From: Sasha Levin Date: Mon, 4 Jan 2021 15:53:15 +0000 (-0500) Subject: Fixes for 4.9 X-Git-Tag: v4.19.165~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cce7cf0a39b372b2fb3ed45374825a401b3d9e9f;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.9 Signed-off-by: Sasha Levin --- diff --git a/queue-4.9/module-delay-kobject-uevent-until-after-module-init-.patch b/queue-4.9/module-delay-kobject-uevent-until-after-module-init-.patch new file mode 100644 index 00000000000..e02777f435e --- /dev/null +++ b/queue-4.9/module-delay-kobject-uevent-until-after-module-init-.patch @@ -0,0 +1,72 @@ +From 703b6119bc974d581762f1cc1db5093fc53e3090 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Nov 2020 10:09:39 +0100 +Subject: module: delay kobject uevent until after module init call + +From: Jessica Yu + +[ Upstream commit 38dc717e97153e46375ee21797aa54777e5498f3 ] + +Apparently there has been a longstanding race between udev/systemd and +the module loader. Currently, the module loader sends a uevent right +after sysfs initialization, but before the module calls its init +function. However, some udev rules expect that the module has +initialized already upon receiving the uevent. + +This race has been triggered recently (see link in references) in some +systemd mount unit files. For instance, the configfs module creates the +/sys/kernel/config mount point in its init function, however the module +loader issues the uevent before this happens. sys-kernel-config.mount +expects to be able to mount /sys/kernel/config upon receipt of the +module loading uevent, but if the configfs module has not called its +init function yet, then this directory will not exist and the mount unit +fails. A similar situation exists for sys-fs-fuse-connections.mount, as +the fuse sysfs mount point is created during the fuse module's init +function. If udev is faster than module initialization then the mount +unit would fail in a similar fashion. + +To fix this race, delay the module KOBJ_ADD uevent until after the +module has finished calling its init routine. + +References: https://github.com/systemd/systemd/issues/17586 +Reviewed-by: Greg Kroah-Hartman +Tested-By: Nicolas Morey-Chaisemartin +Signed-off-by: Jessica Yu +Signed-off-by: Sasha Levin +--- + kernel/module.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/kernel/module.c b/kernel/module.c +index a106801f1582b..0219301b6109c 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -1762,7 +1762,6 @@ static int mod_sysfs_init(struct module *mod) + if (err) + mod_kobject_put(mod); + +- /* delay uevent until full sysfs population */ + out: + return err; + } +@@ -1796,7 +1795,6 @@ static int mod_sysfs_setup(struct module *mod, + add_sect_attrs(mod, info); + add_notes_attrs(mod, info); + +- kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD); + return 0; + + out_unreg_param: +@@ -3427,6 +3425,9 @@ static noinline int do_init_module(struct module *mod) + blocking_notifier_call_chain(&module_notify_list, + MODULE_STATE_LIVE, mod); + ++ /* Delay uevent until module has finished its init routine */ ++ kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD); ++ + /* + * We need to finish all async code before the module init sequence + * is done. This has potential to deadlock. For example, a newly +-- +2.27.0 + diff --git a/queue-4.9/module-set-module_state_going-state-when-a-module-fa.patch b/queue-4.9/module-set-module_state_going-state-when-a-module-fa.patch new file mode 100644 index 00000000000..f5bea4241e8 --- /dev/null +++ b/queue-4.9/module-set-module_state_going-state-when-a-module-fa.patch @@ -0,0 +1,36 @@ +From 6e6f27e62bfab848446915b57e9277be7f0ec48b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 27 Oct 2020 15:03:36 +0100 +Subject: module: set MODULE_STATE_GOING state when a module fails to load + +From: Miroslav Benes + +[ Upstream commit 5e8ed280dab9eeabc1ba0b2db5dbe9fe6debb6b5 ] + +If a module fails to load due to an error in prepare_coming_module(), +the following error handling in load_module() runs with +MODULE_STATE_COMING in module's state. Fix it by correctly setting +MODULE_STATE_GOING under "bug_cleanup" label. + +Signed-off-by: Miroslav Benes +Signed-off-by: Jessica Yu +Signed-off-by: Sasha Levin +--- + kernel/module.