From: Greg Kroah-Hartman Date: Tue, 5 Dec 2017 17:30:49 +0000 (+0100) Subject: 3.18-stable patches X-Git-Tag: v3.18.87~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ad85124df8c48fadf9cae18acfc4fa16235d4810;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: arm-omap1-dma-correct-the-number-of-logical-channels.patch edac-sb_edac-fix-missing-break-in-switch.patch ima-fix-hash-algorithm-initialization.patch kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch mm-avoid-returning-vm_fault_retry-from-page_mkwrite-handlers.patch net-appletalk-fix-kernel-memory-disclosure.patch net-fec-fix-multicast-filtering-hardware-setup.patch net-sctp-fix-array-overrun-read-on-sctp_timer_tbl.patch nfs-don-t-take-a-reference-on-fl-fl_file-for-lock-operation.patch nfsv4-fix-client-recovery-when-server-reboots-multiple-times.patch perf-test-attr-fix-ignored-test-case-result.patch serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch spi-sh-msiof-fix-dma-transfer-size-check.patch sysrq-fix-show-regs-call-trace-on-arm.patch tipc-fix-cleanup-at-module-unload.patch usbip-tools-install-all-headers-needed-for-libusbip-development.patch vti6-fix-device-register-to-report-ifla_info_kind.patch --- diff --git a/queue-3.18/arm-omap1-dma-correct-the-number-of-logical-channels.patch b/queue-3.18/arm-omap1-dma-correct-the-number-of-logical-channels.patch new file mode 100644 index 00000000000..5d7e4742879 --- /dev/null +++ b/queue-3.18/arm-omap1-dma-correct-the-number-of-logical-channels.patch @@ -0,0 +1,70 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Peter Ujfalusi +Date: Tue, 3 Jan 2017 13:22:34 +0200 +Subject: ARM: OMAP1: DMA: Correct the number of logical channels + +From: Peter Ujfalusi + + +[ Upstream commit 657279778af54f35e54b07b6687918f254a2992c ] + +OMAP1510, OMAP5910 and OMAP310 have only 9 logical channels. +OMAP1610, OMAP5912, OMAP1710, OMAP730, and OMAP850 have 16 logical channels +available. + +The wired 17 for the lch_count must have been used to cover the 16 + 1 +dedicated LCD channel, in reality we can only use 9 or 16 channels. + +The d->chan_count is not used by the omap-dma stack, so we can skip the +setup. chan_count was configured to the number of logical channels and not +the actual number of physical channels anyways. + +Signed-off-by: Peter Ujfalusi +Acked-by: Aaro Koskinen +Signed-off-by: Tony Lindgren +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/mach-omap1/dma.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +--- a/arch/arm/mach-omap1/dma.c ++++ b/arch/arm/mach-omap1/dma.c +@@ -31,7 +31,6 @@ + #include + + #define OMAP1_DMA_BASE (0xfffed800) +-#define OMAP1_LOGICAL_DMA_CH_COUNT 17 + + static u32 enable_1510_mode; + +@@ -311,8 +310,6 @@ static int __init omap1_system_dma_init( + goto exit_iounmap; + } + +- d->lch_count = OMAP1_LOGICAL_DMA_CH_COUNT; +- + /* Valid attributes for omap1 plus processors */ + if (cpu_is_omap15xx()) + d->dev_caps = ENABLE_1510_MODE; +@@ -329,13 +326,14 @@ static int __init omap1_system_dma_init( + d->dev_caps |= CLEAR_CSR_ON_READ; + d->dev_caps |= IS_WORD_16; + +- if (cpu_is_omap15xx()) +- d->chan_count = 9; +- else if (cpu_is_omap16xx() || cpu_is_omap7xx()) { +- if (!(d->dev_caps & ENABLE_1510_MODE)) +- d->chan_count = 16; ++ /* available logical channels */ ++ if (cpu_is_omap15xx()) { ++ d->lch_count = 9; ++ } else { ++ if (d->dev_caps & ENABLE_1510_MODE) ++ d->lch_count = 9; + else +- d->chan_count = 9; ++ d->lch_count = 16; + } + + p = dma_plat_info; diff --git a/queue-3.18/edac-sb_edac-fix-missing-break-in-switch.patch b/queue-3.18/edac-sb_edac-fix-missing-break-in-switch.patch new file mode 100644 index 00000000000..9ebd74ca257 --- /dev/null +++ b/queue-3.18/edac-sb_edac-fix-missing-break-in-switch.patch @@ -0,0 +1,34 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: "Gustavo A. R. Silva" +Date: Mon, 16 Oct 2017 12:40:29 -0500 +Subject: EDAC, sb_edac: Fix missing break in switch + +From: "Gustavo A. R. Silva" + + +[ Upstream commit a8e9b186f153a44690ad0363a56716e7077ad28c ] + +Add missing break statement in order to prevent the code from falling +through. + +Signed-off-by: Gustavo A. R. Silva +Cc: Qiuxu Zhuo +Cc: linux-edac +Link: http://lkml.kernel.org/r/20171016174029.GA19757@embeddedor.com +Signed-off-by: Borislav Petkov +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/edac/sb_edac.