed-off-by: Al Viro
---
net/atm/ioctl.c
From: Al Viro
Native ->setsockopt() handling of these options (MCAST_..._SOURCE_GROUP
and MCAST_{,UN}BLOCK_SOURCE) consists of copyin + call of a helper that
does the actual work. The only change needed for ->compat_setsockopt()
is a slightly different copyin - the helpers can be
From: Al Viro
Signed-off-by: Al Viro
---
net/atm/ioctl.c | 25 -
net/atm/resources.c | 35 +--
net/atm/resources.h | 4 ++--
3 files changed, 31 insertions(+), 33 deletions(-)
diff --git a/net/atm/ioctl.c b/net/atm/ioctl.c
index
From: Al Viro
... and sod the compat_alloc_user_space() with its complications
Signed-off-by: Al Viro
---
net/atm/ioctl.c | 25 +++--
1 file changed, 3 insertions(+), 22 deletions(-)
diff --git a/net/atm/ioctl.c b/net/atm/ioctl.c
index e239cebf48da..fdd0e3434523 100644
From: Al Viro
Signed-off-by: Al Viro
---
net/ipv4/ip_sockglue.c | 73 +++---
1 file changed, 40 insertions(+), 33 deletions(-)
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 6bdaf43236ea..8c14a474870d 100644
--- a/net/ipv4
From: Al Viro
similar to the ipv4 counterpart of that patch - the same
trick used to align the tail array properly.
Signed-off-by: Al Viro
---
net/ipv6/ipv6_sockglue.c | 48 +++-
1 file changed, 47 insertions(+), 1 deletion(-)
diff --git a/net/ipv6
From: Al Viro
Signed-off-by: Al Viro
---
net/atm/ioctl.c | 19 ++-
net/atm/resources.c | 19 +--
net/atm/resources.h | 2 +-
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/net/atm/ioctl.c b/net/atm/ioctl.c
index 0b4b07740fe4..e239cebf48da
From: Al Viro
We want to check if optname is among the MCAST_... ones; do that as
an explicit switch.
Signed-off-by: Al Viro
---
net/ipv4/ip_sockglue.c | 10 +-
net/ipv6/ipv6_sockglue.c | 10 +-
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/net/ipv4
ent net/master) is in
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #uaccess.net
Shortlog:
Al Viro (19):
lift compat definitions of mcast [sg]etsockopt requests into net/compat.h
compat_ip{,v6}_setsockopt(): enumerate MCAST_... options explicitly
ip*_mc_gsfget(): l
On Sat, May 09, 2020 at 05:34:58PM -0700, Linus Torvalds wrote:
> On Sat, May 9, 2020 at 4:41 PM Al Viro wrote:
> >
> > Individual patches in followups; if nobody screams - into #for-next
> > it goes...
>
> Looks fine to me, although I only read your com
On Sat, May 09, 2020 at 05:57:56PM -0700, Linus Torvalds wrote:
> On Sat, May 9, 2020 at 5:51 PM Tetsuo Handa
> wrote:
> >
> > I think that this access_ok() check helps reducing partial writes (either
> > "whole amount was processed" or "not processed at all" unless -ENOMEM).
>
> No it doesn't.
From: Al Viro
we are using copy_to_user()/memdup_user() anyway
Signed-off-by: Al Viro
---
drivers/char/nvram.c | 4
1 file changed, 4 deletions(-)
diff --git a/drivers/char/nvram.c b/drivers/char/nvram.c
index 4667844eee69..8206412d25ba 100644
--- a/drivers/char/nvram.c
+++ b/drivers
From: Al Viro
address passed only to copy_from_user()
Signed-off-by: Al Viro
---
fs/ocfs2/dlmfs/dlmfs.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/fs/ocfs2/dlmfs/dlmfs.c b/fs/ocfs2/dlmfs/dlmfs.c
index 1de77f1a600b..a06f19b67d3b 100644
--- a/fs/ocfs2/dlmfs/dlmfs.c
+++ b/fs/ocfs2
From: Al Viro
address is passed only to put_user() and copy_to_user()
Signed-off-by: Al Viro
---
fs/fat/dir.c | 4
1 file changed, 4 deletions(-)
diff --git a/fs/fat/dir.c b/fs/fat/dir.c
index 054acd9fd033..b4ddf48fa444 100644
--- a/fs/fat/dir.c
+++ b/fs/fat/dir.c
@@ -804,8 +804,6
From: Al Viro
we do copy_from_user() on that range anyway
Signed-off-by: Al Viro
---
fs/btrfs/send.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
index c5f41bd86765..6a92ecf9eaa2 100644
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -7065,13
From: Al Viro
only copy_to_user() is done to the address in question
Signed-off-by: Al Viro
---
drivers/tty/n_hdlc.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/drivers/tty/n_hdlc.c b/drivers/tty/n_hdlc.c
index 991f49ee4026..b09eac4b6d64 100644
--- a/drivers/tty/n_hdlc.c
+++ b
From: Al Viro
in all affected cases addresses are passed only to
copy_from()_user or copy_to_user().
