4.11-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sun, 18 Jun 2017 10:57:58 +0000 (18:57 +0800)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sun, 18 Jun 2017 10:57:58 +0000 (18:57 +0800)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 18 Jun 2017 10:57:58 +0000 (18:57 +0800)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 18 Jun 2017 10:57:58 +0000 (18:57 +0800)
diff --git a/queue-4.11/alarmtimer-prevent-overflow-of-relative-timers.patch b/queue-4.11/alarmtimer-prevent-overflow-of-relative-timers.patch

new file mode 100644 (file)

index 0000000..6be2060
--- /dev/null
+++ b/queue-4.11/alarmtimer-prevent-overflow-of-relative-timers.patch
@@ -0,0 +1,65 @@
+From f4781e76f90df7aec400635d73ea4c35ee1d4765 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Tue, 30 May 2017 23:15:34 +0200
+Subject: alarmtimer: Prevent overflow of relative timers
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit f4781e76f90df7aec400635d73ea4c35ee1d4765 upstream.
+
+Andrey reported a alartimer related RCU stall while fuzzing the kernel with
+syzkaller.
+
+The reason for this is an overflow in ktime_add() which brings the
+resulting time into negative space and causes immediate expiry of the
+timer. The following rearm with a small interval does not bring the timer
+back into positive space due to the same issue.
+
+This results in a permanent firing alarmtimer which hogs the CPU.
+
+Use ktime_add_safe() instead which detects the overflow and clamps the
+result to KTIME_SEC_MAX.
+
+Reported-by: Andrey Konovalov <andreyknvl@google.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Kostya Serebryany <kcc@google.com>
+Cc: syzkaller <syzkaller@googlegroups.com>
+Cc: John Stultz <john.stultz@linaro.org>
+Cc: Dmitry Vyukov <dvyukov@google.com>
+Link: http://lkml.kernel.org/r/20170530211655.802921648@linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/alarmtimer.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/kernel/time/alarmtimer.c
++++ b/kernel/time/alarmtimer.c
+@@ -387,7 +387,7 @@ void alarm_start_relative(struct alarm *
+ {
+       struct alarm_base *base = &alarm_bases[alarm->type];
+ 
+-      start = ktime_add(start, base->gettime());
++      start = ktime_add_safe(start, base->gettime());
+       alarm_start(alarm, start);
+ }
+ EXPORT_SYMBOL_GPL(alarm_start_relative);
+@@ -475,7 +475,7 @@ u64 alarm_forward(struct alarm *alarm, k
+               overrun++;
+       }
+ 
+-      alarm->node.expires = ktime_add(alarm->node.expires, interval);
++      alarm->node.expires = ktime_add_safe(alarm->node.expires, interval);
+       return overrun;
+ }
+ EXPORT_SYMBOL_GPL(alarm_forward);
+@@ -666,7 +666,7 @@ static int alarm_timer_set(struct k_itim
+               ktime_t now;
+ 
+               now = alarm_bases[timr->it.alarm.alarmtimer.type].gettime();
+-              exp = ktime_add(now, exp);
++              exp = ktime_add_safe(now, exp);
+       }
+ 
+       alarm_start(&timr->it.alarm.alarmtimer, exp);
diff --git a/queue-4.11/genirq-release-resources-in-__setup_irq-error-path.patch b/queue-4.11/genirq-release-resources-in-__setup_irq-error-path.patch

new file mode 100644 (file)

