From: Greg Kroah-Hartman Date: Sun, 3 Jun 2018 08:52:02 +0000 (+0200) Subject: 4.9-stable patches X-Git-Tag: v4.9.106~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5e59985c530e3137dd5bc87c9eb7fb3f8241d286;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: drm-i915-disable-lvds-on-radiant-p845.patch drm-psr-fix-missed-entry-in-psr-setup-time-table.patch hwtracing-stm-fix-build-error-on-some-arches.patch ib-core-fix-error-code-for-invalid-gid-entry.patch iio-kfifo_buf-check-for-uint-overflow.patch mips-prctl-disallow-fre-without-fr-with-pr_set_fp_mode-requests.patch mips-ptrace-fix-ptrace_peekusr-requests-for-64-bit-fgrs.patch scsi-scsi_transport_srp-fix-shost-to-rport-translation.patch sparc64-fix-build-warnings-with-gcc-7.patch stm-class-use-vmalloc-for-the-master-map.patch --- diff --git a/queue-4.9/drm-i915-disable-lvds-on-radiant-p845.patch b/queue-4.9/drm-i915-disable-lvds-on-radiant-p845.patch new file mode 100644 index 00000000000..c9a092a5f4f --- /dev/null +++ b/queue-4.9/drm-i915-disable-lvds-on-radiant-p845.patch @@ -0,0 +1,44 @@ +From b3fb22733ae61050f8d10a1d6a8af176c5c5db1a Mon Sep 17 00:00:00 2001 +From: Ondrej Zary +Date: Fri, 9 Mar 2018 23:22:04 +0100 +Subject: drm/i915: Disable LVDS on Radiant P845 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ondrej Zary + +commit b3fb22733ae61050f8d10a1d6a8af176c5c5db1a upstream. + +Radiant P845 does not have LVDS, only VGA. + +Cc: stable@vger.kernel.org +Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105468 +Signed-off-by: Ondrej Zary +Signed-off-by: Ville Syrjälä +Link: https://patchwork.freedesktop.org/patch/msgid/20180309222204.4771-1-linux@rainbow-software.org +(cherry picked from commit 7f7105f99b75aca4f8c2a748ed6b82c7f8be3293) +Signed-off-by: Joonas Lahtinen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/i915/intel_lvds.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/gpu/drm/i915/intel_lvds.c ++++ b/drivers/gpu/drm/i915/intel_lvds.c +@@ -864,6 +864,14 @@ static const struct dmi_system_id intel_ + DMI_EXACT_MATCH(DMI_BOARD_NAME, "D525MW"), + }, + }, ++ { ++ .callback = intel_no_lvds_dmi_callback, ++ .ident = "Radiant P845", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Radiant Systems Inc"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "P845"), ++ }, ++ }, + + { } /* terminating entry */ + }; diff --git a/queue-4.9/drm-psr-fix-missed-entry-in-psr-setup-time-table.patch b/queue-4.9/drm-psr-fix-missed-entry-in-psr-setup-time-table.patch new file mode 100644 index 00000000000..678957afb44 --- /dev/null +++ b/queue-4.9/drm-psr-fix-missed-entry-in-psr-setup-time-table.patch @@ -0,0 +1,45 @@ +From bdcc02cf1bb508fc700df7662f55058f651f2621 Mon Sep 17 00:00:00 2001 +From: Dhinakaran Pandiyan +Date: Fri, 11 May 2018 12:51:42 -0700 +Subject: drm/psr: Fix missed entry in PSR setup time table. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Dhinakaran Pandiyan + +commit bdcc02cf1bb508fc700df7662f55058f651f2621 upstream. + +Entry corresponding to 220 us setup time was missing. I am not aware of +any specific bug this fixes, but this could potentially result in enabling +PSR on a panel with a higher setup time requirement than supported by the +hardware. + +I verified the value is present in eDP spec versions 1.3, 1.4 and 1.4a. + +Fixes: 6608804b3d7f ("drm/dp: Add drm_dp_psr_setup_time()") +Cc: stable@vger.kernel.org +Cc: Ville Syrjälä +Cc: Jose Roberto de Souza +Cc: dri-devel@lists.freedesktop.org +Reviewed-by: José Roberto de Souza +Reviewed-by: Tarun Vyas +Signed-off-by: Dhinakaran Pandiyan +Signed-off-by: Jani Nikula +Link: https://patchwork.freedesktop.org/patch/msgid/20180511195145.3829-3-dhinakaran.pandiyan@intel.