commit kernel-source.3606 for openSUSE:13.2:Update

Hello community, here is the log from the commit of package kernel-source.3606 for openSUSE:13.2:Update checked in at 2015-04-22 13:19:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/kernel-source.3606 (Old) and /work/SRC/openSUSE:13.2:Update/.kernel-source.3606.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "kernel-source.3606" Changes: -------- --- /work/SRC/openSUSE:13.2:Update/kernel-source.3606/kernel-debug.changes 2015-04-13 13:08:15.000000000 +0200 +++ /work/SRC/openSUSE:13.2:Update/.kernel-source.3606.new/kernel-debug.changes 2015-04-22 13:19:43.000000000 +0200 @@ -1,0 +2,104 @@ +Tue Apr 14 09:11:37 CEST 2015 - tiwai@suse.de + +- kabi: fix for move of d_rcu (bnc#903640 CVE-2014-8559 + boo#927018). +- commit 93c1539 + +------------------------------------------------------------------- +Tue Apr 14 06:18:10 CEST 2015 - jlee@suse.com + +- Update config files. (boo#925479) + Do not set CONFIG_SYSTEM_TRUSTED_KEYRING until we need it in future + openSUSE version: + e.g. MODULE_SIG, IMA, PKCS7(new), KEXEC_BZIMAGE_VERIFY_SIG(new) +- commit 55df6c2 + +------------------------------------------------------------------- +Thu Apr 9 12:57:08 CEST 2015 - bp@suse.de + +- x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization + (bsc#926240, CVE-2015-2830). +- commit 3a397b8 + +------------------------------------------------------------------- +Thu Apr 9 12:15:54 CEST 2015 - mkubecek@suse.cz + +- net: rds: use correct size for max unacked packets and bytes + (bsc#919018 CVE-2015-2042). +- commit a7793ed + +------------------------------------------------------------------- +Thu Apr 9 12:02:41 CEST 2015 - bp@suse.de + +- eCryptfs: Remove buggy and unnecessary write in file name + decode routine (bsc#918333, CVE-2014-9683). +- commit 8629f98 + +------------------------------------------------------------------- +Wed Apr 8 16:20:19 CEST 2015 - dsterba@suse.cz + +- btrfs: simplify insert_orphan_item (boo#926385). +- btrfs: set proper message level for skinny metadata. +- Btrfs: make sure we wait on logged extents when fsycning + two subvols. +- btrfs: fix lost return value due to variable shadowing. +- btrfs: fix leak of path in btrfs_find_item. +- Btrfs: fix fsync data loss after adding hard link to inode. +- Btrfs: fix fs corruption on transaction abort if device + supports discard. +- Btrfs: fix data loss in the fast fsync path. +- Btrfs: don't delay inode ref updates during log replay. +- Btrfs: do not move em to modified list when unpinning. +- commit b3e6aaf + +------------------------------------------------------------------- +Wed Apr 8 16:17:36 CEST 2015 - dsterba@suse.cz + +- Btrfs:__add_inode_ref: out of bounds memory read when looking + for extended ref. +- Btrfs: fix inode eviction infinite loop after cloning into it + (boo#905088). +- commit 02270f6 + +------------------------------------------------------------------- +Wed Apr 8 15:20:32 CEST 2015 - jack@suse.cz + +- Add CVE reference to + patches.fixes/ext4-allocate-entire-range-in-zero-range.patch + (bnc#919032 CVE-2015-0275). +- commit 059ac72 + +------------------------------------------------------------------- +Wed Apr 8 15:15:49 CEST 2015 - jack@suse.cz + +- ext4: allocate entire range in zero range (bnc#919032). +- commit 6f1dee9 + +------------------------------------------------------------------- +Wed Apr 8 15:15:00 CEST 2015 - jack@suse.cz + +- ext4: fix ZERO_RANGE bug hidden by flag aliasing. +- commit 9d6a4be + +------------------------------------------------------------------- +Wed Apr 8 14:31:19 CEST 2015 - oneukum@suse.de + +- Input: xpad - use proper endpoint type (bnc#926397). +- commit 07617fe + +------------------------------------------------------------------- +Mon Mar 23 11:08:34 CET 2015 - bp@suse.de + +- Update + patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch + (bsc#922944, CVE-2015-2666). +- commit 04be35a + +------------------------------------------------------------------- +Mon Mar 23 07:46:11 CET 2015 - neilb@suse.de + +- md: don't require sync_min to be a multiple of chunk_size + (bnc#910500). +- commit fde41e8 + +------------------------------------------------------------------- @@ -48,0 +153,12 @@ + +------------------------------------------------------------------- +Mon Mar 16 15:04:51 CET 2015 - dmueller@suse.com + +- ARM64: Enable CONFIG_COMPAT +- commit 23df5ff + +------------------------------------------------------------------- +Sun Mar 15 12:44:37 CET 2015 - dmueller@suse.com + +- ARM64: Fix support for ARMv7 userspace +- commit e18816f kernel-default.changes: same change kernel-desktop.changes: same change kernel-docs.changes: same change kernel-ec2.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa-xen.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change kernel-xen.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kernel-debug.spec ++++++ --- /var/tmp/diff_new_pack.XMEq6X/_old 2015-04-22 13:19:51.000000000 +0200 +++ /var/tmp/diff_new_pack.XMEq6X/_new 2015-04-22 13:19:51.000000000 +0200 @@ -61,7 +61,7 @@ Group: System/Kernel Version: 3.16.7 %if 0%{?is_kotd} -Release: <RELEASE>.gba2afab +Release: <RELEASE>.g93c1539 %else Release: 0 %endif kernel-default.spec: same change kernel-desktop.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.XMEq6X/_old 2015-04-22 13:19:51.000000000 +0200 +++ /var/tmp/diff_new_pack.XMEq6X/_new 2015-04-22 13:19:51.000000000 +0200 @@ -27,7 +27,7 @@ Group: Documentation/Man Version: 3.16.7 %if 0%{?is_kotd} -Release: <RELEASE>.gba2afab +Release: <RELEASE>.g93c1539 %else Release: 0 %endif ++++++ kernel-ec2.spec ++++++ --- /var/tmp/diff_new_pack.XMEq6X/_old 2015-04-22 13:19:51.000000000 +0200 +++ /var/tmp/diff_new_pack.XMEq6X/_new 2015-04-22 13:19:51.000000000 +0200 @@ -61,7 +61,7 @@ Group: System/Kernel Version: 3.16.7 %if 0%{?is_kotd} -Release: <RELEASE>.gba2afab +Release: <RELEASE>.g93c1539 %else Release: 0 %endif kernel-lpae.spec: same change ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.XMEq6X/_old 2015-04-22 13:19:51.000000000 +0200 +++ /var/tmp/diff_new_pack.XMEq6X/_new 2015-04-22 13:19:51.000000000 +0200 @@ -47,7 +47,7 @@ Group: SLES Version: 3.16.7 %if 0%{?is_kotd} -Release: <RELEASE>.gba2afab +Release: <RELEASE>.g93c1539 %else Release: 0 %endif kernel-obs-qa-xen.spec: same change kernel-obs-qa.spec: same change ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.XMEq6X/_old 2015-04-22 13:19:51.000000000 +0200 +++ /var/tmp/diff_new_pack.XMEq6X/_new 2015-04-22 13:19:51.000000000 +0200 @@ -61,7 +61,7 @@ Group: System/Kernel Version: 3.16.7 %if 0%{?is_kotd} -Release: <RELEASE>.gba2afab +Release: <RELEASE>.g93c1539 %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.XMEq6X/_old 2015-04-22 13:19:51.000000000 +0200 +++ /var/tmp/diff_new_pack.XMEq6X/_new 2015-04-22 13:19:51.000000000 +0200 @@ -32,7 +32,7 @@ Group: Development/Sources Version: 3.16.7 %if 0%{?is_kotd} -Release: <RELEASE>.gba2afab +Release: <RELEASE>.g93c1539 %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.XMEq6X/_old 2015-04-22 13:19:51.000000000 +0200 +++ /var/tmp/diff_new_pack.XMEq6X/_new 2015-04-22 13:19:51.000000000 +0200 @@ -27,7 +27,7 @@ Version: 3.16.7 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.gba2afab +Release: <RELEASE>.g93c1539 %else Release: 0 %endif ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.XMEq6X/_old 2015-04-22 13:19:51.000000000 +0200 +++ /var/tmp/diff_new_pack.XMEq6X/_new 2015-04-22 13:19:51.000000000 +0200 @@ -61,7 +61,7 @@ Group: System/Kernel Version: 3.16.7 %if 0%{?is_kotd} -Release: <RELEASE>.gba2afab +Release: <RELEASE>.g93c1539 %else Release: 0 %endif kernel-xen.spec: same change ++++++ config.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/arm64/default new/config/arm64/default --- old/config/arm64/default 2015-01-24 21:25:15.000000000 +0100 +++ new/config/arm64/default 2015-04-14 06:18:10.000000000 +0200 @@ -145,8 +145,10 @@ # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_SYSCTL=y CONFIG_ANON_INODES=y +CONFIG_HAVE_UID16=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_EXPERT=y +CONFIG_UID16=y CONFIG_SGETMASK_SYSCALL=y CONFIG_SYSFS_SYSCALL=y # CONFIG_SYSCTL_SYSCALL is not set @@ -178,7 +180,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y # CONFIG_JUMP_LABEL is not set @@ -201,6 +203,8 @@ CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y CONFIG_MODULES_USE_ELF_RELA=y CONFIG_CLONE_BACKWARDS=y +CONFIG_OLD_SIGSUSPEND3=y +CONFIG_COMPAT_OLD_SIGACTION=y # # GCOV-based kernel profiling @@ -249,6 +253,7 @@ CONFIG_EFI_PARTITION=y CONFIG_SYSV68_PARTITION=y # CONFIG_CMDLINE_PARTITION is not set +CONFIG_BLOCK_COMPAT=y # # IO Schedulers @@ -387,11 +392,14 @@ # Userspace binary formats # CONFIG_BINFMT_ELF=y +CONFIG_COMPAT_BINFMT_ELF=y CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y CONFIG_BINFMT_SCRIPT=y # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=m CONFIG_COREDUMP=y +CONFIG_COMPAT=y +CONFIG_SYSVIPC_COMPAT=y # # Power management options @@ -446,6 +454,7 @@ # # CONFIG_ARM_KIRKWOOD_CPUFREQ is not set CONFIG_NET=y +CONFIG_COMPAT_NETLINK_MESSAGES=y # # Networking options diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv6hl/default new/config/armv6hl/default --- old/config/armv6hl/default 2015-01-24 21:25:15.000000000 +0100 +++ new/config/armv6hl/default 2015-04-14 06:18:10.000000000 +0200 @@ -181,7 +181,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv7hl/default new/config/armv7hl/default --- old/config/armv7hl/default 2015-01-24 21:25:15.000000000 +0100 +++ new/config/armv7hl/default 2015-04-14 06:18:10.000000000 +0200 @@ -198,7 +198,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv7hl/lpae new/config/armv7hl/lpae --- old/config/armv7hl/lpae 2015-01-24 21:25:15.000000000 +0100 +++ new/config/armv7hl/lpae 2015-04-14 06:18:10.000000000 +0200 @@ -199,7 +199,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/debug new/config/i386/debug --- old/config/i386/debug 2015-01-24 21:25:15.000000000 +0100 +++ new/config/i386/debug 2015-04-14 06:18:10.000000000 +0200 @@ -220,7 +220,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/default new/config/i386/default --- old/config/i386/default 2015-01-24 21:25:15.000000000 +0100 +++ new/config/i386/default 2015-04-14 06:18:10.000000000 +0200 @@ -220,7 +220,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/desktop new/config/i386/desktop --- old/config/i386/desktop 2015-01-24 21:25:15.000000000 +0100 +++ new/config/i386/desktop 2015-04-14 06:18:10.000000000 +0200 @@ -223,7 +223,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/ec2 new/config/i386/ec2 --- old/config/i386/ec2 2015-01-24 21:25:15.000000000 +0100 +++ new/config/i386/ec2 2015-04-14 06:18:10.000000000 +0200 @@ -196,7 +196,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y # CONFIG_OPROFILE is not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/pae new/config/i386/pae --- old/config/i386/pae 2015-01-24 21:25:15.000000000 +0100 +++ new/config/i386/pae 2015-04-14 06:18:10.000000000 +0200 @@ -220,7 +220,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/vanilla new/config/i386/vanilla --- old/config/i386/vanilla 2015-01-24 21:25:15.000000000 +0100 +++ new/config/i386/vanilla 2015-04-14 06:18:10.000000000 +0200 @@ -218,7 +218,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/xen new/config/i386/xen --- old/config/i386/xen 2015-01-24 21:25:15.000000000 +0100 +++ new/config/i386/xen 2015-04-14 06:18:10.000000000 +0200 @@ -211,7 +211,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc/default new/config/ppc/default --- old/config/ppc/default 2015-01-24 21:25:15.000000000 +0100 +++ new/config/ppc/default 2015-04-14 06:18:10.000000000 +0200 @@ -215,7 +215,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc/vanilla new/config/ppc/vanilla --- old/config/ppc/vanilla 2015-01-24 21:25:15.000000000 +0100 +++ new/config/ppc/vanilla 2015-04-14 06:18:10.000000000 +0200 @@ -213,7 +213,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64/debug new/config/ppc64/debug --- old/config/ppc64/debug 2015-01-24 21:25:15.000000000 +0100 +++ new/config/ppc64/debug 2015-04-14 06:18:10.000000000 +0200 @@ -242,7 +242,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64/default new/config/ppc64/default --- old/config/ppc64/default 2015-01-24 21:25:15.000000000 +0100 +++ new/config/ppc64/default 2015-04-14 06:18:10.000000000 +0200 @@ -242,7 +242,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64/vanilla new/config/ppc64/vanilla --- old/config/ppc64/vanilla 2015-01-24 21:25:15.000000000 +0100 +++ new/config/ppc64/vanilla 2015-04-14 06:18:10.000000000 +0200 @@ -240,7 +240,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64le/debug new/config/ppc64le/debug --- old/config/ppc64le/debug 2015-01-24 21:25:15.000000000 +0100 +++ new/config/ppc64le/debug 2015-04-14 06:18:10.000000000 +0200 @@ -238,7 +238,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64le/default new/config/ppc64le/default --- old/config/ppc64le/default 2015-01-24 21:25:15.000000000 +0100 +++ new/config/ppc64le/default 2015-04-14 06:18:10.000000000 +0200 @@ -238,7 +238,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64le/vanilla new/config/ppc64le/vanilla --- old/config/ppc64le/vanilla 2015-01-24 21:25:15.000000000 +0100 +++ new/config/ppc64le/vanilla 2015-04-14 06:18:10.000000000 +0200 @@ -236,7 +236,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/s390x/default new/config/s390x/default --- old/config/s390x/default 2015-01-24 21:25:15.000000000 +0100 +++ new/config/s390x/default 2015-04-14 06:18:10.000000000 +0200 @@ -185,7 +185,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/s390x/vanilla new/config/s390x/vanilla --- old/config/s390x/vanilla 2015-01-24 21:25:15.000000000 +0100 +++ new/config/s390x/vanilla 2015-04-14 06:18:10.000000000 +0200 @@ -183,7 +183,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/debug new/config/x86_64/debug --- old/config/x86_64/debug 2015-01-24 21:25:15.000000000 +0100 +++ new/config/x86_64/debug 2015-04-14 06:18:10.000000000 +0200 @@ -231,7 +231,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/default new/config/x86_64/default --- old/config/x86_64/default 2015-01-24 21:25:15.000000000 +0100 +++ new/config/x86_64/default 2015-04-14 06:18:10.000000000 +0200 @@ -231,7 +231,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/desktop new/config/x86_64/desktop --- old/config/x86_64/desktop 2015-01-24 21:25:15.000000000 +0100 +++ new/config/x86_64/desktop 2015-04-14 06:18:10.000000000 +0200 @@ -234,7 +234,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/ec2 new/config/x86_64/ec2 --- old/config/x86_64/ec2 2015-01-24 21:25:15.000000000 +0100 +++ new/config/x86_64/ec2 2015-04-14 06:18:10.000000000 +0200 @@ -202,7 +202,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y # CONFIG_OPROFILE is not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/vanilla new/config/x86_64/vanilla --- old/config/x86_64/vanilla 2015-01-24 21:25:15.000000000 +0100 +++ new/config/x86_64/vanilla 2015-04-14 06:18:10.000000000 +0200 @@ -229,7 +229,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/xen new/config/x86_64/xen --- old/config/x86_64/xen 2015-01-24 21:25:15.000000000 +0100 +++ new/config/x86_64/xen 2015-04-14 06:18:10.000000000 +0200 @@ -219,7 +219,7 @@ CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set -CONFIG_SYSTEM_TRUSTED_KEYRING=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_OPROFILE=m ++++++ patches.arch.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/arm64-Enable-CONFIG_COMPAT-also-for-64k-page-size.patch new/patches.arch/arm64-Enable-CONFIG_COMPAT-also-for-64k-page-size.patch --- old/patches.arch/arm64-Enable-CONFIG_COMPAT-also-for-64k-page-size.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.arch/arm64-Enable-CONFIG_COMPAT-also-for-64k-page-size.patch 2015-04-09 12:59:37.000000000 +0200 @@ -0,0 +1,54 @@ +From a3ebb7c0471ed11000f024203ff2695fb2346797 Mon Sep 17 00:00:00 2001 +From: Alexander Graf +Date: Thu, 4 Dec 2014 16:44:05 +0100 +Subject: [PATCH v2] arm64: Enable CONFIG_COMPAT also for 64k page size +Patch-mainline: No +References: bnc#908468 + +With binutils 2.25 the default alignment for 32bit arm sections changed to +have everything 64k aligned. Armv7 binaries built with this binutils version +run successfully on an arm64 system. + +Since effectively there is now the chance to run armv7 code on arm64 even +with 64k page size, it doesn't make sense to block people from enabling +CONFIG_COMPAT on those configurations. + +Signed-off-by: Alexander Graf + +--- + +v1 -> v2: + + - add comment in KConfig explaining that segments need to be 64k aligned + - conditionalize the option on EXPERT +--- + arch/arm64/Kconfig | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index 9532f8d..7fc0ad6 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -409,7 +409,7 @@ source "fs/Kconfig.binfmt" + + config COMPAT + bool "Kernel support for 32-bit EL0" +- depends on !ARM64_64K_PAGES ++ depends on !ARM64_64K_PAGES || EXPERT + select COMPAT_BINFMT_ELF + select HAVE_UID16 + select OLD_SIGSUSPEND3 +@@ -420,6 +420,10 @@ config COMPAT + the user helper functions, VFP support and the ptrace interface are + handled appropriately by the kernel. + ++ If you also enabled CONFIG_ARM64_64K_PAGES, please be aware that you ++ will only be able to execute AArch32 binaries that were compiled with ++ 64k aligned segments. ++ + If you want to execute 32-bit userspace applications, say Y. + + config SYSVIPC_COMPAT +-- +1.7.12.4 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/arm64-fix-mmap2-compat-syscall.patch new/patches.arch/arm64-fix-mmap2-compat-syscall.patch --- old/patches.arch/arm64-fix-mmap2-compat-syscall.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.arch/arm64-fix-mmap2-compat-syscall.patch 2015-04-09 12:59:37.000000000 +0200 @@ -0,0 +1,73 @@ +From: Andreas Schwab +Date: Mon, 9 Mar 2015 17:27:36 +0100 +Subject: [PATCH] arm64: fix implementation of mmap2 compat syscall +Patch-mainline: Submitted, http://lists.infradead.org/pipermail/linux-arm-kernel/2015-March/330081.html +References: bnc#923505 + +The arm mmap2 syscall takes the offset in units of 4K, thus with 64K pages +the offset needs to be scaled to units of pages. + +Tested-by: Alexander Graf +Signed-off-by: Andreas Schwab +[dmueller: backport to openSUSE 13.2] +Signed-off-by: Dirk Mueller + +--- + arch/arm64/include/asm/unistd32.h | 2 +- + arch/arm64/kernel/sys32.S | 17 +++++++++++++++++ + 2 files changed, 18 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h +index c8d8fc1..5e31f43 100644 +--- a/arch/arm64/include/asm/unistd32.h ++++ b/arch/arm64/include/asm/unistd32.h +@@ -213,7 +213,7 @@ __SYSCALL(188, sys_ni_syscall) /* 188 reserved */ + __SYSCALL(189, sys_ni_syscall) /* 189 reserved */ + __SYSCALL(190, sys_vfork) + __SYSCALL(191, compat_sys_getrlimit) /* SuS compliant getrlimit */ +-__SYSCALL(192, sys_mmap_pgoff) ++__SYSCALL(192, compat_sys_mmap2_wrapper) + __SYSCALL(193, compat_sys_truncate64_wrapper) + __SYSCALL(194, compat_sys_ftruncate64_wrapper) + __SYSCALL(195, sys_stat64) +diff --git a/arch/arm64/kernel/sys32.S b/arch/arm64/kernel/sys32.S +index 423a5b3..baf024d 100644 +--- a/arch/arm64/kernel/sys32.S ++++ b/arch/arm64/kernel/sys32.S +@@ -19,9 +19,12 @@ + */ + + #include ++#include + + #include + #include ++#include ++#include + + /* + * System call wrappers for the AArch32 compatibility layer. +@@ -53,6 +56,20 @@ compat_sys_fstatfs64_wrapper: + b compat_sys_fstatfs64 + ENDPROC(compat_sys_fstatfs64_wrapper) + ++ ++ ++/* ++ * Note: off_4k (w5) is always units of 4K. If we can't do the requested ++ * offset, we return EINVAL. ++ */ ++compat_sys_mmap2_wrapper: ++ tst w5, #~PAGE_MASK >> 12 ++ b.ne 1f ++ lsr w5, w5, #PAGE_SHIFT - 12 ++ b sys_mmap_pgoff ++1: mov x0, #-EINVAL ++ ret lr ++ + /* + * Wrappers for AArch32 syscalls that either take 64-bit parameters + * in registers or that take 32-bit parameters which require sign +-- +2.3.1 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch new/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch --- old/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch 2015-04-09 12:59:37.000000000 +0200 @@ -0,0 +1,56 @@ +From: Andy Lutomirski +Date: Thu, 5 Mar 2015 01:09:44 +0100 +Subject: x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization +Git-commit: 956421fbb74c3a6261903f3836c0740187cf038b +Patch-mainline: v4.0-rc3 +References: bsc#926240, CVE-2015-2830 + +'ret_from_fork' checks TIF_IA32 to determine whether 'pt_regs' and +the related state make sense for 'ret_from_sys_call'. This is +entirely the wrong check. TS_COMPAT would make a little more +sense, but there's really no point in keeping this optimization +at all. + +This fixes a return to the wrong user CS if we came from int +0x80 in a 64-bit task. + +Signed-off-by: Andy Lutomirski +Cc: Borislav Petkov +Cc: Denys Vlasenko +Cc: H. Peter Anvin +Cc: Linus Torvalds +Cc: Oleg Nesterov +Cc: Thomas Gleixner +Cc: +Link: http://lkml.kernel.org/r/4710be56d76ef994ddf59087aad98c000fbab9a4.1424989793... +[ Backported from tip:x86/asm. ] +Signed-off-by: Ingo Molnar +Acked-by: Borislav Petkov +--- + arch/x86/kernel/entry_64.S | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +Index: current/arch/x86/kernel/entry_64.S +=================================================================== +--- current.orig/arch/x86/kernel/entry_64.S 2014-08-04 00:25:02.000000000 +0200 ++++ current/arch/x86/kernel/entry_64.S 2015-04-09 12:55:07.060074628 +0200 +@@ -335,11 +335,14 @@ ENTRY(ret_from_fork) + testl $3, CS-ARGOFFSET(%rsp) # from kernel_thread? + jz 1f + +- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET +- jnz int_ret_from_sys_call +- +- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET +- jmp ret_from_sys_call # go to the SYSRET fastpath ++ /* ++ * By the time we get here, we have no idea whether our pt_regs, ++ * ti flags, and ti status came from the 64-bit SYSCALL fast path, ++ * the slow path, or one of the ia32entry paths. ++ * Use int_ret_from_sys_call to return, since it can safely handle ++ * all of the above. ++ */ ++ jmp int_ret_from_sys_call + + 1: + subq $REST_SKIP, %rsp # leave space for volatiles diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch new/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch --- old/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch 2015-03-18 18:31:15.000000000 +0100 +++ new/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch 2015-04-09 12:59:37.000000000 +0200 @@ -3,7 +3,7 @@ Subject: x86/microcode/intel: Guard against stack overflow in the loader Git-commit: f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 Patch-mainline: v3.20-rc1 -References: bsc#922944 +References: bsc#922944, CVE-2015-2666 mc_saved_tmp is a static array allocated on the stack, we need to make sure mc_saved_count stays within its bounds, otherwise we're overflowing ++++++ patches.drivers.