From: Greg Kroah-Hartman Date: Wed, 9 Aug 2017 20:20:44 +0000 (-0700) Subject: 3.18-stable patches X-Git-Tag: v4.12.6~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=754a38f4733c1ee5e4642566382b99015c8e6576;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: arm-8632-1-ftrace-fix-syscall-name-matching.patch ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch lib-kconfig.debug-fix-frv-build-failure.patch mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch sh_eth-r8a7740-supports-packet-shecksumming.patch signal-protect-signal_unkillable-from-unintentional-clearing.patch tg3-fix-race-condition-in-tg3_get_stats64.patch x86-boot-add-missing-declaration-of-string-functions.patch --- diff --git a/queue-3.18/arm-8632-1-ftrace-fix-syscall-name-matching.patch b/queue-3.18/arm-8632-1-ftrace-fix-syscall-name-matching.patch new file mode 100644 index 00000000000..36ed49ecb8d --- /dev/null +++ b/queue-3.18/arm-8632-1-ftrace-fix-syscall-name-matching.patch @@ -0,0 +1,52 @@ +From foo@baz Wed Aug 9 12:42:27 PDT 2017 +From: Rabin Vincent +Date: Wed, 23 Nov 2016 13:02:32 +0100 +Subject: ARM: 8632/1: ftrace: fix syscall name matching + +From: Rabin Vincent + + +[ Upstream commit 270c8cf1cacc69cb8d99dea812f06067a45e4609 ] + +ARM has a few system calls (most notably mmap) for which the names of +the functions which are referenced in the syscall table do not match the +names of the syscall tracepoints. As a consequence of this, these +tracepoints are not made available. Implement +arch_syscall_match_sym_name to fix this and allow tracing even these +system calls. + +Signed-off-by: Rabin Vincent +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/include/asm/ftrace.h | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +--- a/arch/arm/include/asm/ftrace.h ++++ b/arch/arm/include/asm/ftrace.h +@@ -54,6 +54,24 @@ static inline void *return_address(unsig + + #define ftrace_return_address(n) return_address(n) + ++#define ARCH_HAS_SYSCALL_MATCH_SYM_NAME ++ ++static inline bool arch_syscall_match_sym_name(const char *sym, ++ const char *name) ++{ ++ if (!strcmp(sym, "sys_mmap2")) ++ sym = "sys_mmap_pgoff"; ++ else if (!strcmp(sym, "sys_statfs64_wrapper")) ++ sym = "sys_statfs64"; ++ else if (!strcmp(sym, "sys_fstatfs64_wrapper")) ++ sym = "sys_fstatfs64"; ++ else if (!strcmp(sym, "sys_arm_fadvise64_64")) ++ sym = "sys_fadvise64_64"; ++ ++ /* Ignore case since sym may start with "SyS" instead of "sys" */ ++ return !strcasecmp(sym, name); ++} ++ + #endif /* ifndef __ASSEMBLY__ */ + + #endif /* _ASM_ARM_FTRACE */ diff --git a/queue-3.18/ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch b/queue-3.18/ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch new file mode 100644 index 00000000000..158ac701fba --- /dev/null +++ b/queue-3.18/ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch @@ -0,0 +1,43 @@ +From foo@baz Wed Aug 9 12:42:27 PDT 2017 +From: zheng li +Date: Mon, 12 Dec 2016 09:56:05 +0800 +Subject: ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output + +From: zheng li + + +[ Upstream commit 0a28cfd51e17f4f0a056bcf66bfbe492c3b99f38 ] + +There is an inconsistent conditional judgement in __ip_append_data and +ip_finish_output functions, the variable length in __ip_append_data just +include the length of application's payload and udp header, don't include +the length of ip header, but in