--- /dev/null
+From 79490d24f0c3e6e5f5376c888b5edae0bdb40929 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Mon, 2 Oct 2017 19:31:24 +0100
+Subject: ahci: don't ignore result code of ahci_reset_controller()
+
+[ Upstream commit d312fefea8387503375f728855c9a62de20c9665 ]
+
+ahci_pci_reset_controller() calls ahci_reset_controller(), which may
+fail, but ignores the result code and always returns success. This
+may result in failures like below
+
+ ahci 0000:02:00.0: version 3.0
+ ahci 0000:02:00.0: enabling device (0000 -> 0003)
+ ahci 0000:02:00.0: SSS flag set, parallel bus scan disabled
+ ahci 0000:02:00.0: controller reset failed (0xffffffff)
+ ahci 0000:02:00.0: failed to stop engine (-5)
+ ... repeated many times ...
+ ahci 0000:02:00.0: failed to stop engine (-5)
+ Unable to handle kernel paging request at virtual address ffff0000093f9018
+ ...
+ PC is at ahci_stop_engine+0x5c/0xd8 [libahci]
+ LR is at ahci_deinit_port.constprop.12+0x1c/0xc0 [libahci]
+ ...
+ [<ffff000000a17014>] ahci_stop_engine+0x5c/0xd8 [libahci]
+ [<ffff000000a196b4>] ahci_deinit_port.constprop.12+0x1c/0xc0 [libahci]
+ [<ffff000000a197d8>] ahci_init_controller+0x80/0x168 [libahci]
+ [<ffff000000a260f8>] ahci_pci_init_controller+0x60/0x68 [ahci]
+ [<ffff000000a26f94>] ahci_init_one+0x75c/0xd88 [ahci]
+ [<ffff000008430324>] local_pci_probe+0x3c/0xb8
+ [<ffff000008431728>] pci_device_probe+0x138/0x170
+ [<ffff000008585e54>] driver_probe_device+0x2dc/0x458
+ [<ffff0000085860e4>] __driver_attach+0x114/0x118
+ [<ffff000008583ca8>] bus_for_each_dev+0x60/0xa0
+ [<ffff000008585638>] driver_attach+0x20/0x28
+ [<ffff0000085850b0>] bus_add_driver+0x1f0/0x2a8
+ [<ffff000008586ae0>] driver_register+0x60/0xf8
+ [<ffff00000842f9b4>] __pci_register_driver+0x3c/0x48
+ [<ffff000000a3001c>] ahci_pci_driver_init+0x1c/0x1000 [ahci]
+ [<ffff000008083918>] do_one_initcall+0x38/0x120
+
+where an obvious hardware level failure results in an unnecessary 15 second
+delay and a subsequent crash.
+
+So record the result code of ahci_reset_controller() and relay it, rather
+than ignoring it.
+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/ata/ahci.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
+index faa91f8a17a5..5408a292078b 100644
+--- a/drivers/ata/ahci.c
++++ b/drivers/ata/ahci.c
+@@ -624,8 +624,11 @@ static void ahci_pci_save_initial_config(struct pci_dev *pdev,
+ static int ahci_pci_reset_controller(struct ata_host *host)
+ {
+ struct pci_dev *pdev = to_pci_dev(host->dev);
++ int rc;
+
+- ahci_reset_controller(host);
++ rc = ahci_reset_controller(host);
++ if (rc)
++ return rc;
+
+ if (pdev->vendor == PCI_VENDOR_ID_INTEL) {
+ struct ahci_host_priv *hpriv = host->private_data;
+--
+2.17.1
+
--- /dev/null
+From fb22b415debfff892eeea2b035182c039892d7d5 Mon Sep 17 00:00:00 2001
+From: Jia-Ju Bai <baijiaju1990@163.com>
+Date: Tue, 3 Oct 2017 10:25:22 +0800
+Subject: crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
+
+[ Upstream commit 9039f3ef446e9ffa200200c934f049add9e58426 ]
+
+The SCTP program may sleep under a spinlock, and the function call path is:
+sctp_generate_t3_rtx_event (acquire the spinlock)
+ sctp_do_sm
+ sctp_side_effects
+ sctp_cmd_interpreter
+ sctp_make_init_ack
+ sctp_pack_cookie
+ crypto_shash_setkey
+ shash_setkey_unaligned
+ kmalloc(GFP_KERNEL)
+
+For the same reason, the orinoco driver may sleep in interrupt handler,
+and the function call path is:
+orinoco_rx_isr_tasklet
+ orinoco_rx
+ orinoco_mic
+ crypto_shash_setkey
+ shash_setkey_unaligned
+ kmalloc(GFP_KERNEL)
+
+To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.
+This bug is found by my static analysis tool and my code review.
+
+Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ crypto/shash.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/shash.c b/crypto/shash.c
+index d5bd2f05d036..4f047c7eeca7 100644
+--- a/crypto/shash.c
++++ b/crypto/shash.c
+@@ -41,7 +41,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
+ int err;
+
+ absize = keylen + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
+- buffer = kmalloc(absize, GFP_KERNEL);
++ buffer = kmalloc(absize, GFP_ATOMIC);
+ if (!buffer)
+ return -ENOMEM;
+
+--
+2.17.1
+
revert-ib-ipoib-update-broadcast-object-if-pkey-valu.patch
btrfs-incremental-send-fix-invalid-memory-access.patch
drm-msm-fix-possible-null-dereference-on-failure-of-.patch
-arm-tegra-fix-ulpi-regression-on-tegra20.patch
module-fix-debug_set_module_ronx-typo.patch
iio-pressure-zpa2326-remove-always-true-check-which-.patch
l2tp-remove-configurable-payload-offset.patch
rtnetlink-disallow-fdb-configuration-for-non-ethernet-device.patch
ip6_tunnel-fix-encapsulation-layout.patch
revert-x86-mm-expand-static-page-table-for-fixmap-sp.patch
+crypto-shash-fix-a-sleep-in-atomic-bug-in-shash_setk.patch
+ahci-don-t-ignore-result-code-of-ahci_reset_controll.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
