From: Greg Kroah-Hartman Date: Thu, 21 Mar 2019 07:06:12 +0000 (+0100) Subject: 3.18-stable patches X-Git-Tag: v3.18.137~42 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dff48b25d5caf9da2b05aed507ab69c6d9ae2b1b;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch jbd2-clear-dirty-flag-when-revoking-a-buffer-from-an-older-transaction.patch powerpc-32-clear-on-stack-exception-marker-upon-exception-return.patch powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch powerpc-powernv-make-opal-log-only-readable-by-root.patch powerpc-wii-properly-disable-use-of-bats-when-requested.patch --- diff --git a/queue-3.18/arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch b/queue-3.18/arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch new file mode 100644 index 00000000000..41f697ed7aa --- /dev/null +++ b/queue-3.18/arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch @@ -0,0 +1,48 @@ +From e2477233145f2156434afb799583bccd878f3e9f Mon Sep 17 00:00:00 2001 +From: "Gustavo A. R. Silva" +Date: Thu, 3 Jan 2019 14:14:08 -0600 +Subject: ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify + +From: Gustavo A. R. Silva + +commit e2477233145f2156434afb799583bccd878f3e9f upstream. + +Fix boolean expressions by using logical AND operator '&&' instead of +bitwise operator '&'. + +This issue was detected with the help of Coccinelle. + +Fixes: 4fa084af28ca ("ARM: OSIRIS: DVS (Dynamic Voltage Scaling) supoort.") +Cc: stable@vger.kernel.org +Signed-off-by: Gustavo A. R. Silva +[krzk: Fix -Wparentheses warning] +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mach-s3c24xx/mach-osiris-dvs.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/arch/arm/mach-s3c24xx/mach-osiris-dvs.c ++++ b/arch/arm/mach-s3c24xx/mach-osiris-dvs.c +@@ -70,16 +70,16 @@ static int osiris_dvs_notify(struct noti + + switch (val) { + case CPUFREQ_PRECHANGE: +- if (old_dvs & !new_dvs || +- cur_dvs & !new_dvs) { ++ if ((old_dvs && !new_dvs) || ++ (cur_dvs && !new_dvs)) { + pr_debug("%s: exiting dvs\n", __func__); + cur_dvs = false; + gpio_set_value(OSIRIS_GPIO_DVS, 1); + } + break; + case CPUFREQ_POSTCHANGE: +- if (!old_dvs & new_dvs || +- !cur_dvs & new_dvs) { ++ if ((!old_dvs && new_dvs) || ++ (!cur_dvs && new_dvs)) { + pr_debug("entering dvs\n"); + cur_dvs = true; + gpio_set_value(OSIRIS_GPIO_DVS, 0); diff --git a/queue-3.18/jbd2-clear-dirty-flag-when-revoking-a-buffer-from-an-older-transaction.patch b/queue-3.18/jbd2-clear-dirty-flag-when-revoking-a-buffer-from-an-older-transaction.patch new file mode 100644 index 00000000000..eb4e240a91d --- /dev/null +++ b/queue-3.18/jbd2-clear-dirty-flag-when-revoking-a-buffer-from-an-older-transaction.patch @@ -0,0 +1,80 @@ +From 904cdbd41d749a476863a0ca41f6f396774f26e4 Mon Sep 17 00:00:00 2001 +From: "zhangyi (F)" +Date: Sun, 10 Feb 2019 23:23:04 -0500 +Subject: jbd2: clear dirty flag when revoking a buffer from an older transaction + +From: zhangyi (F) + +commit 904cdbd41d749a476863a0ca41f6f396774f26e4 upstream. + +Now, we capture a data corruption problem on ext4 while we're truncating +an extent index block. Imaging that if we are revoking a buffer which +has been journaled by the committing transaction, the buffer's jbddirty +flag will not be cleared in jbd2_journal_forget(), so the commit code +will set the buffer dirty flag again after refile the buffer. + +fsx kjournald2 + jbd2_journal_commit_transaction +jbd2_journal_revoke commit phase 1~5... + jbd2_journal_forget + belongs to older transaction commit phase 6 + jbddirty not clear __jbd2_journal_refile_buffer + __jbd2_journal_unfile_buffer + test_clear_buffer_jbddirty + mark_buffer_dirty + +Finally, if the freed extent index block was allocated again as data +block by some