ip_finish_output use +(skb->len > ip_skb_dst_mtu(skb)) as judgement, and skb->len include the +length of ip header. + +That causes some particular application's udp payload whose length is +between (MTU - IP Header) and MTU were fragmented by ip_fragment even +though the rst->dev support UFO feature. + +Add the length of ip header to length in __ip_append_data to keep +consistent conditional judgement as ip_finish_output for ip fragment. + +Signed-off-by: Zheng Li +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/ip_output.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -888,7 +888,7 @@ static int __ip_append_data(struct sock + csummode = CHECKSUM_PARTIAL; + + cork->length += length; +- if (((length > mtu) || (skb && skb_is_gso(skb))) && ++ if ((((length + fragheaderlen) > mtu) || (skb && skb_is_gso(skb))) && + (sk->sk_protocol == IPPROTO_UDP) && + (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len && + (sk->sk_type == SOCK_DGRAM)) { diff --git a/queue-3.18/lib-kconfig.debug-fix-frv-build-failure.patch b/queue-3.18/lib-kconfig.debug-fix-frv-build-failure.patch new file mode 100644 index 00000000000..c7648e3c081 --- /dev/null +++ b/queue-3.18/lib-kconfig.debug-fix-frv-build-failure.patch @@ -0,0 +1,54 @@ +From foo@baz Wed Aug 9 12:42:27 PDT 2017 +From: Sudip Mukherjee +Date: Tue, 10 Jan 2017 16:57:45 -0800 +Subject: lib/Kconfig.debug: fix frv build failure + +From: Sudip Mukherjee + + +[ Upstream commit da0510c47519fe0999cffe316e1d370e29f952be ] + +The build of frv allmodconfig was failing with the errors like: + + /tmp/cc0JSPc3.s: Assembler messages: + /tmp/cc0JSPc3.s:1839: Error: symbol `.LSLT0' is already defined + /tmp/cc0JSPc3.s:1842: Error: symbol `.LASLTP0' is already defined + /tmp/cc0JSPc3.s:1969: Error: symbol `.LELTP0' is already defined + /tmp/cc0JSPc3.s:1970: Error: symbol `.LELT0' is already defined + +Commit 866ced950bcd ("kbuild: Support split debug info v4") introduced +splitting the debug info and keeping that in a separate file. Somehow, +the frv-linux gcc did not like that and I am guessing that instead of +splitting it started copying. The first report about this is at: + + https://lists.01.org/pipermail/kbuild-all/2015-July/010527.html. + +I will try and see if this can work with frv and if still fails I will +open a bug report with gcc. But meanwhile this is the easiest option to +solve build failure of frv. + +Fixes: 866ced950bcd ("kbuild: Support split debug info v4") +Link: http://lkml.kernel.org/r/1482062348-5352-1-git-send-email-sudipm.mukherjee@gmail.com +Signed-off-by: Sudip Mukherjee +Reported-by: Fengguang Wu +Cc: Andi Kleen +Cc: David Howells +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + lib/Kconfig.debug | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -145,7 +145,7 @@ config DEBUG_INFO_REDUCED + + config DEBUG_INFO_SPLIT + bool "Produce split debuginfo in .dwo files" +- depends on DEBUG_INFO ++ depends on DEBUG_INFO && !FRV + help + Generate debug info into separate .dwo files. This significantly + reduces the build directory size for builds with DEBUG_INFO, diff --git a/queue-3.18/mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch b/queue-3.18/mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch new file mode 100644 index 00000000000..e0d9fe2a327 --- /dev/null +++ b/queue-3.18/mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch @@ -0,0 +1,54 @@ +From foo@baz Wed Aug 9 12:42:27 PDT 2017 +From: Ard Biesheuvel +Date: Tue, 10 Jan 2017 16:58:00 -0800 +Subject: mm: don't dereference struct page fields of invalid pages + +From: Ard Biesheuvel + + +[ Upstream commit f073bdc51771f5a5c7a8d1191bfc3ae371d44de7 ] + +The VM_BUG_ON() check in move_freepages() checks whether the node id of +a page matches the node id of its zone. However, it does this before +having checked whether the struct page pointer refers to a valid struct +page to begin with. This is guaranteed in most cases, but may not be +the case if CONFIG_HOLES_IN_ZONE=y. + +So reorder the VM_BUG_ON() with the pfn_valid_within() check. + +Link: http://lkml.kernel.org/r/1481706707-6211-2-git-send-email-ard.biesheuvel@linaro.org +Signed-off-by: Ard Biesheuvel +Acked-by: Will Deacon +Cc: Catalin Marinas +Cc: Hanjun Guo +Cc: Yisheng Xie +Cc: Robert Richter +Cc: James Morse +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + mm/page_alloc.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -1029,14 +1029,14 @@ int move_freepages(struct zone *zone, + #endif + + for (page = start_page; page <= end_page;) { +- /* Make sure we are not inadvertently changing nodes */ +- VM_BUG_ON_PAGE(page_to_nid(page) != zone_to_nid(zone), page); +- + if (!pfn_valid_within(page_to_pfn(page))) { + page++; + continue; + } + ++ /* Make sure we are not inadvertently changing nodes */ ++ VM_BUG_ON_PAGE(page_to_nid(page) != zone_to_nid(zone), page); ++ + if (!PageBuddy(page)) { + page++; + continue; diff --git a/queue-3.18/mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch b/queue-3.18/mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch new file mode 100644 index 00000000000..98f04ea837d --- /dev/null +++ b/queue-3.18/mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch @@ -0,0 +1,79 @@ +From foo@baz Wed Aug 9 12:42:27 PDT 2017 +From: Michal Hocko +Date: Tue, 10 Jan 2017 16:57:27 -0800 +Subject: mm, slab: make sure that KMALLOC_MAX_SIZE will fit into MAX_ORDER + +From: Michal Hocko + + +[ Upstream commit bb1107f7c6052c863692a41f78c000db792334bf ] + +Andrey Konovalov has reported the following warning triggered by the +syzkaller fuzzer. + + WARNING: CPU: 1 PID: 9935 at mm/page_alloc.c:3511 __alloc_pages_nodemask+0x159c/0x1e20 + Kernel panic - not syncing: panic_on_warn set ... + CPU: 1 PID: 9935 Comm: syz-executor0 Not tainted 4.9.0-rc7+ #34 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 + Call Trace: + __alloc_pages_slowpath mm/page_alloc.c:3511 + __alloc_pages_nodemask+0x159c/0x1e20 mm/page_alloc.c:3781 + alloc_pages_current+0x1c7/0x6b0 mm/mempolicy.c:2072 + alloc_pages include/linux/gfp.h:469 + kmalloc_order+0x1f/0x70 mm/slab_common.c:1015 + kmalloc_order_trace+0x1f/0x160 mm/slab_common.c:1026 + kmalloc_large include/linux/slab.h:422 + __kmalloc+0x210/0x2d0 mm/slub.c:3723 + kmalloc include/linux/slab.h:495 + ep_write_iter+0x167/0xb50 drivers/usb/gadget/legacy/inode.c:664 + new_sync_write fs/read_write.c:499 + __vfs_write+0x483/0x760 fs/read_write.c:512 + vfs_write+0x170/0x4e0 fs/read_write.c:560 + SYSC_write fs/read_write.c:607 + SyS_write+0xfb/0x230 fs/read_write.c:599 + entry_SYSCALL_64_fastpath+0x1f/0xc2 + +The issue is caused by a lack of size check for the request size in +ep_write_iter which should be fixed. It, however, points to another +problem, that SLUB defines KMALLOC_MAX_SIZE