From: Greg Kroah-Hartman Date: Tue, 28 Nov 2017 08:44:39 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v3.18.85~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=763299ca8ad1ec9aa08fdb6f52b2b947651bf0ef;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch net-9p-switch-to-wait_event_killable.patch pm-opp-add-missing-of_node_put-np.patch --- diff --git a/queue-4.4/fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch b/queue-4.4/fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch new file mode 100644 index 00000000000..5af8a011e68 --- /dev/null +++ b/queue-4.4/fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch @@ -0,0 +1,57 @@ +From a0b3bc855374c50b5ea85273553485af48caf2f7 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Sun, 29 Oct 2017 06:30:19 -0400 +Subject: fscrypt: lock mutex before checking for bounce page pool + +From: Eric Biggers + +commit a0b3bc855374c50b5ea85273553485af48caf2f7 upstream. + +fscrypt_initialize(), which allocates the global bounce page pool when +an encrypted file is first accessed, uses "double-checked locking" to +try to avoid locking fscrypt_init_mutex. However, it doesn't use any +memory barriers, so it's theoretically possible for a thread to observe +a bounce page pool which has not been fully initialized. This is a +classic bug with "double-checked locking". + +While "only a theoretical issue" in the latest kernel, in pre-4.8 +kernels the pointer that was checked was not even the last to be +initialized, so it was easily possible for a crash (NULL pointer +dereference) to happen. This was changed only incidentally by the large +refactor to use fs/crypto/. + +Solve both problems in a trivial way that can easily be backported: just +always take the mutex. It's theoretically less efficient, but it +shouldn't be noticeable in practice as the mutex is only acquired very +briefly once per encrypted file. + +Later I'd like to make this use a helper macro like DO_ONCE(). However, +DO_ONCE() runs in atomic context, so we'd need to add a new macro that +allows blocking. + +Signed-off-by: Eric Biggers +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + + +--- + fs/ext4/crypto_key.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +--- a/fs/ext4/crypto_key.c ++++ b/fs/ext4/crypto_key.c +@@ -129,11 +129,9 @@ int ext4_get_encryption_info(struct inod + if (ei->i_crypt_info) + return 0; + +- if (!ext4_read_workqueue) { +- res = ext4_init_crypto(); +- if (res) +- return res; +- } ++ res = ext4_init_crypto(); ++ if (res) ++ return res; + + res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, + EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, diff --git a/queue-4.4/net-9p-switch-to-wait_event_killable.patch b/queue-4.4/net-9p-switch-to-wait_event_killable.patch new file mode 100644 index 00000000000..7e37279f579 --- /dev/null +++ b/queue-4.4/net-9p-switch-to-wait_event_killable.patch @@ -0,0 +1,83 @@ +From 9523feac272ccad2ad8186ba4fcc89103754de52 Mon Sep 17 00:00:00 2001 +From: Tuomas Tynkkynen +Date: Wed, 6 Sep 2017 17:59:08 +0300 +Subject: net/9p: Switch to wait_event_killable() + +From: Tuomas Tynkkynen + +commit 9523feac272ccad2ad8186ba4fcc89103754de52 upstream. + +Because userspace gets Very Unhappy when calls like stat() and execve() +return -EINTR on 9p filesystem mounts. For instance, when bash is +looking in PATH for things to execute and some SIGCHLD interrupts +stat(), bash can throw a spurious 'command not found' since it doesn't +retry the stat(). + +In practice, hitting the problem is rare and needs a really +slow/bogged down 9p server. + +Signed-off-by: Tuomas Tynkkynen +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + + +--- + net/9p/client.c | 3 +-- + net/9p/trans_virtio.c | 13 ++++++------- + 2 files changed, 7 insertions(+), 9 deletions(-) + +--- a/net/9p/client.c ++++ b/net/9p/client.c +@@ -749,8 +749,7 @@ p9_client_rpc(struct p9_client *c, int8_ + } + again: + /* Wait for the response */ +- err = wait_event_interruptible(*req->wq, +- req->status >= REQ_STATUS_RCVD); ++ err = wait_event_killable(*req->wq, req->status >= REQ_STATUS_RCVD); + + /* + * Make sure our req is coherent with regard to updates in other +--- a/net/9p/trans_virtio.c ++++ b/net/9p/trans_virtio.c +@@ -290,8 +290,8 @@ req_retry: + if (err == -ENOSPC) { + chan->ring_bufs_avail = 0; + spin_unlock_irqrestore(&chan->lock, flags); +- err = wait_event_interruptible(*chan->vc_wq, +- chan->ring_bufs_avail); ++ err = wait_event_killable(*chan->vc_wq, ++ chan->ring_bufs_avail); + if (err == -ERESTARTSYS) + return err; + +@@ -331,7 +331,7 @@ static int p9_get_mapped_pages(struct vi + * Other zc request to finish here + */ + if (atomic_read(&vp_pinned) >= chan->p9_max_pages) { +- err = wait_event_interruptible(vp_wq, ++ err = wait_event_killable(vp_wq, + (atomic_read(&vp_pinned) < chan->p9_max_pages)); + if (err == -ERESTARTSYS) + return err; +@@ -475,8 +475,8 @@ req_retry_pinned: + if (err == -ENOSPC) { + chan->ring_bufs_avail = 0; + spin_unlock_irqrestore(&chan->lock, flags); +- err = wait_event_interruptible(*chan->vc_wq, +- chan->ring_bufs_avail); ++ err = wait_event_killable(*chan->vc_wq, ++ chan->ring_bufs_avail); + if (err == -ERESTARTSYS) + goto err_out; + +@@ -493,8 +493,7 @@ req_retry_pinned: + virtqueue_kick(chan->vq); + spin_unlock_irqrestore(&chan->lock, flags); + p9_debug(P9_DEBUG_TRANS, "virtio request kicked\n"); +- err = wait_event_interruptible(*req->wq, +- req->status >= REQ_STATUS_RCVD); ++ err = wait_event_killable(*req->wq, req->status >= REQ_STATUS_RCVD); + /* + * Non kernel buffers are pinned, unpin them + */ diff --git a/queue-4.4/pm-opp-add-missing-of_node_put-np.patch b/queue-4.4/pm-opp-add-missing-of_node_put-np.patch new file mode 100644 index 00000000000..efe614e4d43 --- /dev/null +++ b/queue-4.4/pm-opp-add-missing-of_node_put-np.patch @@ -0,0 +1,35 @@ +From 7978db344719dab1e56d05e6fc04aaaddcde0a5e Mon Sep 17 00:00:00 2001 +From: Tobias Jordan +Date: Wed, 4 Oct 2017 11:35:03 +0530 +Subject: PM / OPP: Add missing of_node_put(np) + +From: Tobias Jordan + +commit 7978db344719dab1e56d05e6fc04aaaddcde0a5e upstream. + +The for_each_available_child_of_node() loop in _of_add_opp_table_v2() +doesn't drop the reference to "np" on errors. Fix that. + +Fixes: 274659029c9d (PM / OPP: Add support to parse "operating-points-v2" bindings) +Signed-off-by: Tobias Jordan +[ VK: Improved commit log. ] +Signed-off-by: Viresh Kumar +Reviewed-by: Stephen Boyd +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/base/power/opp/core.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/base/power/opp/core.c ++++ b/drivers/base/power/opp/core.c +@@ -1205,6 +1205,7 @@ static int _of_add_opp_table_v2(struct d + if (ret) { + dev_err(dev, "%s: Failed to add OPP, %d\n", __func__, + ret); ++ of_node_put(np); + goto free_table; + } + } diff --git a/queue-4.4/series b/queue-4.4/series index c419fbce2ca..00ef5727cc2 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -64,3 +64,6 @@ media-rc-check-for-integer-overflow.patch cx231xx-cards-fix-null-deref-on-missing-association-descriptor.patch media-v4l2-ctrl-fix-flags-field-on-control-events.patch sched-rt-simplify-the-ipi-based-rt-balancing-logic.patch +fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch +net-9p-switch-to-wait_event_killable.patch +pm-opp-add-missing-of_node_put-np.patch