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/edac/sb_edac.c ++++ b/drivers/edac/sb_edac.c +@@ -1645,6 +1645,7 @@ static int ibridge_mci_bind_devs(struct + break; + case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA0_TA: + pvt->pci_ta = pdev; ++ break; + case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA0_RAS: + pvt->pci_ras = pdev; + break; diff --git a/queue-3.18/ima-fix-hash-algorithm-initialization.patch b/queue-3.18/ima-fix-hash-algorithm-initialization.patch new file mode 100644 index 00000000000..f9e2bd3acb0 --- /dev/null +++ b/queue-3.18/ima-fix-hash-algorithm-initialization.patch @@ -0,0 +1,45 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Boshi Wang +Date: Fri, 20 Oct 2017 16:01:03 +0800 +Subject: ima: fix hash algorithm initialization + +From: Boshi Wang + + +[ Upstream commit ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee ] + +The hash_setup function always sets the hash_setup_done flag, even +when the hash algorithm is invalid. This prevents the default hash +algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used. + +This patch sets hash_setup_done flag only for valid hash algorithms. + +Fixes: e7a2ad7eb6f4 "ima: enable support for larger default filedata hash algorithms" +Signed-off-by: Boshi Wang +Signed-off-by: Mimi Zohar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + security/integrity/ima/ima_main.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/security/integrity/ima/ima_main.c ++++ b/security/integrity/ima/ima_main.c +@@ -52,6 +52,8 @@ static int __init hash_setup(char *str) + ima_hash_algo = HASH_ALGO_SHA1; + else if (strncmp(str, "md5", 3) == 0) + ima_hash_algo = HASH_ALGO_MD5; ++ else ++ return 1; + goto out; + } + +@@ -61,6 +63,8 @@ static int __init hash_setup(char *str) + break; + } + } ++ if (i == HASH_ALGO__LAST) ++ return 1; + out: + hash_setup_done = 1; + return 1; diff --git a/queue-3.18/kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch b/queue-3.18/kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch new file mode 100644 index 00000000000..e91c111e75a --- /dev/null +++ b/queue-3.18/kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch @@ -0,0 +1,74 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Masami Hiramatsu +Date: Fri, 20 Oct 2017 08:43:39 +0900 +Subject: kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y + +From: Masami Hiramatsu + + +[ Upstream commit a30b85df7d599f626973e9cd3056fe755bd778e0 ] + +We want to wait for all potentially preempted kprobes trampoline +execution to have completed. This guarantees that any freed +trampoline memory is not in use by any task in the system anymore. +synchronize_rcu_tasks() gives such a guarantee, so use it. + +Also, this guarantees to wait for all potentially preempted tasks +on the instructions which will be replaced with a jump. + +Since this becomes a problem only when CONFIG_PREEMPT=y, enable +CONFIG_TASKS_RCU=y for synchronize_rcu_tasks() in that case. + +Signed-off-by: Masami Hiramatsu +Acked-by: Paul E. McKenney +Cc: Ananth N Mavinakayanahalli +Cc: Linus Torvalds +Cc: Naveen N . Rao +Cc: Paul E . McKenney +Cc: Peter Zijlstra +Cc: Steven Rostedt +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/150845661962.5443.17724352636247312231.stgit@devbox +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/Kconfig | 2 +- + kernel/kprobes.c | 14 ++++++++------ + 2 files changed, 9 insertions(+), 7 deletions(-) + +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -74,7 +74,7 @@ config JUMP_LABEL + config OPTPROBES + def_bool y + depends on KPROBES && HAVE_OPTPROBES +- depends on !PREEMPT ++ select TASKS_RCU if PREEMPT + + config KPROBES_ON_FTRACE + def_bool y +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -540,13 +540,15 @@ static void kprobe_optimizer(struct work + do_unoptimize_kprobes(); + + /* +- * Step 2: Wait for quiesence period to ensure all running interrupts +- * are done. Because optprobe may