--- /dev/null
+From a8c39544a6eb2093c04afd5005b6192bd0e880c6 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Sun, 14 May 2017 21:47:25 -0400
+Subject: osf_wait4(): fix infoleak
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit a8c39544a6eb2093c04afd5005b6192bd0e880c6 upstream.
+
+failing sys_wait4() won't fill struct rusage...
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/alpha/kernel/osf_sys.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/alpha/kernel/osf_sys.c
++++ b/arch/alpha/kernel/osf_sys.c
+@@ -1183,8 +1183,10 @@ SYSCALL_DEFINE4(osf_wait4, pid_t, pid, i
+ if (!access_ok(VERIFY_WRITE, ur, sizeof(*ur)))
+ return -EFAULT;
+
+- err = 0;
+- err |= put_user(status, ustatus);
++ err = put_user(status, ustatus);
++ if (ret < 0)
++ return err ? err : ret;
++
+ err |= __put_user(r.ru_utime.tv_sec, &ur->ru_utime.tv_sec);
+ err |= __put_user(r.ru_utime.tv_usec, &ur->ru_utime.tv_usec);
+ err |= __put_user(r.ru_stime.tv_sec, &ur->ru_stime.tv_sec);
--- /dev/null
+From 6bccc7f426abd640f08d8c75fb22f99483f201b4 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <dwmw@amazon.co.uk>
+Date: Wed, 12 Apr 2017 13:25:50 +0100
+Subject: PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms
+
+From: David Woodhouse <dwmw@amazon.co.uk>
+
+commit 6bccc7f426abd640f08d8c75fb22f99483f201b4 upstream.
+
+In the PCI_MMAP_PROCFS case when the address being passed by the user is a
+'user visible' resource address based on the bus window, and not the actual
+contents of the resource, that's what we need to be checking it against.
+
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/pci-sysfs.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/drivers/pci/pci-sysfs.c
++++ b/drivers/pci/pci-sysfs.c
+@@ -964,15 +964,19 @@ void pci_remove_legacy_files(struct pci_
+ int pci_mmap_fits(struct pci_dev *pdev, int resno, struct vm_area_struct *vma,
+ enum pci_mmap_api mmap_api)
+ {
+- unsigned long nr, start, size, pci_start;
++ unsigned long nr, start, size;
++ resource_size_t pci_start = 0, pci_end;
+
+ if (pci_resource_len(pdev, resno) == 0)
+ return 0;
+ nr = vma_pages(vma);
+ start = vma->vm_pgoff;
+ size = ((pci_resource_len(pdev, resno) - 1) >> PAGE_SHIFT) + 1;
+- pci_start = (mmap_api == PCI_MMAP_PROCFS) ?
+- pci_resource_start(pdev, resno) >> PAGE_SHIFT : 0;
++ if (mmap_api == PCI_MMAP_PROCFS) {
++ pci_resource_to_user(pdev, resno, &pdev->resource[resno],
++ &pci_start, &pci_end);
++ pci_start >>= PAGE_SHIFT;
++ }
+ if (start >= pci_start && start < pci_start + size &&
+ start + nr <= pci_start + size)
+ return 1;
--- /dev/null
+From ea00353f36b64375518662a8ad15e39218a1f324 Mon Sep 17 00:00:00 2001
+From: Lukas Wunner <lukas@wunner.de>
+Date: Tue, 18 Apr 2017 20:44:30 +0200
+Subject: PCI: Freeze PME scan before suspending devices
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Lukas Wunner <lukas@wunner.de>
+
+commit ea00353f36b64375518662a8ad15e39218a1f324 upstream.
+
+Laurent Pinchart reported that the Renesas R-Car H2 Lager board (r8a7790)
+crashes during suspend tests. Geert Uytterhoeven managed to reproduce the
+issue on an M2-W Koelsch board (r8a7791):
+
+ It occurs when the PME scan runs, once per second. During PME scan, the
+ PCI host bridge (rcar-pci) registers are accessed while its module clock
+ has already been disabled, leading to the crash.
+
+One reproducer is to configure s2ram to use "s2idle" instead of "deep"
+suspend:
+
+ # echo 0 > /sys/module/printk/parameters/console_suspend
+ # echo s2idle > /sys/power/mem_sleep
+ # echo mem > /sys/power/state
+
+Another reproducer is to write either "platform" or "processors" to
+/sys/power/pm_test. It does not (or is less likely) to happen during full
+system suspend ("core" or "none") because system suspend also disables
+timers, and thus the workqueue handling PME scans no longer runs. Geert
+believes the issue may still happen in the small window between disabling
+module clocks and disabling timers:
+
+ # echo 0 > /sys/module/printk/parameters/console_suspend
+ # echo platform > /sys/power/pm_test # Or "processors"
+ # echo mem > /sys/power/state
+
+(Make sure CONFIG_PCI_RCAR_GEN2 and CONFIG_USB_OHCI_HCD_PCI are enabled.)
