From: Greg Kroah-Hartman Date: Thu, 27 Apr 2017 10:04:09 +0000 (+0200) Subject: 3.18-stable patches X-Git-Tag: v4.4.65~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3180c269674a3e739e9a4bb88791ad06ddb74bbd;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: arm-psci-fix-header-file.patch arm64-avoid-returning-from-bad_mode.patch clk-at91-usb-fix-determine_rate-prototype-again.patch dm-bufio-hide-bogus-warning.patch gadgetfs-fix-uninitialized-variable-in-error-handling.patch --- diff --git a/queue-3.18/arm-psci-fix-header-file.patch b/queue-3.18/arm-psci-fix-header-file.patch new file mode 100644 index 00000000000..8c4a250b56b --- /dev/null +++ b/queue-3.18/arm-psci-fix-header-file.patch @@ -0,0 +1,51 @@ +From arnd@arndb.de Thu Apr 27 11:58:20 2017 +From: Arnd Bergmann +Date: Fri, 21 Apr 2017 15:59:17 +0200 +Subject: ARM: psci: fix header file +To: stable@vger.kernel.org +Cc: gregkh@linuxfoundation.org, Arnd Bergmann , Russell King , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org +Message-ID: <20170421135923.2735181-1-arnd@arndb.de> + +From: Arnd Bergmann + +Commit be95485a0b828 was incorrectly backported to 3.18 and +now causes a different build error when CONFIG_SMP is disabled: + + arch/arm/kernel/psci.c:287:12: error: redefinition of 'psci_init' + +This version is how it should be on 3.18, with the main psci +code built for both SMP and UP, but the psci_smp_available() +function only being available for SMP builds. + +Fixes: dbcfee724255 ("ARM: 8457/1: psci-smp is built only for SMP") +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/include/asm/psci.h | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/arch/arm/include/asm/psci.h b/arch/arm/include/asm/psci.h +index e3789fb02c9c..8ca5308a05d7 100644 +--- a/arch/arm/include/asm/psci.h ++++ b/arch/arm/include/asm/psci.h +@@ -37,11 +37,15 @@ struct psci_operations { + extern struct psci_operations psci_ops; + extern struct smp_operations psci_smp_ops; + +-#if defined(CONFIG_SMP) && defined(CONFIG_ARM_PSCI) ++#ifdef CONFIG_ARM_PSCI + int psci_init(void); +-bool psci_smp_available(void); + #else + static inline int psci_init(void) { return 0; } ++#endif ++ ++#if defined(CONFIG_SMP) && defined(CONFIG_ARM_PSCI) ++bool psci_smp_available(void); ++#else + static inline bool psci_smp_available(void) { return false; } + #endif + +-- +2.9.0 + diff --git a/queue-3.18/arm64-avoid-returning-from-bad_mode.patch b/queue-3.18/arm64-avoid-returning-from-bad_mode.patch new file mode 100644 index 00000000000..1646d2c29d7 --- /dev/null +++ b/queue-3.18/arm64-avoid-returning-from-bad_mode.patch @@ -0,0 +1,107 @@ +From 7d9e8f71b989230bc613d121ca38507d34ada849 Mon Sep 17 00:00:00 2001 +From: Mark Rutland +Date: Wed, 18 Jan 2017 17:23:41 +0000 +Subject: arm64: avoid returning from bad_mode + +From: Mark Rutland + +commit 7d9e8f71b989230bc613d121ca38507d34ada849 upstream. + +Generally, taking an unexpected exception should be a fatal event, and +bad_mode is intended to cater for this. However, it should be possible +to contain unexpected synchronous exceptions from EL0 without bringing +the kernel down, by sending a SIGILL to the task. + +We tried to apply this approach in commit 9955ac47f4ba1c95 ("arm64: +don't kill the kernel on a bad esr from el0"), by sending a signal for +any bad_mode call resulting from an EL0 exception. + +However, this also applies to other unexpected exceptions, such as +SError and FIQ. The entry paths for these exceptions branch to bad_mode +without configuring the link register, and have no kernel_exit. Thus, if +we take one of these exceptions from EL0, bad_mode will eventually +return to the original user link register value. + +This patch fixes this by introducing a new bad_el0_sync handler to cater +for the recoverable case, and restoring bad_mode to its original state, +whereby it calls panic() and never returns. The recoverable case +branches to bad_el0_sync with a bl, and returns to userspace via the +usual ret_to_user mechanism. + +Signed-off-by: Mark Rutland +Fixes: 9955ac47f4ba1c95 ("arm64: don't kill the kernel on a bad