From 63044b276f8ca926430e34c1fb29221f350e7ec4 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Wed, 7 Apr 2021 19:53:08 -0400 Subject: [PATCH] Fixes for 4.4 Signed-off-by: Sasha Levin --- ...mapping-when-we-open-files-for-smb1-.patch | 42 +++++++++ ...y-ignore-unknown-oplock-break-handle.patch | 53 ++++++++++++ ...a-allocate-early-mca-with-gfp_atomic.patch | 61 +++++++++++++ ...se-first-enabled-channel-for-monitor.patch | 53 ++++++++++++ queue-4.4/misdn-fix-crash-in-fritzpci.patch | 86 +++++++++++++++++++ ...ix-a-potential-data-race-in-pxa168_e.patch | 42 +++++++++ queue-4.4/series | 7 ++ ...ff-fcf-protection-for-realmode-targe.patch | 43 ++++++++++ 8 files changed, 387 insertions(+) create mode 100644 queue-4.4/cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch create mode 100644 queue-4.4/cifs-silently-ignore-unknown-oplock-break-handle.patch create mode 100644 queue-4.4/ia64-mca-allocate-early-mca-with-gfp_atomic.patch create mode 100644 queue-4.4/mac80211-choose-first-enabled-channel-for-monitor.patch create mode 100644 queue-4.4/misdn-fix-crash-in-fritzpci.patch create mode 100644 queue-4.4/net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch create mode 100644 queue-4.4/series create mode 100644 queue-4.4/x86-build-turn-off-fcf-protection-for-realmode-targe.patch diff --git a/queue-4.4/cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch b/queue-4.4/cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch new file mode 100644 index 00000000000..73a9654ef37 --- /dev/null +++ b/queue-4.4/cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch @@ -0,0 +1,42 @@ +From 810c985c77f9048ac666d6befce0f926de7b490a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 16:26:35 +1000 +Subject: cifs: revalidate mapping when we open files for SMB1 POSIX + +From: Ronnie Sahlberg + +[ Upstream commit cee8f4f6fcabfdf229542926128e9874d19016d5 ] + +RHBZ: 1933527 + +Under SMB1 + POSIX, if an inode is reused on a server after we have read and +cached a part of a file, when we then open the new file with the +re-cycled inode there is a chance that we may serve the old data out of cache +to the application. +This only happens for SMB1 (deprecated) and when posix are used. +The simplest solution to avoid this race is to force a revalidate +on smb1-posix open. + +Signed-off-by: Ronnie Sahlberg +Reviewed-by: Paulo Alcantara (SUSE) +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/file.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/cifs/file.c b/fs/cifs/file.c +index b5a05092f862..5bc617cb7721 100644 +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -163,6 +163,7 @@ int cifs_posix_open(char *full_path, struct inode **pinode, + goto posix_open_ret; + } + } else { ++ cifs_revalidate_mapping(*pinode); + cifs_fattr_to_inode(*pinode, &fattr); + } + +-- +2.30.2 + diff --git a/queue-4.4/cifs-silently-ignore-unknown-oplock-break-handle.patch b/queue-4.4/cifs-silently-ignore-unknown-oplock-break-handle.patch new file mode 100644 index 00000000000..67c6fe5505f --- /dev/null +++ b/queue-4.4/cifs-silently-ignore-unknown-oplock-break-handle.patch @@ -0,0 +1,53 @@ +From 505da1b2d812ad9cc6606d219d9f9e7c796ad4c7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Mar 2021 14:57:11 +0100 +Subject: cifs: Silently ignore unknown oplock break handle + +From: Vincent Whitchurch + +[ Upstream commit 219481a8f90ec3a5eed9638fb35609e4b1aeece7 ] + +Make SMB2 not print out an error when an oplock break is received for an +unknown handle, similar to SMB1. The debug message which is printed for +these unknown handles may also be misleading, so fix that too. + +The SMB2 lease break path is not affected by this patch. + +Without this, a program which writes to a file from one thread, and +opens, reads, and writes the same file from another thread triggers the +below errors several times a minute when run against a Samba server +configured with "smb2 leases = no". + + CIFS: VFS: \\192.168.0.1 No task to wake, unknown frame received! NumMids 2 + 00000000: 424d53fe 00000040 00000000 00000012 .SMB@........... + 00000010: 00000001 00000000 ffffffff ffffffff ................ + 00000020: 00000000 00000000 00000000 00000000 ................ + 00000030: 00000000 00000000 00000000 00000000 ................ + +Signed-off-by: Vincent Whitchurch +Reviewed-by: Tom Talpey +Reviewed-by: Paulo Alcantara (SUSE) +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/smb2misc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c +index 44198b9a5315..19baeb4ca511 100644 +--- a/fs/cifs/smb2misc.c ++++ b/fs/cifs/smb2misc.c +@@ -633,8 +633,8 @@ smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server) + } + } + spin_unlock(&cifs_tcp_ses_lock); +- cifs_dbg(FYI, "Can not process oplock break for non-existent connection\n"); +- return false; ++ cifs_dbg(FYI, "No file id matched, oplock break ignored\n"); ++ return true; + } + + void +-- +2.30.2 + diff --git a/queue-4.4/ia64-mca-allocate-early-mca-with-gfp_atomic.patch b/queue-4.4/ia64-mca-allocate-early-mca-with-gfp_atomic.patch new file mode 100644 index 00000000000..f95c67b671e --- /dev/null +++ b/queue-4.4/ia64-mca-allocate-early-mca-with-gfp_atomic.patch @@ -0,0 +1,61 @@ +From 80b9e13179a23b13e11e67676b028972bda7a38b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 21:37:38 -0700 +Subject: ia64: mca: allocate early mca with GFP_ATOMIC + +From: Sergei Trofimovich + +[ Upstream commit f2a419cf495f95cac49ea289318b833477e1a0e2 ] + +The sleep warning happens at early boot right at secondary CPU +activation bootup: + + smp: Bringing up secondary CPUs ... + BUG: sleeping function called from invalid context at mm/page_alloc.c:4942 + in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 + CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.12.0-rc2-00007-g79e228d0b611-dirty #99 + .. + Call Trace: + show_stack+0x90/0xc0 + dump_stack+0x150/0x1c0 + ___might_sleep+0x1c0/0x2a0 + __might_sleep+0xa0/0x160 + __alloc_pages_nodemask+0x1a0/0x600 + alloc_page_interleave+0x30/0x1c0 + alloc_pages_current+0x2c0/0x340 + __get_free_pages+0x30/0xa0 + ia64_mca_cpu_init+0x2d0/0x3a0 + cpu_init+0x8b0/0x1440 + start_secondary+0x60/0x700 + start_ap+0x750/0x780 + Fixed BSP b0 value from CPU 1 + +As I understand interrupts are not enabled yet and system has a lot of +memory. There is little chance to sleep and switch to GFP_ATOMIC should +be a no-op. + +Link: https://lkml.kernel.org/r/20210315085045.204414-1-slyfox@gentoo.org +Signed-off-by: Sergei Trofimovich +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + arch/ia64/kernel/mca.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c +index 2889412e03eb..0d5b64ddcdd1 100644 +--- a/arch/ia64/kernel/mca.c ++++ b/arch/ia64/kernel/mca.c +@@ -1858,7 +1858,7 @@ ia64_mca_cpu_init(void *cpu_data) + data = mca_bootmem(); + first_time = 0; + } else +- data = (void *)__get_free_pages(GFP_KERNEL, ++ data = (void *)__get_free_pages(GFP_ATOMIC, + get_order(sz)); + if (!data) + panic("Could not allocate MCA memory for cpu %d\n", +-- +2.30.2 + diff --git a/queue-4.4/mac80211-choose-first-enabled-channel-for-monitor.patch b/queue-4.4/mac80211-choose-first-enabled-channel-for-monitor.patch new file mode 100644 index 00000000000..00bd13fc393 --- /dev/null +++ b/queue-4.4/mac80211-choose-first-enabled-channel-for-monitor.patch @@ -0,0 +1,53 @@ +From 7c067ce43783e2a17a709daa9d0c87f1652ccf63 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 11 Mar 2021 10:59:07 +0530 +Subject: mac80211: choose first enabled channel for monitor + +From: Karthikeyan Kathirvel + +[ Upstream commit 041c881a0ba8a75f71118bd9766b78f04beed469 ] + +Even if the first channel from sband channel list is invalid +or disabled mac80211 ends up choosing it as the default channel +for monitor interfaces, making them not usable. + +Fix this by assigning the first available valid or enabled +channel instead. + +Signed-off-by: Karthikeyan Kathirvel +Link: https://lore.kernel.org/r/1615440547-7661-1-git-send-email-kathirve@codeaurora.org +[reword commit message, comment, code cleanups] +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/main.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/net/mac80211/main.c b/net/mac80211/main.c +index 15d23aeea634..2357b17254e7 100644 +--- a/net/mac80211/main.c ++++ b/net/mac80211/main.c +@@ -889,8 +889,19 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) + continue; + + if (!dflt_chandef.chan) { ++ /* ++ * Assign the first enabled channel to dflt_chandef ++ * from the list of channels ++ */ ++ for (i = 0; i < sband->n_channels; i++) ++ if (!