--- /dev/null
+From c01638f5d919728f565bf8b5e0a6a159642df0d9 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Tue, 6 Dec 2016 16:18:45 +0100
+Subject: fuse: fix clearing suid, sgid for chown()
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit c01638f5d919728f565bf8b5e0a6a159642df0d9 upstream.
+
+Basically, the pjdfstests set the ownership of a file to 06555, and then
+chowns it (as root) to a new uid/gid. Prior to commit a09f99eddef4 ("fuse:
+fix killing s[ug]id in setattr"), fuse would send down a setattr with both
+the uid/gid change and a new mode. Now, it just sends down the uid/gid
+change.
+
+Technically this is NOTABUG, since POSIX doesn't _require_ that we clear
+these bits for a privileged process, but Linux (wisely) has done that and I
+think we don't want to change that behavior here.
+
+This is caused by the use of should_remove_suid(), which will always return
+0 when the process has CAP_FSETID.
+
+In fact we really don't need to be calling should_remove_suid() at all,
+since we've already been indicated that we should remove the suid, we just
+don't want to use a (very) stale mode for that.
+
+This patch should fix the above as well as simplify the logic.
+
+Reported-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Fixes: a09f99eddef4 ("fuse: fix killing s[ug]id in setattr")
+Reviewed-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/fuse/dir.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+--- a/fs/fuse/dir.c
++++ b/fs/fuse/dir.c
+@@ -1709,8 +1709,6 @@ static int fuse_setattr(struct dentry *e
+ return -EACCES;
+
+ if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
+- int kill;
+-
+ attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
+ ATTR_MODE);
+ /*
+@@ -1722,12 +1720,11 @@ static int fuse_setattr(struct dentry *e
+ return ret;
+
+ attr->ia_mode = inode->i_mode;
+- kill = should_remove_suid(entry);
+- if (kill & ATTR_KILL_SUID) {
++ if (inode->i_mode & S_ISUID) {
+ attr->ia_valid |= ATTR_MODE;
+ attr->ia_mode &= ~S_ISUID;
+ }
+- if (kill & ATTR_KILL_SGID) {
++ if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
+ attr->ia_valid |= ATTR_MODE;
+ attr->ia_mode &= ~S_ISGID;
+ }
--- /dev/null
+From 10c77dba40ff58fc03587b3b60725bb7fd723183 Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Wed, 16 Nov 2016 18:27:56 +0000
+Subject: powerpc/boot: Fix build failure in 32-bit boot wrapper
+
+From: Ben Hutchings <ben@decadent.org.uk>
+
+commit 10c77dba40ff58fc03587b3b60725bb7fd723183 upstream.
+
+OPAL is not callable from 32-bit mode and the assembly code for it
+may not even build (depending on how binutils was configured).
+
+References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=powerpcspe&ver=4.8.7-1&stamp=1479203712
+Fixes: 656ad58ef19e ("powerpc/boot: Add OPAL console to epapr wrappers")
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/boot/Makefile | 3 ++-
+ arch/powerpc/boot/opal.c | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+--- a/arch/powerpc/boot/Makefile
++++ b/arch/powerpc/boot/Makefile
+@@ -78,7 +78,8 @@ src-wlib-y := string.S crt0.S crtsavres.
+ ns16550.c serial.c simple_alloc.c div64.S util.S \
+ gunzip_util.c elf_util.c $(zlib) devtree.c stdlib.c \
+ oflib.c ofconsole.c cuboot.c mpsc.c cpm-serial.c \
+- uartlite.c mpc52xx-psc.c opal.c opal-calls.S
++ uartlite.c mpc52xx-psc.c opal.c
++src-wlib-$(CONFIG_PPC64_BOOT_WRAPPER) += opal-calls.S
+ src-wlib-$(CONFIG_40x) += 4xx.c planetcore.c
+ src-wlib-$(CONFIG_44x) += 4xx.c ebony.c bamboo.c
+ src-wlib-$(CONFIG_8xx) += mpc8xx.c planetcore.c fsl-soc.c
+--- a/arch/powerpc/boot/opal.c
++++ b/arch/powerpc/boot/opal.c
+@@ -13,7 +13,7 @@
+ #include <libfdt.h>
+ #include "../include/asm/opal-api.h"
+
+-#ifdef __powerpc64__
++#ifdef CONFIG_PPC64_BOOT_WRAPPER
+
+ /* Global OPAL struct used by opal-call.S */
+ struct opal {
--- /dev/null
+From 409bf7f8a02ef88db5a0f2cdcf9489914f4b8508 Mon Sep 17 00:00:00 2001
+From: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
+Date: Thu, 1 Dec 2016 11:23:05 +1100
+Subject: powerpc/eeh: Fix deadlock when PE frozen state can't be cleared
+
+From: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
+
+commit 409bf7f8a02ef88db5a0f2cdcf9489914f4b8508 upstream.
