From: Greg Kroah-Hartman Date: Mon, 19 Jun 2017 01:16:54 +0000 (+0800) Subject: 4.9-stable patches X-Git-Tag: v4.11.7~20 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b8243fb037d9a131382013a2500b6ed5db4d8d12;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: alarmtimer-rate-limit-periodic-intervals.patch mips-.its-targets-depend-on-vmlinux.patch mips-fix-bnezc-jialc-return-address-calculation.patch virtio_balloon-disable-viommu-support.patch vtpm-fix-missing-null-check.patch --- diff --git a/queue-4.9/alarmtimer-rate-limit-periodic-intervals.patch b/queue-4.9/alarmtimer-rate-limit-periodic-intervals.patch new file mode 100644 index 00000000000..0e421655eae --- /dev/null +++ b/queue-4.9/alarmtimer-rate-limit-periodic-intervals.patch @@ -0,0 +1,60 @@ +From ff86bf0c65f14346bf2440534f9ba5ac232c39a0 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Tue, 30 May 2017 23:15:35 +0200 +Subject: alarmtimer: Rate limit periodic intervals + +From: Thomas Gleixner + +commit ff86bf0c65f14346bf2440534f9ba5ac232c39a0 upstream. + +The alarmtimer code has another source of potentially rearming itself too +fast. Interval timers with a very samll interval have a similar CPU hog +effect as the previously fixed overflow issue. + +The reason is that alarmtimers do not implement the normal protection +against this kind of problem which the other posix timer use: + + timer expires -> queue signal -> deliver signal -> rearm timer + +This scheme brings the rearming under scheduler control and prevents +permanently firing timers which hog the CPU. + +Bringing this scheme to the alarm timer code is a major overhaul because it +lacks all the necessary mechanisms completely. + +So for a quick fix limit the interval to one jiffie. This is not +problematic in practice as alarmtimers are usually backed by an RTC for +suspend which have 1 second resolution. It could be therefor argued that +the resolution of this clock should be set to 1 second in general, but +that's outside the scope of this fix. + +Signed-off-by: Thomas Gleixner +Cc: Peter Zijlstra +Cc: Kostya Serebryany +Cc: syzkaller +Cc: John Stultz +Cc: Dmitry Vyukov +Link: http://lkml.kernel.org/r/20170530211655.896767100@linutronix.de +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/time/alarmtimer.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/kernel/time/alarmtimer.c ++++ b/kernel/time/alarmtimer.c +@@ -624,6 +624,14 @@ static int alarm_timer_set(struct k_itim + + /* start the timer */ + timr->it.alarm.interval = timespec_to_ktime(new_setting->it_interval); ++ ++ /* ++ * Rate limit to the tick as a hot fix to prevent DOS. Will be ++ * mopped up later. ++ */ ++ if (timr->it.alarm.interval < TICK_NSEC) ++ timr->it.alarm.interval = TICK_NSEC; ++ + exp = timespec_to_ktime(new_setting->it_value); + /* Convert (if necessary) to absolute time */ + if (flags != TIMER_ABSTIME) { diff --git a/queue-4.9/mips-.its-targets-depend-on-vmlinux.patch b/queue-4.9/mips-.its-targets-depend-on-vmlinux.patch new file mode 100644 index 00000000000..9dc09344378 --- /dev/null +++ b/queue-4.9/mips-.its-targets-depend-on-vmlinux.patch @@ -0,0 +1,55 @@ +From bcd7c45e0d5a82be9a64b90050f0e09d41a50758 Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Fri, 2 Jun 2017 12:02:08 -0700 +Subject: MIPS: .its targets depend on vmlinux + +From: Paul Burton + +commit bcd7c45e0d5a82be9a64b90050f0e09d41a50758 upstream. + +The .its targets require information about the kernel binary, such as +its entry point, which is extracted from the vmlinux ELF. We therefore +require that the ELF is built before the .its files are generated. +Declare this requirement in the Makefile such that make will ensure this +is always the case, otherwise in corner cases we can hit issues as the +.its is generated with an incorrect (either invalid or stale) entry +point. + +Signed-off-by: Paul Burton +Fixes: cf2a5e0bb4c6 ("MIPS: Support generating Flattened Image Trees (.itb)") +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/16179/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/boot/Makefile | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/arch/mips/boot/Makefile ++++ b/arch/mips/boot/Makefile +@@ -128,19 +128,19 @@ quiet_cmd_cpp_its_S = ITS $@ + -DADDR_BITS=$(ADDR_BITS) \ + -DADDR_CELLS=$(itb_addr_cells) + +-$(obj)/vmlinux.its: $(srctree)/arch/mips/$(PLATFORM)/vmlinux.its.S FORCE ++$(obj)/vmlinux.its: $(srctree)/arch/mips/$(PLATFORM)/vmlinux.its.S $(VMLINUX) FORCE + $(call if_changed_dep,cpp_its_S,none,vmlinux.bin) + +-$(obj)/vmlinux.gz.its: $(srctree)/arch/mips/$(PLATFORM)/vmlinux.its.S FORCE ++$(obj)/vmlinux.gz.its: $(srctree)/arch/mips/$(PLATFORM)/vmlinux.its.S $(VMLINUX) FORCE + $(call if_changed_dep,cpp_its_S,gzip,vmlinux.bin.gz) + +-$(obj)/vmlinux.bz2.its: $(srctree)/arch/mips/$(PLATFORM)/vmlinux.its.S FORCE ++$(obj)/vmlinux.bz2.its: $(srctree)/arch/mips/$(PLATFORM)/vmlinux.its.S $(VMLINUX) FORCE + $(call if_changed_dep,cpp_its_S,bzip2,vmlinux.bin.bz2) + +-$(obj)/vmlinux.lzma.its: $(srctree)/arch/mips/$(PLATFORM)/vmlinux.its.S FORCE ++$(obj)/vmlinux.lzma.its: $(srctree)/arch/mips/$(PLATFORM)/vmlinux.its.S $(VMLINUX) FORCE + $(call if_changed_dep,cpp_its_S,lzma,vmlinux.bin.lzma) + +-$(obj)/vmlinux.lzo.its: $(srctree)/arch/mips/$(PLATFORM)/vmlinux.its.S FORCE ++$(obj)/vmlinux.lzo.its: $(srctree)/arch/mips/$(PLATFORM)/vmlinux.its.S $(VMLINUX) FORCE + $(call if_changed_dep,cpp_its_S,lzo,vmlinux.bin.lzo) + + quiet_cmd_itb-image = ITB $@ diff --git a/queue-4.9/mips-fix-bnezc-jialc-return-address-calculation.patch b/queue-4.9/mips-fix-bnezc-jialc-return-address-calculation.patch new file mode 100644 index 00000000000..0cd7f463285 --- /dev/null +++ b/queue-4.9/mips-fix-bnezc-jialc-return-address-calculation.patch @@ -0,0 +1,45 @@ +From 1a73d9310e093fc3adffba4d0a67b9fab2ee3f63 Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Fri, 2 Jun 2017 11:35:01 -0700 +Subject: MIPS: Fix bnezc/jialc return address calculation + +From: Paul Burton + +commit 1a73d9310e093fc3adffba4d0a67b9fab2ee3f63 upstream. + +The code handling the pop76 opcode (ie. bnezc & jialc instructions) in +__compute_return_epc_for_insn() needs to set the value of $31 in the +jialc case, which is encoded with rs = 0. However its check to +differentiate bnezc (rs != 0) from jialc (rs = 0) was unfortunately +backwards, meaning that if we emulate a bnezc instruction we clobber $31 +& if we emulate a jialc instruction it actually behaves like a jic +instruction. + +Fix this by inverting the check of rs to match the way the instructions +are actually encoded. + +Signed-off-by: Paul Burton +Fixes: 28d6f93d201d ("MIPS: Emulate the new MIPS R6 BNEZC and JIALC instructions") +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/16178/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/branch.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/mips/kernel/branch.c ++++ b/arch/mips/kernel/branch.c +@@ -804,8 +804,10 @@ int __compute_return_epc_for_insn(struct + break; + } + /* Compact branch: BNEZC || JIALC */ +- if (insn.i_format.rs) ++ if (!insn.i_format.rs) { ++ /* JIALC: set $31/ra */ + regs->regs[31] = epc + 4; ++ } + regs->cp0_epc += 8; + break; + #endif diff --git a/queue-4.9/series b/queue-4.9/series index 24900ed9a48..0c676fd8c7e 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -52,3 +52,8 @@ genirq-release-resources-in-__setup_irq-error-path.patch alarmtimer-prevent-overflow-of-relative-timers.patch usb-gadget-composite-fix-function-used-to-free-memory.patch usb-dwc3-exynos-fix-axius-clock-error-path-to-do-cleanup.patch +alarmtimer-rate-limit-periodic-intervals.patch +virtio_balloon-disable-viommu-support.patch +mips-fix-bnezc-jialc-return-address-calculation.patch +mips-.its-targets-depend-on-vmlinux.patch +vtpm-fix-missing-null-check.patch diff --git a/queue-4.9/virtio_balloon-disable-viommu-support.patch b/queue-4.9/virtio_balloon-disable-viommu-support.patch new file mode 100644 index 00000000000..99392624582 --- /dev/null +++ b/queue-4.9/virtio_balloon-disable-viommu-support.patch @@ -0,0 +1,46 @@ +From e41b1355508debe45fda33ef8c03ff3ba5d206b9 Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" +Date: Tue, 13 Jun 2017 20:56:44 +0300 +Subject: virtio_balloon: disable VIOMMU support + +From: Michael S. Tsirkin + +commit e41b1355508debe45fda33ef8c03ff3ba5d206b9 upstream. + +virtio balloon bypasses the DMA API entirely so does not support the +VIOMMU right now. It's not clear we need that support, for now let's +just make sure we don't pretend to support it. + +Cc: Wei Wang +Fixes: 1a937693993f ("virtio: new feature to detect IOMMU device quirk") +Signed-off-by: Michael S. Tsirkin +Acked-by: Jason Wang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/virtio/virtio_balloon.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/virtio/virtio_balloon.c ++++ b/drivers/virtio/virtio_balloon.c +@@ -657,6 +657,12 @@ static int virtballoon_restore(struct vi + } + #endif + ++static int virtballoon_validate(struct virtio_device *vdev) ++{ ++ __virtio_clear_bit(vdev, VIRTIO_F_IOMMU_PLATFORM); ++ return 0; ++} ++ + static unsigned int features[] = { + VIRTIO_BALLOON_F_MUST_TELL_HOST, + VIRTIO_BALLOON_F_STATS_VQ, +@@ -669,6 +675,7 @@ static struct virtio_driver virtio_ballo + .driver.name = KBUILD_MODNAME, + .driver.owner = THIS_MODULE, + .id_table = id_table, ++ .validate = virtballoon_validate, + .probe = virtballoon_probe, + .remove = virtballoon_remove, + .config_changed = virtballoon_changed, diff --git a/queue-4.9/vtpm-fix-missing-null-check.patch b/queue-4.9/vtpm-fix-missing-null-check.patch new file mode 100644 index 00000000000..246b4c60000 --- /dev/null +++ b/queue-4.9/vtpm-fix-missing-null-check.patch @@ -0,0 +1,67 @@ +From 31574d321c70f6d3b40fe98f9b2eafd9a903fef9 Mon Sep 17 00:00:00 2001 +From: "Hon Ching \\(Vicky\\) Lo" +Date: Wed, 15 Mar 2017 01:28:07 -0400 +Subject: vTPM: Fix missing NULL check + +From: Hon Ching \(Vicky\) Lo + +commit 31574d321c70f6d3b40fe98f9b2eafd9a903fef9 upstream. + +The current code passes the address of tpm_chip as the argument to +dev_get_drvdata() without prior NULL check in +tpm_ibmvtpm_get_desired_dma. This resulted an oops during kernel +boot when vTPM is enabled in Power partition configured in active +memory sharing mode. + +The vio_driver's get_desired_dma() is called before the probe(), which +for vtpm is tpm_ibmvtpm_probe, and it's this latter function that +initializes the driver and set data. Attempting to get data before +the probe() caused the problem. + +This patch adds a NULL check to the tpm_ibmvtpm_get_desired_dma. + +fixes: 9e0d39d8a6a0 ("tpm: Remove useless priv field in struct tpm_vendor_specific") +Signed-off-by: Hon Ching(Vicky) Lo +Reviewed-by: Jarkko Sakkine +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/char/tpm/tpm_ibmvtpm.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +--- a/drivers/char/tpm/tpm_ibmvtpm.c ++++ b/drivers/char/tpm/tpm_ibmvtpm.c +@@ -295,6 +295,8 @@ static int tpm_ibmvtpm_remove(struct vio + } + + kfree(ibmvtpm); ++ /* For tpm_ibmvtpm_get_desired_dma */ ++ dev_set_drvdata(&vdev->dev, NULL); + + return 0; + } +@@ -309,13 +311,16 @@ static int tpm_ibmvtpm_remove(struct vio + static unsigned long tpm_ibmvtpm_get_desired_dma(struct vio_dev *vdev) + { + struct tpm_chip *chip = dev_get_drvdata(&vdev->dev); +- struct ibmvtpm_dev *ibmvtpm = dev_get_drvdata(&chip->dev); ++ struct ibmvtpm_dev *ibmvtpm; + +- /* ibmvtpm initializes at probe time, so the data we are +- * asking for may not be set yet. Estimate that 4K required +- * for TCE-mapped buffer in addition to CRQ. +- */ +- if (!ibmvtpm) ++ /* ++ * ibmvtpm initializes at probe time, so the data we are ++ * asking for may not be set yet. Estimate that 4K required ++ * for TCE-mapped buffer in addition to CRQ. ++ */ ++ if (chip) ++ ibmvtpm = dev_get_drvdata(&chip->dev); ++ else + return CRQ_RES_BUF_SIZE + PAGE_SIZE; + + return CRQ_RES_BUF_SIZE + ibmvtpm->rtce_size;