3.18-stable patches

added patches:
	mm-filemap.c-fix-null-pointer-in-page_cache_tree_insert.patch
	perf-return-proper-values-for-user-stack-errors.patch

diff --git a/queue-3.18/ext4-bugfix-for-mmaped-pages-in-mpage_release_unused_pages.patch b/queue-3.18/ext4-bugfix-for-mmaped-pages-in-mpage_release_unused_pages.patch
index 95e54a5d99ce643a54d1d88511d9b35ff8a34e3b..089d43c1efc2b031a0c00af47bda98d03712eb2f 100644 (file)
--- a/queue-3.18/ext4-bugfix-for-mmaped-pages-in-mpage_release_unused_pages.patch
+++ b/queue-3.18/ext4-bugfix-for-mmaped-pages-in-mpage_release_unused_pages.patch
@@ -51,7 +51,7 @@ which causes this log message to be print:
 Cc: stable@vger.kernel.org
 Signed-off-by: wangguang <wangguang03@zte.com>
 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-[@nathanchance: Resolved conflict from lack of 09cbfeaf1a5a6]
+[nathanchance: Resolved conflict from lack of 09cbfeaf1a5a6]
 Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
 Signed-off-by: Harsh Shandilya <harsh@prjkt.io>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/queue-3.18/mm-filemap.c-fix-null-pointer-in-page_cache_tree_insert.patch b/queue-3.18/mm-filemap.c-fix-null-pointer-in-page_cache_tree_insert.patch
new file mode 100644 (file)
index 0000000..34ab044
--- /dev/null
+++ b/queue-3.18/mm-filemap.c-fix-null-pointer-in-page_cache_tree_insert.patch
@@ -0,0 +1,61 @@
+From abc1be13fd113ddef5e2d807a466286b864caed3 Mon Sep 17 00:00:00 2001
+From: Matthew Wilcox <mawilcox@microsoft.com>
+Date: Fri, 20 Apr 2018 14:56:20 -0700
+Subject: mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
+
+From: Matthew Wilcox <mawilcox@microsoft.com>
+
+commit abc1be13fd113ddef5e2d807a466286b864caed3 upstream.
+
+f2fs specifies the __GFP_ZERO flag for allocating some of its pages.
+Unfortunately, the page cache also uses the mapping's GFP flags for
+allocating radix tree nodes.  It always masked off the __GFP_HIGHMEM
+flag, and masks off __GFP_ZERO in some paths, but not all.  That causes
+radix tree nodes to be allocated with a NULL list_head, which causes
+backtraces like:
+
+  __list_del_entry+0x30/0xd0
+  list_lru_del+0xac/0x1ac
+  page_cache_tree_insert+0xd8/0x110
+
+The __GFP_DMA and __GFP_DMA32 flags would also be able to sneak through
+if they are ever used.  Fix them all by using GFP_RECLAIM_MASK at the
+innermost location, and remove it from earlier in the callchain.
+
+Link: http://lkml.kernel.org/r/20180411060320.14458-2-willy@infradead.org
+Fixes: 449dd6984d0e ("mm: keep page cache radix tree nodes in check")
+Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
+Reported-by: Chris Fries <cfries@google.com>
+Debugged-by: Minchan Kim <minchan@kernel.org>
+Acked-by: Johannes Weiner <hannes@cmpxchg.org>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Harsh Shandilya <harsh@prjkt.io>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/filemap.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/mm/filemap.c
++++ b/mm/filemap.c
+@@ -468,7 +468,7 @@ int replace_page_cache_page(struct page
+       VM_BUG_ON_PAGE(!PageLocked(new), new);
+       VM_BUG_ON_PAGE(new->mapping, new);
+ 
+-      error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM);
++      error = radix_tree_preload(gfp_mask & GFP_RECLAIM_MASK);
+       if (!error) {
+               struct address_space *mapping = old->mapping;
+               void (*freepage)(struct page *);
+@@ -561,7 +561,7 @@ static int __add_to_page_cache_locked(st
+                       return error;
+       }
+ 
+-      error = radix_tree_maybe_preload(gfp_mask & ~__GFP_HIGHMEM);
++      error = radix_tree_maybe_preload(gfp_mask & GFP_RECLAIM_MASK);
+       if (error) {
+               if (!huge)
+                       mem_cgroup_cancel_charge(page, memcg);

diff --git a/queue-3.18/perf-return-proper-values-for-user-stack-errors.patch b/queue-3.18/perf-return-proper-values-for-user-stack-errors.patch
new file mode 100644 (file)
index 0000000..84889bb
--- /dev/null
+++ b/queue-3.18/perf-return-proper-values-for-user-stack-errors.patch
@@ -0,0 +1,46 @@
+From 78b562fbfa2cf0a9fcb23c3154756b690f4905c1 Mon Sep 17 00:00:00 2001
+From: Jiri Olsa <jolsa@kernel.org>
+Date: Sun, 15 Apr 2018 11:23:50 +0200
+Subject: perf: Return proper values for user stack errors
+
+From: Jiri Olsa <jolsa@kernel.org>
+
+commit 78b562fbfa2cf0a9fcb23c3154756b690f4905c1 upstream.
+
+Return immediately when we find issue in the user stack checks. The
+error value could get overwritten by following check for
+PERF_SAMPLE_REGS_INTR.
+
+Signed-off-by: Jiri Olsa <jolsa@kernel.org>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Andi Kleen <andi@firstfloor.org>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Stephane Eranian <eranian@google.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: syzkaller-bugs@googlegroups.com
+Cc: x86@kernel.org
+Fixes: 60e2364e60e8 ("perf: Add ability to sample machine state on interrupt")
+Link: http://lkml.kernel.org/r/20180415092352.12403-1-jolsa@kernel.org
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/events/core.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -7348,9 +7348,9 @@ static int perf_copy_attr(struct perf_ev
+                * __u16 sample size limit.
+                */
+               if (attr->sample_stack_user >= USHRT_MAX)
+-                      ret = -EINVAL;
++                      return -EINVAL;
+               else if (!IS_ALIGNED(attr->sample_stack_user, sizeof(u64)))
+-                      ret = -EINVAL;
++                      return -EINVAL;
+       }
+ 
+ out:

diff --git a/queue-3.18/series b/queue-3.18/series
index 4105cee923c38ab37fd81151829340c5c0c8c42b..366967c60411bb11261107c2d1e48b85d9d517f0 100644 (file)
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -3,3 +3,5 @@ x86-tsc-prevent-32bit-truncation-in-calc_hpet_ref.patch
 ext4-fix-deadlock-between-inline_data-and-ext4_expand_extra_isize_ea.patch
 ext4-bugfix-for-mmaped-pages-in-mpage_release_unused_pages.patch
 ext4-don-t-update-checksum-of-new-initialized-bitmaps.patch
+perf-return-proper-values-for-user-stack-errors.patch
+mm-filemap.c-fix-null-pointer-in-page_cache_tree_insert.patch