esr from el0") +Reported-by: Mark Salter +Cc: Will Deacon +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman + + +--- + arch/arm64/kernel/entry.S | 4 ++-- + arch/arm64/kernel/traps.c | 28 ++++++++++++++++++++++++---- + 2 files changed, 26 insertions(+), 6 deletions(-) + +--- a/arch/arm64/kernel/entry.S ++++ b/arch/arm64/kernel/entry.S +@@ -551,8 +551,8 @@ el0_inv: + mov x0, sp + mov x1, #BAD_SYNC + mrs x2, esr_el1 +- adr lr, ret_to_user +- b bad_mode ++ bl bad_el0_sync ++ b ret_to_user + ENDPROC(el0_sync) + + .align 6 +--- a/arch/arm64/kernel/traps.c ++++ b/arch/arm64/kernel/traps.c +@@ -308,16 +308,33 @@ asmlinkage long do_ni_syscall(struct pt_ + } + + /* +- * bad_mode handles the impossible case in the exception vector. ++ * bad_mode handles the impossible case in the exception vector. This is always ++ * fatal. + */ + asmlinkage void bad_mode(struct pt_regs *regs, int reason, unsigned int esr) + { +- siginfo_t info; +- void __user *pc = (void __user *)instruction_pointer(regs); + console_verbose(); + + pr_crit("Bad mode in %s handler detected, code 0x%08x\n", + handler[reason], esr); ++ ++ die("Oops - bad mode", regs, 0); ++ local_irq_disable(); ++ panic("bad mode"); ++} ++ ++/* ++ * bad_el0_sync handles unexpected, but potentially recoverable synchronous ++ * exceptions taken from EL0. Unlike bad_mode, this returns. ++ */ ++asmlinkage void bad_el0_sync(struct pt_regs *regs, int reason, unsigned int esr) ++{ ++ siginfo_t info; ++ void __user *pc = (void __user *)instruction_pointer(regs); ++ console_verbose(); ++ ++ pr_crit("Bad EL0 synchronous exception detected on CPU%d, code 0x%08x\n", ++ smp_processor_id(), esr); + __show_regs(regs); + + info.si_signo = SIGILL; +@@ -325,7 +342,10 @@ asmlinkage void bad_mode(struct pt_regs + info.si_code = ILL_ILLOPC; + info.si_addr = pc; + +- arm64_notify_die("Oops - bad mode", regs, &info, 0); ++ current->thread.fault_address = 0; ++ current->thread.fault_code = 0; ++ ++ force_sig_info(info.si_signo, &info, current); + } + + void __pte_error(const char *file, int line, unsigned long val) diff --git a/queue-3.18/clk-at91-usb-fix-determine_rate-prototype-again.patch b/queue-3.18/clk-at91-usb-fix-determine_rate-prototype-again.patch new file mode 100644 index 00000000000..b70e2098e7b --- /dev/null +++ b/queue-3.18/clk-at91-usb-fix-determine_rate-prototype-again.patch @@ -0,0 +1,50 @@ +From arnd@arndb.de Thu Apr 27 11:55:29 2017 +From: Arnd Bergmann +Date: Fri, 21 Apr 2017 14:45:23 +0200 +Subject: clk: at91: usb: fix determine_rate prototype again +To: stable@vger.kernel.org +Cc: gregkh@linuxfoundation.org, Arnd Bergmann , Boris Brezillon , Mike Turquette , linux-kernel@vger.kernel.org +Message-ID: <20170421124528.2644028-1-arnd@arndb.de> + +From: Arnd Bergmann + +We had an incorrect backport of +4591243102fa ("clk: at91: usb: propagate rate modification to the parent clk") +that was fixed incorrectly in linux-3.18.y by +76723e7ed589 ("clk: at91: usb: fix determine_rate prototype") + +as shown by this warning: + +drivers/clk/at91/clk-usb.c:155:20: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types] +drivers/clk/at91/clk-usb.c:193:20: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types] + +This should fix it properly. + +Acked-by: Boris Brezillon +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/clk/at91/clk-usb.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/clk/at91/clk-usb.c ++++ b/drivers/clk/at91/clk-usb.c +@@ -59,7 +59,7 @@ static unsigned long at91sam9x5_clk_usb_ + static long at91sam9x5_clk_usb_determine_rate(struct clk_hw *hw, + unsigned long rate, + unsigned long *best_parent_rate, +- struct clk_hw **best_parent_hw) ++ struct clk **best_parent_hw) + { + struct clk *parent = NULL; + long best_rate = -EINVAL; +@@ -91,7 +91,7 @@ static long at91sam9x5_clk_usb_determine + best_rate = tmp_rate; + best_diff = tmp_diff; + *best_parent_rate = tmp_parent_rate; +- *best_parent_hw = __clk_get_hw(parent); ++ *best_parent_hw = parent; + } + + if (!best_diff || tmp_rate < rate) diff --git a/queue-3.18/dm-bufio-hide-bogus-warning.patch