From: Luis Henriques <luis.henriques@canonical.com>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
kernel-team@lists.ubuntu.com
Cc: Filipe Manana <fdmanana@suse.com>,
Luis Henriques <luis.henriques@canonical.com>
Subject: [PATCH 3.16.y-ckt 028/126] Btrfs: fix truncation of compressed and inlined extents
Date: Wed, 9 Dec 2015 09:36:38 +0000 [thread overview]
Message-ID: <1449653896-5236-29-git-send-email-luis.henriques@canonical.com> (raw)
In-Reply-To: <1449653896-5236-1-git-send-email-luis.henriques@canonical.com>
3.16.7-ckt21 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 0305cd5f7fca85dae392b9ba85b116896eb7c1c7 upstream.
When truncating a file to a smaller size which consists of an inline
extent that is compressed, we did not discard (or made unusable) the
data between the new file size and the old file size, wasting metadata
space and allowing for the truncated data to be leaked and the data
corruption/loss mentioned below.
We were also not correctly decrementing the number of bytes used by the
inode, we were setting it to zero, giving a wrong report for callers of
the stat(2) syscall. The fsck tool also reported an error about a mismatch
between the nbytes of the file versus the real space used by the file.
Now because we weren't discarding the truncated region of the file, it
was possible for a caller of the clone ioctl to actually read the data
that was truncated, allowing for a security breach without requiring root
access to the system, using only standard filesystem operations. The
scenario is the following:
1) User A creates a file which consists of an inline and compressed
extent with a size of 2000 bytes - the file is not accessible to
any other users (no read, write or execution permission for anyone
else);
2) The user truncates the file to a size of 1000 bytes;
3) User A makes the file world readable;
4) User B creates a file consisting of an inline extent of 2000 bytes;
5) User B issues a clone operation from user A's file into its own
file (using a length argument of 0, clone the whole range);
6) User B now gets to see the 1000 bytes that user A truncated from
its file before it made its file world readbale. User B also lost
the bytes in the range [1000, 2000[ bytes from its own file, but
that might be ok if his/her intention was reading stale data from
user A that was never supposed to be public.
Note that this contrasts with the case where we truncate a file from 2000
bytes to 1000 bytes and then truncate it back from 1000 to 2000 bytes. In
this case reading any byte from the range [1000, 2000[ will return a value
of 0x00, instead of the original data.
This problem exists since the clone ioctl was added and happens both with
and without my recent data loss and file corruption fixes for the clone
ioctl (patch "Btrfs: fix file corruption and data loss after cloning
inline extents").
So fix this by truncating the compressed inline extents as we do for the
non-compressed case, which involves decompressing, if the data isn't already
in the page cache, compressing the truncated version of the extent, writing
the compressed content into the inline extent and then truncate it.
The following test case for fstests reproduces the problem. In order for
the test to pass both this fix and my previous fix for the clone ioctl
that forbids cloning a smaller inline extent into a larger one,
which is titled "Btrfs: fix file corruption and data loss after cloning
inline extents", are needed. Without that other fix the test fails in a
different way that does not leak the truncated data, instead part of
destination file gets replaced with zeroes (because the destination file
has a larger inline extent than the source).
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
. ./common/filter
# real QA test starts here
_need_to_be_root
_supported_fs btrfs
_supported_os Linux
_require_scratch
_require_cloner
rm -f $seqres.full
_scratch_mkfs >>$seqres.full 2>&1
_scratch_mount "-o compress"
