From: Greg Kroah-Hartman Date: Sun, 27 Oct 2019 16:00:50 +0000 (+0100) Subject: 4.9-stable patches X-Git-Tag: v4.4.198~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=177996fd31bceefd293ffc4b3337ae00fbcf2c7d;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: btrfs-block-group-fix-a-memory-leak-due-to-missing-btrfs_put_block_group.patch cifs-avoid-using-mid-0xffff.patch cpufreq-avoid-cpufreq_suspend-deadlock-on-system-shutdown.patch memstick-jmb38x_ms-fix-an-error-handling-path-in-jmb38x_ms_probe.patch pci-pm-fix-pci_power_up.patch xen-netback-fix-error-path-of-xenvif_connect_data.patch --- diff --git a/queue-4.9/btrfs-block-group-fix-a-memory-leak-due-to-missing-btrfs_put_block_group.patch b/queue-4.9/btrfs-block-group-fix-a-memory-leak-due-to-missing-btrfs_put_block_group.patch new file mode 100644 index 00000000000..7701515a96a --- /dev/null +++ b/queue-4.9/btrfs-block-group-fix-a-memory-leak-due-to-missing-btrfs_put_block_group.patch @@ -0,0 +1,42 @@ +From 4b654acdae850f48b8250b9a578a4eaa518c7a6f Mon Sep 17 00:00:00 2001 +From: Qu Wenruo +Date: Thu, 10 Oct 2019 10:39:26 +0800 +Subject: btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() + +From: Qu Wenruo + +commit 4b654acdae850f48b8250b9a578a4eaa518c7a6f upstream. + +In btrfs_read_block_groups(), if we have an invalid block group which +has mixed type (DATA|METADATA) while the fs doesn't have MIXED_GROUPS +feature, we error out without freeing the block group cache. + +This patch will add the missing btrfs_put_block_group() to prevent +memory leak. + +Note for stable backports: the file to patch in versions <= 5.3 is +fs/btrfs/extent-tree.c + +Fixes: 49303381f19a ("Btrfs: bail out if block group has different mixed flag") +CC: stable@vger.kernel.org # 4.9+ +Reviewed-by: Anand Jain +Reviewed-by: Johannes Thumshirn +Signed-off-by: Qu Wenruo +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/extent-tree.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/btrfs/extent-tree.c ++++ b/fs/btrfs/extent-tree.c +@@ -10325,6 +10325,7 @@ int btrfs_read_block_groups(struct btrfs + btrfs_err(info, + "bg %llu is a mixed block group but filesystem hasn't enabled mixed block groups", + cache->key.objectid); ++ btrfs_put_block_group(cache); + ret = -EINVAL; + goto error; + } diff --git a/queue-4.9/cifs-avoid-using-mid-0xffff.patch b/queue-4.9/cifs-avoid-using-mid-0xffff.patch new file mode 100644 index 00000000000..09428923d06 --- /dev/null +++ b/queue-4.9/cifs-avoid-using-mid-0xffff.patch @@ -0,0 +1,38 @@ +From 03d9a9fe3f3aec508e485dd3dcfa1e99933b4bdb Mon Sep 17 00:00:00 2001 +From: Roberto Bergantinos Corpas +Date: Mon, 14 Oct 2019 10:59:23 +0200 +Subject: CIFS: avoid using MID 0xFFFF + +From: Roberto Bergantinos Corpas + +commit 03d9a9fe3f3aec508e485dd3dcfa1e99933b4bdb upstream. + +According to MS-CIFS specification MID 0xFFFF should not be used by the +CIFS client, but we actually do. Besides, this has proven to cause races +leading to oops between SendReceive2/cifs_demultiplex_thread. On SMB1, +MID is a 2 byte value easy to reach in CurrentMid which may conflict with +an oplock break notification request coming from server + +Signed-off-by: Roberto Bergantinos Corpas +Reviewed-by: Ronnie Sahlberg +Reviewed-by: Aurelien Aptel +Signed-off-by: Steve French +CC: Stable +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb1ops.