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/0001-Input-xpad-use-proper-endpoint-type.patch new/patches.drivers/0001-Input-xpad-use-proper-endpoint-type.patch --- old/patches.drivers/0001-Input-xpad-use-proper-endpoint-type.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.drivers/0001-Input-xpad-use-proper-endpoint-type.patch 2015-04-08 14:31:19.000000000 +0200 @@ -0,0 +1,54 @@ +From 32282966d58feb5f92ca06f88a1319613f51494e Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Tue, 25 Nov 2014 00:38:17 -0800 +Subject: [PATCH] Input: xpad - use proper endpoint type +Git-Commit: a1f9a4072655843fc03186acbad65990cc05dd2d +Patch-Mainline: v3.18 +References: bnc#926397 + +The xpad wireless endpoint is not a bulk endpoint on my devices, but +rather an interrupt one, so the USB core complains when it is submitted. +I'm guessing that the author really did mean that this should be an +interrupt urb, but as there are a zillion different xpad devices out +there, let's cover out bases and handle both bulk and interrupt +endpoints just as easily. + +Signed-off-by: "Pierre-Loup A. Griffais" +Signed-off-by: Greg Kroah-Hartman +Cc: stable +Signed-off-by: Dmitry Torokhov +Signed-off-by: Oliver Neukum +--- + drivers/input/joystick/xpad.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c +index 603fe0d..517829f 100644 +--- a/drivers/input/joystick/xpad.c ++++ b/drivers/input/joystick/xpad.c +@@ -1003,9 +1003,19 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id + } + + ep_irq_in = &intf->cur_altsetting->endpoint[1].desc; +- usb_fill_bulk_urb(xpad->bulk_out, udev, +- usb_sndbulkpipe(udev, ep_irq_in->bEndpointAddress), +- xpad->bdata, XPAD_PKT_LEN, xpad_bulk_out, xpad); ++ if (usb_endpoint_is_bulk_out(ep_irq_in)) { ++ usb_fill_bulk_urb(xpad->bulk_out, udev, ++ usb_sndbulkpipe(udev, ++ ep_irq_in->bEndpointAddress), ++ xpad->bdata, XPAD_PKT_LEN, ++ xpad_bulk_out, xpad); ++ } else { ++ usb_fill_int_urb(xpad->bulk_out, udev, ++ usb_sndintpipe(udev, ++ ep_irq_in->bEndpointAddress), ++ xpad->bdata, XPAD_PKT_LEN, ++ xpad_bulk_out, xpad, 0); ++ } + + /* + * Submit the int URB immediately rather than waiting for open +-- +2.1.4 + ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0001-md-don-t-require-sync_min-to-be-a-multiple-of-chunk_.patch new/patches.fixes/0001-md-don-t-require-sync_min-to-be-a-multiple-of-chunk_.patch --- old/patches.fixes/0001-md-don-t-require-sync_min-to-be-a-multiple-of-chunk_.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/0001-md-don-t-require-sync_min-to-be-a-multiple-of-chunk_.patch 2015-04-14 09:11:37.000000000 +0200 @@ -0,0 +1,40 @@ +From: NeilBrown +Date: Mon, 23 Mar 2015 17:36:38 +1100 +Subject: [PATCH] md: don't require sync_min to be a multiple of chunk_size. +Git-commit: 2d92d8c7ecc268051e9b1d93bde2868b83a20a86 +Patch-mainline: Submit for 4.1 +References: bnc#910500 + +There is really no need for sync_min to be a multiple of +chunk_size, and values read from here often aren't. +That means you cannot read a value and expect to be able +to write it back later. + +So remove the chunk_size check, and round down to a multiple +of 4K, to be sure everything works with 4K-sector devices. + +Signed-off-by: NeilBrown +Acked-by: NeilBrown + +--- + drivers/md/md.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +--- linux-3.16-openSUSE-13.2.orig/drivers/md/md.c ++++ linux-3.16-openSUSE-13.2/drivers/md/md.c +@@ -4423,13 +4423,8 @@ min_sync_store(struct mddev *mddev, cons + if (test_bit(MD_RECOVERY_RUNNING, &mddev->recovery)) + return -EBUSY; + +- /* Must be a multiple of chunk_size */ +- if (mddev->chunk_sectors) { +- sector_t temp = min; +- if (sector_div(temp, mddev->chunk_sectors)) +- return -EINVAL; +- } +- mddev->resync_min = min; ++ /* Round down to multiple of 4K for safety */ ++ mddev->resync_min = round_down(min, 8); + + return len; + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/btrfs-fix-inode-eviction-infinite-loop-after-cloning.patch new/patches.fixes/btrfs-fix-inode-eviction-infinite-loop-after-cloning.patch --- old/patches.fixes/btrfs-fix-inode-eviction-infinite-loop-after-cloning.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/btrfs-fix-inode-eviction-infinite-loop-after-cloning.patch 2015-04-14 09:11:37.000000000 +0200 @@ -0,0 +1,100 @@ +From: Filipe Manana +Date: Mon, 30 Mar 2015 18:23:59 +0100 +Patch-mainline: 4.1 +Git-commit: 2fdc94abb6fc347bb45bb44206d9360211cfc44b +References: boo#905088 +Subject: [PATCH] Btrfs: fix inode eviction infinite loop after cloning into it + +If we attempt to clone a 0 length region into a file we can end up +inserting a range in the inode's extent_io tree with a start offset +that is greater then the end offset, which triggers immediately the +following warning: + +[ 3914.619057] WARNING: CPU: 17 PID: 4199 at fs/btrfs/extent_io.c:435 insert_state+0x4b/0x10b [btrfs]() +[ 3914.620886] BTRFS: end < start 4095 4096 +(...) +[ 3914.638093] Call Trace: +[ 3914.638636] [<ffffffff81425fd9>] dump_stack+0x4c/0x65 +[ 3914.639620] [<ffffffff81045390>] warn_slowpath_common+0xa1/0xbb +[ 3914.640789] [<ffffffffa03ca44f>] ? insert_state+0x4b/0x10b [btrfs] +[ 3914.642041] [<ffffffff810453f0>] warn_slowpath_fmt+0x46/0x48 +[ 3914.643236] [<ffffffffa03ca44f>] insert_state+0x4b/0x10b [btrfs] +[ 3914.644441] [<ffffffffa03ca729>] __set_extent_bit+0x107/0x3f4 [btrfs] +[ 3914.645711] [<ffffffffa03cb256>] lock_extent_bits+0x65/0x1bf [btrfs] +[ 3914.646914] [<ffffffff8142b2fb>] ? _raw_spin_unlock+0x28/0x33 +[ 3914.648058] [<ffffffffa03cbac4>] ? test_range_bit+0xcc/0xde [btrfs] +[ 3914.650105] [<ffffffffa03cb3c3>] lock_extent+0x13/0x15 [btrfs] +[ 3914.651361] [<ffffffffa03db39e>] lock_extent_range+0x3d/0xcd [btrfs] +[ 3914.652761] [<ffffffffa03de1fe>] btrfs_ioctl_clone+0x278/0x388 [btrfs] +[ 3914.654128] [<ffffffff811226dd>] ? might_fault+0x58/0xb5 +[ 3914.655320] [<ffffffffa03e0909>] btrfs_ioctl+0xb51/0x2195 [btrfs] +(...) +[ 3914.669271] ---[ end trace 14843d3e2e622fc1 ]--- + +This later makes the inode eviction handler enter an infinite loop that +keeps dumping the following warning over and over: + +[ 3915.117629] WARNING: CPU: 22 PID: 4228 at fs/btrfs/extent_io.c:435 insert_state+0x4b/0x10b [btrfs]() +[ 3915.119913] BTRFS: end < start 4095 4096 +(...) +[ 3915.137394] Call Trace: +[ 3915.137913] [<ffffffff81425fd9>] dump_stack+0x4c/0x65 +[ 3915.139154] [<ffffffff81045390>] warn_slowpath_common+0xa1/0xbb +[ 3915.140316] [<ffffffffa03ca44f>] ? insert_state+0x4b/0x10b [btrfs] +[ 3915.141505] [<ffffffff810453f0>] warn_slowpath_fmt+0x46/0x48 +[ 3915.142709] [<ffffffffa03ca44f>] insert_state+0x4b/0x10b [btrfs] +[ 3915.143849] [<ffffffffa03ca729>] __set_extent_bit+0x107/0x3f4 [btrfs] +[ 3915.145120] [<ffffffffa038c1e3>] ? btrfs_kill_super+0x17/0x23 [btrfs] +[ 3915.146352] [<ffffffff811548f6>] ? deactivate_locked_super+0x3b/0x50 +[ 3915.147565] [<ffffffffa03cb256>] lock_extent_bits+0x65/0x1bf [btrfs] +[ 3915.148785] [<ffffffff8142b7e2>] ? _raw_write_unlock+0x28/0x33 +[ 3915.149931] [<ffffffffa03bc325>] btrfs_evict_inode+0x196/0x482 [btrfs] +[ 3915.151154] [<ffffffff81168904>] evict+0xa0/0x148 +[ 3915.152094] [<ffffffff811689e5>] dispose_list+0x39/0x43 +[ 3915.153081] [<ffffffff81169564>] evict_inodes+0xdc/0xeb +[ 3915.154062] [<ffffffff81154418>] generic_shutdown_super+0x49/0xef +[ 3915.155193] [<ffffffff811546d1>] kill_anon_super+0x13/0x1e +[ 3915.156274] [<ffffffffa038c1e3>] btrfs_kill_super+0x17/0x23 [btrfs] +(...) +[ 3915.167404] ---[ end trace 14843d3e2e622fc2 ]--- + +So just bail out of the clone ioctl if the length of the region to clone +is zero, without locking any extent range, in order to prevent this issue +(same behaviour as a pwrite with a 0 length for example). + +This is trivial to reproduce. For example, the steps for the test I just +made for fstests: + + mkfs.btrfs -f SCRATCH_DEV + mount SCRATCH_DEV $SCRATCH_MNT + + touch $SCRATCH_MNT/foo + touch $SCRATCH_MNT/bar + + $CLONER_PROG -s 0 -d 4096 -l 0 $SCRATCH_MNT/foo $SCRATCH_MNT/bar + umount $SCRATCH_MNT + +A test case for fstests follows soon. + +CC: +Signed-off-by: Filipe Manana +Reviewed-by: Omar Sandoval +Signed-off-by: David Sterba +--- + fs/btrfs/ioctl.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -3676,6 +3676,11 @@ static noinline long btrfs_ioctl_clone(s + if (off + len == src->i_size) + len = ALIGN(src->i_size, bs) - off; + ++ if (len == 0) { ++ ret = 0; ++ goto out_unlock; ++ } ++ + /* verify the end result is block aligned */ + if (!IS_ALIGNED(off, bs) || !IS_ALIGNED(off + len, bs) || + !IS_ALIGNED(destoff, bs)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode-routine.patch new/patches.fixes/ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode-routine.patch --- old/patches.fixes/ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode-routine.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode-routine.patch 2015-04-14 09:11:37.000000000 +0200 @@ -0,0 +1,36 @@ +From: Michael Halcrow +Date: Wed, 26 Nov 2014 09:09:16 -0800 +Subject: eCryptfs: Remove buggy and unnecessary write in file name decode + routine +Git-commit: 942080643bce061c3dd9d5718d3b745dcb39a8bc +Patch-mainline: v3.19-rc1 +References: bsc#918333, CVE-2014-9683 + +Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the +end of the allocated buffer during encrypted filename decoding. This +fix corrects the issue by getting rid of the unnecessary 0 write when +the current bit offset is 2. + +Signed-off-by: Michael Halcrow +Reported-by: Dmitry Chernenkov +Suggested-by: Kees Cook +Cc: stable@vger.kernel.org # v2.6.29+: 51ca58d eCryptfs: Filename Encryption: Encoding and encryption functions +Signed-off-by: Tyler Hicks +Acked-by: Borislav Petkov +--- + fs/ecryptfs/crypto.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c +index 2f6735dbf1a9..31b148f3e772 100644 +--- a/fs/ecryptfs/crypto.c ++++ b/fs/ecryptfs/crypto.c +@@ -1917,7 +1917,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, + break; + case 2: + dst[dst_byte_offset++] |= (src_byte); +- dst[dst_byte_offset] = 0; + current_bit_offset = 0; + break; + } + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ext4-allocate-entire-range-in-zero-range.patch new/patches.fixes/ext4-allocate-entire-range-in-zero-range.patch --- old/patches.fixes/ext4-allocate-entire-range-in-zero-range.