+
+In eeh_reset_device(), we take the pci_rescan_remove_lock immediately after
+after we call eeh_reset_pe() to reset the PCI controller. We then call
+eeh_clear_pe_frozen_state(), which can return an error. In this case, we
+bail out of eeh_reset_device() without calling pci_unlock_rescan_remove().
+
+Add a call to pci_unlock_rescan_remove() in the eeh_clear_pe_frozen_state()
+error path so that we don't cause a deadlock later on.
+
+Reported-by: Pradipta Ghosh <pradghos@in.ibm.com>
+Fixes: 78954700631f ("powerpc/eeh: Avoid I/O access during PE reset")
+Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
+Acked-by: Russell Currey <ruscur@russell.cc>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/eeh_driver.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/powerpc/kernel/eeh_driver.c
++++ b/arch/powerpc/kernel/eeh_driver.c
+@@ -671,8 +671,10 @@ static int eeh_reset_device(struct eeh_p
+
+ /* Clear frozen state */
+ rc = eeh_clear_pe_frozen_state(pe, false);
+- if (rc)
++ if (rc) {
++ pci_unlock_rescan_remove();
+ return rc;
++ }
+
+ /* Give the system 5 seconds to finish running the user-space
+ * hotplug shutdown scripts, e.g. ifdown for ethernet. Yes,
--- /dev/null
+From dd7b2f035ec41a409f7a7cec7aabc0ec0eacf476 Mon Sep 17 00:00:00 2001
+From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Date: Tue, 29 Nov 2016 13:13:46 +1100
+Subject: powerpc/mm: Fix lazy icache flush on pre-POWER5
+
+From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+
+commit dd7b2f035ec41a409f7a7cec7aabc0ec0eacf476 upstream.
+
+On 64-bit CPUs with no-execute support and non-snooping icache, such as
+970 or POWER4, we have a software mechanism to ensure coherency of the
+cache (using exec faults when needed).
+
+This was broken due to a logic error when the code was rewritten
+from assembly to C, previously the assembly code did:
+
+ BEGIN_FTR_SECTION
+ mr r4,r30
+ mr r5,r7
+ bl hash_page_do_lazy_icache
+ END_FTR_SECTION(CPU_FTR_NOEXECUTE|CPU_FTR_COHERENT_ICACHE, CPU_FTR_NOEXECUTE)
+
+Which tests that:
+ (cpu_features & (NOEXECUTE | COHERENT_ICACHE)) == NOEXECUTE
+
+Which says that the current cpu does have NOEXECUTE, but does not have
+COHERENT_ICACHE.
+
+Fixes: 91f1da99792a ("powerpc/mm: Convert 4k hash insert to C")
+Fixes: 89ff725051d1 ("powerpc/mm: Convert __hash_page_64K to C")
+Fixes: a43c0eb8364c ("powerpc/mm: Convert 4k insert from asm to C")
+Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
+[mpe: Change log verbosification]
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/mm/hash64_4k.c | 2 +-
+ arch/powerpc/mm/hash64_64k.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/powerpc/mm/hash64_4k.c
++++ b/arch/powerpc/mm/hash64_4k.c
+@@ -55,7 +55,7 @@ int __hash_page_4K(unsigned long ea, uns
+ */
+ rflags = htab_convert_pte_flags(new_pte);
+
+- if (!cpu_has_feature(CPU_FTR_NOEXECUTE) &&
++ if (cpu_has_feature(CPU_FTR_NOEXECUTE) &&
+ !cpu_has_feature(CPU_FTR_COHERENT_ICACHE))
+ rflags = hash_page_do_lazy_icache(rflags, __pte(old_pte), trap);
+
+--- a/arch/powerpc/mm/hash64_64k.c
++++ b/arch/powerpc/mm/hash64_64k.c
+@@ -87,7 +87,7 @@ int __hash_page_4K(unsigned long ea, uns
+ subpg_pte = new_pte & ~subpg_prot;
+ rflags = htab_convert_pte_flags(subpg_pte);
+
+- if (!cpu_has_feature(CPU_FTR_NOEXECUTE) &&
++ if (cpu_has_feature(CPU_FTR_NOEXECUTE) &&
+ !cpu_has_feature(CPU_FTR_COHERENT_ICACHE)) {
+
+ /*
+@@ -258,7 +258,7 @@ int __hash_page_64K(unsigned long ea, un
+
+ rflags = htab_convert_pte_flags(new_pte);
+
+- if (!cpu_has_feature(CPU_FTR_NOEXECUTE) &&
++ if (cpu_has_feature(CPU_FTR_NOEXECUTE) &&
+ !cpu_has_feature(CPU_FTR_COHERENT_ICACHE))
+ rflags = hash_page_do_lazy_icache(rflags, __pte(old_pte), trap);
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
