From: Greg Kroah-Hartman Date: Fri, 23 Oct 2015 14:20:58 +0000 (-0700) Subject: 4.1-stable patches X-Git-Tag: v3.14.56~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=61415a5f3a00abc550d249475a853c7dd4faf5fa;p=thirdparty%2Fkernel%2Fstable-queue.git 4.1-stable patches added patches: arm64-errata-use-kbuild_cflags_module-for-erratum-843419.patch btrfs-check-unsupported-filters-in-balance-arguments.patch btrfs-fix-use-after-free-iterating-extrefs.patch crypto-ahash-ensure-statesize-is-non-zero.patch crypto-sparc-initialize-blkcipher.ivsize.patch drm-fix-locking-for-sysfs-dpms-file.patch memcg-convert-threshold-to-bytes.patch nfsd-blocklayout-accept-any-minlength.patch --- diff --git a/queue-4.1/arm64-errata-use-kbuild_cflags_module-for-erratum-843419.patch b/queue-4.1/arm64-errata-use-kbuild_cflags_module-for-erratum-843419.patch new file mode 100644 index 00000000000..b25ef08a833 --- /dev/null +++ b/queue-4.1/arm64-errata-use-kbuild_cflags_module-for-erratum-843419.patch @@ -0,0 +1,39 @@ +From b6dd8e0719c0d2d01429639a11b7bc2677de240c Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Thu, 8 Oct 2015 11:11:17 +0100 +Subject: arm64: errata: use KBUILD_CFLAGS_MODULE for erratum #843419 + +From: Will Deacon + +commit b6dd8e0719c0d2d01429639a11b7bc2677de240c upstream. + +Commit df057cc7b4fa ("arm64: errata: add module build workaround for +erratum #843419") sets CFLAGS_MODULE to ensure that the large memory +model is used by the compiler when building kernel modules. + +However, CFLAGS_MODULE is an environment variable and intended to be +overridden on the command line, which appears to be the case with the +Ubuntu kernel packaging system, so use KBUILD_CFLAGS_MODULE instead. + +Cc: Ard Biesheuvel +Fixes: df057cc7b4fa ("arm64: errata: add module build workaround for erratum #843419") +Reported-by: Dann Frazier +Tested-by: Dann Frazier +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/Makefile ++++ b/arch/arm64/Makefile +@@ -31,7 +31,7 @@ endif + CHECKFLAGS += -D__aarch64__ + + ifeq ($(CONFIG_ARM64_ERRATUM_843419), y) +-CFLAGS_MODULE += -mcmodel=large ++KBUILD_CFLAGS_MODULE += -mcmodel=large + endif + + # Default value diff --git a/queue-4.1/btrfs-check-unsupported-filters-in-balance-arguments.patch b/queue-4.1/btrfs-check-unsupported-filters-in-balance-arguments.patch new file mode 100644 index 00000000000..36bcf455486 --- /dev/null +++ b/queue-4.1/btrfs-check-unsupported-filters-in-balance-arguments.patch @@ -0,0 +1,57 @@ +From 8eb934591f8bf584969454a658f629cd06e59f3a Mon Sep 17 00:00:00 2001 +From: David Sterba +Date: Mon, 12 Oct 2015 16:55:54 +0200 +Subject: btrfs: check unsupported filters in balance arguments + +From: David Sterba + +commit 8eb934591f8bf584969454a658f629cd06e59f3a upstream. + +We don't verify that all the balance filter arguments supplemented by +the flags are actually known to the kernel. Thus we let it silently pass +and do nothing. + +At the moment this means only the 'limit' filter, but we're going to add +a few more soon so it's better to have that fixed. Also in older stable +kernels so that it works with newer userspace tools. + +Signed-off-by: David Sterba +Signed-off-by: Chris Mason +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/ioctl.c | 5 +++++ + fs/btrfs/volumes.h | 8 ++++++++ + 2 files changed, 13 insertions(+) + +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -4492,6 +4492,11 @@ locked: + bctl->flags |= BTRFS_BALANCE_TYPE_MASK; + } + ++ if (bctl->flags & ~(BTRFS_BALANCE_ARGS_MASK | BTRFS_BALANCE_TYPE_MASK)) { ++ ret = -EINVAL; ++ goto out_bargs; ++ } ++ + do_balance: + /* + * Ownership of bctl and mutually_exclusive_operation_running +--- a/fs/btrfs/volumes.h ++++ b/fs/btrfs/volumes.h +@@ -372,6 +372,14 @@ struct map_lookup { + #define BTRFS_BALANCE_ARGS_VRANGE (1ULL << 4) + #define BTRFS_BALANCE_ARGS_LIMIT (1ULL << 5) + ++#define BTRFS_BALANCE_ARGS_MASK \ ++ (BTRFS_BALANCE_ARGS_PROFILES | \ ++ BTRFS_BALANCE_ARGS_USAGE | \ ++ BTRFS_BALANCE_ARGS_DEVID | \ ++ BTRFS_BALANCE_ARGS_DRANGE | \ ++ BTRFS_BALANCE_ARGS_VRANGE | \ ++ BTRFS_BALANCE_ARGS_LIMIT) ++ + /* + * Profile changing flags. When SOFT is set we won't relocate chunk if + * it already has the target profile (even though it may be diff --git a/queue-4.1/btrfs-fix-use-after-free-iterating-extrefs.patch b/queue-4.1/btrfs-fix-use-after-free-iterating-extrefs.patch new file mode 100644 index 00000000000..c08d82bdc47 --- /dev/null +++ b/queue-4.1/btrfs-fix-use-after-free-iterating-extrefs.patch @@ -0,0 +1,61 @@ +From dc6c5fb3b514221f2e9d21ee626a9d95d3418dff Mon Sep 17 00:00:00 2001 +From: Chris Mason +Date: Tue, 13 Oct 2015 14:06:48 -0400 +Subject: btrfs: fix use after free iterating extrefs + +From: Chris Mason + +commit dc6c5fb3b514221f2e9d21ee626a9d95d3418dff upstream. + +The code for btrfs inode-resolve has never worked properly for +files with enough hard links to trigger extrefs. It was trying to +get the leaf out of a path after freeing the path: + + btrfs_release_path(path); + leaf = path->nodes[0]; + item_size = btrfs_item_size_nr(leaf, slot); + +The fix here is to use the extent buffer we cloned just a little higher +up to avoid deadlocks caused by using the leaf in the path. + +Signed-off-by: Chris Mason +cc: Mark Fasheh +Reviewed-by: Filipe Manana +Reviewed-by: Mark Fasheh +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/backref.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +--- a/fs/btrfs/backref.c ++++ b/fs/btrfs/backref.c +@@ -1786,7 +1786,6 @@ static int iterate_inode_extrefs(u64 inu + int found = 0; + struct extent_buffer *eb; + struct btrfs_inode_extref *extref; +- struct extent_buffer *leaf; + u32 item_size; + u32 cur_offset; + unsigned long ptr; +@@ -1814,9 +1813,8 @@ static int iterate_inode_extrefs(u64 inu + btrfs_set_lock_blocking_rw(eb, BTRFS_READ_LOCK); + btrfs_release_path(path); + +- leaf = path->nodes[0]; +- item_size = btrfs_item_size_nr(leaf, slot); +- ptr = btrfs_item_ptr_offset(leaf, slot); ++ item_size = btrfs_item_size_nr(eb, slot); ++ ptr = btrfs_item_ptr_offset(eb, slot); + cur_offset = 0; + + while (cur_offset < item_size) { +@@ -1830,7 +1828,7 @@ static int iterate_inode_extrefs(u64 inu + if (ret) + break; + +- cur_offset += btrfs_inode_extref_name_len(leaf, extref); ++ cur_offset += btrfs_inode_extref_name_len(eb, extref); + cur_offset += sizeof(*extref); + } + btrfs_tree_read_unlock_blocking(eb); diff --git a/queue-4.1/crypto-ahash-ensure-statesize-is-non-zero.patch