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/ext4-allocate-entire-range-in-zero-range.patch 2015-04-14 09:11:37.000000000 +0200 @@ -0,0 +1,83 @@ +From 0f2af21aae11972fa924374ddcf52e88347cf5a8 Mon Sep 17 00:00:00 2001 +From: Lukas Czerner +Date: Fri, 3 Apr 2015 00:09:13 -0400 +Subject: ext4: allocate entire range in zero range +Git-commit: 0f2af21aae11972fa924374ddcf52e88347cf5a8 +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git +Patch-mainline: expected 4.1 +References: bnc#919032 CVE-2015-0275 + +Currently there is a bug in zero range code which causes zero range +calls to only allocate block aligned portion of the range, while +ignoring the rest in some cases. + +In some cases, namely if the end of the range is past i_size, we do +attempt to preallocate the last nonaligned block. However this might +cause kernel to BUG() in some carefully designed zero range requests +on setups where page size > block size. + +Fix this problem by first preallocating the entire range, including +the nonaligned edges and converting the written extents to unwritten +in the next step. This approach will also give us the advantage of +having the range to be as linearly contiguous as possible. + +Signed-off-by: Lukas Czerner +Signed-off-by: Theodore Ts'o +Acked-by: Jan Kara + +diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c +index 2e6af88..3cc17aa 100644 + +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -4797,12 +4797,6 @@ static long ext4_zero_range(struct file *file, loff_t offset, + else + max_blocks -= lblk; + +- flags = EXT4_GET_BLOCKS_CREATE_UNWRIT_EXT | +- EXT4_GET_BLOCKS_CONVERT_UNWRITTEN | +- EXT4_EX_NOCACHE; +- if (mode & FALLOC_FL_KEEP_SIZE) +- flags |= EXT4_GET_BLOCKS_KEEP_SIZE; +- + mutex_lock(&inode->i_mutex); + + /* +@@ -4819,15 +4813,28 @@ static long ext4_zero_range(struct file *file, loff_t offset, + ret = inode_newsize_ok(inode, new_size); + if (ret) + goto out_mutex; +- /* +- * If we have a partial block after EOF we have to allocate +- * the entire block. +- */ +- if (partial_end) +- max_blocks += 1; + } + ++ flags = EXT4_GET_BLOCKS_CREATE_UNWRIT_EXT; ++ if (mode & FALLOC_FL_KEEP_SIZE) ++ flags |= EXT4_GET_BLOCKS_KEEP_SIZE; ++ ++ /* Preallocate the range including the unaligned edges */ ++ if (partial_begin || partial_end) { ++ ret = ext4_alloc_file_blocks(file, ++ round_down(offset, 1 << blkbits) >> blkbits, ++ (round_up((offset + len), 1 << blkbits) - ++ round_down(offset, 1 << blkbits)) >> blkbits, ++ new_size, flags, mode); ++ if (ret) ++ goto out_mutex; ++ ++ } ++ ++ /* Zero range excluding the unaligned edges */ + if (max_blocks > 0) { ++ flags |= (EXT4_GET_BLOCKS_CONVERT_UNWRITTEN | ++ EXT4_EX_NOCACHE); + + /* Now release the pages and zero block aligned part of pages*/ + truncate_pagecache_range(inode, start, end - 1); +-- +cgit v0.10.2 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ext4-fix-ZERO_RANGE-bug-hidden-by-flag-aliasing.patch new/patches.fixes/ext4-fix-ZERO_RANGE-bug-hidden-by-flag-aliasing.patch --- old/patches.fixes/ext4-fix-ZERO_RANGE-bug-hidden-by-flag-aliasing.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/ext4-fix-ZERO_RANGE-bug-hidden-by-flag-aliasing.patch 2015-04-14 09:11:37.000000000 +0200 @@ -0,0 +1,75 @@ +From 713e8dde3e71e92db2d8cc8459d236ce1fb576ce Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Mon, 1 Sep 2014 14:32:09 -0400 +Subject: [PATCH] ext4: fix ZERO_RANGE bug hidden by flag aliasing +Git-commit: 713e8dde3e71e92db2d8cc8459d236ce1fb576ce +Patch-mainline: v3.18-rc2 + +We accidently aliased EXT4_EX_NOCACHE and EXT4_GET_CONVERT_UNWRITTEN +falgs, which apparently was hiding a bug that was unmasked when this +flag aliasing issue was addressed (see the subsequent commit). The +reproduction case was: + + fsx -N 10000 -l 500000 -r 4096 -t 4096 -w 4096 -Z -R -W /vdb/junk + +... which would cause fsx to report corruption in the data file. + +The fix we have is a bit of an overkill, but I'd much rather be +conservative for now, and we can optimize ZERO_RANGE_FL handling +later. The fact that we need to zap the extent_status cache for the +inode is unfortunate, but correctness is far more important than +performance. + +Signed-off-by: Theodore Ts'o +Cc: Namjae Jeon +Acked-by: Jan Kara + +--- + fs/ext4/extents.c | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c +index d00937336f19..bf205f72be35 100644 +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -4802,7 +4802,8 @@ static long ext4_zero_range(struct file *file, loff_t offset, + max_blocks -= lblk; + + flags = EXT4_GET_BLOCKS_CREATE_UNWRIT_EXT | +- EXT4_GET_BLOCKS_CONVERT_UNWRITTEN; ++ EXT4_GET_BLOCKS_CONVERT_UNWRITTEN | ++ EXT4_EX_NOCACHE; + if (mode & FALLOC_FL_KEEP_SIZE) + flags |= EXT4_GET_BLOCKS_KEEP_SIZE; + +@@ -4840,15 +4841,21 @@ static long ext4_zero_range(struct file *file, loff_t offset, + ext4_inode_block_unlocked_dio(inode); + inode_dio_wait(inode); + ++ ret = ext4_alloc_file_blocks(file, lblk, max_blocks, new_size, ++ flags, mode); ++ if (ret) ++ goto out_dio; + /* + * Remove entire range from the extent status tree. ++ * ++ * ext4_es_remove_extent(inode, lblk, max_blocks) is ++ * NOT sufficient. I'm not sure why this is the case, ++ * but let's be conservative and remove the extent ++ * status tree for the entire inode. There should be ++ * no outstanding delalloc extents thanks to the ++ * filemap_write_and_wait_range() call above. + */ +- ret = ext4_es_remove_extent(inode, lblk, max_blocks); +- if (ret) +- goto out_dio; +- +- ret = ext4_alloc_file_blocks(file, lblk, max_blocks, new_size, +- flags, mode); ++ ret = ext4_es_remove_extent(inode, 0, EXT_MAX_BLOCKS); + if (ret) + goto out_dio; + } +-- +2.1.4 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/kabi-fix-for-move-d_rcu.patch new/patches.fixes/kabi-fix-for-move-d_rcu.patch --- old/patches.fixes/kabi-fix-for-move-d_rcu.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/kabi-fix-for-move-d_rcu.patch 2015-04-14 09:11:37.000000000 +0200 @@ -0,0 +1,41 @@ +From: Miklos Szeredi +Subject: kabi: fix for move of d_rcu +Patch-mainline: no +References: bnc#903640 CVE-2014-8559 boo#927018 + +d_rcu shouldn't be used outside core VFS. The size and offset of the other +fields doesn't change. So it's OK to ignore this move. + +[rebased for openSUSE-13.2 kernel by tiwai] + +Signed-off-by: Miklos Szeredi +Signed-off-by: Takashi Iwai +--- + include/linux/dcache.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/include/linux/dcache.h ++++ b/include/linux/dcache.h +@@ -126,8 +126,14 @@ struct dentry { + struct list_head d_lru; /* LRU list */ + union { + struct list_head d_child; /* child of parent list */ ++#ifdef __GENKSYMS__ ++ struct rcu_head d_rcu; ++#endif + } d_u; + struct list_head d_subdirs; /* our children */ ++#ifdef __GENKSYMS__ ++ struct hlist_node d_alias; ++#else + /* + * d_alias and d_rcu can share memory + */ +@@ -135,6 +141,7 @@ struct dentry { + struct hlist_node d_alias; /* inode alias list */ + struct rcu_head d_rcu; + }; ++#endif + }; + + /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/net-rds-use-correct-size-for-max-unacked-packets-and.patch new/patches.fixes/net-rds-use-correct-size-for-max-unacked-packets-and.patch --- old/patches.fixes/net-rds-use-correct-size-for-max-unacked-packets-and.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/net-rds-use-correct-size-for-max-unacked-packets-and.patch 2015-04-14 09:11:37.000000000 +0200 @@ -0,0 +1,45 @@ +From: Michal Kubecek +Date: Thu, 9 Apr 2015 11:14:13 +0200 +Subject: net: rds: use correct size for max unacked packets and bytes +Patch-mainline: v3.19 +Git-commit: db27ebb111e9f69efece08e4cb6a34ff980f8896 +References: bsc#919018 CVE-2015-2042 + +Max unacked packets/bytes is an int while sizeof(long) was used in the +sysctl table. + +This means that when they were getting read we'd also leak kernel memory +to userspace along with the timeout values. + +Signed-off-by: Sasha Levin +Signed-off-by: David S. Miller +Acked-by: Michal Kubecek + +--- + net/rds/sysctl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/net/rds/sysctl.c b/net/rds/sysctl.c +index c3b0cd43eb56..c173f69e1479 100644 +--- a/net/rds/sysctl.c ++++ b/net/rds/sysctl.c +@@ -71,14 +71,14 @@ static struct ctl_table rds_sysctl_rds_table[] = { + { + .procname = "max_unacked_packets", + .data = &rds_sysctl_max_unacked_packets, +- .maxlen = sizeof(unsigned long), ++ .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, + { + .procname = "max_unacked_bytes", + .data = &rds_sysctl_max_unacked_bytes, +- .maxlen = sizeof(unsigned long), ++ .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, +-- +2.3.5 + ++++++ patches.rpmify.tar.bz2 ++++++ ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-__add_inode_ref-out-of-bounds-memory-read-when-looking-for-extended-ref.patch new/patches.suse/btrfs-__add_inode_ref-out-of-bounds-memory-read-when-looking-for-extended-ref.patch --- old/patches.suse/btrfs-__add_inode_ref-out-of-bounds-memory-read-when-looking-for-extended-ref.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/btrfs-__add_inode_ref-out-of-bounds-memory-read-when-looking-for-extended-ref.patch 2015-04-08 16:20:23.000000000 +0200 @@ -0,0 +1,29 @@ +From: Quentin Casasnovas +Date: Tue, 3 Mar 2015 16:31:38 +0100 +Git-commit: dd9ef135e3542ffc621c4eb7f0091870ec7a1504 +Patch-mainline: 4.0 +Subject: Btrfs:__add_inode_ref: out of bounds memory read when looking for extended ref. + +Improper arithmetics when calculting the address of the extended ref could +lead to an out of bounds memory read and kernel panic. + +Signed-off-by: Quentin Casasnovas +Reviewed-by: David Sterba +Signed-off-by: Chris Mason +Signed-off-by: David Sterba + +--- + fs/btrfs/tree-log.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/btrfs/tree-log.c ++++ b/fs/btrfs/tree-log.c +@@ -999,7 +999,7 @@ again: + base = btrfs_item_ptr_offset(leaf, path->slots[0]); + + while (cur_offset < item_size) { +- extref = (struct btrfs_inode_extref *)base + cur_offset; ++ extref = (struct btrfs_inode_extref *)(base + cur_offset); + + victim_name_len = btrfs_inode_extref_name_len(leaf, extref); + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-do-not-move-em-to-modified-list-when-unpinning.patch new/patches.suse/btrfs-do-not-move-em-to-modified-list-when-unpinning.patch --- old/patches.suse/btrfs-do-not-move-em-to-modified-list-when-unpinning.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/btrfs-do-not-move-em-to-modified-list-when-unpinning.patch 2015-04-08 16:20:23.000000000 +0200 @@ -0,0 +1,52 @@ +From: Josef Bacik +Date: Fri, 14 Nov 2014 16:16:30 -0500 +Git-commit: a28046956c71985046474283fa3bcd256915fb72 +Patch-mainline: 3.19 +Subject: Btrfs: do not move em to modified list when unpinning + +We use the modified list to keep track of which extents have been modified so we +know which ones are candidates for logging at fsync() time. Newly modified +extents are added to the list at modification time, around the same time the +ordered extent is created. We do this so that we don't have to wait for ordered +extents to complete before we know what we need to log. The problem is when +something like this happens + +log extent 0-4k on inode 1 +copy csum for 0-4k from ordered extent into log +sync log +commit transaction +log some other extent on inode 1 +ordered extent for 0-4k completes and adds itself onto modified list again +log changed extents +see ordered extent for 0-4k has already been logged + at this point we assume the csum has been copied +sync log +crash + +On replay we will see the extent 0-4k in the log, drop the original 0-4k extent +which is the same one that we are replaying which also drops the csum, and then +we won't find the csum in the log for that bytenr. This of course causes us to +have errors about not having csums for certain ranges of our inode. So remove +the modified list manipulation in unpin_extent_cache, any modified extents +should have been added well before now, and we don't want them re-logged. This +fixes my test that I could reliably reproduce this problem with. Thanks, + +Signed-off-by: Josef Bacik +Signed-off-by: Chris Mason +Signed-off-by: David Sterba + +--- + fs/btrfs/extent_map.