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/cifs/smb1ops.c ++++ b/fs/cifs/smb1ops.c +@@ -180,6 +180,9 @@ cifs_get_next_mid(struct TCP_Server_Info + /* we do not want to loop forever */ + last_mid = cur_mid; + cur_mid++; ++ /* avoid 0xFFFF MID */ ++ if (cur_mid == 0xffff) ++ cur_mid++; + + /* + * This nested loop looks more expensive than it is. diff --git a/queue-4.9/cpufreq-avoid-cpufreq_suspend-deadlock-on-system-shutdown.patch b/queue-4.9/cpufreq-avoid-cpufreq_suspend-deadlock-on-system-shutdown.patch new file mode 100644 index 00000000000..e2692870961 --- /dev/null +++ b/queue-4.9/cpufreq-avoid-cpufreq_suspend-deadlock-on-system-shutdown.patch @@ -0,0 +1,88 @@ +From 65650b35133ff20f0c9ef0abd5c3c66dbce3ae57 Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" +Date: Wed, 9 Oct 2019 01:29:10 +0200 +Subject: cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Rafael J. Wysocki + +commit 65650b35133ff20f0c9ef0abd5c3c66dbce3ae57 upstream. + +It is incorrect to set the cpufreq syscore shutdown callback pointer +to cpufreq_suspend(), because that function cannot be run in the +syscore stage of system shutdown for two reasons: (a) it may attempt +to carry out actions depending on devices that have already been shut +down at that point and (b) the RCU synchronization carried out by it +may not be able to make progress then. + +The latter issue has been present since commit 45975c7d21a1 ("rcu: +Define RCU-sched API in terms of RCU for Tree RCU PREEMPT builds"), +but the former one has been there since commit 90de2a4aa9f3 ("cpufreq: +suspend cpufreq governors on shutdown") regardless. + +Fix that by dropping cpufreq_syscore_ops altogether and making +device_shutdown() call cpufreq_suspend() directly before shutting +down devices, which is along the lines of what system-wide power +management does. + +Fixes: 45975c7d21a1 ("rcu: Define RCU-sched API in terms of RCU for Tree RCU PREEMPT builds") +Fixes: 90de2a4aa9f3 ("cpufreq: suspend cpufreq governors on shutdown") +Reported-by: Ville Syrjälä +Tested-by: Ville Syrjälä +Signed-off-by: Rafael J. Wysocki +Acked-by: Viresh Kumar +Cc: 4.0+ # 4.0+ +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/core.c | 3 +++ + drivers/cpufreq/cpufreq.c | 10 ---------- + 2 files changed, 3 insertions(+), 10 deletions(-) + +--- a/drivers/base/core.c ++++ b/drivers/base/core.c +@@ -10,6 +10,7 @@ + * + */ + ++#include + #include + #include + #include +@@ -2128,6 +2129,8 @@ void device_shutdown(void) + wait_for_device_probe(); + device_block_probing(); + ++ cpufreq_suspend(); ++ + spin_lock(&devices_kset->list_lock); + /* + * Walk the devices list backward, shutting down each in turn. +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -2543,14 +2543,6 @@ int cpufreq_unregister_driver(struct cpu + } + EXPORT_SYMBOL_GPL(cpufreq_unregister_driver); + +-/* +- * Stop cpufreq at shutdown to make sure it isn't holding any locks +- * or mutexes when secondary CPUs are halted. +- */ +-static struct syscore_ops cpufreq_syscore_ops = { +- .shutdown = cpufreq_suspend, +-}; +- + struct kobject *cpufreq_global_kobject; + EXPORT_SYMBOL(cpufreq_global_kobject); + +@@ -2562,8 +2554,6 @@ static int __init cpufreq_core_init(void + cpufreq_global_kobject = kobject_create_and_add("cpufreq", &cpu_subsys.dev_root->kobj); + BUG_ON(!cpufreq_global_kobject); + +- register_syscore_ops(&cpufreq_syscore_ops); +- + return 0; + } + core_initcall(cpufreq_core_init); diff --git a/queue-4.9/memstick-jmb38x_ms-fix-an-error-handling-path-in-jmb38x_ms_probe.patch b/queue-4.9/memstick-jmb38x_ms-fix-an-error-handling-path-in-jmb38x_ms_probe.patch new file mode 100644 index 00000000000..f27d62277f6 --- /dev/null +++ b/queue-4.9/memstick-jmb38x_ms-fix-an-error-handling-path-in-jmb38x_ms_probe.patch @@ -0,0 +1,35 @@ +From 28c9fac09ab0147158db0baeec630407a5e9b892 Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Sat, 5 Oct 2019 13:21:01 +0200 +Subject: memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' + +From: Christophe JAILLET + +commit 28c9fac09ab0147158db0baeec630407a5e9b892 upstream. + +If 'jmb38x_ms_count_slots()' returns 0, we must undo the previous +'pci_request_regions()' call. + +Goto 'err_out_int' to fix it. + +Fixes: 60fdd931d577 ("memstick: add support for JMicron jmb38x MemoryStick host controller") +Cc: stable@vger.kernel.org +Signed-off-by: Christophe JAILLET +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/memstick/host/jmb38x_ms.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/memstick/host/jmb38x_ms.c ++++ b/drivers/memstick/host/jmb38x_ms.c +@@ -947,7 +947,7 @@ static int jmb38x_ms_probe(struct pci_de + if (!cnt) { + rc = -ENODEV; + pci_dev_busy = 1; +- goto err_out; ++ goto err_out_int; + } + + jm = kzalloc(sizeof(struct jmb38x_ms) diff --git a/queue-4.9/pci-pm-fix-pci_power_up.patch b/queue-4.9/pci-pm-fix-pci_power_up.patch new file mode 100644 index 00000000000..4d3edd1d54d --- /dev/null +++ b/queue-4.9/pci-pm-fix-pci_power_up.patch @@ -0,0 +1,81 @@ +From 45144d42f299455911cc29366656c7324a3a7c97 Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" +Date: Mon, 14 Oct 2019 13:25:00 +0200 +Subject: PCI: PM: Fix pci_power_up() + +From: Rafael J. Wysocki + +commit 45144d42f299455911cc29366656c7324a3a7c97 upstream. + +There is an arbitrary difference between the system resume and +runtime resume code paths for PCI devices regarding the delay to +apply when switching the devices from D3cold to D0. + +Namely, pci_restore_standard_config() used in the runtime resume +code path calls pci_set_power_state() which in turn invokes +__pci_start_power_transition() to power up the device through the +platform firmware and that function applies the transition delay +(as per PCI Express Base Specification Revision 2.0, Section 6.6.1). +However, pci_pm_default_resume_early() used in the system resume +code path calls pci_power_up() which doesn't apply the delay at +all and that causes issues to occur during resume from +suspend-to-idle on some systems where the delay is required. + +Since there is no reason for that difference to exist, modify +pci_power_up() to follow pci_set_power_state() more closely and +invoke __pci_start_power_transition() from there to call the +platform firmware to power up the device (in case that's necessary). + +Fixes: db288c9c5f9d ("PCI / PM: restore the original behavior of pci_set_power_state()") +Reported-by: Daniel Drake +Tested-by: Daniel Drake +Link: https://lore.kernel.org/linux-pm/CAD8Lp44TYxrMgPLkHCqF9hv6smEurMXvmmvmtyFhZ6Q4SE+dig@mail.gmail.com/T/#m21be74af263c6a34f36e0fc5c77c5449d9406925 +Signed-off-by: Rafael J. Wysocki +Acked-by: Bjorn