]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
3.10-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 1 Mar 2016 18:36:36 +0000 (10:36 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 1 Mar 2016 18:36:36 +0000 (10:36 -0800)
added patches:
s390-dasd-fix-refcount-for-pav-reassignment.patch
s390-dasd-prevent-incorrect-length-error-under-z-vm-after-pav-changes.patch
s390-fix-normalization-bug-in-exception-table-sorting.patch
uml-fix-hostfs-mknod.patch
uml-flush-stdout-before-forking.patch

queue-3.10/s390-dasd-fix-refcount-for-pav-reassignment.patch [new file with mode: 0644]
queue-3.10/s390-dasd-prevent-incorrect-length-error-under-z-vm-after-pav-changes.patch [new file with mode: 0644]
queue-3.10/s390-fix-normalization-bug-in-exception-table-sorting.patch [new file with mode: 0644]
queue-3.10/series
queue-3.10/uml-fix-hostfs-mknod.patch [new file with mode: 0644]
queue-3.10/uml-flush-stdout-before-forking.patch [new file with mode: 0644]

diff --git a/queue-3.10/s390-dasd-fix-refcount-for-pav-reassignment.patch b/queue-3.10/s390-dasd-fix-refcount-for-pav-reassignment.patch
new file mode 100644 (file)
index 0000000..ce6431b
--- /dev/null
@@ -0,0 +1,89 @@
+From 9d862ababb609439c5d6987f6d3ddd09e703aa0b Mon Sep 17 00:00:00 2001
+From: Stefan Haberland <stefan.haberland@de.ibm.com>
+Date: Tue, 15 Dec 2015 10:45:05 +0100
+Subject: s390/dasd: fix refcount for PAV reassignment
+
+From: Stefan Haberland <stefan.haberland@de.ibm.com>
+
+commit 9d862ababb609439c5d6987f6d3ddd09e703aa0b upstream.
+
+Add refcount to the DASD device when a summary unit check worker is
+scheduled. This prevents that the device is set offline with worker
+in place.
+
+Signed-off-by: Stefan Haberland <stefan.haberland@de.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/s390/block/dasd_alias.c |   21 ++++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+--- a/drivers/s390/block/dasd_alias.c
++++ b/drivers/s390/block/dasd_alias.c
+@@ -264,8 +264,10 @@ void dasd_alias_disconnect_device_from_l
+               spin_unlock_irqrestore(&lcu->lock, flags);
+               cancel_work_sync(&lcu->suc_data.worker);
+               spin_lock_irqsave(&lcu->lock, flags);
+-              if (device == lcu->suc_data.device)
++              if (device == lcu->suc_data.device) {
++                      dasd_put_device(device);
+                       lcu->suc_data.device = NULL;
++              }
+       }
+       was_pending = 0;
+       if (device == lcu->ruac_data.device) {
+@@ -273,8 +275,10 @@ void dasd_alias_disconnect_device_from_l
+               was_pending = 1;
+               cancel_delayed_work_sync(&lcu->ruac_data.dwork);
+               spin_lock_irqsave(&lcu->lock, flags);
+-              if (device == lcu->ruac_data.device)
++              if (device == lcu->ruac_data.device) {
++                      dasd_put_device(device);
+                       lcu->ruac_data.device = NULL;
++              }
+       }
+       private->lcu = NULL;
+       spin_unlock_irqrestore(&lcu->lock, flags);
+@@ -549,8 +553,10 @@ static void lcu_update_work(struct work_
+       if ((rc && (rc != -EOPNOTSUPP)) || (lcu->flags & NEED_UAC_UPDATE)) {
+               DBF_DEV_EVENT(DBF_WARNING, device, "could not update"
+                           " alias data in lcu (rc = %d), retry later", rc);
+-              schedule_delayed_work(&lcu->ruac_data.dwork, 30*HZ);