b/queue-4.1/crypto-ahash-ensure-statesize-is-non-zero.patch new file mode 100644 index 00000000000..a869f8d8f83 --- /dev/null +++ b/queue-4.1/crypto-ahash-ensure-statesize-is-non-zero.patch @@ -0,0 +1,37 @@ +From 8996eafdcbad149ac0f772fb1649fbb75c482a6a Mon Sep 17 00:00:00 2001 +From: Russell King +Date: Fri, 9 Oct 2015 20:43:33 +0100 +Subject: crypto: ahash - ensure statesize is non-zero + +From: Russell King + +commit 8996eafdcbad149ac0f772fb1649fbb75c482a6a upstream. + +Unlike shash algorithms, ahash drivers must implement export +and import as their descriptors may contain hardware state and +cannot be exported as is. Unfortunately some ahash drivers did +not provide them and end up causing crashes with algif_hash. + +This patch adds a check to prevent these drivers from registering +ahash algorithms until they are fixed. + +Signed-off-by: Russell King +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/ahash.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/crypto/ahash.c ++++ b/crypto/ahash.c +@@ -544,7 +544,8 @@ static int ahash_prepare_alg(struct ahas + struct crypto_alg *base = &alg->halg.base; + + if (alg->halg.digestsize > PAGE_SIZE / 8 || +- alg->halg.statesize > PAGE_SIZE / 8) ++ alg->halg.statesize > PAGE_SIZE / 8 || ++ alg->halg.statesize == 0) + return -EINVAL; + + base->cra_type = &crypto_ahash_type; diff --git a/queue-4.1/crypto-sparc-initialize-blkcipher.ivsize.patch b/queue-4.1/crypto-sparc-initialize-blkcipher.ivsize.patch new file mode 100644 index 00000000000..da4afaa8137 --- /dev/null +++ b/queue-4.1/crypto-sparc-initialize-blkcipher.ivsize.patch @@ -0,0 +1,68 @@ +From a66d7f724a96d6fd279bfbd2ee488def6b081bea Mon Sep 17 00:00:00 2001 +From: Dave Kleikamp +Date: Mon, 5 Oct 2015 10:08:51 -0500 +Subject: crypto: sparc - initialize blkcipher.ivsize + +From: Dave Kleikamp + +commit a66d7f724a96d6fd279bfbd2ee488def6b081bea upstream. + +Some of the crypto algorithms write to the initialization vector, +but no space has been allocated for it. This clobbers adjacent memory. + +Signed-off-by: Dave Kleikamp +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + arch/sparc/crypto/aes_glue.c | 2 ++ + arch/sparc/crypto/camellia_glue.c | 1 + + arch/sparc/crypto/des_glue.c | 2 ++ + 3 files changed, 5 insertions(+) + +--- a/arch/sparc/crypto/aes_glue.c ++++ b/arch/sparc/crypto/aes_glue.c +@@ -433,6 +433,7 @@ static struct crypto_alg algs[] = { { + .blkcipher = { + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, ++ .ivsize = AES_BLOCK_SIZE, + .setkey = aes_set_key, + .encrypt = cbc_encrypt, + .decrypt = cbc_decrypt, +@@ -452,6 +453,7 @@ static struct crypto_alg algs[] = { { + .blkcipher = { + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, ++ .ivsize = AES_BLOCK_SIZE, + .setkey = aes_set_key, + .encrypt = ctr_crypt, + .decrypt = ctr_crypt, +--- a/arch/sparc/crypto/camellia_glue.c ++++ b/arch/sparc/crypto/camellia_glue.c +@@ -274,6 +274,7 @@ static struct crypto_alg algs[] = { { + .blkcipher = { + .min_keysize = CAMELLIA_MIN_KEY_SIZE, + .max_keysize = CAMELLIA_MAX_KEY_SIZE, ++ .ivsize = CAMELLIA_BLOCK_SIZE, + .setkey = camellia_set_key, + .encrypt = cbc_encrypt, + .decrypt = cbc_decrypt, +--- a/arch/sparc/crypto/des_glue.c ++++ b/arch/sparc/crypto/des_glue.c +@@ -429,6 +429,7 @@ static struct crypto_alg algs[] = { { + .blkcipher = { + .min_keysize = DES_KEY_SIZE, + .max_keysize = DES_KEY_SIZE, ++ .ivsize = DES_BLOCK_SIZE, + .setkey = des_set_key, + .encrypt = cbc_encrypt, + .decrypt = cbc_decrypt, +@@ -485,6 +486,7 @@ static struct crypto_alg algs[] = { { + .blkcipher = { + .min_keysize = DES3_EDE_KEY_SIZE, + .max_keysize = DES3_EDE_KEY_SIZE, ++ .ivsize = DES3_EDE_BLOCK_SIZE, + .setkey = des3_ede_set_key, + .encrypt = cbc3_encrypt, + .decrypt = cbc3_decrypt, diff --git a/queue-4.1/drm-fix-locking-for-sysfs-dpms-file.patch b/queue-4.1/drm-fix-locking-for-sysfs-dpms-file.patch new file mode 100644 index 00000000000..fd96ce12730 --- /dev/null +++ b/queue-4.1/drm-fix-locking-for-sysfs-dpms-file.patch @@ -0,0 +1,72 @@ +From 621bd0f6982badd6483acb191eb7b6226a578328 Mon Sep 17 00:00:00 2001 +From: Daniel Vetter +Date: Tue, 29 Sep 2015 09:56:53 +0200 +Subject: drm: Fix locking for sysfs dpms file + +From: Daniel Vetter + +commit 621bd0f6982badd6483acb191eb7b6226a578328 upstream. + +With atomic drivers we need to make sure that (at least in general) +property reads hold the right locks. But the legacy dpms property is +special and can be read locklessly. Since userspace loves to just +randomly look at that all the time (like with "status") do that. + +To make it clear that we play tricks use the READ_ONCE compiler +barrier (and also for paranoia). + +Note that there's not really anything bad going on since even with the +new atomic paths we eventually end up not chasing any pointers (and +hence possibly freed memory and other fun stuff). The locking WARNING +has been added in + +commit 88a48e297b3a3bac6022c03babfb038f1a886cea +Author: Rob Clark +Date: Thu Dec 18 16:01:50 2014 -0500 + + drm: add atomic properties + +but since drivers are converting not everyone will have seen this from +the start. + +Jens reported this and submitted a patch to just grab the +mode_config.connection_mutex, but we can do a bit better. + +v2: Remove unused variables I failed to git add for real. + +Reference: http://mid.gmane.org/20150928194822.GA3930@kernel.dk +Reported-by: Jens Axboe +Tested-by: Jens Axboe +Cc: Rob Clark +Signed-off-by: Daniel Vetter +Signed-off-by: Dave Airlie +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/drm_sysfs.c | 12 +++--------- + 1 file changed, 3 insertions(+), 9 deletions(-) + +--- a/drivers/gpu/drm/drm_sysfs.c ++++ b/drivers/gpu/drm/drm_sysfs.c +@@ -235,18 +235,12 @@ static ssize_t dpms_show(struct device * + char *buf) + { + struct drm_connector *connector = to_drm_connector(device); +- struct drm_device *dev = connector->dev; +- uint64_t dpms_status; +- int ret; ++ int dpms; + +- ret = drm_object_property_get_value(&connector->base, +- dev->mode_config.dpms_property, +- &dpms_status); +- if (ret) +- return 0; ++ dpms = READ_ONCE(connector->dpms); + + return snprintf(buf, PAGE_SIZE, "%s\n", +- drm_get_dpms_name((int)dpms_status)); ++ drm_get_dpms_name(dpms)); + } + + static ssize_t enabled_show(struct device *device, diff --git a/queue-4.1/memcg-convert-threshold-to-bytes.patch b/queue-4.1/memcg-convert-threshold-to-bytes.patch new file mode 100644 index 00000000000..1a7f706f515 --- /dev/null +++ b/queue-4.1/memcg-convert-threshold-to-bytes.patch @@ -0,0 +1,35 @@ +From 424cdc14138088ada1b0e407a2195b2783c6e5ef Mon Sep 17 00:00:00 2001 +From: Shaohua Li +Date: Thu, 15 Oct 2015 15:28:29 -0700 +Subject: memcg: convert threshold to bytes + +From: Shaohua Li + +commit 424cdc14138088ada1b0e407a2195b2783c6e5ef upstream. + +page_counter_memparse() returns pages for the threshold, while +mem_cgroup_usage() returns bytes for memory usage. Convert the +threshold to bytes. + +Fixes: 3e32cb2e0a12b6915 ("memcg: rename cgroup_event to mem_cgroup_event"). +Signed-off-by: Shaohua Li +Cc: Johannes Weiner +Acked-by: Michal Hocko +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/memcontrol.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/mm/memcontrol.c ++++ b/mm/memcontrol.c +@@ -3677,6 +3677,7 @@ static int __mem_cgroup_usage_register_e + ret = page_counter_memparse(args, "-1", &threshold); + if (ret) + return ret; ++ threshold <<= PAGE_SHIFT; + + mutex_lock(&memcg->thresholds_lock); + diff --git a/queue-4.1/nfsd-blocklayout-accept-any-minlength.patch b/queue-4.1/nfsd-blocklayout-accept-any-minlength.patch new file mode 100644 index 00000000000..93a47304786 --- /dev/null +++ b/queue-4.1/nfsd-blocklayout-accept-any-minlength.patch @@ -0,0 +1,43 @@ +From 8c3ad9cb7343dc5f61b8cf3cdbe1016c5e7c2c8b Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Fri, 9 Oct 2015 15:03:26 +0200 +Subject: nfsd/blocklayout: accept any minlength + +From: Christoph Hellwig + +commit 8c3ad9cb7343dc5f61b8cf3cdbe1016c5e7c2c8b upstream. + +Recent Linux clients have started to send GETLAYOUT requests with +minlength less than blocksize. + +Servers aren't really allowed to impose this kind of restriction on +layouts; see RFC 5661 section 18.43.3 for details. + +This has been observed to cause indefinite hangs on fsx runs on some +clients. + +Signed-off-by: Christoph Hellwig +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/blocklayout.c | 8 -------- + 1 file changed, 8 deletions(-) + +--- a/fs/nfsd/blocklayout.c ++++ b/fs/nfsd/blocklayout.c +@@ -56,14 +56,6 @@ nfsd4_block_proc_layoutget(struct inode + u32 device_generation = 0; + int error; + +- /* +- * We do not attempt to support I/O smaller than the fs block size, +- * or not aligned to it. +- */ +- if (args->lg_minlength < block_size) { +- dprintk("pnfsd: I/O too small\n"); +- goto out_layoutunavailable; +- } + if (seg->offset & (block_size - 1)) { + dprintk("pnfsd: I/O misaligned\n"); + goto out_layoutunavailable; diff --git a/queue-4.1/series b/queue-4.1/series index 20e53540119..6c532f1e136 100644 --- a/queue-4.1/series +++ b/queue-4.1/series @@ -15,3 +15,11 @@ netlink-trim-skb-to-alloc-size-to-avoid-msg_trunc.patch af_unix-convert-the-unix_sk-macro-to-an-inline-function-for-type-safety.patch af_unix-return-data-from-multiple-skbs-on-recv-with-msg_peek-flag.patch net-unix-fix-logic-about-sk_peek_offset.patch +drm-fix-locking-for-sysfs-dpms-file.patch +crypto-sparc-initialize-blkcipher.ivsize.patch +crypto-ahash-ensure-statesize-is-non-zero.patch +memcg-convert-threshold-to-bytes.patch +btrfs-check-unsupported-filters-in-balance-arguments.patch +btrfs-fix-use-after-free-iterating-extrefs.patch +arm64-errata-use-kbuild_cflags_module-for-erratum-843419.patch +nfsd-blocklayout-accept-any-minlength.patch