From: Sasha Levin Date: Wed, 1 Jan 2020 16:34:42 +0000 (-0500) Subject: fixes for 4.9 X-Git-Tag: v4.4.208~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=64bb62639b58ff641dc966417c81d2263133a9d6;p=thirdparty%2Fkernel%2Fstable-queue.git fixes for 4.9 Signed-off-by: Sasha Levin --- diff --git a/queue-4.9/alsa-hda-downgrade-error-message-for-single-cmd-fall.patch b/queue-4.9/alsa-hda-downgrade-error-message-for-single-cmd-fall.patch new file mode 100644 index 00000000000..1537ec9bf9c --- /dev/null +++ b/queue-4.9/alsa-hda-downgrade-error-message-for-single-cmd-fall.patch @@ -0,0 +1,42 @@ +From ae7174b93c175233d3f08677bea7155e79ef0e4e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 16 Dec 2019 16:12:24 +0100 +Subject: ALSA: hda - Downgrade error message for single-cmd fallback + +From: Takashi Iwai + +[ Upstream commit 475feec0c41ad71cb7d02f0310e56256606b57c5 ] + +We made the error message for the CORB/RIRB communication clearer by +upgrading to dev_WARN() so that user can notice better. But this +struck us like a boomerang: now it caught syzbot and reported back as +a fatal issue although it's not really any too serious bug that worth +for stopping the whole system. + +OK, OK, let's be softy, downgrade it to the standard dev_err() again. + +Fixes: dd65f7e19c69 ("ALSA: hda - Show the fatal CORB/RIRB error more clearly") +Reported-by: syzbot+b3028ac3933f5c466389@syzkaller.appspotmail.com +Link: https://lore.kernel.org/r/20191216151224.30013-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/pci/hda/hda_controller.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sound/pci/hda/hda_controller.c b/sound/pci/hda/hda_controller.c +index c5e82329348b..bd0e4710d15d 100644 +--- a/sound/pci/hda/hda_controller.c ++++ b/sound/pci/hda/hda_controller.c +@@ -872,7 +872,7 @@ static int azx_rirb_get_response(struct hdac_bus *bus, unsigned int addr, + return -EAGAIN; /* give a chance to retry */ + } + +- dev_WARN(chip->card->dev, ++ dev_err(chip->card->dev, + "azx_get_response timeout, switching to single_cmd mode: last cmd=0x%08x\n", + bus->last_cmd[addr]); + chip->single_cmd = 1; +-- +2.20.1 + diff --git a/queue-4.9/net-sysctl-fix-compiler-warning-when-only-cbpf-is-pr.patch b/queue-4.9/net-sysctl-fix-compiler-warning-when-only-cbpf-is-pr.patch new file mode 100644 index 00000000000..8990fc488ed --- /dev/null +++ b/queue-4.9/net-sysctl-fix-compiler-warning-when-only-cbpf-is-pr.patch @@ -0,0 +1,69 @@ +From 520b15dfa6d95f4470383bc3e9f925d48b5f61b5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 18 Dec 2019 12:18:21 +0300 +Subject: net, sysctl: Fix compiler warning when only cBPF is present +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Alexander Lobakin + +[ Upstream commit 1148f9adbe71415836a18a36c1b4ece999ab0973 ] + +proc_dointvec_minmax_bpf_restricted() has been firstly introduced +in commit 2e4a30983b0f ("bpf: restrict access to core bpf sysctls") +under CONFIG_HAVE_EBPF_JIT. Then, this ifdef has been removed in +ede95a63b5e8 ("bpf: add bpf_jit_limit knob to restrict unpriv +allocations"), because a new sysctl, bpf_jit_limit, made use of it. +Finally, this parameter has become long instead of integer with +fdadd04931c2 ("bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K") +and thus, a new proc_dolongvec_minmax_bpf_restricted() has been +added. + +With this last change, we got back to that +proc_dointvec_minmax_bpf_restricted() is used only under +CONFIG_HAVE_EBPF_JIT, but the corresponding ifdef has not been +brought back. + +So, in configurations like CONFIG_BPF_JIT=y && CONFIG_HAVE_EBPF_JIT=n +since v4.20 we have: + + CC