From: Sasha Levin Date: Tue, 6 Nov 2018 06:33:25 +0000 (-0500) Subject: 4.9-stable patches X-Git-Tag: v3.18.125~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9a4a50c4a6c721fa623fdf78c8cfdaebc928daaf;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches Signed-off-by: Sasha Levin --- diff --git a/queue-4.9/ahci-don-t-ignore-result-code-of-ahci_reset_controll.patch b/queue-4.9/ahci-don-t-ignore-result-code-of-ahci_reset_controll.patch new file mode 100644 index 00000000000..47a79dabb97 --- /dev/null +++ b/queue-4.9/ahci-don-t-ignore-result-code-of-ahci_reset_controll.patch @@ -0,0 +1,73 @@ +From 79490d24f0c3e6e5f5376c888b5edae0bdb40929 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Mon, 2 Oct 2017 19:31:24 +0100 +Subject: ahci: don't ignore result code of ahci_reset_controller() + +[ Upstream commit d312fefea8387503375f728855c9a62de20c9665 ] + +ahci_pci_reset_controller() calls ahci_reset_controller(), which may +fail, but ignores the result code and always returns success. This +may result in failures like below + + ahci 0000:02:00.0: version 3.0 + ahci 0000:02:00.0: enabling device (0000 -> 0003) + ahci 0000:02:00.0: SSS flag set, parallel bus scan disabled + ahci 0000:02:00.0: controller reset failed (0xffffffff) + ahci 0000:02:00.0: failed to stop engine (-5) + ... repeated many times ... + ahci 0000:02:00.0: failed to stop engine (-5) + Unable to handle kernel paging request at virtual address ffff0000093f9018 + ... + PC is at ahci_stop_engine+0x5c/0xd8 [libahci] + LR is at ahci_deinit_port.constprop.12+0x1c/0xc0 [libahci] + ... + [] ahci_stop_engine+0x5c/0xd8 [libahci] + [] ahci_deinit_port.constprop.12+0x1c/0xc0 [libahci] + [] ahci_init_controller+0x80/0x168 [libahci] + [] ahci_pci_init_controller+0x60/0x68 [ahci] + [] ahci_init_one+0x75c/0xd88 [ahci] + [] local_pci_probe+0x3c/0xb8 + [] pci_device_probe+0x138/0x170 + [] driver_probe_device+0x2dc/0x458 + [] __driver_attach+0x114/0x118 + [] bus_for_each_dev+0x60/0xa0 + [] driver_attach+0x20/0x28 + [] bus_add_driver+0x1f0/0x2a8 + [] driver_register+0x60/0xf8 + [] __pci_register_driver+0x3c/0x48 + [] ahci_pci_driver_init+0x1c/0x1000 [ahci] + [] do_one_initcall+0x38/0x120 + +where an obvious hardware level failure results in an unnecessary 15 second +delay and a subsequent crash. + +So record the result code of ahci_reset_controller() and relay it, rather +than ignoring it. + +Signed-off-by: Ard Biesheuvel +Signed-off-by: Tejun Heo +Signed-off-by: Sasha Levin +--- + drivers/ata/ahci.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c +index faa91f8a17a5..5408a292078b 100644 +--- a/drivers/ata/ahci.c ++++ b/drivers/ata/ahci.c +@@ -624,8 +624,11 @@ static void ahci_pci_save_initial_config(struct pci_dev *pdev, + static int ahci_pci_reset_controller(struct ata_host *host) + { + struct pci_dev *pdev = to_pci_dev(host->dev); ++ int rc; + +- ahci_reset_controller(host); ++ rc = ahci_reset_controller(host); ++ if (rc) ++ return rc; + + if (pdev->vendor == PCI_VENDOR_ID_INTEL) { + struct ahci_host_priv *hpriv = host->private_data; +-- +2.17.1 + diff --git a/queue-4.9/crypto-shash-fix-a-sleep-in-atomic-bug-in-shash_setk.patch b/queue-4.9/crypto-shash-fix-a-sleep-in-atomic-bug-in-shash_setk.patch new file mode 100644 index 00000000000..0e113493735 --- /dev/null +++ b/queue-4.9/crypto-shash-fix-a-sleep-in-atomic-bug-in-shash_setk.patch @@ -0,0 +1,53 @@ +From fb22b415debfff892eeea2b035182c039892d7d5 Mon Sep 17 00:00:00 2001 +From: Jia-Ju Bai +Date: Tue, 3 Oct 2017 10:25:22 +0800 +Subject: crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned + +[ Upstream commit 9039f3ef446e9ffa200200c934f049add9e58426 ] + +The SCTP program may sleep under a spinlock, and the function call path is: +sctp_generate_t3_rtx_event (acquire the spinlock) + sctp_do_sm + sctp_side_effects + sctp_cmd_interpreter + sctp_make_init_ack + sctp_pack_cookie + crypto_shash_setkey + shash_setkey_unaligned + kmalloc(GFP_KERNEL) + +For the same reason, the orinoco driver may sleep in interrupt handler, +and the function call path is: +orinoco_rx_isr_tasklet + orinoco_rx + orinoco_mic + crypto_shash_setkey + shash_setkey_unaligned + kmalloc(GFP_KERNEL) + +To fix it, GFP_KERNEL is replaced with GFP_ATOMIC. +This bug is found by my static analysis tool and my code review. + +Signed-off-by: Jia-Ju Bai +Signed-off-by: Herbert Xu +Signed-off-by: Sasha Levin +--- + crypto/shash.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/shash.c b/crypto/shash.c +index d5bd2f05d036..4f047c7eeca7 100644 +--- a/crypto/shash.c ++++ b/crypto/shash.c +@@ -41,7 +41,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key, + int err; + + absize = keylen + (alignmask & ~(crypto_tfm_ctx_alignment() - 1)); +- buffer = kmalloc(absize, GFP_KERNEL); ++ buffer = kmalloc(absize, GFP_ATOMIC); + if (!buffer) + return -ENOMEM; + +-- +2.17.1 + diff --git a/queue-4.9/series b/queue-4.9/series index ceee2100a00..f55613ed4d5 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -102,7 +102,6 @@ i40e-avoid-nvm-acquire-deadlock-during-nvm-update.patch revert-ib-ipoib-update-broadcast-object-if-pkey-valu.patch btrfs-incremental-send-fix-invalid-memory-access.patch drm-msm-fix-possible-null-dereference-on-failure-of-.patch -arm-tegra-fix-ulpi-regression-on-tegra20.patch module-fix-debug_set_module_ronx-typo.patch iio-pressure-zpa2326-remove-always-true-check-which-.patch l2tp-remove-configurable-payload-offset.patch @@ -152,3 +151,5 @@ net-fix-pskb_trim_rcsum_slow-with-odd-trim-offset.patch rtnetlink-disallow-fdb-configuration-for-non-ethernet-device.patch ip6_tunnel-fix-encapsulation-layout.patch revert-x86-mm-expand-static-page-table-for-fixmap-sp.patch +crypto-shash-fix-a-sleep-in-atomic-bug-in-shash_setk.patch +ahci-don-t-ignore-result-code-of-ahci_reset_controll.patch