From 43de485b15b943e6728234798a95ed78ee01bf67 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 7 Aug 2017 14:03:22 -0700 Subject: [PATCH] 4.9-stable patches added patches: mm-page_alloc-remove-kernel-address-exposure-in-free_reserved_area.patch --- ...dress-exposure-in-free_reserved_area.patch | 71 ++++++++ ...rty_read-instead-of-of_property_read.patch | 169 ------------------ ...rty_read-instead-of-of_property_read.patch | 83 --------- queue-4.9/series | 3 +- 4 files changed, 72 insertions(+), 254 deletions(-) create mode 100644 queue-4.9/mm-page_alloc-remove-kernel-address-exposure-in-free_reserved_area.patch delete mode 100644 queue-4.9/mmc-core-use-device_property_read-instead-of-of_property_read.patch delete mode 100644 queue-4.9/mmc-dw_mmc-use-device_property_read-instead-of-of_property_read.patch diff --git a/queue-4.9/mm-page_alloc-remove-kernel-address-exposure-in-free_reserved_area.patch b/queue-4.9/mm-page_alloc-remove-kernel-address-exposure-in-free_reserved_area.patch new file mode 100644 index 00000000000..f1f62bbceba --- /dev/null +++ b/queue-4.9/mm-page_alloc-remove-kernel-address-exposure-in-free_reserved_area.patch @@ -0,0 +1,71 @@ +From adb1fe9ae2ee6ef6bc10f3d5a588020e7664dfa7 Mon Sep 17 00:00:00 2001 +From: Josh Poimboeuf +Date: Tue, 25 Oct 2016 09:51:14 -0500 +Subject: mm/page_alloc: Remove kernel address exposure in free_reserved_area() + +From: Josh Poimboeuf + +commit adb1fe9ae2ee6ef6bc10f3d5a588020e7664dfa7 upstream. + +Linus suggested we try to remove some of the low-hanging fruit related +to kernel address exposure in dmesg. The only leaks I see on my local +system are: + + Freeing SMP alternatives memory: 32K (ffffffff9e309000 - ffffffff9e311000) + Freeing initrd memory: 10588K (ffffa0b736b42000 - ffffa0b737599000) + Freeing unused kernel memory: 3592K (ffffffff9df87000 - ffffffff9e309000) + Freeing unused kernel memory: 1352K (ffffa0b7288ae000 - ffffa0b728a00000) + Freeing unused kernel memory: 632K (ffffa0b728d62000 - ffffa0b728e00000) + +Linus says: + + "I suspect we should just remove [the addresses in the 'Freeing' + messages]. I'm sure they are useful in theory, but I suspect they + were more useful back when the whole "free init memory" was + originally done. + + These days, if we have a use-after-free, I suspect the init-mem + situation is the easiest situation by far. Compared to all the dynamic + allocations which are much more likely to show it anyway. So having + debug output for that case is likely not all that productive." + +With this patch the freeing messages now look like this: + + Freeing SMP alternatives memory: 32K + Freeing initrd memory: 10588K + Freeing unused kernel memory: 3592K + Freeing unused kernel memory: 1352K + Freeing unused kernel memory: 632K + +Suggested-by: Linus Torvalds +Signed-off-by: Josh Poimboeuf +Cc: Andy Lutomirski +Cc: Borislav Petkov +Cc: Brian Gerst +Cc: Denys Vlasenko +Cc: H. Peter Anvin +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: linux-mm@kvack.org +Link: http://lkml.kernel.org/r/6836ff90c45b71d38e5d4405aec56fa9e5d1d4b2.1477405374.git.jpoimboe@redhat.com +Signed-off-by: Ingo Molnar +Cc: Kees Cook +Signed-off-by: Greg Kroah-Hartman + +--- + mm/page_alloc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -6445,8 +6445,8 @@ unsigned long free_reserved_area(void *s + } + + if (pages && s) +- pr_info("Freeing %s memory: %ldK (%p - %p)\n", +- s, pages << (PAGE_SHIFT - 10), start, end); ++ pr_info("Freeing %s memory: %ldK\n", ++ s, pages << (PAGE_SHIFT - 10)); + + return pages; + } diff --git a/queue-4.9/mmc-core-use-device_property_read-instead-of-of_property_read.patch b/queue-4.9/mmc-core-use-device_property_read-instead-of-of_property_read.patch deleted file mode 100644 index 0e7e9a5a8e1..00000000000 --- a/queue-4.9/mmc-core-use-device_property_read-instead-of-of_property_read.patch +++ /dev/null @@ -1,169 +0,0 @@ -From 73a47a9bb3e2c4a9c553c72456e63ab991b1a4d9 Mon Sep 17 00:00:00 2001 -From: David Woods -Date: Fri, 26 May 2017 17:53:21 -0400 -Subject: mmc: core: Use device_property_read instead of of_property_read - -From: David Woods - -commit 73a47a9bb3e2c4a9c553c72456e63ab991b1a4d9 upstream. - -Using the device_property interfaces allows mmc drivers to work -on platforms which run on either device tree or ACPI. - -Signed-off-by: David Woods -Reviewed-by: Chris Metcalf -Signed-off-by: Ulf Hansson -Signed-off-by: Greg Kroah-Hartman - ---- - drivers/mmc/core/host.c | 70 +++++++++++++++++++++++------------------------- - 1 file changed, 34 insertions(+), 36 deletions(-) - ---- a/drivers/mmc/core/host.c -+++ b/drivers/mmc/core/host.c -@@ -179,19 +179,17 @@ static void mmc_retune_timer(unsigned lo - */ - int mmc_of_parse(struct mmc_host *host) - { -- struct device_node *np; -+ struct device *dev = host->parent; - u32 bus_width; - int ret; - bool cd_cap_invert, cd_gpio_invert = false; - bool ro_cap_invert, ro_gpio_invert = false; - -- if (!host->parent || !host->parent->of_node) -+ if (!dev || !dev_fwnode(dev)) - return 0; - -- np = host->parent->of_node; -- - /* "bus-width" is translated to MMC_CAP_*_BIT_DATA flags */ -- if (of_property_read_u32(np, "bus-width", &bus_width) < 0) { -+ if (device_property_read_u32(dev, "bus-width", &bus_width) < 0) { - dev_dbg(host->parent, - "\"bus-width\" property is missing, assuming 1 bit.\n"); - bus_width = 1; -@@ -213,7 +211,7 @@ int mmc_of_parse(struct mmc_host *host) - } - - /* f_max is obtained from the optional "max-frequency" property */ -- of_property_read_u32(np, "max-frequency", &host->f_max); -+ device_property_read_u32(dev, "max-frequency", &host->f_max); - - /* - * Configure CD and WP pins. They are both by default active low to -@@ -228,12 +226,12 @@ int mmc_of_parse(struct mmc_host *host) - */ - - /* Parse Card Detection */ -- if (of_property_read_bool(np, "non-removable")) { -+ if (device_property_read_bool(dev, "non-removable")) { - host->caps |= MMC_CAP_NONREMOVABLE; - } else { -- cd_cap_invert = of_property_read_bool(np, "cd-inverted"); -+ cd_cap_invert = device_property_read_bool(dev, "cd-inverted"); - -- if (of_property_read_bool(np, "broken-cd")) -+ if (device_property_read_bool(dev, "broken-cd")) - host->caps |= MMC_CAP_NEEDS_POLL; - - ret = mmc_gpiod_request_cd(host, "cd", 0, true, -@@ -259,7 +257,7 @@ int mmc_of_parse(struct mmc_host *host) - } - - /* Parse Write Protection */ -- ro_cap_invert = of_property_read_bool(np, "wp-inverted"); -+ ro_cap_invert = device_property_read_bool(dev, "wp-inverted"); - - ret = mmc_gpiod_request_ro(host, "wp", 0, false, 0, &ro_gpio_invert); - if (!ret) -@@ -267,62 +265,62 @@ int mmc_of_parse(struct mmc_host *host) - else if (ret != -ENOENT && ret != -ENOSYS) - return ret; - -- if (of_property_read_bool(np, "disable-wp")) -+ if (device_property_read_bool(dev, "disable-wp")) - host->caps2 |= MMC_CAP2_NO_WRITE_PROTECT; - - /* See the comment on CD inversion above */ - if (ro_cap_invert ^ ro_gpio_invert) - host->caps2 |= MMC_CAP2_RO_ACTIVE_HIGH; - -- if (of_property_read_bool(np, "cap-sd-highspeed")) -+ if (device_property_read_bool(dev, "cap-sd-highspeed")) - host->caps |= MMC_CAP_SD_HIGHSPEED; -- if (of_property_read_bool(np, "cap-mmc-highspeed")) -+ if (device_property_read_bool(dev, "cap-mmc-highspeed")) - host->caps |= MMC_CAP_MMC_HIGHSPEED; -- if (of_property_read_bool(np, "sd-uhs-sdr12")) -+ if (device_property_read_bool(dev, "sd-uhs-sdr12")) - host->caps |= MMC_CAP_UHS_SDR12; -- if (of_property_read_bool(np, "sd-uhs-sdr25")) -+ if (device_property_read_bool(dev, "sd-uhs-sdr25")) - host->caps |= MMC_CAP_UHS_SDR25; -- if (of_property_read_bool(np, "sd-uhs-sdr50")) -+ if (device_property_read_bool(dev, "sd-uhs-sdr50")) - host->caps |= MMC_CAP_UHS_SDR50; -- if (of_property_read_bool(np, "sd-uhs-sdr104")) -+ if (device_property_read_bool(dev, "sd-uhs-sdr104")) - host->caps |= MMC_CAP_UHS_SDR104; -- if (of_property_read_bool(np, "sd-uhs-ddr50")) -+ if (device_property_read_bool(dev, "sd-uhs-ddr50")) - host->caps |= MMC_CAP_UHS_DDR50; -- if (of_property_read_bool(np, "cap-power-off-card")) -+ if (device_property_read_bool(dev, "cap-power-off-card")) - host->caps |= MMC_CAP_POWER_OFF_CARD; -- if (of_property_read_bool(np, "cap-mmc-hw-reset")) -+ if (device_property_read_bool(dev, "cap-mmc-hw-reset")) - host->caps |= MMC_CAP_HW_RESET; -- if (of_property_read_bool(np, "cap-sdio-irq")) -+ if (device_property_read_bool(np, "cap-sdio-irq")) - host->caps |= MMC_CAP_SDIO_IRQ; -- if (of_property_read_bool(np, "full-pwr-cycle")) -+ if (device_property_read_bool(np, "full-pwr-cycle")) - host->caps2 |= MMC_CAP2_FULL_PWR_CYCLE; -- if (of_property_read_bool(np, "keep-power-in-suspend")) -+ if (device_property_read_bool(np, "keep-power-in-suspend")) - host->pm_caps |= MMC_PM_KEEP_POWER; -- if (of_property_read_bool(np, "wakeup-source") || -- of_property_read_bool(np, "enable-sdio-wakeup")) /* legacy */ -+ if (device_property_read_bool(np, "wakeup-source") || -+ device_property_read_bool(np, "enable-sdio-wakeup")) /* legacy */ - host->pm_caps |= MMC_PM_WAKE_SDIO_IRQ; -- if (of_property_read_bool(np, "mmc-ddr-1_8v")) -+ if (device_property_read_bool(np, "mmc-ddr-1_8v")) - host->caps |= MMC_CAP_1_8V_DDR; -- if (of_property_read_bool(np, "mmc-ddr-1_2v")) -+ if (device_property_read_bool(np, "mmc-ddr-1_2v")) - host->caps |= MMC_CAP_1_2V_DDR; -- if (of_property_read_bool(np, "mmc-hs200-1_8v")) -+ if (device_property_read_bool(np, "mmc-hs200-1_8v")) - host->caps2 |= MMC_CAP2_HS200_1_8V_SDR; -- if (of_property_read_bool(np, "mmc-hs200-1_2v")) -+ if (device_property_read_bool(np, "mmc-hs200-1_2v")) - host->caps2 |= MMC_CAP2_HS200_1_2V_SDR; -- if (of_property_read_bool(np, "mmc-hs400-1_8v")) -+ if (device_property_read_bool(np, "mmc-hs400-1_8v")) - host->caps2 |= MMC_CAP2_HS400_1_8V | MMC_CAP2_HS200_1_8V_SDR; -- if (of_property_read_bool(np, "mmc-hs400-1_2v")) -+ if (device_property_read_bool(np, "mmc-hs400-1_2v")) - host->caps2 |= MMC_CAP2_HS400_1_2V | MMC_CAP2_HS200_1_2V_SDR; -- if (of_property_read_bool(np, "mmc-hs400-enhanced-strobe")) -+ if (device_property_read_bool(np, "mmc-hs400-enhanced-strobe")) - host->caps2 |= MMC_CAP2_HS400_ES; -- if (of_property_read_bool(np, "no-sdio")) -+ if (device_property_read_bool(np, "no-sdio")) - host->caps2 |= MMC_CAP2_NO_SDIO; -- if (of_property_read_bool(np, "no-sd")) -+ if (device_property_read_bool(np, "no-sd")) - host->caps2 |= MMC_CAP2_NO_SD; -- if (of_property_read_bool(np, "no-mmc")) -+ if (device_property_read_bool(np, "no-mmc")) - host->caps2 |= MMC_CAP2_NO_MMC; - -- host->dsr_req = !of_property_read_u32(np, "dsr", &host->dsr); -+ host->dsr_req = !device_property_read_u32(dev, "dsr", &host->dsr); - if (host->dsr_req && (host->dsr & ~0xffff)) { - dev_err(host->parent, - "device tree specified broken value for DSR: 0x%x, ignoring\n", diff --git a/queue-4.9/mmc-dw_mmc-use-device_property_read-instead-of-of_property_read.patch b/queue-4.9/mmc-dw_mmc-use-device_property_read-instead-of-of_property_read.patch deleted file mode 100644 index c9a61c4d47b..00000000000 --- a/queue-4.9/mmc-dw_mmc-use-device_property_read-instead-of-of_property_read.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 852ff5fea9eb6a9799f1881d6df2cd69a9e6eed5 Mon Sep 17 00:00:00 2001 -From: David Woods -Date: Fri, 26 May 2017 17:53:20 -0400 -Subject: mmc: dw_mmc: Use device_property_read instead of of_property_read - -From: David Woods - -commit 852ff5fea9eb6a9799f1881d6df2cd69a9e6eed5 upstream. - -Using the device_property interfaces allows the dw_mmc driver to work -on platforms which run on either device tree or ACPI. - -Signed-off-by: David Woods -Reviewed-by: Chris Metcalf -Acked-by: Jaehoon Chung -Signed-off-by: Ulf Hansson -Signed-off-by: Greg Kroah-Hartman - ---- - drivers/mmc/host/dw_mmc.c | 19 +++++++++---------- - 1 file changed, 9 insertions(+), 10 deletions(-) - ---- a/drivers/mmc/host/dw_mmc.c -+++ b/drivers/mmc/host/dw_mmc.c -@@ -2610,8 +2610,8 @@ static int dw_mci_init_slot(struct dw_mc - host->slot[id] = slot; - - mmc->ops = &dw_mci_ops; -- if (of_property_read_u32_array(host->dev->of_node, -- "clock-freq-min-max", freq, 2)) { -+ if (device_property_read_u32_array(host->dev, "clock-freq-min-max", -+ freq, 2)) { - mmc->f_min = DW_MCI_FREQ_MIN; - mmc->f_max = DW_MCI_FREQ_MAX; - } else { -@@ -2709,7 +2709,6 @@ static void dw_mci_init_dma(struct dw_mc - { - int addr_config; - struct device *dev = host->dev; -- struct device_node *np = dev->of_node; - - /* - * Check tansfer mode from HCON[17:16] -@@ -2770,8 +2769,9 @@ static void dw_mci_init_dma(struct dw_mc - dev_info(host->dev, "Using internal DMA controller.