From: Greg Kroah-Hartman Date: Sat, 2 Feb 2019 12:09:19 +0000 (+0100) Subject: 4.9-stable patches X-Git-Tag: v4.20.7~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=078cc23bd8393029d1352f63e55f994b8a0e4250;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: arm-cns3xxx-fix-writing-to-wrong-pci-config-registers-after-alignment.patch arm64-hibernate-clean-the-__hyp_text-to-poc-after-resume.patch arm64-hyp-stub-forbid-kprobing-of-the-hyp-stub.patch arm64-kaslr-ensure-randomized-quantities-are-clean-also-when-kaslr-is-off.patch cifs-do-not-count-enodata-as-failure-for-query-directory.patch fs-dcache-fix-incorrect-nr_dentry_unused-accounting-in-shrink_dcache_sb.patch gfs2-revert-fix-loop-in-gfs2_rbm_find.patch --- diff --git a/queue-4.9/arm-cns3xxx-fix-writing-to-wrong-pci-config-registers-after-alignment.patch b/queue-4.9/arm-cns3xxx-fix-writing-to-wrong-pci-config-registers-after-alignment.patch new file mode 100644 index 00000000000..ca98b3f202f --- /dev/null +++ b/queue-4.9/arm-cns3xxx-fix-writing-to-wrong-pci-config-registers-after-alignment.patch @@ -0,0 +1,67 @@ +From 65dbb423cf28232fed1732b779249d6164c5999b Mon Sep 17 00:00:00 2001 +From: Koen Vandeputte +Date: Thu, 31 Jan 2019 15:00:01 -0600 +Subject: ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment + +From: Koen Vandeputte + +commit 65dbb423cf28232fed1732b779249d6164c5999b upstream. + +Originally, cns3xxx used its own functions for mapping, reading and +writing config registers. + +Commit 802b7c06adc7 ("ARM: cns3xxx: Convert PCI to use generic config +accessors") removed the internal PCI config write function in favor of +the generic one: + + cns3xxx_pci_write_config() --> pci_generic_config_write() + +cns3xxx_pci_write_config() expected aligned addresses, being produced by +cns3xxx_pci_map_bus() while the generic one pci_generic_config_write() +actually expects the real address as both the function and hardware are +capable of byte-aligned writes. + +This currently leads to pci_generic_config_write() writing to the wrong +registers. + +For instance, upon ath9k module loading: + +- driver ath9k gets loaded +- The driver wants to write value 0xA8 to register PCI_LATENCY_TIMER, + located at 0x0D +- cns3xxx_pci_map_bus() aligns the address to 0x0C +- pci_generic_config_write() effectively writes 0xA8 into register 0x0C + (CACHE_LINE_SIZE) + +Fix the bug by removing the alignment in the cns3xxx mapping function. + +Fixes: 802b7c06adc7 ("ARM: cns3xxx: Convert PCI to use generic config accessors") +Signed-off-by: Koen Vandeputte +[lorenzo.pieralisi@arm.com: updated commit log] +Signed-off-by: Lorenzo Pieralisi +Acked-by: Krzysztof Halasa +Acked-by: Tim Harvey +Acked-by: Arnd Bergmann +CC: stable@vger.kernel.org # v4.0+ +CC: Bjorn Helgaas +CC: Olof Johansson +CC: Robin Leblon +CC: Rob Herring +CC: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mach-cns3xxx/pcie.