other files, it may corrupt the file data after writing +cached pages later, such as during unmount time. (In general, +clean_bdev_aliases() related helpers should be invoked after +re-allocation to prevent the above corruption, but unfortunately we +missed it when zeroout the head of extra extent blocks in +ext4_ext_handle_unwritten_extents()). + +This patch mark buffer as freed and set j_next_transaction to the new +transaction when it already belongs to the committing transaction in +jbd2_journal_forget(), so that commit code knows it should clear dirty +bits when it is done with the buffer. + +This problem can be reproduced by xfstests generic/455 easily with +seeds (3246 3247 3248 3249). + +Signed-off-by: zhangyi (F) +Signed-off-by: Theodore Ts'o +Reviewed-by: Jan Kara +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jbd2/transaction.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +--- a/fs/jbd2/transaction.c ++++ b/fs/jbd2/transaction.c +@@ -1473,14 +1473,21 @@ int jbd2_journal_forget (handle_t *handl + /* However, if the buffer is still owned by a prior + * (committing) transaction, we can't drop it yet... */ + JBUFFER_TRACE(jh, "belongs to older transaction"); +- /* ... but we CAN drop it from the new transaction if we +- * have also modified it since the original commit. */ ++ /* ... but we CAN drop it from the new transaction through ++ * marking the buffer as freed and set j_next_transaction to ++ * the new transaction, so that not only the commit code ++ * knows it should clear dirty bits when it is done with the ++ * buffer, but also the buffer can be checkpointed only ++ * after the new transaction commits. */ + +- if (jh->b_next_transaction) { +- J_ASSERT(jh->b_next_transaction == transaction); ++ set_buffer_freed(bh); ++ ++ if (!jh->b_next_transaction) { + spin_lock(&journal->j_list_lock); +- jh->b_next_transaction = NULL; ++ jh->b_next_transaction = transaction; + spin_unlock(&journal->j_list_lock); ++ } else { ++ J_ASSERT(jh->b_next_transaction == transaction); + + /* + * only drop a reference if this transaction modified diff --git a/queue-3.18/powerpc-32-clear-on-stack-exception-marker-upon-exception-return.patch b/queue-3.18/powerpc-32-clear-on-stack-exception-marker-upon-exception-return.patch new file mode 100644 index 00000000000..1e2aa42c755 --- /dev/null +++ b/queue-3.18/powerpc-32-clear-on-stack-exception-marker-upon-exception-return.patch @@ -0,0 +1,81 @@ +From 9580b71b5a7863c24a9bd18bcd2ad759b86b1eff Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Wed, 27 Feb 2019 11:45:30 +0000 +Subject: powerpc/32: Clear on-stack exception marker upon exception return + +From: Christophe Leroy + +commit 9580b71b5a7863c24a9bd18bcd2ad759b86b1eff upstream. + +Clear the on-stack STACK_FRAME_REGS_MARKER on exception exit in order +to avoid confusing stacktrace like the one below. + + Call Trace: + [c0e9dca0] [c01c42a0] print_address_description+0x64/0x2bc (unreliable) + [c0e9dcd0] [c01c4684] kasan_report+0xfc/0x180 + [c0e9dd10] [c0895130] memchr+0x24/0x74 + [c0e9dd30] [c00a9e38] msg_print_text+0x124/0x574 + [c0e9dde0] [c00ab710] console_unlock+0x114/0x4f8 + [c0e9de40] [c00adc60] vprintk_emit+0x188/0x1c4 + --- interrupt: c0e9df00 at 0x400f330 + LR = init_stack+0x1f00/0x2000 + [c0e9de80] [c00ae3c4] printk+0xa8/0xcc (unreliable) + [c0e9df20] [c0c27e44] early_irq_init+0x38/0x108 + [c0e9df50] [c0c15434] start_kernel+0x310/0x488 + [c0e9dff0] [00003484] 0x3484 + +With this patch the trace becomes: + + Call Trace: + [c0e9dca0] [c01c42c0] print_address_description+0x64/0x2bc (unreliable) + [c0e9dcd0] [c01c46a4] kasan_report+0xfc/0x180 + [c0e9dd10] [c0895150] memchr+0x24/0x74 + [c0e9dd30] [c00a9e58] msg_print_text+0x124/0x574 + [c0e9dde0] [c00ab730] console_unlock+0x114/0x4f8 + [c0e9de40] [c00adc80] vprintk_emit+0x188/0x1c4 + [c0e9de80] [c00ae3e4] printk+0xa8/0xcc + [c0e9df20] [c0c27e44] early_irq_init+0x38/0x108 + [c0e9df50] [c0c15434] start_kernel+0x310/0x488 + [c0e9dff0] [00003484] 0x3484 + +Cc: stable@vger.kernel.org +Signed-off-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/entry_32.S | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/arch/powerpc/kernel/entry_32.S ++++ b/arch/powerpc/kernel/entry_32.S +@@ -757,6 +757,9 @@ fast_exception_return: + mtcr r10 + lwz r10,_LINK(r11) + mtlr r10 ++ /* Clear the exception_marker on the stack to avoid confusing stacktrace */ ++ li r10, 0 ++ stw r10, 8(r11) + REST_GPR(10, r11) + mtspr SPRN_SRR1,r9 + mtspr SPRN_SRR0,r12 +@@ -987,6 +990,9 @@ END_FTR_SECTION_IFSET(CPU_FTR_NEED_PAIRE + mtcrf 0xFF,r10 + mtlr r11 + ++ /* Clear the exception_marker on the stack to avoid confusing stacktrace */ ++ li r10, 0 ++ stw r10, 8(r1) + /* + * Once we put values in SRR0 and SRR1, we are in a state + * where exceptions are not recoverable, since taking an +@@ -1024,6 +1030,9 @@ exc_exit_restart_end: + mtlr r11 + lwz r10,_CCR(r1) + mtcrf 0xff,r10 ++ /* Clear the exception_marker on the stack to avoid confusing stacktrace */ ++ li r10, 0 ++ stw r10, 8(r1) + REST_2GPRS(9, r1) + .globl exc_exit_restart + exc_exit_restart: diff --git a/queue-3.18/powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch b/queue-3.18/powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch new file mode 100644 index 00000000000..9b616288e02 --- /dev/null +++ b/queue-3.18/powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch @@ -0,0 +1,79 @@ +From 36da5ff0bea2dc67298150ead8d8471575c54c7d Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Fri, 25 Jan 2019 12:03:55 +0000 +Subject: powerpc/83xx: Also save/restore SPRG4-7 during suspend + +From: Christophe Leroy + +commit 36da5ff0bea2dc67298150ead8d8471575c54c7d upstream. + +The 83xx has 8 SPRG registers and uses at least SPRG4 +for DTLB handling LRU. + +Fixes: 2319f1239592 ("powerpc/mm: e300c2/c3/c4 TLB errata workaround") +Cc: stable@vger.kernel.org +Signed-off-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/83xx/suspend-asm.S | 34 +++++++++++++++++++++++------- + 1 file changed, 27 insertions(+), 7 deletions(-) + +--- a/arch/powerpc/platforms/83xx/suspend-asm.S ++++ b/arch/powerpc/platforms/83xx/suspend-asm.S +@@ -26,13 +26,13 @@ + #define SS_MSR 0x74 + #define SS_SDR1 0x78 + #define SS_LR 0x7c +-#define SS_SPRG 0x80 /* 4 SPRGs */ +-#define SS_DBAT 0x90 /* 8 DBATs */ +-#define SS_IBAT 0xd0 /* 8 IBATs */ +-#define SS_TB 0x110 +-#define SS_CR 0x118 +-#define SS_GPREG 0x11c /* r12-r31 */ +-#define STATE_SAVE_SIZE 0x16c ++#define SS_SPRG 0x80 /* 8 SPRGs */ ++#define SS_DBAT 0xa0 /* 8 DBATs */ ++#define SS_IBAT 0xe0 /* 8 IBATs */ ++#define SS_TB 0x120 ++#define SS_CR 0x128 ++#define SS_GPREG 0x12c /* r12-r31 */ ++#define STATE_SAVE_SIZE 0x17c + + .section .data + .align 5 +@@ -103,6 +103,16 @@ _GLOBAL(mpc83xx_enter_deep_sleep) + stw r7, SS_SPRG+12(r3) + stw r8, SS_SDR1(r3) + ++ mfspr r4, SPRN_SPRG4 ++ mfspr r5, SPRN_SPRG5 ++ mfspr r6, SPRN_SPRG6 ++ mfspr r7, SPRN_SPRG7 ++ ++ stw r4, SS_SPRG+16(r3) ++ stw r5, SS_SPRG+20(r3) ++ stw r6, SS_SPRG+24(r3) ++ stw r7, SS_SPRG+28(r3) ++ + mfspr r4, SPRN_DBAT0U + mfspr r5, SPRN_DBAT0L + mfspr r6, SPRN_DBAT1U +@@ -493,6 +503,16 @@ mpc83xx_deep_resume: + mtspr SPRN_IBAT7U, r6 + mtspr SPRN_IBAT7L, r7 + ++ lwz r4, SS_SPRG+16(r3) ++ lwz r5, SS_SPRG+20(r3) ++ lwz r6, SS_SPRG+24(r3) ++ lwz r7, SS_SPRG+28(r3) ++ ++ mtspr SPRN_SPRG4, r4 ++ mtspr SPRN_SPRG5, r5 ++ mtspr SPRN_SPRG6, r6 ++ mtspr SPRN_SPRG7, r7 ++ + lwz r4, SS_SPRG+0(r3) + lwz r5, SS_SPRG+4(r3) + lwz r6, SS_SPRG+8(r3) diff --git a/queue-3.18/powerpc-powernv-make-opal-log-only-readable-by-root.patch b/queue-3.18/powerpc-powernv-make-opal-log-only-readable-by-root.patch new file mode 100644 index 00000000000..5f4e6557b8d --- /dev/null +++ b/queue-3.18/powerpc-powernv-make-opal-log-only-readable-by-root.patch @@ -0,0 +1,37 @@ +From 7b62f9bd2246b7d3d086e571397c14ba52645ef1 Mon Sep 17 00:00:00 2001 +From: Jordan Niethe +Date: Wed, 27 Feb 2019 14:02:29 +1100 +Subject: powerpc/powernv: Make opal log only readable by root + +From: Jordan Niethe + +commit 7b62f9bd2246b7d3d086e571397c14ba52645ef1 upstream. + +Currently the opal log is globally readable. It is kernel policy to +limit the visibility of physical addresses / kernel pointers to root. +Given this and the fact the opal log may contain this information it +would be better to limit the readability to root. + +Fixes: bfc36894a48b ("powerpc/powernv: Add OPAL message log interface") +Cc: stable@vger.kernel.org # v3.15+ +Signed-off-by: Jordan Niethe +Reviewed-by: Stewart Smith +Reviewed-by: Andrew Donnellan +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/powernv/opal-msglog.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/platforms/powernv/opal-msglog.c ++++ b/arch/powerpc/platforms/powernv/opal-msglog.c +@@ -92,7 +92,7 @@ out: + } + + static struct bin_attribute opal_msglog_attr = { +- .attr = {.name = "msglog", .mode = 0444}, ++ .attr = {.name = "msglog", .mode = 0400}, + .read = opal_msglog_read + }; + diff --git a/queue-3.18/powerpc-wii-properly-disable-use-of-bats-when-requested.patch b/queue-3.18/powerpc-wii-properly-disable-use-of-bats-when-requested.patch new file mode 100644 index 00000000000..966f537c8fe --- /dev/null +++ b/queue-3.18/powerpc-wii-properly-disable-use-of-bats-when-requested.patch @@ -0,0 +1,39 @@ +From 6d183ca8baec983dc4208ca45ece3c36763df912 Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Thu, 21 Feb 2019 19:08:37 +0000 +Subject: powerpc/wii: properly disable use of BATs when requested. + +From: Christophe Leroy + +commit 6d183ca8baec983dc4208ca45ece3c36763df912 upstream. + +'nobats' kernel parameter or some options like CONFIG_DEBUG_PAGEALLOC +deny the use of BATS for mapping memory. + +This patch makes sure that the specific wii RAM mapping function +takes it into account as well. + +Fixes: de32400dd26e ("wii: use both mem1 and mem2 as ram") +Cc: stable@vger.kernel.org +Reviewed-by: Jonathan Neuschafer +Signed-off-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/embedded6xx/wii.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/powerpc/platforms/embedded6xx/wii.c ++++ b/arch/powerpc/platforms/embedded6xx/wii.c +@@ -104,6 +104,10 @@ unsigned long __init wii_mmu_mapin_mem2( + /* MEM2 64MB@0x10000000 */ + delta = wii_hole_start + wii_hole_size; + size = top - delta; ++ ++ if (__map_without_bats) ++ return delta; ++ + for (bl = 128<<10; bl < max_size; bl <<= 1) { + if (bl * 2 > size) + break; diff --git a/queue-3.18/series b/queue-3.18/series index ffbe20f0cc3..e47fd2aaadf 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -122,3 +122,9 @@ ext2-fix-underflow-in-ext2_max_size.patch mm-vmalloc-fix-size-check-for-remap_vmalloc_range_partial.patch kernel-sysctl.c-add-missing-range-check-in-do_proc_dointvec_minmax_conv.patch parport_pc-fix-find_superio-io-compare-code-should-use-equal-test.patch +jbd2-clear-dirty-flag-when-revoking-a-buffer-from-an-older-transaction.patch +powerpc-32-clear-on-stack-exception-marker-upon-exception-return.patch +powerpc-wii-properly-disable-use-of-bats-when-requested.patch +powerpc-powernv-make-opal-log-only-readable-by-root.patch +powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch +arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch