--- /dev/null
+From 1ccf314452e5baf24903c7386b8b0ec34bdb88ee Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 23 Apr 2021 17:09:28 +0200
+Subject: openrisc: Fix a memory leak
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+[ Upstream commit c019d92457826bb7b2091c86f36adb5de08405f9 ]
+
+'setup_find_cpu_node()' take a reference on the node it returns.
+This reference must be decremented when not needed anymore, or there will
+be a leak.
+
+Add the missing 'of_node_put(cpu)'.
+
+Note that 'setup_cpuinfo()' that also calls this function already has a
+correct 'of_node_put(cpu)' at its end.
+
+Fixes: 9d02a4283e9c ("OpenRISC: Boot code")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: Stafford Horne <shorne@gmail.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/openrisc/kernel/setup.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/arch/openrisc/kernel/setup.c b/arch/openrisc/kernel/setup.c
+index b4ed8b36e078..e5f5b69a7b7b 100644
+--- a/arch/openrisc/kernel/setup.c
++++ b/arch/openrisc/kernel/setup.c
+@@ -278,6 +278,8 @@ void calibrate_delay(void)
+ pr_cont("%lu.%02lu BogoMIPS (lpj=%lu)\n",
+ loops_per_jiffy / (500000 / HZ),
+ (loops_per_jiffy / (5000 / HZ)) % 100, loops_per_jiffy);
++
++ of_node_put(cpu);
+ }
+
+ void __init setup_arch(char **cmdline_p)
+--
+2.30.2
+
--- /dev/null
+From 3667f03d0cf74926d5ca45d1ba6dc8100dd5e773 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 12 May 2021 15:33:08 +0200
+Subject: ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
+
+From: Oleg Nesterov <oleg@redhat.com>
+
+[ Upstream commit dbb5afad100a828c97e012c6106566d99f041db6 ]
+
+Suppose we have 2 threads, the group-leader L and a sub-theread T,
+both parked in ptrace_stop(). Debugger tries to resume both threads
+and does
+
+ ptrace(PTRACE_CONT, T);
+ ptrace(PTRACE_CONT, L);
+
+If the sub-thread T execs in between, the 2nd PTRACE_CONT doesn not
+resume the old leader L, it resumes the post-exec thread T which was
+actually now stopped in PTHREAD_EVENT_EXEC. In this case the
+PTHREAD_EVENT_EXEC event is lost, and the tracer can't know that the
+tracee changed its pid.
+
+This patch makes ptrace() fail in this case until debugger does wait()
+and consumes PTHREAD_EVENT_EXEC which reports old_pid. This affects all
+ptrace requests except the "asynchronous" PTRACE_INTERRUPT/KILL.
+
+The patch doesn't add the new PTRACE_ option to not complicate the API,
+and I _hope_ this won't cause any noticeable regression:
+
+ - If debugger uses PTRACE_O_TRACEEXEC and the thread did an exec
+ and the tracer does a ptrace request without having consumed
+ the exec event, it's 100% sure that the thread the ptracer
+ thinks it is targeting does not exist anymore, or isn't the
+ same as the one it thinks it is targeting.
+
+ - To some degree this patch adds nothing new. In the scenario
+ above ptrace(L) can fail with -ESRCH if it is called after the
+ execing sub-thread wakes the leader up and before it "steals"
+ the leader's pid.
+
+Test-case:
+
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <signal.h>
+ #include <sys/ptrace.h>
+ #include <sys/wait.h>
+ #include <errno.h>
+ #include <pthread.h>
+ #include <assert.h>
+
+ void *tf(void *arg)
+ {
+ execve("/usr/bin/true", NULL, NULL);
+ assert(0);
+
+ return NULL;
+ }
+
+ int main(void)
+ {
+ int leader = fork();
+ if (!leader) {
+ kill(getpid(), SIGSTOP);
+
+ pthread_t th;
+ pthread_create(&th, NULL, tf, NULL);
+ for (;;)
+ pause();
+
+ return 0;
+ }
+
+ waitpid(leader, NULL, WSTOPPED);
+
+ ptrace(PTRACE_SEIZE, leader, 0,
+ PTRACE_O_TRACECLONE | PTRACE_O_TRACEEXEC);
+ waitpid(leader, NULL, 0);
+
+ ptrace(PTRACE_CONT, leader, 0,0);
+ waitpid(leader, NULL, 0);
+
+ int status, thread = waitpid(-1, &status, 0);
+ assert(thread > 0 && thread != leader);
+ assert(status == 0x80137f);
+
+ ptrace(PTRACE_CONT, thread, 0,0);
+ /*
+ * waitid() because waitpid(leader, &status, WNOWAIT) does not
+ * report status. Why ????
