From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 28 Nov 2017 08:45:00 +0000 (+0100)
Subject: 4.9-stable patches
X-Git-Tag: v3.18.85~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0976db16fcf1a62ccb0c5b5cf84750580c07362c;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch
	net-9p-switch-to-wait_event_killable.patch
	pm-opp-add-missing-of_node_put-np.patch
---

diff --git a/queue-4.9/fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch b/queue-4.9/fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch
new file mode 100644
index 00000000000..4c9f405ba3e
--- /dev/null
+++ b/queue-4.9/fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch
@@ -0,0 +1,52 @@
+From a0b3bc855374c50b5ea85273553485af48caf2f7 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sun, 29 Oct 2017 06:30:19 -0400
+Subject: fscrypt: lock mutex before checking for bounce page pool
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit a0b3bc855374c50b5ea85273553485af48caf2f7 upstream.
+
+fscrypt_initialize(), which allocates the global bounce page pool when
+an encrypted file is first accessed, uses "double-checked locking" to
+try to avoid locking fscrypt_init_mutex.  However, it doesn't use any
+memory barriers, so it's theoretically possible for a thread to observe
+a bounce page pool which has not been fully initialized.  This is a
+classic bug with "double-checked locking".
+
+While "only a theoretical issue" in the latest kernel, in pre-4.8
+kernels the pointer that was checked was not even the last to be
+initialized, so it was easily possible for a crash (NULL pointer
+dereference) to happen.  This was changed only incidentally by the large
+refactor to use fs/crypto/.
+
+Solve both problems in a trivial way that can easily be backported: just
+always take the mutex.  It's theoretically less efficient, but it
+shouldn't be noticeable in practice as the mutex is only acquired very
+briefly once per encrypted file.
+
+Later I'd like to make this use a helper macro like DO_ONCE().  However,
+DO_ONCE() runs in atomic context, so we'd need to add a new macro that
+allows blocking.
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ fs/crypto/crypto.c |    3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/fs/crypto/crypto.c
++++ b/fs/crypto/crypto.c
+@@ -484,9 +484,6 @@ int fscrypt_initialize(void)
+ {
+ 	int i, res = -ENOMEM;
+ 
+-	if (fscrypt_bounce_page_pool)
+-		return 0;
+-
+ 	mutex_lock(&fscrypt_init_mutex);
+ 	if (fscrypt_bounce_page_pool)
+ 		goto already_initialized;
diff --git a/queue-4.9/net-9p-switch-to-wait_event_killable.patch b/queue-4.9/net-9p-switch-to-wait_event_killable.patch
new file mode 100644
index 00000000000..bb031dbb465
--- /dev/null
+++ b/queue-4.9/net-9p-switch-to-wait_event_killable.patch
@@ -0,0 +1,83 @@
+From 9523feac272ccad2ad8186ba4fcc89103754de52 Mon Sep 17 00:00:00 2001
+From: Tuomas Tynkkynen <tuomas@tuxera.com>
+Date: Wed, 6 Sep 2017 17:59:08 +0300
+Subject: net/9p: Switch to wait_event_killable()
+
+From: Tuomas Tynkkynen <tuomas@tuxera.com>
+
+commit 9523feac272ccad2ad8186ba4fcc89103754de52 upstream.
+
+Because userspace gets Very Unhappy when calls like stat() and execve()
+return -EINTR on 9p filesystem mounts. For instance, when bash is
+looking in PATH for things to execute and some SIGCHLD interrupts
+stat(), bash can throw a spurious 'command not found' since it doesn't
+retry the stat().
+
+In practice, hitting the problem is rare and needs a really
+slow/bogged down 9p server.
