--- /dev/null
+From 703b6119bc974d581762f1cc1db5093fc53e3090 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 27 Nov 2020 10:09:39 +0100
+Subject: module: delay kobject uevent until after module init call
+
+From: Jessica Yu <jeyu@kernel.org>
+
+[ Upstream commit 38dc717e97153e46375ee21797aa54777e5498f3 ]
+
+Apparently there has been a longstanding race between udev/systemd and
+the module loader. Currently, the module loader sends a uevent right
+after sysfs initialization, but before the module calls its init
+function. However, some udev rules expect that the module has
+initialized already upon receiving the uevent.
+
+This race has been triggered recently (see link in references) in some
+systemd mount unit files. For instance, the configfs module creates the
+/sys/kernel/config mount point in its init function, however the module
+loader issues the uevent before this happens. sys-kernel-config.mount
+expects to be able to mount /sys/kernel/config upon receipt of the
+module loading uevent, but if the configfs module has not called its
+init function yet, then this directory will not exist and the mount unit
+fails. A similar situation exists for sys-fs-fuse-connections.mount, as
+the fuse sysfs mount point is created during the fuse module's init
+function. If udev is faster than module initialization then the mount
+unit would fail in a similar fashion.
+
+To fix this race, delay the module KOBJ_ADD uevent until after the
+module has finished calling its init routine.
+
+References: https://github.com/systemd/systemd/issues/17586
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Tested-By: Nicolas Morey-Chaisemartin <nmoreychaisemartin@suse.com>
+Signed-off-by: Jessica Yu <jeyu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/module.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/kernel/module.c b/kernel/module.c
+index a106801f1582b..0219301b6109c 100644
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -1762,7 +1762,6 @@ static int mod_sysfs_init(struct module *mod)
+ if (err)
+ mod_kobject_put(mod);
+
+- /* delay uevent until full sysfs population */
+ out:
+ return err;
+ }
+@@ -1796,7 +1795,6 @@ static int mod_sysfs_setup(struct module *mod,
+ add_sect_attrs(mod, info);
+ add_notes_attrs(mod, info);
+
+- kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD);
+ return 0;
+
+ out_unreg_param:
+@@ -3427,6 +3425,9 @@ static noinline int do_init_module(struct module *mod)
+ blocking_notifier_call_chain(&module_notify_list,
+ MODULE_STATE_LIVE, mod);
+
++ /* Delay uevent until module has finished its init routine */
++ kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD);
++
+ /*
+ * We need to finish all async code before the module init sequence
+ * is done. This has potential to deadlock. For example, a newly
+--
+2.27.0
+
--- /dev/null
+From 6e6f27e62bfab848446915b57e9277be7f0ec48b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 27 Oct 2020 15:03:36 +0100
+Subject: module: set MODULE_STATE_GOING state when a module fails to load
+
+From: Miroslav Benes <mbenes@suse.cz>
+
+[ Upstream commit 5e8ed280dab9eeabc1ba0b2db5dbe9fe6debb6b5 ]
+
+If a module fails to load due to an error in prepare_coming_module(),
+the following error handling in load_module() runs with
+MODULE_STATE_COMING in module's state. Fix it by correctly setting
+MODULE_STATE_GOING under "bug_cleanup" label.
+
+Signed-off-by: Miroslav Benes <mbenes@suse.cz>
+Signed-off-by: Jessica Yu <jeyu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/module.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/kernel/module.c b/kernel/module.c
+index 9cb1437151ae7..a106801f1582b 100644
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -3738,6 +3738,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
+ MODULE_STATE_GOING, mod);
+ klp_module_going(mod);
+ bug_cleanup:
++ mod->state = MODULE_STATE_GOING;
+ /* module_bug_cleanup needs module_mutex protection */
+ mutex_lock(&module_mutex);
+ module_bug_cleanup(mod);
+--
+2.27.0
+
--- /dev/null
+From 4bc469fd24b0f0628c5cde15d235ee8af6f6187f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 28 Oct 2020 17:15:51 +0800
+Subject: powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe()
+
+From: Qinglang Miao <miaoqinglang@huawei.com>
+
+[ Upstream commit ffa1797040c5da391859a9556be7b735acbe1242 ]
+
+I noticed that iounmap() of msgr_block_addr before return from
+mpic_msgr_probe() in the error handling case is missing. So use
+devm_ioremap() instead of just ioremap() when remapping the message
+register block, so the mapping will be automatically released on
+probe failure.