Signed-off-by: Al Viro
---
drivers/usb/core/devices.c | 2 --
drivers/usb/core/devio.c| 9 -
drivers/usb/gadget/function/f_hid.c | 6 --
3 files changed, 17
From: Al Viro
Contrary to the comments, those do *NOT* verify anything about
writability of memory, etc.
In all cases addresses are passed only to copy_to_user().
Signed-off-by: Al Viro
---
drivers/crypto/ccp/sev-dev.c | 15 +++
1 file changed, 3 insertions(+), 12 deletions
From: Al Viro
address is passed only to copy_to_user()
Signed-off-by: Al Viro
---
drivers/gpu/drm/drm_file.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_file.c b/drivers/gpu/drm/drm_file.c
index eb009d3ab48f..6a1f6c802415 100644
--- a/drivers/gpu/drm/drm_file.c
From: Al Viro
really, people - get_user(), copy_from_user(), memdup_user(), etc.
all fail if access_ok() does.
Signed-off-by: Al Viro
---
drivers/firmware/efi/test/efi_test.c | 12
1 file changed, 12 deletions(-)
diff --git a/drivers/firmware/efi/test/efi_test.c
b/drivers
From: Al Viro
address is passed only to copy_to_user()
Signed-off-by: Al Viro
---
drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c
b/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c
index
From: Al Viro
No, you do NOT need to "protect copy from user" that way.
Incidentally, your userland ABI stinks. I understand that you
wanted to accept "reset" and "reset\n" as equivalent, but I suspect
that accepting "reset this, you !@^!@!" h
From: Al Viro
copy_to_user()/copy_from_user() for everything
Signed-off-by: Al Viro
---
drivers/char/pcmcia/cm4000_cs.c | 14 --
1 file changed, 14 deletions(-)
diff --git a/drivers/char/pcmcia/cm4000_cs.c b/drivers/char/pcmcia/cm4000_cs.c
index 4edb4174a1e2..89681f07bc78 100644
From: Al Viro
addresses passed only to get_user() and put_user()
Signed-off-by: Al Viro
---
drivers/video/fbdev/amifb.c | 4
1 file changed, 4 deletions(-)
diff --git a/drivers/video/fbdev/amifb.c b/drivers/video/fbdev/amifb.c
index 20e03e00b66d..6062104f3afb 100644
--- a/drivers/video
From: Al Viro
address is passed only to get_user()
Signed-off-by: Al Viro
---
security/tomoyo/common.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 1b467381986f..f93f8acd05f7 100644
--- a/security/tomoyo/common.c
+++ b/security
From: Al Viro
followed by copy_from_user()
Signed-off-by: Al Viro
---
drivers/fpga/dfl-fme-pr.c | 4
1 file changed, 4 deletions(-)
diff --git a/drivers/fpga/dfl-fme-pr.c b/drivers/fpga/dfl-fme-pr.c
index a233a53db708..1194c0e850e0 100644
--- a/drivers/fpga/dfl-fme-pr.c
+++ b/drivers
From: Al Viro
we use copy_to_user() on that thing anyway (and always had).
Signed-off-by: Al Viro
---
fs/ext4/ioctl.c | 5 -
fs/ioctl.c | 5 -
2 files changed, 10 deletions(-)
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index bfc1281fc4cb..a0afd0338722 100644
--- a/fs/ext4
From: Al Viro
we are using copy_to_user() for actual copying
Signed-off-by: Al Viro
---
drivers/macintosh/via-pmu.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/macintosh/via-pmu.c b/drivers/macintosh/via-pmu.c
index 83eb05bf85ff..8450d7c008d0 100644
--- a/drivers/macintosh
From: Al Viro
pin_user_pages_fast() doesn't need that from its caller.
NB: only reachable from ->ioctl(), and only under USER_DS
Signed-off-by: Al Viro
---
drivers/infiniband/hw/hfi1/user_exp_rcv.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/drivers/infiniband/hw/h
From: Al Viro
get_user_pages_fast() doesn't need the caller to check that.
NB: reachable only from ioctl(2) and only under USER_DS
Signed-off-by: Al Viro
---
drivers/misc/vmw_vmci/vmci_host.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/misc/vmw_vmci/vmci_host.c
b/drivers
From: Al Viro
Address is passed to get_user_pages_fast(), which does access_ok().
