From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 14 Feb 2020 21:16:44 +0000 (-0500)
Subject: 4.19-stable patches
X-Git-Tag: v4.4.214~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ea2578ff873eb7e3229ddcdccd7b033847f7d7ae;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	padata-fix-null-pointer-deref-of-pd-pinst.patch
---

diff --git a/queue-4.19/padata-fix-null-pointer-deref-of-pd-pinst.patch b/queue-4.19/padata-fix-null-pointer-deref-of-pd-pinst.patch
new file mode 100644
index 00000000000..6ec0014bb34
--- /dev/null
+++ b/queue-4.19/padata-fix-null-pointer-deref-of-pd-pinst.patch
@@ -0,0 +1,58 @@
+From daniel.m.jordan@oracle.com  Fri Feb 14 16:15:55 2020
+From: Daniel Jordan <daniel.m.jordan@oracle.com>
+Date: Fri, 14 Feb 2020 13:28:21 -0500
+Subject: padata: fix null pointer deref of pd->pinst
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Sasha Levin <sashal@kernel.org>
+Cc: Daniel Jordan <daniel.m.jordan@oracle.com>, Yang Yingliang <yangyingliang@huawei.com>, Herbert Xu <herbert@gondor.apana.org.au>, Steffen Klassert <steffen.klassert@secunet.com>, linux-kernel@vger.kernel.org, stable@vger.kernel.org
+Message-ID: <20200214182821.337706-1-daniel.m.jordan@oracle.com>
+
+From: Daniel Jordan <daniel.m.jordan@oracle.com>
+
+The 4.19 backport dc34710a7aba ("padata: Remove broken queue flushing")
+removed padata_alloc_pd()'s assignment to pd->pinst, resulting in:
+
+    Unable to handle kernel NULL pointer dereference ...
+    ...
+    pc : padata_reorder+0x144/0x2e0
+    ...
+    Call trace:
+     padata_reorder+0x144/0x2e0
+     padata_do_serial+0xc8/0x128
+     pcrypt_aead_enc+0x60/0x70 [pcrypt]
+     padata_parallel_worker+0xd8/0x138
+     process_one_work+0x1bc/0x4b8
+     worker_thread+0x164/0x580
+     kthread+0x134/0x138
+     ret_from_fork+0x10/0x18
+
+This happened because the backport was based on an enhancement that
+moved this assignment but isn't in 4.19:
+
+  bfde23ce200e ("padata: unbind parallel jobs from specific CPUs")
+
+Simply restore the assignment to fix the crash.
+
+Fixes: dc34710a7aba ("padata: Remove broken queue flushing")
+Reported-by: Yang Yingliang <yangyingliang@huawei.com>
+Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: Sasha Levin <sashal@kernel.org>
+Cc: Steffen Klassert <steffen.klassert@secunet.com>
+Cc: linux-kernel@vger.kernel.org
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/padata.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/kernel/padata.c
++++ b/kernel/padata.c
+@@ -510,6 +510,7 @@ static struct parallel_data *padata_allo
+ 	atomic_set(&pd->seq_nr, -1);
+ 	atomic_set(&pd->reorder_objects, 0);
+ 	atomic_set(&pd->refcnt, 1);
++	pd->pinst = pinst;
+ 	spin_lock_init(&pd->lock);
+ 
+ 	return pd;
diff --git a/queue-4.19/series b/queue-4.19/series
index 8fc9ee4cf12..d1c92449ecc 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -51,3 +51,4 @@ scsi-megaraid_sas-do-not-initiate-ocr-if-controller-is-not-in-ready-state.patch
 x86-stackframe-move-encode_frame_pointer-to-asm-frame.h.patch
 x86-stackframe-x86-ftrace-add-pt_regs-frame-annotations.patch
 serial-uartps-move-the-spinlock-after-the-read-of-the-tx-empty.patch
+padata-fix-null-pointer-deref-of-pd-pinst.patch