From: Greg Kroah-Hartman Date: Thu, 21 Feb 2019 12:11:10 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v3.18.136~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=945acf8c76bf83bea12e343d06de999856d29a91;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: hwmon-lm80-fix-missing-unlock-on-error-in-set_fan_div.patch mmc-meson-gx-fix-interrupt-name.patch pci-fix-__initdata-issue-with-pci-disable_acs_redir-parameter.patch scsi-target-core-use-kmem_cache_free-instead-of-kfree.patch x86_64-increase-stack-size-for-kasan_extra.patch --- diff --git a/queue-4.19/hwmon-lm80-fix-missing-unlock-on-error-in-set_fan_div.patch b/queue-4.19/hwmon-lm80-fix-missing-unlock-on-error-in-set_fan_div.patch new file mode 100644 index 00000000000..f231c68fa89 --- /dev/null +++ b/queue-4.19/hwmon-lm80-fix-missing-unlock-on-error-in-set_fan_div.patch @@ -0,0 +1,35 @@ +From 07bd14ccc3049f9c0147a91a4227a571f981601a Mon Sep 17 00:00:00 2001 +From: Wei Yongjun +Date: Wed, 26 Dec 2018 11:28:24 +0000 +Subject: hwmon: (lm80) Fix missing unlock on error in set_fan_div() + +From: Wei Yongjun + +commit 07bd14ccc3049f9c0147a91a4227a571f981601a upstream. + +Add the missing unlock before return from function set_fan_div() +in the error handling case. + +Fixes: c9c63915519b ("hwmon: (lm80) fix a missing check of the status of SMBus read") +Signed-off-by: Wei Yongjun +Signed-off-by: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hwmon/lm80.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/hwmon/lm80.c ++++ b/drivers/hwmon/lm80.c +@@ -393,8 +393,10 @@ static ssize_t set_fan_div(struct device + } + + rv = lm80_read_value(client, LM80_REG_FANDIV); +- if (rv < 0) ++ if (rv < 0) { ++ mutex_unlock(&data->update_lock); + return rv; ++ } + reg = (rv & ~(3 << (2 * (nr + 1)))) + | (data->fan_div[nr] << (2 * (nr + 1))); + lm80_write_value(client, LM80_REG_FANDIV, reg); diff --git a/queue-4.19/mmc-meson-gx-fix-interrupt-name.patch b/queue-4.19/mmc-meson-gx-fix-interrupt-name.patch new file mode 100644 index 00000000000..55fe8dc12b2 --- /dev/null +++ b/queue-4.19/mmc-meson-gx-fix-interrupt-name.patch @@ -0,0 +1,43 @@ +From 83e418a805d880a8b18add07f94d19b2a5a80307 Mon Sep 17 00:00:00 2001 +From: Martin Blumenstingl +Date: Sat, 9 Feb 2019 01:58:50 +0100 +Subject: mmc: meson-gx: fix interrupt name + +From: Martin Blumenstingl + +commit 83e418a805d880a8b18add07f94d19b2a5a80307 upstream. + +Commit bb364890323cca ("mmc: meson-gx: Free irq in release() callback") +changed the _probe code to use request_threaded_irq() instead of +devm_request_threaded_irq(). +Unfortunately this removes a fallback for the interrupt name: +devm_request_threaded_irq() uses the device name as fallback if the +given IRQ name is NULL. request_threaded_irq() has no such fallback, +thus /proc/interrupts shows "(null)" instead. + +Explicitly pass the dev_name() so we get the IRQ name shown in +/proc/interrupts again. +While here, also fix the indentation of the request_threaded_irq() +parameter list. + +Fixes: bb364890323cca ("mmc: meson-gx: Free irq in release() callback") +Signed-off-by: Martin Blumenstingl +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/meson-gx-mmc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/mmc/host/meson-gx-mmc.c ++++ b/drivers/mmc/host/meson-gx-mmc.c +@@ -1286,7 +1286,8 @@ static int meson_mmc_probe(struct platfo + host->regs + SD_EMMC_IRQ_EN); + + ret = request_threaded_irq(host->irq, meson_mmc_irq, +- meson_mmc_irq_thread, IRQF_SHARED, NULL, host); ++ meson_mmc_irq_thread, IRQF_SHARED, ++ dev_name(&pdev->dev), host); + if (ret) + goto err_init_clk; + diff --git a/queue-4.19/pci-fix-__initdata-issue-with-pci-disable_acs_redir-parameter.patch b/queue-4.19/pci-fix-__initdata-issue-with-pci-disable_acs_redir-parameter.patch new file mode 100644 index 00000000000..27b4e108890 --- /dev/null +++ b/queue-4.19/pci-fix-__initdata-issue-with-pci-disable_acs_redir-parameter.patch @@ -0,0 +1,71 @@ +From d2fd6e81912a665993b24dcdc1c1384a42a54f7e Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe +Date: Thu, 17 Jan 2019 08:46:34 -0600 +Subject: PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter + +From: Logan Gunthorpe + +commit d2fd6e81912a665993b24dcdc1c1384a42a54f7e upstream. + +The disable_acs_redir parameter stores a pointer to the string passed to +pci_setup(). However, the string passed to PCI setup is actually a +temporary copy allocated in static __initdata memory. After init, once the +memory is freed, it is no longer valid to reference this pointer. + +This bug was noticed in v5.0-rc1 after a change in commit c5eb1190074c +("PCI / PM: Allow runtime PM without callback functions") caused +pci_disable_acs_redir() to be called during shutdown which manifested +as an unable to handle kernel paging request at: + + RIP: 0010:pci_enable_acs+0x3f/0x1e0 + Call Trace: + pci_restore_state.part.44+0x159/0x3c0 + pci_restore_standard_config+0x33/0x40 + pci_pm_runtime_resume+0x2b/0xd0 + ? pci_restore_standard_config+0x40/0x40 + __rpm_callback+0xbc/0x1b0 + rpm_callback+0x1f/0x70 + ? pci_restore_standard_config+0x40/0x40 + rpm_resume+0x4f9/0x710 + ? pci_conf1_read+0xb6/0xf0 + ? pci_conf1_write+0xb2/0xe0 + __pm_runtime_resume+0x47/0x70 + pci_device_shutdown+0x1e/0x60 + device_shutdown+0x14a/0x1f0 + kernel_restart+0xe/0x50 + __do_sys_reboot+0x1ee/0x210 + ? __fput+0x144/0x1d0 + do_writev+0x5e/0xf0 + ? do_writev+0x5e/0xf0 + do_syscall_64+0x48/0xf0 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +It was also likely possible to trigger this bug when hotplugging PCI +devices. + +To fix this, instead of storing a pointer, we use kstrdup() to copy the +disable_acs_redir_param to its own buffer which will never be freed. + +Fixes: aaca43fda742 ("PCI: Add "pci=disable_acs_redir=" parameter for peer-to-peer support") +Tested-by: Jarkko Nikula +Signed-off-by: Logan Gunthorpe +Signed-off-by: Bjorn Helgaas +Reviewed-by: Jarkko Nikula +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/pci.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/pci/pci.c ++++ b/drivers/pci/pci.c +@@ -6113,7 +6113,8 @@ static int __init pci_setup(char *str) + } else if (!strncmp(str, "pcie_scan_all", 13)) { + pci_add_flags(PCI_SCAN_ALL_PCIE_DEVS); + } else if (!strncmp(str, "disable_acs_redir=", 18)) { +- disable_acs_redir_param = str + 18; ++ disable_acs_redir_param = ++ kstrdup(str + 18, GFP_KERNEL); + } else { + printk(KERN_ERR "PCI: Unknown option `%s'\n", + str); diff --git a/queue-4.19/scsi-target-core-use-kmem_cache_free-instead-of-kfree.patch b/queue-4.19/scsi-target-core-use-kmem_cache_free-instead-of-kfree.patch new file mode 100644 index 00000000000..4efe59394b0 --- /dev/null +++ b/queue-4.19/scsi-target-core-use-kmem_cache_free-instead-of-kfree.patch @@ -0,0 +1,33 @@ +From 8b2db98e814a5ec45e8800fc22ca9000ae0a517b Mon Sep 17 00:00:00 2001 +From: Wei Yongjun +Date: Mon, 17 Dec 2018 12:19:53 +0000 +Subject: scsi: target/core: Use kmem_cache_free() instead of kfree() + +From: Wei Yongjun + +commit 8b2db98e814a5ec45e8800fc22ca9000ae0a517b upstream. + +memory allocated by kmem_cache_alloc() should be freed using +kmem_cache_free(), not kfree(). + +Fixes: ad669505c4e9 ("scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough") +Signed-off-by: Wei Yongjun +Reviewed-by: Bart Van Assche +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/target/target_core_transport.