# Create our test files. File foo is going to be the source of a clone operation
# and consists of a single inline extent with an uncompressed size of 512 bytes,
# while file bar consists of a single inline extent with an uncompressed size of
# 256 bytes. For our test's purpose, it's important that file bar has an inline
# extent with a size smaller than foo's inline extent.
$XFS_IO_PROG -f -c "pwrite -S 0xa1 0 128" \
-c "pwrite -S 0x2a 128 384" \
$SCRATCH_MNT/foo | _filter_xfs_io
$XFS_IO_PROG -f -c "pwrite -S 0xbb 0 256" $SCRATCH_MNT/bar | _filter_xfs_io
# Now durably persist all metadata and data. We do this to make sure that we get
# on disk an inline extent with a size of 512 bytes for file foo.
sync
# Now truncate our file foo to a smaller size. Because it consists of a
# compressed and inline extent, btrfs did not shrink the inline extent to the
# new size (if the extent was not compressed, btrfs would shrink it to 128
# bytes), it only updates the inode's i_size to 128 bytes.
$XFS_IO_PROG -c "truncate 128" $SCRATCH_MNT/foo
# Now clone foo's inline extent into bar.
# This clone operation should fail with errno EOPNOTSUPP because the source
# file consists only of an inline extent and the file's size is smaller than
# the inline extent of the destination (128 bytes < 256 bytes). However the
# clone ioctl was not prepared to deal with a file that has a size smaller
# than the size of its inline extent (something that happens only for compressed
# inline extents), resulting in copying the full inline extent from the source
# file into the destination file.
#
# Note that btrfs' clone operation for inline extents consists of removing the
# inline extent from the destination inode and copy the inline extent from the
# source inode into the destination inode, meaning that if the destination
# inode's inline extent is larger (N bytes) than the source inode's inline
# extent (M bytes), some bytes (N - M bytes) will be lost from the destination
# file. Btrfs could copy the source inline extent's data into the destination's
# inline extent so that we would not lose any data, but that's currently not
# done due to the complexity that would be needed to deal with such cases
# (specially when one or both extents are compressed), returning EOPNOTSUPP, as
# it's normally not a very common case to clone very small files (only case
# where we get inline extents) and copying inline extents does not save any
# space (unlike for normal, non-inlined extents).
$CLONER_PROG -s 0 -d 0 -l 0 $SCRATCH_MNT/foo $SCRATCH_MNT/bar
# Now because the above clone operation used to succeed, and due to foo's inline
# extent not being shinked by the truncate operation, our file bar got the whole
# inline extent copied from foo, making us lose the last 128 bytes from bar
# which got replaced by the bytes in range [128, 256[ from foo before foo was
# truncated - in other words, data loss from bar and being able to read old and
# stale data from foo that should not be possible to read anymore through normal
# filesystem operations. Contrast with the case where we truncate a file from a
# size N to a smaller size M, truncate it back to size N and then read the range
# [M, N[, we should always get the value 0x00 for all the bytes in that range.
# We expected the clone operation to fail with errno EOPNOTSUPP and therefore
# not modify our file's bar data/metadata. So its content should be 256 bytes
# long with all bytes having the value 0xbb.
#
# Without the btrfs bug fix, the clone operation succeeded and resulted in
# leaking truncated data from foo, the bytes that belonged to its range
# [128, 256[, and losing data from bar in that same range. So reading the
# file gave us the following content:
#
# 0000000 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1
# *
# 0000200 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
# *
# 0000400
echo "File bar's content after the clone operation:"
od -t x1 $SCRATCH_MNT/bar
# Also because the foo's inline extent was not shrunk by the truncate
# operation, btrfs' fsck, which is run by the fstests framework everytime a
# test completes, failed reporting the following error:
#
# root 5 inode 257 errors 400, nbytes wrong
status=0
exit
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
fs/btrfs/inode.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 68 insertions(+), 14 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 89c876aabe24..af4bb28c9ba5 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -3993,6 +3993,47 @@ out:
return err;
}
+static int truncate_inline_extent(struct inode *inode,
+ struct btrfs_path *path,
+ struct btrfs_key *found_key,
+ const u64 item_end,
+ const u64 new_size)
+{
+ struct extent_buffer *leaf = path->nodes[0];
+ int slot = path->slots[0];
+ struct btrfs_file_extent_item *fi;
+ u32 size = (u32)(new_size - found_key->offset);
+ struct btrfs_root *root = BTRFS_I(inode)->root;
+
+ fi = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item);
+
+ if (btrfs_file_extent_compression(leaf, fi) != BTRFS_COMPRESS_NONE) {
+ loff_t offset = new_size;
+ loff_t page_end = ALIGN(offset, PAGE_CACHE_SIZE);
+
+ /*
+ * Zero out the remaining of the last page of our inline extent,
+ * instead of directly truncating our inline extent here - that
+ * would be much more complex (decompressing all the data, then
+ * compressing the truncated data, which might be bigger than
+ * the size of the inline extent, resize the extent, etc).
+ * We release the path because to get the page we might need to
+ * read the extent item from disk (data not in the page cache).
+ */
+ btrfs_release_path(path);
+ return btrfs_truncate_page(inode, offset, page_end - offset, 0);
+ }
+
+ btrfs_set_file_extent_ram_bytes(leaf, fi, size);
+ size = btrfs_file_extent_calc_inline_size(size);
+ btrfs_truncate_item(root, path, size, 1);
+
+ if (test_bit(BTRFS_ROOT_REF_COWS, &root->state))
+ inode_sub_bytes(inode, item_end + 1 - new_size);
+
+ return 0;
+}
+
/*
* this can truncate away extent items, csum items and directory items.