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/fs/btrfs/extent_map.c ++++ b/fs/btrfs/extent_map.c +@@ -287,8 +287,6 @@ int unpin_extent_cache(struct extent_map + if (!em) + goto out; + +- if (!test_bit(EXTENT_FLAG_LOGGING, &em->flags)) +- list_move(&em->list, &tree->modified_extents); + em->generation = gen; + clear_bit(EXTENT_FLAG_PINNED, &em->flags); + em->mod_start = em->start; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-don-t-delay-inode-ref-updates-during-log-replay.patch new/patches.suse/btrfs-don-t-delay-inode-ref-updates-during-log-replay.patch --- old/patches.suse/btrfs-don-t-delay-inode-ref-updates-during-log-replay.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/btrfs-don-t-delay-inode-ref-updates-during-log-replay.patch 2015-04-08 16:20:23.000000000 +0200 @@ -0,0 +1,47 @@ +From: Chris Mason +Date: Wed, 31 Dec 2014 12:18:29 -0500 +Git-commit: 6f8960541b1eb6054a642da48daae2320fddba93 +Patch-mainline: 3.19 +Subject: Btrfs: don't delay inode ref updates during log replay + +Commit 1d52c78afbb (Btrfs: try not to ENOSPC on log replay) added a +check to skip delayed inode updates during log replay because it +confuses the enospc code. But the delayed processing will end up +ignoring delayed refs from log replay because the inode itself wasn't +put through the delayed code. + +This can end up triggering a warning at commit time: + +WARNING: CPU: 2 PID: 778 at fs/btrfs/delayed-inode.c:1410 btrfs_assert_delayed_root_empty+0x32/0x34() + +Which is repeated for each commit because we never process the delayed +inode ref update. + +The fix used here is to change btrfs_delayed_delete_inode_ref to return +an error if we're currently in log replay. The caller will do the ref +deletion immediately and everything will work properly. + +Signed-off-by: Chris Mason +Signed-off-by: David Sterba + +--- + fs/btrfs/delayed-inode.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/fs/btrfs/delayed-inode.c ++++ b/fs/btrfs/delayed-inode.c +@@ -1857,6 +1857,14 @@ int btrfs_delayed_delete_inode_ref(struc + { + struct btrfs_delayed_node *delayed_node; + ++ /* ++ * we don't do delayed inode updates during log recovery because it ++ * leads to enospc problems. This means we also can't do ++ * delayed inode refs ++ */ ++ if (BTRFS_I(inode)->root->fs_info->log_root_recovering) ++ return -EAGAIN; ++ + delayed_node = btrfs_get_or_create_delayed_node(inode); + if (IS_ERR(delayed_node)) + return PTR_ERR(delayed_node); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-fix-data-loss-in-the-fast-fsync-path.patch new/patches.suse/btrfs-fix-data-loss-in-the-fast-fsync-path.patch --- old/patches.suse/btrfs-fix-data-loss-in-the-fast-fsync-path.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/btrfs-fix-data-loss-in-the-fast-fsync-path.patch 2015-04-08 16:20:23.000000000 +0200 @@ -0,0 +1,251 @@ +From: Filipe Manana +Date: Sun, 1 Mar 2015 20:36:00 +0000 +Subject: Btrfs: fix data loss in the fast fsync path +Git-commit: 3a8b36f378060d20062a0918e99fae39ff077bf0 +Patch-mainline: 3.19 + +When using the fast file fsync code path we can miss the fact that new +writes happened since the last file fsync and therefore return without +waiting for the IO to finish and write the new extents to the fsync log. + +Here's an example scenario where the fsync will miss the fact that new +file data exists that wasn't yet durably persisted: + +1. fs_info->last_trans_committed == N - 1 and current transaction is + transaction N (fs_info->generation == N); + +2. do a buffered write; + +3. fsync our inode, this clears our inode's full sync flag, starts + an ordered extent and waits for it to complete - when it completes + at btrfs_finish_ordered_io(), the inode's last_trans is set to the + value N (via btrfs_update_inode_fallback -> btrfs_update_inode -> + btrfs_set_inode_last_trans); + +4. transaction N is committed, so fs_info->last_trans_committed is now + set to the value N and fs_info->generation remains with the value N; + +5. do another buffered write, when this happens btrfs_file_write_iter + sets our inode's last_trans to the value N + 1 (that is + fs_info->generation + 1 == N + 1); + +6. transaction N + 1 is started and fs_info->generation now has the + value N + 1; + +7. transaction N + 1 is committed, so fs_info->last_trans_committed + is set to the value N + 1; + +8. fsync our inode - because it doesn't have the full sync flag set, + we only start the ordered extent, we don't wait for it to complete + (only in a later phase) therefore its last_trans field has the + value N + 1 set previously by btrfs_file_write_iter(), and so we + have: + + inode->last_trans <= fs_info->last_trans_committed + (N + 1) (N + 1) + + Which made us not log the last buffered write and exit the fsync + handler immediately, returning success (0) to user space and resulting + in data loss after a crash. + +This can actually be triggered deterministically and the following excerpt +from a testcase I made for xfstests triggers the issue. It moves a dummy +file across directories and then fsyncs the old parent directory - this +is just to trigger a transaction commit, so moving files around isn't +directly related to the issue but it was chosen because running 'sync' for +example does more than just committing the current transaction, as it +flushes/waits for all file data to be persisted. The issue can also happen +at random periods, since the transaction kthread periodicaly commits the +current transaction (about every 30 seconds by default). +The body of the test is: + + _scratch_mkfs >> $seqres.full 2>&1 + _init_flakey + _mount_flakey + + # Create our main test file 'foo', the one we check for data loss. + # By doing an fsync against our file, it makes btrfs clear the 'needs_full_sync' + # bit from its flags (btrfs inode specific flags). + $XFS_IO_PROG -f -c "pwrite -S 0xaa 0 8K" \ + -c "fsync" $SCRATCH_MNT/foo | _filter_xfs_io + + # Now create one other file and 2 directories. We will move this second file + # from one directory to the other later because it forces btrfs to commit its + # currently open transaction if we fsync the old parent directory. This is + # necessary to trigger the data loss bug that affected btrfs. + mkdir $SCRATCH_MNT/testdir_1 + touch $SCRATCH_MNT/testdir_1/bar + mkdir $SCRATCH_MNT/testdir_2 + + # Make sure everything is durably persisted. + sync + + # Write more 8Kb of data to our file. + $XFS_IO_PROG -c "pwrite -S 0xbb 8K 8K" $SCRATCH_MNT/foo | _filter_xfs_io + + # Move our 'bar' file into a new directory. + mv $SCRATCH_MNT/testdir_1/bar $SCRATCH_MNT/testdir_2/bar + + # Fsync our first directory. Because it had a file moved into some other + # directory, this made btrfs commit the currently open transaction. This is + # a condition necessary to trigger the data loss bug. + $XFS_IO_PROG -c "fsync" $SCRATCH_MNT/testdir_1 + + # Now fsync our main test file. If the fsync succeeds, we expect the 8Kb of + # data we wrote previously to be persisted and available if a crash happens. + # This did not happen with btrfs, because of the transaction commit that + # happened when we fsynced the parent directory. + $XFS_IO_PROG -c "fsync" $SCRATCH_MNT/foo + + # Simulate a crash/power loss. + _load_flakey_table $FLAKEY_DROP_WRITES + _unmount_flakey + + _load_flakey_table $FLAKEY_ALLOW_WRITES + _mount_flakey + + # Now check that all data we wrote before are available. + echo "File content after log replay:" + od -t x1 $SCRATCH_MNT/foo + + status=0 + exit + +The expected golden output for the test, which is what we get with this +fix applied (or when running against ext3/4 and xfs), is: + + wrote 8192/8192 bytes at offset 0 + XXX Bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + wrote 8192/8192 bytes at offset 8192 + XXX Bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + File content after log replay: + 0000000 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa + * + 0020000 bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb + * + 0040000 + +Without this fix applied, the output shows the test file does not have +the second 8Kb extent that we successfully fsynced: + + wrote 8192/8192 bytes at offset 0 + XXX Bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + wrote 8192/8192 bytes at offset 8192 + XXX Bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + File content after log replay: + 0000000 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa + * + 0020000 + +So fix this by skipping the fsync only if we're doing a full sync and +if the inode's last_trans is <= fs_info->last_trans_committed, or if +the inode is already in the log. Also remove setting the inode's +last_trans in btrfs_file_write_iter since it's useless/unreliable. + +Also because btrfs_file_write_iter no longer sets inode->last_trans to +fs_info->generation + 1, don't set last_trans to 0 if we bail out and don't +bail out if last_trans is 0, otherwise something as simple as the following +example wouldn't log the second write on the last fsync: + + 1. write to file + + 2. fsync file + + 3. fsync file + |--> btrfs_inode_in_log() returns true and it set last_trans to 0 + + 4. write to file + |--> btrfs_file_write_iter() no longers sets last_trans, so it + remained with a value of 0 + 5. fsync + |--> inode->last_trans == 0, so it bails out without logging the + second write + +A test case for xfstests will be sent soon. + +Signed-off-by: Filipe Manana +Signed-off-by: Chris Mason + +--- + fs/btrfs/file.c | 56 ++++++++++++++++++++++++++++---------------------------- + 1 file changed, 28 insertions(+), 28 deletions(-) + +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -1806,22 +1806,10 @@ static ssize_t btrfs_file_write_iter(str + mutex_unlock(&inode->i_mutex); + + /* +- * we want to make sure fsync finds this change +- * but we haven't joined a transaction running right now. +- * +- * Later on, someone is sure to update the inode and get the +- * real transid recorded. +- * +- * We set last_trans now to the fs_info generation + 1, +- * this will either be one more than the running transaction +- * or the generation used for the next transaction if there isn't +- * one running right now. +- * + * We also have to set last_sub_trans to the current log transid, + * otherwise subsequent syncs to a file that's been synced in this + * transaction will appear to have already occured. + */ +- BTRFS_I(inode)->last_trans = root->fs_info->generation + 1; + BTRFS_I(inode)->last_sub_trans = root->log_transid; + if (num_written > 0) { + err = generic_write_sync(file, pos, num_written); +@@ -1909,25 +1897,37 @@ int btrfs_sync_file(struct file *file, l + atomic_inc(&root->log_batch); + + /* +- * check the transaction that last modified this inode +- * and see if its already been committed +- */ +- if (!BTRFS_I(inode)->last_trans) { +- mutex_unlock(&inode->i_mutex); +- goto out; +- } +- +- /* +- * if the last transaction that