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/kernel/module.c b/kernel/module.c +index 9cb1437151ae7..a106801f1582b 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -3738,6 +3738,7 @@ static int load_module(struct load_info *info, const char __user *uargs, + MODULE_STATE_GOING, mod); + klp_module_going(mod); + bug_cleanup: ++ mod->state = MODULE_STATE_GOING; + /* module_bug_cleanup needs module_mutex protection */ + mutex_lock(&module_mutex); + module_bug_cleanup(mod); +-- +2.27.0 + diff --git a/queue-4.9/powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch b/queue-4.9/powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch new file mode 100644 index 00000000000..7f0fabcebed --- /dev/null +++ b/queue-4.9/powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch @@ -0,0 +1,39 @@ +From 4bc469fd24b0f0628c5cde15d235ee8af6f6187f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 28 Oct 2020 17:15:51 +0800 +Subject: powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() + +From: Qinglang Miao + +[ Upstream commit ffa1797040c5da391859a9556be7b735acbe1242 ] + +I noticed that iounmap() of msgr_block_addr before return from +mpic_msgr_probe() in the error handling case is missing. So use +devm_ioremap() instead of just ioremap() when remapping the message +register block, so the mapping will be automatically released on +probe failure. + +Signed-off-by: Qinglang Miao +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20201028091551.136400-1-miaoqinglang@huawei.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/sysdev/mpic_msgr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/sysdev/mpic_msgr.c b/arch/powerpc/sysdev/mpic_msgr.c +index 47fb336741d43..e26552708a281 100644 +--- a/arch/powerpc/sysdev/mpic_msgr.c ++++ b/arch/powerpc/sysdev/mpic_msgr.c +@@ -196,7 +196,7 @@ static int mpic_msgr_probe(struct platform_device *dev) + + /* IO map the message register block. */ + of_address_to_resource(np, 0, &rsrc); +- msgr_block_addr = ioremap(rsrc.start, resource_size(&rsrc)); ++ msgr_block_addr = devm_ioremap(&dev->dev, rsrc.start, resource_size(&rsrc)); + if (!msgr_block_addr) { + dev_err(&dev->dev, "Failed to iomap MPIC message registers"); + return -EFAULT; +-- +2.27.0 + diff --git a/queue-4.9/quota-don-t-overflow-quota-file-offsets.patch b/queue-4.9/quota-don-t-overflow-quota-file-offsets.patch new file mode 100644 index 00000000000..33468cbd1d3 --- /dev/null +++ b/queue-4.9/quota-don-t-overflow-quota-file-offsets.patch @@ -0,0 +1,66 @@ +From 792712eab44704926a5df01945b11963a145ae65 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 2 Nov 2020 16:32:10 +0100 +Subject: quota: Don't overflow quota file offsets + +From: Jan Kara + +[ Upstream commit 10f04d40a9fa29785206c619f80d8beedb778837 ] + +The on-disk quota format supports quota files with upto 2^32 blocks. Be +careful when computing quota file offsets in the quota files from block +numbers as they can overflow 32-bit types. Since quota files larger than +4GB would require ~26 millions of quota users, this is mostly a +theoretical concern now but better be careful, fuzzers would find the +problem sooner or later anyway... + +Reviewed-by: Andreas Dilger +Signed-off-by: Jan Kara +Signed-off-by: Sasha Levin +--- + fs/quota/quota_tree.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/fs/quota/quota_tree.c b/fs/quota/quota_tree.c +index 0738972e8d3f0..ecd9887b0d1fe 100644 +--- a/fs/quota/quota_tree.c ++++ b/fs/quota/quota_tree.c +@@ -61,7 +61,7 @@ static ssize_t read_blk(struct qtree_mem_dqinfo *info, uint blk, char *buf) + + memset(buf, 0, info->dqi_usable_bs); + return sb->s_op->quota_read(sb, info->dqi_type, buf, +- info->dqi_usable_bs, blk << info->dqi_blocksize_bits); ++ info->dqi_usable_bs, (loff_t)blk << info->dqi_blocksize_bits); + } + + static ssize_t write_blk(struct qtree_mem_dqinfo *info, uint blk, char *buf) +@@ -70,7 +70,7 @@ static ssize_t write_blk(struct qtree_mem_dqinfo *info, uint blk, char *buf) + ssize_t ret; + + ret = sb->s_op->quota_write(sb, info->dqi_type, buf, +- info->dqi_usable_bs, blk << info->dqi_blocksize_bits); ++ info->dqi_usable_bs, (loff_t)blk << info->dqi_blocksize_bits); + if (ret != info->dqi_usable_bs) { + quota_error(sb, "dquota write failed"); + if (ret >= 0) +@@ -283,7 +283,7 @@ static uint find_free_dqentry(struct qtree_mem_dqinfo *info, + blk); + goto out_buf; + } +- dquot->dq_off = (blk << info->dqi_blocksize_bits) + ++ dquot->dq_off = ((loff_t)blk << info->dqi_blocksize_bits) + + sizeof(struct qt_disk_dqdbheader) + + i * info->dqi_entry_size; + kfree(buf); +@@ -558,7 +558,7 @@ static loff_t find_block_dqentry(struct qtree_mem_dqinfo *info, + ret = -EIO; + goto out_buf; + } else { +- ret = (blk << info->dqi_blocksize_bits) + sizeof(struct ++ ret = ((loff_t)blk << info->dqi_blocksize_bits) + sizeof(struct + qt_disk_dqdbheader) + i * info->dqi_entry_size; + } + out_buf: +-- +2.27.0 + diff --git a/queue-4.9/series b/queue-4.9/series index 7609d31d18a..9e9cdf49d41 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -18,3 +18,7 @@ reiserfs-add-check-for-an-invalid-ih_entry_count.patch misc-vmw_vmci-fix-kernel-info-leak-by-initializing-dbells-in-vmci_ctx_get_chkpt_doorbells.patch media-gp8psk-initialize-stats-at-power-control-logic.patch alsa-seq-use-bool-for-snd_seq_queue-internal-flags.patch +module-set-module_state_going-state-when-a-module-fa.patch +quota-don-t-overflow-quota-file-offsets.patch +powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch +module-delay-kobject-uevent-until-after-module-init-.patch