too large because the its +KMALLOC_SHIFT_MAX is (MAX_ORDER + PAGE_SHIFT) which means that the +resulting page allocator request might be MAX_ORDER which is too large +(see __alloc_pages_slowpath). + +The same applies to the SLOB allocator which allows even larger sizes. +Make sure that they are capped properly and never request more than +MAX_ORDER order. + +Link: http://lkml.kernel.org/r/20161220130659.16461-2-mhocko@kernel.org +Signed-off-by: Michal Hocko +Reported-by: Andrey Konovalov +Acked-by: Christoph Lameter +Cc: Alexei Starovoitov +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/slab.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/include/linux/slab.h ++++ b/include/linux/slab.h +@@ -186,7 +186,7 @@ size_t ksize(const void *); + * (PAGE_SIZE*2). Larger requests are passed to the page allocator. + */ + #define KMALLOC_SHIFT_HIGH (PAGE_SHIFT + 1) +-#define KMALLOC_SHIFT_MAX (MAX_ORDER + PAGE_SHIFT) ++#define KMALLOC_SHIFT_MAX (MAX_ORDER + PAGE_SHIFT - 1) + #ifndef KMALLOC_SHIFT_LOW + #define KMALLOC_SHIFT_LOW 3 + #endif +@@ -199,7 +199,7 @@ size_t ksize(const void *); + * be allocated from the same page. + */ + #define KMALLOC_SHIFT_HIGH PAGE_SHIFT +-#define KMALLOC_SHIFT_MAX 30 ++#define KMALLOC_SHIFT_MAX (MAX_ORDER + PAGE_SHIFT - 1) + #ifndef KMALLOC_SHIFT_LOW + #define KMALLOC_SHIFT_LOW 3 + #endif diff --git a/queue-3.18/scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch b/queue-3.18/scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch new file mode 100644 index 00000000000..cda88952f22 --- /dev/null +++ b/queue-3.18/scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch @@ -0,0 +1,104 @@ +From foo@baz Wed Aug 9 12:42:27 PDT 2017 +From: "Milan P. Gandhi" +Date: Sat, 24 Dec 2016 22:02:46 +0530 +Subject: scsi: qla2xxx: Get mutex lock before checking optrom_state + +From: "Milan P. Gandhi" + + +[ Upstream commit c7702b8c22712a06080e10f1d2dee1a133ec8809 ] + +There is a race condition with qla2xxx optrom functions where one thread +might modify optrom buffer, optrom_state while other thread is still +reading from it. + +In couple of crashes, it was found that we had successfully passed the +following 'if' check where we confirm optrom_state to be +QLA_SREADING. But by the time we acquired mutex lock to proceed with +memory_read_from_buffer function, some other thread/process had already +modified that option rom buffer and optrom_state from QLA_SREADING to +QLA_SWAITING. Then we got ha->optrom_buffer 0x0 and crashed the system: + + if (ha->optrom_state != QLA_SREADING) + return 0; + + mutex_lock(&ha->optrom_mutex); + rval = memory_read_from_buffer(buf, count, &off, ha->optrom_buffer, + ha->optrom_region_size); + mutex_unlock(&ha->optrom_mutex); + +With current optrom function we get following crash due to a race +condition: + +[ 1479.466679] BUG: unable to handle kernel NULL pointer dereference at (null) +[ 1479.466707] IP: [] memcpy+0x6/0x110 +[...] +[ 1479.473673] Call Trace: +[ 1479.474296] [] ? memory_read_from_buffer+0x3c/0x60 +[ 1479.474941] [] qla2x00_sysfs_read_optrom+0x9c/0xc0 [qla2xxx] +[ 1479.475571] [] read+0xdb/0x1f0 +[ 1479.476206] [] vfs_read+0x9e/0x170 +[ 1479.476839] [] SyS_read+0x7f/0xe0 +[ 1479.477466] [] system_call_fastpath+0x16/0x1b + +Below patch modifies qla2x00_sysfs_read_optrom, +qla2x00_sysfs_write_optrom functions to get the mutex_lock before +checking ha->optrom_state to avoid similar crashes. + +The patch was applied and tested and same crashes were no longer +observed again. + +Tested-by: Milan P. Gandhi +Signed-off-by: Milan P. Gandhi +Reviewed-by: Laurence Oberman +Acked-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_attr.