From: Greg Kroah-Hartman Date: Tue, 24 Apr 2018 15:00:24 +0000 (+0200) Subject: 3.18-stable patches X-Git-Tag: v4.16.5~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=003f8308d1a4e54a8918976164aa56f75a5062dc;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: mm-filemap.c-fix-null-pointer-in-page_cache_tree_insert.patch perf-return-proper-values-for-user-stack-errors.patch --- diff --git a/queue-3.18/ext4-bugfix-for-mmaped-pages-in-mpage_release_unused_pages.patch b/queue-3.18/ext4-bugfix-for-mmaped-pages-in-mpage_release_unused_pages.patch index 95e54a5d99c..089d43c1efc 100644 --- a/queue-3.18/ext4-bugfix-for-mmaped-pages-in-mpage_release_unused_pages.patch +++ b/queue-3.18/ext4-bugfix-for-mmaped-pages-in-mpage_release_unused_pages.patch @@ -51,7 +51,7 @@ which causes this log message to be print: Cc: stable@vger.kernel.org Signed-off-by: wangguang Signed-off-by: Theodore Ts'o -[@nathanchance: Resolved conflict from lack of 09cbfeaf1a5a6] +[nathanchance: Resolved conflict from lack of 09cbfeaf1a5a6] Signed-off-by: Nathan Chancellor Signed-off-by: Harsh Shandilya Signed-off-by: Greg Kroah-Hartman diff --git a/queue-3.18/mm-filemap.c-fix-null-pointer-in-page_cache_tree_insert.patch b/queue-3.18/mm-filemap.c-fix-null-pointer-in-page_cache_tree_insert.patch new file mode 100644 index 00000000000..34ab044b99f --- /dev/null +++ b/queue-3.18/mm-filemap.c-fix-null-pointer-in-page_cache_tree_insert.patch @@ -0,0 +1,61 @@ +From abc1be13fd113ddef5e2d807a466286b864caed3 Mon Sep 17 00:00:00 2001 +From: Matthew Wilcox +Date: Fri, 20 Apr 2018 14:56:20 -0700 +Subject: mm/filemap.c: fix NULL pointer in page_cache_tree_insert() + +From: Matthew Wilcox + +commit abc1be13fd113ddef5e2d807a466286b864caed3 upstream. + +f2fs specifies the __GFP_ZERO flag for allocating some of its pages. +Unfortunately, the page cache also uses the mapping's GFP flags for +allocating radix tree nodes. It always masked off the __GFP_HIGHMEM +flag, and masks off __GFP_ZERO in some paths, but not all. That causes +radix tree nodes to be allocated with a NULL list_head, which causes +backtraces like: + + __list_del_entry+0x30/0xd0 + list_lru_del+0xac/0x1ac + page_cache_tree_insert+0xd8/0x110 + +The __GFP_DMA and __GFP_DMA32 flags would also be able to sneak through +if they are ever used. Fix them all by using GFP_RECLAIM_MASK at the +innermost location, and remove it from earlier in the callchain. + +Link: http://lkml.kernel.org/r/20180411060320.14458-2-willy@infradead.org +Fixes: 449dd6984d0e ("mm: keep page cache radix tree nodes in check") +Signed-off-by: Matthew Wilcox +Reported-by: Chris Fries +Debugged-by: Minchan Kim +Acked-by: Johannes Weiner +Acked-by: Michal Hocko +Reviewed-by: Jan Kara +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Harsh Shandilya +Signed-off-by: Greg Kroah-Hartman +--- + mm/filemap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/mm/filemap.c ++++ b/mm/filemap.c +@@ -468,7 +468,7 @@ int replace_page_cache_page(struct page + VM_BUG_ON_PAGE(!PageLocked(new), new); + VM_BUG_ON_PAGE(new->mapping, new); + +- error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM); ++ error = radix_tree_preload(gfp_mask & GFP_RECLAIM_MASK); + if (!error) { + struct address_space *mapping = old->mapping; + void (*freepage)(struct page *); +@@ -561,7 +561,7 @@ static int __add_to_page_cache_locked(st + return error; + } + +- error = radix_tree_maybe_preload(gfp_mask & ~__GFP_HIGHMEM); ++ error = radix_tree_maybe_preload(gfp_mask & GFP_RECLAIM_MASK); + if (error) { + if (!huge) + mem_cgroup_cancel_charge(page, memcg); diff --git a/queue-3.18/perf-return-proper-values-for-user-stack-errors.patch b/queue-3.18/perf-return-proper-values-for-user-stack-errors.patch new file mode 100644 index 00000000000..84889bb7013 --- /dev/null +++ b/queue-3.18/perf-return-proper-values-for-user-stack-errors.patch @@ -0,0 +1,46 @@ +From 78b562fbfa2cf0a9fcb23c3154756b690f4905c1 Mon Sep 17 00:00:00 2001 +From: Jiri Olsa +Date: Sun, 15 Apr 2018 11:23:50 +0200 +Subject: perf: Return proper values for user stack errors + +From: Jiri Olsa + +commit 78b562fbfa2cf0a9fcb23c3154756b690f4905c1 upstream. + +Return immediately when we find issue in the user stack checks. The +error value could get overwritten by following check for +PERF_SAMPLE_REGS_INTR. + +Signed-off-by: Jiri Olsa +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: H. Peter Anvin +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Stephane Eranian +Cc: Thomas Gleixner +Cc: syzkaller-bugs@googlegroups.com +Cc: x86@kernel.org +Fixes: 60e2364e60e8 ("perf: Add ability to sample machine state on interrupt") +Link: http://lkml.kernel.org/r/20180415092352.12403-1-jolsa@kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/events/core.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -7348,9 +7348,9 @@ static int perf_copy_attr(struct perf_ev + * __u16 sample size limit. + */ + if (attr->sample_stack_user >= USHRT_MAX) +- ret = -EINVAL; ++ return -EINVAL; + else if (!IS_ALIGNED(attr->sample_stack_user, sizeof(u64))) +- ret = -EINVAL; ++ return -EINVAL; + } + + out: diff --git a/queue-3.18/series b/queue-3.18/series index 4105cee923c..366967c6041 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -3,3 +3,5 @@ x86-tsc-prevent-32bit-truncation-in-calc_hpet_ref.patch ext4-fix-deadlock-between-inline_data-and-ext4_expand_extra_isize_ea.patch ext4-bugfix-for-mmaped-pages-in-mpage_release_unused_pages.patch ext4-don-t-update-checksum-of-new-initialized-bitmaps.patch +perf-return-proper-values-for-user-stack-errors.patch +mm-filemap.c-fix-null-pointer-in-page_cache_tree_insert.patch