--- /dev/null
+From d60229d84846a8399257006af9c5444599f64361 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Fri, 22 Nov 2019 13:13:54 +0000
+Subject: ALSA: cs4236: fix error return comparison of an unsigned integer
+
+From: Colin Ian King <colin.king@canonical.com>
+
+commit d60229d84846a8399257006af9c5444599f64361 upstream.
+
+The return from pnp_irq is an unsigned integer type resource_size_t
+and hence the error check for a positive non-error code is always
+going to be true. A check for a non-failure return from pnp_irq
+should in fact be for (resource_size_t)-1 rather than >= 0.
+
+Addresses-Coverity: ("Unsigned compared against 0")
+Fixes: a9824c868a2c ("[ALSA] Add CS4232 PnP BIOS support")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Link: https://lore.kernel.org/r/20191122131354.58042-1-colin.king@canonical.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/isa/cs423x/cs4236.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/sound/isa/cs423x/cs4236.c
++++ b/sound/isa/cs423x/cs4236.c
+@@ -293,7 +293,8 @@ static int snd_cs423x_pnp_init_mpu(int d
+ } else {
+ mpu_port[dev] = pnp_port_start(pdev, 0);
+ if (mpu_irq[dev] >= 0 &&
+- pnp_irq_valid(pdev, 0) && pnp_irq(pdev, 0) >= 0) {
++ pnp_irq_valid(pdev, 0) &&
++ pnp_irq(pdev, 0) != (resource_size_t)-1) {
+ mpu_irq[dev] = pnp_irq(pdev, 0);
+ } else {
+ mpu_irq[dev] = -1; /* disable interrupt */
--- /dev/null
+From 0929249e3be3bb82ee6cfec0025f4dde952210b3 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 30 Oct 2019 11:09:21 +0100
+Subject: ALSA: firewire-motu: Correct a typo in the clock proc string
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 0929249e3be3bb82ee6cfec0025f4dde952210b3 upstream.
+
+Just fix a typo of "S/PDIF" in the clock name string.
+
+Fixes: 4638ec6ede08 ("ALSA: firewire-motu: add proc node to show current statuc of clock and packet formats")
+Acked-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Link: https://lore.kernel.org/r/20191030100921.3826-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/motu/motu-proc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/firewire/motu/motu-proc.c
++++ b/sound/firewire/motu/motu-proc.c
+@@ -17,7 +17,7 @@ static const char *const clock_names[] =
+ [SND_MOTU_CLOCK_SOURCE_SPDIF_ON_OPT] = "S/PDIF on optical interface",
+ [SND_MOTU_CLOCK_SOURCE_SPDIF_ON_OPT_A] = "S/PDIF on optical interface A",
+ [SND_MOTU_CLOCK_SOURCE_SPDIF_ON_OPT_B] = "S/PDIF on optical interface B",
+- [SND_MOTU_CLOCK_SOURCE_SPDIF_ON_COAX] = "S/PCIF on coaxial interface",
++ [SND_MOTU_CLOCK_SOURCE_SPDIF_ON_COAX] = "S/PDIF on coaxial interface",
+ [SND_MOTU_CLOCK_SOURCE_AESEBU_ON_XLR] = "AESEBU on XLR interface",
+ [SND_MOTU_CLOCK_SOURCE_WORD_ON_BNC] = "Word clock on BNC interface",
+ };
--- /dev/null
+From 8c62ed27a12c00e3db1c9f04bc0f272bdbb06734 Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Thu, 2 Jan 2020 05:31:22 -0800
+Subject: apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock
+
+From: John Johansen <john.johansen@canonical.com>
+
+commit 8c62ed27a12c00e3db1c9f04bc0f272bdbb06734 upstream.
+
+aa_xattrs_match() is unfortunately calling vfs_getxattr_alloc() from a
+context protected by an rcu_read_lock. This can not be done as
+vfs_getxattr_alloc() may sleep regardles of the gfp_t value being
+passed to it.
+
+Fix this by breaking the rcu_read_lock on the policy search when the
+xattr match feature is requested and restarting the search if a policy
+changes occur.
