From: Greg Kroah-Hartman Date: Tue, 7 Aug 2018 13:13:06 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v4.17.14~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=92ed12a499941b55446e691fef44db862f7d4dd6;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: genirq-make-force-irq-threading-setup-more-robust.patch netlink-do-not-subscribe-to-non-existent-groups.patch netlink-don-t-shift-on-64-for-ngroups.patch netlink-don-t-shift-with-ub-on-nlk-ngroups.patch nohz-fix-local_timer_softirq_pending.patch scsi-qla2xxx-fix-isp-recovery-on-unload.patch scsi-qla2xxx-return-error-when-tmf-returns.patch --- diff --git a/queue-4.4/genirq-make-force-irq-threading-setup-more-robust.patch b/queue-4.4/genirq-make-force-irq-threading-setup-more-robust.patch new file mode 100644 index 00000000000..3c8915f0b64 --- /dev/null +++ b/queue-4.4/genirq-make-force-irq-threading-setup-more-robust.patch @@ -0,0 +1,65 @@ +From d1f0301b3333eef5efbfa1fe0f0edbea01863d5d Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Fri, 3 Aug 2018 14:44:59 +0200 +Subject: genirq: Make force irq threading setup more robust + +From: Thomas Gleixner + +commit d1f0301b3333eef5efbfa1fe0f0edbea01863d5d upstream. + +The support of force threading interrupts which are set up with both a +primary and a threaded handler wreckaged the setup of regular requested +threaded interrupts (primary handler == NULL). + +The reason is that it does not check whether the primary handler is set to +the default handler which wakes the handler thread. Instead it replaces the +thread handler with the primary handler as it would do with force threaded +interrupts which have been requested via request_irq(). So both the primary +and the thread handler become the same which then triggers the warnon that +the thread handler tries to wakeup a not configured secondary thread. + +Fortunately this only happens when the driver omits the IRQF_ONESHOT flag +when requesting the threaded interrupt, which is normaly caught by the +sanity checks when force irq threading is disabled. + +Fix it by skipping the force threading setup when a regular threaded +interrupt is requested. As a consequence the interrupt request which lacks +the IRQ_ONESHOT flag is rejected correctly instead of silently wreckaging +it. + +Fixes: 2a1d3ab8986d ("genirq: Handle force threading of irqs with primary and thread handler") +Reported-by: Kurt Kanzenbach +Signed-off-by: Thomas Gleixner +Tested-by: Kurt Kanzenbach +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/irq/manage.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/kernel/irq/manage.c ++++ b/kernel/irq/manage.c +@@ -1012,6 +1012,13 @@ static int irq_setup_forced_threading(st + if (new->flags & (IRQF_NO_THREAD | IRQF_PERCPU | IRQF_ONESHOT)) + return 0; + ++ /* ++ * No further action required for interrupts which are requested as ++ * threaded interrupts already ++ */ ++ if (new->handler == irq_default_primary_handler) ++ return 0; ++ + new->flags |= IRQF_ONESHOT; + + /* +@@ -1019,7 +1026,7 @@ static int irq_setup_forced_threading(st + * thread handler. We force thread them as well by creating a + * secondary action. + */ +- if (new->handler != irq_default_primary_handler && new->thread_fn) { ++ if (new->handler && new->thread_fn) { + /* Allocate the secondary action */ + new->secondary = kzalloc(sizeof(struct irqaction), GFP_KERNEL); + if (!new->secondary) diff --git a/queue-4.4/netlink-do-not-subscribe-to-non-existent-groups.patch b/queue-4.4/netlink-do-not-subscribe-to-non-existent-groups.patch new file mode 100644 index 00000000000..d5f499fe9c1 --- /dev/null +++ b/queue-4.4/netlink-do-not-subscribe-to-non-existent-groups.patch @@ -0,0 +1,35 @@ +From foo@baz Fri Aug 3 21:25:07 CEST 2018 +From: Dmitry Safonov +Date: Fri, 27 Jul 2018 16:54:44 +0100 +Subject: netlink: Do not subscribe to non-existent groups + +From: Dmitry Safonov + +[ Upstream commit 7acf9d4237c46894e0fa0492dd96314a41742e84 ] + +Make ABI more strict about subscribing to group > ngroups. +Code doesn't check for that and it looks bogus. +(one can subscribe to non-existing group) +Still, it's possible to bind() to all possible groups with (-1) + +Cc: "David S. Miller" +Cc: Herbert Xu +Cc: Steffen Klassert +Cc: netdev@vger.kernel.org +Signed-off-by: Dmitry Safonov +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/netlink/af_netlink.