From: Greg Kroah-Hartman Date: Tue, 18 Apr 2017 12:49:33 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v4.4.63~40 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8ba18687032c4555a3b5c15377452397c12b40f2;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: cifs-store-results-of-cifs_reopen_file-to-avoid-infinite-wait.patch drm-nouveau-mmu-nv4a-use-nv04-mmu-rather-than-the-nv44-one.patch drm-nouveau-mpeg-mthd-returns-true-on-success-now.patch input-xpad-add-support-for-razer-wildcat-gamepad.patch perf-x86-avoid-exposing-wrong-stale-data-in-intel_pmu_lbr_read_32.patch thp-fix-madv_dontneed-vs-clear-soft-dirty-race.patch x86-vdso-ensure-vdso32_enabled-gets-set-to-valid-values-only.patch x86-vdso-plug-race-between-mapping-and-elf-header-setup.patch zram-fix-operator-precedence-to-get-offset.patch --- diff --git a/queue-4.4/cifs-store-results-of-cifs_reopen_file-to-avoid-infinite-wait.patch b/queue-4.4/cifs-store-results-of-cifs_reopen_file-to-avoid-infinite-wait.patch new file mode 100644 index 00000000000..d9857a53d60 --- /dev/null +++ b/queue-4.4/cifs-store-results-of-cifs_reopen_file-to-avoid-infinite-wait.patch @@ -0,0 +1,64 @@ +From 1fa839b4986d648b907d117275869a0e46c324b9 Mon Sep 17 00:00:00 2001 +From: Germano Percossi +Date: Fri, 7 Apr 2017 12:29:38 +0100 +Subject: CIFS: store results of cifs_reopen_file to avoid infinite wait + +From: Germano Percossi + +commit 1fa839b4986d648b907d117275869a0e46c324b9 upstream. + +This fixes Continuous Availability when errors during +file reopen are encountered. + +cifs_user_readv and cifs_user_writev would wait for ever if +results of cifs_reopen_file are not stored and for later inspection. + +In fact, results are checked and, in case of errors, a chain +of function calls leading to reads and writes to be scheduled in +a separate thread is skipped. +These threads will wake up the corresponding waiters once reads +and writes are done. + +However, given the return value is not stored, when rc is checked +for errors a previous one (always zero) is inspected instead. +This leads to pending reads/writes added to the list, making +cifs_user_readv and cifs_user_writev wait for ever. + +Signed-off-by: Germano Percossi +Reviewed-by: Pavel Shilovsky +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/file.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -2545,7 +2545,7 @@ cifs_write_from_iter(loff_t offset, size + wdata->credits = credits; + + if (!wdata->cfile->invalidHandle || +- !cifs_reopen_file(wdata->cfile, false)) ++ !(rc = cifs_reopen_file(wdata->cfile, false))) + rc = server->ops->async_writev(wdata, + cifs_uncached_writedata_release); + if (rc) { +@@ -2958,7 +2958,7 @@ cifs_send_async_read(loff_t offset, size + rdata->credits = credits; + + if (!rdata->cfile->invalidHandle || +- !cifs_reopen_file(rdata->cfile, true)) ++ !(rc = cifs_reopen_file(rdata->cfile, true))) + rc = server->ops->async_readv(rdata); + error: + if (rc) { +@@ -3544,7 +3544,7 @@ static int cifs_readpages(struct file *f + } + + if (!rdata->cfile->invalidHandle || +- !cifs_reopen_file(rdata->cfile, true)) ++ !