4.4-stable patches

added patches:
	alarmtimer-prevent-overflow-of-relative-timers.patch
	genirq-release-resources-in-__setup_irq-error-path.patch
	usb-dwc3-exynos-fix-axius-clock-error-path-to-do-cleanup.patch

diff --git a/queue-4.4/alarmtimer-prevent-overflow-of-relative-timers.patch b/queue-4.4/alarmtimer-prevent-overflow-of-relative-timers.patch
new file mode 100644 (file)
index 0000000..8e95521
--- /dev/null
+++ b/queue-4.4/alarmtimer-prevent-overflow-of-relative-timers.patch
@@ -0,0 +1,65 @@
+From f4781e76f90df7aec400635d73ea4c35ee1d4765 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Tue, 30 May 2017 23:15:34 +0200
+Subject: alarmtimer: Prevent overflow of relative timers
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit f4781e76f90df7aec400635d73ea4c35ee1d4765 upstream.
+
+Andrey reported a alartimer related RCU stall while fuzzing the kernel with
+syzkaller.
+
+The reason for this is an overflow in ktime_add() which brings the
+resulting time into negative space and causes immediate expiry of the
+timer. The following rearm with a small interval does not bring the timer
+back into positive space due to the same issue.
+
+This results in a permanent firing alarmtimer which hogs the CPU.
+
+Use ktime_add_safe() instead which detects the overflow and clamps the
+result to KTIME_SEC_MAX.
+
+Reported-by: Andrey Konovalov <andreyknvl@google.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Kostya Serebryany <kcc@google.com>
+Cc: syzkaller <syzkaller@googlegroups.com>
+Cc: John Stultz <john.stultz@linaro.org>
+Cc: Dmitry Vyukov <dvyukov@google.com>
+Link: http://lkml.kernel.org/r/20170530211655.802921648@linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/alarmtimer.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/kernel/time/alarmtimer.c
++++ b/kernel/time/alarmtimer.c
+@@ -339,7 +339,7 @@ void alarm_start_relative(struct alarm *
+ {
+       struct alarm_base *base = &alarm_bases[alarm->type];
+ 
+-      start = ktime_add(start, base->gettime());
++      start = ktime_add_safe(start, base->gettime());
+       alarm_start(alarm, start);
+ }
+ EXPORT_SYMBOL_GPL(alarm_start_relative);
+@@ -425,7 +425,7 @@ u64 alarm_forward(struct alarm *alarm, k
+               overrun++;
+       }
+ 
+-      alarm->node.expires = ktime_add(alarm->node.expires, interval);
++      alarm->node.expires = ktime_add_safe(alarm->node.expires, interval);
+       return overrun;
+ }
+ EXPORT_SYMBOL_GPL(alarm_forward);
+@@ -617,7 +617,7 @@ static int alarm_timer_set(struct k_itim
+               ktime_t now;
+ 
+               now = alarm_bases[timr->it.alarm.alarmtimer.type].gettime();
+-              exp = ktime_add(now, exp);
++              exp = ktime_add_safe(now, exp);
+       }
+ 
+       alarm_start(&timr->it.alarm.alarmtimer, exp);

