From: Greg Kroah-Hartman Date: Sun, 10 Sep 2017 11:37:09 +0000 (+0200) Subject: 3.18-stable patches X-Git-Tag: v3.18.71~16 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d41e93fb26651e7bfcf72b570c14d539dbafd9c9;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: alsa-msnd-optimize-harden-dsp-and-midi-loops.patch btrfs-resume-qgroup-rescan-on-rw-remount.patch locktorture-fix-potential-memory-leak-with-rw-lock-test.patch --- diff --git a/queue-3.18/alsa-msnd-optimize-harden-dsp-and-midi-loops.patch b/queue-3.18/alsa-msnd-optimize-harden-dsp-and-midi-loops.patch new file mode 100644 index 00000000000..abc8b2bece7 --- /dev/null +++ b/queue-3.18/alsa-msnd-optimize-harden-dsp-and-midi-loops.patch @@ -0,0 +1,106 @@ +From 20e2b791796bd68816fa115f12be5320de2b8021 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Thu, 6 Jul 2017 12:34:40 +0200 +Subject: ALSA: msnd: Optimize / harden DSP and MIDI loops + +From: Takashi Iwai + +commit 20e2b791796bd68816fa115f12be5320de2b8021 upstream. + +The ISA msnd drivers have loops fetching the ring-buffer head, tail +and size values inside the loops. Such codes are inefficient and +fragile. + +This patch optimizes it, and also adds the sanity check to avoid the +endless loops. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=196131 +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=196133 +Signed-off-by: Takashi Iwai +Signed-off-by: grygorii tertychnyi +Signed-off-by: Greg Kroah-Hartman + +--- + sound/isa/msnd/msnd_midi.c | 28 ++++++++++++++-------------- + sound/isa/msnd/msnd_pinnacle.c | 23 ++++++++++++----------- + 2 files changed, 26 insertions(+), 25 deletions(-) + +--- a/sound/isa/msnd/msnd_midi.c ++++ b/sound/isa/msnd/msnd_midi.c +@@ -120,24 +120,24 @@ void snd_msndmidi_input_read(void *mpuv) + unsigned long flags; + struct snd_msndmidi *mpu = mpuv; + void *pwMIDQData = mpu->dev->mappedbase + MIDQ_DATA_BUFF; ++ u16 head, tail, size; + + spin_lock_irqsave(&mpu->input_lock, flags); +- while (readw(mpu->dev->MIDQ + JQS_wTail) != +- readw(mpu->dev->MIDQ + JQS_wHead)) { +- u16 wTmp, val; +- val = readw(pwMIDQData + 2 * readw(mpu->dev->MIDQ + JQS_wHead)); ++ head = readw(mpu->dev->MIDQ + JQS_wHead); ++ tail = readw(mpu->dev->MIDQ + JQS_wTail); ++ size = readw(mpu->dev->MIDQ + JQS_wSize); ++ if (head > size || tail > size) ++ goto out; ++ while (head != tail) { ++ unsigned char val = readw(pwMIDQData + 2 * head); + +- if (test_bit(MSNDMIDI_MODE_BIT_INPUT_TRIGGER, +- &mpu->mode)) +- snd_rawmidi_receive(mpu->substream_input, +- (unsigned char *)&val, 1); +- +- wTmp = readw(mpu->dev->MIDQ + JQS_wHead) + 1; +- if (wTmp > readw(mpu->dev->MIDQ + JQS_wSize)) +- writew(0, mpu->dev->MIDQ + JQS_wHead); +- else +- writew(wTmp, mpu->dev->MIDQ + JQS_wHead); ++ if (test_bit(MSNDMIDI_MODE_BIT_INPUT_TRIGGER, &mpu->mode)) ++ snd_rawmidi_receive(mpu->substream_input, &val, 1); ++ if (++head > size) ++ head = 0; ++ writew(head, mpu->dev->MIDQ + JQS_wHead); + } ++ out: + spin_unlock_irqrestore(&mpu->input_lock, flags); + } + EXPORT_SYMBOL(snd_msndmidi_input_read); +--- a/sound/isa/msnd/msnd_pinnacle.c ++++ b/sound/isa/msnd/msnd_pinnacle.c +@@ -170,23 +170,24 @@ static irqreturn_t snd_msnd_interrupt(in + { + struct snd_msnd *chip = dev_id; + void *pwDSPQData = chip->mappedbase + DSPQ_DATA_BUFF; ++ u16 head, tail, size; + + /* Send ack to DSP */ + /* inb(chip->io + HP_RXL); */ + + /* Evaluate queued DSP messages */ +- while (readw(chip->DSPQ + JQS_wTail) != readw(chip->DSPQ + JQS_wHead)) { +- u16 wTmp; +- +- snd_msnd_eval_dsp_msg(chip, +- readw(pwDSPQData + 2 * readw(chip->DSPQ + JQS_wHead))); +- +- wTmp = readw(chip->DSPQ + JQS_wHead) + 1; +- if (wTmp > readw(chip->DSPQ + JQS_wSize)) +- writew(0, chip->DSPQ + JQS_wHead); +- else +- writew(wTmp, chip->DSPQ + JQS_wHead); ++ head = readw(chip->DSPQ + JQS_wHead); ++ tail = readw(chip->DSPQ + JQS_wTail); ++ size = readw(chip->DSPQ + JQS_wSize); ++ if (head > size || tail > size) ++ goto out; ++ while (head != tail) { ++ snd_msnd_eval_dsp_msg(chip, readw(pwDSPQData + 2 * head)); ++ if (++head > size) ++ head = 0; ++ writew(head, chip->DSPQ + JQS_wHead); + } ++ out: + /* Send ack to DSP */ + inb(chip->io + HP_RXL); + return IRQ_HANDLED; diff --git a/queue-3.18/btrfs-resume-qgroup-rescan-on-rw-remount.patch b/queue-3.18/btrfs-resume-qgroup-rescan-on-rw-remount.patch new file mode 100644 index 00000000000..00447aa96ac --- /dev/null +++ b/queue-3.18/btrfs-resume-qgroup-rescan-on-rw-remount.patch @@ -0,0 +1,43 @@ +From 6c6b5a39c4bf3dbd8cf629c9f5450e983c19dbb9 Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai +Date: Tue, 4 Jul 2017 21:49:06 +1000 +Subject: btrfs: resume qgroup rescan on rw remount + +From: Aleksa Sarai + +commit 6c6b5a39c4bf3dbd8cf629c9f5450e983c19dbb9 upstream. + +Several distributions mount the "proper root" as ro during initrd and +then remount it as rw before pivot_root(2). Thus, if a rescan had been +aborted by a previous shutdown, the rescan would never be resumed. + +This issue would manifest itself as several btrfs ioctl(2)s causing the +entire machine to hang when btrfs_qgroup_wait_for_completion was hit +(due to the fs_info->qgroup_rescan_running flag being set but the rescan +itself not being resumed). Notably, Docker's btrfs storage driver makes +regular use of BTRFS_QUOTA_CTL_DISABLE and BTRFS_IOC_QUOTA_RESCAN_WAIT +(causing this problem to be manifested on boot for some machines). + +Cc: Jeff Mahoney +Fixes: b382a324b60f ("Btrfs: fix qgroup rescan resume on mount") +Signed-off-by: Aleksa Sarai +Reviewed-by: Nikolay Borisov +Tested-by: Nikolay Borisov +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/super.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/btrfs/super.c ++++ b/fs/btrfs/super.c +@@ -1575,6 +1575,8 @@ static int btrfs_remount(struct super_bl + goto restore; + } + ++ btrfs_qgroup_rescan_resume(fs_info); ++ + if (!fs_info->uuid_root) { + btrfs_info(fs_info, "creating UUID tree"); + ret = btrfs_create_uuid_tree(fs_info); diff --git a/queue-3.18/locktorture-fix-potential-memory-leak-with-rw-lock-test.patch b/queue-3.18/locktorture-fix-potential-memory-leak-with-rw-lock-test.patch new file mode 100644 index 00000000000..5ee25983071 --- /dev/null +++ b/queue-3.18/locktorture-fix-potential-memory-leak-with-rw-lock-test.patch @@ -0,0 +1,86 @@ +From f4dbba591945dc301c302672adefba9e2ec08dc5 Mon Sep 17 00:00:00 2001 +From: Yang Shi +Date: Thu, 10 Nov 2016 13:06:39 -0800 +Subject: locktorture: Fix potential memory leak with rw lock test + +From: Yang Shi + +commit f4dbba591945dc301c302672adefba9e2ec08dc5 upstream. + +When running