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/drm_dp_helper.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/gpu/drm/drm_dp_helper.c ++++ b/drivers/gpu/drm/drm_dp_helper.c +@@ -1065,6 +1065,7 @@ int drm_dp_psr_setup_time(const u8 psr_c + static const u16 psr_setup_time_us[] = { + PSR_SETUP_TIME(330), + PSR_SETUP_TIME(275), ++ PSR_SETUP_TIME(220), + PSR_SETUP_TIME(165), + PSR_SETUP_TIME(110), + PSR_SETUP_TIME(55), diff --git a/queue-4.9/hwtracing-stm-fix-build-error-on-some-arches.patch b/queue-4.9/hwtracing-stm-fix-build-error-on-some-arches.patch new file mode 100644 index 00000000000..0c7285617a0 --- /dev/null +++ b/queue-4.9/hwtracing-stm-fix-build-error-on-some-arches.patch @@ -0,0 +1,33 @@ +From 806e30873f0e74d9d41b0ef761bd4d3e55c7d510 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Sat, 26 May 2018 08:49:24 +0200 +Subject: hwtracing: stm: fix build error on some arches + +From: Greg Kroah-Hartman + +commit 806e30873f0e74d9d41b0ef761bd4d3e55c7d510 upstream. + +Commit b5e2ced9bf81 ("stm class: Use vmalloc for the master map") caused +a build error on some arches as vmalloc.h was not explicitly included. + +Fix that by adding it to the list of includes. + +Fixes: b5e2ced9bf81 ("stm class: Use vmalloc for the master map") +Reported-by: kbuild test robot +Cc: Alexander Shishkin +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hwtracing/stm/core.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/hwtracing/stm/core.c ++++ b/drivers/hwtracing/stm/core.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #include "stm.h" + + #include diff --git a/queue-4.9/ib-core-fix-error-code-for-invalid-gid-entry.patch b/queue-4.9/ib-core-fix-error-code-for-invalid-gid-entry.patch new file mode 100644 index 00000000000..329e8b117e0 --- /dev/null +++ b/queue-4.9/ib-core-fix-error-code-for-invalid-gid-entry.patch @@ -0,0 +1,48 @@ +From a840c93ca7582bb6c88df2345a33f979b7a67874 Mon Sep 17 00:00:00 2001 +From: Parav Pandit +Date: Sun, 27 May 2018 14:49:16 +0300 +Subject: IB/core: Fix error code for invalid GID entry + +From: Parav Pandit + +commit a840c93ca7582bb6c88df2345a33f979b7a67874 upstream. + +When a GID entry is invalid EAGAIN is returned. This is an incorrect error +code, there is nothing that will make this GID entry valid again in +bounded time. + +Some user space tools fail incorrectly if EAGAIN is returned here, and +this represents a small ABI change from earlier kernels. + +The first patch in the Fixes list makes entries that were valid before +to become invalid, allowing this code to trigger, while the second patch +in the Fixes list introduced the wrong EAGAIN. + +Therefore revert the return result to EINVAL which matches the historical +expectations of the ibv_query_gid_type() API of the libibverbs user space +library. + +Cc: +Fixes: 598ff6bae689 ("IB/core: Refactor GID modify code for RoCE") +Fixes: 03db3a2d81e6 ("IB/core: Add RoCE GID table management") +Reviewed-by: Daniel Jurgens +Signed-off-by: Parav Pandit +Signed-off-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/core/cache.