From: Greg Kroah-Hartman Date: Tue, 3 Feb 2015 03:53:21 +0000 (-0800) Subject: 3.14-stable patches X-Git-Tag: v3.18.6~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4e4a4a6377c1921afcf14fb6bbe02ca63eb71454;p=thirdparty%2Fkernel%2Fstable-queue.git 3.14-stable patches added patches: pstore-clarify-clearing-of-_read_cnt-in-ramoops_context.patch pstore-fix-null-pointer-fault-if-get-null-prz-in-ramoops_get_next_prz.patch pstore-skip-zero-size-persistent-ram-buffer-in-traverse.patch --- diff --git a/queue-3.14/pstore-clarify-clearing-of-_read_cnt-in-ramoops_context.patch b/queue-3.14/pstore-clarify-clearing-of-_read_cnt-in-ramoops_context.patch new file mode 100644 index 00000000000..128bb3eb7c6 --- /dev/null +++ b/queue-3.14/pstore-clarify-clearing-of-_read_cnt-in-ramoops_context.patch @@ -0,0 +1,52 @@ +From 57fd835385a043577457a385f28c08be693991bf Mon Sep 17 00:00:00 2001 +From: Liu ShuoX +Date: Mon, 17 Mar 2014 11:24:49 +1100 +Subject: pstore: clarify clearing of _read_cnt in ramoops_context + +From: Liu ShuoX + +commit 57fd835385a043577457a385f28c08be693991bf upstream. + +*_read_cnt in ramoops_context need to be cleared during pstore ->open to +support mutli times getting the records. The patch added missed +ftrace_read_cnt clearing and removed duplicate clearing in ramoops_probe. + +Signed-off-by: Liu ShuoX +Cc: "Zhang, Yanmin" +Cc: Colin Cross +Cc: Kees Cook +Signed-off-by: Andrew Morton +Signed-off-by: Tony Luck +Cc: HuKeping +Signed-off-by: Greg Kroah-Hartman + +--- + fs/pstore/ram.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/pstore/ram.c ++++ b/fs/pstore/ram.c +@@ -92,6 +92,7 @@ struct ramoops_context { + struct persistent_ram_ecc_info ecc_info; + unsigned int max_dump_cnt; + unsigned int dump_write_cnt; ++ /* _read_cnt need clear on ramoops_pstore_open */ + unsigned int dump_read_cnt; + unsigned int console_read_cnt; + unsigned int ftrace_read_cnt; +@@ -107,6 +108,7 @@ static int ramoops_pstore_open(struct ps + + cxt->dump_read_cnt = 0; + cxt->console_read_cnt = 0; ++ cxt->ftrace_read_cnt = 0; + return 0; + } + +@@ -435,7 +437,6 @@ static int ramoops_probe(struct platform + if (pdata->ftrace_size && !is_power_of_2(pdata->ftrace_size)) + pdata->ftrace_size = rounddown_pow_of_two(pdata->ftrace_size); + +- cxt->dump_read_cnt = 0; + cxt->size = pdata->mem_size; + cxt->phys_addr = pdata->mem_address; + cxt->memtype = pdata->mem_type; diff --git a/queue-3.14/pstore-fix-null-pointer-fault-if-get-null-prz-in-ramoops_get_next_prz.patch b/queue-3.14/pstore-fix-null-pointer-fault-if-get-null-prz-in-ramoops_get_next_prz.patch new file mode 100644 index 00000000000..7eb3aa79836 --- /dev/null +++ b/queue-3.14/pstore-fix-null-pointer-fault-if-get-null-prz-in-ramoops_get_next_prz.patch @@ -0,0 +1,37 @@ +From b0aa931fb84431394d995472d0af2a6c2b61064d Mon Sep 17 00:00:00 2001 +From: Liu ShuoX +Date: Mon, 17 Mar 2014 13:57:49 -0700 +Subject: pstore: Fix NULL pointer fault if get NULL prz in ramoops_get_next_prz + +From: Liu ShuoX + +commit b0aa931fb84431394d995472d0af2a6c2b61064d upstream. + +ramoops_get_next_prz get the prz according the paramters. If it get a +uninitialized prz, access its members by following persistent_ram_old_size(prz) +will cause a NULL pointer crash. +Ex: if ftrace_size is 0, fprz will be NULL. + +Fix it by return NULL in advance. + +Signed-off-by: Liu ShuoX +Acked-by: Kees Cook +Signed-off-by: Tony Luck +Cc: HuKeping +Signed-off-by: Greg Kroah-Hartman + +--- + fs/pstore/ram.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/pstore/ram.c ++++ b/fs/pstore/ram.c +@@ -125,6 +125,8 @@ ramoops_get_next_prz(struct persistent_r + return NULL; + + prz = przs[i]; ++ if (!prz) ++ return NULL; + + /* Update old/shadowed buffer. */ + if (update) diff --git a/queue-3.14/pstore-skip-zero-size-persistent-ram-buffer-in-traverse.patch b/queue-3.14/pstore-skip-zero-size-persistent-ram-buffer-in-traverse.patch new file mode 100644 index 00000000000..6da927b20b4 --- /dev/null +++ b/queue-3.14/pstore-skip-zero-size-persistent-ram-buffer-in-traverse.patch @@ -0,0 +1,46 @@ +From aa9a4a1edfbd3d223af01db833da2f07850bc655 Mon Sep 17 00:00:00 2001 +From: Liu ShuoX +Date: Mon, 17 Mar 2014 11:24:49 +1100 +Subject: pstore: skip zero size persistent ram buffer in traverse + +From: Liu ShuoX + +commit aa9a4a1edfbd3d223af01db833da2f07850bc655 upstream. + +In ramoops_pstore_read, a valid prz pointer with zero size buffer will +break traverse of all persistent ram buffers. The latter buffer might be +lost. + +Signed-off-by: Liu ShuoX +Cc: "Zhang, Yanmin" +Cc: Colin Cross +Reviewed-by: Kees Cook +Signed-off-by: Andrew Morton +Signed-off-by: Tony Luck +Cc: HuKeping +Signed-off-by: Greg Kroah-Hartman + +--- + fs/pstore/ram.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/fs/pstore/ram.c ++++ b/fs/pstore/ram.c +@@ -126,12 +126,12 @@ ramoops_get_next_prz(struct persistent_r + + prz = przs[i]; + +- if (update) { +- /* Update old/shadowed buffer. */ ++ /* Update old/shadowed buffer. */ ++ if (update) + persistent_ram_save_old(prz); +- if (!persistent_ram_old_size(prz)) +- return NULL; +- } ++ ++ if (!persistent_ram_old_size(prz)) ++ return NULL; + + *typep = type; + *id = i; diff --git a/queue-3.14/series b/queue-3.14/series index e75576da743..01394ccd467 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -25,3 +25,6 @@ regulator-core-fix-race-condition-in-regulator_put.patch drivers-net-cpsw-discard-dual-emac-default-vlan-configuration.patch drm-i915-only-fence-tiled-region-of-object.patch arm-dma-ensure-that-old-section-mappings-are-flushed-from-the-tlb.patch +pstore-clarify-clearing-of-_read_cnt-in-ramoops_context.patch +pstore-skip-zero-size-persistent-ram-buffer-in-traverse.patch +pstore-fix-null-pointer-fault-if-get-null-prz-in-ramoops_get_next_prz.patch