Files
kernel/fs/jffs2
Greg Kroah-Hartman 464464ac47 Merge 4.19.226 into android-4.19-stable
Changes in 4.19.226
	Bluetooth: bfusb: fix division by zero in send path
	USB: core: Fix bug in resuming hub's handling of wakeup requests
	USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
	can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet
	veth: Do not record rx queue hint in veth_xmit
	mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
	can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
	can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
	random: fix data race on crng_node_pool
	random: fix data race on crng init time
	staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
	drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
	kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test
	orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
	KVM: s390: Clarify SIGP orders versus STOP/RESTART
	media: uvcvideo: fix division by zero at stream start
	rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
	firmware: qemu_fw_cfg: fix sysfs information leak
	firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
	firmware: qemu_fw_cfg: fix kobject leak in probe error path
	ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows
	HID: uhid: Fix worker destroying device without any protection
	HID: wacom: Reset expected and received contact counts at the same time
	HID: wacom: Ignore the confidence flag when a touch is removed
	HID: wacom: Avoid using stale array indicies to read contact count
	f2fs: fix to do sanity check in is_alive()
	nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
	mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
	x86/gpu: Reserve stolen memory for first integrated Intel GPU
	rtc: cmos: take rtc_lock while reading from CMOS
	media: flexcop-usb: fix control-message timeouts
	media: mceusb: fix control-message timeouts
	media: em28xx: fix control-message timeouts
	media: cpia2: fix control-message timeouts
	media: s2255: fix control-message timeouts
	media: dib0700: fix undefined behavior in tuner shutdown
	media: redrat3: fix control-message timeouts
	media: pvrusb2: fix control-message timeouts
	media: stk1160: fix control-message timeouts
	can: softing_cs: softingcs_probe(): fix memleak on registration failure
	lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
	PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
	shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
	drm/panel: innolux-p079zca: Delete panel on attach() failure
	Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
	clk: bcm-2835: Pick the closest clock rate
	clk: bcm-2835: Remove rounding up the dividers
	wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
	wcn36xx: Release DMA channel descriptor allocations
	media: videobuf2: Fix the size printk format
	media: em28xx: fix memory leak in em28xx_init_dev
	arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
	Bluetooth: stop proccessing malicious adv data
	tee: fix put order in teedev_close_context()
	media: dmxdev: fix UAF when dvb_register_device() fails
	crypto: qce - fix uaf on qce_ahash_register_one
	tty: serial: atmel: Check return code of dmaengine_submit()
	tty: serial: atmel: Call dma_async_issue_pending()
	media: rcar-csi2: Correct the selection of hsfreqrange
	media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
	media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
	netfilter: bridge: add support for pppoe filtering
	arm64: dts: qcom: msm8916: fix MMC controller aliases
	drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
	drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
	tty: serial: uartlite: allow 64 bit address
	serial: amba-pl011: do not request memory region twice
	floppy: Fix hang in watchdog when disk is ejected
	media: dib8000: Fix a memleak in dib8000_init()
	media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
	media: si2157: Fix "warm" tuner state detection
	sched/rt: Try to restart rt period timer when rt runtime exceeded
	xfrm: fix a small bug in xfrm_sa_len()
	crypto: stm32/cryp - fix double pm exit
	media: dw2102: Fix use after free
	media: msi001: fix possible null-ptr-deref in msi001_probe()
	media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
	drm/msm/dpu: fix safe status debugfs file
	xfrm: interface with if_id 0 should return error
	xfrm: state and policy should fail if XFRMA_IF_ID 0
	usb: ftdi-elan: fix memory leak on device disconnect
	ARM: dts: armada-38x: Add generic compatible to UART nodes
	mmc: meson-mx-sdio: add IRQ check
	x86/mce/inject: Avoid out-of-bounds write when setting flags
	pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
	pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
	netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
	ppp: ensure minimum packet size in ppp_write()
	staging: greybus: audio: Check null pointer
	fsl/fman: Check for null pointer after calling devm_ioremap
	Bluetooth: hci_bcm: Check for error irq
	spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
	tpm: add request_locality before write TPM_INT_ENABLE
	can: softing: softing_startstop(): fix set but not used variable warning
	can: xilinx_can: xcan_probe(): check for error irq
	pcmcia: fix setting of kthread task states
	net: mcs7830: handle usb read errors properly
	ext4: avoid trim error on fs with small groups
	ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
	ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
	ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
	RDMA/hns: Validate the pkey index
	powerpc/prom_init: Fix improper check of prom_getprop()
	ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
	ALSA: oss: fix compile error when OSS_DEBUG is enabled
	char/mwave: Adjust io port register size
	iommu/io-pgtable-arm: Fix table descriptor paddr formatting
	scsi: ufs: Fix race conditions related to driver data
	RDMA/core: Let ib_find_gid() continue search even after empty entry
	ASoC: rt5663: Handle device_property_read_u32_array error codes
	dmaengine: pxa/mmp: stop referencing config->slave_id
	iommu/iova: Fix race between FQ timeout and teardown
	ASoC: mediatek: Check for error clk pointer
	ASoC: samsung: idma: Check of ioremap return value
	misc: lattice-ecp3-config: Fix task hung when firmware load failed
	mips: lantiq: add support for clk_set_parent()
	mips: bcm63xx: add support for clk_set_parent()