++              if (!schedule_delayed_work(&lcu->ruac_data.dwork, 30*HZ))
++                      dasd_put_device(device);
+       } else {
++              dasd_put_device(device);
+               lcu->ruac_data.device = NULL;
+               lcu->flags &= ~UPDATE_PENDING;
+       }
+@@ -593,8 +599,10 @@ static int _schedule_lcu_update(struct a
+        */
+       if (!usedev)
+               return -EINVAL;
++      dasd_get_device(usedev);
+       lcu->ruac_data.device = usedev;
+-      schedule_delayed_work(&lcu->ruac_data.dwork, 0);
++      if (!schedule_delayed_work(&lcu->ruac_data.dwork, 0))
++              dasd_put_device(usedev);
+       return 0;
+ }
+@@ -926,6 +934,7 @@ static void summary_unit_check_handling_
+       /* 3. read new alias configuration */
+       _schedule_lcu_update(lcu, device);
+       lcu->suc_data.device = NULL;
++      dasd_put_device(device);
+       spin_unlock_irqrestore(&lcu->lock, flags);
+ }
+@@ -985,6 +994,8 @@ void dasd_alias_handle_summary_unit_chec
+       }
+       lcu->suc_data.reason = reason;
+       lcu->suc_data.device = device;
++      dasd_get_device(device);
+       spin_unlock(&lcu->lock);
+-      schedule_work(&lcu->suc_data.worker);
++      if (!schedule_work(&lcu->suc_data.worker))
++              dasd_put_device(device);
+ };
diff --git a/queue-3.10/s390-dasd-prevent-incorrect-length-error-under-z-vm-after-pav-changes.patch b/queue-3.10/s390-dasd-prevent-incorrect-length-error-under-z-vm-after-pav-changes.patch
new file mode 100644 (file)
index 0000000..837d669
--- /dev/null
@@ -0,0 +1,34 @@
+From 020bf042e5b397479c1174081b935d0ff15d1a64 Mon Sep 17 00:00:00 2001
+From: Stefan Haberland <stefan.haberland@de.ibm.com>
+Date: Tue, 15 Dec 2015 10:16:43 +0100
+Subject: s390/dasd: prevent incorrect length error under z/VM after PAV changes
+
+From: Stefan Haberland <stefan.haberland@de.ibm.com>
+
+commit 020bf042e5b397479c1174081b935d0ff15d1a64 upstream.
+
+The channel checks the specified length and the provided amount of
+data for CCWs and provides an incorrect length error if the size does
+not match. Under z/VM with simulation activated the length may get
+changed. Having the suppress length indication bit set is stated as
+good CCW coding practice and avoids errors under z/VM.
+
+Signed-off-by: Stefan Haberland <stefan.haberland@de.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/s390/block/dasd_alias.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/s390/block/dasd_alias.c
++++ b/drivers/s390/block/dasd_alias.c
+@@ -722,7 +722,7 @@ static int reset_summary_unit_check(stru
+       ASCEBC((char *) &cqr->magic, 4);
+       ccw = cqr->cpaddr;
+       ccw->cmd_code = DASD_ECKD_CCW_RSCK;
+-      ccw->flags = 0 ;
++      ccw->flags = CCW_FLAG_SLI;
+       ccw->count = 16;
+       ccw->cda = (__u32)(addr_t) cqr->data;
+       ((char *)cqr->data)[0] = reason;
diff --git a/queue-3.10/s390-fix-normalization-bug-in-exception-table-sorting.patch b/queue-3.10/s390-fix-normalization-bug-in-exception-table-sorting.patch
new file mode 100644 (file)
index 0000000..f91b9ac
--- /dev/null
@@ -0,0 +1,57 @@
+From bcb7825a77f41c7dd91da6f7ac10b928156a322e Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Fri, 1 Jan 2016 13:39:22 +0100
+Subject: s390: fix normalization bug in exception table sorting
+
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+
+commit bcb7825a77f41c7dd91da6f7ac10b928156a322e upstream.
