From: Greg Kroah-Hartman Date: Mon, 1 Jun 2020 17:01:18 +0000 (+0200) Subject: 4.9-stable patches X-Git-Tag: v4.4.226~15 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9b9a4b01a0a9c2644a5fff7e87cb892ff941ee7d;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: genirq-generic_pending-do-not-lose-pending-affinity-update.patch mm-vmalloc.c-don-t-dereference-possible-null-pointer-in-__vunmap.patch net-hns-fixes-the-missing-put_device-in-positive-leg-for-roce-reset.patch net-rtnl_configure_link-fix-dev-flags-changes-arg-to-__dev_notify_flags.patch sc16is7xx-move-label-err_spi-to-correct-section.patch --- diff --git a/queue-4.9/genirq-generic_pending-do-not-lose-pending-affinity-update.patch b/queue-4.9/genirq-generic_pending-do-not-lose-pending-affinity-update.patch new file mode 100644 index 00000000000..5a387ae0450 --- /dev/null +++ b/queue-4.9/genirq-generic_pending-do-not-lose-pending-affinity-update.patch @@ -0,0 +1,89 @@ +From a33a5d2d16cb84bea8d5f5510f3a41aa48b5c467 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Mon, 4 Jun 2018 17:33:54 +0200 +Subject: genirq/generic_pending: Do not lose pending affinity update + +From: Thomas Gleixner + +commit a33a5d2d16cb84bea8d5f5510f3a41aa48b5c467 upstream. + +The generic pending interrupt mechanism moves interrupts from the interrupt +handler on the original target CPU to the new destination CPU. This is +required for x86 and ia64 due to the way the interrupt delivery and +acknowledge works if the interrupts are not remapped. + +However that update can fail for various reasons. Some of them are valid +reasons to discard the pending update, but the case, when the previous move +has not been fully cleaned up is not a legit reason to fail. + +Check the return value of irq_do_set_affinity() for -EBUSY, which indicates +a pending cleanup, and rearm the pending move in the irq dexcriptor so it's +tried again when the next interrupt arrives. + +Fixes: 996c591227d9 ("x86/irq: Plug vector cleanup race") +Signed-off-by: Thomas Gleixner +Tested-by: Song Liu +Cc: Joerg Roedel +Cc: Peter Zijlstra +Cc: Song Liu +Cc: Dmitry Safonov <0x7f454c46@gmail.com> +Cc: stable@vger.kernel.org +Cc: Mike Travis +Cc: Borislav Petkov +Cc: Tariq Toukan +Cc: Guenter Roeck +Link: https://lkml.kernel.org/r/20180604162224.386544292@linutronix.de +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/irq/migration.c | 24 ++++++++++++++++++------ + 1 file changed, 18 insertions(+), 6 deletions(-) + +--- a/kernel/irq/migration.c ++++ b/kernel/irq/migration.c +@@ -7,17 +7,18 @@ + void irq_move_masked_irq(struct irq_data *idata) + { + struct irq_desc *desc = irq_data_to_desc(idata); +- struct irq_chip *chip = desc->irq_data.chip; ++ struct irq_data *data = &desc->irq_data; ++ struct irq_chip *chip = data->chip; + +- if (likely(!irqd_is_setaffinity_pending(&desc->irq_data))) ++ if (likely(!irqd_is_setaffinity_pending(data))) + return; + +- irqd_clr_move_pending(&desc->irq_data); ++ irqd_clr_move_pending(data); + + /* + * Paranoia: cpu-local interrupts shouldn't be calling in here anyway. + */ +- if (irqd_is_per_cpu(&desc->irq_data)) { ++ if (irqd_is_per_cpu(data)) { + WARN_ON(1); + return; + } +@@ -42,9 +43,20 @@ void irq_move_masked_irq(struct irq_data + * For correct operation this depends on the caller + * masking the irqs. + */ +- if (cpumask_any_and(desc->pending_mask, cpu_online_mask) < nr_cpu_ids) +- irq_do_set_affinity(&desc->irq_data, desc->pending_mask, false); ++ if (cpumask_any_and(desc->pending_mask, cpu_online_mask) < nr_cpu_ids) { ++ int ret; + ++ ret = irq_do_set_affinity(data, desc->pending_mask, false); ++ /* ++ * If the there is a cleanup pending in the underlying ++ * vector management, reschedule the move for the next ++ * interrupt. Leave desc->pending_mask intact. ++ */ ++ if (ret == -EBUSY) { ++ irqd_set_move_pending(data); ++ return; ++ } ++ } + cpumask_clear(desc->pending_mask); + } + diff --git a/queue-4.9/mm-vmalloc.c-don-t-dereference-possible-null-pointer-in-__vunmap.patch b/queue-4.9/mm-vmalloc.c-don-t-dereference-possible-null-pointer-in-__vunmap.patch new file mode 100644 index 00000000000..7e7afa8298f --- /dev/null +++ b/queue-4.9/mm-vmalloc.c-don-t-dereference-possible-null-pointer-in-__vunmap.patch @@ -0,0 +1,40 @@ +From 6ade20327dbb808882888ed8ccded71e93067cf9 Mon Sep 17 00:00:00 2001 +From: Liviu Dudau +Date: Tue, 5 Mar 2019 15:42:54 -0800 +Subject: mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap() + +From: Liviu Dudau + +commit 6ade20327dbb808882888ed8ccded71e93067cf9 upstream. + +find_vmap_area() can return a NULL pointer and we're going to +dereference it without checking it first. Use the existing +find_vm_area() function which does exactly what we want and checks for +the NULL pointer. + +Link: http://lkml.kernel.org/r/20181228171009.22269-1-liviu@dudau.co.uk +Fixes: f3c01d2f3ade ("mm: vmalloc: avoid racy handling of debugobjects in vunmap") +Signed-off-by: Liviu Dudau +Reviewed-by: Andrew Morton +Cc: Chintan Pandya +Cc: Andrey Ryabinin +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Cc: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + mm/vmalloc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/vmalloc.c ++++ b/mm/vmalloc.c +@@ -1499,7 +1499,7 @@ static void __vunmap(const void *addr, i + addr)) + return; + +- area = find_vmap_area((unsigned long)addr)->vm; ++ area = find_vm_area(addr); + if (unlikely(!area)) { + WARN(1, KERN_ERR "Trying to vfree() nonexistent vm area (%p)\n", + addr); diff --git a/queue-4.9/net-hns-fixes-the-missing-put_device-in-positive-leg-for-roce-reset.patch b/queue-4.9/net-hns-fixes-the-missing-put_device-in-positive-leg-for-roce-reset.patch new file mode 100644 index 00000000000..c22bea373e2 --- /dev/null +++ b/queue-4.9/net-hns-fixes-the-missing-put_device-in-positive-leg-for-roce-reset.patch @@ -0,0 +1,34 @@ +From 4d96e13ee9cd1f7f801e8c7f4b12f09d1da4a5d8 Mon Sep 17 00:00:00 2001 +From: Salil Mehta +Date: Mon, 18 Feb 2019 17:40:32 +0000 +Subject: net: hns: Fixes the missing put_device in positive leg for roce reset + +From: Salil Mehta + +commit 4d96e13ee9cd1f7f801e8c7f4b12f09d1da4a5d8 upstream. + +This patch fixes the missing device reference release-after-use in +the positive leg of the roce reset API of the HNS DSAF. + +Fixes: c969c6e7ab8c ("net: hns: Fix object reference leaks in hns_dsaf_roce_reset()") +Reported-by: John Garry +Signed-off-by: Salil Mehta +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c ++++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c +@@ -2867,6 +2867,9 @@ int hns_dsaf_roce_reset(struct fwnode_ha + dsaf_set_bit(credit, DSAF_SBM_ROCEE_CFG_CRD_EN_B, 1); + dsaf_write_dev(dsaf_dev, DSAF_SBM_ROCEE_CFG_REG_REG, credit); + } ++ ++ put_device(&pdev->dev); ++ + return 0; + } + EXPORT_SYMBOL(hns_dsaf_roce_reset); diff --git a/queue-4.9/net-rtnl_configure_link-fix-dev-flags-changes-arg-to-__dev_notify_flags.patch b/queue-4.9/net-rtnl_configure_link-fix-dev-flags-changes-arg-to-__dev_notify_flags.patch new file mode 100644 index 00000000000..dac4ef80a53 --- /dev/null +++ b/queue-4.9/net-rtnl_configure_link-fix-dev-flags-changes-arg-to-__dev_notify_flags.patch @@ -0,0 +1,37 @@ +From 56a49d7048703f5ffdb84d3a0ee034108fba6850 Mon Sep 17 00:00:00 2001 +From: Roopa Prabhu +Date: Wed, 12 Sep 2018 13:21:48 -0700 +Subject: net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags + +From: Roopa Prabhu + +commit 56a49d7048703f5ffdb84d3a0ee034108fba6850 upstream. + +This fix addresses https://bugzilla.kernel.org/show_bug.cgi?id=201071 + +Commit 5025f7f7d506 wrongly relied on __dev_change_flags to notify users of +dev flag changes in the case when dev->rtnl_link_state = RTNL_LINK_INITIALIZED. +Fix it by indicating flag changes explicitly to __dev_notify_flags. + +Fixes: 5025f7f7d506 ("rtnetlink: add rtnl_link_state check in rtnl_configure_link") +Reported-By: Liam mcbirnie +Signed-off-by: Roopa Prabhu +Signed-off-by: David S. Miller +Cc: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + net/core/rtnetlink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/core/rtnetlink.c ++++ b/net/core/rtnetlink.c +@@ -2361,7 +2361,7 @@ int rtnl_configure_link(struct net_devic + } + + if (dev->rtnl_link_state == RTNL_LINK_INITIALIZED) { +- __dev_notify_flags(dev, old_flags, 0U); ++ __dev_notify_flags(dev, old_flags, (old_flags ^ dev->flags)); + } else { + dev->rtnl_link_state = RTNL_LINK_INITIALIZED; + __dev_notify_flags(dev, old_flags, ~0U); diff --git a/queue-4.9/sc16is7xx-move-label-err_spi-to-correct-section.patch b/queue-4.9/sc16is7xx-move-label-err_spi-to-correct-section.patch new file mode 100644 index 00000000000..d5bbc3a45b8 --- /dev/null +++ b/queue-4.9/sc16is7xx-move-label-err_spi-to-correct-section.patch @@ -0,0 +1,45 @@ +From e00164a0f000de893944981f41a568c981aca658 Mon Sep 17 00:00:00 2001 +From: Guoqing Jiang +Date: Tue, 9 Apr 2019 16:16:38 +0800 +Subject: sc16is7xx: move label 'err_spi' to correct section +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Guoqing Jiang + +commit e00164a0f000de893944981f41a568c981aca658 upstream. + +err_spi is used when SERIAL_SC16IS7XX_SPI is enabled, so make +the label only available under SERIAL_SC16IS7XX_SPI option. +Otherwise, the below warning appears. + +drivers/tty/serial/sc16is7xx.c:1523:1: warning: label ‘err_spi’ defined but not used [-Wunused-label] + err_spi: + ^~~~~~~ + +Signed-off-by: Guoqing Jiang +Fixes: ac0cdb3d9901 ("sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()") +Signed-off-by: Arnd Bergmann +Cc: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/sc16is7xx.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/tty/serial/sc16is7xx.c ++++ b/drivers/tty/serial/sc16is7xx.c +@@ -1523,10 +1523,12 @@ static int __init sc16is7xx_init(void) + #endif + return ret; + ++#ifdef CONFIG_SERIAL_SC16IS7XX_SPI + err_spi: + #ifdef CONFIG_SERIAL_SC16IS7XX_I2C + i2c_del_driver(&sc16is7xx_i2c_uart_driver); + #endif ++#endif + err_i2c: + uart_unregister_driver(&sc16is7xx_uart); + return ret; diff --git a/queue-4.9/series b/queue-4.9/series index e4b9bc197c6..14efe01a514 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -54,3 +54,8 @@ qlcnic-fix-missing-release-in-qlcnic_83xx_interrupt_test.patch bonding-fix-reference-count-leak-in-bond_sysfs_slave_add.patch revert-input-i8042-add-thinkpad-s230u-to-i8042-nomux-list.patch netfilter-nf_conntrack_pptp-fix-compilation-warning-with-w-1-build.patch +genirq-generic_pending-do-not-lose-pending-affinity-update.patch +net-rtnl_configure_link-fix-dev-flags-changes-arg-to-__dev_notify_flags.patch +mm-vmalloc.c-don-t-dereference-possible-null-pointer-in-__vunmap.patch +sc16is7xx-move-label-err_spi-to-correct-section.patch +net-hns-fixes-the-missing-put_device-in-positive-leg-for-roce-reset.patch