+++ /dev/null
-From 49e67dd17649b60b4d54966e18ec9c80198227f0 Mon Sep 17 00:00:00 2001
-From: Johan Hovold <johan@kernel.org>
-Date: Wed, 17 May 2017 17:29:09 +0200
-Subject: of: fdt: add missing allocation-failure check
-
-From: Johan Hovold <johan@kernel.org>
-
-commit 49e67dd17649b60b4d54966e18ec9c80198227f0 upstream.
-
-The memory allocator passed to __unflatten_device_tree() (e.g. a wrapped
-kzalloc) can fail so add the missing sanity check to avoid dereferencing
-a NULL pointer.
-
-Fixes: fe14042358fa ("of/flattree: Refactor unflatten_device_tree and add fdt_unflatten_tree")
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Signed-off-by: Rob Herring <robh@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/of/fdt.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/drivers/of/fdt.c
-+++ b/drivers/of/fdt.c
-@@ -416,6 +416,9 @@ static void __unflatten_device_tree(cons
-
- /* Allocate memory for the expanded device tree */
- mem = dt_alloc(size + 4, __alignof__(struct device_node));
-+ if (!mem)
-+ return NULL;
-+
- memset(mem, 0, size);
-
- *(__be32 *)(mem + size) = cpu_to_be32(0xdeadbeef);
--- /dev/null
+From 3fd37226216620c1a468afa999739d5016fbc349 Mon Sep 17 00:00:00 2001
+From: Kirill Tkhai <ktkhai@virtuozzo.com>
+Date: Fri, 12 May 2017 19:11:31 +0300
+Subject: pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes()
+
+From: Kirill Tkhai <ktkhai@virtuozzo.com>
+
+commit 3fd37226216620c1a468afa999739d5016fbc349 upstream.
+
+Imagine we have a pid namespace and a task from its parent's pid_ns,
+which made setns() to the pid namespace. The task is doing fork(),
+while the pid namespace's child reaper is dying. We have the race
+between them:
+
+Task from parent pid_ns Child reaper
+copy_process() ..
+ alloc_pid() ..
+ .. zap_pid_ns_processes()
+ .. disable_pid_allocation()
+ .. read_lock(&tasklist_lock)
+ .. iterate over pids in pid_ns
+ .. kill tasks linked to pids
+ .. read_unlock(&tasklist_lock)
+ write_lock_irq(&tasklist_lock); ..
+ attach_pid(p, PIDTYPE_PID); ..
+ .. ..
+
+So, just created task p won't receive SIGKILL signal,
+and the pid namespace will be in contradictory state.
+Only manual kill will help there, but does the userspace
+care about this? I suppose, the most users just inject
+a task into a pid namespace and wait a SIGCHLD from it.
+
+The patch fixes the problem. It simply checks for
+(pid_ns->nr_hashed & PIDNS_HASH_ADDING) in copy_process().
+We do it under the tasklist_lock, and can't skip
+PIDNS_HASH_ADDING as noted by Oleg:
+
+"zap_pid_ns_processes() does disable_pid_allocation()
+and then takes tasklist_lock to kill the whole namespace.
+Given that copy_process() checks PIDNS_HASH_ADDING
+under write_lock(tasklist) they can't race;
+if copy_process() takes this lock first, the new child will
+be killed, otherwise copy_process() can't miss
+the change in ->nr_hashed."
+
+If allocation is disabled, we just return -ENOMEM
+like it's made for such cases in alloc_pid().
+
+v2: Do not move disable_pid_allocation(), do not
+introduce a new variable in copy_process() and simplify
+the patch as suggested by Oleg Nesterov.
+Account the problem with double irq enabling
+found by Eric W. Biederman.
