From: Greg Kroah-Hartman Date: Thu, 25 Aug 2022 11:47:15 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v5.10.140~52 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=765ace0abb8c25dae10b3ede222dd5bb55dd368f;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch cgroup-fix-race-condition-at-rebind_subsystems.patch kernel-sys_ni-add-compat-entry-for-fadvise64_64.patch parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch parisc-make-config_64bit-available-for-arch-parisc64-only.patch --- diff --git a/queue-5.15/audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch b/queue-5.15/audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch new file mode 100644 index 00000000000..0db11315099 --- /dev/null +++ b/queue-5.15/audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch @@ -0,0 +1,37 @@ +From ad982c3be4e60c7d39c03f782733503cbd88fd2a Mon Sep 17 00:00:00 2001 +From: Gaosheng Cui +Date: Mon, 22 Aug 2022 10:29:05 +0800 +Subject: audit: fix potential double free on error path from fsnotify_add_inode_mark + +From: Gaosheng Cui + +commit ad982c3be4e60c7d39c03f782733503cbd88fd2a upstream. + +Audit_alloc_mark() assign pathname to audit_mark->path, on error path +from fsnotify_add_inode_mark(), fsnotify_put_mark will free memory +of audit_mark->path, but the caller of audit_alloc_mark will free +the pathname again, so there will be double free problem. + +Fix this by resetting audit_mark->path to NULL pointer on error path +from fsnotify_add_inode_mark(). + +Cc: stable@vger.kernel.org +Fixes: 7b1293234084d ("fsnotify: Add group pointer in fsnotify_init_mark()") +Signed-off-by: Gaosheng Cui +Reviewed-by: Jan Kara +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + kernel/audit_fsnotify.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/kernel/audit_fsnotify.c ++++ b/kernel/audit_fsnotify.c +@@ -102,6 +102,7 @@ struct audit_fsnotify_mark *audit_alloc_ + + ret = fsnotify_add_inode_mark(&audit_mark->mark, inode, true); + if (ret < 0) { ++ audit_mark->path = NULL; + fsnotify_put_mark(&audit_mark->mark); + audit_mark = ERR_PTR(ret); + } diff --git a/queue-5.15/cgroup-fix-race-condition-at-rebind_subsystems.patch b/queue-5.15/cgroup-fix-race-condition-at-rebind_subsystems.patch new file mode 100644 index 00000000000..9854169b71c --- /dev/null +++ b/queue-5.15/cgroup-fix-race-condition-at-rebind_subsystems.patch @@ -0,0 +1,44 @@ +From 763f4fb76e24959c370cdaa889b2492ba6175580 Mon Sep 17 00:00:00 2001 +From: Jing-Ting Wu +Date: Tue, 23 Aug 2022 13:41:46 +0800 +Subject: cgroup: Fix race condition at rebind_subsystems() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jing-Ting Wu + +commit 763f4fb76e24959c370cdaa889b2492ba6175580 upstream. + +Root cause: +The rebind_subsystems() is no lock held when move css object from A +list to B list,then let B's head be treated as css node at +list_for_each_entry_rcu(). + +Solution: +Add grace period before invalidating the removed rstat_css_node. + +Reported-by: Jing-Ting Wu +Suggested-by: Michal Koutný +Signed-off-by: Jing-Ting Wu +Tested-by: Jing-Ting Wu +Link: https://lore.kernel.org/linux-arm-kernel/d8f0bc5e2fb6ed259f9334c83279b4c011283c41.camel@mediatek.com/T/ +Acked-by: Mukesh Ojha +Fixes: a7df69b81aac ("cgroup: rstat: support cgroup1") +Cc: stable@vger.kernel.org # v5.13+ +Signed-off-by: Tejun Heo +Signed-off-by: Greg Kroah-Hartman +--- + kernel/cgroup/cgroup.