NB: this is called only from ->ioctl(), and only under USER_DS.
Signed-off-by: Al Viro
---
drivers/fpga/dfl-afu-dma-region.c | 4
1 file changed, 4 deletions(-)
diff --git a/drivers/fpga/dfl-afu-
if this one comes with
a buggered Cc - this is the first time I have to deal with a series with
Cc lists varying that much; I hope I manage to get git-send-email do
the right thing, but...
Shortlog:
Al Viro (20):
dlmfs_file_write(): get rid of pointless access_ok()
fat_dir_ioctl(): hadn't
On Fri, May 08, 2020 at 01:05:09AM +0100, Al Viro wrote:
> On Thu, May 07, 2020 at 05:57:09PM -0600, Shuah Khan wrote:
> > Fix ksys_sync_file_range() to avoid fdput() after a failed fdget().
> > fdput() doesn't do fput() on this file since FDPUT_FPUT isn't set
> > in fd.flags
On Thu, May 07, 2020 at 05:57:09PM -0600, Shuah Khan wrote:
> Fix ksys_sync_file_range() to avoid fdput() after a failed fdget().
> fdput() doesn't do fput() on this file since FDPUT_FPUT isn't set
> in fd.flags. Fix it anyway since failed fdget() doesn't require
> a fdput().
>
> This was
On Thu, May 07, 2020 at 05:03:17PM -0600, Jens Axboe wrote:
> On 5/7/20 4:44 PM, Al Viro wrote:
> > On Thu, May 07, 2020 at 04:25:24PM -0600, Jens Axboe wrote:
> >
> >> static int io_close(struct io_kiocb *req, bool force_nonblock)
> >> {
> >> + s
On Thu, May 07, 2020 at 04:25:24PM -0600, Jens Axboe wrote:
> static int io_close(struct io_kiocb *req, bool force_nonblock)
> {
> + struct files_struct *files = current->files;
> int ret;
>
> req->close.put_file = NULL;
> - ret = __close_fd_get_file(req->close.fd,
On Thu, May 07, 2020 at 02:53:30PM -0600, Jens Axboe wrote:
> I think the patch is correct as-is, I took a good look at how we're
> currently handling it. None of those three ops should fiddle with
> the fd at all, and all of them do forbid the use of fixed files (the
> descriptor table
On Thu, May 07, 2020 at 01:05:23PM -0600, Jens Axboe wrote:
> On 5/7/20 1:01 PM, Al Viro wrote:
> > On Thu, May 07, 2020 at 08:57:25PM +0200, Max Kellermann wrote:
> >> If an operation's flag `needs_file` is set, the function
> >> io_req_set_file() calls io_file_get
On Thu, May 07, 2020 at 08:57:25PM +0200, Max Kellermann wrote:
> If an operation's flag `needs_file` is set, the function
> io_req_set_file() calls io_file_get() to obtain a `struct file*`.
>
> This fails for `O_PATH` file descriptors, because those have no
> `struct file*`
O_PATH descriptors
On Thu, May 07, 2020 at 10:39:21AM +1000, Stephen Rothwell wrote:
> Hi all,
>
> After merging the vfs tree, today's linux-next build (arm
> multi_v7_defconfig) failed like this:
>
> fs/eventfd.c: In function 'eventfd_read':
> fs/eventfd.c:226:6: error: implicit declaration of function
On Wed, May 06, 2020 at 08:34:29AM -0700, Kees Cook wrote:
> Just posted the whole series:
> https://lore.kernel.org/lkml/20200506152114.50375-1-keesc...@chromium.org/
>
> But the specific question was driven by this patch:
>
On Tue, May 05, 2020 at 08:28:33PM -0700, Kees Cook wrote:
> On Wed, May 06, 2020 at 02:14:31AM +0100, Al Viro wrote:
> > On Tue, May 05, 2020 at 04:40:35PM -0700, Kees Cook wrote:
> > > After using simple_unlink(), a call to d_delete() is needed in addition
> > > to
On Tue, May 05, 2020 at 04:40:35PM -0700, Kees Cook wrote:
> After using simple_unlink(), a call to d_delete() is needed in addition
> to dput().
>
> Signed-off-by: Kees Cook
> ---
> Is this correct? I went looking around and there are a lot of variations
> on the simple_unlink() pattern...
>
>
On Tue, May 05, 2020 at 10:42:58PM +0200, Christoph Hellwig wrote:
> On Tue, May 05, 2020 at 09:34:46PM +0100, Al Viro wrote:
> > Looks good. Want me to put it into vfs.git? #work.set_fs-exec, perhaps?
