From 3a55f6ea9de07c01cf7b80bdbfbb5d3dac70648f Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 1 Mar 2016 10:36:36 -0800 Subject: [PATCH] 3.10-stable patches added patches: s390-dasd-fix-refcount-for-pav-reassignment.patch s390-dasd-prevent-incorrect-length-error-under-z-vm-after-pav-changes.patch s390-fix-normalization-bug-in-exception-table-sorting.patch uml-fix-hostfs-mknod.patch uml-flush-stdout-before-forking.patch --- ...sd-fix-refcount-for-pav-reassignment.patch | 89 +++++++++++++++++++ ...h-error-under-z-vm-after-pav-changes.patch | 34 +++++++ ...ation-bug-in-exception-table-sorting.patch | 57 ++++++++++++ queue-3.10/series | 5 ++ queue-3.10/uml-fix-hostfs-mknod.patch | 69 ++++++++++++++ .../uml-flush-stdout-before-forking.patch | 54 +++++++++++ 6 files changed, 308 insertions(+) create mode 100644 queue-3.10/s390-dasd-fix-refcount-for-pav-reassignment.patch create mode 100644 queue-3.10/s390-dasd-prevent-incorrect-length-error-under-z-vm-after-pav-changes.patch create mode 100644 queue-3.10/s390-fix-normalization-bug-in-exception-table-sorting.patch create mode 100644 queue-3.10/uml-fix-hostfs-mknod.patch create mode 100644 queue-3.10/uml-flush-stdout-before-forking.patch diff --git a/queue-3.10/s390-dasd-fix-refcount-for-pav-reassignment.patch b/queue-3.10/s390-dasd-fix-refcount-for-pav-reassignment.patch new file mode 100644 index 00000000000..ce6431b722f --- /dev/null +++ b/queue-3.10/s390-dasd-fix-refcount-for-pav-reassignment.patch @@ -0,0 +1,89 @@ +From 9d862ababb609439c5d6987f6d3ddd09e703aa0b Mon Sep 17 00:00:00 2001 +From: Stefan Haberland +Date: Tue, 15 Dec 2015 10:45:05 +0100 +Subject: s390/dasd: fix refcount for PAV reassignment + +From: Stefan Haberland + +commit 9d862ababb609439c5d6987f6d3ddd09e703aa0b upstream. + +Add refcount to the DASD device when a summary unit check worker is +scheduled. This prevents that the device is set offline with worker +in place. + +Signed-off-by: Stefan Haberland +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/block/dasd_alias.c | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +--- a/drivers/s390/block/dasd_alias.c ++++ b/drivers/s390/block/dasd_alias.c +@@ -264,8 +264,10 @@ void dasd_alias_disconnect_device_from_l + spin_unlock_irqrestore(&lcu->lock, flags); + cancel_work_sync(&lcu->suc_data.worker); + spin_lock_irqsave(&lcu->lock, flags); +- if (device == lcu->suc_data.device) ++ if (device == lcu->suc_data.device) { ++ dasd_put_device(device); + lcu->suc_data.device = NULL; ++ } + } + was_pending = 0; + if (device == lcu->ruac_data.device) { +@@ -273,8 +275,10 @@ void dasd_alias_disconnect_device_from_l + was_pending = 1; + cancel_delayed_work_sync(&lcu->ruac_data.dwork); + spin_lock_irqsave(&lcu->lock, flags); +- if (device == lcu->ruac_data.device) ++ if (device == lcu->ruac_data.device) { ++ dasd_put_device(device); + lcu->ruac_data.device = NULL; ++ } + } + private->lcu = NULL; + spin_unlock_irqrestore(&lcu->lock, flags); +@@ -549,8 +553,10 @@ static void lcu_update_work(struct work_ + if ((rc && (rc != -EOPNOTSUPP)) || (lcu->flags & NEED_UAC_UPDATE)) { + DBF_DEV_EVENT(DBF_WARNING, device, "could not update" + " alias data in lcu (rc = %d), retry later", rc); +- schedule_delayed_work(&lcu->ruac_data.dwork, 30*HZ); ++ if (!schedule_delayed_work(&lcu->ruac_data.dwork, 30*HZ)) ++ dasd_put_device(device); + } else { ++ dasd_put_device(device); + lcu->ruac_data.device = NULL; + lcu->flags &= ~UPDATE_PENDING; + } +@@ -593,8 +599,10 @@ static int _schedule_lcu_update(struct a + */ + if (!usedev) + return -EINVAL; ++ dasd_get_device(usedev); + lcu->ruac_data.device = usedev; +- schedule_delayed_work(&lcu->ruac_data.dwork, 0); ++ if (!schedule_delayed_work(&lcu->ruac_data.dwork, 0)) ++ dasd_put_device(usedev); + return 0; + } + +@@ -926,6 +934,7 @@ static void summary_unit_check_handling_ + /* 3. read new alias configuration */ + _schedule_lcu_update(lcu, device); + lcu->suc_data.device = NULL; ++ dasd_put_device(device); + spin_unlock_irqrestore(&lcu->lock, flags); + } + +@@ -985,6 +994,8 @@ void dasd_alias_handle_summary_unit_chec + } + lcu->suc_data.reason = reason; + lcu->suc_data.device = device; ++ dasd_get_device(device); + spin_unlock(&lcu->lock); +- schedule_work(&lcu->suc_data.worker); ++ if (!schedule_work(&lcu->suc_data.worker)) ++ dasd_put_device(device); + }; diff --git a/queue-3.10/s390-dasd-prevent-incorrect-length-error-under-z-vm-after-pav-changes.patch b/queue-3.10/s390-dasd-prevent-incorrect-length-error-under-z-vm-after-pav-changes.patch new file mode 100644 index 00000000000..837d669bb57 --- /dev/null +++ b/queue-3.10/s390-dasd-prevent-incorrect-length-error-under-z-vm-after-pav-changes.patch @@ -0,0 +1,34 @@ +From 020bf042e5b397479c1174081b935d0ff15d1a64 Mon Sep 17 00:00:00 2001 +From: Stefan Haberland +Date: Tue, 15 Dec 2015 10:16:43 +0100 +Subject: s390/dasd: prevent incorrect length error under z/VM after PAV changes + +From: Stefan Haberland + +commit 020bf042e5b397479c1174081b935d0ff15d1a64 upstream. + +The channel checks the specified length and the provided amount of +data for CCWs and provides an incorrect length error if the size does +not match. Under z/VM with simulation activated the length may get +changed. Having the suppress length indication bit set is stated as +good CCW coding practice and avoids errors under z/VM. + +Signed-off-by: Stefan Haberland +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/block/dasd_alias.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/s390/block/dasd_alias.c ++++ b/drivers/s390/block/dasd_alias.c +@@ -722,7 +722,7 @@ static int reset_summary_unit_check(stru + ASCEBC((char *) &cqr->magic, 4); + ccw = cqr->cpaddr; + ccw->cmd_code = DASD_ECKD_CCW_RSCK; +- ccw->flags = 0 ; ++ ccw->flags = CCW_FLAG_SLI; + ccw->count = 16; + ccw->cda = (__u32)(addr_t) cqr->data; + ((char *)cqr->data)[0] = reason; diff --git a/queue-3.10/s390-fix-normalization-bug-in-exception-table-sorting.patch b/queue-3.10/s390-fix-normalization-bug-in-exception-table-sorting.patch new file mode 100644 index 00000000000..f91b9ac3fee --- /dev/null +++ b/queue-3.10/s390-fix-normalization-bug-in-exception-table-sorting.patch @@ -0,0 +1,57 @@ +From bcb7825a77f41c7dd91da6f7ac10b928156a322e Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Fri, 1 Jan 2016 13:39:22 +0100 +Subject: s390: fix normalization bug in exception table sorting + +From: Ard Biesheuvel + +commit bcb7825a77f41c7dd91da6f7ac10b928156a322e upstream. + +The normalization pass in the sorting routine of the