+
+Rafael Wysocki agrees that PME scans should be suspended before the host
+bridge registers become inaccessible. To that end, queue the task on a
+workqueue that gets frozen before devices suspend.
+
+Rafael notes however that as a result, some wakeup events may be missed if
+they are delivered via PME from a device without working IRQ (which hence
+must be polled) and occur after the workqueue has been frozen. If that
+turns out to be an issue in practice, it may be possible to solve it by
+calling pci_pme_list_scan() once directly from one of the host bridge's
+pm_ops callbacks.
+
+Stacktrace for posterity:
+
+ PM: Syncing filesystems ... [ 38.566237] done.
+ PM: Preparing system for sleep (mem)
+ Freezing user space processes ... [ 38.579813] (elapsed 0.001 seconds) done.
+ Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done.
+ PM: Suspending system (mem)
+ PM: suspend of devices complete after 152.456 msecs
+ PM: late suspend of devices complete after 2.809 msecs
+ PM: noirq suspend of devices complete after 29.863 msecs
+ suspend debug: Waiting for 5 second(s).
+ Unhandled fault: asynchronous external abort (0x1211) at 0x00000000
+ pgd = c0003000
+ [00000000] *pgd=80000040004003, *pmd=00000000
+ Internal error: : 1211 [#1] SMP ARM
+ Modules linked in:
+ CPU: 1 PID: 20 Comm: kworker/1:1 Not tainted
+ 4.9.0-rc1-koelsch-00011-g68db9bc814362e7f #3383
+ Hardware name: Generic R8A7791 (Flattened Device Tree)
+ Workqueue: events pci_pme_list_scan
+ task: eb56e140 task.stack: eb58e000
+ PC is at pci_generic_config_read+0x64/0x6c
+ LR is at rcar_pci_cfg_base+0x64/0x84
+ pc : [<c041d7b4>] lr : [<c04309a0>] psr: 600d0093
+ sp : eb58fe98 ip : c041d750 fp : 00000008
+ r10: c0e2283c r9 : 00000000 r8 : 600d0013
+ r7 : 00000008 r6 : eb58fed6 r5 : 00000002 r4 : eb58feb4
+ r3 : 00000000 r2 : 00000044 r1 : 00000008 r0 : 00000000
+ Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
+ Control: 30c5387d Table: 6a9f6c80 DAC: 55555555
+ Process kworker/1:1 (pid: 20, stack limit = 0xeb58e210)
+ Stack: (0xeb58fe98 to 0xeb590000)
+ fe80: 00000002 00000044
+ fea0: eb6f5800 c041d9b0 eb58feb4 00000008 00000044 00000000 eb78a000 eb78a000
+ fec0: 00000044 00000000 eb9aff00 c0424bf0 eb78a000 00000000 eb78a000 c0e22830
+ fee0: ea8a6fc0 c0424c5c eaae79c0 c0424ce0 eb55f380 c0e22838 eb9a9800 c0235fbc
+ ff00: eb55f380 c0e22838 eb55f380 eb9a9800 eb9a9800 eb58e000 eb9a9824 c0e02100
+ ff20: eb55f398 c02366c4 eb56e140 eb5631c0 00000000 eb55f380 c023641c 00000000
+ ff40: 00000000 00000000 00000000 c023a928 cd105598 00000000 40506a34 eb55f380
+ ff60: 00000000 00000000 dead4ead ffffffff ffffffff eb58ff74 eb58ff74 00000000
+ ff80: 00000000 dead4ead ffffffff ffffffff eb58ff90 eb58ff90 eb58ffac eb5631c0
+ ffa0: c023a844 00000000 00000000 c0206d68 00000000 00000000 00000000 00000000
+ ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
+ ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 3a81336c 10ccd1dd
+ [<c041d7b4>] (pci_generic_config_read) from [<c041d9b0>]
+ (pci_bus_read_config_word+0x58/0x80)
+ [<c041d9b0>] (pci_bus_read_config_word) from [<c0424bf0>]
+ (pci_check_pme_status+0x34/0x78)
+ [<c0424bf0>] (pci_check_pme_status) from [<c0424c5c>] (pci_pme_wakeup+0x28/0x54)
+ [<c0424c5c>] (pci_pme_wakeup) from [<c0424ce0>] (pci_pme_list_scan+0x58/0xb4)
+ [<c0424ce0>] (pci_pme_list_scan) from [<c0235fbc>]
+ (process_one_work+0x1bc/0x308)
+ [<c0235fbc>] (process_one_work) from [<c02366c4>] (worker_thread+0x2a8/0x3e0)
+ [<c02366c4>] (worker_thread) from [<c023a928>] (kthread+0xe4/0xfc)
+ [<c023a928>] (kthread) from [<c0206d68>] (ret_from_fork+0x14/0x2c)
+ Code: ea000000 e5903000 f57ff04f e3a00000 (e5843000)
+ ---[ end trace 667d43ba3aa9e589 ]---
+
+Fixes: df17e62e5bff ("PCI: Add support for polling PME state on suspended legacy PCI devices")
+Reported-and-tested-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