>
> Sounds good.
Applied, pushed and added into #for-next
On Tue, May 05, 2020 at 12:12:49PM +0200, Christoph Hellwig wrote:
> Hi all,
>
> this series gets rid of playing with the address limit in the exec and
> coredump code. Most of this was fairly trivial, the biggest changes are
> those to the spufs coredump code.
>
> Changes since v5:
> - fix
On Tue, May 05, 2020 at 09:00:44AM -0700, Eric Dumazet wrote:
> > Not exactly the 10,000,000, as it is only the possible highest number, but I
> > was able to observe clear exponential increase of the number of the objects
> > using slabtop. Before the start of the problematic workload, the
On Tue, May 05, 2020 at 09:28:39AM +0200, SeongJae Park wrote:
> From: SeongJae Park
>
> The commit 6d7855c54e1e ("sockfs: switch to ->free_inode()") made the
> deallocation of 'socket_alloc' to be done asynchronously using RCU, as
> same to 'sock.wq'. And the following commit 333f7909a857
On Mon, May 04, 2020 at 01:17:41PM -0700, Ira Weiny wrote:
> > || * arm: much, much worse. We have several files that pull
> > linux/highmem.h:
> > || arch/arm/mm/cache-feroceon-l2.c, arch/arm/mm/cache-xsc3l2.c,
> > || arch/arm/mm/copypage-*.c, arch/arm/mm/dma-mapping.c, arch/arm/mm/flush.c,
>
On Sun, May 03, 2020 at 10:04:47PM -0700, Ira Weiny wrote:
> Grepping for 'asm/highmem.h' and investigations don't reveal any issues...
> But
> you do have me worried. That said 0-day has been crunching on multiple
> versions of this series without issues such as this (save the mips issue
>
On Sun, May 03, 2020 at 06:09:01PM -0700, ira.we...@intel.com wrote:
> From: Ira Weiny
>
> The kmap infrastructure has been copied almost verbatim to every architecture.
> This series consolidates obvious duplicated code by defining core functions
> which call into the architectures only when
On Fri, May 01, 2020 at 05:54:09PM -0600, Jens Axboe wrote:
> On 5/1/20 5:12 PM, Al Viro wrote:
> > On Fri, May 01, 2020 at 01:11:09PM -0600, Jens Axboe wrote:
> >> + flags &= EFD_SHARED_FCNTL_FLAGS;
> >> + flags |= O_RDWR;
> >> + fd = get_un
On Fri, May 01, 2020 at 01:11:09PM -0600, Jens Axboe wrote:
> + flags &= EFD_SHARED_FCNTL_FLAGS;
> + flags |= O_RDWR;
> + fd = get_unused_fd_flags(flags);
> if (fd < 0)
> - eventfd_free_ctx(ctx);
> + goto err;
> +
> + file =
On Fri, May 01, 2020 at 02:40:13PM -0700, Andrew Morton wrote:
> On Fri, 1 May 2020 22:30:48 +0100 Al Viro wrote:
>
> > On Fri, May 01, 2020 at 02:19:03PM -0700, Andrew Morton wrote:
> > > On Fri, 1 May 2020 12:41:05 +0200 Christoph Hellwig wrote:
> > >
> &
On Fri, May 01, 2020 at 09:26:39PM +0200, Christoph Hellwig wrote:
> On Fri, May 01, 2020 at 01:50:49PM +0100, Al Viro wrote:
> > On Fri, May 01, 2020 at 12:41:05PM +0200, Christoph Hellwig wrote:
> > > Currently copy_string_kernel is just a wrapper around copy_strings tha
On Fri, May 01, 2020 at 02:19:03PM -0700, Andrew Morton wrote:
> On Fri, 1 May 2020 12:41:05 +0200 Christoph Hellwig wrote:
>
> > Currently copy_string_kernel is just a wrapper around copy_strings that
> > simplifies the calling conventions and uses set_fs to allow passing a
> > kernel pointer.
On Fri, May 01, 2020 at 11:54:01AM -0600, Jens Axboe wrote:
> @@ -427,8 +424,17 @@ static int do_eventfd(unsigned int count, int flags)
>
> fd = anon_inode_getfd("[eventfd]", _fops, ctx,
> O_RDWR | (flags & EFD_SHARED_FCNTL_FLAGS));
> - if (fd < 0)
> +
On Fri, May 01, 2020 at 11:18:05AM -0600, Jens Axboe wrote:
> - if (res > 0 && put_user(ucnt, (__u64 __user *)buf))
> + if (res > 0 && copy_to_iter(, res, iov) < res)
*whoa*
It is correct, but only because here res > 0 <=> res == 8.
