--- /dev/null
+From ff86bf0c65f14346bf2440534f9ba5ac232c39a0 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Tue, 30 May 2017 23:15:35 +0200
+Subject: alarmtimer: Rate limit periodic intervals
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit ff86bf0c65f14346bf2440534f9ba5ac232c39a0 upstream.
+
+The alarmtimer code has another source of potentially rearming itself too
+fast. Interval timers with a very samll interval have a similar CPU hog
+effect as the previously fixed overflow issue.
+
+The reason is that alarmtimers do not implement the normal protection
+against this kind of problem which the other posix timer use:
+
+ timer expires -> queue signal -> deliver signal -> rearm timer
+
+This scheme brings the rearming under scheduler control and prevents
+permanently firing timers which hog the CPU.
+
+Bringing this scheme to the alarm timer code is a major overhaul because it
+lacks all the necessary mechanisms completely.
+
+So for a quick fix limit the interval to one jiffie. This is not
+problematic in practice as alarmtimers are usually backed by an RTC for
+suspend which have 1 second resolution. It could be therefor argued that
+the resolution of this clock should be set to 1 second in general, but
+that's outside the scope of this fix.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Kostya Serebryany <kcc@google.com>
+Cc: syzkaller <syzkaller@googlegroups.com>
+Cc: John Stultz <john.stultz@linaro.org>
+Cc: Dmitry Vyukov <dvyukov@google.com>
+Link: http://lkml.kernel.org/r/20170530211655.896767100@linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/alarmtimer.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/kernel/time/alarmtimer.c
++++ b/kernel/time/alarmtimer.c
+@@ -611,6 +611,14 @@ static int alarm_timer_set(struct k_itim
+
+ /* start the timer */
+ timr->it.alarm.interval = timespec_to_ktime(new_setting->it_interval);
++
++ /*
++ * Rate limit to the tick as a hot fix to prevent DOS. Will be
++ * mopped up later.
++ */
++ if (timr->it.alarm.interval < TICK_NSEC)
++ timr->it.alarm.interval = TICK_NSEC;
++
+ exp = timespec_to_ktime(new_setting->it_value);
+ /* Convert (if necessary) to absolute time */
+ if (flags != TIMER_ABSTIME) {
--- /dev/null
+From 1a73d9310e093fc3adffba4d0a67b9fab2ee3f63 Mon Sep 17 00:00:00 2001
+From: Paul Burton <paul.burton@imgtec.com>
+Date: Fri, 2 Jun 2017 11:35:01 -0700
+Subject: MIPS: Fix bnezc/jialc return address calculation
+
+From: Paul Burton <paul.burton@imgtec.com>
+
+commit 1a73d9310e093fc3adffba4d0a67b9fab2ee3f63 upstream.
+
+The code handling the pop76 opcode (ie. bnezc & jialc instructions) in
+__compute_return_epc_for_insn() needs to set the value of $31 in the
+jialc case, which is encoded with rs = 0. However its check to
+differentiate bnezc (rs != 0) from jialc (rs = 0) was unfortunately
+backwards, meaning that if we emulate a bnezc instruction we clobber $31
+& if we emulate a jialc instruction it actually behaves like a jic
+instruction.
+
+Fix this by inverting the check of rs to match the way the instructions
+are actually encoded.
+
+Signed-off-by: Paul Burton <paul.burton@imgtec.com>
+Fixes: 28d6f93d201d ("MIPS: Emulate the new MIPS R6 BNEZC and JIALC instructions")
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/16178/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kernel/branch.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/mips/kernel/branch.c
++++ b/arch/mips/kernel/branch.c
+@@ -816,8 +816,10 @@ int __compute_return_epc_for_insn(struct
+ break;
+ }
+ /* Compact branch: BNEZC || JIALC */
+- if (insn.i_format.rs)
++ if (!insn.i_format.rs) {
++ /* JIALC: set $31/ra */
+ regs->regs[31] = epc + 4;
++ }
+ regs->cp0_epc += 8;
+ break;
+ #endif
projects / thirdparty / kernel / stable-queue.git / commitdiff