+
+The normalization pass in the sorting routine of the relative exception
+table serves two purposes:
+- it ensures that the address fields of the exception table entries are
+  fully ordered, so that no ambiguities arise between entries with
+  identical instruction offsets (i.e., when two instructions that are
+  exactly 8 bytes apart each have an exception table entry associated with
+  them)
+- it ensures that the offsets of both the instruction and the fixup fields
+  of each entry are relative to their final location after sorting.
+
+Commit eb608fb366de ("s390/exceptions: switch to relative exception table
+entries") ported the relative exception table format from x86, but modified
+the sorting routine to only normalize the instruction offset field and not
+the fixup offset field. The result is that the fixup offset of each entry
+will be relative to the original location of the entry before sorting,
+likely leading to crashes when those entries are dereferenced.
+
+Fixes: eb608fb366de ("s390/exceptions: switch to relative exception table entries")
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/mm/extable.c |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/arch/s390/mm/extable.c
++++ b/arch/s390/mm/extable.c
+@@ -52,12 +52,16 @@ void sort_extable(struct exception_table
+       int i;
+       /* Normalize entries to being relative to the start of the section */
+-      for (p = start, i = 0; p < finish; p++, i += 8)
++      for (p = start, i = 0; p < finish; p++, i += 8) {
+               p->insn += i;
++              p->fixup += i + 4;
++      }
+       sort(start, finish - start, sizeof(*start), cmp_ex, NULL);
+       /* Denormalize all entries */
+-      for (p = start, i = 0; p < finish; p++, i += 8)
++      for (p = start, i = 0; p < finish; p++, i += 8) {
+               p->insn -= i;
++              p->fixup -= i + 4;
++      }
+ }
+ #ifdef CONFIG_MODULES
index 07ff3a1a69592239a6be0136a8dc84be0c1124be..6962d835c63a390e71774085334f0c84c8209256 100644 (file)
@@ -48,3 +48,8 @@ btrfs-add-missing-brelse-when-superblock-checksum-fails.patch
 btrfs-igrab-inode-in-writepage.patch
 btrfs-send-don-t-bug_on-when-an-empty-symlink-is-found.patch
 btrfs-fix-number-of-transaction-units-required-to-create-symlink.patch
+s390-fix-normalization-bug-in-exception-table-sorting.patch
+s390-dasd-prevent-incorrect-length-error-under-z-vm-after-pav-changes.patch
+s390-dasd-fix-refcount-for-pav-reassignment.patch
+uml-flush-stdout-before-forking.patch
+uml-fix-hostfs-mknod.patch
diff --git a/queue-3.10/uml-fix-hostfs-mknod.patch b/queue-3.10/uml-fix-hostfs-mknod.patch
new file mode 100644 (file)
index 0000000..3e7dbc7
--- /dev/null
@@ -0,0 +1,69 @@
+From 9f2dfda2f2f1c6181c3732c16b85c59ab2d195e0 Mon Sep 17 00:00:00 2001
+From: Vegard Nossum <vegard.nossum@oracle.com>
+Date: Wed, 16 Dec 2015 21:59:56 +0100
+Subject: uml: fix hostfs mknod()
+
+From: Vegard Nossum <vegard.nossum@oracle.com>
+
+commit 9f2dfda2f2f1c6181c3732c16b85c59ab2d195e0 upstream.
+
+An inverted return value check in hostfs_mknod() caused the function
+to return success after handling it as an error (and cleaning up).