* It starts at a high offset and removes keys until it can't find
@@ -4162,27 +4203,40 @@ search_again:
* special encodings
*/
if (!del_item &&
- btrfs_file_extent_compression(leaf, fi) == 0 &&
btrfs_file_extent_encryption(leaf, fi) == 0 &&
btrfs_file_extent_other_encoding(leaf, fi) == 0) {
- u32 size = new_size - found_key.offset;
-
- if (test_bit(BTRFS_ROOT_REF_COWS, &root->state))
- inode_sub_bytes(inode, item_end + 1 -
- new_size);
/*
- * update the ram bytes to properly reflect
- * the new size of our item
+ * Need to release path in order to truncate a
+ * compressed extent. So delete any accumulated
+ * extent items so far.
*/
- btrfs_set_file_extent_ram_bytes(leaf, fi, size);
- size =
- btrfs_file_extent_calc_inline_size(size);
- btrfs_truncate_item(root, path, size, 1);
+ if (btrfs_file_extent_compression(leaf, fi) !=
+ BTRFS_COMPRESS_NONE && pending_del_nr) {
+ err = btrfs_del_items(trans, root, path,
+ pending_del_slot,
+ pending_del_nr);
+ if (err) {
+ btrfs_abort_transaction(trans,
+ root,
+ err);
+ goto error;
+ }
+ pending_del_nr = 0;
+ }
+
+ err = truncate_inline_extent(inode, path,
+ &found_key,
+ item_end,
+ new_size);
+ if (err) {
+ btrfs_abort_transaction(trans,
+ root, err);
+ goto error;
+ }
} else if (test_bit(BTRFS_ROOT_REF_COWS,
&root->state)) {
- inode_sub_bytes(inode, item_end + 1 -
- found_key.offset);
+ inode_sub_bytes(inode, item_end + 1 - new_size);
}
}
delete:
next prev parent reply other threads:[~2015-12-09 10:34 UTC|newest]
Thread overview: 154+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-09 9:36 [3.16.y-ckt stable] Linux 3.16.7-ckt21 stable review Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 001/126] irda: precedence bug in irlmp_seq_hb_idx() Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 002/126] qmi_wwan: add Sierra Wireless MC74xx/EM74xx Luis Henriques
2015-12-09 11:27 ` Bjørn Mork
2015-12-09 11:44 ` Luis Henriques
2015-12-09 11:44 ` Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 003/126] macvtap: unbreak receiving of gro skb with frag list Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 004/126] RDS-TCP: Recover correctly from pskb_pull()/pksb_trim() failure in rds_tcp_data_recv Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 005/126] stmmac: Correctly report PTP capabilities Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 006/126] ipmr: fix possible race resulting from improper usage of IP_INC_STATS_BH() in preemptible context Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 007/126] net: qmi_wwan: add HP lt4111 LTE/EV-DO/HSPA+ Gobi 4G Module Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 008/126] qmi_wwan: fix entry for HP lt4112 LTE/HSPA+ " Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 009/126] sit: fix sit0 percpu double allocations Luis Henriques
2015-12-12 4:18 ` Ben Hutchings
2015-12-13 18:54 ` Luis Henriques
2015-12-13 18:54 ` Luis Henriques
2015-12-13 20:20 ` Ben Hutchings
2015-12-13 20:43 ` Eric Dumazet
2015-12-13 21:22 ` Ben Hutchings
2015-12-13 21:44 ` Eric Dumazet
2015-12-13 21:49 ` Ben Hutchings
2015-12-13 22:45 ` Eric Dumazet
2015-12-13 23:03 ` Ben Hutchings
2015-12-13 21:32 ` Luis Henriques
2015-12-13 21:32 ` Luis Henriques
2015-12-13 22:14 ` David Miller
2015-12-13 22:22 ` Luis Henriques
2015-12-13 22:22 ` Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 010/126] packet: race condition in packet_bind Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 011/126] net: avoid NULL deref in inet_ctl_sock_destroy() Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 012/126] net: fix a race in dst_release() Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 013/126] Failing to send a CLOSE if file is opened WRONLY and server reboots on a 4.x mount Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 014/126] x86/xen: Do not clip xen_e820_map to xen_e820_map_entries when sanitizing map Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 015/126] HID: core: Avoid uninitialized buffer access Luis Henriques
2015-12-09 9:36 ` Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 016/126] [media] v4l2-compat-ioctl32: fix alignment for ARM64 Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 017/126] net: mvneta: Fix CPU_MAP registers initialisation Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 018/126] mtd: mtdpart: fix add_mtd_partitions error path Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 019/126] ARM: 8426/1: dma-mapping: add missing range check in dma_mmap() Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 020/126] ARM: 8427/1: dma-mapping: add support for offset parameter " Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 021/126] mm: Check if section present during memory block (un)registering Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 022/126] spi: ti-qspi: Fix data corruption seen on r/w stress test Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 023/126] lockd: create NSM handles per net namespace Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 024/126] Revert "mm: Check if section present during memory block (un)registering" Luis Henriques
2015-12-12 4:37 ` Ben Hutchings
2015-12-13 18:57 ` Luis Henriques
2015-12-13 18:57 ` Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 025/126] Btrfs: fix file corruption and data loss after cloning inline extents Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 026/126] ARM: common: edma: Fix channel parameter for irq callbacks Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 027/126] iommu/vt-d: Fix ATSR handling for Root-Complex integrated endpoints Luis Henriques
2015-12-09 9:36 ` Luis Henriques [this message]