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/mach-cns3xxx/pcie.c ++++ b/arch/arm/mach-cns3xxx/pcie.c +@@ -83,7 +83,7 @@ static void __iomem *cns3xxx_pci_map_bus + } else /* remote PCI bus */ + base = cnspci->cfg1_regs + ((busno & 0xf) << 20); + +- return base + (where & 0xffc) + (devfn << 12); ++ return base + where + (devfn << 12); + } + + static int cns3xxx_pci_read_config(struct pci_bus *bus, unsigned int devfn, diff --git a/queue-4.9/arm64-hibernate-clean-the-__hyp_text-to-poc-after-resume.patch b/queue-4.9/arm64-hibernate-clean-the-__hyp_text-to-poc-after-resume.patch new file mode 100644 index 00000000000..9aa33c13907 --- /dev/null +++ b/queue-4.9/arm64-hibernate-clean-the-__hyp_text-to-poc-after-resume.patch @@ -0,0 +1,44 @@ +From f7daa9c8fd191724b9ab9580a7be55cd1a67d799 Mon Sep 17 00:00:00 2001 +From: James Morse +Date: Thu, 24 Jan 2019 16:32:57 +0000 +Subject: arm64: hibernate: Clean the __hyp_text to PoC after resume + +From: James Morse + +commit f7daa9c8fd191724b9ab9580a7be55cd1a67d799 upstream. + +During resume hibernate restores all physical memory. Any memory +that is accessed with the MMU disabled needs to be cleaned to the +PoC. + +KVMs __hyp_text was previously ommitted as it runs with the MMU +enabled, but now that the hyp-stub is located in this section, +we must clean __hyp_text too. + +This ensures secondary CPUs that come online after hibernate +has finished resuming, and load KVM via the freshly written +hyp-stub see the correct instructions. + +Signed-off-by: James Morse +Cc: stable@vger.kernel.org +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/hibernate.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/arm64/kernel/hibernate.c ++++ b/arch/arm64/kernel/hibernate.c +@@ -297,8 +297,10 @@ int swsusp_arch_suspend(void) + dcache_clean_range(__idmap_text_start, __idmap_text_end); + + /* Clean kvm setup code to PoC? */ +- if (el2_reset_needed()) ++ if (el2_reset_needed()) { + dcache_clean_range(__hyp_idmap_text_start, __hyp_idmap_text_end); ++ dcache_clean_range(__hyp_text_start, __hyp_text_end); ++ } + + /* + * Tell the hibernation core that we've just restored diff --git a/queue-4.9/arm64-hyp-stub-forbid-kprobing-of-the-hyp-stub.patch b/queue-4.9/arm64-hyp-stub-forbid-kprobing-of-the-hyp-stub.patch new file mode 100644 index 00000000000..1eccd762b01 --- /dev/null +++ b/queue-4.9/arm64-hyp-stub-forbid-kprobing-of-the-hyp-stub.patch @@ -0,0 +1,37 @@ +From 8fac5cbdfe0f01254d9d265c6aa1a95f94f58595 Mon Sep 17 00:00:00 2001 +From: James Morse +Date: Thu, 24 Jan 2019 16:32:56 +0000 +Subject: arm64: hyp-stub: Forbid kprobing of the hyp-stub + +From: James Morse + +commit 8fac5cbdfe0f01254d9d265c6aa1a95f94f58595 upstream. + +The hyp-stub is loaded by the kernel's early startup code at EL2 +during boot, before KVM takes ownership later. The hyp-stub's +text is part of the regular kernel text, meaning it can be kprobed. + +A breakpoint in the hyp-stub causes the CPU to spin in el2_sync_invalid. + +Add it to the __hyp_text. + +Signed-off-by: James Morse +Cc: stable@vger.kernel.org +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/hyp-stub.S | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/arm64/kernel/hyp-stub.S ++++ b/arch/arm64/kernel/hyp-stub.S +@@ -28,6 +28,8 @@ + #include + + .text ++ .pushsection .hyp.text, "ax" ++ + .align 11 + + ENTRY(__hyp_stub_vectors) diff --git a/queue-4.9/arm64-kaslr-ensure-randomized-quantities-are-clean-also-when-kaslr-is-off.patch b/queue-4.9/arm64-kaslr-ensure-randomized-quantities-are-clean-also-when-kaslr-is-off.patch new file mode 100644 index 00000000000..dd7d8226dfd --- /dev/null +++ b/queue-4.9/arm64-kaslr-ensure-randomized-quantities-are-clean-also-when-kaslr-is-off.patch @@ -0,0 +1,46 @@ +From 8ea235932314311f15ea6cf65c1393ed7e31af70 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Sun, 27 Jan 2019 09:29:42 +0100 +Subject: arm64: kaslr: ensure randomized quantities are clean also when kaslr is off + +From: Ard Biesheuvel + +commit 8ea235932314311f15ea6cf65c1393ed7e31af70 upstream. + +Commit 1598ecda7b23 ("arm64: kaslr: ensure randomized quantities are +clean to the PoC") added cache maintenance to ensure that global +variables set by the kaslr init routine are not wiped clean due to +cache invalidation occurring during the second round of page table +creation. + +However, if kaslr_early_init() exits early with no randomization +being applied (either due to the lack of a seed, or because the user +has disabled kaslr explicitly), no cache maintenance is performed, +leading to the same issue we attempted to fix earlier, as far as the +module_alloc_base variable is concerned. + +Note that module_alloc_base cannot be initialized statically, because +that would cause it to be subject to a R_AARCH64_RELATIVE relocation, +causing it to be overwritten by the second round of KASLR relocation +processing. + +Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR") +Cc: # v4.6+ +Signed-off-by: Ard Biesheuvel +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/kaslr.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm64/kernel/kaslr.c ++++ b/arch/arm64/kernel/kaslr.c +@@ -88,6 +88,7 @@ u64 __init kaslr_early_init(u64 dt_phys, + * we end up running with module randomization disabled. + */ + module_alloc_base = (u64)_etext - MODULES_VSIZE; ++ __flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base)); + + /* + * Try to map the FDT early. If this fails, we simply bail, diff --git a/queue-4.9/cifs-do-not-count-enodata-as-failure-for-query-directory.patch b/queue-4.9/cifs-do-not-count-enodata-as-failure-for-query-directory.patch new file mode 100644 index 00000000000..5ef15615e9d --- /dev/null +++ b/queue-4.9/cifs-do-not-count-enodata-as-failure-for-query-directory.patch @@ -0,0 +1,31 @@ +From 8e6e72aeceaaed5aeeb1cb43d3085de7ceb14f79 Mon Sep 17 00:00:00 2001 +From: Pavel Shilovsky +Date: Sat, 26 Jan 2019 12:21:32 -0800 +Subject: CIFS: Do not count -ENODATA as failure for query directory + +From: Pavel Shilovsky + +commit 8e6e72aeceaaed5aeeb1cb43d3085de7ceb14f79 upstream. + +Signed-off-by: Pavel Shilovsky +Signed-off-by: Steve French +CC: Stable +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2pdu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -2686,8 +2686,8 @@ SMB2_query_directory(const unsigned int + if (rc == -ENODATA && rsp->hdr.Status == STATUS_NO_MORE_FILES) { + srch_inf->endOfSearch = true; + rc = 0; +- } +- cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE); ++ } else ++ cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE); + goto qdir_exit; + } + diff --git a/queue-4.9/fs-dcache-fix-incorrect-nr_dentry_unused-accounting-in-shrink_dcache_sb.patch b/queue-4.9/fs-dcache-fix-incorrect-nr_dentry_unused-accounting-in-shrink_dcache_sb.patch new file mode 100644 index 00000000000..4acf4014fb2 --- /dev/null +++ b/queue-4.9/fs-dcache-fix-incorrect-nr_dentry_unused-accounting-in-shrink_dcache_sb.patch @@ -0,0 +1,50 @@ +From 1dbd449c9943e3145148cc893c2461b72ba6fef0 Mon Sep 17 00:00:00 2001 +From: Waiman Long +Date: Wed, 30 Jan 2019 13:52:36 -0500 +Subject: fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() + +From: Waiman Long + +commit 1dbd449c9943e3145148cc893c2461b72ba6fef0 upstream. + +The