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_attr.c ++++ b/drivers/scsi/qla2xxx/qla_attr.c +@@ -329,12 +329,15 @@ qla2x00_sysfs_read_optrom(struct file *f + struct qla_hw_data *ha = vha->hw; + ssize_t rval = 0; + ++ mutex_lock(&ha->optrom_mutex); ++ + if (ha->optrom_state != QLA_SREADING) +- return 0; ++ goto out; + +- mutex_lock(&ha->optrom_mutex); + rval = memory_read_from_buffer(buf, count, &off, ha->optrom_buffer, + ha->optrom_region_size); ++ ++out: + mutex_unlock(&ha->optrom_mutex); + + return rval; +@@ -349,14 +352,19 @@ qla2x00_sysfs_write_optrom(struct file * + struct device, kobj))); + struct qla_hw_data *ha = vha->hw; + +- if (ha->optrom_state != QLA_SWRITING) ++ mutex_lock(&ha->optrom_mutex); ++ ++ if (ha->optrom_state != QLA_SWRITING) { ++ mutex_unlock(&ha->optrom_mutex); + return -EINVAL; +- if (off > ha->optrom_region_size) ++ } ++ if (off > ha->optrom_region_size) { ++ mutex_unlock(&ha->optrom_mutex); + return -ERANGE; ++ } + if (off + count > ha->optrom_region_size) + count = ha->optrom_region_size - off; + +- mutex_lock(&ha->optrom_mutex); + memcpy(&ha->optrom_buffer[off], buf, count); + mutex_unlock(&ha->optrom_mutex); + diff --git a/queue-3.18/series b/queue-3.18/series index f6870d45c4e..127ce60e2d2 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -80,3 +80,13 @@ sctp-fix-the-check-for-_sctp_walk_params-and-_sctp_walk_errors.patch net-phy-correctly-process-phy_halted-in-phy_stop_machine.patch xen-netback-correctly-schedule-rate-limited-queues.patch wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch +sh_eth-r8a7740-supports-packet-shecksumming.patch +tg3-fix-race-condition-in-tg3_get_stats64.patch +x86-boot-add-missing-declaration-of-string-functions.patch +scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch +arm-8632-1-ftrace-fix-syscall-name-matching.patch +mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch +lib-kconfig.debug-fix-frv-build-failure.patch +signal-protect-signal_unkillable-from-unintentional-clearing.patch +mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch +ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch diff --git a/queue-3.18/sh_eth-r8a7740-supports-packet-shecksumming.patch b/queue-3.18/sh_eth-r8a7740-supports-packet-shecksumming.patch new file mode 100644 index 00000000000..0965b000d7f --- /dev/null +++ b/queue-3.18/sh_eth-r8a7740-supports-packet-shecksumming.patch @@ -0,0 +1,33 @@ +From foo@baz Wed Aug 9 12:42:27 PDT 2017 +From: Sergei Shtylyov +Date: Thu, 5 Jan 2017 00:29:32 +0300 +Subject: sh_eth: R8A7740 supports packet shecksumming + +From: Sergei Shtylyov + + +[ Upstream commit 0f1f9cbc04dbb3cc310f70a11cba0cf1f2109d9c ] + +The R8A7740 GEther controller supports the packet checksum offloading +but the 'hw_crc' (bad name, I'll fix it) flag isn't set in the R8A7740 +data, thus CSMR isn't cleared... + +Fixes: 73a0d907301e ("net: sh_eth: add support R8A7740") +Signed-off-by: Sergei Shtylyov +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/renesas/sh_eth.