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/infiniband/core/cache.c ++++ b/drivers/infiniband/core/cache.c +@@ -437,7 +437,7 @@ static int __ib_cache_gid_get(struct ib_ + return -EINVAL; + + if (table->data_vec[index].props & GID_TABLE_ENTRY_INVALID) +- return -EAGAIN; ++ return -EINVAL; + + memcpy(gid, &table->data_vec[index].gid, sizeof(*gid)); + if (attr) { diff --git a/queue-4.9/iio-kfifo_buf-check-for-uint-overflow.patch b/queue-4.9/iio-kfifo_buf-check-for-uint-overflow.patch new file mode 100644 index 00000000000..90ffadce1db --- /dev/null +++ b/queue-4.9/iio-kfifo_buf-check-for-uint-overflow.patch @@ -0,0 +1,60 @@ +From 3d13de4b027d5f6276c0f9d3a264f518747d83f2 Mon Sep 17 00:00:00 2001 +From: Martin Kelly +Date: Mon, 26 Mar 2018 14:27:52 -0700 +Subject: iio:kfifo_buf: check for uint overflow + +From: Martin Kelly + +commit 3d13de4b027d5f6276c0f9d3a264f518747d83f2 upstream. + +Currently, the following causes a kernel OOPS in memcpy: + +echo 1073741825 > buffer/length +echo 1 > buffer/enable + +Note that using 1073741824 instead of 1073741825 causes "write error: +Cannot allocate memory" but no OOPS. + +This is because 1073741824 == 2^30 and 1073741825 == 2^30+1. Since kfifo +rounds up to the nearest power of 2, it will actually call kmalloc with +roundup_pow_of_two(length) * bytes_per_datum. + +Using length == 1073741825 and bytes_per_datum == 2, we get: + +kmalloc(roundup_pow_of_two(1073741825) * 2 +or kmalloc(2147483648 * 2) +or kmalloc(4294967296) +or kmalloc(UINT_MAX + 1) + +so this overflows to 0, causing kmalloc to return ZERO_SIZE_PTR and +subsequent memcpy to fail once the device is enabled. + +Fix this by checking for overflow prior to allocating a kfifo. With this +check added, the above code returns -EINVAL when enabling the buffer, +rather than causing an OOPS. + +Signed-off-by: Martin Kelly +cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iio/buffer/kfifo_buf.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/iio/buffer/kfifo_buf.c ++++ b/drivers/iio/buffer/kfifo_buf.c +@@ -24,6 +24,13 @@ static inline int __iio_allocate_kfifo(s + if ((length == 0) || (bytes_per_datum == 0)) + return -EINVAL; + ++ /* ++ * Make sure we don't overflow an unsigned int after kfifo rounds up to ++ * the next power of 2. ++ */ ++ if (roundup_pow_of_two(length) > UINT_MAX / bytes_per_datum) ++ return -EINVAL; ++ + return __kfifo_alloc((struct __kfifo *)&buf->kf, length, + bytes_per_datum, GFP_KERNEL); + } diff --git a/queue-4.9/mips-prctl-disallow-fre-without-fr-with-pr_set_fp_mode-requests.patch b/queue-4.9/mips-prctl-disallow-fre-without-fr-with-pr_set_fp_mode-requests.patch new file mode 100644 index 00000000000..dd0f7548bee --- /dev/null +++ b/queue-4.9/mips-prctl-disallow-fre-without-fr-with-pr_set_fp_mode-requests.patch @@ -0,0 +1,59 @@ +From 28e4213dd331e944e7fca1954a946829162ed9d4 Mon Sep 17 00:00:00 2001 +From: "Maciej W. Rozycki" +Date: Tue, 15 May 2018 23:04:44 +0100 +Subject: MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests + +From: Maciej W. Rozycki + +commit 28e4213dd331e944e7fca1954a946829162ed9d4 upstream. + +Having PR_FP_MODE_FRE (i.e. Config5.FRE) set without PR_FP_MODE_FR (i.e. +Status.FR) is not supported as the lone purpose of Config5.FRE is to +emulate Status.FR=0 handling on FPU hardware that has Status.FR=1 +hardwired[1][2]. Also we do not handle this case elsewhere, and assume +throughout our code that TIF_HYBRID_FPREGS and TIF_32BIT_FPREGS cannot +be set both at once for a task, leading to inconsistent behaviour if +this does happen. + +Return unsuccessfully then from prctl(2) PR_SET_FP_MODE calls requesting +PR_FP_MODE_FRE to be set with PR_FP_MODE_FR clear. This corresponds to +modes allowed by `mips_set_personality_fp'. + +References: + +[1] "MIPS Architecture For Programmers, Vol. III: MIPS32 / microMIPS32 + Privileged Resource Architecture", Imagination Technologies, + Document Number: MD00090, Revision 6.02, July 10, 2015, Table 9.69 + "Config5 Register Field Descriptions", p. 262 + +[2] "MIPS Architecture For Programmers, Volume III: MIPS64 / microMIPS64 + Privileged Resource Architecture", Imagination Technologies, + Document Number: MD00091, Revision 6.03, December 22, 2015, Table + 9.72 "Config5 Register Field Descriptions", p. 288 + +Fixes: 9791554b45a2 ("MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS") +Signed-off-by: Maciej W. Rozycki +Cc: Ralf Baechle +Cc: linux-mips@linux-mips.org +Cc: # 4.0+ +Patchwork: https://patchwork.linux-mips.org/patch/19327/ +Signed-off-by: James Hogan +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/process.