+
+Fixes: c876ad768215 ("pidns: Stop pid allocation when init dies")
+Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
+CC: Andrew Morton <akpm@linux-foundation.org>
+CC: Ingo Molnar <mingo@kernel.org>
+CC: Peter Zijlstra <peterz@infradead.org>
+CC: Oleg Nesterov <oleg@redhat.com>
+CC: Mike Rapoport <rppt@linux.vnet.ibm.com>
+CC: Michal Hocko <mhocko@suse.com>
+CC: Andy Lutomirski <luto@kernel.org>
+CC: "Eric W. Biederman" <ebiederm@xmission.com>
+CC: Andrei Vagin <avagin@openvz.org>
+CC: Cyrill Gorcunov <gorcunov@openvz.org>
+CC: Serge Hallyn <serge@hallyn.com>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/fork.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -1590,11 +1590,13 @@ static struct task_struct *copy_process(
+ */
+ recalc_sigpending();
+ if (signal_pending(current)) {
+- spin_unlock(¤t->sighand->siglock);
+- write_unlock_irq(&tasklist_lock);
+ retval = -ERESTARTNOINTR;
+ goto bad_fork_cancel_cgroup;
+ }
++ if (unlikely(!(ns_of_pid(pid)->nr_hashed & PIDNS_HASH_ADDING))) {
++ retval = -ENOMEM;
++ goto bad_fork_cancel_cgroup;
++ }
+
+ if (likely(p->pid)) {
+ ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
+@@ -1645,6 +1647,8 @@ static struct task_struct *copy_process(
+ return p;
+
+ bad_fork_cancel_cgroup:
++ spin_unlock(¤t->sighand->siglock);
++ write_unlock_irq(&tasklist_lock);
+ cgroup_cancel_fork(p, cgrp_ss_priv);
+ bad_fork_free_pid:
+ threadgroup_change_end(current);
--- /dev/null
+From b9a985db98961ae1ba0be169f19df1c567e4ffe0 Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Thu, 11 May 2017 18:21:01 -0500
+Subject: pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes
+
+From: Eric W. Biederman <ebiederm@xmission.com>
+
+commit b9a985db98961ae1ba0be169f19df1c567e4ffe0 upstream.
+
+The code can potentially sleep for an indefinite amount of time in
+zap_pid_ns_processes triggering the hung task timeout, and increasing
+the system average. This is undesirable. Sleep with a task state of
+TASK_INTERRUPTIBLE instead of TASK_UNINTERRUPTIBLE to remove these
+undesirable side effects.
+
+Apparently under heavy load this has been allowing Chrome to trigger
+the hung time task timeout error and cause ChromeOS to reboot.
+
+Reported-by: Vovo Yang <vovoy@google.com>
+Reported-by: Guenter Roeck <linux@roeck-us.net>
+Tested-by: Guenter Roeck <linux@roeck-us.net>
+Fixes: 6347e9009104 ("pidns: guarantee that the pidns init will be the last pidns process reaped")
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/pid_namespace.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/pid_namespace.c
++++ b/kernel/pid_namespace.c
+@@ -255,7 +255,7 @@ void zap_pid_ns_processes(struct pid_nam
+ * if reparented.
+ */
+ for (;;) {
+- set_current_state(TASK_UNINTERRUPTIBLE);
++ set_current_state(TASK_INTERRUPTIBLE);
+ if (pid_ns->nr_hashed == init_pids)
+ break;
+ schedule();
cdc-acm-fix-possible-invalid-access-when-processing-notification.patch
proc-fix-unbalanced-hard-link-numbers.patch
of-fix-sparse-warning-in-of_pci_range_parser_one.patch
-of-fdt-add-missing-allocation-failure-check.patch
iio-dac-ad7303-fix-channel-description.patch
+pid_ns-sleep-in-task_interruptible-in-zap_pid_ns_processes.patch
+pid_ns-fix-race-between-setns-ed-fork-and-zap_pid_ns_processes.patch
+usb-serial-ftdi_sio-fix-setting-latency-for-unprivileged-users.patch
+usb-serial-ftdi_sio-add-olimex-arm-usb-tiny-h-pids.patch
--- /dev/null
+From 5f63424ab7daac840df2b12dd5bcc5b38d50f779 Mon Sep 17 00:00:00 2001
+From: Andrey Korolyov <andrey@xdel.ru>
+Date: Tue, 16 May 2017 23:54:41 +0300
+Subject: USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs
+
+From: Andrey Korolyov <andrey@xdel.ru>
+
+commit 5f63424ab7daac840df2b12dd5bcc5b38d50f779 upstream.
+
+This patch adds support for recognition of ARM-USB-TINY(H) devices which
+are almost identical to ARM-USB-OCD(H) but lacking separate barrel jack
+and serial console.
+
+By suggestion from Johan Hovold it is possible to replace
+ftdi_jtag_quirk with a bit more generic construction. Since all
+Olimex-ARM debuggers has exactly two ports, we could safely always use
+only second port within the debugger family.