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -985,6 +985,7 @@ static int netlink_bind(struct socket *s + if (err) + return err; + } ++ groups &= (1UL << nlk->ngroups) - 1; + + bound = nlk->bound; + if (bound) { diff --git a/queue-4.4/netlink-don-t-shift-on-64-for-ngroups.patch b/queue-4.4/netlink-don-t-shift-on-64-for-ngroups.patch new file mode 100644 index 00000000000..a1bb70b2f02 --- /dev/null +++ b/queue-4.4/netlink-don-t-shift-on-64-for-ngroups.patch @@ -0,0 +1,46 @@ +From 91874ecf32e41b5d86a4cb9d60e0bee50d828058 Mon Sep 17 00:00:00 2001 +From: Dmitry Safonov +Date: Sun, 5 Aug 2018 01:35:53 +0100 +Subject: netlink: Don't shift on 64 for ngroups + +From: Dmitry Safonov + +commit 91874ecf32e41b5d86a4cb9d60e0bee50d828058 upstream. + +It's legal to have 64 groups for netlink_sock. + +As user-supplied nladdr->nl_groups is __u32, it's possible to subscribe +only to first 32 groups. + +The check for correctness of .bind() userspace supplied parameter +is done by applying mask made from ngroups shift. Which broke Android +as they have 64 groups and the shift for mask resulted in an overflow. + +Fixes: 61f4b23769f0 ("netlink: Don't shift with UB on nlk->ngroups") +Cc: "David S. Miller" +Cc: Herbert Xu +Cc: Steffen Klassert +Cc: netdev@vger.kernel.org +Cc: stable@vger.kernel.org +Reported-and-Tested-by: Nathan Chancellor +Signed-off-by: Dmitry Safonov +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/netlink/af_netlink.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -988,8 +988,8 @@ static int netlink_bind(struct socket *s + + if (nlk->ngroups == 0) + groups = 0; +- else +- groups &= (1ULL << nlk->ngroups) - 1; ++ else if (nlk->ngroups < 8*sizeof(groups)) ++ groups &= (1UL << nlk->ngroups) - 1; + + bound = nlk->bound; + if (bound) { diff --git a/queue-4.4/netlink-don-t-shift-with-ub-on-nlk-ngroups.patch b/queue-4.4/netlink-don-t-shift-with-ub-on-nlk-ngroups.patch new file mode 100644 index 00000000000..fe7d50cd54d --- /dev/null +++ b/queue-4.4/netlink-don-t-shift-with-ub-on-nlk-ngroups.patch @@ -0,0 +1,37 @@ +From foo@baz Fri Aug 3 21:25:07 CEST 2018 +From: Dmitry Safonov +Date: Mon, 30 Jul 2018 18:32:36 +0100 +Subject: netlink: Don't shift with UB on nlk->ngroups + +From: Dmitry Safonov + +[ Upstream commit 61f4b23769f0cc72ae62c9a81cf08f0397d40da8 ] + +On i386 nlk->ngroups might be 32 or 0. Which leads to UB, resulting in +hang during boot. +Check for 0 ngroups and use (unsigned long long) as a type to shift. + +Fixes: 7acf9d4237c4 ("netlink: Do not subscribe to non-existent groups"). +Reported-by: kernel test robot +Signed-off-by: Dmitry Safonov +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/netlink/af_netlink.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -985,7 +985,11 @@ static int netlink_bind(struct socket *s + if (err) + return err; + } +- groups &= (1UL << nlk->ngroups) - 1; ++ ++ if (nlk->ngroups == 0) ++ groups = 0; ++ else ++ groups &= (1ULL << nlk->ngroups) - 1; + + bound = nlk->bound; + if (bound) { diff --git a/queue-4.4/nohz-fix-local_timer_softirq_pending.patch b/queue-4.4/nohz-fix-local_timer_softirq_pending.patch new file mode 100644 index 00000000000..519cd61965c --- /dev/null +++ b/queue-4.4/nohz-fix-local_timer_softirq_pending.patch @@ -0,0 +1,44 @@ +From 80d20d35af1edd632a5e7a3b9c0ab7ceff92769e Mon Sep 17 00:00:00 2001 +From: Anna-Maria Gleixner +Date: Tue, 31 Jul 2018 18:13:58 +0200 +Subject: nohz: Fix local_timer_softirq_pending() + +From: Anna-Maria Gleixner + +commit 80d20d35af1edd632a5e7a3b9c0ab7ceff92769e upstream. + +local_timer_softirq_pending() checks whether the timer softirq is +pending with: local_softirq_pending() & TIMER_SOFTIRQ. + +This is wrong because TIMER_SOFTIRQ is the softirq number and not a +bitmask. So the test checks for the wrong bit. + +Use BIT(TIMER_SOFTIRQ) instead. + +Fixes: 5d62c183f9e9 ("nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()") +Signed-off-by: Anna-Maria Gleixner +Signed-off-by: Thomas Gleixner +Reviewed-by: Paul E. McKenney +Reviewed-by: Daniel Bristot de Oliveira +Acked-by: Frederic Weisbecker +Cc: bigeasy@linutronix.de +Cc: peterz@infradead.org +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20180731161358.29472-1-anna-maria@linutronix.de +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/time/tick-sched.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/time/tick-sched.c ++++ b/kernel/time/tick-sched.c +@@ -570,7 +570,7 @@ static void tick_nohz_restart(struct tic + + static inline bool local_timer_softirq_pending(void) + { +- return local_softirq_pending() & TIMER_SOFTIRQ; ++ return local_softirq_pending() & BIT(TIMER_SOFTIRQ); + } + + static ktime_t tick_nohz_stop_sched_tick(struct tick_sched *ts, diff --git a/queue-4.4/scsi-qla2xxx-fix-isp-recovery-on-unload.patch b/queue-4.4/scsi-qla2xxx-fix-isp-recovery-on-unload.patch new file mode 100644 index 00000000000..7f43aa33198 --- /dev/null +++ b/queue-4.4/scsi-qla2xxx-fix-isp-recovery-on-unload.patch @@ -0,0 +1,38 @@ +From b08abbd9f5996309f021684f9ca74da30dcca36a Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Wed, 18 Jul 2018 14:29:54 -0700 +Subject: scsi: qla2xxx: Fix ISP recovery on unload + +From: Quinn Tran + +commit b08abbd9f5996309f021684f9ca74da30dcca36a upstream. + +During unload process, the chip can encounter problem where a FW dump would +be captured. For this case, the full reset sequence will be skip to bring +the chip back to full operational state. + +Fixes: e315cd28b9ef ("[SCSI] qla2xxx: Code changes for qla data structure refactoring") +Cc: +Signed-off-by: Quinn Tran +Signed-off-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/qla2xxx/qla_os.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -4938,8 +4938,9 @@ qla2x00_do_dpc(void *data) + } + } + +- if (test_and_clear_bit(ISP_ABORT_NEEDED, +- &base_vha->dpc_flags)) { ++ if (test_and_clear_bit ++ (ISP_ABORT_NEEDED, &base_vha->dpc_flags) && ++ !test_bit(UNLOADING, &base_vha->dpc_flags)) { + + ql_dbg(ql_dbg_dpc, base_vha, 0x4007, + "ISP abort scheduled.\n"); diff --git a/queue-4.4/scsi-qla2xxx-return-error-when-tmf-returns.patch b/queue-4.4/scsi-qla2xxx-return-error-when-tmf-returns.patch new file mode 100644 index 00000000000..280a60e1951 --- /dev/null +++ b/queue-4.4/scsi-qla2xxx-return-error-when-tmf-returns.patch @@ -0,0 +1,40 @@ +From b4146c4929ef61d5afca011474d59d0918a0cd82 Mon Sep 17 00:00:00 2001 +From: Anil Gurumurthy +Date: Wed, 18 Jul 2018 14:29:55 -0700 +Subject: scsi: qla2xxx: Return error when TMF returns + +From: Anil Gurumurthy + +commit b4146c4929ef61d5afca011474d59d0918a0cd82 upstream. + +Propagate the task management completion status properly to avoid +unnecessary waits for commands to complete. + +Fixes: faef62d13463 ("[SCSI] qla2xxx: Fix Task Management command asynchronous handling") +Cc: +Signed-off-by: Anil Gurumurthy +Signed-off-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/qla2xxx/qla_init.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -325,11 +325,10 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, + + wait_for_completion(&tm_iocb->u.tmf.comp); + +- rval = tm_iocb->u.tmf.comp_status == CS_COMPLETE ? +- QLA_SUCCESS : QLA_FUNCTION_FAILED; ++ rval = tm_iocb->u.tmf.data; + +- if ((rval != QLA_SUCCESS) || tm_iocb->u.tmf.data) { +- ql_dbg(ql_dbg_taskm, vha, 0x8030, ++ if (rval != QLA_SUCCESS) { ++ ql_log(ql_log_warn, vha, 0x8030, + "TM IOCB failed (%x).\n", rval); + } +