(rc = cifs_reopen_file(rdata->cfile, true))) + rc = server->ops->async_readv(rdata); + if (rc) { + add_credits_and_wake_if(server, rdata->credits, 0); diff --git a/queue-4.4/drm-nouveau-mmu-nv4a-use-nv04-mmu-rather-than-the-nv44-one.patch b/queue-4.4/drm-nouveau-mmu-nv4a-use-nv04-mmu-rather-than-the-nv44-one.patch new file mode 100644 index 00000000000..9faabe84cf3 --- /dev/null +++ b/queue-4.4/drm-nouveau-mmu-nv4a-use-nv04-mmu-rather-than-the-nv44-one.patch @@ -0,0 +1,40 @@ +From f94773b9f5ecd1df7c88c2e921924dd41d2020cc Mon Sep 17 00:00:00 2001 +From: Ilia Mirkin +Date: Sat, 18 Mar 2017 16:23:10 -0400 +Subject: drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one + +From: Ilia Mirkin + +commit f94773b9f5ecd1df7c88c2e921924dd41d2020cc upstream. + +The NV4A (aka NV44A) is an oddity in the family. It only comes in AGP +and PCI varieties, rather than a core PCIE chip with a bridge for +AGP/PCI as necessary. As a result, it appears that the MMU is also +non-functional. For AGP cards, the vast majority of the NV4A lineup, +this worked out since we force AGP cards to use the nv04 mmu. However +for PCI variants, this did not work. + +Switching to the NV04 MMU makes it work like a charm. Thanks to mwk for +the suggestion. This should be a no-op for NV4A AGP boards, as they were +using it already. + +Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=70388 +Signed-off-by: Ilia Mirkin +Signed-off-by: Ben Skeggs +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/nouveau/nvkm/engine/device/base.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/nouveau/nvkm/engine/device/base.c ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/device/base.c +@@ -714,7 +714,7 @@ nv4a_chipset = { + .i2c = nv04_i2c_new, + .imem = nv40_instmem_new, + .mc = nv44_mc_new, +- .mmu = nv44_mmu_new, ++ .mmu = nv04_mmu_new, + .pci = nv40_pci_new, + .therm = nv40_therm_new, + .timer = nv41_timer_new, diff --git a/queue-4.4/drm-nouveau-mpeg-mthd-returns-true-on-success-now.patch b/queue-4.4/drm-nouveau-mpeg-mthd-returns-true-on-success-now.patch new file mode 100644 index 00000000000..6146be453d5 --- /dev/null +++ b/queue-4.4/drm-nouveau-mpeg-mthd-returns-true-on-success-now.patch @@ -0,0 +1,41 @@ +From 83bce9c2baa51e439480a713119a73d3c8b61083 Mon Sep 17 00:00:00 2001 +From: Ilia Mirkin +Date: Sat, 18 Mar 2017 21:53:05 -0400 +Subject: drm/nouveau/mpeg: mthd returns true on success now + +From: Ilia Mirkin + +commit 83bce9c2baa51e439480a713119a73d3c8b61083 upstream. + +Signed-off-by: Ilia Mirkin +Fixes: 590801c1a3 ("drm/nouveau/mpeg: remove dependence on namedb/engctx lookup") +Signed-off-by: Ben Skeggs +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv31.c | 2 +- + drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv44.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv31.c ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv31.c +@@ -198,7 +198,7 @@ nv31_mpeg_intr(struct nvkm_engine *engin + } + + if (type == 0x00000010) { +- if (!nv31_mpeg_mthd(mpeg, mthd, data)) ++ if (nv31_mpeg_mthd(mpeg, mthd, data)) + show &= ~0x01000000; + } + } +--- a/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv44.c ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv44.c +@@ -172,7 +172,7 @@ nv44_mpeg_intr(struct nvkm_engine *engin + } + + if (type == 0x00000010) { +- if (!nv44_mpeg_mthd(subdev->device, mthd, data)) ++ if (nv44_mpeg_mthd(subdev->device, mthd, data)) + show &= ~0x01000000; + } + } diff --git a/queue-4.4/input-xpad-add-support-for-razer-wildcat-gamepad.patch b/queue-4.4/input-xpad-add-support-for-razer-wildcat-gamepad.patch new file mode 100644 index 00000000000..0c4a06edece --- /dev/null +++ b/queue-4.4/input-xpad-add-support-for-razer-wildcat-gamepad.patch @@ -0,0 +1,35 @@ +From 5376366886251e2f8f248704adb620a4bc4c0937 Mon Sep 17 00:00:00 2001 +From: Cameron Gutman +Date: Mon, 10 Apr 2017 20:44:25 -0700 +Subject: Input: xpad - add support for Razer Wildcat gamepad + +From: Cameron Gutman + +commit 5376366886251e2f8f248704adb620a4bc4c0937 upstream. + +Signed-off-by: Cameron Gutman +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/joystick/xpad.