From: Greg Kroah-Hartman Date: Mon, 12 Dec 2016 22:32:09 +0000 (-0800) Subject: 4.8-stable patches X-Git-Tag: v4.4.39~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=17089431480df7279d920078aa67ce557b6b4d58;p=thirdparty%2Fkernel%2Fstable-queue.git 4.8-stable patches added patches: fuse-fix-clearing-suid-sgid-for-chown.patch powerpc-boot-fix-build-failure-in-32-bit-boot-wrapper.patch powerpc-eeh-fix-deadlock-when-pe-frozen-state-can-t-be-cleared.patch powerpc-mm-fix-lazy-icache-flush-on-pre-power5.patch --- diff --git a/queue-4.8/fuse-fix-clearing-suid-sgid-for-chown.patch b/queue-4.8/fuse-fix-clearing-suid-sgid-for-chown.patch new file mode 100644 index 00000000000..86f81d051cd --- /dev/null +++ b/queue-4.8/fuse-fix-clearing-suid-sgid-for-chown.patch @@ -0,0 +1,64 @@ +From c01638f5d919728f565bf8b5e0a6a159642df0d9 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Tue, 6 Dec 2016 16:18:45 +0100 +Subject: fuse: fix clearing suid, sgid for chown() + +From: Miklos Szeredi + +commit c01638f5d919728f565bf8b5e0a6a159642df0d9 upstream. + +Basically, the pjdfstests set the ownership of a file to 06555, and then +chowns it (as root) to a new uid/gid. Prior to commit a09f99eddef4 ("fuse: +fix killing s[ug]id in setattr"), fuse would send down a setattr with both +the uid/gid change and a new mode. Now, it just sends down the uid/gid +change. + +Technically this is NOTABUG, since POSIX doesn't _require_ that we clear +these bits for a privileged process, but Linux (wisely) has done that and I +think we don't want to change that behavior here. + +This is caused by the use of should_remove_suid(), which will always return +0 when the process has CAP_FSETID. + +In fact we really don't need to be calling should_remove_suid() at all, +since we've already been indicated that we should remove the suid, we just +don't want to use a (very) stale mode for that. + +This patch should fix the above as well as simplify the logic. + +Reported-by: Jeff Layton +Signed-off-by: Miklos Szeredi +Fixes: a09f99eddef4 ("fuse: fix killing s[ug]id in setattr") +Reviewed-by: Jeff Layton +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/dir.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -1709,8 +1709,6 @@ static int fuse_setattr(struct dentry *e + return -EACCES; + + if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) { +- int kill; +- + attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | + ATTR_MODE); + /* +@@ -1722,12 +1720,11 @@ static int fuse_setattr(struct dentry *e + return ret; + + attr->ia_mode = inode->i_mode; +- kill = should_remove_suid(entry); +- if (kill & ATTR_KILL_SUID) { ++ if (inode->i_mode & S_ISUID) { + attr->ia_valid |= ATTR_MODE; + attr->ia_mode &= ~S_ISUID; + } +- if (kill & ATTR_KILL_SGID) { ++ if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { + attr->ia_valid |= ATTR_MODE; + attr->ia_mode &= ~S_ISGID; + } diff --git a/queue-4.8/powerpc-boot-fix-build-failure-in-32-bit-boot-wrapper.patch b/queue-4.8/powerpc-boot-fix-build-failure-in-32-bit-boot-wrapper.patch new file mode 100644 index 00000000000..aa52607eac1 --- /dev/null +++ b/queue-4.8/powerpc-boot-fix-build-failure-in-32-bit-boot-wrapper.patch @@ -0,0 +1,46 @@ +From 10c77dba40ff58fc03587b3b60725bb7fd723183 Mon Sep 17 00:00:00 2001 +From: Ben Hutchings +Date: Wed, 16 Nov 2016 18:27:56 +0000 +Subject: powerpc/boot: Fix build failure in 32-bit boot wrapper + +From: Ben Hutchings + +commit 10c77dba40ff58fc03587b3b60725bb7fd723183 upstream. + +OPAL is not callable from 32-bit mode and the assembly code for it +may not even build (depending on how binutils was configured). + +References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=powerpcspe&ver=4.8.7-1&stamp=1479203712 +Fixes: 656ad58ef19e ("powerpc/boot: Add OPAL console to epapr wrappers") +Signed-off-by: Ben Hutchings +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/boot/Makefile | 3 ++- + arch/powerpc/boot/opal.c | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/boot/Makefile ++++ b/arch/powerpc/boot/Makefile +@@ -78,7 +78,8 @@ src-wlib-y := string.S crt0.S crtsavres. + ns16550.c serial.c simple_alloc.c div64.S util.S \ + gunzip_util.c elf_util.c $(zlib) devtree.c stdlib.c \ + oflib.c ofconsole.c cuboot.c mpsc.c cpm-serial.c \ +- uartlite.c mpc52xx-psc.c opal.c opal-calls.S ++ uartlite.c mpc52xx-psc.c opal.c ++src-wlib-$(CONFIG_PPC64_BOOT_WRAPPER) += opal-calls.S + src-wlib-$(CONFIG_40x) += 4xx.c planetcore.c + src-wlib-$(CONFIG_44x) += 4xx.c ebony.c bamboo.c + src-wlib-$(CONFIG_8xx) += mpc8xx.c planetcore.c fsl-soc.c +--- a/arch/powerpc/boot/opal.c ++++ b/arch/powerpc/boot/opal.c +@@ -13,7 +13,7 @@ + #include + #include "../include/asm/opal-api.h" + +-#ifdef __powerpc64__ ++#ifdef CONFIG_PPC64_BOOT_WRAPPER + + /* Global OPAL struct used by opal-call.S */ + struct opal { diff --git a/queue-4.8/powerpc-eeh-fix-deadlock-when-pe-frozen-state-can-t-be-cleared.patch b/queue-4.8/powerpc-eeh-fix-deadlock-when-pe-frozen-state-can-t-be-cleared.patch new file mode 100644 index 00000000000..eb06495198d --- /dev/null +++ b/queue-4.8/powerpc-eeh-fix-deadlock-when-pe-frozen-state-can-t-be-cleared.patch @@ -0,0 +1,42 @@ +From 409bf7f8a02ef88db5a0f2cdcf9489914f4b8508 Mon Sep 17 00:00:00 2001 +From: Andrew Donnellan +Date: Thu, 1 Dec 2016 11:23:05 +1100 +Subject: powerpc/eeh: Fix deadlock when PE frozen state can't be cleared + +From: Andrew Donnellan + +commit 409bf7f8a02ef88db5a0f2cdcf9489914f4b8508 upstream. + +In eeh_reset_device(), we take the pci_rescan_remove_lock immediately after +after we call eeh_reset_pe() to reset the PCI controller. We then call +eeh_clear_pe_frozen_state(), which can return an error. In this case, we +bail out of eeh_reset_device() without calling pci_unlock_rescan_remove(). + +Add a call to pci_unlock_rescan_remove() in the eeh_clear_pe_frozen_state() +error path so that we don't cause a deadlock later on. + +Reported-by: Pradipta Ghosh +Fixes: 78954700631f ("powerpc/eeh: Avoid I/O access during PE reset") +Signed-off-by: Andrew Donnellan +Acked-by: Russell Currey +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/eeh_driver.