And that's not trivial at the first glance.
Please,
On Fri, May 01, 2020 at 12:41:05PM +0200, Christoph Hellwig wrote:
> Currently copy_string_kernel is just a wrapper around copy_strings that
> simplifies the calling conventions and uses set_fs to allow passing a
> kernel pointer. But due to the fact the we only need to handle a single
> kernel
On Wed, Apr 29, 2020 at 06:24:06PM +1000, Stephen Rothwell wrote:
> Hi Christoph,
>
> On Wed, 29 Apr 2020 08:54:04 +0200 Christoph Hellwig wrote:
> >
> > On Tue, Apr 28, 2020 at 11:49:34PM -0700, Alexei Starovoitov wrote:
> > > On Tue, Apr 28, 2020 at 11:47 PM Christoph Hellwig wrote:
> > > >
On Thu, Apr 30, 2020 at 10:24:46AM -0600, Jens Axboe wrote:
> Pipe read/write only checks for the file O_NONBLOCK flag, but we should
> also check for IOCB_NOWAIT for whether or not we should handle this read
> or write in a non-blocking fashion. If we don't, then we will block on
> data or space
On Fri, May 01, 2020 at 03:37:34AM +0100, Al Viro wrote:
> On Thu, Apr 30, 2020 at 01:38:44PM -0700, ira.we...@intel.com wrote:
>
> > -static inline void *kmap_atomic(struct page *page)
> > +static inline void *kmap_atomic_prot(struct page *page, pgprot_t prot)
> > {
On Thu, Apr 30, 2020 at 01:38:44PM -0700, ira.we...@intel.com wrote:
> -static inline void *kmap_atomic(struct page *page)
> +static inline void *kmap_atomic_prot(struct page *page, pgprot_t prot)
> {
> preempt_disable();
> pagefault_disable();
> if (!PageHighMem(page))
>
On Thu, Apr 30, 2020 at 01:38:43PM -0700, ira.we...@intel.com wrote:
> From: Ira Weiny
>
> To support kmap_atomic_prot() on all architectures each arch must
> support protections passed in to them.
>
> Change csky, mips, nds32 and xtensa to use their global kmap_prot value
> rather than a hard
On Thu, Apr 30, 2020 at 01:38:40PM -0700, ira.we...@intel.com wrote:
> From: Ira Weiny
>
> Every arch has the same code to ensure atomic operations and a check for
> !HIGHMEM page.
>
> Remove the duplicate code by defining a core kmap_atomic() which only
> calls the arch specific
On Fri, May 01, 2020 at 02:42:29AM +0100, Al Viro wrote:
> On Thu, Apr 30, 2020 at 03:13:38PM -0700, Matthew Wilcox wrote:
>
> > > +/**
> > > + * clear_page_private - clear page's private field and PG_private.
> > > + * @page: page to be cleared.
> > &
On Thu, Apr 30, 2020 at 03:13:38PM -0700, Matthew Wilcox wrote:
> > +/**
> > + * clear_page_private - clear page's private field and PG_private.
> > + * @page: page to be cleared.
> > + *
> > + * The counterpart function of attach_page_private.
> > + * Return: private data of page or NULL if page
On Wed, Apr 29, 2020 at 04:31:04AM +0200, Jann Horn wrote:
> I'm guessing this will go through akpm's tree?
>
> fs/eventpoll.c | 7 ---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/fs/eventpoll.c b/fs/eventpoll.c
> index 8c596641a72b0..5052a41670479 100644
> ---
to b0d3869ce9eeacbb1bbd541909beeef4126426d5:
propagate_one(): mnt_set_mountpoint() needs mount_lock (2020-04-27 10:37:14
-0400)
Al Viro (2):
dlmfs_file_write(): fix the bogosity in handling non-zero *ppos
propagate_one
On Tue, Oct 22, 2019 at 12:26:09PM +0200, Arnd Bergmann wrote:
> On Tue, Oct 22, 2019 at 6:34 AM Al Viro wrote:
> >
> > On Wed, Oct 09, 2019 at 09:10:11PM +0200, Arnd Bergmann wrote:
> > > Each of these drivers has a copy of the same trivial helper function to
> >
On Tue, Oct 22, 2019 at 03:37:36PM +0100, Al Viro wrote:
> On Tue, Oct 22, 2019 at 07:08:54PM +0530, Ritesh Harjani wrote:
> > I think we have still not taken this patch. Al?
> You've picked the easiest one to hit, but on e.g. KVM setups you can have the
> host thread representin
901 - 1000 of 11792 matches
Mail list logo
