--- /dev/null
+From 81ddd8c0c5e1cb41184d66567140cb48c53eb3d1 Mon Sep 17 00:00:00 2001
+From: Rabin Vincent <rabinv@axis.com>
+Date: Fri, 13 Jan 2017 15:00:16 +0100
+Subject: cifs: initialize file_info_lock
+
+From: Rabin Vincent <rabinv@axis.com>
+
+commit 81ddd8c0c5e1cb41184d66567140cb48c53eb3d1 upstream.
+
+Reviewed-by: Jeff Layton <jlayton@redhat.com>
+
+file_info_lock is not initalized in initiate_cifs_search(), leading to the
+following splat after a simple "mount.cifs ... dir && ls dir/":
+
+ BUG: spinlock bad magic on CPU#0, ls/486
+ lock: 0xffff880009301110, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
+ CPU: 0 PID: 486 Comm: ls Not tainted 4.9.0 #27
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
+ ffffc900042f3db0 ffffffff81327533 0000000000000000 ffff880009301110
+ ffffc900042f3dd0 ffffffff810baf75 ffff880009301110 ffffffff817ae077
+ ffffc900042f3df0 ffffffff810baff6 ffff880009301110 ffff880008d69900
+ Call Trace:
+ [<ffffffff81327533>] dump_stack+0x65/0x92
+ [<ffffffff810baf75>] spin_dump+0x85/0xe0
+ [<ffffffff810baff6>] spin_bug+0x26/0x30
+ [<ffffffff810bb159>] do_raw_spin_lock+0xe9/0x130
+ [<ffffffff8159ad2f>] _raw_spin_lock+0x1f/0x30
+ [<ffffffff8127e50d>] cifs_closedir+0x4d/0x100
+ [<ffffffff81181cfd>] __fput+0x5d/0x160
+ [<ffffffff81181e3e>] ____fput+0xe/0x10
+ [<ffffffff8109410e>] task_work_run+0x7e/0xa0
+ [<ffffffff81002512>] exit_to_usermode_loop+0x92/0xa0
+ [<ffffffff810026f9>] syscall_return_slowpath+0x49/0x50
+ [<ffffffff8159b484>] entry_SYSCALL_64_fastpath+0xa7/0xa9
+
+Fixes: 3afca265b5f53a0 ("Clarify locking of cifs file and tcon structures and make more granular")
+Signed-off-by: Rabin Vincent <rabinv@axis.com>
+Signed-off-by: Steve French <smfrench@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/readdir.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/cifs/readdir.c
++++ b/fs/cifs/readdir.c
+@@ -282,6 +282,7 @@ initiate_cifs_search(const unsigned int
+ rc = -ENOMEM;
+ goto error_exit;
+ }
++ spin_lock_init(&cifsFile->file_info_lock);
+ file->private_data = cifsFile;
+ cifsFile->tlink = cifs_get_tlink(tlink);
+ tcon = tlink_tcon(tlink);
--- /dev/null
+From 5abf186a30a89d5b9c18a6bf93a2c192c9fd52f6 Mon Sep 17 00:00:00 2001
+From: Michal Hocko <mhocko@suse.com>
+Date: Fri, 3 Feb 2017 13:13:29 -0800
+Subject: mm, fs: check for fatal signals in do_generic_file_read()
+
+From: Michal Hocko <mhocko@suse.com>
+
+commit 5abf186a30a89d5b9c18a6bf93a2c192c9fd52f6 upstream.
+
+do_generic_file_read() can be told to perform a large request from
+userspace. If the system is under OOM and the reading task is the OOM
+victim then it has an access to memory reserves and finishing the full
+request can lead to the full memory depletion which is dangerous. Make
+sure we rather go with a short read and allow the killed task to
+terminate.
+
+Link: http://lkml.kernel.org/r/20170201092706.9966-3-mhocko@kernel.org
+Signed-off-by: Michal Hocko <mhocko@suse.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/filemap.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/mm/filemap.c
++++ b/mm/filemap.c
+@@ -1559,6 +1559,11 @@ static ssize_t do_generic_file_read(stru
+
+ cond_resched();
+ find_page:
++ if (fatal_signal_pending(current)) {
++ error = -EINTR;
++ goto out;
++ }
++
+ page = find_get_page(mapping, index);
+ if (!page) {
+ page_cache_sync_readahead(mapping,
--- /dev/null
+From deb88a2a19e85842d79ba96b05031739ec327ff4 Mon Sep 17 00:00:00 2001
+From: Toshi Kani <toshi.kani@hpe.com>
+Date: Fri, 3 Feb 2017 13:13:20 -0800
+Subject: mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone()
+
+From: Toshi Kani <toshi.kani@hpe.com>
+
+commit deb88a2a19e85842d79ba96b05031739ec327ff4 upstream.