+Reported-and-tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Lukas Wunner <lukas@wunner.de>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
+Cc: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
+Cc: Simon Horman <horms+renesas@verge.net.au>
+Cc: Yinghai Lu <yinghai@kernel.org>
+Cc: Matthew Garrett <mjg59@srcf.ucam.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/pci.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/drivers/pci/pci.c
++++ b/drivers/pci/pci.c
+@@ -1685,8 +1685,8 @@ static void pci_pme_list_scan(struct wor
+ }
+ }
+ if (!list_empty(&pci_pme_list))
+- schedule_delayed_work(&pci_pme_work,
+- msecs_to_jiffies(PME_TIMEOUT));
++ queue_delayed_work(system_freezable_wq, &pci_pme_work,
++ msecs_to_jiffies(PME_TIMEOUT));
+ mutex_unlock(&pci_pme_list_mutex);
+ }
+
+@@ -1746,8 +1746,9 @@ void pci_pme_active(struct pci_dev *dev,
+ mutex_lock(&pci_pme_list_mutex);
+ list_add(&pme_dev->list, &pci_pme_list);
+ if (list_is_singular(&pci_pme_list))
+- schedule_delayed_work(&pci_pme_work,
+- msecs_to_jiffies(PME_TIMEOUT));
++ queue_delayed_work(system_freezable_wq,
++ &pci_pme_work,
++ msecs_to_jiffies(PME_TIMEOUT));
+ mutex_unlock(&pci_pme_list_mutex);
+ } else {
+ mutex_lock(&pci_pme_list_mutex);
--- /dev/null
+From 30e7d894c1478c88d50ce94ddcdbd7f9763d9cdd Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 17 May 2017 10:19:49 +0200
+Subject: tracing/kprobes: Enforce kprobes teardown after testing
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 30e7d894c1478c88d50ce94ddcdbd7f9763d9cdd upstream.
+
+Enabling the tracer selftest triggers occasionally the warning in
+text_poke(), which warns when the to be modified page is not marked
+reserved.
+
+The reason is that the tracer selftest installs kprobes on functions marked
+__init for testing. These probes are removed after the tests, but that
+removal schedules the delayed kprobes_optimizer work, which will do the
+actual text poke. If the work is executed after the init text is freed,
+then the warning triggers. The bug can be reproduced reliably when the work
+delay is increased.
+
+Flush the optimizer work and wait for the optimizing/unoptimizing lists to
+become empty before returning from the kprobes tracer selftest. That
+ensures that all operations which were queued due to the probes removal
+have completed.
+
+Link: http://lkml.kernel.org/r/20170516094802.76a468bb@gandalf.local.home
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
+Fixes: 6274de498 ("kprobes: Support delayed unoptimizing")
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/kprobes.h | 4 +++-
+ kernel/kprobes.c | 2 +-
+ kernel/trace/trace_kprobe.c | 5 +++++
+ 3 files changed, 9 insertions(+), 2 deletions(-)
+
+--- a/include/linux/kprobes.h
++++ b/include/linux/kprobes.h
+@@ -327,7 +327,9 @@ extern int proc_kprobes_optimization_han
+ int write, void __user *buffer,
+ size_t *length, loff_t *ppos);
+ #endif
+-
++extern void wait_for_kprobe_optimizer(void);
++#else
++static inline void wait_for_kprobe_optimizer(void) { }
+ #endif /* CONFIG_OPTPROBES */
+ #ifdef CONFIG_KPROBES_ON_FTRACE
+ extern void kprobe_ftrace_handler(unsigned long ip, unsigned long parent_ip,
+--- a/kernel/kprobes.c
++++ b/kernel/kprobes.c
+@@ -563,7 +563,7 @@ static void kprobe_optimizer(struct work
+ }
+
+ /* Wait for completing optimization and unoptimization */
+-static void wait_for_kprobe_optimizer(void)
++void wait_for_kprobe_optimizer(void)
+ {
+ mutex_lock(&kprobe_mutex);
+
+--- a/kernel/trace/trace_kprobe.c
++++ b/kernel/trace/trace_kprobe.c
+@@ -1484,6 +1484,11 @@ static __init int kprobe_trace_self_test
+
+ end:
+ release_all_trace_kprobes();
++ /*
++ * Wait for the optimizer work to finish. Otherwise it might fiddle
++ * with probes in already freed __init text.
++ */
++ wait_for_kprobe_optimizer();
+ if (warn)
+ pr_cont("NG: Some tests are failed. Please check them.\n");
+ else
projects / thirdparty / kernel / stable-queue.git / commitdiff