+ *
+ * Why WEXITED? because we have another kernel problem connected
+ * to mt-exec.
+ */
+ siginfo_t info;
+ assert(waitid(P_PID, leader, &info, WSTOPPED|WEXITED|WNOWAIT) == 0);
+ assert(info.si_pid == leader && info.si_status == 0x0405);
+
+ /* OK, it sleeps in ptrace(PTRACE_EVENT_EXEC == 0x04) */
+ assert(ptrace(PTRACE_CONT, leader, 0,0) == -1);
+ assert(errno == ESRCH);
+
+ assert(leader == waitpid(leader, &status, WNOHANG));
+ assert(status == 0x04057f);
+
+ assert(ptrace(PTRACE_CONT, leader, 0,0) == 0);
+
+ return 0;
+ }
+
+Signed-off-by: Oleg Nesterov <oleg@redhat.com>
+Reported-by: Simon Marchi <simon.marchi@efficios.com>
+Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Acked-by: Pedro Alves <palves@redhat.com>
+Acked-by: Simon Marchi <simon.marchi@efficios.com>
+Acked-by: Jan Kratochvil <jan.kratochvil@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/ptrace.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/kernel/ptrace.c b/kernel/ptrace.c
+index da8c358930fb..5a1d8cc7ef4e 100644
+--- a/kernel/ptrace.c
++++ b/kernel/ptrace.c
+@@ -129,6 +129,21 @@ void __ptrace_unlink(struct task_struct *child)
+ spin_unlock(&child->sighand->siglock);
+ }
+
++static bool looks_like_a_spurious_pid(struct task_struct *task)
++{
++ if (task->exit_code != ((PTRACE_EVENT_EXEC << 8) | SIGTRAP))
++ return false;
++
++ if (task_pid_vnr(task) == task->ptrace_message)
++ return false;
++ /*
++ * The tracee changed its pid but the PTRACE_EVENT_EXEC event
++ * was not wait()'ed, most probably debugger targets the old
++ * leader which was destroyed in de_thread().
++ */
++ return true;
++}
++
+ /* Ensure that nothing can wake it up, even SIGKILL */
+ static bool ptrace_freeze_traced(struct task_struct *task)
+ {
+@@ -139,7 +154,8 @@ static bool ptrace_freeze_traced(struct task_struct *task)
+ return ret;
+
+ spin_lock_irq(&task->sighand->siglock);
+- if (task_is_traced(task) && !__fatal_signal_pending(task)) {
++ if (task_is_traced(task) && !looks_like_a_spurious_pid(task) &&
++ !__fatal_signal_pending(task)) {
+ task->state = __TASK_TRACED;
+ ret = true;
+ }
+--
+2.30.2
+
--- /dev/null
+From dba8b8e50fd37112c30f7e835847bd0dd345b253 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 14 May 2021 17:09:52 +0800
+Subject: scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword()
+
+From: Zhen Lei <thunder.leizhen@huawei.com>
+
+[ Upstream commit 5cb289bf2d7c34ca1abd794ce116c4f19185a1d4 ]
+
+Fix to return a negative error code from the error handling case instead of
+0 as done elsewhere in this function.
+
+Link: https://lore.kernel.org/r/20210514090952.6715-1-thunder.leizhen@huawei.com
+Fixes: a9083016a531 ("[SCSI] qla2xxx: Add ISP82XX support.")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/qla2xxx/qla_nx.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/scsi/qla2xxx/qla_nx.c b/drivers/scsi/qla2xxx/qla_nx.c
+index 65f8d2d94159..46f7e3988009 100644
+--- a/drivers/scsi/qla2xxx/qla_nx.c
++++ b/drivers/scsi/qla2xxx/qla_nx.c
+@@ -1103,7 +1103,8 @@ qla82xx_write_flash_dword(struct qla_hw_data *ha, uint32_t flashaddr,
+ return ret;
+ }
+
+- if (qla82xx_flash_set_write_enable(ha))
++ ret = qla82xx_flash_set_write_enable(ha);
++ if (ret < 0)
+ goto done_write;
+
+ qla82xx_wr_32(ha, QLA82XX_ROMUSB_ROM_WDATA, data);
+--
+2.30.2
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