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -1810,6 +1810,7 @@ int rebind_subsystems(struct cgroup_root + + if (ss->css_rstat_flush) { + list_del_rcu(&css->rstat_css_node); ++ synchronize_rcu(); + list_add_rcu(&css->rstat_css_node, + &dcgrp->rstat_css_list); + } diff --git a/queue-5.15/kernel-sys_ni-add-compat-entry-for-fadvise64_64.patch b/queue-5.15/kernel-sys_ni-add-compat-entry-for-fadvise64_64.patch new file mode 100644 index 00000000000..d4f3fc6376e --- /dev/null +++ b/queue-5.15/kernel-sys_ni-add-compat-entry-for-fadvise64_64.patch @@ -0,0 +1,46 @@ +From a8faed3a02eeb75857a3b5d660fa80fe79db77a3 Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Sun, 7 Aug 2022 15:09:34 -0700 +Subject: kernel/sys_ni: add compat entry for fadvise64_64 + +From: Randy Dunlap + +commit a8faed3a02eeb75857a3b5d660fa80fe79db77a3 upstream. + +When CONFIG_ADVISE_SYSCALLS is not set/enabled and CONFIG_COMPAT is +set/enabled, the riscv compat_syscall_table references +'compat_sys_fadvise64_64', which is not defined: + +riscv64-linux-ld: arch/riscv/kernel/compat_syscall_table.o:(.rodata+0x6f8): +undefined reference to `compat_sys_fadvise64_64' + +Add 'fadvise64_64' to kernel/sys_ni.c as a conditional COMPAT function so +that when CONFIG_ADVISE_SYSCALLS is not set, there is a fallback function +available. + +Link: https://lkml.kernel.org/r/20220807220934.5689-1-rdunlap@infradead.org +Fixes: d3ac21cacc24 ("mm: Support compiling out madvise and fadvise") +Signed-off-by: Randy Dunlap +Suggested-by: Arnd Bergmann +Reviewed-by: Arnd Bergmann +Cc: Josh Triplett +Cc: Paul Walmsley +Cc: Palmer Dabbelt +Cc: Albert Ou +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + kernel/sys_ni.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/kernel/sys_ni.c ++++ b/kernel/sys_ni.c +@@ -276,6 +276,7 @@ COND_SYSCALL(landlock_restrict_self); + + /* mm/fadvise.c */ + COND_SYSCALL(fadvise64_64); ++COND_SYSCALL_COMPAT(fadvise64_64); + + /* mm/, CONFIG_MMU only */ + COND_SYSCALL(swapon); diff --git a/queue-5.15/parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch b/queue-5.15/parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch new file mode 100644 index 00000000000..0be9adf7be7 --- /dev/null +++ b/queue-5.15/parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch @@ -0,0 +1,49 @@ +From 7ae1f5508d9a33fd58ed3059bd2d569961e3b8bd Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Sat, 20 Aug 2022 17:59:17 +0200 +Subject: parisc: Fix exception handler for fldw and fstw instructions + +From: Helge Deller + +commit 7ae1f5508d9a33fd58ed3059bd2d569961e3b8bd upstream. + +The exception handler is broken for unaligned memory acceses with fldw +and fstw instructions, because it trashes or uses randomly some other +floating point register than the one specified in the instruction word +on loads and stores. + +The instruction "fldw 0(addr),%fr22L" (and the other fldw/fstw +instructions) encode the target register (%fr22) in the rightmost 5 bits +of the instruction word. The 7th rightmost bit of the instruction word +defines if the left or right half of %fr22 should be used. + +While processing unaligned address accesses, the FR3() define is used to +extract the offset into the local floating-point register set. But the +calculation in FR3() was buggy, so that for example instead of %fr22, +register %fr12 [((22 * 2) & 0x1f) = 12] was used. + +This bug has been since forever in the parisc kernel and I wonder why it +wasn't detected earlier. Interestingly I noticed this bug just because +the libime debian package failed to build on *native* hardware, while it +successfully built in qemu. + +This patch corrects the bitshift and masking calculation in FR3(). + +Signed-off-by: Helge Deller +Cc: +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/kernel/unaligned.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/parisc/kernel/unaligned.c ++++ b/arch/parisc/kernel/unaligned.c +@@ -107,7 +107,7 @@ + #define R1(i) (((i)>>21)&0x1f) + #define R2(i) (((i)>>16)&0x1f) + #define R3(i) ((i)&0x1f) +-#define FR3(i) ((((i)<<1)&0x1f)|(((i)>>6)&1)) ++#define FR3(i) ((((i)&0x1f)<<1)|(((i)>>6)&1)) + #define IM(i,n) (((i)>>1&((1<<(n-1))-1))|((i)&1?