From: Greg Kroah-Hartman Date: Tue, 25 Jul 2017 18:05:54 +0000 (-0700) Subject: 4.9-stable patches X-Git-Tag: v3.18.63~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f8e3102132f85238f0d66217c24027a209c54cc;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: acpi-nfit-fix-memory-corruption-unregister-mce-decoder-on-failure.patch alarmtimer-don-t-rate-limit-one-shot-timers.patch pm-domains-defer-dev_pm_domain_set-until-genpd-attach_dev-succeeds-if-present.patch reiserfs-don-t-clear-sgid-when-inheriting-acls.patch spmi-include-of-based-modalias-in-device-uevent.patch tracing-fix-kmemleak-in-instance_rmdir.patch --- diff --git a/queue-4.9/acpi-nfit-fix-memory-corruption-unregister-mce-decoder-on-failure.patch b/queue-4.9/acpi-nfit-fix-memory-corruption-unregister-mce-decoder-on-failure.patch new file mode 100644 index 00000000000..d5d4d405216 --- /dev/null +++ b/queue-4.9/acpi-nfit-fix-memory-corruption-unregister-mce-decoder-on-failure.patch @@ -0,0 +1,63 @@ +From 7e700d2c59e5853c9126642976b4f5768f64c9b3 Mon Sep 17 00:00:00 2001 +From: Prarit Bhargava +Date: Wed, 31 May 2017 13:32:00 -0400 +Subject: acpi/nfit: Fix memory corruption/Unregister mce decoder on failure + +From: Prarit Bhargava + +commit 7e700d2c59e5853c9126642976b4f5768f64c9b3 upstream. + +nfit_init() calls nfit_mce_register() on module load. When the module +load fails the nfit mce decoder is not unregistered. The module's +memory is freed leaving the decoder chain referencing junk. This will +cause panics as future registrations will reference the free'd memory. + +Unregister the nfit mce decoder on module init failure. + +[v2]: register and then unregister mce handler to avoid losing mce events +[v3]: also cleanup nfit workqueue + +Fixes: 6839a6d96f4e ("nfit: do an ARS scrub on hitting a latent media error") +Cc: "Rafael J. Wysocki" +Cc: Len Brown +Cc: Vishal Verma +Cc: "Lee, Chun-Yi" +Cc: Linda Knippers +Cc: lszubowi@redhat.com +Acked-by: Jeff Moyer +Signed-off-by: Prarit Bhargava +Reviewed-by: Vishal Verma +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/nfit/core.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -2945,6 +2945,8 @@ static struct acpi_driver acpi_nfit_driv + + static __init int nfit_init(void) + { ++ int ret; ++ + BUILD_BUG_ON(sizeof(struct acpi_table_nfit) != 40); + BUILD_BUG_ON(sizeof(struct acpi_nfit_system_address) != 56); + BUILD_BUG_ON(sizeof(struct acpi_nfit_memory_map) != 48); +@@ -2972,8 +2974,14 @@ static __init int nfit_init(void) + return -ENOMEM; + + nfit_mce_register(); ++ ret = acpi_bus_register_driver(&acpi_nfit_driver); ++ if (ret) { ++ nfit_mce_unregister(); ++ destroy_workqueue(nfit_wq); ++ } ++ ++ return ret; + +- return acpi_bus_register_driver(&acpi_nfit_driver); + } + + static __exit void nfit_exit(void) diff --git a/queue-4.9/alarmtimer-don-t-rate-limit-one-shot-timers.patch b/queue-4.9/alarmtimer-don-t-rate-limit-one-shot-timers.patch new file mode 100644 index 00000000000..e7cd0aa123c --- /dev/null +++ b/queue-4.9/alarmtimer-don-t-rate-limit-one-shot-timers.patch @@ -0,0 +1,38 @@ +From ghackmann@google.com Tue Jul 25 10:58:26 2017 +From: Greg Hackmann +Date: Mon, 24 Jul 2017 10:19:24 -0700 +Subject: alarmtimer: don't rate limit one-shot timers +To: John Stultz , Thomas Gleixner +Cc: Ben Fennema , linux-kernel@vger.kernel.org, Greg Hackmann , stable@vger.kernel.org +Message-ID: <20170724171924.27898-1-ghackmann@google.com> + +From: Greg Hackmann + +Commit ff86bf0c65f1 ("alarmtimer: Rate limit periodic intervals") sets a +minimum bound on the alarm timer interval. This minimum bound shouldn't +be applied if the interval is 0. Otherwise, one-shot timers will be +converted into periodic ones. + +Fixes: ff86bf0c65f1 ("alarmtimer: Rate limit periodic intervals") +Reported-by: Ben Fennema +Signed-off-by: Greg Hackmann +Cc: stable@vger.kernel.org +Cc: John Stultz +Reviewed-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman +--- + kernel/time/alarmtimer.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/kernel/time/alarmtimer.c ++++ b/kernel/time/alarmtimer.c +@@ -629,7 +629,8 @@ static int alarm_timer_set(struct k_itim + * Rate limit to the tick as a hot fix to prevent DOS. Will be + * mopped up later. + */ +- if (ktime_to_ns(timr->it.alarm.interval) < TICK_NSEC) ++ if (timr->it.alarm.interval.tv64 && ++ ktime_to_ns(timr->it.alarm.interval) < TICK_NSEC) + timr->it.alarm.interval = ktime_set(0, TICK_NSEC); + + exp = timespec_to_ktime(new_setting->it_value); diff --git a/queue-4.9/pm-domains-defer-dev_pm_domain_set-until-genpd-attach_dev-succeeds-if-present.patch b/queue-4.9/pm-domains-defer-dev_pm_domain_set-until-genpd-attach_dev-succeeds-if-present.patch new file mode 100644 index 00000000000..0f013488f71 --- /dev/null +++ b/queue-4.9/pm-domains-defer-dev_pm_domain_set-until-genpd-attach_dev-succeeds-if-present.patch @@ -0,0 +1,69 @@ +From 975e83cfb8dc16e7a2fdc58188c77c0c605876c2 Mon Sep 17 00:00:00 2001 +From: Sudeep Holla +Date: Fri, 14 Jul 2017 11:51:48 +0100 +Subject: PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds if present + +From: Sudeep Holla + +commit 975e83cfb8dc16e7a2fdc58188c77c0c605876c2 upstream. + +If the genpd->attach_dev or genpd->power_on fails, genpd_dev_pm_attach +may return -EPROBE_DEFER initially. However genpd_alloc_dev_data sets +the PM domain for the device unconditionally. + +When subsequent attempts are made to call genpd_dev_pm_attach, it may +return -EEXISTS checking dev->pm_domain without re-attempting to call +attach_dev or power_on. + +platform_drv_probe then attempts to call drv->probe as the return value +-EEXIST != -EPROBE_DEFER, which may end up in a situation where the +device is accessed without it's power domain switched on. + +Fixes: f104e1e5ef57 (PM / Domains: Re-order initialization of generic_pm_domain_data) +Signed-off-by: Sudeep Holla +Acked-by: Ulf Hansson +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/power/domain.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/base/power/domain.c ++++ b/drivers/base/power/domain.c +@@ -1029,8 +1029,6 @@ static struct generic_pm_domain_data *ge + + spin_unlock_irq(&dev->power.lock); + +- dev_pm_domain_set(dev, &genpd->domain); +- + return gpd_data; + + err_free: +@@ -1044,8 +1042,6 @@ static struct generic_pm_domain_data *ge + static void genpd_free_dev_data(struct device *dev, + struct generic_pm_domain_data *gpd_data) + { +- dev_pm_domain_set(dev, NULL); +- + spin_lock_irq(&dev->power.lock); + + dev->power.subsys_data->domain_data = NULL; +@@ -1082,6 +1078,8 @@ static