changed this file was before +- * the current transaction, we can bail out now without any +- * syncing ++ * If the last transaction that changed this file was before the current ++ * transaction and we have the full sync flag set in our inode, we can ++ * bail out now without any syncing. ++ * ++ * Note that we can't bail out if the full sync flag isn't set. This is ++ * because when the full sync flag is set we start all ordered extents ++ * and wait for them to fully complete - when they complete they update ++ * the inode's last_trans field through: ++ * ++ * btrfs_finish_ordered_io() -> ++ * btrfs_update_inode_fallback() -> ++ * btrfs_update_inode() -> ++ * btrfs_set_inode_last_trans() ++ * ++ * So we are sure that last_trans is up to date and can do this check to ++ * bail out safely. For the fast path, when the full sync flag is not ++ * set in our inode, we can not do it because we start only our ordered ++ * extents and don't wait for them to complete (that is when ++ * btrfs_finish_ordered_io runs), so here at this point their last_trans ++ * value might be less than or equals to fs_info->last_trans_committed, ++ * and setting a speculative last_trans for an inode when a buffered ++ * write is made (such as fs_info->generation + 1 for example) would not ++ * be reliable since after setting the value and before fsync is called ++ * any number of transactions can start and commit (transaction kthread ++ * commits the current transaction periodically), and a transaction ++ * commit does not start nor waits for ordered extents to complete. + */ + smp_mb(); + if (btrfs_inode_in_log(inode, root->fs_info->generation) || +- BTRFS_I(inode)->last_trans <= +- root->fs_info->last_trans_committed) { +- BTRFS_I(inode)->last_trans = 0; +- ++ (full_sync && BTRFS_I(inode)->last_trans <= ++ root->fs_info->last_trans_committed)) { + /* + * We'v had everything committed since the last time we were + * modified so clear this flag in case it was set for whatever diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-fix-fs-corruption-on-transaction-abort-if-device-supports-discard.patch new/patches.suse/btrfs-fix-fs-corruption-on-transaction-abort-if-device-supports-discard.patch --- old/patches.suse/btrfs-fix-fs-corruption-on-transaction-abort-if-device-supports-discard.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/btrfs-fix-fs-corruption-on-transaction-abort-if-device-supports-discard.patch 2015-04-08 16:20:23.000000000 +0200 @@ -0,0 +1,168 @@ +From: Filipe Manana +Date: Sun, 7 Dec 2014 21:31:47 +0000 +Subject: Btrfs: fix fs corruption on transaction abort if device supports discard +Git-commit: 678886bdc6378c1cbd5072da2c5a3035000214e3 +Patch-mainline: 3.19 + +When we abort a transaction we iterate over all the ranges marked as dirty +in fs_info->freed_extents[0] and fs_info->freed_extents[1], clear them +from those trees, add them back (unpin) to the free space caches and, if +the fs was mounted with "-o discard", perform a discard on those regions. +Also, after adding the regions to the free space caches, a fitrim ioctl call +can see those ranges in a block group's free space cache and perform a discard +on the ranges, so the same issue can happen without "-o discard" as well. + +This causes corruption, affecting one or multiple btree nodes (in the worst +case leaving the fs unmountable) because some of those ranges (the ones in +the fs_info->pinned_extents tree) correspond to btree nodes/leafs that are +referred by the last committed super block - breaking the rule that anything +that was committed by a transaction is untouched until the next transaction +commits successfully. + +I ran into this while running in a loop (for several hours) the fstest that +I recently submitted: + + [PATCH] fstests: add btrfs test to stress chunk allocation/removal and fstrim + +The corruption always happened when a transaction aborted and then fsck complained +like this: + + _check_btrfs_filesystem: filesystem on /dev/sdc is inconsistent + *** fsck.btrfs output *** + Check tree block failed, want=94945280, have=0 + Check tree block failed, want=94945280, have=0 + Check tree block failed, want=94945280, have=0 + Check tree block failed, want=94945280, have=0 + Check tree block failed, want=94945280, have=0 + read block failed check_tree_block + Couldn't open file system + +In this case 94945280 corresponded to the root of a tree. +Using frace what I observed was the following sequence of steps happened: + + 1) transaction N started, fs_info->pinned_extents pointed to + fs_info->freed_extents[0]; + + 2) node/eb 94945280 is created; + + 3) eb is persisted to disk; + + 4) transaction N commit starts, fs_info->pinned_extents now points to + fs_info->freed_extents[1], and transaction N completes; + + 5) transaction N + 1 starts; + + 6) eb is COWed, and btrfs_free_tree_block() called for this eb; + + 7) eb range (94945280 to 94945280 + 16Kb) is added to + fs_info->pinned_extents (fs_info->freed_extents[1]); + + 8) Something goes wrong in transaction N + 1, like hitting ENOSPC + for example, and the transaction is aborted, turning the fs into + readonly mode. The stack trace I got for example: + + [112065.253935] [<ffffffff8140c7b6>] dump_stack+0x4d/0x66 + [112065.254271] [<ffffffff81042984>] warn_slowpath_common+0x7f/0x98 + [112065.254567] [<ffffffffa0325990>] ? __btrfs_abort_transaction+0x50/0x10b [btrfs] + [112065.261674] [<ffffffff810429e5>] warn_slowpath_fmt+0x48/0x50 + [112065.261922] [<ffffffffa032949e>] ? btrfs_free_path+0x26/0x29 [btrfs] + [112065.262211] [<ffffffffa0325990>] __btrfs_abort_transaction+0x50/0x10b [btrfs] + [112065.262545] [<ffffffffa036b1d6>] btrfs_remove_chunk+0x537/0x58b [btrfs] + [112065.262771] [<ffffffffa033840f>] btrfs_delete_unused_bgs+0x1de/0x21b [btrfs] + [112065.263105] [<ffffffffa0343106>] cleaner_kthread+0x100/0x12f [btrfs] + (...) + [112065.264493] ---[ end trace dd7903a975a31a08 ]--- + [112065.264673] BTRFS: error (device sdc) in btrfs_remove_chunk:2625: errno=-28 No space left + [112065.264997] BTRFS info (device sdc): forced readonly + + 9) The clear kthread sees that the BTRFS_FS_STATE_ERROR bit is set in + fs_info->fs_state and calls btrfs_cleanup_transaction(), which in + turn calls btrfs_destroy_pinned_extent(); + + 10) Then btrfs_destroy_pinned_extent() iterates over all the ranges + marked as dirty in fs_info->freed_extents[], and for each one + it calls discard, if the fs was mounted with "-o discard", and + adds the range to the free space cache of the respective block + group; + + 11) btrfs_trim_block_group(), invoked from the fitrim ioctl code path, + sees the free space entries and performs a discard; + + 12) After an umount and mount (or fsck), our eb's location on disk was full + of zeroes, and it should have been untouched, because it was marked as + dirty in the fs_info->pinned_extents tree, and therefore used by the + trees that the last committed superblock points to. + +Fix this by not performing a discard and not adding the ranges to the free space +caches - it's useless from this point since the fs is now in readonly mode and +we won't write free space caches to disk anymore (otherwise we would leak space) +nor any new superblock. By not adding the ranges to the free space caches, it +prevents other code paths from allocating that space and write to it as well, +therefore being safer and simpler. + +This isn't a new problem, as it's been present since 2011 (git commit +acce952b0263825da32cf10489413dec78053347). + +Signed-off-by: Filipe Manana +Signed-off-by: Chris Mason + +--- + fs/btrfs/disk-io.c | 6 ------ + fs/btrfs/extent-tree.c | 10 ++++++---- + 2 files changed, 6 insertions(+), 10 deletions(-) + +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -4043,12 +4043,6 @@ again: + if (ret) + break; + +- /* opt_discard */ +- if (btrfs_test_opt(root, DISCARD)) +- ret = btrfs_error_discard_extent(root, start, +- end + 1 - start, +- NULL); +- + clear_extent_dirty(unpin, start, end, GFP_NOFS); + btrfs_error_unpin_extent_range(root, start, end); + cond_resched(); +--- a/fs/btrfs/extent-tree.c ++++ b/fs/btrfs/extent-tree.c +@@ -5690,7 +5690,8 @@ void btrfs_prepare_extent_commit(struct + update_global_block_rsv(fs_info); + } + +-static int unpin_extent_range(struct btrfs_root *root, u64 start, u64 end) ++static int unpin_extent_range(struct btrfs_root *root, u64 start, u64 end, ++ const bool return_free_space) + { + struct btrfs_fs_info *fs_info = root->fs_info; + struct btrfs_block_group_cache *cache = NULL; +@@ -5714,7 +5715,8 @@ static int unpin_extent_range(struct btr + + if (start < cache->last_byte_to_unpin) { + len = min(len, cache->last_byte_to_unpin - start); +- btrfs_add_free_space(cache, start, len); ++ if (return_free_space) ++ btrfs_add_free_space(cache, start, len); + } + + start += len; +@@ -5778,7 +5780,7 @@ int btrfs_finish_extent_commit(struct bt + end + 1 - start, NULL); + + clear_extent_dirty(unpin, start, end, GFP_NOFS); +- unpin_extent_range(root, start, end); ++ unpin_extent_range(root, start, end, true); + cond_resched(); + } + +@@ -9462,7 +9464,7 @@ out: + + int btrfs_error_unpin_extent_range(struct btrfs_root *root, u64 start, u64 end) + { +- return unpin_extent_range(root, start, end); ++ return unpin_extent_range(root, start, end, false); + } + + int btrfs_error_discard_extent(struct btrfs_root *root, u64 bytenr, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-fix-fsync-data-loss-after-adding-hard-link-to-inode.patch new/patches.suse/btrfs-fix-fsync-data-loss-after-adding-hard-link-to-inode.patch --- old/patches.suse/btrfs-fix-fsync-data-loss-after-adding-hard-link-to-inode.