From: Sasha Levin Date: Mon, 4 Jan 2021 15:53:16 +0000 (-0500) Subject: Fixes for 4.4 X-Git-Tag: v4.19.165~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6e31164893f74a67fef44508461ae6fdd85a1df5;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.4 Signed-off-by: Sasha Levin --- diff --git a/queue-4.4/module-delay-kobject-uevent-until-after-module-init-.patch b/queue-4.4/module-delay-kobject-uevent-until-after-module-init-.patch new file mode 100644 index 00000000000..1609d16d475 --- /dev/null +++ b/queue-4.4/module-delay-kobject-uevent-until-after-module-init-.patch @@ -0,0 +1,72 @@ +From bca6fe88eeb9eb9bf95400b6a2965b46ed99ee9b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Nov 2020 10:09:39 +0100 +Subject: module: delay kobject uevent until after module init call + +From: Jessica Yu + +[ Upstream commit 38dc717e97153e46375ee21797aa54777e5498f3 ] + +Apparently there has been a longstanding race between udev/systemd and +the module loader. Currently, the module loader sends a uevent right +after sysfs initialization, but before the module calls its init +function. However, some udev rules expect that the module has +initialized already upon receiving the uevent. + +This race has been triggered recently (see link in references) in some +systemd mount unit files. For instance, the configfs module creates the +/sys/kernel/config mount point in its init function, however the module +loader issues the uevent before this happens. sys-kernel-config.mount +expects to be able to mount /sys/kernel/config upon receipt of the +module loading uevent, but if the configfs module has not called its +init function yet, then this directory will not exist and the mount unit +fails. A similar situation exists for sys-fs-fuse-connections.mount, as +the fuse sysfs mount point is created during the fuse module's init +function. If udev is faster than module initialization then the mount +unit would fail in a similar fashion. + +To fix this race, delay the module KOBJ_ADD uevent until after the +module has finished calling its init routine. + +References: https://github.com/systemd/systemd/issues/17586 +Reviewed-by: Greg Kroah-Hartman +Tested-By: Nicolas Morey-Chaisemartin +Signed-off-by: Jessica Yu +Signed-off-by: Sasha Levin +--- + kernel/module.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/kernel/module.c b/kernel/module.c +index dcfc811d9ae2d..e6afc950357a5 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -1779,7 +1779,6 @@ static int mod_sysfs_init(struct module *mod) + if (err) + mod_kobject_put(mod); + +- /* delay uevent until full sysfs population */ + out: + return err; + } +@@ -1813,7 +1812,6 @@ static int mod_sysfs_setup(struct module *mod, + add_sect_attrs(mod, info); + add_notes_attrs(mod, info); + +- kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD); + return 0; + + out_unreg_param: +@@ -3301,6 +3299,9 @@ static noinline int do_init_module(struct module *mod) + blocking_notifier_call_chain(&module_notify_list, + MODULE_STATE_LIVE, mod); + ++ /* Delay uevent until module has finished its init routine */ ++ kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD); ++ + /* + * We need to finish all async code before the module init sequence + * is done. This has potential to deadlock. For example, a newly +-- +2.27.0 + diff --git a/queue-4.4/module-set-module_state_going-state-when-a-module-fa.patch b/queue-4.4/module-set-module_state_going-state-when-a-module-fa.patch new file mode 100644 index 00000000000..71e9dd6bfb4 --- /dev/null +++ b/queue-4.4/module-set-module_state_going-state-when-a-module-fa.patch @@ -0,0 +1,36 @@ +From f09455bba1f11cafe19f07977fce222091b92cea Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 27 Oct 2020 15:03:36 +0100 +Subject: module: set MODULE_STATE_GOING state when a module fails to load + +From: Miroslav Benes + +[ Upstream commit 5e8ed280dab9eeabc1ba0b2db5dbe9fe6debb6b5 ] + +If a module fails to load due to an error in prepare_coming_module(), +the following error handling in load_module() runs with +MODULE_STATE_COMING in module's state. Fix it by correctly setting +MODULE_STATE_GOING under "bug_cleanup" label. + +Signed-off-by: Miroslav Benes +Signed-off-by: Jessica Yu +Signed-off-by: Sasha Levin +--- + kernel/module.