diff --git a/queue-4.4/genirq-release-resources-in-__setup_irq-error-path.patch b/queue-4.4/genirq-release-resources-in-__setup_irq-error-path.patch
new file mode 100644 (file)
index 0000000..e5f3b8e
--- /dev/null
+++ b/queue-4.4/genirq-release-resources-in-__setup_irq-error-path.patch
@@ -0,0 +1,38 @@
+From fa07ab72cbb0d843429e61bf179308aed6cbe0dd Mon Sep 17 00:00:00 2001
+From: Heiner Kallweit <hkallweit1@gmail.com>
+Date: Sun, 11 Jun 2017 00:38:36 +0200
+Subject: genirq: Release resources in __setup_irq() error path
+
+From: Heiner Kallweit <hkallweit1@gmail.com>
+
+commit fa07ab72cbb0d843429e61bf179308aed6cbe0dd upstream.
+
+In case __irq_set_trigger() fails the resources requested via
+irq_request_resources() are not released.
+
+Add the missing release call into the error handling path.
+
+Fixes: c1bacbae8192 ("genirq: Provide irq_request/release_resources chip callbacks")
+Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Link: http://lkml.kernel.org/r/655538f5-cb20-a892-ff15-fbd2dd1fa4ec@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/irq/manage.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/kernel/irq/manage.c
++++ b/kernel/irq/manage.c
+@@ -1287,8 +1287,10 @@ __setup_irq(unsigned int irq, struct irq
+                       ret = __irq_set_trigger(desc,
+                                               new->flags & IRQF_TRIGGER_MASK);
+ 
+-                      if (ret)
++                      if (ret) {
++                              irq_release_resources(desc);
+                               goto out_mask;
++                      }
+               }
+ 
+               desc->istate &= ~(IRQS_AUTODETECT | IRQS_SPURIOUS_DISABLED | \

diff --git a/queue-4.4/series b/queue-4.4/series
index 0a832497a1e200c603de144bba50c9ec9f5e4807..1ffbc59f0ba1d3a065561e6873190ba56b558dc5 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -22,3 +22,6 @@ usb-xhci-asmedia-asm1042a-chipset-need-shorts-tx-quirk.patch
 usb-gadgetfs-dummy-hcd-net2280-fix-locking-for-callbacks.patch
 mm-memory-failure.c-use-compound_head-flags-for-huge-pages.patch
 swap-cond_resched-in-swap_cgroup_prepare.patch
+genirq-release-resources-in-__setup_irq-error-path.patch
+alarmtimer-prevent-overflow-of-relative-timers.patch
+usb-dwc3-exynos-fix-axius-clock-error-path-to-do-cleanup.patch

diff --git a/queue-4.4/usb-dwc3-exynos-fix-axius-clock-error-path-to-do-cleanup.patch b/queue-4.4/usb-dwc3-exynos-fix-axius-clock-error-path-to-do-cleanup.patch
new file mode 100644 (file)
index 0000000..00ac32b
--- /dev/null
+++ b/queue-4.4/usb-dwc3-exynos-fix-axius-clock-error-path-to-do-cleanup.patch
@@ -0,0 +1,42 @@
+From 8ae584d1951f241efd45499f8774fd7066f22823 Mon Sep 17 00:00:00 2001
+From: Shuah Khan <shuahkh@osg.samsung.com>
+Date: Tue, 10 Jan 2017 16:05:28 -0700
+Subject: usb: dwc3: exynos fix axius clock error path to do cleanup
+
+From: Shuah Khan <shuahkh@osg.samsung.com>
+
+commit 8ae584d1951f241efd45499f8774fd7066f22823 upstream.
+
+Axius clock error path returns without disabling clock and suspend clock.
+Fix it to disable them before returning error.
+
+Reviewed-by: Javier Martinez Canillas <javier@osg.samsung.com>
+Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/dwc3/dwc3-exynos.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/dwc3/dwc3-exynos.c
++++ b/drivers/usb/dwc3/dwc3-exynos.c
+@@ -148,7 +148,8 @@ static int dwc3_exynos_probe(struct plat
+               exynos->axius_clk = devm_clk_get(dev, "usbdrd30_axius_clk");
+               if (IS_ERR(exynos->axius_clk)) {
+                       dev_err(dev, "no AXI UpScaler clk specified\n");
+-                      return -ENODEV;
++                      ret = -ENODEV;
++                      goto axius_clk_err;
+               }
+               clk_prepare_enable(exynos->axius_clk);
+       } else {
+@@ -206,6 +207,7 @@ err3:
+       regulator_disable(exynos->vdd33);
+ err2:
+       clk_disable_unprepare(exynos->axius_clk);
++axius_clk_err:
+       clk_disable_unprepare(exynos->susp_clk);
+       clk_disable_unprepare(exynos->clk);
+       return ret;