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/powerpc/kernel/eeh_driver.c ++++ b/arch/powerpc/kernel/eeh_driver.c +@@ -671,8 +671,10 @@ static int eeh_reset_device(struct eeh_p + + /* Clear frozen state */ + rc = eeh_clear_pe_frozen_state(pe, false); +- if (rc) ++ if (rc) { ++ pci_unlock_rescan_remove(); + return rc; ++ } + + /* Give the system 5 seconds to finish running the user-space + * hotplug shutdown scripts, e.g. ifdown for ethernet. Yes, diff --git a/queue-4.8/powerpc-mm-fix-lazy-icache-flush-on-pre-power5.patch b/queue-4.8/powerpc-mm-fix-lazy-icache-flush-on-pre-power5.patch new file mode 100644 index 00000000000..df284b62dce --- /dev/null +++ b/queue-4.8/powerpc-mm-fix-lazy-icache-flush-on-pre-power5.patch @@ -0,0 +1,73 @@ +From dd7b2f035ec41a409f7a7cec7aabc0ec0eacf476 Mon Sep 17 00:00:00 2001 +From: Benjamin Herrenschmidt +Date: Tue, 29 Nov 2016 13:13:46 +1100 +Subject: powerpc/mm: Fix lazy icache flush on pre-POWER5 + +From: Benjamin Herrenschmidt + +commit dd7b2f035ec41a409f7a7cec7aabc0ec0eacf476 upstream. + +On 64-bit CPUs with no-execute support and non-snooping icache, such as +970 or POWER4, we have a software mechanism to ensure coherency of the +cache (using exec faults when needed). + +This was broken due to a logic error when the code was rewritten +from assembly to C, previously the assembly code did: + + BEGIN_FTR_SECTION + mr r4,r30 + mr r5,r7 + bl hash_page_do_lazy_icache + END_FTR_SECTION(CPU_FTR_NOEXECUTE|CPU_FTR_COHERENT_ICACHE, CPU_FTR_NOEXECUTE) + +Which tests that: + (cpu_features & (NOEXECUTE | COHERENT_ICACHE)) == NOEXECUTE + +Which says that the current cpu does have NOEXECUTE, but does not have +COHERENT_ICACHE. + +Fixes: 91f1da99792a ("powerpc/mm: Convert 4k hash insert to C") +Fixes: 89ff725051d1 ("powerpc/mm: Convert __hash_page_64K to C") +Fixes: a43c0eb8364c ("powerpc/mm: Convert 4k insert from asm to C") +Signed-off-by: Benjamin Herrenschmidt +Reviewed-by: Aneesh Kumar K.V +[mpe: Change log verbosification] +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/mm/hash64_4k.c | 2 +- + arch/powerpc/mm/hash64_64k.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/powerpc/mm/hash64_4k.c ++++ b/arch/powerpc/mm/hash64_4k.c +@@ -55,7 +55,7 @@ int __hash_page_4K(unsigned long ea, uns + */ + rflags = htab_convert_pte_flags(new_pte); + +- if (!cpu_has_feature(CPU_FTR_NOEXECUTE) && ++ if (cpu_has_feature(CPU_FTR_NOEXECUTE) && + !cpu_has_feature(CPU_FTR_COHERENT_ICACHE)) + rflags = hash_page_do_lazy_icache(rflags, __pte(old_pte), trap); + +--- a/arch/powerpc/mm/hash64_64k.c ++++ b/arch/powerpc/mm/hash64_64k.c +@@ -87,7 +87,7 @@ int __hash_page_4K(unsigned long ea, uns + subpg_pte = new_pte & ~subpg_prot; + rflags = htab_convert_pte_flags(subpg_pte); + +- if (!cpu_has_feature(CPU_FTR_NOEXECUTE) && ++ if (cpu_has_feature(CPU_FTR_NOEXECUTE) && + !cpu_has_feature(CPU_FTR_COHERENT_ICACHE)) { + + /* +@@ -258,7 +258,7 @@ int __hash_page_64K(unsigned long ea, un + + rflags = htab_convert_pte_flags(new_pte); + +- if (!cpu_has_feature(CPU_FTR_NOEXECUTE) && ++ if (cpu_has_feature(CPU_FTR_NOEXECUTE) && + !cpu_has_feature(CPU_FTR_COHERENT_ICACHE)) + rflags = hash_page_do_lazy_icache(rflags, __pte(old_pte), trap); +