From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 3 Nov 2020 15:49:42 +0000 (+0100)
Subject: 4.4-stable patches
X-Git-Tag: v4.14.204~25
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=32e2ec83ad4aaea7852182fa5c8e8b30a19504ca;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	ia64-fix-build-error-with-coredump.patch
	ubi-check-kthread_should_stop-after-the-setting-of-task-state.patch
---

diff --git a/queue-4.4/ia64-fix-build-error-with-coredump.patch b/queue-4.4/ia64-fix-build-error-with-coredump.patch
new file mode 100644
index 00000000000..64f4c24a571
--- /dev/null
+++ b/queue-4.4/ia64-fix-build-error-with-coredump.patch
@@ -0,0 +1,43 @@
+From 7404840d87557c4092bf0272bce5e0354c774bf9 Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzk@kernel.org>
+Date: Sat, 17 Oct 2020 16:13:37 -0700
+Subject: ia64: fix build error with !COREDUMP
+
+From: Krzysztof Kozlowski <krzk@kernel.org>
+
+commit 7404840d87557c4092bf0272bce5e0354c774bf9 upstream.
+
+Fix linkage error when CONFIG_BINFMT_ELF is selected but CONFIG_COREDUMP
+is not:
+
+    ia64-linux-ld: arch/ia64/kernel/elfcore.o: in function `elf_core_write_extra_phdrs':
+    elfcore.c:(.text+0x172): undefined reference to `dump_emit'
+    ia64-linux-ld: arch/ia64/kernel/elfcore.o: in function `elf_core_write_extra_data':
+    elfcore.c:(.text+0x2b2): undefined reference to `dump_emit'
+
+Fixes: 1fcccbac89f5 ("elf coredump: replace ELF_CORE_EXTRA_* macros by functions")
+Reported-by: kernel test robot <lkp@intel.com>
+Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Cc: Tony Luck <tony.luck@intel.com>
+Cc: Fenghua Yu <fenghua.yu@intel.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lkml.kernel.org/r/20200819064146.12529-1-krzk@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/ia64/kernel/Makefile |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/ia64/kernel/Makefile
++++ b/arch/ia64/kernel/Makefile
+@@ -42,7 +42,7 @@ endif
+ obj-$(CONFIG_INTEL_IOMMU)	+= pci-dma.o
+ obj-$(CONFIG_SWIOTLB)		+= pci-swiotlb.o
+ 
+-obj-$(CONFIG_BINFMT_ELF)	+= elfcore.o
++obj-$(CONFIG_ELF_CORE)		+= elfcore.o
+ 
+ # fp_emulate() expects f2-f5,f16-f31 to contain the user-level state.
+ CFLAGS_traps.o  += -mfixed-range=f2-f5,f16-f31
diff --git a/queue-4.4/series b/queue-4.4/series
index 2dcf2f19b55..476702f1fa0 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -47,3 +47,5 @@ dmaengine-dma-jz4780-fix-race-in-jz4780_dma_tx_status.patch
 iio-gyro-itg3200-fix-timestamp-alignment-and-prevent-data-leak.patch
 powerpc-powernv-elog-fix-race-while-processing-opal-error-log-event.patch
 ubifs-dent-fix-some-potential-memory-leaks-while-iterating-entries.patch
+ubi-check-kthread_should_stop-after-the-setting-of-task-state.patch
+ia64-fix-build-error-with-coredump.patch
diff --git a/queue-4.4/ubi-check-kthread_should_stop-after-the-setting-of-task-state.patch b/queue-4.4/ubi-check-kthread_should_stop-after-the-setting-of-task-state.patch
new file mode 100644
index 00000000000..94947ba6286
--- /dev/null
+++ b/queue-4.4/ubi-check-kthread_should_stop-after-the-setting-of-task-state.patch
@@ -0,0 +1,64 @@
+From d005f8c6588efcfbe88099b6edafc6f58c84a9c1 Mon Sep 17 00:00:00 2001
+From: Zhihao Cheng <chengzhihao1@huawei.com>
+Date: Mon, 1 Jun 2020 17:12:31 +0800
+Subject: ubi: check kthread_should_stop() after the setting of task state
+
+From: Zhihao Cheng <chengzhihao1@huawei.com>
+
+commit d005f8c6588efcfbe88099b6edafc6f58c84a9c1 upstream.
+
+A detach hung is possible when a race occurs between the detach process
+and the ubi background thread. The following sequences outline the race:
+
+  ubi thread: if (list_empty(&ubi->works)...
+
+  ubi detach: set_bit(KTHREAD_SHOULD_STOP, &kthread->flags)
+              => by kthread_stop()
+              wake_up_process()
+              => ubi thread is still running, so 0 is returned
+
+  ubi thread: set_current_state(TASK_INTERRUPTIBLE)
+              schedule()
+              => ubi thread will never be scheduled again
+
+  ubi detach: wait_for_completion()
+              => hung task!
+
+To fix that, we need to check kthread_should_stop() after we set the
+task state, so the ubi thread will either see the stop bit and exit or
+the task state is reset to runnable such that it isn't scheduled out
+indefinitely.
+
+Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
+Cc: <stable@vger.kernel.org>
+Fixes: 801c135ce73d5df1ca ("UBI: Unsorted Block Images")
+Reported-by: syzbot+853639d0cb16c31c7a14@syzkaller.appspotmail.com
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mtd/ubi/wl.c |   13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+--- a/drivers/mtd/ubi/wl.c
++++ b/drivers/mtd/ubi/wl.c
+@@ -1460,6 +1460,19 @@ int ubi_thread(void *u)
+ 		    !ubi->thread_enabled || ubi_dbg_is_bgt_disabled(ubi)) {
+ 			set_current_state(TASK_INTERRUPTIBLE);
+ 			spin_unlock(&ubi->wl_lock);
++
++			/*
++			 * Check kthread_should_stop() after we set the task
++			 * state to guarantee that we either see the stop bit
++			 * and exit or the task state is reset to runnable such
++			 * that it's not scheduled out indefinitely and detects
++			 * the stop bit at kthread_should_stop().
++			 */
++			if (kthread_should_stop()) {
++				set_current_state(TASK_RUNNING);
++				break;
++			}
++
+ 			schedule();
+ 			continue;
+ 		}