+
+Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ net/9p/client.c       |    3 +--
+ net/9p/trans_virtio.c |   13 ++++++-------
+ 2 files changed, 7 insertions(+), 9 deletions(-)
+
+--- a/net/9p/client.c
++++ b/net/9p/client.c
+@@ -749,8 +749,7 @@ p9_client_rpc(struct p9_client *c, int8_
+ 	}
+ again:
+ 	/* Wait for the response */
+-	err = wait_event_interruptible(*req->wq,
+-				       req->status >= REQ_STATUS_RCVD);
++	err = wait_event_killable(*req->wq, req->status >= REQ_STATUS_RCVD);
+ 
+ 	/*
+ 	 * Make sure our req is coherent with regard to updates in other
+--- a/net/9p/trans_virtio.c
++++ b/net/9p/trans_virtio.c
+@@ -286,8 +286,8 @@ req_retry:
+ 		if (err == -ENOSPC) {
+ 			chan->ring_bufs_avail = 0;
+ 			spin_unlock_irqrestore(&chan->lock, flags);
+-			err = wait_event_interruptible(*chan->vc_wq,
+-							chan->ring_bufs_avail);
++			err = wait_event_killable(*chan->vc_wq,
++						  chan->ring_bufs_avail);
+ 			if (err  == -ERESTARTSYS)
+ 				return err;
+ 
+@@ -327,7 +327,7 @@ static int p9_get_mapped_pages(struct vi
+ 		 * Other zc request to finish here
+ 		 */
+ 		if (atomic_read(&vp_pinned) >= chan->p9_max_pages) {
+-			err = wait_event_interruptible(vp_wq,
++			err = wait_event_killable(vp_wq,
+ 			      (atomic_read(&vp_pinned) < chan->p9_max_pages));
+ 			if (err == -ERESTARTSYS)
+ 				return err;
+@@ -471,8 +471,8 @@ req_retry_pinned:
+ 		if (err == -ENOSPC) {
+ 			chan->ring_bufs_avail = 0;
+ 			spin_unlock_irqrestore(&chan->lock, flags);
+-			err = wait_event_interruptible(*chan->vc_wq,
+-						       chan->ring_bufs_avail);
++			err = wait_event_killable(*chan->vc_wq,
++						  chan->ring_bufs_avail);
+ 			if (err  == -ERESTARTSYS)
+ 				goto err_out;
+ 
+@@ -489,8 +489,7 @@ req_retry_pinned:
+ 	virtqueue_kick(chan->vq);
+ 	spin_unlock_irqrestore(&chan->lock, flags);
+ 	p9_debug(P9_DEBUG_TRANS, "virtio request kicked\n");
+-	err = wait_event_interruptible(*req->wq,
+-				       req->status >= REQ_STATUS_RCVD);
++	err = wait_event_killable(*req->wq, req->status >= REQ_STATUS_RCVD);
+ 	/*
+ 	 * Non kernel buffers are pinned, unpin them
+ 	 */
diff --git a/queue-4.9/pm-opp-add-missing-of_node_put-np.patch b/queue-4.9/pm-opp-add-missing-of_node_put-np.patch
new file mode 100644
index 00000000000..068ab93b59a
--- /dev/null
+++ b/queue-4.9/pm-opp-add-missing-of_node_put-np.patch
@@ -0,0 +1,35 @@
+From 7978db344719dab1e56d05e6fc04aaaddcde0a5e Mon Sep 17 00:00:00 2001
+From: Tobias Jordan <Tobias.Jordan@elektrobit.com>
+Date: Wed, 4 Oct 2017 11:35:03 +0530
+Subject: PM / OPP: Add missing of_node_put(np)
+
+From: Tobias Jordan <Tobias.Jordan@elektrobit.com>
+
+commit 7978db344719dab1e56d05e6fc04aaaddcde0a5e upstream.
+
+The for_each_available_child_of_node() loop in _of_add_opp_table_v2()
+doesn't drop the reference to "np" on errors. Fix that.
+
+Fixes: 274659029c9d (PM / OPP: Add support to parse "operating-points-v2" bindings)
+Signed-off-by: Tobias Jordan <Tobias.Jordan@elektrobit.com>
+[ VK: Improved commit log. ]
+Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
+Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ drivers/base/power/opp/of.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/base/power/opp/of.c
++++ b/drivers/base/power/opp/of.c
+@@ -348,6 +348,7 @@ static int _of_add_opp_table_v2(struct d
+ 		if (ret) {
+ 			dev_err(dev, "%s: Failed to add OPP, %d\n", __func__,
+ 				ret);
++			of_node_put(np);
+ 			goto free_table;
+ 		}
+ 	}
diff --git a/queue-4.9/series b/queue-4.9/series
index f92da3bb9a5..8461dfac41e 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -83,3 +83,6 @@ media-rc-check-for-integer-overflow.patch
 cx231xx-cards-fix-null-deref-on-missing-association-descriptor.patch
 media-v4l2-ctrl-fix-flags-field-on-control-events.patch
 sched-rt-simplify-the-ipi-based-rt-balancing-logic.patch
+fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch
+net-9p-switch-to-wait_event_killable.patch
+pm-opp-add-missing-of_node_put-np.patch