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/btrfs-fix-fsync-data-loss-after-adding-hard-link-to-inode.patch 2015-04-08 16:20:23.000000000 +0200 @@ -0,0 +1,296 @@ +From: Filipe Manana +Date: Fri, 13 Feb 2015 12:30:56 +0000 +Subject: Btrfs: fix fsync data loss after adding hard link to inode +Git-commit 1a4bcf470c886b955adf36486f4c86f2441d85cb +Patch-mainline: 4.0 + +We have a scenario where after the fsync log replay we can lose file data +that had been previously fsync'ed if we added an hard link for our inode +and after that we sync'ed the fsync log (for example by fsync'ing some +other file or directory). + +This is because when adding an hard link we updated the inode item in the +log tree with an i_size value of 0. At that point the new inode item was +in memory only and a subsequent fsync log replay would not make us lose +the file data. However if after adding the hard link we sync the log tree +to disk, by fsync'ing some other file or directory for example, we ended +up losing the file data after log replay, because the inode item in the +persisted log tree had an an i_size of zero. + +This is easy to reproduce, and the following excerpt from my test for +xfstests shows this: + + _scratch_mkfs >> $seqres.full 2>&1 + _init_flakey + _mount_flakey + + # Create one file with data and fsync it. + # This made the btrfs fsync log persist the data and the inode metadata with + # a correct inode->i_size (4096 bytes). + $XFS_IO_PROG -f -c "pwrite -S 0xaa -b 4K 0 4K" -c "fsync" \ + $SCRATCH_MNT/foo | _filter_xfs_io + + # Now add one hard link to our file. This made the btrfs code update the fsync + # log, in memory only, with an inode metadata having a size of 0. + ln $SCRATCH_MNT/foo $SCRATCH_MNT/foo_link + + # Now force persistence of the fsync log to disk, for example, by fsyncing some + # other file. + touch $SCRATCH_MNT/bar + $XFS_IO_PROG -c "fsync" $SCRATCH_MNT/bar + + # Before a power loss or crash, we could read the 4Kb of data from our file as + # expected. + echo "File content before:" + od -t x1 $SCRATCH_MNT/foo + + # Simulate a crash/power loss. + _load_flakey_table $FLAKEY_DROP_WRITES + _unmount_flakey + + _load_flakey_table $FLAKEY_ALLOW_WRITES + _mount_flakey + + # After the fsync log replay, because the fsync log had a value of 0 for our + # inode's i_size, we couldn't read anymore the 4Kb of data that we previously + # wrote and fsync'ed. The size of the file became 0 after the fsync log replay. + echo "File content after:" + od -t x1 $SCRATCH_MNT/foo + +Another alternative test, that doesn't need to fsync an inode in the same +transaction it was created, is: + + _scratch_mkfs >> $seqres.full 2>&1 + _init_flakey + _mount_flakey + + # Create our test file with some data. + $XFS_IO_PROG -f -c "pwrite -S 0xaa -b 8K 0 8K" \ + $SCRATCH_MNT/foo | _filter_xfs_io + + # Make sure the file is durably persisted. + sync + + # Append some data to our file, to increase its size. + $XFS_IO_PROG -f -c "pwrite -S 0xcc -b 4K 8K 4K" \ + $SCRATCH_MNT/foo | _filter_xfs_io + + # Fsync the file, so from this point on if a crash/power failure happens, our + # new data is guaranteed to be there next time the fs is mounted. + $XFS_IO_PROG -c "fsync" $SCRATCH_MNT/foo + + # Add one hard link to our file. This made btrfs write into the in memory fsync + # log a special inode with generation 0 and an i_size of 0 too. Note that this + # didn't update the inode in the fsync log on disk. + ln $SCRATCH_MNT/foo $SCRATCH_MNT/foo_link + + # Now make sure the in memory fsync log is durably persisted. + # Creating and fsync'ing another file will do it. + touch $SCRATCH_MNT/bar + $XFS_IO_PROG -c "fsync" $SCRATCH_MNT/bar + + # As expected, before the crash/power failure, we should be able to read the + # 12Kb of file data. + echo "File content before:" + od -t x1 $SCRATCH_MNT/foo + + # Simulate a crash/power loss. + _load_flakey_table $FLAKEY_DROP_WRITES + _unmount_flakey + + _load_flakey_table $FLAKEY_ALLOW_WRITES + _mount_flakey + + # After mounting the fs again, the fsync log was replayed. + # The btrfs fsync log replay code didn't update the i_size of the persisted + # inode because the inode item in the log had a special generation with a + # value of 0 (and it couldn't know the correct i_size, since that inode item + # had a 0 i_size too). This made the last 4Kb of file data inaccessible and + # effectively lost. + echo "File content after:" + od -t x1 $SCRATCH_MNT/foo + +This isn't a new issue/regression. This problem has been around since the +log tree code was added in 2008: + + Btrfs: Add a write ahead tree log to optimize synchronous operations + (commit e02119d5a7b4396c5a872582fddc8bd6d305a70a) + +Test cases for xfstests follow soon. + +Signed-off-by: Filipe Manana +Signed-off-by: Chris Mason + +--- + fs/btrfs/tree-log.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 73 insertions(+), 9 deletions(-) + +--- a/fs/btrfs/tree-log.c ++++ b/fs/btrfs/tree-log.c +@@ -489,8 +489,20 @@ insert: + src_item = (struct btrfs_inode_item *)src_ptr; + dst_item = (struct btrfs_inode_item *)dst_ptr; + +- if (btrfs_inode_generation(eb, src_item) == 0) ++ if (btrfs_inode_generation(eb, src_item) == 0) { ++ struct extent_buffer *dst_eb = path->nodes[0]; ++ ++ if (S_ISREG(btrfs_inode_mode(eb, src_item)) && ++ S_ISREG(btrfs_inode_mode(dst_eb, dst_item))) { ++ struct btrfs_map_token token; ++ u64 ino_size = btrfs_inode_size(eb, src_item); ++ ++ btrfs_init_map_token(&token); ++ btrfs_set_token_inode_size(dst_eb, dst_item, ++ ino_size, &token); ++ } + goto no_copy; ++ } + + if (overwrite_root && + S_ISDIR(btrfs_inode_mode(eb, src_item)) && +@@ -3241,7 +3253,8 @@ static int drop_objectid_items(struct bt + static void fill_inode_item(struct btrfs_trans_handle *trans, + struct extent_buffer *leaf, + struct btrfs_inode_item *item, +- struct inode *inode, int log_inode_only) ++ struct inode *inode, int log_inode_only, ++ u64 logged_isize) + { + struct btrfs_map_token token; + +@@ -3254,7 +3267,7 @@ static void fill_inode_item(struct btrfs + * to say 'update this inode with these values' + */ + btrfs_set_token_inode_generation(leaf, item, 0, &token); +- btrfs_set_token_inode_size(leaf, item, 0, &token); ++ btrfs_set_token_inode_size(leaf, item, logged_isize, &token); + } else { + btrfs_set_token_inode_generation(leaf, item, + BTRFS_I(inode)->generation, +@@ -3306,7 +3319,7 @@ static int log_inode_item(struct btrfs_t + return ret; + inode_item = btrfs_item_ptr(path->nodes[0], path->slots[0], + struct btrfs_inode_item); +- fill_inode_item(trans, path->nodes[0], inode_item, inode, 0); ++ fill_inode_item(trans, path->nodes[0], inode_item, inode, 0, 0); + btrfs_release_path(path); + return 0; + } +@@ -3315,7 +3328,8 @@ static noinline int copy_items(struct bt + struct inode *inode, + struct btrfs_path *dst_path, + struct btrfs_path *src_path, u64 *last_extent, +- int start_slot, int nr, int inode_only) ++ int start_slot, int nr, int inode_only, ++ u64 logged_isize) + { + unsigned long src_offset; + unsigned long dst_offset; +@@ -3372,7 +3386,8 @@ static noinline int copy_items(struct bt + dst_path->slots[0], + struct btrfs_inode_item); + fill_inode_item(trans, dst_path->nodes[0], inode_item, +- inode, inode_only == LOG_INODE_EXISTS); ++ inode, inode_only == LOG_INODE_EXISTS, ++ logged_isize); + } else { + copy_extent_buffer(dst_path->nodes[0], src, dst_offset, + src_offset, ins_sizes[i]); +@@ -3877,6 +3892,33 @@ process: + return ret; + } + ++static int logged_inode_size(struct btrfs_root *log, struct inode *inode, ++ struct btrfs_path *path, u64 *size_ret) ++{ ++ struct btrfs_key key; ++ int ret; ++ ++ key.objectid = btrfs_ino(inode); ++ key.type = BTRFS_INODE_ITEM_KEY; ++ key.offset = 0; ++ ++ ret = btrfs_search_slot(NULL, log, &key, path, 0, 0); ++ if (ret < 0) { ++ return ret; ++ } else if (ret > 0) { ++ *size_ret = i_size_read(inode); ++ } else { ++ struct btrfs_inode_item *item; ++ ++ item = btrfs_item_ptr(path->nodes[0], path->slots[0], ++ struct btrfs_inode_item); ++ *size_ret = btrfs_inode_size(path->nodes[0], item); ++ } ++ ++ btrfs_release_path(path); ++ return 0; ++} ++ + /* log a single inode in the tree log. + * At least one parent directory for this inode must exist in the tree + * or be logged already. +@@ -3913,6 +3955,7 @@ static int btrfs_log_inode(struct btrfs_ + bool fast_search = false; + u64 ino = btrfs_ino(inode); + struct extent_map_tree *em_tree = &BTRFS_I(inode)->extent_tree; ++ u64 logged_isize = 0; + + path = btrfs_alloc_path(); + if (!path) +@@ -3973,6 +4016,25 @@ static int btrfs_log_inode(struct btrfs_ + max_key_type = BTRFS_XATTR_ITEM_KEY; + ret = drop_objectid_items(trans, log, path, ino, max_key_type); + } else { ++ if (inode_only == LOG_INODE_EXISTS) { ++ /* ++ * Make sure the new inode item we write to the log has ++ * the same isize as the current one (if it exists). ++ * This is necessary to prevent data loss after log ++ * replay, and also to prevent doing a wrong expanding ++ * truncate - for e.g. create file, write 4K into offset ++ * 0, fsync, write 4K into offset 4096, add hard link, ++ * fsync some other file (to sync log), power fail - if ++ * we use the inode's current i_size, after log replay ++ * we get a 8Kb file, with the last 4Kb extent as a hole ++ * (zeroes), as if an expanding truncate happened, ++ * instead of getting a file of 4Kb only. ++ */ ++ err = logged_inode_size(log, inode, path, ++ &logged_isize); ++ if (err) ++ goto out_unlock; ++ } + if (test_and_clear_bit(BTRFS_INODE_NEEDS_FULL_SYNC, + &BTRFS_I(inode)->runtime_flags)) { + clear_bit(BTRFS_INODE_COPY_EVERYTHING, +@@ -4029,7 +4091,8 @@ again: + } + + ret = copy_items(trans, inode, dst_path, path, &last_extent, +- ins_start_slot, ins_nr, inode_only); ++ ins_start_slot, ins_nr, inode_only, ++ logged_isize); + if (ret < 0) { + err = ret; + goto out_unlock; +@@ -4052,7 +4115,7 @@ next_slot: + if (ins_nr) { + ret = copy_items(trans, inode, dst_path, path, + &last_extent, ins_start_slot, +- ins_nr, inode_only); ++ ins_nr, inode_only, logged_isize); + if (ret < 0) { + err = ret; + goto out_unlock; +@@ -4073,7 +4136,8 @@ next_slot: + } + if (ins_nr) { + ret = copy_items(trans, inode, dst_path, path, &last_extent, +- ins_start_slot, ins_nr, inode_only); ++ ins_start_slot, ins_nr, inode_only, ++ logged_isize); + if (ret < 0) { + err = ret; + goto out_unlock; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-fix-leak-of-path-in-btrfs_find_item.patch new/patches.suse/btrfs-fix-leak-of-path-in-btrfs_find_item.patch --- old/patches.suse/btrfs-fix-leak-of-path-in-btrfs_find_item.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/btrfs-fix-leak-of-path-in-btrfs_find_item.patch 2015-04-08 16:20:23.000000000 +0200 @@ -0,0 +1,109 @@ +From: David Sterba +Date: Fri, 2 Jan 2015 18:45:16 +0100 +Subject: btrfs: fix leak of path in btrfs_find_item +Git-commit: 381cf6587f8a8a8e981bc0c1aaaa8859b51dc756 +Patch-mainline: 4.0 + +If btrfs_find_item is called with NULL path it allocates one locally but +does not free it. Affected paths are inserting an orphan item for a file +and for a subvol root. + +Move the path allocation to the callers. + +Fixes: 3f870c289900 ("btrfs: expand btrfs_find_item() to include find_orphan_item functionality") +Signed-off-by: David Sterba + +--- + fs/btrfs/ctree.c | 17 ++++------------- + fs/btrfs/disk-io.c | 9 ++++++++- + fs/btrfs/tree-log.c | 11 ++++++++++- + 3 files changed, 22 insertions(+), 15 deletions(-) + +--- a/fs/btrfs/ctree.c ++++ b/fs/btrfs/ctree.c +@@ -2617,32 +2617,23 @@ static int key_search(struct extent_buff + return 0; + } + +-int btrfs_find_item(struct btrfs_root *fs_root, struct btrfs_path *found_path, ++int btrfs_find_item(struct btrfs_root *fs_root, struct btrfs_path *path, + u64 iobjectid, u64 ioff, u8 key_type, + struct btrfs_key *found_key) + { + int ret; + struct btrfs_key key; + struct extent_buffer *eb; +- struct btrfs_path *path; ++ ++ ASSERT(path); + + key.type = key_type; + key.objectid = iobjectid; + key.offset = ioff; + +- if (found_path == NULL) { +- path = btrfs_alloc_path(); +- if (!path) +- return -ENOMEM; +- } else +- path = found_path; +- + ret = btrfs_search_slot(NULL, fs_root, &key, path, 0, 0); +- if ((ret < 0) || (found_key == NULL)) { +- if (path != found_path) +- btrfs_free_path(path); ++ if ((ret < 0) || (found_key == NULL)) + return ret; +- } + + eb = path->nodes[0]; + if (ret && path->slots[0] >= btrfs_header_nritems(eb)) { +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -1627,6 +1627,7 @@ struct btrfs_root *btrfs_get_fs_root(str + bool check_ref) + { + struct btrfs_root *root; ++ struct btrfs_path *path; + int ret; + + if (location->objectid == BTRFS_ROOT_TREE_OBJECTID) +@@ -1666,8 +1667,14 @@ again: + if (ret) + goto fail; + +- ret = btrfs_find_item(fs_info->tree_root, NULL, BTRFS_ORPHAN_OBJECTID, ++ path = btrfs_alloc_path(); ++ if (!path) { ++ ret = -ENOMEM; ++ goto fail; ++ } ++ ret = btrfs_find_item(fs_info->tree_root, path, BTRFS_ORPHAN_OBJECTID, + location->objectid, BTRFS_ORPHAN_ITEM_KEY, NULL); ++ btrfs_free_path(path); + if (ret < 0) + goto fail; + if (ret == 0) +--- a/fs/btrfs/tree-log.c ++++ b/fs/btrfs/tree-log.c +@@ -1270,10 +1270,19 @@ static int insert_orphan_item(struct btr + struct btrfs_root *root, u64 offset) + { + int ret; +- ret = btrfs_find_item(root, NULL, BTRFS_ORPHAN_OBJECTID, ++ struct btrfs_path *path; ++ ++ path = btrfs_alloc_path(); ++ if (!path) ++ return -ENOMEM; ++ ++ ret = btrfs_find_item(root, path, BTRFS_ORPHAN_OBJECTID, + offset, BTRFS_ORPHAN_ITEM_KEY, NULL); + if (ret > 0) + ret = btrfs_insert_orphan_item(trans, root, offset); ++ ++ btrfs_free_path(path); ++ + return ret; + } + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-fix-lost-return-value-due-to-variable-shadowing.patch new/patches.suse/btrfs-fix-lost-return-value-due-to-variable-shadowing.patch --- old/patches.suse/btrfs-fix-lost-return-value-due-to-variable-shadowing.