((0-1L)<<(n-1)):0)) + #define IM5_2(i) IM((i)>>16,5) + #define IM5_3(i) IM((i),5) diff --git a/queue-5.15/parisc-make-config_64bit-available-for-arch-parisc64-only.patch b/queue-5.15/parisc-make-config_64bit-available-for-arch-parisc64-only.patch new file mode 100644 index 00000000000..6d32a10d046 --- /dev/null +++ b/queue-5.15/parisc-make-config_64bit-available-for-arch-parisc64-only.patch @@ -0,0 +1,89 @@ +From 3dcfb729b5f4a0c9b50742865cd5e6c4dbcc80dc Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Fri, 19 Aug 2022 19:30:50 +0200 +Subject: parisc: Make CONFIG_64BIT available for ARCH=parisc64 only + +From: Helge Deller + +commit 3dcfb729b5f4a0c9b50742865cd5e6c4dbcc80dc upstream. + +With this patch the ARCH= parameter decides if the +CONFIG_64BIT option will be set or not. This means, the +ARCH= parameter will give: + + ARCH=parisc -> 32-bit kernel + ARCH=parisc64 -> 64-bit kernel + +This simplifies the usage of the other config options like +randconfig, allmodconfig and allyesconfig a lot and produces +the output which is expected for parisc64 (64-bit) vs. parisc (32-bit). + +Suggested-by: Masahiro Yamada +Signed-off-by: Helge Deller +Tested-by: Randy Dunlap +Reviewed-by: Randy Dunlap +Cc: # 5.15+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/Kconfig | 21 ++++++--------------- + 1 file changed, 6 insertions(+), 15 deletions(-) + +--- a/arch/parisc/Kconfig ++++ b/arch/parisc/Kconfig +@@ -142,10 +142,10 @@ menu "Processor type and features" + + choice + prompt "Processor type" +- default PA7000 ++ default PA7000 if "$(ARCH)" = "parisc" + + config PA7000 +- bool "PA7000/PA7100" ++ bool "PA7000/PA7100" if "$(ARCH)" = "parisc" + help + This is the processor type of your CPU. This information is + used for optimizing purposes. In order to compile a kernel +@@ -156,21 +156,21 @@ config PA7000 + which is required on some machines. + + config PA7100LC +- bool "PA7100LC" ++ bool "PA7100LC" if "$(ARCH)" = "parisc" + help + Select this option for the PCX-L processor, as used in the + 712, 715/64, 715/80, 715/100, 715/100XC, 725/100, 743, 748, + D200, D210, D300, D310 and E-class + + config PA7200 +- bool "PA7200" ++ bool "PA7200" if "$(ARCH)" = "parisc" + help + Select this option for the PCX-T' processor, as used in the + C100, C110, J100, J110, J210XC, D250, D260, D350, D360, + K100, K200, K210, K220, K400, K410 and K420 + + config PA7300LC +- bool "PA7300LC" ++ bool "PA7300LC" if "$(ARCH)" = "parisc" + help + Select this option for the PCX-L2 processor, as used in the + 744, A180, B132L, B160L, B180L, C132L, C160L, C180L, +@@ -220,17 +220,8 @@ config MLONGCALLS + Enabling this option will probably slow down your kernel. + + config 64BIT +- bool "64-bit kernel" ++ def_bool "$(ARCH)" = "parisc64" + depends on PA8X00 +- help +- Enable this if you want to support 64bit kernel on PA-RISC platform. +- +- At the moment, only people willing to use more than 2GB of RAM, +- or having a 64bit-only capable PA-RISC machine should say Y here. +- +- Since there is no 64bit userland on PA-RISC, there is no point to +- enable this option otherwise. The 64bit kernel is significantly bigger +- and slower than the 32bit one. + + choice + prompt "Kernel page size" diff --git a/queue-5.15/series b/queue-5.15/series index 306e0015c80..0c177dacdd5 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -1,2 +1,7 @@ wifi-rtlwifi-remove-always-true-condition-pointed-out-by-gcc-12.patch eth-sun-cassini-remove-dead-code.patch +audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch +cgroup-fix-race-condition-at-rebind_subsystems.patch +parisc-make-config_64bit-available-for-arch-parisc64-only.patch +parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch +kernel-sys_ni-add-compat-entry-for-fadvise64_64.patch