	RDMA/cxgb4: Set queue pair state when being queried
	Bluetooth: Fix debugfs entry leak in hci_register_dev()
	fs: dlm: filter user dlm messages for kernel locks
	ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
	drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
	usb: gadget: f_fs: Use stream_open() for endpoint files
	HID: apple: Do not reset quirks when the Fn key is not found
	media: b2c2: Add missing check in flexcop_pci_isr:
	mlxsw: pci: Add shutdown method in PCI driver
	drm/bridge: megachips: Ensure both bridges are probed before registration
	gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
	HSI: core: Fix return freed object in hsi_new_client
	mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
	rsi: Fix out-of-bounds read in rsi_read_pkt()
	usb: uhci: add aspeed ast2600 uhci support
	floppy: Add max size check for user space request
	media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
	media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
	media: m920x: don't use stack on USB reads
	iwlwifi: mvm: synchronize with FW after multicast commands
	ath10k: Fix tx hanging
	net-sysfs: update the queue counts in the unregistration path
	x86/mce: Mark mce_panic() noinstr
	x86/mce: Mark mce_end() noinstr
	x86/mce: Mark mce_read_aux() noinstr
	net: bonding: debug: avoid printing debug logs when bond is not notifying peers
	bpf: Do not WARN in bpf_warn_invalid_xdp_action()
	HID: quirks: Allow inverting the absolute X/Y values
	media: igorplugusb: receiver overflow should be reported
	media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
	mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
	audit: ensure userspace is penalized the same as the kernel when under pressure
	arm64: tegra: Adjust length of CCPLEX cluster MMIO region
	usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
	ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
	iwlwifi: fix leaks/bad data after failed firmware load
	iwlwifi: remove module loading failure message
	iwlwifi: mvm: Fix calculation of frame length
	um: registers: Rename function names to avoid conflicts and build problems
	jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
	ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
	ACPICA: Utilities: Avoid deleting the same object twice in a row
	ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
	ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
	drm/amdgpu: fixup bad vram size on gmc v8
	ACPI: battery: Add the ThinkPad "Not Charging" quirk
	btrfs: remove BUG_ON() in find_parent_nodes()
	btrfs: remove BUG_ON(!eie) in find_parent_nodes
	net: mdio: Demote probed message to debug print
	mac80211: allow non-standard VHT MCS-10/11
	dm btree: add a defensive bounds check to insert_at()
	dm space map common: add bounds check to sm_ll_lookup_bitmap()
	net: phy: marvell: configure RGMII delays for 88E1118
	net: gemini: allow any RGMII interface mode
	regulator: qcom_smd: Align probe function with rpmh-regulator
	serial: pl010: Drop CR register reset on set_termios
	serial: core: Keep mctrl register state and cached copy in sync
	parisc: Avoid calling faulthandler_disabled() twice
	powerpc/6xx: add missing of_node_put
	powerpc/powernv: add missing of_node_put
	powerpc/cell: add missing of_node_put
	powerpc/btext: add missing of_node_put
	powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
	i2c: i801: Don't silently correct invalid transfer size
	powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
	i2c: mpc: Correct I2C reset procedure
	w1: Misuse of get_user()/put_user() reported by sparse
	ALSA: seq: Set upper limit of processed events
	powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
	MIPS: OCTEON: add put_device() after of_find_device_by_node()
	i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
	MIPS: Octeon: Fix build errors using clang
	scsi: sr: Don't use GFP_DMA
	ASoC: mediatek: mt8173: fix device_node leak
	power: bq25890: Enable continuous conversion for ADC at charging
	rpmsg: core: Clean up resources on announce_create failure.
	ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
	serial: Fix incorrect rs485 polarity on uart open
	cputime, cpuacct: Include guest time in user time in cpuacct.stat
	iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
	s390/mm: fix 2KB pgtable release race
	drm/etnaviv: limit submit sizes
	ext4: make sure to reset inode lockdep class when quota enabling fails
	ext4: make sure quota gets properly shutdown on error
	ext4: set csum seed in tmp inode while migrating to extents
	ext4: Fix BUG_ON in ext4_bread when write quota data
	ext4: don't use the orphan list when migrating an inode
	crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
	ASoC: dpcm: prevent snd_soc_dpcm use after free
	regulator: core: Let boot-on regulators be powered off
	drm/radeon: fix error handling in radeon_driver_open_kms
	ARM: dts: Fix vcsi regulator to be always-on for droid4 to prevent hangs
	firmware: Update Kconfig help text for Google firmware
	media: rcar-csi2: Optimize the selection PHTW register
	Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
	RDMA/hns: Modify the mapping attribute of doorbell to device
	RDMA/rxe: Fix a typo in opcode name
	dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
	powerpc/cell: Fix clang -Wimplicit-fallthrough warning
	powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
	net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
	parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
	af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
	net: axienet: Wait for PhyRstCmplt after core reset
	net: axienet: fix number of TX ring slots for available check
	rtc: pxa: fix null pointer dereference
	netns: add schedule point in ops_exit_list()
	libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
	dmaengine: at_xdmac: Don't start transactions at tx_submit level
	dmaengine: at_xdmac: Print debug message after realeasing the lock
	dmaengine: at_xdmac: Fix lld view setting
	dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
	net_sched: restore "mpu xxx" handling
	bcmgenet: add WOL IRQ check
	scripts/dtc: dtx_diff: remove broken example from help text
	lib82596: Fix IRQ check in sni_82596_probe
	mtd: nand: bbt: Fix corner case in bad block table handling
	mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue
	fuse: fix bad inode
	fuse: fix live lock in fuse_iget()
	Linux 4.19.226