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 029/126] ext4: fix potential use after free in __ext4_journal_stop Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 030/126] [PATCH] fix calculation of meta_bg descriptor backups Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 031/126] ext4, jbd2: ensure entering into panic after recording an error in superblock Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 032/126] vTPM: fix memory allocation flag for rtce buffer at kernel boot Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 033/126] spi: dw: explicitly free IRQ handler in dw_spi_remove_host() Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 034/126] [media] media: vb2 dma-contig: Fully cache synchronise buffers in prepare and finish Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 035/126] Bluetooth: hidp: fix device disconnect on idle timeout Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 036/126] Bluetooth: ath3k: Add new AR3012 0930:021c id Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 037/126] Bluetooth: ath3k: Add support of AR3012 0cf3:817b device Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 038/126] spi: atmel: Fix DMA-setup for transfers with more than 8 bits per word Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 039/126] USB: qcserial: add Sierra Wireless MC74xx/EM74xx Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 040/126] staging: rtl8712: Add device ID for Sitecom WLA2100 Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 041/126] ACPI: Use correct IRQ when uninstalling ACPI interrupt handler Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 042/126] ALSA: hda/realtek - Dell XPS one ALC3260 speaker no sound after resume back Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 043/126] MAINTAINERS: Add public mailing list for ARC Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 044/126] megaraid_sas: Do not use PAGE_SIZE for max_sectors Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 045/126] KVM: s390: SCA must not cross page boundaries Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 046/126] arm64: Fix compat register mappings Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 047/126] can: Use correct type in sizeof() in nla_put() Luis Henriques
2015-12-09 9:36 ` Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 048/126] mtd: blkdevs: fix potential deadlock + lockdep warnings Luis Henriques
2015-12-09 9:36 ` [PATCH 3.16.y-ckt 049/126] Revert "dm mpath: fix stalls when handling invalid ioctls" Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 050/126] drm/i915: add quirk to enable backlight on Dell Chromebook 11 (2015) Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 051/126] crypto: algif_hash - Only export and import on sockets with data Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 052/126] xtensa: fixes for configs without loop option Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 053/126] megaraid_sas : SMAP restriction--do not access user memory from IOCTL code Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 054/126] mac80211: fix divide by zero when NOA update Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 055/126] mac80211: allow null chandef in tracing Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 056/126] xtensa: fix secondary core boot in SMP Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 057/126] recordmcount: Fix endianness handling bug for nop_mcount Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 058/126] KVM: VMX: fix SMEP and SMAP without EPT Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 059/126] thermal: exynos: Fix unbalanced regulator disable on probe failure Luis Henriques
2015-12-09 13:22 ` Krzysztof Kozlowski
2015-12-09 13:59 ` Luis Henriques
2015-12-09 13:59 ` Luis Henriques
2015-12-10 0:48 ` Krzysztof Kozlowski
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 060/126] ALSA: hda - Apply pin fixup for HP ProBook 6550b Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 061/126] ALSA: hda - Add Intel Lewisburg device IDs Audio Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 062/126] firewire: ohci: fix JMicron JMB38x IT context discovery Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 063/126] scsi: restart list search after unlock in scsi_remove_target Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 064/126] mm: slab: only move management objects off-slab for sizes larger than KMALLOC_MIN_SIZE Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 065/126] Input: elantech - add Fujitsu Lifebook U745 to force crc_enabled Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 066/126] proc: actually make proc_fd_permission() thread-friendly Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 067/126] x86/setup: Extend low identity map to cover whole kernel range Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 068/126] x86/setup: Fix low identity map for >= 2GB " Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 069/126] x86/cpu: Call verify_cpu() after having entered long mode too Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 070/126] Btrfs: fix race leading to incorrect item deletion when dropping extents Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 071/126] Btrfs: fix race leading to BUG_ON when running delalloc for nodatacow Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 072/126] perf: Fix inherited events vs. tracepoint filters Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 073/126] scsi_sysfs: Fix queue_ramp_up_period return code Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 074/126] Btrfs: fix race when listing an inode's xattrs Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 075/126] ideapad-laptop: Add Lenovo Yoga 900 to no_hw_rfkill dmi list Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 076/126] storvsc: Don't