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/input/joystick/xpad.c ++++ b/drivers/input/joystick/xpad.c +@@ -189,6 +189,7 @@ static const struct xpad_device { + { 0x1430, 0x8888, "TX6500+ Dance Pad (first generation)", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX }, + { 0x146b, 0x0601, "BigBen Interactive XBOX 360 Controller", 0, XTYPE_XBOX360 }, + { 0x1532, 0x0037, "Razer Sabertooth", 0, XTYPE_XBOX360 }, ++ { 0x1532, 0x0a03, "Razer Wildcat", 0, XTYPE_XBOXONE }, + { 0x15e4, 0x3f00, "Power A Mini Pro Elite", 0, XTYPE_XBOX360 }, + { 0x15e4, 0x3f0a, "Xbox Airflo wired controller", 0, XTYPE_XBOX360 }, + { 0x15e4, 0x3f10, "Batarang Xbox 360 controller", 0, XTYPE_XBOX360 }, +@@ -310,6 +311,7 @@ static struct usb_device_id xpad_table[] + XPAD_XBOX360_VENDOR(0x1689), /* Razer Onza */ + XPAD_XBOX360_VENDOR(0x24c6), /* PowerA Controllers */ + XPAD_XBOX360_VENDOR(0x1532), /* Razer Sabertooth */ ++ XPAD_XBOXONE_VENDOR(0x1532), /* Razer Wildcat */ + XPAD_XBOX360_VENDOR(0x15e4), /* Numark X-Box 360 controllers */ + XPAD_XBOX360_VENDOR(0x162e), /* Joytech X-Box 360 controllers */ + { } diff --git a/queue-4.4/perf-x86-avoid-exposing-wrong-stale-data-in-intel_pmu_lbr_read_32.patch b/queue-4.4/perf-x86-avoid-exposing-wrong-stale-data-in-intel_pmu_lbr_read_32.patch new file mode 100644 index 00000000000..f48a26f5e1c --- /dev/null +++ b/queue-4.4/perf-x86-avoid-exposing-wrong-stale-data-in-intel_pmu_lbr_read_32.patch @@ -0,0 +1,37 @@ +From f2200ac311302fcdca6556fd0c5127eab6c65a3e Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Tue, 11 Apr 2017 10:10:28 +0200 +Subject: perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32() + +From: Peter Zijlstra + +commit f2200ac311302fcdca6556fd0c5127eab6c65a3e upstream. + +When the perf_branch_entry::{in_tx,abort,cycles} fields were added, +intel_pmu_lbr_read_32() wasn't updated to initialize them. + +Signed-off-by: Peter Zijlstra (Intel) +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: linux-kernel@vger.kernel.org +Fixes: 135c5612c460 ("perf/x86/intel: Support Haswell/v4 LBR format") +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/perf_event_intel_lbr.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c ++++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c +@@ -410,6 +410,9 @@ static void intel_pmu_lbr_read_32(struct + cpuc->lbr_entries[i].to = msr_lastbranch.to; + cpuc->lbr_entries[i].mispred = 0; + cpuc->lbr_entries[i].predicted = 0; ++ cpuc->lbr_entries[i].in_tx = 0; ++ cpuc->lbr_entries[i].abort = 0; ++ cpuc->lbr_entries[i].cycles = 0; + cpuc->lbr_entries[i].reserved = 0; + } + cpuc->lbr_stack.nr = i; diff --git a/queue-4.4/series b/queue-4.4/series index fb7089adbbd..988ee206f89 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -1,2 +1,11 @@ cgroup-avoid-attaching-a-cgroup-root-to-two-different-superblocks.patch cgroup-kthread-close-race-window-where-new-kthreads-can-be-migrated-to-non-root-cgroups.patch +thp-fix-madv_dontneed-vs-clear-soft-dirty-race.patch +zram-fix-operator-precedence-to-get-offset.patch +drm-nouveau-mpeg-mthd-returns-true-on-success-now.patch +drm-nouveau-mmu-nv4a-use-nv04-mmu-rather-than-the-nv44-one.patch +cifs-store-results-of-cifs_reopen_file-to-avoid-infinite-wait.patch +input-xpad-add-support-for-razer-wildcat-gamepad.patch +perf-x86-avoid-exposing-wrong-stale-data-in-intel_pmu_lbr_read_32.patch +x86-vdso-ensure-vdso32_enabled-gets-set-to-valid-values-only.patch +x86-vdso-plug-race-between-mapping-and-elf-header-setup.patch diff --git a/queue-4.4/thp-fix-madv_dontneed-vs-clear-soft-dirty-race.patch b/queue-4.4/thp-fix-madv_dontneed-vs-clear-soft-dirty-race.patch new file mode 100644 index 00000000000..93d4375d8a9 --- /dev/null +++ b/queue-4.4/thp-fix-madv_dontneed-vs-clear-soft-dirty-race.patch @@ -0,0 +1,45 @@ +From 5b7abeae3af8c08c577e599dd0578b9e3ee6687b Mon Sep 17 00:00:00 2001 +From: "Kirill A. Shutemov" +Date: Thu, 13 Apr 2017 14:56:28 -0700 +Subject: thp: fix MADV_DONTNEED vs clear soft dirty race + +From: Kirill A. Shutemov + +commit 5b7abeae3af8c08c577e599dd0578b9e3ee6687b upstream. + +Yet another instance of the same race. + +Fix is identical to change_huge_pmd(). + +See "thp: fix MADV_DONTNEED vs. numa balancing race" for more details. + +Link: http://lkml.kernel.org/r/20170302151034.27829-5-kirill.shutemov@linux.intel.com +Signed-off-by: Kirill A. Shutemov +Cc: Andrea Arcangeli +Cc: Hillf Danton +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/proc/task_mmu.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/fs/proc/task_mmu.c ++++ b/fs/proc/task_mmu.c +@@ -803,7 +803,14 @@ static inline void clear_soft_dirty(stru + static inline void clear_soft_dirty_pmd(struct vm_area_struct *vma, + unsigned long addr, pmd_t *pmdp) + { +- pmd_t pmd = pmdp_huge_get_and_clear(vma->vm_mm, addr, pmdp); ++ pmd_t pmd = *pmdp; ++ ++ /* See comment in change_huge_pmd() */ ++ pmdp_invalidate(vma, addr, pmdp); ++ if (pmd_dirty(*pmdp)) ++ pmd = pmd_mkdirty(pmd); ++ if (pmd_young(*pmdp)) ++ pmd = pmd_mkyoung(pmd); + + pmd = pmd_wrprotect(pmd); + pmd = pmd_clear_soft_dirty(pmd); diff --git a/queue-4.4/x86-vdso-ensure-vdso32_enabled-gets-set-to-valid-values-only.patch b/queue-4.4/x86-vdso-ensure-vdso32_enabled-gets-set-to-valid-values-only.patch new file mode 100644 index 00000000000..503d8a88362 --- /dev/null +++ b/queue-4.4/x86-vdso-ensure-vdso32_enabled-gets-set-to-valid-values-only.patch @@ -0,0 +1,67 @@ +From c06989da39cdb10604d572c8c7ea8c8c97f3c483 Mon Sep 17 00:00:00 2001 +From: Mathias Krause +Date: Mon, 10 Apr 2017 17:14:27 +0200 +Subject: x86/vdso: Ensure vdso32_enabled gets set to valid values only + +From: Mathias Krause + +commit c06989da39cdb10604d572c8c7ea8c8c97f3c483 upstream. + +vdso_enabled can be set to arbitrary integer values via the kernel command +line 'vdso32=' parameter or via 'sysctl abi.vsyscall32'. + +load_vdso32() only maps VDSO if vdso_enabled == 1, but ARCH_DLINFO_IA32 +merily checks for vdso_enabled != 0. As a consequence the AT_SYSINFO_EHDR +auxiliary vector for the VDSO_ENTRY is emitted with a NULL pointer which +causes a segfault when the application tries to use the VDSO. + +Restrict the valid arguments on the command line and the sysctl to 0 and 1. + +Fixes: b0b49f2673f0 ("x86, vdso: Remove compat vdso support") +Signed-off-by: Mathias Krause +Acked-by: Andy Lutomirski +Cc: Peter Zijlstra +Cc: Roland McGrath +Link: http://lkml.kernel.org/r/1491424561-7187-1-git-send-email-minipli@googlemail.com +Link: http://lkml.kernel.org/r/20170410151723.518412863@linutronix.de +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/entry/vdso/vdso32-setup.