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie7599317fe668c46e0ceca652b4172ad2ce6533d
2022-02-01 10:03:27 +01:00
..
2022-02-01 10:03:27 +01:00

	JFFS2 LOCKING DOCUMENTATION
	---------------------------

This document attempts to describe the existing locking rules for
JFFS2. It is not expected to remain perfectly up to date, but ought to
be fairly close.


	alloc_sem
	---------

The alloc_sem is a per-filesystem mutex, used primarily to ensure
contiguous allocation of space on the medium. It is automatically
obtained during space allocations (jffs2_reserve_space()) and freed
upon write completion (jffs2_complete_reservation()). Note that
the garbage collector will obtain this right at the beginning of
jffs2_garbage_collect_pass() and release it at the end, thereby
preventing any other write activity on the file system during a
garbage collect pass.

When writing new nodes, the alloc_sem must be held until the new nodes
have been properly linked into the data structures for the inode to
which they belong. This is for the benefit of NAND flash - adding new
nodes to an inode may obsolete old ones, and by holding the alloc_sem
until this happens we ensure that any data in the write-buffer at the
time this happens are part of the new node, not just something that
was written afterwards. Hence, we can ensure the newly-obsoleted nodes
don't actually get erased until the write-buffer has been flushed to
the medium.

With the introduction of NAND flash support and the write-buffer, 
the alloc_sem is also used to protect the wbuf-related members of the
jffs2_sb_info structure. Atomically reading the wbuf_len member to see
if the wbuf is currently holding any data is permitted, though.

Ordering constraints: See f->sem.


	File Mutex f->sem
	---------------------

This is the JFFS2-internal equivalent of the inode mutex i->i_sem.
It protects the contents of the jffs2_inode_info private inode data,
including the linked list of node fragments (but see the notes below on
erase_completion_lock), etc.