relative exception +table serves two purposes: +- it ensures that the address fields of the exception table entries are + fully ordered, so that no ambiguities arise between entries with + identical instruction offsets (i.e., when two instructions that are + exactly 8 bytes apart each have an exception table entry associated with + them) +- it ensures that the offsets of both the instruction and the fixup fields + of each entry are relative to their final location after sorting. + +Commit eb608fb366de ("s390/exceptions: switch to relative exception table +entries") ported the relative exception table format from x86, but modified +the sorting routine to only normalize the instruction offset field and not +the fixup offset field. The result is that the fixup offset of each entry +will be relative to the original location of the entry before sorting, +likely leading to crashes when those entries are dereferenced. + +Fixes: eb608fb366de ("s390/exceptions: switch to relative exception table entries") +Signed-off-by: Ard Biesheuvel +Signed-off-by: Heiko Carstens +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/mm/extable.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/arch/s390/mm/extable.c ++++ b/arch/s390/mm/extable.c +@@ -52,12 +52,16 @@ void sort_extable(struct exception_table + int i; + + /* Normalize entries to being relative to the start of the section */ +- for (p = start, i = 0; p < finish; p++, i += 8) ++ for (p = start, i = 0; p < finish; p++, i += 8) { + p->insn += i; ++ p->fixup += i + 4; ++ } + sort(start, finish - start, sizeof(*start), cmp_ex, NULL); + /* Denormalize all entries */ +- for (p = start, i = 0; p < finish; p++, i += 8) ++ for (p = start, i = 0; p < finish; p++, i += 8) { + p->insn -= i; ++ p->fixup -= i + 4; ++ } + } + + #ifdef CONFIG_MODULES diff --git a/queue-3.10/series b/queue-3.10/series index 07ff3a1a695..6962d835c63 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -48,3 +48,8 @@ btrfs-add-missing-brelse-when-superblock-checksum-fails.patch btrfs-igrab-inode-in-writepage.patch btrfs-send-don-t-bug_on-when-an-empty-symlink-is-found.patch btrfs-fix-number-of-transaction-units-required-to-create-symlink.patch +s390-fix-normalization-bug-in-exception-table-sorting.patch +s390-dasd-prevent-incorrect-length-error-under-z-vm-after-pav-changes.patch +s390-dasd-fix-refcount-for-pav-reassignment.patch +uml-flush-stdout-before-forking.patch +uml-fix-hostfs-mknod.patch diff --git a/queue-3.10/uml-fix-hostfs-mknod.patch b/queue-3.10/uml-fix-hostfs-mknod.patch new file mode 100644 index 00000000000..3e7dbc70e6c --- /dev/null +++ b/queue-3.10/uml-fix-hostfs-mknod.patch @@ -0,0 +1,69 @@ +From 9f2dfda2f2f1c6181c3732c16b85c59ab2d195e0 Mon Sep 17 00:00:00 2001 +From: Vegard Nossum +Date: Wed, 16 Dec 2015 21:59:56 +0100 +Subject: uml: fix hostfs mknod() + +From: Vegard Nossum + +commit 9f2dfda2f2f1c6181c3732c16b85c59ab2d195e0 upstream. + +An inverted return value check in hostfs_mknod() caused the function +to return success after handling it as an error (and cleaning up). + +It resulted in the following segfault when trying to bind() a named +unix socket: + + Pid: 198, comm: a.out Not tainted 4.4.0-rc4 + RIP: 0033:[<0000000061077df6>] + RSP: 00000000daae5d60 EFLAGS: 