From: Greg Kroah-Hartman Date: Tue, 23 May 2017 17:58:43 +0000 (+0200) Subject: 3.18-stable patches X-Git-Tag: v3.18.55~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2a52f48a5ff1db95adc9ba86ae1d8e206971146b;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: osf_wait4-fix-infoleak.patch pci-fix-pci_mmap_fits-for-have_pci_resource_to_user-platforms.patch pci-freeze-pme-scan-before-suspending-devices.patch tracing-kprobes-enforce-kprobes-teardown-after-testing.patch --- diff --git a/queue-3.18/osf_wait4-fix-infoleak.patch b/queue-3.18/osf_wait4-fix-infoleak.patch new file mode 100644 index 00000000000..612e1ac649e --- /dev/null +++ b/queue-3.18/osf_wait4-fix-infoleak.patch @@ -0,0 +1,33 @@ +From a8c39544a6eb2093c04afd5005b6192bd0e880c6 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sun, 14 May 2017 21:47:25 -0400 +Subject: osf_wait4(): fix infoleak + +From: Al Viro + +commit a8c39544a6eb2093c04afd5005b6192bd0e880c6 upstream. + +failing sys_wait4() won't fill struct rusage... + +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + arch/alpha/kernel/osf_sys.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/alpha/kernel/osf_sys.c ++++ b/arch/alpha/kernel/osf_sys.c +@@ -1183,8 +1183,10 @@ SYSCALL_DEFINE4(osf_wait4, pid_t, pid, i + if (!access_ok(VERIFY_WRITE, ur, sizeof(*ur))) + return -EFAULT; + +- err = 0; +- err |= put_user(status, ustatus); ++ err = put_user(status, ustatus); ++ if (ret < 0) ++ return err ? err : ret; ++ + err |= __put_user(r.ru_utime.tv_sec, &ur->ru_utime.tv_sec); + err |= __put_user(r.ru_utime.tv_usec, &ur->ru_utime.tv_usec); + err |= __put_user(r.ru_stime.tv_sec, &ur->ru_stime.tv_sec); diff --git a/queue-3.18/pci-fix-pci_mmap_fits-for-have_pci_resource_to_user-platforms.patch b/queue-3.18/pci-fix-pci_mmap_fits-for-have_pci_resource_to_user-platforms.patch new file mode 100644 index 00000000000..2f2d9c9db67 --- /dev/null +++ b/queue-3.18/pci-fix-pci_mmap_fits-for-have_pci_resource_to_user-platforms.patch @@ -0,0 +1,46 @@ +From 6bccc7f426abd640f08d8c75fb22f99483f201b4 Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Wed, 12 Apr 2017 13:25:50 +0100 +Subject: PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms + +From: David Woodhouse + +commit 6bccc7f426abd640f08d8c75fb22f99483f201b4 upstream. + +In the PCI_MMAP_PROCFS case when the address being passed by the user is a +'user visible' resource address based on the bus window, and not the actual +contents of the resource, that's what we need to be checking it against. + +Signed-off-by: David Woodhouse +Signed-off-by: Bjorn Helgaas +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/pci-sysfs.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +--- a/drivers/pci/pci-sysfs.c ++++ b/drivers/pci/pci-sysfs.c +@@ -964,15 +964,19 @@ void pci_remove_legacy_files(struct pci_ + int pci_mmap_fits(struct pci_dev *pdev, int resno, struct vm_area_struct *vma, + enum pci_mmap_api mmap_api) + { +- unsigned long nr, start, size, pci_start; ++ unsigned long nr, start, size; ++ resource_size_t pci_start = 0, pci_end; + + if (pci_resource_len(pdev, resno) == 0) + return 0; + nr = vma_pages(vma); + start = vma->vm_pgoff; + size = ((pci_resource_len(pdev, resno) - 1) >> PAGE_SHIFT) + 1; +- pci_start = (mmap_api == PCI_MMAP_PROCFS) ? +- pci_resource_start(pdev, resno) >> PAGE_SHIFT : 0; ++ if (mmap_api == PCI_MMAP_PROCFS) { ++ pci_resource_to_user(pdev, resno, &pdev->resource[resno], ++ &pci_start, &pci_end); ++ pci_start >>= PAGE_SHIFT; ++ } + if (start >= pci_start && start < pci_start + size && + start + nr <= pci_start + size) + return 1; diff --git a/queue-3.18/pci-freeze-pme-scan-before-suspending-devices.patch b/queue-3.18/pci-freeze-pme-scan-before-suspending-devices.patch new file mode 100644 index 00000000000..9ce7e1c63cb --- /dev/null +++ b/queue-3.18/pci-freeze-pme-scan-before-suspending-devices.patch @@ -0,0 +1,152 @@ +From ea00353f36b64375518662a8ad15e39218a1f324 Mon Sep 17 00:00:00 2001 +From: Lukas Wunner +Date: Tue, 18 Apr 2017 20:44:30 +0200 +Subject: PCI: Freeze PME scan before suspending devices +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Lukas Wunner + +commit ea00353f36b64375518662a8ad15e39218a1f324 upstream. + +Laurent Pinchart reported that the Renesas R-Car H2 Lager board (r8a7790) +crashes during suspend tests. Geert Uytterhoeven managed to reproduce the +issue on an M2-W Koelsch board (r8a7791): + + It occurs when the PME scan runs, once per second. During PME scan, the + PCI host bridge (rcar-pci) registers are accessed while its module clock + has already been disabled, leading to the crash. + +One reproducer is to configure s2ram to use "s2idle" instead of "deep" +suspend: + + # echo 0 > /sys/module/printk/parameters/console_suspend + # echo s2idle > /sys/power/mem_sleep + # echo mem > /sys/power/state + +Another reproducer is to write either "platform" or "processors" to +/sys/power/pm_test. It does not (or is less likely) to happen during full +system suspend ("core" or "none") because system suspend also disables +timers, and thus the workqueue handling PME scans no longer runs. Geert +believes the issue may still happen in the small window between disabling +module clocks and disabling timers: + + # echo 0 > /sys/module/printk/parameters/console_suspend + # echo platform > /sys/power/pm_test # Or "processors" + # echo mem > /sys/power/state + +(Make sure CONFIG_PCI_RCAR_GEN2 and CONFIG_USB_OHCI_HCD_PCI are enabled.) + +Rafael Wysocki agrees that PME scans should be suspended before the host +bridge registers become inaccessible. To that end, queue the task on a +workqueue that gets frozen before devices suspend. + +Rafael notes however that as a result, some wakeup events may be missed if +they are delivered via PME from a device without working IRQ (which hence +must be polled) and occur after the workqueue has been frozen. If that +turns out to be an issue in practice, it may be possible to solve it by +calling pci_pme_list_scan() once directly from one of the host bridge's +pm_ops callbacks. + +Stacktrace for posterity: + + PM: Syncing filesystems ... [ 38.566237] done. + PM: Preparing system for sleep (mem) + Freezing user space processes ... [ 38.579813] (elapsed 0.001 seconds) done. + Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. + PM: Suspending system (mem) + PM: suspend of devices complete after 152.456 msecs + PM: late suspend of devices complete after 2.809 msecs + PM: noirq suspend of devices complete after 29.863 msecs + suspend debug: Waiting for 5 second(s). + Unhandled fault: asynchronous external abort (0x1211) at 0x00000000 + pgd = c0003000 + [00000000] *pgd=80000040004003, *pmd=00000000 + Internal error: : 1211 [#1] SMP ARM + Modules linked in: + CPU: 1 PID: 20 Comm: kworker/1:1 Not tainted + 4.9.0-rc1-koelsch-00011-g68db9bc814362e7f #3383 + Hardware name: Generic R8A7791 (Flattened Device Tree) + Workqueue: events pci_pme_list_scan + task: eb56e140 task.stack: eb58e000 + PC is at pci_generic_config_read+0x64/0x6c + LR is at rcar_pci_cfg_base+0x64/0x84 + pc : [] lr : [] psr: 600d0093 + sp : eb58fe98 ip : c041d750 fp : 00000008 + r10: c0e2283c r9 : 00000000 r8 : 600d0013 + r7 : 00000008 r6 : eb58fed6 r5 : 00000002 r4 : eb58feb4 + r3 : 00000000 r2 : 00000044 r1 : 00000008 r0 : 00000000 + Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user + Control: 30c5387d Table: 6a9f6c80 DAC: 55555555 + Process kworker/1:1 (pid: 20, stack limit = 0xeb58e210) + Stack: (0xeb58fe98 to 0xeb590000) + fe80: 00000002 00000044 + fea0: eb6f5800 c041d9b0 eb58feb4 00000008 00000044 00000000 eb78a000 eb78a000 + fec0: 00000044 00000000 eb9aff00 c0424bf0 eb78a000 00000000 eb78a000 c0e22830 + fee0: ea8a6fc0 c0424c5c eaae79c0 c0424ce0 eb55f380 c0e22838 eb9a9800 c0235fbc + ff00: eb55f380 c0e22838 eb55f380 eb9a9800 eb9a9800 eb58e000 eb9a9824 c0e02100 + ff20: eb55f398 c02366c4 eb56e140 eb5631c0 00000000 eb55f380 c023641c 00000000 + ff40: 00000000 00000000 00000000 c023a928 cd105598 00000000 40506a34 eb55f380 + ff60: 00000000 00000000 dead4ead ffffffff ffffffff eb58ff74 eb58ff74 00000000 + ff80: 00000000 dead4ead ffffffff ffffffff eb58ff90 eb58ff90 eb58ffac eb5631c0 + ffa0: c023a844 00000000 00000000 c0206d68 00000000 00000000 00000000 00000000 + ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 + ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 3a81336c 10ccd1dd + [] (pci_generic_config_read) from [] + (pci_bus_read_config_word+0x58/0x80) + [] (pci_bus_read_config_word) from [] + (pci_check_pme_status+0x34/0x78) + [] (pci_check_pme_status) from [] (pci_pme_wakeup+0x28/0x54) + [] (pci_pme_wakeup) from [] (pci_pme_list_scan+0x58/0xb4) + [] (pci_pme_list_scan) from [] + (process_one_work+0x1bc/0x308) + [] (process_one_work) from [] (worker_thread+0x2a8/0x3e0) + [] (worker_thread) from [] (kthread+0xe4/0xfc) + [] (kthread) from [] (ret_from_fork+0x14/0x2c) + Code: ea000000 e5903000 f57ff04f e3a00000 (e5843000) + ---[ end trace 667d43ba3aa9e589 ]--- + +Fixes: df17e62e5bff ("PCI: Add support for polling PME state on suspended legacy PCI devices") +Reported-and-tested-by: Laurent Pinchart +Reported-and-tested-by: Geert Uytterhoeven +Signed-off-by: Lukas Wunner +Signed-off-by: Bjorn Helgaas +Reviewed-by: Laurent Pinchart +Acked-by: Rafael J. Wysocki +Cc: Mika Westerberg +Cc: Niklas Söderlund +Cc: Simon Horman +Cc: Yinghai Lu +Cc: Matthew Garrett +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/pci.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/drivers/pci/pci.c ++++ b/drivers/pci/pci.c +@@ -1685,8 +1685,8 @@ static void pci_pme_list_scan(struct wor + } + } + if (!list_empty(&pci_pme_list)) +- schedule_delayed_work(&pci_pme_work, +- msecs_to_jiffies(PME_TIMEOUT)); ++ queue_delayed_work(system_freezable_wq, &pci_pme_work, ++ msecs_to_jiffies(PME_TIMEOUT)); + mutex_unlock(&pci_pme_list_mutex); + } + +@@ -1746,8 +1746,9 @@ void pci_pme_active(struct pci_dev *dev, + mutex_lock(&pci_pme_list_mutex); + list_add(&pme_dev->list, &pci_pme_list); + if (list_is_singular(&pci_pme_list)) +- schedule_delayed_work(&pci_pme_work, +- msecs_to_jiffies(PME_TIMEOUT)); ++ queue_delayed_work(system_freezable_wq, ++ &pci_pme_work, ++ msecs_to_jiffies(PME_TIMEOUT)); + mutex_unlock(&pci_pme_list_mutex); + } else { + mutex_lock(&pci_pme_list_mutex); diff --git a/queue-3.18/series b/queue-3.18/series index c16a7fe807b..262b56595a7 