Helgaas +Cc: 3.10+ # 3.10+ +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/pci.c | 24 +++++++++++------------- + 1 file changed, 11 insertions(+), 13 deletions(-) + +--- a/drivers/pci/pci.c ++++ b/drivers/pci/pci.c +@@ -754,19 +754,6 @@ void pci_update_current_state(struct pci + } + + /** +- * pci_power_up - Put the given device into D0 forcibly +- * @dev: PCI device to power up +- */ +-void pci_power_up(struct pci_dev *dev) +-{ +- if (platform_pci_power_manageable(dev)) +- platform_pci_set_power_state(dev, PCI_D0); +- +- pci_raw_set_power_state(dev, PCI_D0); +- pci_update_current_state(dev, PCI_D0); +-} +- +-/** + * pci_platform_power_transition - Use platform to change device power state + * @dev: PCI device to handle. + * @state: State to put the device into. +@@ -942,6 +929,17 @@ int pci_set_power_state(struct pci_dev * + EXPORT_SYMBOL(pci_set_power_state); + + /** ++ * pci_power_up - Put the given device into D0 forcibly ++ * @dev: PCI device to power up ++ */ ++void pci_power_up(struct pci_dev *dev) ++{ ++ __pci_start_power_transition(dev, PCI_D0); ++ pci_raw_set_power_state(dev, PCI_D0); ++ pci_update_current_state(dev, PCI_D0); ++} ++ ++/** + * pci_choose_state - Choose the power state of a PCI device + * @dev: PCI device to be suspended + * @state: target sleep state for the whole system. This is the value diff --git a/queue-4.9/series b/queue-4.9/series index 62cccec265a..0c4e0516001 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -39,3 +39,9 @@ scsi-zfcp-fix-reaction-on-bit-error-threshold-notifi.patch mm-slub-fix-a-deadlock-in-show_slab_objects.patch xtensa-drop-export_symbol-for-outs-ins.patch parisc-fix-vmap-memory-leak-in-ioremap-iounmap.patch +cifs-avoid-using-mid-0xffff.patch +btrfs-block-group-fix-a-memory-leak-due-to-missing-btrfs_put_block_group.patch +memstick-jmb38x_ms-fix-an-error-handling-path-in-jmb38x_ms_probe.patch +cpufreq-avoid-cpufreq_suspend-deadlock-on-system-shutdown.patch +xen-netback-fix-error-path-of-xenvif_connect_data.patch +pci-pm-fix-pci_power_up.patch diff --git a/queue-4.9/xen-netback-fix-error-path-of-xenvif_connect_data.patch b/queue-4.9/xen-netback-fix-error-path-of-xenvif_connect_data.patch new file mode 100644 index 00000000000..5999a18f68d --- /dev/null +++ b/queue-4.9/xen-netback-fix-error-path-of-xenvif_connect_data.patch @@ -0,0 +1,36 @@ +From 3d5c1a037d37392a6859afbde49be5ba6a70a6b3 Mon Sep 17 00:00:00 2001 +From: Juergen Gross +Date: Fri, 18 Oct 2019 09:45:49 +0200 +Subject: xen/netback: fix error path of xenvif_connect_data() + +From: Juergen Gross + +commit 3d5c1a037d37392a6859afbde49be5ba6a70a6b3 upstream. + +xenvif_connect_data() calls module_put() in case of error. This is +wrong as there is no related module_get(). + +Remove the superfluous module_put(). + +Fixes: 279f438e36c0a7 ("xen-netback: Don't destroy the netdev until the vif is shut down") +Cc: # 3.12 +Signed-off-by: Juergen Gross +Reviewed-by: Paul Durrant +Reviewed-by: Wei Liu +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/xen-netback/interface.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/net/xen-netback/interface.c ++++ b/drivers/net/xen-netback/interface.c +@@ -706,7 +706,6 @@ err_unmap: + xenvif_unmap_frontend_data_rings(queue); + netif_napi_del(&queue->napi); + err: +- module_put(THIS_MODULE); + return err; + } +