nr_dentry_unused per-cpu counter tracks dentries in both the LRU +lists and the shrink lists where the DCACHE_LRU_LIST bit is set. + +The shrink_dcache_sb() function moves dentries from the LRU list to a +shrink list and subtracts the dentry count from nr_dentry_unused. This +is incorrect as the nr_dentry_unused count will also be decremented in +shrink_dentry_list() via d_shrink_del(). + +To fix this double decrement, the decrement in the shrink_dcache_sb() +function is taken out. + +Fixes: 4e717f5c1083 ("list_lru: remove special case function list_lru_dispose_all." +Cc: stable@kernel.org +Signed-off-by: Waiman Long +Reviewed-by: Dave Chinner +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/dcache.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -1164,15 +1164,11 @@ static enum lru_status dentry_lru_isolat + */ + void shrink_dcache_sb(struct super_block *sb) + { +- long freed; +- + do { + LIST_HEAD(dispose); + +- freed = list_lru_walk(&sb->s_dentry_lru, ++ list_lru_walk(&sb->s_dentry_lru, + dentry_lru_isolate_shrink, &dispose, 1024); +- +- this_cpu_sub(nr_dentry_unused, freed); + shrink_dentry_list(&dispose); + cond_resched(); + } while (list_lru_count(&sb->s_dentry_lru) > 0); diff --git a/queue-4.9/gfs2-revert-fix-loop-in-gfs2_rbm_find.patch b/queue-4.9/gfs2-revert-fix-loop-in-gfs2_rbm_find.patch new file mode 100644 index 00000000000..20bda741c79 --- /dev/null +++ b/queue-4.9/gfs2-revert-fix-loop-in-gfs2_rbm_find.patch @@ -0,0 +1,38 @@ +From e74c98ca2d6ae4376cc15fa2a22483430909d96b Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher +Date: Wed, 30 Jan 2019 21:30:36 +0100 +Subject: gfs2: Revert "Fix loop in gfs2_rbm_find" + +From: Andreas Gruenbacher + +commit e74c98ca2d6ae4376cc15fa2a22483430909d96b upstream. + +This reverts commit 2d29f6b96d8f80322ed2dd895bca590491c38d34. + +It turns out that the fix can lead to a ~20 percent performance regression +in initial writes to the page cache according to iozone. Let's revert this +for now to have more time for a proper fix. + +Cc: stable@vger.kernel.org # v3.13+ +Signed-off-by: Andreas Gruenbacher +Signed-off-by: Bob Peterson +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/gfs2/rgrp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/gfs2/rgrp.c ++++ b/fs/gfs2/rgrp.c +@@ -1705,9 +1705,9 @@ static int gfs2_rbm_find(struct gfs2_rbm + goto next_iter; + } + if (ret == -E2BIG) { +- n += rbm->bii - initial_bii; + rbm->bii = 0; + rbm->offset = 0; ++ n += (rbm->bii - initial_bii); + goto res_covered_end_of_rgrp; + } + return ret; diff --git a/queue-4.9/series b/queue-4.9/series index 2fd145badec..23e6b96d373 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -10,3 +10,10 @@ net-mlx5e-allow-mac-invalidation-while-spoofchk-is-on.patch l2tp-remove-l2specific_len-dependency-in-l2tp_core.patch l2tp-fix-reading-optional-fields-of-l2tpv3.patch ipvlan-l3mdev-fix-broken-l3s-mode-wrt-local-routes.patch +cifs-do-not-count-enodata-as-failure-for-query-directory.patch +fs-dcache-fix-incorrect-nr_dentry_unused-accounting-in-shrink_dcache_sb.patch +arm-cns3xxx-fix-writing-to-wrong-pci-config-registers-after-alignment.patch +arm64-kaslr-ensure-randomized-quantities-are-clean-also-when-kaslr-is-off.patch +arm64-hyp-stub-forbid-kprobing-of-the-hyp-stub.patch +arm64-hibernate-clean-the-__hyp_text-to-poc-after-resume.patch +gfs2-revert-fix-loop-in-gfs2_rbm_find.patch