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/arch/x86/entry/vdso/vdso32-setup.c ++++ b/arch/x86/entry/vdso/vdso32-setup.c +@@ -31,8 +31,10 @@ static int __init vdso32_setup(char *s) + { + vdso32_enabled = simple_strtoul(s, NULL, 0); + +- if (vdso32_enabled > 1) ++ if (vdso32_enabled > 1) { + pr_warn("vdso32 values other than 0 and 1 are no longer allowed; vdso disabled\n"); ++ vdso32_enabled = 0; ++ } + + return 1; + } +@@ -63,13 +65,18 @@ subsys_initcall(sysenter_setup); + /* Register vsyscall32 into the ABI table */ + #include + ++static const int zero; ++static const int one = 1; ++ + static struct ctl_table abi_table2[] = { + { + .procname = "vsyscall32", + .data = &vdso32_enabled, + .maxlen = sizeof(int), + .mode = 0644, +- .proc_handler = proc_dointvec ++ .proc_handler = proc_dointvec_minmax, ++ .extra1 = (int *)&zero, ++ .extra2 = (int *)&one, + }, + {} + }; diff --git a/queue-4.4/x86-vdso-plug-race-between-mapping-and-elf-header-setup.patch b/queue-4.4/x86-vdso-plug-race-between-mapping-and-elf-header-setup.patch new file mode 100644 index 00000000000..88cf88ddb72 --- /dev/null +++ b/queue-4.4/x86-vdso-plug-race-between-mapping-and-elf-header-setup.patch @@ -0,0 +1,48 @@ +From 6fdc6dd90272ce7e75d744f71535cfbd8d77da81 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Mon, 10 Apr 2017 17:14:28 +0200 +Subject: x86/vdso: Plug race between mapping and ELF header setup + +From: Thomas Gleixner + +commit 6fdc6dd90272ce7e75d744f71535cfbd8d77da81 upstream. + +The vsyscall32 sysctl can racy against a concurrent fork when it switches +from disabled to enabled: + + arch_setup_additional_pages() + if (vdso32_enabled) + --> No mapping + sysctl.vsysscall32() + --> vdso32_enabled = true + create_elf_tables() + ARCH_DLINFO_IA32 + if (vdso32_enabled) { + --> Add VDSO entry with NULL pointer + +Make ARCH_DLINFO_IA32 check whether the VDSO mapping has been set up for +the newly forked process or not. + +Signed-off-by: Thomas Gleixner +Acked-by: Andy Lutomirski +Cc: Peter Zijlstra +Cc: Mathias Krause +Link: http://lkml.kernel.org/r/20170410151723.602367196@linutronix.de +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/elf.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/include/asm/elf.h ++++ b/arch/x86/include/asm/elf.h +@@ -278,7 +278,7 @@ struct task_struct; + + #define ARCH_DLINFO_IA32 \ + do { \ +- if (vdso32_enabled) { \ ++ if (VDSO_CURRENT_BASE) { \ + NEW_AUX_ENT(AT_SYSINFO, VDSO_ENTRY); \ + NEW_AUX_ENT(AT_SYSINFO_EHDR, VDSO_CURRENT_BASE); \ + } \ diff --git a/queue-4.4/zram-fix-operator-precedence-to-get-offset.patch b/queue-4.4/zram-fix-operator-precedence-to-get-offset.patch new file mode 100644 index 00000000000..fa63eb17a66 --- /dev/null +++ b/queue-4.4/zram-fix-operator-precedence-to-get-offset.patch @@ -0,0 +1,36 @@ +From 4ca82dabc9fbf7bc5322aa54d802cb3cb7b125c5 Mon Sep 17 00:00:00 2001 +From: Minchan Kim +Date: Thu, 13 Apr 2017 14:56:35 -0700 +Subject: zram: fix operator precedence to get offset + +From: Minchan Kim + +commit 4ca82dabc9fbf7bc5322aa54d802cb3cb7b125c5 upstream. + +In zram_rw_page, the logic to get offset is wrong by operator precedence +(i.e., "<<" is higher than "&"). With wrong offset, zram can corrupt +the user's data. This patch fixes it. + +Fixes: 8c7f01025 ("zram: implement rw_page operation of zram") +Link: http://lkml.kernel.org/r/1492042622-12074-1-git-send-email-minchan@kernel.org +Signed-off-by: Minchan Kim +Cc: Sergey Senozhatsky +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/zram/zram_drv.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/block/zram/zram_drv.c ++++ b/drivers/block/zram/zram_drv.c +@@ -953,7 +953,7 @@ static int zram_rw_page(struct block_dev + } + + index = sector >> SECTORS_PER_PAGE_SHIFT; +- offset = sector & (SECTORS_PER_PAGE - 1) << SECTOR_SHIFT; ++ offset = (sector & (SECTORS_PER_PAGE - 1)) << SECTOR_SHIFT; + + bv.bv_page = page; + bv.bv_len = PAGE_SIZE;