set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 077/126] KVM: x86: Defining missing x86 vectors Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 078/126] KVM: x86: work around infinite loop in microcode when #AC is delivered Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 079/126] KVM: svm: unconditionally intercept #DB Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 080/126] drivers: of: of_reserved_mem: fixup the alignment with CMA setup Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 081/126] drm/ast: Initialized data needed to map fbdev memory Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 082/126] FS-Cache: Increase reference of parent after registering, netfs success Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 083/126] FS-Cache: Don't override netfs's primary_index if registering failed Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 084/126] binfmt_elf: Don't clobber passed executable's file header Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 085/126] fs/pipe.c: return error code rather than 0 in pipe_write() Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 086/126] splice: sendfile() at once fails for big files Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 087/126] mac80211: fix driver RSSI event calculations Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 088/126] wm831x_power: Use IRQF_ONESHOT to request threaded IRQs Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 089/126] mwifiex: fix mwifiex_rdeeprom_read() Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 090/126] dmaengine: dw: convert to __ffs() Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 091/126] usb: ehci-orion: fix probe for !GENERIC_PHY Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 092/126] devres: fix a for loop bounds check Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 093/126] netfilter: remove dead code Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 094/126] ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 095/126] packet: fix match_fanout_group() Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 096/126] hsi: fix double kfree Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 097/126] hsi: omap_ssi_port: Prevent warning if cawake_gpio is not defined Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 098/126] ARM: pxa: remove incorrect __init annotation on pxa27x_set_pwrmode Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 099/126] ALSA: fireworks/bebob/oxfw/dice: enable to make as built-in Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 100/126] drm: Fix return value of drm_framebuffer_init() Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 101/126] ALSA: fireworks: use u32 type for be32_to_cpup() macro Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 102/126] ALSA: bebob: use correct type for __be32 data Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 103/126] tcp: apply Kern's check on RTTs used for congestion control Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 104/126] clk: versatile-icst: fix memory leak Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 105/126] MIPS: atomic: Fix comment describing atomic64_add_unless's return value Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 106/126] mfd: twl6040: Fix deferred probe handling for clk32k Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 107/126] of/fdt: fix error checking for earlycon address Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 108/126] netfilter: nfnetlink: don't probe module if it exists Luis Henriques
2015-12-09 9:37 ` [PATCH 3.16.y-ckt 109/126] xprtrdma: Re-arm after missed events Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 110/126] ceph: fix message length computation Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 111/126] ipv6: fix tunnel error handling Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 112/126] perf trace: Fix documentation for -i Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 113/126] bonding: fix panic on non-ARPHRD_ETHER enslave failure Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 114/126] rtc: ds1307: Fix alarm programming for mcp794xx Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 115/126] TPM: Avoid reference to potentially freed memory Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 116/126] xtensa: nommu: provide _PAGE_CHG_MASK definition Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 117/126] md/raid0: update queue parameter in a safer location Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 118/126] md/raid0: apply base queue limits *before* disk_stack_limits Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 119/126] drm/radeon: add quirk for MSI R7 370 Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 120/126] drm/radeon: add quirk for ASUS " Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 121/126] drm/radeon: fix quirk for MSI R7 370 Armor 2X Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 122/126] tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 123/126] fs/proc, core/debug: Don't expose absolute kernel addresses via wchan Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 124/126] ALSA: hda - Disable 64bit address for Creative HDA controllers Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 125/126] printk: prevent userland from spoofing kernel messages Luis Henriques
2015-12-09 9:38 ` [PATCH 3.16.y-ckt 126/126] FS-Cache: Handle a write to the page immediately beyond the EOF marker Luis Henriques
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1449653896-5236-29-git-send-email-luis.henriques@canonical.com \
--to=luis.henriques@canonical.com \
--cc=fdmanana@suse.com \
--cc=kernel-team@lists.ubuntu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.