index 0000000..e425174
--- /dev/null
+++ b/queue-4.11/genirq-release-resources-in-__setup_irq-error-path.patch
@@ -0,0 +1,38 @@
+From fa07ab72cbb0d843429e61bf179308aed6cbe0dd Mon Sep 17 00:00:00 2001
+From: Heiner Kallweit <hkallweit1@gmail.com>
+Date: Sun, 11 Jun 2017 00:38:36 +0200
+Subject: genirq: Release resources in __setup_irq() error path
+
+From: Heiner Kallweit <hkallweit1@gmail.com>
+
+commit fa07ab72cbb0d843429e61bf179308aed6cbe0dd upstream.
+
+In case __irq_set_trigger() fails the resources requested via
+irq_request_resources() are not released.
+
+Add the missing release call into the error handling path.
+
+Fixes: c1bacbae8192 ("genirq: Provide irq_request/release_resources chip callbacks")
+Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Link: http://lkml.kernel.org/r/655538f5-cb20-a892-ff15-fbd2dd1fa4ec@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/irq/manage.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/kernel/irq/manage.c
++++ b/kernel/irq/manage.c
+@@ -1310,8 +1310,10 @@ __setup_irq(unsigned int irq, struct irq
+                       ret = __irq_set_trigger(desc,
+                                               new->flags & IRQF_TRIGGER_MASK);
+ 
+-                      if (ret)
++                      if (ret) {
++                              irq_release_resources(desc);
+                               goto out_mask;
++                      }
+               }
+ 
+               desc->istate &= ~(IRQS_AUTODETECT | IRQS_SPURIOUS_DISABLED | \
diff --git a/queue-4.11/sched-core-idle_task_exit-shouldn-t-use-switch_mm_irqs_off.patch b/queue-4.11/sched-core-idle_task_exit-shouldn-t-use-switch_mm_irqs_off.patch

new file mode 100644 (file)

index 0000000..1d7cfdd
--- /dev/null
+++ b/queue-4.11/sched-core-idle_task_exit-shouldn-t-use-switch_mm_irqs_off.patch
@@ -0,0 +1,43 @@
+From 252d2a4117bc181b287eeddf848863788da733ae Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@kernel.org>
+Date: Fri, 9 Jun 2017 11:49:15 -0700
+Subject: sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
+
+From: Andy Lutomirski <luto@kernel.org>
+
+commit 252d2a4117bc181b287eeddf848863788da733ae upstream.
+
+idle_task_exit() can be called with IRQs on x86 on and therefore
+should use switch_mm(), not switch_mm_irqs_off().
+
+This doesn't seem to cause any problems right now, but it will
+confuse my upcoming TLB flush changes.  Nonetheless, I think it
+should be backported because it's trivial.  There won't be any
+meaningful performance impact because idle_task_exit() is only
+used when offlining a CPU.
+
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@suse.de>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Fixes: f98db6013c55 ("sched/core: Add switch_mm_irqs_off() and use it in the scheduler")
+Link: http://lkml.kernel.org/r/ca3d1a9fa93a0b49f5a8ff729eda3640fb6abdf9.1497034141.git.luto@kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched/core.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -5533,7 +5533,7 @@ void idle_task_exit(void)
+       BUG_ON(cpu_online(smp_processor_id()));
+ 
+       if (mm != &init_mm) {
+-              switch_mm_irqs_off(mm, &init_mm, current);
++              switch_mm(mm, &init_mm, current);
+               finish_arch_post_lock_switch();
+       }
+       mmdrop(mm);
diff --git a/queue-4.11/series b/queue-4.11/series

index 4220d597acb588ff278bfce11c24f72146b6adb6..e2f993de76c6ead6429735274d1950c922fc5eb4 100644 (file)
--- a/queue-4.11/series
+++ b/queue-4.11/series
@@ -65,3 +65,6 @@ userfaultfd-shmem-handle-coredumping-in-handle_userfault.patch
  iio-imu-inv_mpu6050-add-accel-lpf-setting-for-chip-mpu6500.patch
  staging-iio-ad7152-fix-deadlock-in-ad7152_write_raw_samp_freq.patch
  iio-adc-meson-saradc-fix-potential-crash-in-meson_sar_adc_clear_fifo.patch
+sched-core-idle_task_exit-shouldn-t-use-switch_mm_irqs_off.patch
+genirq-release-resources-in-__setup_irq-error-path.patch
+alarmtimer-prevent-overflow-of-relative-timers.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 18 Jun 2017 10:57:58 +0000 (18:57 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 18 Jun 2017 10:57:58 +0000 (18:57 +0800)
queue-4.11/alarmtimer-prevent-overflow-of-relative-timers.patch	[new file with mode: 0644]	patch \| blob
queue-4.11/genirq-release-resources-in-__setup_irq-error-path.patch	[new file with mode: 0644]	patch \| blob
queue-4.11/sched-core-idle_task_exit-shouldn-t-use-switch_mm_irqs_off.patch	[new file with mode: 0644]	patch \| blob
queue-4.11/series		patch \| blob \| blame \| history