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/kernel/module.c b/kernel/module.c +index 2f695b6e1a3e0..dcfc811d9ae2d 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -3589,6 +3589,7 @@ static int load_module(struct load_info *info, const char __user *uargs, + return do_init_module(mod); + + bug_cleanup: ++ mod->state = MODULE_STATE_GOING; + /* module_bug_cleanup needs module_mutex protection */ + mutex_lock(&module_mutex); + module_bug_cleanup(mod); +-- +2.27.0 + diff --git a/queue-4.4/powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch b/queue-4.4/powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch new file mode 100644 index 00000000000..94e773b060c --- /dev/null +++ b/queue-4.4/powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch @@ -0,0 +1,39 @@ +From bc817111265629b622b0e6979c538fe125e11169 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 28 Oct 2020 17:15:51 +0800 +Subject: powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() + +From: Qinglang Miao + +[ Upstream commit ffa1797040c5da391859a9556be7b735acbe1242 ] + +I noticed that iounmap() of msgr_block_addr before return from +mpic_msgr_probe() in the error handling case is missing. So use +devm_ioremap() instead of just ioremap() when remapping the message +register block, so the mapping will be automatically released on +probe failure. + +Signed-off-by: Qinglang Miao +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20201028091551.136400-1-miaoqinglang@huawei.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/sysdev/mpic_msgr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/sysdev/mpic_msgr.c b/arch/powerpc/sysdev/mpic_msgr.c +index 994fe73c2ed07..3140095ee7578 100644 +--- a/arch/powerpc/sysdev/mpic_msgr.c ++++ b/arch/powerpc/sysdev/mpic_msgr.c +@@ -196,7 +196,7 @@ static int mpic_msgr_probe(struct platform_device *dev) + + /* IO map the message register block. */ + of_address_to_resource(np, 0, &rsrc); +- msgr_block_addr = ioremap(rsrc.start, resource_size(&rsrc)); ++ msgr_block_addr = devm_ioremap(&dev->dev, rsrc.start, resource_size(&rsrc)); + if (!msgr_block_addr) { + dev_err(&dev->dev, "Failed to iomap MPIC message registers"); + return -EFAULT; +-- +2.27.0 + diff --git a/queue-4.4/quota-don-t-overflow-quota-file-offsets.patch b/queue-4.4/quota-don-t-overflow-quota-file-offsets.patch new file mode 100644 index 00000000000..0145c019725 --- /dev/null +++ b/queue-4.4/quota-don-t-overflow-quota-file-offsets.patch @@ -0,0 +1,66 @@ +From 4a84f5bcc9687ec522ac96b43c627a27ebe9dc11 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 2 Nov 2020 16:32:10 +0100 +Subject: quota: Don't overflow quota file offsets + +From: Jan Kara + +[ Upstream commit 10f04d40a9fa29785206c619f80d8beedb778837 ] + +The on-disk quota format supports quota files with upto 2^32 blocks. Be +careful when computing quota file offsets in the quota files from block +numbers as they can overflow 32-bit types. Since quota files larger than +4GB would require ~26 millions of quota users, this is mostly a +theoretical concern now but better be careful, fuzzers would find the +problem sooner or later anyway... + +Reviewed-by: Andreas Dilger +Signed-off-by: Jan Kara +Signed-off-by: Sasha Levin +--- + fs/quota/quota_tree.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/fs/quota/quota_tree.c b/fs/quota/quota_tree.c +index 58efb83dec1c8..3069b11867194 100644 +--- a/fs/quota/quota_tree.c ++++ b/fs/quota/quota_tree.c +@@ -55,7 +55,7 @@ static ssize_t read_blk(struct qtree_mem_dqinfo *info, uint blk, char *buf) + + memset(buf, 0, info->dqi_usable_bs); + return sb->s_op->quota_read(sb, info->dqi_type, buf, +- info->dqi_usable_bs, blk << info->dqi_blocksize_bits); ++ info->dqi_usable_bs, (loff_t)blk << info->dqi_blocksize_bits); + } + + static ssize_t write_blk(struct qtree_mem_dqinfo *info, uint blk, char *buf) +@@ -64,7 +64,7 @@ static ssize_t write_blk(struct qtree_mem_dqinfo *info, uint blk, char *buf) + ssize_t ret; + + ret = sb->s_op->quota_write(sb, info->dqi_type, buf, +- info->dqi_usable_bs, blk << info->dqi_blocksize_bits); ++ info->dqi_usable_bs, (loff_t)blk << info->dqi_blocksize_bits); + if (ret != info->dqi_usable_bs) { + quota_error(sb, "dquota write failed"); + if (ret >= 0) +@@ -277,7 +277,7 @@ static uint find_free_dqentry(struct qtree_mem_dqinfo *info, + blk); + goto out_buf; + } +- dquot->dq_off = (blk << info->dqi_blocksize_bits) + ++ dquot->dq_off = ((loff_t)blk << info->dqi_blocksize_bits) + + sizeof(struct qt_disk_dqdbheader) + + i * info->dqi_entry_size; + kfree(buf); +@@ -552,7 +552,7 @@ static loff_t find_block_dqentry(struct qtree_mem_dqinfo *info, + ret = -EIO; + goto out_buf; + } else { +- ret = (blk << info->dqi_blocksize_bits) + sizeof(struct ++ ret = ((loff_t)blk << info->dqi_blocksize_bits) + sizeof(struct + qt_disk_dqdbheader) + i * info->dqi_entry_size; + } + out_buf: +-- +2.27.0 + diff --git a/queue-4.4/series b/queue-4.4/series index fe04c971c16..f6ac9519632 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -14,3 +14,7 @@ reiserfs-add-check-for-an-invalid-ih_entry_count.patch misc-vmw_vmci-fix-kernel-info-leak-by-initializing-dbells-in-vmci_ctx_get_chkpt_doorbells.patch media-gp8psk-initialize-stats-at-power-control-logic.patch alsa-seq-use-bool-for-snd_seq_queue-internal-flags.patch +module-set-module_state_going-state-when-a-module-fa.patch +quota-don-t-overflow-quota-file-offsets.patch +powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch +module-delay-kobject-uevent-until-after-module-init-.patch