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/btrfs-fix-lost-return-value-due-to-variable-shadowing.patch 2015-04-08 16:20:23.000000000 +0200 @@ -0,0 +1,27 @@ +From: David Sterba +Date: Tue, 24 Feb 2015 18:57:18 +0100 +Subject: btrfs: fix lost return value due to variable shadowing +Git-commit: 1932b7be973b554ffe20a5bba6ffaed6fa995cdc +Patch-mainline: 4.0 + +A block-local variable stores error code but btrfs_get_blocks_direct may +not return it in the end as there's a ret defined in the function scope. + +Fixes: d187663ef24c ("Btrfs: lock extents as we map them in DIO") +Signed-off-by: David Sterba +Signed-off-by: Chris Mason + +--- + fs/btrfs/inode.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -7093,7 +7093,6 @@ static int btrfs_get_blocks_direct(struc + ((BTRFS_I(inode)->flags & BTRFS_INODE_NODATACOW) && + em->block_start != EXTENT_MAP_HOLE)) { + int type; +- int ret; + u64 block_start, orig_start, orig_block_len, ram_bytes; + + if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-make-sure-we-wait-on-logged-extents-when-fsycning-two-subvols.patch new/patches.suse/btrfs-make-sure-we-wait-on-logged-extents-when-fsycning-two-subvols.patch --- old/patches.suse/btrfs-make-sure-we-wait-on-logged-extents-when-fsycning-two-subvols.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/btrfs-make-sure-we-wait-on-logged-extents-when-fsycning-two-subvols.patch 2015-04-08 16:20:23.000000000 +0200 @@ -0,0 +1,34 @@ +From: Josef Bacik +Date: Thu, 6 Nov 2014 10:19:54 -0500 +Subject: Btrfs: make sure we wait on logged extents when fsycning two subvols +Git-commit: 9dba8cf128ef98257ca719722280c9634e7e9dc7 +Patch-mainline: 3.19 + +If we have two fsync()'s race on different subvols one will do all of its work +to get into the log_tree, wait on it's outstanding IO, and then allow the +log_tree to finish it's commit. The problem is we were just free'ing that +subvols logged extents instead of waiting on them, so whoever lost the race +wouldn't really have their data on disk. Fix this by waiting properly instead +of freeing the logged extents. Thanks, + +Signed-off-by: Josef Bacik +Signed-off-by: Chris Mason +Signed-off-by: David Sterba + +--- + fs/btrfs/tree-log.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/btrfs/tree-log.c ++++ b/fs/btrfs/tree-log.c +@@ -2651,9 +2651,9 @@ int btrfs_sync_log(struct btrfs_trans_ha + if (atomic_read(&log_root_tree->log_commit[index2])) { + blk_finish_plug(&plug); + btrfs_wait_marked_extents(log, &log->dirty_log_pages, mark); ++ btrfs_wait_logged_extents(log, log_transid); + wait_log_commit(trans, log_root_tree, + root_log_ctx.log_transid); +- btrfs_free_logged_extents(log, log_transid); + mutex_unlock(&log_root_tree->log_mutex); + ret = root_log_ctx.log_ret; + goto out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-set-proper-message-level-for-skinny-metadata.patch new/patches.suse/btrfs-set-proper-message-level-for-skinny-metadata.patch --- old/patches.suse/btrfs-set-proper-message-level-for-skinny-metadata.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/btrfs-set-proper-message-level-for-skinny-metadata.patch 2015-04-08 16:20:23.000000000 +0200 @@ -0,0 +1,27 @@ +From: David Sterba +Date: Fri, 19 Dec 2014 18:38:47 +0100 +Subject: btrfs: set proper message level for skinny metadata +Git-commit: 5efa0490cc94aee06cd8d282683e22a8ce0a0026 +Patch-mainline: 4.0 + +This has been confusing people for too long, the message is really just +informative. + +Signed-off-by: David Sterba +Signed-off-by: Chris Mason + +--- + fs/btrfs/disk-io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -2499,7 +2499,7 @@ int open_ctree(struct super_block *sb, + features |= BTRFS_FEATURE_INCOMPAT_COMPRESS_LZO; + + if (features & BTRFS_FEATURE_INCOMPAT_SKINNY_METADATA) +- printk(KERN_ERR "BTRFS: has skinny extents\n"); ++ printk(KERN_INFO "BTRFS: has skinny extents\n"); + + /* + * flag our filesystem as having big metadata blocks if diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-simplify-insert_orphan_item.patch new/patches.suse/btrfs-simplify-insert_orphan_item.patch --- old/patches.suse/btrfs-simplify-insert_orphan_item.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/btrfs-simplify-insert_orphan_item.patch 2015-04-08 16:20:23.000000000 +0200 @@ -0,0 +1,46 @@ +From: David Sterba +Date: Fri, 2 Jan 2015 19:12:57 +0100 +Subject: [PATCH 13/97] btrfs: simplify insert_orphan_item +References: boo#926385 +Git-commit: 9c4f61f01d269815bb7c37be3ede59c5587747c6 +Patch-mainline: 4.0 + +We can search and add the orphan item in one go, +btrfs_insert_orphan_item will find out if the item already exists. + +[Bug introduced in 3.19.1 stable, depends on +381cf6587f8a8a8e981bc0c1aaaa8859b51dc756 ] + +Signed-off-by: David Sterba +--- + fs/btrfs/tree-log.c | 16 ++++------------ + 1 file changed, 4 insertions(+), 12 deletions(-) + +--- a/fs/btrfs/tree-log.c ++++ b/fs/btrfs/tree-log.c +@@ -1267,21 +1267,13 @@ out: + } + + static int insert_orphan_item(struct btrfs_trans_handle *trans, +- struct btrfs_root *root, u64 offset) ++ struct btrfs_root *root, u64 ino) + { + int ret; +- struct btrfs_path *path; + +- path = btrfs_alloc_path(); +- if (!path) +- return -ENOMEM; +- +- ret = btrfs_find_item(root, path, BTRFS_ORPHAN_OBJECTID, +- offset, BTRFS_ORPHAN_ITEM_KEY, NULL); +- if (ret > 0) +- ret = btrfs_insert_orphan_item(trans, root, offset); +- +- btrfs_free_path(path); ++ ret = btrfs_insert_orphan_item(trans, root, ino); ++ if (ret == -EEXIST) ++ ret = 0; + + return ret; + } ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.XMEq6X/_old 2015-04-22 13:19:53.000000000 +0200 +++ /var/tmp/diff_new_pack.XMEq6X/_new 2015-04-22 13:19:53.000000000 +0200 @@ -134,9 +134,12 @@ # bsc#917839, CVE-2015-1593 patches.fixes/x86-mm-aslr-fix-stack-randomization-on-64-bit-systems.patch - # bsc#922944 + # bsc#922944, CVE-2015-2666 patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch + # bsc#926240, CVE-2015-2830 + patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch + ######################################################## # x86 MCE/MCA (Machine Check Error/Architecture) extensions ######################################################## @@ -234,6 +237,8 @@ patches.arch/arm64-0037-drivers-net-fddi-skfp-h-skfbi.h-Remove-useless-PCI_B.patch patches.arch/arm64-0038-arm64-mustang-Disable-sgenet-and-xgenet.patch patches.arch/arm64-0039-generic-pci.patch + patches.arch/arm64-Enable-CONFIG_COMPAT-also-for-64k-page-size.patch + patches.arch/arm64-fix-mmap2-compat-syscall.patch ######################################################## # S/390 @@ -251,6 +256,7 @@ # fix deadlock in dentry tree traversal (bnc#903640) patches.fixes/move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch + patches.fixes/kabi-fix-for-move-d_rcu.patch patches.fixes/deal-with-deadlock-in-d_walk.patch # @@ -309,6 +315,7 @@ patches.fixes/net-sctp-fix-panic-on-duplicate-ASCONF-chunks.patch patches.fixes/net-sctp-fix-remote-memory-pressure-from-excessive-q.patch patches.fixes/net-sctp-fix-slab-corruption-from-use-after-free-on-INIT.patch + patches.fixes/net-rds-use-correct-size-for-max-unacked-packets-and.patch ######################################################## # NFS @@ -345,6 +352,8 @@ patches.fixes/ext4-limit-number-of-scanned-extents-in-status-tree.patch patches.fixes/ext4-cleanup-flag-definitions-for-extent-status-tre.patch patches.fixes/ext4-introduce-aging-to-extent-status-tree.patch + patches.fixes/ext4-fix-ZERO_RANGE-bug-hidden-by-flag-aliasing.patch + patches.fixes/ext4-allocate-entire-range-in-zero-range.patch ######################################################## # btrfs @@ -396,6 +405,18 @@ patches.suse/btrfs-0057-fix-fsync-log-replay-for-inodes-with-a-mix-of-.patch patches.suse/btrfs-0058-fix-setup_leaf_for_split-to-avoid-leaf-corrupt.patch patches.suse/btrfs-0059-fix-scrub-race-leading-to-use-after-free.patch + patches.fixes/btrfs-fix-inode-eviction-infinite-loop-after-cloning.patch + patches.suse/btrfs-__add_inode_ref-out-of-bounds-memory-read-when-looking-for-extended-ref.patch + patches.suse/btrfs-do-not-move-em-to-modified-list-when-unpinning.patch + patches.suse/btrfs-don-t-delay-inode-ref-updates-during-log-replay.patch + patches.suse/btrfs-fix-data-loss-in-the-fast-fsync-path.patch + patches.suse/btrfs-fix-fs-corruption-on-transaction-abort-if-device-supports-discard.patch + patches.suse/btrfs-fix-fsync-data-loss-after-adding-hard-link-to-inode.patch + patches.suse/btrfs-fix-leak-of-path-in-btrfs_find_item.patch + patches.suse/btrfs-fix-lost-return-value-due-to-variable-shadowing.patch + patches.suse/btrfs-make-sure-we-wait-on-logged-extents-when-fsycning-two-subvols.patch + patches.suse/btrfs-set-proper-message-level-for-skinny-metadata.patch + patches.suse/btrfs-simplify-insert_orphan_item.patch ######################################################## # Reiserfs Patches @@ -435,6 +456,9 @@ # bsc#907988 libvirt containers with user namespaces can't start patches.suse/0001-mnt-Implicitly-add-MNT_NODEV-on-remount-when-it-was-.patch + # bsc#918333, CVE-2014-9683 + patches.fixes/ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode-routine.patch + ######################################################## # Overlayfs ######################################################## @@ -609,6 +633,7 @@ patches.drivers/Input-synaptics-add-min-max-quirk-for-Lenovo-T440s patches.drivers/Input-synaptics-gate-forcepad-support-by-DMI-check patches.fixes/input-evdev-fix-EVIOCG-type-ioctl.patch + patches.drivers/0001-Input-xpad-use-proper-endpoint-type.patch ########################################################## # Sound @@ -708,6 +733,8 @@ # md ######################################################## + patches.fixes/0001-md-don-t-require-sync_min-to-be-a-multiple-of-chunk_.patch + ########################################################## # # Security stuff ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.XMEq6X/_old 2015-04-22 13:19:53.000000000 +0200 +++ /var/tmp/diff_new_pack.XMEq6X/_new 2015-04-22 13:19:53.000000000 +0200 @@ -1,3 +1,3 @@ -2015-03-18 18:31:15 +0100 -GIT Revision: ba2afaba88645e6b75094d510bdf9ad00937b0ff +2015-04-14 09:11:37 +0200 +GIT Revision: 93c1539cb66bb767ff80a01d467cd6c4c3297366 GIT Branch: openSUSE-13.2