modify multiple instructions +- * there is a chance that Nth instruction is interrupted. In that +- * case, running interrupt can return to 2nd-Nth byte of jump +- * instruction. This wait is for avoiding it. ++ * Step 2: Wait for quiesence period to ensure all potentially ++ * preempted tasks to have normally scheduled. Because optprobe ++ * may modify multiple instructions, there is a chance that Nth ++ * instruction is preempted. In that case, such tasks can return ++ * to 2nd-Nth byte of jump instruction. This wait is for avoiding it. ++ * Note that on non-preemptive kernel, this is transparently converted ++ * to synchronoze_sched() to wait for all interrupts to have completed. + */ +- synchronize_sched(); ++ synchronize_rcu_tasks(); + + /* Step 3: Optimize kprobes after quiesence period */ + do_optimize_kprobes(); diff --git a/queue-3.18/mm-avoid-returning-vm_fault_retry-from-page_mkwrite-handlers.patch b/queue-3.18/mm-avoid-returning-vm_fault_retry-from-page_mkwrite-handlers.patch new file mode 100644 index 00000000000..44bdef0ba50 --- /dev/null +++ b/queue-3.18/mm-avoid-returning-vm_fault_retry-from-page_mkwrite-handlers.patch @@ -0,0 +1,70 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Jan Kara +Date: Wed, 8 Feb 2017 14:30:53 -0800 +Subject: mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers + +From: Jan Kara + + +[ Upstream commit 0911d0041c22922228ca52a977d7b0b0159fee4b ] + +Some ->page_mkwrite handlers may return VM_FAULT_RETRY as its return +code (GFS2 or Lustre can definitely do this). However VM_FAULT_RETRY +from ->page_mkwrite is completely unhandled by the mm code and results +in locking and writeably mapping the page which definitely is not what +the caller wanted. + +Fix Lustre and block_page_mkwrite_ret() used by other filesystems +(notably GFS2) to return VM_FAULT_NOPAGE instead which results in +bailing out from the fault code, the CPU then retries the access, and we +fault again effectively doing what the handler wanted. + +Link: http://lkml.kernel.org/r/20170203150729.15863-1-jack@suse.cz +Signed-off-by: Jan Kara +Reported-by: Al Viro +Reviewed-by: Jinshan Xiong +Cc: Matthew Wilcox +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/staging/lustre/lustre/llite/llite_mmap.c | 4 +--- + include/linux/buffer_head.h | 4 +--- + 2 files changed, 2 insertions(+), 6 deletions(-) + +--- a/drivers/staging/lustre/lustre/llite/llite_mmap.c ++++ b/drivers/staging/lustre/lustre/llite/llite_mmap.c +@@ -407,15 +407,13 @@ static int ll_page_mkwrite(struct vm_are + result = VM_FAULT_LOCKED; + break; + case -ENODATA: ++ case -EAGAIN: + case -EFAULT: + result = VM_FAULT_NOPAGE; + break; + case -ENOMEM: + result = VM_FAULT_OOM; + break; +- case -EAGAIN: +- result = VM_FAULT_RETRY; +- break; + default: + result = VM_FAULT_SIGBUS; + break; +--- a/include/linux/buffer_head.h ++++ b/include/linux/buffer_head.h +@@ -236,12 +236,10 @@ static inline int block_page_mkwrite_ret + { + if (err == 0) + return VM_FAULT_LOCKED; +- if (err == -EFAULT) ++ if (err == -EFAULT || err == -EAGAIN) + return VM_FAULT_NOPAGE; + if (err == -ENOMEM) + return VM_FAULT_OOM; +- if (err == -EAGAIN) +- return VM_FAULT_RETRY; + /* -ENOSPC, -EDQUOT, -EIO ... */ + return VM_FAULT_SIGBUS; + } diff --git a/queue-3.18/net-appletalk-fix-kernel-memory-disclosure.patch b/queue-3.18/net-appletalk-fix-kernel-memory-disclosure.patch new file mode 100644 index 00000000000..1b6885cbb8d --- /dev/null +++ b/queue-3.18/net-appletalk-fix-kernel-memory-disclosure.patch @@ -0,0 +1,34 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Vlad Tsyrklevich +Date: Mon, 9 Jan 2017 20:57:48 +0700 +Subject: net/appletalk: Fix kernel memory disclosure + +From: Vlad Tsyrklevich + + +[ Upstream commit ce7e40c432ba84da104438f6799d460a4cad41bc ] + +ipddp_route structs contain alignment padding so kernel heap memory +is leaked when they are copied to user space in +ipddp_ioctl(SIOCFINDIPDDPRT). Change kmalloc() to kzalloc() to clear +that memory. + +Signed-off-by: Vlad Tsyrklevich +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/appletalk/ipddp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/appletalk/ipddp.c ++++ b/drivers/net/appletalk/ipddp.c +@@ -191,7 +191,7 @@ static netdev_tx_t ipddp_xmit(struct sk_ + */ + static int ipddp_create(struct ipddp_route *new_rt) + { +- struct ipddp_route *rt = kmalloc(sizeof(*rt), GFP_KERNEL); ++ struct ipddp_route *rt = kzalloc(sizeof(*rt), GFP_KERNEL); + + if (rt == NULL) + return -ENOMEM; diff --git a/queue-3.18/net-fec-fix-multicast-filtering-hardware-setup.patch b/queue-3.18/net-fec-fix-multicast-filtering-hardware-setup.patch new file mode 100644 index 00000000000..973c785f615 --- /dev/null +++ b/queue-3.18/net-fec-fix-multicast-filtering-hardware-setup.patch @@ -0,0 +1,71 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Rui Sousa +Date: Mon, 13 Feb 2017 10:01:25 +0800 +Subject: net: fec: fix multicast filtering hardware setup + +From: Rui Sousa + + +[ Upstream commit 01f8902bcf3ff124d0aeb88a774180ebcec20ace ] + +Fix hardware setup of multicast address hash: +- Never clear the hardware hash (to avoid packet loss) +- Construct the hash register values in software and then write once +to hardware + +Signed-off-by: Rui Sousa +Signed-off-by: Fugang Duan +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/freescale/fec_main.c | 23 +++++++++-------------- + 1 file changed, 9 insertions(+), 14 deletions(-) + +--- a/drivers/net/ethernet/freescale/fec_main.c ++++ b/drivers/net/ethernet/freescale/fec_main.c +@@ -2793,6 +2793,7 @@ static void set_multicast_list(struct ne + struct netdev_hw_addr *ha; + unsigned int i, bit, data, crc, tmp; + unsigned char hash; ++ unsigned int hash_high = 0, hash_low = 0; + + if (ndev->flags & IFF_PROMISC) { + tmp = readl(fep->hwp + FEC_R_CNTRL); +@@ -2815,11 +2816,7 @@ static void set_multicast_list(struct ne + return; + } + +- /* Clear filter and add the addresses in hash register +- */ +- writel(0, fep->hwp + FEC_GRP_HASH_TABLE_HIGH); +- writel(0, fep->hwp + FEC_GRP_HASH_TABLE_LOW); +- ++ /* Add the addresses in hash register */ + netdev_for_each_mc_addr(ha, ndev) { + /* calculate crc32 value of mac address */ + crc = 0xffffffff; +@@ -2837,16 +2834,14 @@ static void set_multicast_list(struct ne + */ + hash = (crc >> (32 - HASH_BITS)) & 0x3f; + +- if (hash > 31) { +- tmp = readl(fep->hwp + FEC_GRP_HASH_TABLE_HIGH); +- tmp |= 1 << (hash - 32); +- writel(tmp, fep->hwp + FEC_GRP_HASH_TABLE_HIGH); +- } else { +- tmp = readl(fep->hwp + FEC_GRP_HASH_TABLE_LOW); +- tmp |= 1 << hash; +- writel(tmp, fep->hwp + FEC_GRP_HASH_TABLE_LOW); +- } ++ if (hash > 31) ++ hash_high |= 1 << (hash - 32); ++ else ++ hash_low |= 1 << hash; + } ++ ++ writel(hash_high, fep->hwp + FEC_GRP_HASH_TABLE_HIGH); ++ writel(hash_low, fep->hwp + FEC_GRP_HASH_TABLE_LOW); + } + + /* Set a MAC change in hardware. */ diff --git a/queue-3.18/net-sctp-fix-array-overrun-read-on-sctp_timer_tbl.patch b/queue-3.18/net-sctp-fix-array-overrun-read-on-sctp_timer_tbl.patch new file mode 100644 index 00000000000..3c7058c60f0 --- /dev/null +++ b/queue-3.18/net-sctp-fix-array-overrun-read-on-sctp_timer_tbl.patch @@ -0,0 +1,36 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Colin Ian King +Date: Fri, 20 Jan 2017 13:01:57 +0000 +Subject: net: sctp: fix array overrun read on sctp_timer_tbl + +From: Colin Ian King + + +[ Upstream commit 0e73fc9a56f22f2eec4d2b2910c649f7af67b74d ] + +The comparison on the timeout can lead to an array overrun +read on sctp_timer_tbl because of an off-by-one error. Fix +this by using < instead of <= and also compare to the array +size rather than SCTP_EVENT_TIMEOUT_MAX. + +Fixes CoverityScan CID#1397639 ("Out-of-bounds read") + +Signed-off-by: Colin Ian King +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/sctp/debug.