locktorture module with the below commands with kmemleak enabled: + +$ modprobe locktorture torture_type=rw_lock_irq +$ rmmod locktorture + +The below kmemleak got caught: + +root@10:~# echo scan > /sys/kernel/debug/kmemleak +[ 323.197029] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) +root@10:~# cat /sys/kernel/debug/kmemleak +unreferenced object 0xffffffc07592d500 (size 128): + comm "modprobe", pid 368, jiffies 4294924118 (age 205.824s) + hex dump (first 32 bytes): + 00 00 00 00 00 00 00 00 c3 7b 02 00 00 00 00 00 .........{...... + 00 00 00 00 00 00 00 00 d7 9b 02 00 00 00 00 00 ................ + backtrace: + [] create_object+0x110/0x288 + [] kmemleak_alloc+0x58/0xa0 + [] __kmalloc+0x234/0x318 + [] 0xffffff80006fa130 + [] do_one_initcall+0x44/0x138 + [] do_init_module+0x68/0x1cc + [] load_module+0x1a68/0x22e0 + [] SyS_finit_module+0xe0/0xf0 + [] el0_svc_naked+0x24/0x28 + [] 0xffffffffffffffff +unreferenced object 0xffffffc07592d480 (size 128): + comm "modprobe", pid 368, jiffies 4294924118 (age 205.824s) + hex dump (first 32 bytes): + 00 00 00 00 00 00 00 00 3b 6f 01 00 00 00 00 00 ........;o...... + 00 00 00 00 00 00 00 00 23 6a 01 00 00 00 00 00 ........#j...... + backtrace: + [] create_object+0x110/0x288 + [] kmemleak_alloc+0x58/0xa0 + [] __kmalloc+0x234/0x318 + [] 0xffffff80006fa22c + [] do_one_initcall+0x44/0x138 + [] do_init_module+0x68/0x1cc + [] load_module+0x1a68/0x22e0 + [] SyS_finit_module+0xe0/0xf0 + [] el0_svc_naked+0x24/0x28 + [] 0xffffffffffffffff + +It is because cxt.lwsa and cxt.lrsa don't get freed in module_exit, so free +them in lock_torture_cleanup() and free writer_tasks if reader_tasks is +failed at memory allocation. + +Signed-off-by: Yang Shi +Signed-off-by: Paul E. McKenney +Reviewed-by: Josh Triplett +Cc: 石洋 +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/locking/locktorture.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/kernel/locking/locktorture.c ++++ b/kernel/locking/locktorture.c +@@ -630,6 +630,8 @@ static void lock_torture_cleanup(void) + else + lock_torture_print_module_parms(cxt.cur_ops, + "End of test: SUCCESS"); ++ kfree(cxt.lwsa); ++ kfree(cxt.lrsa); + torture_cleanup_end(); + } + +@@ -763,6 +765,8 @@ static int __init lock_torture_init(void + GFP_KERNEL); + if (reader_tasks == NULL) { + VERBOSE_TOROUT_ERRSTRING("reader_tasks: Out of memory"); ++ kfree(writer_tasks); ++ writer_tasks = NULL; + firsterr = -ENOMEM; + goto unwind; + } diff --git a/queue-3.18/series b/queue-3.18/series index 18f8d3c50e7..e2ea7167d92 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -12,3 +12,6 @@ workqueue-fix-flag-collision.patch cs5536-add-support-for-ide-controller-variant.patch scsi-sg-protect-against-races-between-mmap-and-sg_set_reserved_size.patch scsi-sg-recheck-mmap_io-request-length-with-lock-held.patch +btrfs-resume-qgroup-rescan-on-rw-remount.patch +locktorture-fix-potential-memory-leak-with-rw-lock-test.patch +alsa-msnd-optimize-harden-dsp-and-midi-loops.patch diff --git a/queue-4.12/series b/queue-4.12/series new file mode 100644 index 00000000000..c817854ced1 --- /dev/null +++ b/queue-4.12/series @@ -0,0 +1,15 @@ +mtd-nand-make-samsung-slc-nand-usable-again.patch +mtd-nand-hynix-add-support-for-20nm-nand-chips.patch +mtd-nand-mxc-fix-mxc_v1-ooblayout.patch +mtd-nand-qcom-fix-read-failure-without-complete-bootchain.patch +mtd-nand-qcom-fix-config-error-for-bch.patch +nvme-fabrics-generate-spec-compliant-uuid-nqns.patch +btrfs-resume-qgroup-rescan-on-rw-remount.patch +rtlwifi-btcoexist-fix-breakage-of-ant_sel-for-rtl8723be.patch +radix-tree-must-check-__radix_tree_preload-return-value.patch +selftests-x86-fsgsbase-test-selectors-1-2-and-3.patch +mm-kvfree-the-swap-cluster-info-if-the-swap-file-is-unsatisfactory.patch +mm-swapfile.c-fix-swapon-frontswap_map-memory-leak-on-error.patch +mm-memory.c-fix-mem_cgroup_oom_disable-call-missing.patch +alsa-msnd-optimize-harden-dsp-and-midi-loops.patch +kvm-svm-limit-pferr_nested_guest_page-error_code-check-to-l1-guest.patch diff --git a/queue-4.13/series b/queue-4.13/series new file mode 100644 index 00000000000..c3019d0b89d --- /dev/null +++ b/queue-4.13/series @@ -0,0 +1,19 @@ +mtd-nand-make-samsung-slc-nand-usable-again.patch +mtd-nand-hynix-add-support-for-20nm-nand-chips.patch +mtd-nand-mxc-fix-mxc_v1-ooblayout.patch +mtd-nand-qcom-fix-read-failure-without-complete-bootchain.patch +mtd-nand-qcom-fix-config-error-for-bch.patch +nvme-fabrics-generate-spec-compliant-uuid-nqns.patch +btrfs-resume-qgroup-rescan-on-rw-remount.patch +rtlwifi-btcoexist-fix-breakage-of-ant_sel-for-rtl8723be.patch +rtlwifi-btcoexist-fix-antenna-selection-code.patch +radix-tree-must-check-__radix_tree_preload-return-value.patch +brcmfmac-feature-check-for-multi-scheduled-scan-fails-on-bcm4345-devices.patch +kselftests-timers-leap-a-day-change-default-arguments-to-help-test-runs.patch +selftests-timers-fix-run_destructive_tests-target-to-handle-skipped-tests.patch +selftests-x86-fsgsbase-test-selectors-1-2-and-3.patch +mm-kvfree-the-swap-cluster-info-if-the-swap-file-is-unsatisfactory.patch +mm-swapfile.c-fix-swapon-frontswap_map-memory-leak-on-error.patch +mm-sparse.c-fix-typo-in-online_mem_sections.patch +mm-memory.c-fix-mem_cgroup_oom_disable-call-missing.patch +kvm-svm-limit-pferr_nested_guest_page-error_code-check-to-l1-guest.patch diff --git a/queue-4.4/series b/queue-4.4/series index 386912a961f..c1eb0c497d0 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -23,3 +23,6 @@ drm-bridge-adv7511-fix-mutex-deadlock-when-interrupts-are-disabled.patch drm-bridge-adv7511-use-work_struct-to-defer-hotplug-handing-to-out-of-irq-context.patch drm-bridge-adv7511-switch-to-using-drm_kms_helper_hotplug_event.patch drm-bridge-adv7511-re-write-the-i2c-address-before-edid-probing.patch +btrfs-resume-qgroup-rescan-on-rw-remount.patch +locktorture-fix-potential-memory-leak-with-rw-lock-test.patch +alsa-msnd-optimize-harden-dsp-and-midi-loops.patch diff --git a/queue-4.9/series b/queue-4.9/series new file mode 100644 index 00000000000..9061ecd30f8 --- /dev/null +++ b/queue-4.9/series @@ -0,0 +1,9 @@ +mtd-nand-mxc-fix-mxc_v1-ooblayout.patch +mtd-nand-qcom-fix-read-failure-without-complete-bootchain.patch +mtd-nand-qcom-fix-config-error-for-bch.patch +nvme-fabrics-generate-spec-compliant-uuid-nqns.patch +btrfs-resume-qgroup-rescan-on-rw-remount.patch +selftests-x86-fsgsbase-test-selectors-1-2-and-3.patch +mm-memory.c-fix-mem_cgroup_oom_disable-call-missing.patch +locktorture-fix-potential-memory-leak-with-rw-lock-test.patch +alsa-msnd-optimize-harden-dsp-and-midi-loops.patch