int genpd_add_device(struct gener + if (ret) + goto out; + ++ dev_pm_domain_set(dev, &genpd->domain); ++ + genpd->device_count++; + genpd->max_off_time_changed = true; + +@@ -1143,6 +1141,8 @@ static int genpd_remove_device(struct ge + if (genpd->detach_dev) + genpd->detach_dev(genpd, dev); + ++ dev_pm_domain_set(dev, NULL); ++ + list_del_init(&pdd->list_node); + + mutex_unlock(&genpd->lock); diff --git a/queue-4.9/reiserfs-don-t-clear-sgid-when-inheriting-acls.patch b/queue-4.9/reiserfs-don-t-clear-sgid-when-inheriting-acls.patch new file mode 100644 index 00000000000..ed0f90b0ad2 --- /dev/null +++ b/queue-4.9/reiserfs-don-t-clear-sgid-when-inheriting-acls.patch @@ -0,0 +1,59 @@ +From 6883cd7f68245e43e91e5ee583b7550abf14523f Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Thu, 22 Jun 2017 09:32:49 +0200 +Subject: reiserfs: Don't clear SGID when inheriting ACLs + +From: Jan Kara + +commit 6883cd7f68245e43e91e5ee583b7550abf14523f upstream. + +When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit +set, DIR1 is expected to have SGID bit set (and owning group equal to +the owning group of 'DIR0'). However when 'DIR0' also has some default +ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on +'DIR1' to get cleared if user is not member of the owning group. + +Fix the problem by moving posix_acl_update_mode() out of +__reiserfs_set_acl() into reiserfs_set_acl(). That way the function will +not be called when inheriting ACLs which is what we want as it prevents +SGID bit clearing and the mode has been properly set by +posix_acl_create() anyway. + +Fixes: 073931017b49d9458aa351605b43a7e34598caef +CC: reiserfs-devel@vger.kernel.org +Signed-off-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman + +--- + fs/reiserfs/xattr_acl.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/fs/reiserfs/xattr_acl.c ++++ b/fs/reiserfs/xattr_acl.c +@@ -37,7 +37,14 @@ reiserfs_set_acl(struct inode *inode, st + error = journal_begin(&th, inode->i_sb, jcreate_blocks); + reiserfs_write_unlock(inode->i_sb); + if (error == 0) { ++ if (type == ACL_TYPE_ACCESS && acl) { ++ error = posix_acl_update_mode(inode, &inode->i_mode, ++ &acl); ++ if (error) ++ goto unlock; ++ } + error = __reiserfs_set_acl(&th, inode, type, acl); ++unlock: + reiserfs_write_lock(inode->i_sb); + error2 = journal_end(&th); + reiserfs_write_unlock(inode->i_sb); +@@ -241,11 +248,6 @@ __reiserfs_set_acl(struct reiserfs_trans + switch (type) { + case ACL_TYPE_ACCESS: + name = XATTR_NAME_POSIX_ACL_ACCESS; +- if (acl) { +- error = posix_acl_update_mode(inode, &inode->i_mode, &acl); +- if (error) +- return error; +- } + break; + case ACL_TYPE_DEFAULT: + name = XATTR_NAME_POSIX_ACL_DEFAULT; diff --git a/queue-4.9/series b/queue-4.9/series index ab23bc4e4e0..0e6f0d27215 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -116,3 +116,9 @@ drm-mst-avoid-processing-partially-received-up-down-message-transactions.patch mlx5-avoid-that-mlx5_ib_sg_to_klms-overflows-the-klms-array.patch hfsplus-don-t-clear-sgid-when-inheriting-acls.patch ovl-fix-random-return-value-on-mount.patch +acpi-nfit-fix-memory-corruption-unregister-mce-decoder-on-failure.patch +spmi-include-of-based-modalias-in-device-uevent.patch +reiserfs-don-t-clear-sgid-when-inheriting-acls.patch +pm-domains-defer-dev_pm_domain_set-until-genpd-attach_dev-succeeds-if-present.patch +tracing-fix-kmemleak-in-instance_rmdir.patch +alarmtimer-don-t-rate-limit-one-shot-timers.patch diff --git a/queue-4.9/spmi-include-of-based-modalias-in-device-uevent.patch b/queue-4.9/spmi-include-of-based-modalias-in-device-uevent.patch new file mode 100644 index 00000000000..652ec2c8f25 --- /dev/null +++ b/queue-4.9/spmi-include-of-based-modalias-in-device-uevent.patch @@ -0,0 +1,49 @@ +From d50daa2af2618dab6d21634e65a5fbcf4ae437d6 Mon Sep 17 00:00:00 2001 +From: Bjorn Andersson +Date: Thu, 29 Jun 2017 14:46:44 -0700 +Subject: spmi: Include OF based modalias in device uevent + +From: Bjorn Andersson + +commit d50daa2af2618dab6d21634e65a5fbcf4ae437d6 upstream. + +Include the OF-based modalias in the uevent sent when registering SPMI +devices, so that user space has a chance to autoload the kernel module +for the device. + +Tested-by: Rob Clark +Reported-by: Rob Clark +Reviewed-by: Stephen Boyd +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/spmi/spmi.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +--- a/drivers/spmi/spmi.c ++++ b/drivers/spmi/spmi.c +@@ -365,11 +365,23 @@ static int spmi_drv_remove(struct device + return 0; + } + ++static int spmi_drv_uevent(struct device *dev, struct kobj_uevent_env *env) ++{ ++ int ret; ++ ++ ret = of_device_uevent_modalias(dev, env); ++ if (ret != -ENODEV) ++ return ret; ++ ++ return 0; ++} ++ + static struct bus_type spmi_bus_type = { + .name = "spmi", + .match = spmi_device_match, + .probe = spmi_drv_probe, + .remove = spmi_drv_remove, ++ .uevent = spmi_drv_uevent, + }; + + /** diff --git a/queue-4.9/tracing-fix-kmemleak-in-instance_rmdir.patch b/queue-4.9/tracing-fix-kmemleak-in-instance_rmdir.patch new file mode 100644 index 00000000000..8d1d79e9252 --- /dev/null +++ b/queue-4.9/tracing-fix-kmemleak-in-instance_rmdir.patch @@ -0,0 +1,51 @@ +From db9108e054700c96322b0f0028546aa4e643cf0b Mon Sep 17 00:00:00 2001 +From: Chunyu Hu +Date: Thu, 20 Jul 2017 18:36:09 +0800 +Subject: tracing: Fix kmemleak in instance_rmdir + +From: Chunyu Hu + +commit db9108e054700c96322b0f0028546aa4e643cf0b upstream. + +Hit the kmemleak when executing instance_rmdir, it forgot releasing +mem of tracing_cpumask. With this fix, the warn does not appear any +more. + +unreferenced object 0xffff93a8dfaa7c18 (size 8): + comm "mkdir", pid 1436, jiffies 4294763622 (age 9134.308s) + hex dump (first 8 bytes): + ff ff ff ff ff ff ff ff ........ + backtrace: + [] kmemleak_alloc+0x4a/0xa0 + [] __kmalloc_node+0xf1/0x280 + [] alloc_cpumask_var_node+0x23/0x30 + [] alloc_cpumask_var+0xe/0x10 + [] instance_mkdir+0x90/0x240 + [] tracefs_syscall_mkdir+0x40/0x70 + [] vfs_mkdir+0x109/0x1b0 + [] SyS_mkdir+0xd0/0x100 + [] do_syscall_64+0x67/0x150 + [] return_from_SYSCALL_64+0x0/0x6a + [] 0xffffffffffffffff + +Link: http://lkml.kernel.org/r/1500546969-12594-1-git-send-email-chuhu@redhat.com + +Fixes: ccfe9e42e451 ("tracing: Make tracing_cpumask available for all instances") +Signed-off-by: Chunyu Hu +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -7162,6 +7162,7 @@ static int instance_rmdir(const char *na + } + kfree(tr->topts); + ++ free_cpumask_var(tr->tracing_cpumask); + kfree(tr->name); + kfree(tr); +