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/sctp/debug.c ++++ b/net/sctp/debug.c +@@ -166,7 +166,7 @@ static const char *const sctp_timer_tbl[ + /* Lookup timer debug name. */ + const char *sctp_tname(const sctp_subtype_t id) + { +- if (id.timeout <= SCTP_EVENT_TIMEOUT_MAX) ++ if (id.timeout < ARRAY_SIZE(sctp_timer_tbl)) + return sctp_timer_tbl[id.timeout]; + return "unknown_timer"; + } diff --git a/queue-3.18/nfs-don-t-take-a-reference-on-fl-fl_file-for-lock-operation.patch b/queue-3.18/nfs-don-t-take-a-reference-on-fl-fl_file-for-lock-operation.patch new file mode 100644 index 00000000000..18eade41cfc --- /dev/null +++ b/queue-3.18/nfs-don-t-take-a-reference-on-fl-fl_file-for-lock-operation.patch @@ -0,0 +1,56 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Benjamin Coddington +Date: Thu, 5 Jan 2017 10:20:16 -0500 +Subject: nfs: Don't take a reference on fl->fl_file for LOCK operation + +From: Benjamin Coddington + + +[ Upstream commit 4b09ec4b14a168bf2c687e1f598140c3c11e9222 ] + +I have reports of a crash that look like __fput() was called twice for +a NFSv4.0 file. It seems possible that the state manager could try to +reclaim a lock and take a reference on the fl->fl_file at the same time the +file is being released if, during the close(), a signal interrupts the wait +for outstanding IO while removing locks which then skips the removal +of that lock. + +Since 83bfff23e9ed ("nfs4: have do_vfs_lock take an inode pointer") has +removed the need to traverse fl->fl_file->f_inode in nfs4_lock_done(), +taking that reference is no longer necessary. + +Signed-off-by: Benjamin Coddington +Reviewed-by: Jeff Layton +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfs/nfs4proc.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -38,7 +38,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -5544,7 +5543,6 @@ static struct nfs4_lockdata *nfs4_alloc_ + p->server = server; + atomic_inc(&lsp->ls_count); + p->ctx = get_nfs_open_context(ctx); +- get_file(fl->fl_file); + memcpy(&p->fl, fl, sizeof(p->fl)); + return p; + out_free_seqid: +@@ -5634,7 +5632,6 @@ static void nfs4_lock_release(void *call + nfs_free_seqid(data->arg.lock_seqid); + nfs4_put_lock_state(data->lsp); + put_nfs_open_context(data->ctx); +- fput(data->fl.fl_file); + kfree(data); + dprintk("%s: done!\n", __func__); + } diff --git a/queue-3.18/nfsv4-fix-client-recovery-when-server-reboots-multiple-times.patch b/queue-3.18/nfsv4-fix-client-recovery-when-server-reboots-multiple-times.patch new file mode 100644 index 00000000000..cecd8b09a6a --- /dev/null +++ b/queue-3.18/nfsv4-fix-client-recovery-when-server-reboots-multiple-times.patch @@ -0,0 +1,34 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Trond Myklebust +Date: Fri, 13 Jan 2017 13:31:32 -0500 +Subject: NFSv4: Fix client recovery when server reboots multiple times + +From: Trond Myklebust + + +[ Upstream commit c6180a6237174f481dc856ed6e890d8196b6f0fb ] + +If the server reboots multiple times, the client should rely on the +server to tell it that it cannot reclaim state as per section 9.6.3.4 +in RFC7530 and section 8.4.2.1 in RFC5661. +Currently, the client is being to conservative, and is assuming that +if the server reboots while state recovery is in progress, then it must +ignore state that was not recovered before the reboot. + +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfs/nfs4state.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -1650,7 +1650,6 @@ static int nfs4_recovery_handle_error(st + break; + case -NFS4ERR_STALE_CLIENTID: + set_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state); +- nfs4_state_clear_reclaim_reboot(clp); + nfs4_state_start_reclaim_reboot(clp); + break; + case -NFS4ERR_EXPIRED: diff --git a/queue-3.18/perf-test-attr-fix-ignored-test-case-result.patch b/queue-3.18/perf-test-attr-fix-ignored-test-case-result.patch new file mode 100644 index 00000000000..92b5a101946 --- /dev/null +++ b/queue-3.18/perf-test-attr-fix-ignored-test-case-result.patch @@ -0,0 +1,68 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Thomas Richter +Date: Wed, 13 Sep 2017 10:12:09 +0200 +Subject: perf test attr: Fix ignored test case result + +From: Thomas Richter + + +[ Upstream commit 22905582f6dd4bbd0c370fe5732c607452010c04 ] + +Command perf test -v 16 (Setup struct perf_event_attr test) always +reports success even if the test case fails. It works correctly if you +also specify -F (for don't fork). + + root@s35lp76 perf]# ./perf test -v 16 + 15: Setup struct perf_event_attr : + --- start --- + running './tests/attr/test-record-no-delay' + [ perf record: Woken up 1 times to write data ] + [ perf record: Captured and wrote 0.002 MB /tmp/tmp4E1h7R/perf.data + (1 samples) ] + expected task=0, got 1 + expected precise_ip=0, got 3 + expected wakeup_events=1, got 0 + FAILED './tests/attr/test-record-no-delay' - match failure + test child finished with 0 + ---- end ---- + Setup struct perf_event_attr: Ok + +The reason for the wrong error reporting is the return value of the +system() library call. It is called in run_dir() file tests/attr.c and +returns the exit status, in above case 0xff00. + +This value is given as parameter to the exit() function which can only +handle values 0-0xff. + +The child process terminates with exit value of 0 and the parent does +not detect any error. + +This patch corrects the error reporting and prints the correct test +result. + +Signed-off-by: Thomas-Mich Richter +Acked-by: Jiri Olsa +Cc: Heiko Carstens +Cc: Hendrik Brueckner +Cc: Martin Schwidefsky +Cc: Thomas-Mich Richter +LPU-Reference: 20170913081209.39570-2-tmricht@linux.vnet.ibm.com +Link: http://lkml.kernel.org/n/tip-rdube6rfcjsr1nzue72c7lqn@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/tests/attr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/perf/tests/attr.c ++++ b/tools/perf/tests/attr.c +@@ -150,7 +150,7 @@ static int run_dir(const char *d, const + snprintf(cmd, 3*PATH_MAX, PYTHON " %s/attr.py -d %s/attr/ -p %s %.*s", + d, d, perf, vcnt, v); + +- return system(cmd); ++ return system(cmd) ? TEST_FAIL : TEST_OK; + } + + int test__attr(void) diff --git a/queue-3.18/serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch b/queue-3.18/serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch new file mode 100644 index 00000000000..bb8ddc4f713 --- /dev/null +++ b/queue-3.18/serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch @@ -0,0 +1,42 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Lukas Wunner +Date: Sat, 28 Oct 2017 11:35:49 +0200 +Subject: serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() + +From: Lukas Wunner + + +[ Upstream commit 3236a965486ba0c6043cf2c7b51943d8b382ae29 ] + +This driver's ->rs485_config callback checks if SER_RS485_RTS_ON_SEND +and SER_RS485_RTS_AFTER_SEND have the same value. If they do, it means +the user has passed in invalid data with the TIOCSRS485 ioctl() +since RTS must have a different polarity when sending and when not +sending. In this case, rs485 mode is not enabled (the RS485_URA bit +is not set in the RS485 Enable Register) and this is supposed to be +signaled back to the user by clearing the SER_RS485_ENABLED bit in +struct serial_rs485 ... except a missing tilde character is preventing +that from happening. + +Fixes: 28e3fb6c4dce ("serial: Add support for Fintek F81216A LPC to 4 UART") +Cc: Ricardo Ribalda Delgado +Cc: "Ji-Ze Hong (Peter Hong)" +Signed-off-by: Lukas Wunner +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/8250/8250_fintek.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/tty/serial/8250/8250_fintek.c ++++ b/drivers/tty/serial/8250/8250_fintek.c +@@ -118,7 +118,7 @@ static int fintek_8250_rs4850_config(str + + if ((!!(rs485->flags & SER_RS485_RTS_ON_SEND)) == + (!!(rs485->flags & SER_RS485_RTS_AFTER_SEND))) +- rs485->flags &= SER_RS485_ENABLED; ++ rs485->flags &= ~SER_RS485_ENABLED; + else + config |= RS485_URA; + diff --git a/queue-3.18/series b/queue-3.18/series index 0c803db1b53..98d561206af 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -1,2 +1,19 @@ bcache-only-permit-to-recovery-read-error-when-cache-device-is-clean.patch bcache-recover-data-from-backing-when-data-is-clean.patch +serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch +spi-sh-msiof-fix-dma-transfer-size-check.patch +kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch +edac-sb_edac-fix-missing-break-in-switch.patch +sysrq-fix-show-regs-call-trace-on-arm.patch +usbip-tools-install-all-headers-needed-for-libusbip-development.patch +perf-test-attr-fix-ignored-test-case-result.patch +arm-omap1-dma-correct-the-number-of-logical-channels.patch +vti6-fix-device-register-to-report-ifla_info_kind.patch +net-appletalk-fix-kernel-memory-disclosure.patch +nfs-don-t-take-a-reference-on-fl-fl_file-for-lock-operation.patch +nfsv4-fix-client-recovery-when-server-reboots-multiple-times.patch +net-sctp-fix-array-overrun-read-on-sctp_timer_tbl.patch +tipc-fix-cleanup-at-module-unload.patch +mm-avoid-returning-vm_fault_retry-from-page_mkwrite-handlers.patch +net-fec-fix-multicast-filtering-hardware-setup.patch +ima-fix-hash-algorithm-initialization.patch diff --git a/queue-3.18/spi-sh-msiof-fix-dma-transfer-size-check.patch b/queue-3.18/spi-sh-msiof-fix-dma-transfer-size-check.patch new file mode 100644 index 00000000000..582fb02b43d --- /dev/null +++ b/queue-3.18/spi-sh-msiof-fix-dma-transfer-size-check.patch @@ -0,0 +1,36 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Hiromitsu Yamasaki +Date: Thu, 2 Nov 2017 10:32:36 +0100 +Subject: spi: sh-msiof: Fix DMA transfer size check + +From: Hiromitsu Yamasaki + + +[ Upstream commit 36735783fdb599c94b9c86824583df367c65900b ] + +DMA supports 32-bit words only, +even if BITLEN1 of SITMDR2 register is 16bit. + +Fixes: b0d0ce8b6b91 ("spi: sh-msiof: Add DMA support") +Signed-off-by: Hiromitsu Yamasaki +Signed-off-by: Simon Horman +Acked-by: Geert Uytterhoeven +Acked-by: Dirk Behme +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/spi/spi-sh-msiof.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/spi/spi-sh-msiof.c ++++ b/drivers/spi/spi-sh-msiof.c +@@ -818,7 +818,7 @@ static int sh_msiof_transfer_one(struct + break; + copy32 = copy_bswap32; + } else if (bits <= 16) { +- if (l & 1) ++ if (l & 3) + break; + copy32 = copy_wswap32; + } else { diff --git a/queue-3.18/sysrq-fix-show-regs-call-trace-on-arm.patch b/queue-3.18/sysrq-fix-show-regs-call-trace-on-arm.patch new file mode 100644 index 00000000000..ad2fee3c535 --- /dev/null +++ b/queue-3.18/sysrq-fix-show-regs-call-trace-on-arm.patch @@ -0,0 +1,77 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Jibin Xu +Date: Sun, 10 Sep 2017 20:11:42 -0700 +Subject: sysrq : fix Show Regs call trace on ARM + +From: Jibin Xu + + +[ Upstream commit b00bebbc301c8e1f74f230dc82282e56b7e7a6db ] + +When kernel configuration SMP,PREEMPT and DEBUG_PREEMPT are enabled, +echo 1 >/proc/sys/kernel/sysrq +echo p >/proc/sysrq-trigger +kernel will print call trace as below: + +sysrq: SysRq : Show Regs +BUG: using __this_cpu_read() in preemptible [00000000] code: sh/435 +caller is __this_cpu_preempt_check+0x18/0x20 +Call trace: +[] dump_backtrace+0x0/0x1d0 +[] show_stack+0x24/0x30 +[] dump_stack+0x90/0xb0 +[] check_preemption_disabled+0x100/0x108 +[] __this_cpu_preempt_check+0x18/0x20 +[] sysrq_handle_showregs+0x1c/0x40 +[] __handle_sysrq+0x12c/0x1a0 +[] write_sysrq_trigger+0x60/0x70 +[] proc_reg_write+0x90/0xd0 +[] __vfs_write+0x48/0x90 +[] vfs_write+0xa4/0x190 +[] SyS_write+0x54/0xb0 +[] el0_svc_naked+0x24/0x28 + +This can be seen on a common board like an r-pi3. +This happens because when echo p >/proc/sysrq-trigger, +get_irq_regs() is called outside of IRQ context, +if preemption is enabled in this situation,kernel will +print the call trace. Since many prior discussions on +the mailing lists have made it clear that get_irq_regs +either just returns NULL or stale data when used outside +of IRQ context,we simply avoid calling it outside of +IRQ context. + +Signed-off-by: Jibin Xu +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/sysrq.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/tty/sysrq.c ++++ b/drivers/tty/sysrq.c +@@ -237,8 +237,10 @@ static void sysrq_handle_showallcpus(int + * architecture has no support for it: + */ + if (!trigger_all_cpu_backtrace()) { +- struct pt_regs *regs = get_irq_regs(); ++ struct pt_regs *regs = NULL; + ++ if (in_irq()) ++ regs = get_irq_regs(); + if (regs) { + printk(KERN_INFO "CPU%d:\n", smp_processor_id()); + show_regs(regs); +@@ -257,7 +259,10 @@ static struct sysrq_key_op sysrq_showall + + static void sysrq_handle_showregs(int key) + { +- struct pt_regs *regs = get_irq_regs(); ++ struct pt_regs *regs = NULL; ++ ++ if (in_irq()) ++ regs = get_irq_regs(); + if (regs) + show_regs(regs); + perf_event_print_debug(); diff --git a/queue-3.18/tipc-fix-cleanup-at-module-unload.patch b/queue-3.18/tipc-fix-cleanup-at-module-unload.patch