+
+Fixes: 8e51f9087f40 ("apparmor: Add support for attaching profiles via xattr, presence and value")
+Reported-by: Jia-Ju Bai <baijiaju1990@gmail.com>
+Reported-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/apparmor/apparmorfs.c | 2 -
+ security/apparmor/domain.c | 80 +++++++++++++++++++++--------------------
+ security/apparmor/policy.c | 4 +-
+ 3 files changed, 45 insertions(+), 41 deletions(-)
+
+--- a/security/apparmor/apparmorfs.c
++++ b/security/apparmor/apparmorfs.c
+@@ -593,7 +593,7 @@ static __poll_t ns_revision_poll(struct
+
+ void __aa_bump_ns_revision(struct aa_ns *ns)
+ {
+- ns->revision++;
++ WRITE_ONCE(ns->revision, ns->revision + 1);
+ wake_up_interruptible(&ns->wait);
+ }
+
+--- a/security/apparmor/domain.c
++++ b/security/apparmor/domain.c
+@@ -321,6 +321,7 @@ static int aa_xattrs_match(const struct
+
+ if (!bprm || !profile->xattr_count)
+ return 0;
++ might_sleep();
+
+ /* transition from exec match to xattr set */
+ state = aa_dfa_null_transition(profile->xmatch, state);
+@@ -365,10 +366,11 @@ out:
+ }
+
+ /**
+- * __attach_match_ - find an attachment match
++ * find_attach - do attachment search for unconfined processes
+ * @bprm - binprm structure of transitioning task
+- * @name - to match against (NOT NULL)
++ * @ns: the current namespace (NOT NULL)
+ * @head - profile list to walk (NOT NULL)
++ * @name - to match against (NOT NULL)
+ * @info - info message if there was an error (NOT NULL)
+ *
+ * Do a linear search on the profiles in the list. There is a matching
+@@ -378,12 +380,11 @@ out:
+ *
+ * Requires: @head not be shared or have appropriate locks held
+ *
+- * Returns: profile or NULL if no match found
++ * Returns: label or NULL if no match found
+ */
+-static struct aa_profile *__attach_match(const struct linux_binprm *bprm,
+- const char *name,
+- struct list_head *head,
+- const char **info)
++static struct aa_label *find_attach(const struct linux_binprm *bprm,
++ struct aa_ns *ns, struct list_head *head,
++ const char *name, const char **info)
+ {
+ int candidate_len = 0, candidate_xattrs = 0;
+ bool conflict = false;
+@@ -392,6 +393,8 @@ static struct aa_profile *__attach_match
+ AA_BUG(!name);
+ AA_BUG(!head);
+
++ rcu_read_lock();
++restart:
+ list_for_each_entry_rcu(profile, head, base.list) {
+ if (profile->label.flags & FLAG_NULL &&
+ &profile->label == ns_unconfined(profile->ns))
+@@ -417,16 +420,32 @@ static struct aa_profile *__attach_match
+ perm = dfa_user_allow(profile->xmatch, state);
+ /* any accepting state means a valid match. */
+ if (perm & MAY_EXEC) {
+- int ret;
++ int ret = 0;
+
+ if (count < candidate_len)
+ continue;
+
+- ret = aa_xattrs_match(bprm, profile, state);
+- /* Fail matching if the xattrs don't match */
+- if (ret < 0)
+- continue;
++ if (bprm && profile->xattr_count) {
++ long rev = READ_ONCE(ns->revision);
+
++ if (!aa_get_profile_not0(profile))
++ goto restart;
++ rcu_read_unlock();
++ ret = aa_xattrs_match(bprm, profile,
++ state);
++ rcu_read_lock();
++ aa_put_profile(profile);
++ if (rev !=
++ READ_ONCE(ns->revision))
++ /* policy changed */
++ goto restart;
++ /*
++ * Fail matching if the xattrs don't
++ * match
++ */
++ if (ret < 0)
++ continue;
++ }
+ /*
+ * TODO: allow for more flexible best match
+ *
+@@ -449,43 +468,28 @@ static struct aa_profile *__attach_match
+ candidate_xattrs = ret;
+ conflict = false;
+ }
+- } else if (!strcmp(profile->base.name, name))
++ } else if (!strcmp(profile->base.name, name)) {
+ /*
+ * old exact non-re match, without conditionals such
+ * as xattrs. no more searching required
+ */
+- return profile;
++ candidate = profile;
++ goto out;
++ }
+ }
+
+- if (conflict) {
+- *info = "conflicting profile attachments";
++ if (!candidate || conflict) {
++ if (conflict)
++ *info = "conflicting profile attachments";
++ rcu_read_unlock();
