--- /dev/null
+From a0b3bc855374c50b5ea85273553485af48caf2f7 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sun, 29 Oct 2017 06:30:19 -0400
+Subject: fscrypt: lock mutex before checking for bounce page pool
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit a0b3bc855374c50b5ea85273553485af48caf2f7 upstream.
+
+fscrypt_initialize(), which allocates the global bounce page pool when
+an encrypted file is first accessed, uses "double-checked locking" to
+try to avoid locking fscrypt_init_mutex. However, it doesn't use any
+memory barriers, so it's theoretically possible for a thread to observe
+a bounce page pool which has not been fully initialized. This is a
+classic bug with "double-checked locking".
+
+While "only a theoretical issue" in the latest kernel, in pre-4.8
+kernels the pointer that was checked was not even the last to be
+initialized, so it was easily possible for a crash (NULL pointer
+dereference) to happen. This was changed only incidentally by the large
+refactor to use fs/crypto/.
+
+Solve both problems in a trivial way that can easily be backported: just
+always take the mutex. It's theoretically less efficient, but it
+shouldn't be noticeable in practice as the mutex is only acquired very
+briefly once per encrypted file.
+
+Later I'd like to make this use a helper macro like DO_ONCE(). However,
+DO_ONCE() runs in atomic context, so we'd need to add a new macro that
+allows blocking.
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ fs/crypto/crypto.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/fs/crypto/crypto.c
++++ b/fs/crypto/crypto.c
+@@ -484,9 +484,6 @@ int fscrypt_initialize(void)
+ {
+ int i, res = -ENOMEM;
+
+- if (fscrypt_bounce_page_pool)
+- return 0;
+-
+ mutex_lock(&fscrypt_init_mutex);
+ if (fscrypt_bounce_page_pool)
+ goto already_initialized;
--- /dev/null
+From 9523feac272ccad2ad8186ba4fcc89103754de52 Mon Sep 17 00:00:00 2001
+From: Tuomas Tynkkynen <tuomas@tuxera.com>
+Date: Wed, 6 Sep 2017 17:59:08 +0300
+Subject: net/9p: Switch to wait_event_killable()
+
+From: Tuomas Tynkkynen <tuomas@tuxera.com>
+
+commit 9523feac272ccad2ad8186ba4fcc89103754de52 upstream.
+
+Because userspace gets Very Unhappy when calls like stat() and execve()
+return -EINTR on 9p filesystem mounts. For instance, when bash is
+looking in PATH for things to execute and some SIGCHLD interrupts
+stat(), bash can throw a spurious 'command not found' since it doesn't
+retry the stat().
+
+In practice, hitting the problem is rare and needs a really
+slow/bogged down 9p server.
+
+Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ net/9p/client.c | 3 +--
+ net/9p/trans_virtio.c | 13 ++++++-------
+ 2 files changed, 7 insertions(+), 9 deletions(-)
+
+--- a/net/9p/client.c
++++ b/net/9p/client.c
+@@ -749,8 +749,7 @@ p9_client_rpc(struct p9_client *c, int8_
+ }
+ again:
+ /* Wait for the response */
+- err = wait_event_interruptible(*req->wq,
+- req->status >= REQ_STATUS_RCVD);
++ err = wait_event_killable(*req->wq, req->status >= REQ_STATUS_RCVD);
+
+ /*
+ * Make sure our req is coherent with regard to updates in other
+--- a/net/9p/trans_virtio.c
++++ b/net/9p/trans_virtio.c
+@@ -286,8 +286,8 @@ req_retry:
+ if (err == -ENOSPC) {
+ chan->ring_bufs_avail = 0;
+ spin_unlock_irqrestore(&chan->lock, flags);
+- err = wait_event_interruptible(*chan->vc_wq,
+- chan->ring_bufs_avail);
++ err = wait_event_killable(*chan->vc_wq,
++ chan->ring_bufs_avail);
+ if (err == -ERESTARTSYS)
+ return err;
+
+@@ -327,7 +327,7 @@ static int p9_get_mapped_pages(struct vi
+ * Other zc request to finish here
+ */
+ if (atomic_read(&vp_pinned) >= chan->p9_max_pages) {
+- err = wait_event_interruptible(vp_wq,
++ err = wait_event_killable(vp_wq,
+ (atomic_read(&vp_pinned) < chan->p9_max_pages));
+ if (err == -ERESTARTSYS)
+ return err;
+@@ -471,8 +471,8 @@ req_retry_pinned:
+ if (err == -ENOSPC) {
+ chan->ring_bufs_avail = 0;
+ spin_unlock_irqrestore(&chan->lock, flags);
+- err = wait_event_interruptible(*chan->vc_wq,
+- chan->ring_bufs_avail);
++ err = wait_event_killable(*chan->vc_wq,
++ chan->ring_bufs_avail);
+ if (err == -ERESTARTSYS)
+ goto err_out;
+
+@@ -489,8 +489,7 @@ req_retry_pinned:
+ virtqueue_kick(chan->vq);
+ spin_unlock_irqrestore(&chan->lock, flags);
+ p9_debug(P9_DEBUG_TRANS, "virtio request kicked\n");
+- err = wait_event_interruptible(*req->wq,
+- req->status >= REQ_STATUS_RCVD);
++ err = wait_event_killable(*req->wq, req->status >= REQ_STATUS_RCVD);
+ /*
+ * Non kernel buffers are pinned, unpin them
+ */
--- /dev/null
+From 7978db344719dab1e56d05e6fc04aaaddcde0a5e Mon Sep 17 00:00:00 2001
+From: Tobias Jordan <Tobias.Jordan@elektrobit.com>
+Date: Wed, 4 Oct 2017 11:35:03 +0530
+Subject: PM / OPP: Add missing of_node_put(np)
+
+From: Tobias Jordan <Tobias.Jordan@elektrobit.com>
+
+commit 7978db344719dab1e56d05e6fc04aaaddcde0a5e upstream.
+
+The for_each_available_child_of_node() loop in _of_add_opp_table_v2()
+doesn't drop the reference to "np" on errors. Fix that.
+
+Fixes: 274659029c9d (PM / OPP: Add support to parse "operating-points-v2" bindings)
+Signed-off-by: Tobias Jordan <Tobias.Jordan@elektrobit.com>
+[ VK: Improved commit log. ]
+Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
+Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ drivers/base/power/opp/of.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/base/power/opp/of.c
++++ b/drivers/base/power/opp/of.c
+@@ -348,6 +348,7 @@ static int _of_add_opp_table_v2(struct d
+ if (ret) {
+ dev_err(dev, "%s: Failed to add OPP, %d\n", __func__,
+ ret);
++ of_node_put(np);
+ goto free_table;
+ }
+ }
cx231xx-cards-fix-null-deref-on-missing-association-descriptor.patch
media-v4l2-ctrl-fix-flags-field-on-control-events.patch
sched-rt-simplify-the-ipi-based-rt-balancing-logic.patch
+fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch
+net-9p-switch-to-wait_event_killable.patch
+pm-opp-add-missing-of_node_put-np.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