new file mode 100644 index 00000000000..1a76ca7ed2a --- /dev/null +++ b/queue-3.18/tipc-fix-cleanup-at-module-unload.patch @@ -0,0 +1,45 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Parthasarathy Bhuvaragan +Date: Tue, 24 Jan 2017 13:00:48 +0100 +Subject: tipc: fix cleanup at module unload + +From: Parthasarathy Bhuvaragan + + +[ Upstream commit 35e22e49a5d6a741ebe7f2dd280b2052c3003ef7 ] + +In tipc_server_stop(), we iterate over the connections with limiting +factor as server's idr_in_use. We ignore the fact that this variable +is decremented in tipc_close_conn(), leading to premature exit. + +In this commit, we iterate until the we have no connections left. + +Acked-by: Ying Xue +Acked-by: Jon Maloy +Tested-by: John Thompson +Signed-off-by: Parthasarathy Bhuvaragan +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/tipc/server.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/net/tipc/server.c ++++ b/net/tipc/server.c +@@ -579,14 +579,12 @@ int tipc_server_start(struct tipc_server + void tipc_server_stop(struct tipc_server *s) + { + struct tipc_conn *con; +- int total = 0; + int id; + + spin_lock_bh(&s->idr_lock); +- for (id = 0; total < s->idr_in_use; id++) { ++ for (id = 0; s->idr_in_use; id++) { + con = idr_find(&s->conn_idr, id); + if (con) { +- total++; + spin_unlock_bh(&s->idr_lock); + tipc_close_conn(con); + spin_lock_bh(&s->idr_lock); diff --git a/queue-3.18/usbip-tools-install-all-headers-needed-for-libusbip-development.patch b/queue-3.18/usbip-tools-install-all-headers-needed-for-libusbip-development.patch new file mode 100644 index 00000000000..9e00eaf6170 --- /dev/null +++ b/queue-3.18/usbip-tools-install-all-headers-needed-for-libusbip-development.patch @@ -0,0 +1,35 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: Ben Hutchings +Date: Sun, 1 Oct 2017 02:18:37 +0100 +Subject: usbip: tools: Install all headers needed for libusbip development + +From: Ben Hutchings + + +[ Upstream commit c15562c0dcb2c7f26e891923b784cf1926b8c833 ] + +usbip_host_driver.h now depends on several additional headers, which +need to be installed along with it. + +Fixes: 021aed845303 ("staging: usbip: userspace: migrate usbip_host_driver ...") +Fixes: 3391ba0e2792 ("usbip: tools: Extract generic code to be shared with ...") +Signed-off-by: Ben Hutchings +Acked-by: Shuah Khan +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/usb/usbip/Makefile.am | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/tools/usb/usbip/Makefile.am ++++ b/tools/usb/usbip/Makefile.am +@@ -1,6 +1,7 @@ + SUBDIRS := libsrc src + includedir = @includedir@/usbip + include_HEADERS := $(addprefix libsrc/, \ +- usbip_common.h vhci_driver.h usbip_host_driver.h) ++ usbip_common.h vhci_driver.h usbip_host_driver.h \ ++ list.h sysfs_utils.h usbip_host_common.h) + + dist_man_MANS := $(addprefix doc/, usbip.8 usbipd.8) diff --git a/queue-3.18/vti6-fix-device-register-to-report-ifla_info_kind.patch b/queue-3.18/vti6-fix-device-register-to-report-ifla_info_kind.patch new file mode 100644 index 00000000000..35bb953a52a --- /dev/null +++ b/queue-3.18/vti6-fix-device-register-to-report-ifla_info_kind.patch @@ -0,0 +1,38 @@ +From foo@baz Tue Dec 5 18:18:39 CET 2017 +From: David Forster +Date: Fri, 6 Jan 2017 10:27:59 +0000 +Subject: vti6: fix device register to report IFLA_INFO_KIND + +From: David Forster + + +[ Upstream commit 93e246f783e6bd1bc64fdfbfe68b18161f69b28e ] + +vti6 interface is registered before the rtnl_link_ops block +is attached. As a result the resulting RTM_NEWLINK is missing +IFLA_INFO_KIND. Re-order attachment of rtnl_link_ops block to fix. + +Signed-off-by: Dave Forster +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/ip6_vti.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv6/ip6_vti.c ++++ b/net/ipv6/ip6_vti.c +@@ -172,12 +172,12 @@ static int vti6_tnl_create2(struct net_d + struct vti6_net *ip6n = net_generic(net, vti6_net_id); + int err; + ++ dev->rtnl_link_ops = &vti6_link_ops; + err = register_netdevice(dev); + if (err < 0) + goto out; + + strcpy(t->parms.name, dev->name); +- dev->rtnl_link_ops = &vti6_link_ops; + + dev_hold(dev); + vti6_tnl_link(ip6n, t);