+
+Patch series "fix a kernel oops when reading sysfs valid_zones", v2.
+
+A sysfs memory file is created for each 2GiB memory block on x86-64 when
+the system has 64GiB or more memory. [1] When the start address of a
+memory block is not backed by struct page, i.e. a memory range is not
+aligned by 2GiB, reading its 'valid_zones' attribute file leads to a
+kernel oops. This issue was observed on multiple x86-64 systems with
+more than 64GiB of memory. This patch-set fixes this issue.
+
+Patch 1 first fixes an issue in test_pages_in_a_zone(), which does not
+test the start section.
+
+Patch 2 then fixes the kernel oops by extending test_pages_in_a_zone()
+to return valid [start, end).
+
+Note for stable kernels: The memory block size change was made by commit
+bdee237c0343 ("x86: mm: Use 2GB memory block size on large-memory x86-64
+systems"), which was accepted to 3.9. However, this patch-set depends
+on (and fixes) the change to test_pages_in_a_zone() made by commit
+5f0f2887f4de ("mm/memory_hotplug.c: check for missing sections in
+test_pages_in_a_zone()"), which was accepted to 4.4.
+
+So, I recommend that we backport it up to 4.4.
+
+[1] 'Commit bdee237c0343 ("x86: mm: Use 2GB memory block size on
+ large-memory x86-64 systems")'
+
+This patch (of 2):
+
+test_pages_in_a_zone() does not check 'start_pfn' when it is aligned by
+section since 'sec_end_pfn' is set equal to 'pfn'. Since this function
+is called for testing the range of a sysfs memory file, 'start_pfn' is
+always aligned by section.
+
+Fix it by properly setting 'sec_end_pfn' to the next section pfn.
+
+Also make sure that this function returns 1 only when the range belongs
+to a zone.
+
+Link: http://lkml.kernel.org/r/20170127222149.30893-2-toshi.kani@hpe.com
+Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
+Cc: Andrew Banman <abanman@sgi.com>
+Cc: Reza Arbab <arbab@linux.vnet.ibm.com>
+Cc: Greg KH <greg@kroah.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/memory_hotplug.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+--- a/mm/memory_hotplug.c
++++ b/mm/memory_hotplug.c
+@@ -1371,7 +1371,7 @@ int is_mem_section_removable(unsigned lo
+ }
+
+ /*
+- * Confirm all pages in a range [start, end) is belongs to the same zone.
++ * Confirm all pages in a range [start, end) belong to the same zone.
+ */
+ int test_pages_in_a_zone(unsigned long start_pfn, unsigned long end_pfn)
+ {
+@@ -1379,9 +1379,9 @@ int test_pages_in_a_zone(unsigned long s
+ struct zone *zone = NULL;
+ struct page *page;
+ int i;
+- for (pfn = start_pfn, sec_end_pfn = SECTION_ALIGN_UP(start_pfn);
++ for (pfn = start_pfn, sec_end_pfn = SECTION_ALIGN_UP(start_pfn + 1);
+ pfn < end_pfn;
+- pfn = sec_end_pfn + 1, sec_end_pfn += PAGES_PER_SECTION) {
++ pfn = sec_end_pfn, sec_end_pfn += PAGES_PER_SECTION) {
+ /* Make sure the memory section is present first */
+ if (!present_section_nr(pfn_to_section_nr(pfn)))
+ continue;
+@@ -1400,7 +1400,11 @@ int test_pages_in_a_zone(unsigned long s
+ zone = page_zone(page);
+ }
+ }
+- return 1;
++
++ if (zone)
++ return 1;
++ else
++ return 0;
+ }
+
+ /*
nfsd-fix-a-null-reference-case-in-find_or_create_lock_stateid.patch
svcrpc-fix-oops-in-absence-of-krb5-module.patch
zswap-disable-changing-params-if-init-fails.patch
+cifs-initialize-file_info_lock.patch
+mm-memory_hotplug.c-check-start_pfn-in-test_pages_in_a_zone.patch
+mm-fs-check-for-fatal-signals-in-do_generic_file_read.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