The reason that the i_sem itself isn't used for this purpose is to
avoid deadlocks with garbage collection -- the VFS will lock the i_sem
before calling a function which may need to allocate space. The
allocation may trigger garbage-collection, which may need to move a
node belonging to the inode which was locked in the first place by the
VFS. If the garbage collection code were to attempt to lock the i_sem
of the inode from which it's garbage-collecting a physical node, this
lead to deadlock, unless we played games with unlocking the i_sem
before calling the space allocation functions.

Instead of playing such games, we just have an extra internal
mutex, which is obtained by the garbage collection code and also
by the normal file system code _after_ allocation of space.

Ordering constraints: 

	1. Never attempt to allocate space or lock alloc_sem with 
	   any f->sem held.
	2. Never attempt to lock two file mutexes in one thread.
	   No ordering rules have been made for doing so.
	3. Never lock a page cache page with f->sem held.


	erase_completion_lock spinlock
	------------------------------

This is used to serialise access to the eraseblock lists, to the
per-eraseblock lists of physical jffs2_raw_node_ref structures, and
(NB) the per-inode list of physical nodes. The latter is a special
case - see below.

As the MTD API no longer permits erase-completion callback functions
to be called from bottom-half (timer) context (on the basis that nobody
ever actually implemented such a thing), it's now sufficient to use
a simple spin_lock() rather than spin_lock_bh().

Note that the per-inode list of physical nodes (f->nodes) is a special
case. Any changes to _valid_ nodes (i.e. ->flash_offset & 1 == 0) in
the list are protected by the file mutex f->sem. But the erase code
may remove _obsolete_ nodes from the list while holding only the
erase_completion_lock. So you can walk the list only while holding the
erase_completion_lock, and can drop the lock temporarily mid-walk as
long as the pointer you're holding is to a _valid_ node, not an
obsolete one.

The erase_completion_lock is also used to protect the c->gc_task
pointer when the garbage collection thread exits. The code to kill the
GC thread locks it, sends the signal, then unlocks it - while the GC
thread itself locks it, zeroes c->gc_task, then unlocks on the exit path.


	inocache_lock spinlock
	----------------------

This spinlock protects the hashed list (c->inocache_list) of the
in-core jffs2_inode_cache objects (each inode in JFFS2 has the
correspondent jffs2_inode_cache object). So, the inocache_lock
has to be locked while walking the c->inocache_list hash buckets.

This spinlock also covers allocation of new inode numbers, which is
currently just '++->highest_ino++', but might one day get more complicated
if we need to deal with wrapping after 4 milliard inode numbers are used.

Note, the f->sem guarantees that the correspondent jffs2_inode_cache
will not be removed. So, it is allowed to access it without locking
the inocache_lock spinlock. 

Ordering constraints: 

	If both erase_completion_lock and inocache_lock are needed, the
	c->erase_completion has to be acquired first.


	erase_free_sem
	--------------

This mutex is only used by the erase code which frees obsolete node
references and the jffs2_garbage_collect_deletion_dirent() function.
The latter function on NAND flash must read _obsolete_ nodes to
determine whether the 'deletion dirent' under consideration can be
discarded or whether it is still required to show that an inode has
been unlinked. Because reading from the flash may sleep, the
erase_completion_lock cannot be held, so an alternative, more
heavyweight lock was required to prevent the erase code from freeing
the jffs2_raw_node_ref structures in question while the garbage
collection code is looking at them.

Suggestions for alternative solutions to this problem would be welcomed.


	wbuf_sem
	--------

This read/write semaphore protects against concurrent access to the
write-behind buffer ('wbuf') used for flash chips where we must write
in blocks. It protects both the contents of the wbuf and the metadata
which indicates which flash region (if any) is currently covered by 
the buffer.

Ordering constraints:
	Lock wbuf_sem last, after the alloc_sem or and f->sem.


	c->xattr_sem
	------------

This read/write semaphore protects against concurrent access to the
xattr related objects which include stuff in superblock and ic->xref.
In read-only path, write-semaphore is too much exclusion. It's enough
by read-semaphore. But you must hold write-semaphore when updating,
creating or deleting any xattr related object.

Once xattr_sem released, there would be no assurance for the existence
of those objects. Thus, a series of processes is often required to retry,
when updating such a object is necessary under holding read semaphore.
For example, do_jffs2_getxattr() holds read-semaphore to scan xref and
xdatum at first. But it retries this process with holding write-semaphore
after release read-semaphore, if it's necessary to load name/value pair
from medium.

Ordering constraints:
	Lock xattr_sem last, after the alloc_sem.