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -51,3 +51,7 @@ metag-uaccess-fix-access_ok.patch metag-uaccess-check-access_ok-in-strncpy_from_user.patch stackprotector-increase-the-per-task-stack-canary-s-random-range-from-32-bits-to-64-bits-on-64-bit-platforms.patch uwb-fix-device-quirk-on-big-endian-hosts.patch +osf_wait4-fix-infoleak.patch +tracing-kprobes-enforce-kprobes-teardown-after-testing.patch +pci-fix-pci_mmap_fits-for-have_pci_resource_to_user-platforms.patch +pci-freeze-pme-scan-before-suspending-devices.patch diff --git a/queue-3.18/tracing-kprobes-enforce-kprobes-teardown-after-testing.patch b/queue-3.18/tracing-kprobes-enforce-kprobes-teardown-after-testing.patch new file mode 100644 index 00000000000..8d46d253ebf --- /dev/null +++ b/queue-3.18/tracing-kprobes-enforce-kprobes-teardown-after-testing.patch @@ -0,0 +1,77 @@ +From 30e7d894c1478c88d50ce94ddcdbd7f9763d9cdd Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 17 May 2017 10:19:49 +0200 +Subject: tracing/kprobes: Enforce kprobes teardown after testing + +From: Thomas Gleixner + +commit 30e7d894c1478c88d50ce94ddcdbd7f9763d9cdd upstream. + +Enabling the tracer selftest triggers occasionally the warning in +text_poke(), which warns when the to be modified page is not marked +reserved. + +The reason is that the tracer selftest installs kprobes on functions marked +__init for testing. These probes are removed after the tests, but that +removal schedules the delayed kprobes_optimizer work, which will do the +actual text poke. If the work is executed after the init text is freed, +then the warning triggers. The bug can be reproduced reliably when the work +delay is increased. + +Flush the optimizer work and wait for the optimizing/unoptimizing lists to +become empty before returning from the kprobes tracer selftest. That +ensures that all operations which were queued due to the probes removal +have completed. + +Link: http://lkml.kernel.org/r/20170516094802.76a468bb@gandalf.local.home + +Signed-off-by: Thomas Gleixner +Acked-by: Masami Hiramatsu +Fixes: 6274de498 ("kprobes: Support delayed unoptimizing") +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/kprobes.h | 4 +++- + kernel/kprobes.c | 2 +- + kernel/trace/trace_kprobe.c | 5 +++++ + 3 files changed, 9 insertions(+), 2 deletions(-) + +--- a/include/linux/kprobes.h ++++ b/include/linux/kprobes.h +@@ -327,7 +327,9 @@ extern int proc_kprobes_optimization_han + int write, void __user *buffer, + size_t *length, loff_t *ppos); + #endif +- ++extern void wait_for_kprobe_optimizer(void); ++#else ++static inline void wait_for_kprobe_optimizer(void) { } + #endif /* CONFIG_OPTPROBES */ + #ifdef CONFIG_KPROBES_ON_FTRACE + extern void kprobe_ftrace_handler(unsigned long ip, unsigned long parent_ip, +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -563,7 +563,7 @@ static void kprobe_optimizer(struct work + } + + /* Wait for completing optimization and unoptimization */ +-static void wait_for_kprobe_optimizer(void) ++void wait_for_kprobe_optimizer(void) + { + mutex_lock(&kprobe_mutex); + +--- a/kernel/trace/trace_kprobe.c ++++ b/kernel/trace/trace_kprobe.c +@@ -1484,6 +1484,11 @@ static __init int kprobe_trace_self_test + + end: + release_all_trace_kprobes(); ++ /* ++ * Wait for the optimizer work to finish. Otherwise it might fiddle ++ * with probes in already freed __init text. ++ */ ++ wait_for_kprobe_optimizer(); + if (warn) + pr_cont("NG: Some tests are failed. Please check them.\n"); + else