+
+Signed-off-by: Andrey Korolyov <andrey@xdel.ru>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ftdi_sio.c | 8 ++++----
+ drivers/usb/serial/ftdi_sio_ids.h | 2 ++
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -809,10 +809,10 @@ static const struct usb_device_id id_tab
+ { USB_DEVICE(FTDI_VID, FTDI_PROPOX_ISPCABLEIII_PID) },
+ { USB_DEVICE(FTDI_VID, CYBER_CORTEX_AV_PID),
+ .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
+- { USB_DEVICE(OLIMEX_VID, OLIMEX_ARM_USB_OCD_PID),
+- .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
+- { USB_DEVICE(OLIMEX_VID, OLIMEX_ARM_USB_OCD_H_PID),
+- .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
++ { USB_DEVICE_INTERFACE_NUMBER(OLIMEX_VID, OLIMEX_ARM_USB_OCD_PID, 1) },
++ { USB_DEVICE_INTERFACE_NUMBER(OLIMEX_VID, OLIMEX_ARM_USB_OCD_H_PID, 1) },
++ { USB_DEVICE_INTERFACE_NUMBER(OLIMEX_VID, OLIMEX_ARM_USB_TINY_PID, 1) },
++ { USB_DEVICE_INTERFACE_NUMBER(OLIMEX_VID, OLIMEX_ARM_USB_TINY_H_PID, 1) },
+ { USB_DEVICE(FIC_VID, FIC_NEO1973_DEBUG_PID),
+ .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
+ { USB_DEVICE(FTDI_VID, FTDI_OOCDLINK_PID),
+--- a/drivers/usb/serial/ftdi_sio_ids.h
++++ b/drivers/usb/serial/ftdi_sio_ids.h
+@@ -882,6 +882,8 @@
+ /* Olimex */
+ #define OLIMEX_VID 0x15BA
+ #define OLIMEX_ARM_USB_OCD_PID 0x0003
++#define OLIMEX_ARM_USB_TINY_PID 0x0004
++#define OLIMEX_ARM_USB_TINY_H_PID 0x002a
+ #define OLIMEX_ARM_USB_OCD_H_PID 0x002b
+
+ /*
--- /dev/null
+From bb246681b3ed0967489a7401ad528c1aaa1a4c2e Mon Sep 17 00:00:00 2001
+From: Anthony Mallet <anthony.mallet@laas.fr>
+Date: Fri, 5 May 2017 17:30:16 +0200
+Subject: USB: serial: ftdi_sio: fix setting latency for unprivileged users
+
+From: Anthony Mallet <anthony.mallet@laas.fr>
+
+commit bb246681b3ed0967489a7401ad528c1aaa1a4c2e upstream.
+
+Commit 557aaa7ffab6 ("ft232: support the ASYNC_LOW_LATENCY
+flag") enables unprivileged users to set the FTDI latency timer,
+but there was a logic flaw that skipped sending the corresponding
+USB control message to the device.
+
+Specifically, the device latency timer would not be updated until next
+open, something which was later also inadvertently broken by commit
+c19db4c9e49a ("USB: ftdi_sio: set device latency timeout at port
+probe").
+
+A recent commit c6dce2626606 ("USB: serial: ftdi_sio: fix extreme
+low-latency setting") disabled the low-latency mode by default so we now
+need this fix to allow unprivileged users to again enable it.
+
+Signed-off-by: Anthony Mallet <anthony.mallet@laas.fr>
+[johan: amend commit message]
+Fixes: 557aaa7ffab6 ("ft232: support the ASYNC_LOW_LATENCY flag")
+Fixes: c19db4c9e49a ("USB: ftdi_sio: set device latency timeout at port probe").
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ftdi_sio.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -1508,9 +1508,9 @@ static int set_serial_info(struct tty_st
+ (new_serial.flags & ASYNC_FLAGS));
+ priv->custom_divisor = new_serial.custom_divisor;
+
++check_and_exit:
+ write_latency_timer(port);
+
+-check_and_exit:
+ if ((old_priv.flags & ASYNC_SPD_MASK) !=
+ (priv->flags & ASYNC_SPD_MASK)) {
+ if ((priv->flags & ASYNC_SPD_MASK) == ASYNC_SPD_HI)
projects / thirdparty / kernel / stable-queue.git / commitdiff