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/ethernet/renesas/sh_eth.c ++++ b/drivers/net/ethernet/renesas/sh_eth.c +@@ -781,6 +781,7 @@ static struct sh_eth_cpu_data r8a7740_da + .rpadir_value = 2 << 16, + .no_trimd = 1, + .no_ade = 1, ++ .hw_crc = 1, + .tsu = 1, + .select_mii = 1, + .shift_rd0 = 1, diff --git a/queue-3.18/signal-protect-signal_unkillable-from-unintentional-clearing.patch b/queue-3.18/signal-protect-signal_unkillable-from-unintentional-clearing.patch new file mode 100644 index 00000000000..67ae07982c2 --- /dev/null +++ b/queue-3.18/signal-protect-signal_unkillable-from-unintentional-clearing.patch @@ -0,0 +1,84 @@ +From foo@baz Wed Aug 9 12:42:27 PDT 2017 +From: Jamie Iles +Date: Tue, 10 Jan 2017 16:57:54 -0800 +Subject: signal: protect SIGNAL_UNKILLABLE from unintentional clearing. + +From: Jamie Iles + + +[ Upstream commit 2d39b3cd34e6d323720d4c61bd714f5ae202c022 ] + +Since commit 00cd5c37afd5 ("ptrace: permit ptracing of /sbin/init") we +can now trace init processes. init is initially protected with +SIGNAL_UNKILLABLE which will prevent fatal signals such as SIGSTOP, but +there are a number of paths during tracing where SIGNAL_UNKILLABLE can +be implicitly cleared. + +This can result in init becoming stoppable/killable after tracing. For +example, running: + + while true; do kill -STOP 1; done & + strace -p 1 + +and then stopping strace and the kill loop will result in init being +left in state TASK_STOPPED. Sending SIGCONT to init will resume it, but +init will now respond to future SIGSTOP signals rather than ignoring +them. + +Make sure that when setting SIGNAL_STOP_CONTINUED/SIGNAL_STOP_STOPPED +that we don't clear SIGNAL_UNKILLABLE. + +Link: http://lkml.kernel.org/r/20170104122017.25047-1-jamie.iles@oracle.com +Signed-off-by: Jamie Iles +Acked-by: Oleg Nesterov +Cc: Alexander Viro +Cc: Ingo Molnar +Cc: Peter Zijlstra +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/sched.h | 10 ++++++++++ + kernel/signal.c | 4 ++-- + 2 files changed, 12 insertions(+), 2 deletions(-) + +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -729,6 +729,16 @@ struct signal_struct { + + #define SIGNAL_UNKILLABLE 0x00000040 /* for init: ignore fatal signals */ + ++#define SIGNAL_STOP_MASK (SIGNAL_CLD_MASK | SIGNAL_STOP_STOPPED | \ ++ SIGNAL_STOP_CONTINUED) ++ ++static inline void signal_set_stop_flags(struct signal_struct *sig, ++ unsigned int flags) ++{ ++ WARN_ON(sig->flags & (SIGNAL_GROUP_EXIT|SIGNAL_GROUP_COREDUMP)); ++ sig->flags = (sig->flags & ~SIGNAL_STOP_MASK) | flags; ++} ++ + /* If true, all threads except ->group_exit_task have pending SIGKILL */ + static inline int signal_group_exit(const struct signal_struct *sig) + { +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -346,7 +346,7 @@ static bool task_participate_group_stop( + * fresh group stop. Read comment in do_signal_stop() for details. + */ + if (!sig->group_stop_count && !(sig->flags & SIGNAL_STOP_STOPPED)) { +- sig->flags = SIGNAL_STOP_STOPPED; ++ signal_set_stop_flags(sig, SIGNAL_STOP_STOPPED); + return true; + } + return false; +@@ -896,7 +896,7 @@ static bool prepare_signal(int sig, stru + * will take ->siglock, notice SIGNAL_CLD_MASK, and + * notify its parent. See get_signal_to_deliver(). + */ +- signal->flags = why | SIGNAL_STOP_CONTINUED; ++ signal_set_stop_flags(signal, why | SIGNAL_STOP_CONTINUED); + signal->group_stop_count = 0; + signal->group_exit_code = 0; + } diff --git a/queue-3.18/tg3-fix-race-condition-in-tg3_get_stats64.patch b/queue-3.18/tg3-fix-race-condition-in-tg3_get_stats64.patch new file mode 100644 index 00000000000..11f0f60654f --- /dev/null +++ b/queue-3.18/tg3-fix-race-condition-in-tg3_get_stats64.patch @@ -0,0 +1,42 @@ +From foo@baz Wed Aug 9 12:42:27 PDT 2017 +From: Michael Chan +Date: Fri, 6 Jan 2017 16:18:53 -0500 +Subject: tg3: Fix race condition in tg3_get_stats64(). + +From: Michael Chan + + +[ Upstream commit f5992b72ebe0dde488fa8f706b887194020c66fc ] + +The driver's ndo_get_stats64() method is not always called under RTNL. +So it can race with driver close or ethtool reconfigurations. Fix the +race condition by taking tp->lock spinlock in tg3_free_consistent() +when freeing the tp->hw_stats memory block. tg3_get_stats64() is +already taking tp->lock. + +Reported-by: Wang Yufen +Signed-off-by: Michael Chan +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/broadcom/tg3.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/ethernet/broadcom/tg3.c ++++ b/drivers/net/ethernet/broadcom/tg3.c +@@ -8705,11 +8705,14 @@ static void tg3_free_consistent(struct t + tg3_mem_rx_release(tp); + tg3_mem_tx_release(tp); + ++ /* Protect tg3_get_stats64() from reading freed tp->hw_stats. */ ++ tg3_full_lock(tp, 0); + if (tp->hw_stats) { + dma_free_coherent(&tp->pdev->dev, sizeof(struct tg3_hw_stats), + tp->hw_stats, tp->stats_mapping); + tp->hw_stats = NULL; + } ++ tg3_full_unlock(tp); + } + + /* diff --git a/queue-3.18/x86-boot-add-missing-declaration-of-string-functions.patch b/queue-3.18/x86-boot-add-missing-declaration-of-string-functions.patch new file mode 100644 index 00000000000..5a3a236bc3a --- /dev/null +++ b/queue-3.18/x86-boot-add-missing-declaration-of-string-functions.patch @@ -0,0 +1,50 @@ +From foo@baz Wed Aug 9 12:42:27 PDT 2017 +From: Nicholas Mc Guire +Date: Sat, 7 Jan 2017 10:38:31 +0100 +Subject: x86/boot: Add missing declaration of string functions + +From: Nicholas Mc Guire + + +[ Upstream commit fac69d0efad08fc15e4dbfc116830782acc0dc9a ] + +Add the missing declarations of basic string functions to string.h to allow +a clean build. + +Fixes: 5be865661516 ("String-handling functions for the new x86 setup code.") +Signed-off-by: Nicholas Mc Guire +Link: http://lkml.kernel.org/r/1483781911-21399-1-git-send-email-hofrat@osadl.org +Signed-off-by: Thomas Gleixner +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/boot/string.c | 1 + + arch/x86/boot/string.h | 9 +++++++++ + 2 files changed, 10 insertions(+) + +--- a/arch/x86/boot/string.c ++++ b/arch/x86/boot/string.c +@@ -14,6 +14,7 @@ + + #include + #include "ctype.h" ++#include "string.h" + + int memcmp(const void *s1, const void *s2, size_t len) + { +--- a/arch/x86/boot/string.h ++++ b/arch/x86/boot/string.h +@@ -18,4 +18,13 @@ int memcmp(const void *s1, const void *s + #define memset(d,c,l) __builtin_memset(d,c,l) + #define memcmp __builtin_memcmp + ++extern int strcmp(const char *str1, const char *str2); ++extern int strncmp(const char *cs, const char *ct, size_t count); ++extern size_t strlen(const char *s); ++extern char *strstr(const char *s1, const char *s2); ++extern size_t strnlen(const char *s, size_t maxlen); ++extern unsigned int atou(const char *s); ++extern unsigned long long simple_strtoull(const char *cp, char **endp, ++ unsigned int base); ++ + #endif /* BOOT_STRING_H */