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/mips/kernel/process.c ++++ b/arch/mips/kernel/process.c +@@ -699,6 +699,10 @@ int mips_set_process_fp_mode(struct task + if (value & ~known_bits) + return -EOPNOTSUPP; + ++ /* Setting FRE without FR is not supported. */ ++ if ((value & (PR_FP_MODE_FR | PR_FP_MODE_FRE)) == PR_FP_MODE_FRE) ++ return -EOPNOTSUPP; ++ + /* Avoid inadvertently triggering emulation */ + if ((value & PR_FP_MODE_FR) && raw_cpu_has_fpu && + !(raw_current_cpu_data.fpu_id & MIPS_FPIR_F64)) diff --git a/queue-4.9/mips-ptrace-fix-ptrace_peekusr-requests-for-64-bit-fgrs.patch b/queue-4.9/mips-ptrace-fix-ptrace_peekusr-requests-for-64-bit-fgrs.patch new file mode 100644 index 00000000000..80324cccb0d --- /dev/null +++ b/queue-4.9/mips-ptrace-fix-ptrace_peekusr-requests-for-64-bit-fgrs.patch @@ -0,0 +1,53 @@ +From c7e814628df65f424fe197dde73bfc67e4a244d7 Mon Sep 17 00:00:00 2001 +From: "Maciej W. Rozycki" +Date: Wed, 16 May 2018 16:39:58 +0100 +Subject: MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs + +From: Maciej W. Rozycki + +commit c7e814628df65f424fe197dde73bfc67e4a244d7 upstream. + +Use 64-bit accesses for 64-bit floating-point general registers with +PTRACE_PEEKUSR, removing the truncation of their upper halves in the +FR=1 mode, caused by commit bbd426f542cb ("MIPS: Simplify FP context +access"), which inadvertently switched them to using 32-bit accesses. + +The PTRACE_POKEUSR side is fine as it's never been broken and continues +using 64-bit accesses. + +Fixes: bbd426f542cb ("MIPS: Simplify FP context access") +Signed-off-by: Maciej W. Rozycki +Cc: Ralf Baechle +Cc: linux-mips@linux-mips.org +Cc: # 3.15+ +Patchwork: https://patchwork.linux-mips.org/patch/19334/ +Signed-off-by: James Hogan +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/ptrace.c | 2 +- + arch/mips/kernel/ptrace32.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/mips/kernel/ptrace.c ++++ b/arch/mips/kernel/ptrace.c +@@ -838,7 +838,7 @@ long arch_ptrace(struct task_struct *chi + break; + } + #endif +- tmp = get_fpr32(&fregs[addr - FPR_BASE], 0); ++ tmp = get_fpr64(&fregs[addr - FPR_BASE], 0); + break; + case PC: + tmp = regs->cp0_epc; +--- a/arch/mips/kernel/ptrace32.c ++++ b/arch/mips/kernel/ptrace32.c +@@ -107,7 +107,7 @@ long compat_arch_ptrace(struct task_stru + addr & 1); + break; + } +- tmp = get_fpr32(&fregs[addr - FPR_BASE], 0); ++ tmp = get_fpr64(&fregs[addr - FPR_BASE], 0); + break; + case PC: + tmp = regs->cp0_epc; diff --git a/queue-4.9/scsi-scsi_transport_srp-fix-shost-to-rport-translation.patch b/queue-4.9/scsi-scsi_transport_srp-fix-shost-to-rport-translation.patch new file mode 100644 index 00000000000..8cba00a0e3a --- /dev/null +++ b/queue-4.9/scsi-scsi_transport_srp-fix-shost-to-rport-translation.patch @@ -0,0 +1,97 @@ +From c9ddf73476ff4fffb7a87bd5107a0705bf2cf64b Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Mon, 21 May 2018 11:17:29 -0700 +Subject: scsi: scsi_transport_srp: Fix shost to rport translation + +From: Bart Van Assche + +commit c9ddf73476ff4fffb7a87bd5107a0705bf2cf64b upstream. + +Since an SRP remote port is