\n"); - } else { - /* TRANS_MODE_EDMAC: check dma bindings again */ -- if ((of_property_count_strings(np, "dma-names") < 0) || -- (!of_find_property(np, "dmas", NULL))) { -+ if ((device_property_read_string_array(dev, "dma-names", -+ NULL, 0) < 0) || -+ !device_property_present(dev, "dmas")) { - goto no_dma; - } - host->dma_ops = &dw_mci_edmac_ops; -@@ -2931,7 +2931,6 @@ static struct dw_mci_board *dw_mci_parse - { - struct dw_mci_board *pdata; - struct device *dev = host->dev; -- struct device_node *np = dev->of_node; - const struct dw_mci_drv_data *drv_data = host->drv_data; - int ret; - u32 clock_frequency; -@@ -2948,15 +2947,15 @@ static struct dw_mci_board *dw_mci_parse - } - - /* find out number of slots supported */ -- of_property_read_u32(np, "num-slots", &pdata->num_slots); -+ device_property_read_u32(np, "num-slots", &pdata->num_slots); - -- if (of_property_read_u32(np, "fifo-depth", &pdata->fifo_depth)) -+ if (device_property_read_u32(np, "fifo-depth", &pdata->fifo_depth)) - dev_info(dev, - "fifo-depth property not found, using value of FIFOTH register as default\n"); - -- of_property_read_u32(np, "card-detect-delay", &pdata->detect_delay_ms); -+ device_property_read_u32(np, "card-detect-delay", &pdata->detect_delay_ms); - -- if (!of_property_read_u32(np, "clock-frequency", &clock_frequency)) -+ if (!device_property_read_u32(np, "clock-frequency", &clock_frequency)) - pdata->bus_hz = clock_frequency; - - if (drv_data && drv_data->parse_dt) { diff --git a/queue-4.9/series b/queue-4.9/series index 5b7c32b405d..e8f2edf3c28 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -8,8 +8,6 @@ brcmfmac-fix-memleak-due-to-calling-brcmf_sdiod_sgtable_alloc-twice.patch nfsv4-fix-exchange_id-corrupt-verifier-issue.patch mmc-sdhci-of-at91-force-card-detect-value-for-non-removable-devices.patch device-property-make-dev_fwnode-public.patch -mmc-core-use-device_property_read-instead-of-of_property_read.patch -mmc-dw_mmc-use-device_property_read-instead-of-of_property_read.patch mmc-core-fix-access-to-hs400-es-devices.patch mm-mprotect-flush-tlb-if-potentially-racing-with-a-parallel-reclaim-leaving-stale-tlb-entries.patch cpuset-fix-a-deadlock-due-to-incomplete-patching-of-cpusets_enabled.patch @@ -17,3 +15,4 @@ alsa-hda-fix-speaker-output-from-vaio-vpcl14m1r.patch drm-amdgpu-fix-undue-fallthroughs-in-golden-registers-initialization.patch asoc-do-not-close-shared-backend-dailink.patch kvm-async_pf-make-rcu-irq-exit-if-not-triggered-from-idle-task.patch +mm-page_alloc-remove-kernel-address-exposure-in-free_reserved_area.patch -- 2.47.3