b/queue-3.18/dm-bufio-hide-bogus-warning.patch new file mode 100644 index 00000000000..1aabf5553fc --- /dev/null +++ b/queue-3.18/dm-bufio-hide-bogus-warning.patch @@ -0,0 +1,43 @@ +From arnd@arndb.de Thu Apr 27 11:57:34 2017 +From: Arnd Bergmann +Date: Fri, 21 Apr 2017 15:41:10 +0200 +Subject: dm bufio: hide bogus warning +To: stable@vger.kernel.org +Cc: gregkh@linuxfoundation.org, Arnd Bergmann , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com, linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org +Message-ID: <20170421134212.2727744-1-arnd@arndb.de> + +From: Arnd Bergmann + +mips-gcc-5.3 warns about correct code on linux-3.18 and earlier: + +In file included from ../include/linux/blkdev.h:4:0, + from ../drivers/md/dm-bufio.h:12, + from ../drivers/md/dm-bufio.c:9: +../drivers/md/dm-bufio.c: In function 'alloc_buffer': +../include/linux/sched.h:1975:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] + current->flags = (current->flags & ~PF_MEMALLOC_NOIO) | flags; + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~ +../drivers/md/dm-bufio.c:325:11: note: 'noio_flag' was declared here + +The warning disappeared on later kernels with this commit: be0c37c985ed +("MIPS: Rearrange PTE bits into fixed positions.") I assume this only +happened because it changed some inlining decisions. + +On 3.18.y, we can shut up the warning by adding an extra initialization. + +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-bufio.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/md/dm-bufio.c ++++ b/drivers/md/dm-bufio.c +@@ -349,6 +349,7 @@ static void *alloc_buffer_data(struct dm + * as if GFP_NOIO was specified. + */ + ++ noio_flag = 0; + if (gfp_mask & __GFP_NORETRY) + noio_flag = memalloc_noio_save(); + diff --git a/queue-3.18/gadgetfs-fix-uninitialized-variable-in-error-handling.patch b/queue-3.18/gadgetfs-fix-uninitialized-variable-in-error-handling.patch new file mode 100644 index 00000000000..b810ca5b05d --- /dev/null +++ b/queue-3.18/gadgetfs-fix-uninitialized-variable-in-error-handling.patch @@ -0,0 +1,43 @@ +From arnd@arndb.de Thu Apr 27 11:56:31 2017 +From: Arnd Bergmann +Date: Fri, 21 Apr 2017 15:06:12 +0200 +Subject: gadgetfs: fix uninitialized variable in error handling +To: stable@vger.kernel.org +Cc: gregkh@linuxfoundation.org, Arnd Bergmann , Felipe Balbi , Bin Liu , Sasha Levin , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org +Message-ID: <20170421130623.2668561-1-arnd@arndb.de> + +From: Arnd Bergmann + +gcc warns about a bug in 3.18.y: + +drivers/usb/gadget/legacy/inode.c:648:10: warning: 'value' may be used + +This is caused by the backport of f01d35a15fa0416 from 4.0 to 3.18: +c81fc59be42c6e0 gadgetfs: use-after-free in ->aio_read() + +The backported patch was buggy, but the mainline code was rewritten +in a larger patch directly following this one in a way that fixed the +bug. + +For stable, we should need only a one-line change to make sure we +return an proper error code. It is very unlikely that anybody ever +ran into the out-of-memory case here in practice, but the compiler +is right in theory. + +Fixes: c81fc59be42c ("gadgetfs: use-after-free in ->aio_read()") +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/gadget/legacy/inode.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/usb/gadget/legacy/inode.c ++++ b/drivers/usb/gadget/legacy/inode.c +@@ -654,6 +654,7 @@ fail: + GFP_KERNEL); + if (!priv->iv) { + kfree(priv); ++ value = -ENOMEM; + goto fail; + } + } diff --git a/queue-3.18/series b/queue-3.18/series index 30856282fb9..accfd540bc2 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -14,3 +14,8 @@ ubi-upd-always-flush-after-prepared-for-an-update.patch powerpc-kprobe-fix-oops-when-kprobed-on-stdu-instruction.patch x86-mce-amd-give-a-name-to-mca-bank-3-when-accessed-with-legacy-msrs.patch kvm-arm-arm64-fix-locking-for-kvm_free_stage2_pgd.patch +arm64-avoid-returning-from-bad_mode.patch +clk-at91-usb-fix-determine_rate-prototype-again.patch +gadgetfs-fix-uninitialized-variable-in-error-handling.patch +dm-bufio-hide-bogus-warning.patch +arm-psci-fix-header-file.patch