+
+Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20201028091551.136400-1-miaoqinglang@huawei.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/sysdev/mpic_msgr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/powerpc/sysdev/mpic_msgr.c b/arch/powerpc/sysdev/mpic_msgr.c
+index 47fb336741d43..e26552708a281 100644
+--- a/arch/powerpc/sysdev/mpic_msgr.c
++++ b/arch/powerpc/sysdev/mpic_msgr.c
+@@ -196,7 +196,7 @@ static int mpic_msgr_probe(struct platform_device *dev)
+
+ /* IO map the message register block. */
+ of_address_to_resource(np, 0, &rsrc);
+- msgr_block_addr = ioremap(rsrc.start, resource_size(&rsrc));
++ msgr_block_addr = devm_ioremap(&dev->dev, rsrc.start, resource_size(&rsrc));
+ if (!msgr_block_addr) {
+ dev_err(&dev->dev, "Failed to iomap MPIC message registers");
+ return -EFAULT;
+--
+2.27.0
+
--- /dev/null
+From 792712eab44704926a5df01945b11963a145ae65 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 2 Nov 2020 16:32:10 +0100
+Subject: quota: Don't overflow quota file offsets
+
+From: Jan Kara <jack@suse.cz>
+
+[ Upstream commit 10f04d40a9fa29785206c619f80d8beedb778837 ]
+
+The on-disk quota format supports quota files with upto 2^32 blocks. Be
+careful when computing quota file offsets in the quota files from block
+numbers as they can overflow 32-bit types. Since quota files larger than
+4GB would require ~26 millions of quota users, this is mostly a
+theoretical concern now but better be careful, fuzzers would find the
+problem sooner or later anyway...
+
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/quota/quota_tree.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/fs/quota/quota_tree.c b/fs/quota/quota_tree.c
+index 0738972e8d3f0..ecd9887b0d1fe 100644
+--- a/fs/quota/quota_tree.c
++++ b/fs/quota/quota_tree.c
+@@ -61,7 +61,7 @@ static ssize_t read_blk(struct qtree_mem_dqinfo *info, uint blk, char *buf)
+
+ memset(buf, 0, info->dqi_usable_bs);
+ return sb->s_op->quota_read(sb, info->dqi_type, buf,
+- info->dqi_usable_bs, blk << info->dqi_blocksize_bits);
++ info->dqi_usable_bs, (loff_t)blk << info->dqi_blocksize_bits);
+ }
+
+ static ssize_t write_blk(struct qtree_mem_dqinfo *info, uint blk, char *buf)
+@@ -70,7 +70,7 @@ static ssize_t write_blk(struct qtree_mem_dqinfo *info, uint blk, char *buf)
+ ssize_t ret;
+
+ ret = sb->s_op->quota_write(sb, info->dqi_type, buf,
+- info->dqi_usable_bs, blk << info->dqi_blocksize_bits);
++ info->dqi_usable_bs, (loff_t)blk << info->dqi_blocksize_bits);
+ if (ret != info->dqi_usable_bs) {
+ quota_error(sb, "dquota write failed");
+ if (ret >= 0)
+@@ -283,7 +283,7 @@ static uint find_free_dqentry(struct qtree_mem_dqinfo *info,
+ blk);
+ goto out_buf;
+ }
+- dquot->dq_off = (blk << info->dqi_blocksize_bits) +
++ dquot->dq_off = ((loff_t)blk << info->dqi_blocksize_bits) +
+ sizeof(struct qt_disk_dqdbheader) +
+ i * info->dqi_entry_size;
+ kfree(buf);
+@@ -558,7 +558,7 @@ static loff_t find_block_dqentry(struct qtree_mem_dqinfo *info,
+ ret = -EIO;
+ goto out_buf;
+ } else {
+- ret = (blk << info->dqi_blocksize_bits) + sizeof(struct
++ ret = ((loff_t)blk << info->dqi_blocksize_bits) + sizeof(struct
+ qt_disk_dqdbheader) + i * info->dqi_entry_size;
+ }
+ out_buf:
+--
+2.27.0
+
misc-vmw_vmci-fix-kernel-info-leak-by-initializing-dbells-in-vmci_ctx_get_chkpt_doorbells.patch
media-gp8psk-initialize-stats-at-power-control-logic.patch
alsa-seq-use-bool-for-snd_seq_queue-internal-flags.patch
+module-set-module_state_going-state-when-a-module-fa.patch
+quota-don-t-overflow-quota-file-offsets.patch
+powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch
+module-delay-kobject-uevent-until-after-module-init-.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