+
+It resulted in the following segfault when trying to bind() a named
+unix socket:
+
+  Pid: 198, comm: a.out Not tainted 4.4.0-rc4
+  RIP: 0033:[<0000000061077df6>]
+  RSP: 00000000daae5d60  EFLAGS: 00010202
+  RAX: 0000000000000000 RBX: 000000006092a460 RCX: 00000000dfc54208
+  RDX: 0000000061073ef1 RSI: 0000000000000070 RDI: 00000000e027d600
+  RBP: 00000000daae5de0 R08: 00000000da980ac0 R09: 0000000000000000
+  R10: 0000000000000003 R11: 00007fb1ae08f72a R12: 0000000000000000
+  R13: 000000006092a460 R14: 00000000daaa97c0 R15: 00000000daaa9a88
+  Kernel panic - not syncing: Kernel mode fault at addr 0x40, ip 0x61077df6
+  CPU: 0 PID: 198 Comm: a.out Not tainted 4.4.0-rc4 #1
+  Stack:
+   e027d620 dfc54208 0000006f da981398
+   61bee000 0000c1ed daae5de0 0000006e
+   e027d620 dfcd4208 00000005 6092a460
+  Call Trace:
+   [<60dedc67>] SyS_bind+0xf7/0x110
+   [<600587be>] handle_syscall+0x7e/0x80
+   [<60066ad7>] userspace+0x3e7/0x4e0
+   [<6006321f>] ? save_registers+0x1f/0x40
+   [<6006c88e>] ? arch_prctl+0x1be/0x1f0
+   [<60054985>] fork_handler+0x85/0x90
+
+Let's also get rid of the "cosmic ray protection" while we're at it.
+
+Fixes: e9193059b1b3 "hostfs: fix races in dentry_name() and inode_name()"
+Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
+Cc: Jeff Dike <jdike@addtoit.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/hostfs/hostfs_kern.c |    4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/fs/hostfs/hostfs_kern.c
++++ b/fs/hostfs/hostfs_kern.c
+@@ -720,15 +720,13 @@ static int hostfs_mknod(struct inode *di
+       init_special_inode(inode, mode, dev);
+       err = do_mknod(name, mode, MAJOR(dev), MINOR(dev));
+-      if (!err)
++      if (err)
+               goto out_free;
+       err = read_name(inode, name);
+       __putname(name);
+       if (err)
+               goto out_put;
+-      if (err)
+-              goto out_put;
+       d_instantiate(dentry, inode);
+       return 0;
diff --git a/queue-3.10/uml-flush-stdout-before-forking.patch b/queue-3.10/uml-flush-stdout-before-forking.patch
new file mode 100644 (file)
index 0000000..0d85567
--- /dev/null
@@ -0,0 +1,54 @@
+From 0754fb298f2f2719f0393491d010d46cfb25d043 Mon Sep 17 00:00:00 2001
+From: Vegard Nossum <vegard.nossum@oracle.com>
+Date: Fri, 18 Dec 2015 21:28:53 +0100
+Subject: uml: flush stdout before forking
+
+From: Vegard Nossum <vegard.nossum@oracle.com>
+
+commit 0754fb298f2f2719f0393491d010d46cfb25d043 upstream.
+
+I was seeing some really weird behaviour where piping UML's output
+somewhere would cause output to get duplicated:
+
+  $ ./vmlinux | head -n 40
+  Checking that ptrace can change system call numbers...Core dump limits :
+          soft - 0
+          hard - NONE
+  OK
+  Checking syscall emulation patch for ptrace...Core dump limits :
+          soft - 0
+          hard - NONE
+  OK
+  Checking advanced syscall emulation patch for ptrace...Core dump limits :
+          soft - 0
+          hard - NONE
+  OK
+  Core dump limits :
+          soft - 0
+          hard - NONE
+
+This is because these tests do a fork() which duplicates the non-empty
+stdout buffer, then glibc flushes the duplicated buffer as each child
+exits.
+
+A simple workaround is to flush before forking.
+
+Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/um/os-Linux/start_up.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/um/os-Linux/start_up.c
++++ b/arch/um/os-Linux/start_up.c
+@@ -95,6 +95,8 @@ static int start_ptraced_child(void)
+ {
+       int pid, n, status;
++      fflush(stdout);
++
+       pid = fork();
+       if (pid == 0)
+               ptrace_child();