00010202 + RAX: 0000000000000000 RBX: 000000006092a460 RCX: 00000000dfc54208 + RDX: 0000000061073ef1 RSI: 0000000000000070 RDI: 00000000e027d600 + RBP: 00000000daae5de0 R08: 00000000da980ac0 R09: 0000000000000000 + R10: 0000000000000003 R11: 00007fb1ae08f72a R12: 0000000000000000 + R13: 000000006092a460 R14: 00000000daaa97c0 R15: 00000000daaa9a88 + Kernel panic - not syncing: Kernel mode fault at addr 0x40, ip 0x61077df6 + CPU: 0 PID: 198 Comm: a.out Not tainted 4.4.0-rc4 #1 + Stack: + e027d620 dfc54208 0000006f da981398 + 61bee000 0000c1ed daae5de0 0000006e + e027d620 dfcd4208 00000005 6092a460 + Call Trace: + [<60dedc67>] SyS_bind+0xf7/0x110 + [<600587be>] handle_syscall+0x7e/0x80 + [<60066ad7>] userspace+0x3e7/0x4e0 + [<6006321f>] ? save_registers+0x1f/0x40 + [<6006c88e>] ? arch_prctl+0x1be/0x1f0 + [<60054985>] fork_handler+0x85/0x90 + +Let's also get rid of the "cosmic ray protection" while we're at it. + +Fixes: e9193059b1b3 "hostfs: fix races in dentry_name() and inode_name()" +Signed-off-by: Vegard Nossum +Cc: Jeff Dike +Cc: Al Viro +Signed-off-by: Richard Weinberger +Signed-off-by: Greg Kroah-Hartman + +--- + fs/hostfs/hostfs_kern.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/fs/hostfs/hostfs_kern.c ++++ b/fs/hostfs/hostfs_kern.c +@@ -720,15 +720,13 @@ static int hostfs_mknod(struct inode *di + + init_special_inode(inode, mode, dev); + err = do_mknod(name, mode, MAJOR(dev), MINOR(dev)); +- if (!err) ++ if (err) + goto out_free; + + err = read_name(inode, name); + __putname(name); + if (err) + goto out_put; +- if (err) +- goto out_put; + + d_instantiate(dentry, inode); + return 0; diff --git a/queue-3.10/uml-flush-stdout-before-forking.patch b/queue-3.10/uml-flush-stdout-before-forking.patch new file mode 100644 index 00000000000..0d855678d6b --- /dev/null +++ b/queue-3.10/uml-flush-stdout-before-forking.patch @@ -0,0 +1,54 @@ +From 0754fb298f2f2719f0393491d010d46cfb25d043 Mon Sep 17 00:00:00 2001 +From: Vegard Nossum +Date: Fri, 18 Dec 2015 21:28:53 +0100 +Subject: uml: flush stdout before forking + +From: Vegard Nossum + +commit 0754fb298f2f2719f0393491d010d46cfb25d043 upstream. + +I was seeing some really weird behaviour where piping UML's output +somewhere would cause output to get duplicated: + + $ ./vmlinux | head -n 40 + Checking that ptrace can change system call numbers...Core dump limits : + soft - 0 + hard - NONE + OK + Checking syscall emulation patch for ptrace...Core dump limits : + soft - 0 + hard - NONE + OK + Checking advanced syscall emulation patch for ptrace...Core dump limits : + soft - 0 + hard - NONE + OK + Core dump limits : + soft - 0 + hard - NONE + +This is because these tests do a fork() which duplicates the non-empty +stdout buffer, then glibc flushes the duplicated buffer as each child +exits. + +A simple workaround is to flush before forking. + +Signed-off-by: Vegard Nossum +Signed-off-by: Richard Weinberger +Signed-off-by: Greg Kroah-Hartman + +--- + arch/um/os-Linux/start_up.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/um/os-Linux/start_up.c ++++ b/arch/um/os-Linux/start_up.c +@@ -95,6 +95,8 @@ static int start_ptraced_child(void) + { + int pid, n, status; + ++ fflush(stdout); ++ + pid = fork(); + if (pid == 0) + ptrace_child(); -- 2.47.3