+ return NULL;
+ }
+
+- return candidate;
+-}
+-
+-/**
+- * find_attach - do attachment search for unconfined processes
+- * @bprm - binprm structure of transitioning task
+- * @ns: the current namespace (NOT NULL)
+- * @list: list to search (NOT NULL)
+- * @name: the executable name to match against (NOT NULL)
+- * @info: info message if there was an error
+- *
+- * Returns: label or NULL if no match found
+- */
+-static struct aa_label *find_attach(const struct linux_binprm *bprm,
+- struct aa_ns *ns, struct list_head *list,
+- const char *name, const char **info)
+-{
+- struct aa_profile *profile;
+-
+- rcu_read_lock();
+- profile = aa_get_profile(__attach_match(bprm, name, list, info));
++out:
++ candidate = aa_get_newest_profile(candidate);
+ rcu_read_unlock();
+
+- return profile ? &profile->label : NULL;
++ return &candidate->label;
+ }
+
+ static const char *next_name(int xtype, const char *name)
+--- a/security/apparmor/policy.c
++++ b/security/apparmor/policy.c
+@@ -1126,8 +1126,8 @@ ssize_t aa_remove_profiles(struct aa_ns
+ if (!name) {
+ /* remove namespace - can only happen if fqname[0] == ':' */
+ mutex_lock_nested(&ns->parent->lock, ns->level);
+- __aa_remove_ns(ns);
+ __aa_bump_ns_revision(ns);
++ __aa_remove_ns(ns);
+ mutex_unlock(&ns->parent->lock);
+ } else {
+ /* remove profile */
+@@ -1139,9 +1139,9 @@ ssize_t aa_remove_profiles(struct aa_ns
+ goto fail_ns_lock;
+ }
+ name = profile->base.hname;
++ __aa_bump_ns_revision(ns);
+ __remove_profile(profile);
+ __aa_labelset_update_subtree(ns);
+- __aa_bump_ns_revision(ns);
+ mutex_unlock(&ns->lock);
+ }
+
--- /dev/null
+From 43cf75d96409a20ef06b756877a2e72b10a026fc Mon Sep 17 00:00:00 2001
+From: chenqiwu <chenqiwu@xiaomi.com>
+Date: Thu, 19 Dec 2019 14:29:53 +0800
+Subject: exit: panic before exit_mm() on global init exit
+
+From: chenqiwu <chenqiwu@xiaomi.com>
+
+commit 43cf75d96409a20ef06b756877a2e72b10a026fc upstream.
+
+Currently, when global init and all threads in its thread-group have exited
+we panic via:
+do_exit()
+-> exit_notify()
+ -> forget_original_parent()
+ -> find_child_reaper()
+This makes it hard to extract a useable coredump for global init from a
+kernel crashdump because by the time we panic exit_mm() will have already
+released global init's mm.
+This patch moves the panic futher up before exit_mm() is called. As was the
+case previously, we only panic when global init and all its threads in the
+thread-group have exited.
+
+Signed-off-by: chenqiwu <chenqiwu@xiaomi.com>
+Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+[christian.brauner@ubuntu.com: fix typo, rewrite commit message]
+Link: https://lore.kernel.org/r/1576736993-10121-1-git-send-email-qiwuchen55@gmail.com
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/exit.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+--- a/kernel/exit.c
++++ b/kernel/exit.c
+@@ -578,10 +578,6 @@ static struct task_struct *find_child_re
+ }
+
+ write_unlock_irq(&tasklist_lock);
+- if (unlikely(pid_ns == &init_pid_ns)) {
+- panic("Attempted to kill init! exitcode=0x%08x\n",
+- father->signal->group_exit_code ?: father->exit_code);
+- }
+
+ list_for_each_entry_safe(p, n, dead, ptrace_entry) {
+ list_del_init(&p->ptrace_entry);
+@@ -845,6 +841,14 @@ void __noreturn do_exit(long code)
+ acct_update_integrals(tsk);
+ group_dead = atomic_dec_and_test(&tsk->signal->live);
+ if (group_dead) {
++ /*
++ * If the last thread of global init has exited, panic
++ * immediately to get a useable coredump.
++ */
++ if (unlikely(is_global_init(tsk)))
++ panic("Attempted to kill init! exitcode=0x%08x\n",
++ tsk->signal->group_exit_code ?: (int)code);
++
+ #ifdef CONFIG_POSIX_TIMERS
+ hrtimer_cancel(&tsk->signal->real_timer);
+ exit_itimers(tsk->signal);
projects / thirdparty / kernel / stable-queue.git / commitdiff