net/core/sysctl_net_core.o +net/core/sysctl_net_core.c:292:1: warning: ‘proc_dointvec_minmax_bpf_restricted’ defined but not used [-Wunused-function] + 292 | proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Suppress this by guarding it with CONFIG_HAVE_EBPF_JIT again. + +Fixes: fdadd04931c2 ("bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K") +Signed-off-by: Alexander Lobakin +Signed-off-by: Daniel Borkmann +Link: https://lore.kernel.org/bpf/20191218091821.7080-1-alobakin@dlink.ru +Signed-off-by: Sasha Levin +--- + net/core/sysctl_net_core.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c +index a6fc82704f0c..b4318c1b5b96 100644 +--- a/net/core/sysctl_net_core.c ++++ b/net/core/sysctl_net_core.c +@@ -255,6 +255,7 @@ static int proc_dointvec_minmax_bpf_enable(struct ctl_table *table, int write, + return ret; + } + ++# ifdef CONFIG_HAVE_EBPF_JIT + static int + proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, +@@ -265,6 +266,7 @@ proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write, + + return proc_dointvec_minmax(table, write, buffer, lenp, ppos); + } ++# endif /* CONFIG_HAVE_EBPF_JIT */ + + static int + proc_dolongvec_minmax_bpf_restricted(struct ctl_table *table, int write, +-- +2.20.1 + diff --git a/queue-4.9/series b/queue-4.9/series index a0e70bd3642..58b9cc12b9b 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -149,3 +149,6 @@ libfdt-define-int32_max-and-uint32_max-in-libfdt_env.patch s390-cpum_sf-check-for-sdbt-and-sdb-consistency.patch ocfs2-fix-passing-zero-to-ptr_err-warning.patch kernel-sysctl-make-drop_caches-write-only.patch +x86-mce-fix-possibly-incorrect-severity-calculation-.patch +net-sysctl-fix-compiler-warning-when-only-cbpf-is-pr.patch +alsa-hda-downgrade-error-message-for-single-cmd-fall.patch diff --git a/queue-4.9/x86-mce-fix-possibly-incorrect-severity-calculation-.patch b/queue-4.9/x86-mce-fix-possibly-incorrect-severity-calculation-.patch new file mode 100644 index 00000000000..d5dca37e484 --- /dev/null +++ b/queue-4.9/x86-mce-fix-possibly-incorrect-severity-calculation-.patch @@ -0,0 +1,51 @@ +From b9c3d21168bc1e4046a235a4dfa83729a0caa0e9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 10 Dec 2019 01:07:30 +0100 +Subject: x86/mce: Fix possibly incorrect severity calculation on AMD +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jan H. Schönherr + +[ Upstream commit a3a57ddad061acc90bef39635caf2b2330ce8f21 ] + +The function mce_severity_amd_smca() requires m->bank to be initialized +for correct operation. Fix the one case, where mce_severity() is called +without doing so. + +Fixes: 6bda529ec42e ("x86/mce: Grade uncorrected errors for SMCA-enabled systems") +Fixes: d28af26faa0b ("x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()") +Signed-off-by: Jan H. Schönherr +Signed-off-by: Borislav Petkov +Reviewed-by: Tony Luck +Cc: "H. Peter Anvin" +Cc: Ingo Molnar +Cc: linux-edac +Cc: +Cc: Thomas Gleixner +Cc: x86-ml +Cc: Yazen Ghannam +Link: https://lkml.kernel.org/r/20191210000733.17979-4-jschoenh@amazon.de +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/cpu/mcheck/mce.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c +index d3b2c5b25c9c..07188a012492 100644 +--- a/arch/x86/kernel/cpu/mcheck/mce.c ++++ b/arch/x86/kernel/cpu/mcheck/mce.c +@@ -782,8 +782,8 @@ static int mce_no_way_out(struct mce *m, char **msg, unsigned long *validp, + if (quirk_no_way_out) + quirk_no_way_out(i, m, regs); + ++ m->bank = i; + if (mce_severity(m, mca_cfg.tolerant, &tmp, true) >= MCE_PANIC_SEVERITY) { +- m->bank = i; + mce_read_aux(m, i); + *msg = tmp; + return 1; +-- +2.20.1 +