attached as a child to shost->shost_gendev +and as the only child, the translation from the shost pointer into an +rport pointer must happen by looking up the shost child that is an +rport. This patch fixes the following KASAN complaint: + +BUG: KASAN: slab-out-of-bounds in srp_timed_out+0x57/0x110 [scsi_transport_srp] +Read of size 4 at addr ffff880035d3fcc0 by task kworker/1:0H/19 + +CPU: 1 PID: 19 Comm: kworker/1:0H Not tainted 4.16.0-rc3-dbg+ #1 +Workqueue: kblockd blk_mq_timeout_work +Call Trace: +dump_stack+0x85/0xc7 +print_address_description+0x65/0x270 +kasan_report+0x231/0x350 +srp_timed_out+0x57/0x110 [scsi_transport_srp] +scsi_times_out+0xc7/0x3f0 [scsi_mod] +blk_mq_terminate_expired+0xc2/0x140 +bt_iter+0xbc/0xd0 +blk_mq_queue_tag_busy_iter+0x1c7/0x350 +blk_mq_timeout_work+0x325/0x3f0 +process_one_work+0x441/0xa50 +worker_thread+0x76/0x6c0 +kthread+0x1b2/0x1d0 +ret_from_fork+0x24/0x30 + +Fixes: e68ca75200fe ("scsi_transport_srp: Reduce failover time") +Signed-off-by: Bart Van Assche +Cc: Hannes Reinecke +Cc: Johannes Thumshirn +Cc: Jason Gunthorpe +Cc: Doug Ledford +Cc: Laurence Oberman +Cc: stable@vger.kernel.org +Reviewed-by: Johannes Thumshirn +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/scsi_transport_srp.c | 22 ++++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/scsi_transport_srp.c ++++ b/drivers/scsi/scsi_transport_srp.c +@@ -52,6 +52,8 @@ struct srp_internal { + struct transport_container rport_attr_cont; + }; + ++static int scsi_is_srp_rport(const struct device *dev); ++ + #define to_srp_internal(tmpl) container_of(tmpl, struct srp_internal, t) + + #define dev_to_rport(d) container_of(d, struct srp_rport, dev) +@@ -61,9 +63,24 @@ static inline struct Scsi_Host *rport_to + return dev_to_shost(r->dev.parent); + } + ++static int find_child_rport(struct device *dev, void *data) ++{ ++ struct device **child = data; ++ ++ if (scsi_is_srp_rport(dev)) { ++ WARN_ON_ONCE(*child); ++ *child = dev; ++ } ++ return 0; ++} ++ + static inline struct srp_rport *shost_to_rport(struct Scsi_Host *shost) + { +- return transport_class_to_srp_rport(&shost->shost_gendev); ++ struct device *child = NULL; ++ ++ WARN_ON_ONCE(device_for_each_child(&shost->shost_gendev, &child, ++ find_child_rport) < 0); ++ return child ? dev_to_rport(child) : NULL; + } + + /** +@@ -637,7 +654,8 @@ static enum blk_eh_timer_return srp_time + struct srp_rport *rport = shost_to_rport(shost); + + pr_debug("timeout for sdev %s\n", dev_name(&sdev->sdev_gendev)); +- return rport->fast_io_fail_tmo < 0 && rport->dev_loss_tmo < 0 && ++ return rport && rport->fast_io_fail_tmo < 0 && ++ rport->dev_loss_tmo < 0 && + i->f->reset_timer_if_blocked && scsi_device_blocked(sdev) ? + BLK_EH_RESET_TIMER : BLK_EH_NOT_HANDLED; + } diff --git a/queue-4.9/series b/queue-4.9/series index 171e1828400..51eb2887f62 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -47,3 +47,13 @@ powerpc-pseries-restore-default-security-feature-flags-on-setup.patch powerpc-64s-fix-section-mismatch-warnings-from-setup_rfi_flush.patch powerpc-64s-add-support-for-a-store-forwarding-barrier-at-kernel-entry-exit.patch net-mlx4_en-fix-potential-use-after-free-with-dma_unmap_page.patch +iio-kfifo_buf-check-for-uint-overflow.patch +mips-ptrace-fix-ptrace_peekusr-requests-for-64-bit-fgrs.patch +mips-prctl-disallow-fre-without-fr-with-pr_set_fp_mode-requests.patch +scsi-scsi_transport_srp-fix-shost-to-rport-translation.patch +stm-class-use-vmalloc-for-the-master-map.patch +hwtracing-stm-fix-build-error-on-some-arches.patch +ib-core-fix-error-code-for-invalid-gid-entry.patch +drm-psr-fix-missed-entry-in-psr-setup-time-table.patch +drm-i915-disable-lvds-on-radiant-p845.patch +sparc64-fix-build-warnings-with-gcc-7.patch diff --git a/queue-4.9/sparc64-fix-build-warnings-with-gcc-7.patch b/queue-4.9/sparc64-fix-build-warnings-with-gcc-7.patch new file mode 100644 index 00000000000..bb0c62b03f9 --- /dev/null +++ b/queue-4.9/sparc64-fix-build-warnings-with-gcc-7.patch @@ -0,0 +1,36 @@ +From 0fde7ad71ee371ede73b3f326e58f9e8d102feb6 Mon Sep 17 00:00:00 2001 +From: "David S. Miller" +Date: Thu, 1 Jun 2017 09:42:46 -0700 +Subject: sparc64: Fix build warnings with gcc 7. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: David S. Miller + +commit 0fde7ad71ee371ede73b3f326e58f9e8d102feb6 upstream. + +arch/sparc/kernel/ds.c: In function ‘register_services’: +arch/sparc/kernel/ds.c:912:3: error: ‘strcpy’: writing at least 1 byte +into a region of size 0 overflows the destination + +Reported-by: Anatoly Pugachev +Signed-off-by: David S. Miller +Cc: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + arch/sparc/kernel/ds.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/sparc/kernel/ds.c ++++ b/arch/sparc/kernel/ds.c +@@ -908,7 +908,7 @@ static int register_services(struct ds_i + pbuf.req.handle = cp->handle; + pbuf.req.major = 1; + pbuf.req.minor = 0; +- strcpy(pbuf.req.svc_id, cp->service_id); ++ strcpy(pbuf.id_buf, cp->service_id); + + err = __ds_send(lp, &pbuf, msg_len); + if (err > 0) diff --git a/queue-4.9/stm-class-use-vmalloc-for-the-master-map.patch b/queue-4.9/stm-class-use-vmalloc-for-the-master-map.patch new file mode 100644 index 00000000000..f5a506e868c --- /dev/null +++ b/queue-4.9/stm-class-use-vmalloc-for-the-master-map.patch @@ -0,0 +1,62 @@ +From b5e2ced9bf81393034072dd4d372f6b430bc1f0a Mon Sep 17 00:00:00 2001 +From: Alexander Shishkin +Date: Thu, 24 May 2018 11:27:26 +0300 +Subject: stm class: Use vmalloc for the master map + +From: Alexander Shishkin + +commit b5e2ced9bf81393034072dd4d372f6b430bc1f0a upstream. + +Fengguang is running into a warning from the buddy allocator: + +> swapper/0: page allocation failure: order:9, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) +> CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.17.0-rc1 #262 +> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 +> Call Trace: +... +> __kmalloc+0x14b/0x180: ____cache_alloc at mm/slab.c:3127 +> stm_register_device+0xf3/0x5c0: stm_register_device at drivers/hwtracing/stm/core.c:695 +... + +Which is basically a result of the stm class trying to allocate ~512kB +for the dummy_stm with its default parameters. There's no reason, however, +for it not to be vmalloc()ed instead, which is what this patch does. + +Reported-by: Fengguang Wu +Signed-off-by: Alexander Shishkin +CC: stable@vger.kernel.org # v4.4+ +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hwtracing/stm/core.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/hwtracing/stm/core.c ++++ b/drivers/hwtracing/stm/core.c +@@ -682,7 +682,7 @@ static void stm_device_release(struct de + { + struct stm_device *stm = to_stm_device(dev); + +- kfree(stm); ++ vfree(stm); + } + + int stm_register_device(struct device *parent, struct stm_data *stm_data, +@@ -699,7 +699,7 @@ int stm_register_device(struct device *p + return -EINVAL; + + nmasters = stm_data->sw_end - stm_data->sw_start + 1; +- stm = kzalloc(sizeof(*stm) + nmasters * sizeof(void *), GFP_KERNEL); ++ stm = vzalloc(sizeof(*stm) + nmasters * sizeof(void *)); + if (!stm) + return -ENOMEM; + +@@ -752,7 +752,7 @@ err_device: + /* matches device_initialize() above */ + put_device(&stm->dev); + err_free: +- kfree(stm); ++ vfree(stm); + + return err; + }