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/target/target_core_transport.c ++++ b/drivers/target/target_core_transport.c +@@ -266,7 +266,7 @@ struct se_session *transport_alloc_sessi + } + ret = transport_init_session(se_sess); + if (ret < 0) { +- kfree(se_sess); ++ kmem_cache_free(se_sess_cache, se_sess); + return ERR_PTR(ret); + } + se_sess->sup_prot_ops = sup_prot_ops; diff --git a/queue-4.19/series b/queue-4.19/series index 578b159088d..702bac08a00 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -18,3 +18,8 @@ net-add-header-for-usage-of-fls64.patch tcp-clear-icsk_backoff-in-tcp_write_queue_purge.patch tcp-tcp_v4_err-should-be-more-careful.patch net-do-not-allocate-page-fragments-that-are-not-skb-.patch +hwmon-lm80-fix-missing-unlock-on-error-in-set_fan_div.patch +scsi-target-core-use-kmem_cache_free-instead-of-kfree.patch +x86_64-increase-stack-size-for-kasan_extra.patch +mmc-meson-gx-fix-interrupt-name.patch +pci-fix-__initdata-issue-with-pci-disable_acs_redir-parameter.patch diff --git a/queue-4.19/x86_64-increase-stack-size-for-kasan_extra.patch b/queue-4.19/x86_64-increase-stack-size-for-kasan_extra.patch new file mode 100644 index 00000000000..2ec79874ce7 --- /dev/null +++ b/queue-4.19/x86_64-increase-stack-size-for-kasan_extra.patch @@ -0,0 +1,80 @@ +From a8e911d13540487942d53137c156bd7707f66e5d Mon Sep 17 00:00:00 2001 +From: Qian Cai +Date: Fri, 1 Feb 2019 14:20:20 -0800 +Subject: x86_64: increase stack size for KASAN_EXTRA + +From: Qian Cai + +commit a8e911d13540487942d53137c156bd7707f66e5d upstream. + +If the kernel is configured with KASAN_EXTRA, the stack size is +increasted significantly because this option sets "-fstack-reuse" to +"none" in GCC [1]. As a result, it triggers stack overrun quite often +with 32k stack size compiled using GCC 8. For example, this reproducer + + https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/madvise/madvise06.c + +triggers a "corrupted stack end detected inside scheduler" very reliably +with CONFIG_SCHED_STACK_END_CHECK enabled. + +There are just too many functions that could have a large stack with +KASAN_EXTRA due to large local variables that have been called over and +over again without being able to reuse the stacks. Some noticiable ones +are + + size + 7648 shrink_page_list + 3584 xfs_rmap_convert + 3312 migrate_page_move_mapping + 3312 dev_ethtool + 3200 migrate_misplaced_transhuge_page + 3168 copy_process + +There are other 49 functions are over 2k in size while compiling kernel +with "-Wframe-larger-than=" even with a related minimal config on this +machine. Hence, it is too much work to change Makefiles for each object +to compile without "-fsanitize-address-use-after-scope" individually. + +[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715#c23 + +Although there is a patch in GCC 9 to help the situation, GCC 9 probably +won't be released in a few months and then it probably take another +6-month to 1-year for all major distros to include it as a default. +Hence, the stack usage with KASAN_EXTRA can be revisited again in 2020 +when GCC 9 is everywhere. Until then, this patch will help users avoid +stack overrun. + +This has already been fixed for arm64 for the same reason via +6e8830674ea ("arm64: kasan: Increase stack size for KASAN_EXTRA"). + +Link: http://lkml.kernel.org/r/20190109215209.2903-1-cai@lca.pw +Signed-off-by: Qian Cai +Cc: Thomas Gleixner +Cc: Ingo Molnar +Cc: Borislav Petkov +Cc: "H. Peter Anvin" +Cc: Andrey Ryabinin +Cc: Alexander Potapenko +Cc: Dmitry Vyukov +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/page_64_types.h | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/x86/include/asm/page_64_types.h ++++ b/arch/x86/include/asm/page_64_types.h +@@ -7,7 +7,11 @@ + #endif + + #ifdef CONFIG_KASAN ++#ifdef CONFIG_KASAN_EXTRA ++#define KASAN_STACK_ORDER 2 ++#else + #define KASAN_STACK_ORDER 1 ++#endif + #else + #define KASAN_STACK_ORDER 0 + #endif