(sband->channels[i].flags & ++ IEEE80211_CHAN_DISABLED)) ++ break; ++ /* if none found then use the first anyway */ ++ if (i == sband->n_channels) ++ i = 0; + cfg80211_chandef_create(&dflt_chandef, +- &sband->channels[0], ++ &sband->channels[i], + NL80211_CHAN_NO_HT); + /* init channel we're on */ + if (!local->use_chanctx && !local->_oper_chandef.chan) { +-- +2.30.2 + diff --git a/queue-4.4/misdn-fix-crash-in-fritzpci.patch b/queue-4.4/misdn-fix-crash-in-fritzpci.patch new file mode 100644 index 00000000000..88823fd22de --- /dev/null +++ b/queue-4.4/misdn-fix-crash-in-fritzpci.patch @@ -0,0 +1,86 @@ +From b4df7a1bfc9f86c16d5516a190024a2c5310b9fe Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 10 Mar 2021 23:27:35 -0500 +Subject: mISDN: fix crash in fritzpci + +From: Tong Zhang + +[ Upstream commit a9f81244d2e33e6dfcef120fefd30c96b3f7cdb0 ] + +setup_fritz() in avmfritz.c might fail with -EIO and in this case the +isac.type and isac.write_reg is not initialized and remains 0(NULL). +A subsequent call to isac_release() will dereference isac->write_reg and +crash. + +[ 1.737444] BUG: kernel NULL pointer dereference, address: 0000000000000000 +[ 1.737809] #PF: supervisor instruction fetch in kernel mode +[ 1.738106] #PF: error_code(0x0010) - not-present page +[ 1.738378] PGD 0 P4D 0 +[ 1.738515] Oops: 0010 [#1] SMP NOPTI +[ 1.738711] CPU: 0 PID: 180 Comm: systemd-udevd Not tainted 5.12.0-rc2+ #78 +[ 1.739077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda519-p +rebuilt.qemu.org 04/01/2014 +[ 1.739664] RIP: 0010:0x0 +[ 1.739807] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. +[ 1.740200] RSP: 0018:ffffc9000027ba10 EFLAGS: 00010202 +[ 1.740478] RAX: 0000000000000000 RBX: ffff888102f41840 RCX: 0000000000000027 +[ 1.740853] RDX: 00000000000000ff RSI: 0000000000000020 RDI: ffff888102f41800 +[ 1.741226] RBP: ffffc9000027ba20 R08: ffff88817bc18440 R09: ffffc9000027b808 +[ 1.741600] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888102f41840 +[ 1.741976] R13: 00000000fffffffb R14: ffff888102f41800 R15: ffff8881008b0000 +[ 1.742351] FS: 00007fda3a38a8c0(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 +[ 1.742774] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 1.743076] CR2: ffffffffffffffd6 CR3: 00000001021ec000 CR4: 00000000000006f0 +[ 1.743452] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 1.743828] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 1.744206] Call Trace: +[ 1.744339] isac_release+0xcc/0xe0 [mISDNipac] +[ 1.744582] fritzpci_probe.cold+0x282/0x739 [avmfritz] +[ 1.744861] local_pci_probe+0x48/0x80 +[ 1.745063] pci_device_probe+0x10f/0x1c0 +[ 1.745278] really_probe+0xfb/0x420 +[ 1.745471] driver_probe_device+0xe9/0x160 +[ 1.745693] device_driver_attach+0x5d/0x70 +[ 1.745917] __driver_attach+0x8f/0x150 +[ 1.746123] ? device_driver_attach+0x70/0x70 +[ 1.746354] bus_for_each_dev+0x7e/0xc0 +[ 1.746560] driver_attach+0x1e/0x20 +[ 1.746751] bus_add_driver+0x152/0x1f0 +[ 1.746957] driver_register+0x74/0xd0 +[ 1.747157] ? 0xffffffffc00d8000 +[ 1.747334] __pci_register_driver+0x54/0x60 +[ 1.747562] AVM_init+0x36/0x1000 [avmfritz] +[ 1.747791] do_one_initcall+0x48/0x1d0 +[ 1.747997] ? __cond_resched+0x19/0x30 +[ 1.748206] ? kmem_cache_alloc_trace+0x390/0x440 +[ 1.748458] ? do_init_module+0x28/0x250 +[ 1.748669] do_init_module+0x62/0x250 +[ 1.748870] load_module+0x23ee/0x26a0 +[ 1.749073] __do_sys_finit_module+0xc2/0x120 +[ 1.749307] ? __do_sys_finit_module+0xc2/0x120 +[ 1.749549] __x64_sys_finit_module+0x1a/0x20 +[ 1.749782] do_syscall_64+0x38/0x90 + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/isdn/hardware/mISDN/mISDNipac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/isdn/hardware/mISDN/mISDNipac.c b/drivers/isdn/hardware/mISDN/mISDNipac.c +index cb428b9ee441..b4639b0aab3c 100644 +--- a/drivers/isdn/hardware/mISDN/mISDNipac.c ++++ b/drivers/isdn/hardware/mISDN/mISDNipac.c +@@ -709,7 +709,7 @@ isac_release(struct isac_hw *isac) + { + if (isac->type & IPAC_TYPE_ISACX) + WriteISAC(isac, ISACX_MASK, 0xff); +- else ++ else if (isac->type != 0) + WriteISAC(isac, ISAC_MASK, 0xff); + if (isac->dch.timer.function != NULL) { + del_timer(&isac->dch.timer); +-- +2.30.2 + diff --git a/queue-4.4/net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch b/queue-4.4/net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch new file mode 100644 index 00000000000..7b7147c404e --- /dev/null +++ b/queue-4.4/net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch @@ -0,0 +1,42 @@ +From a7172ba5a18f4e69fbdcd48663565dafa61706c1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 10 Mar 2021 11:10:46 +0300 +Subject: net: pxa168_eth: Fix a potential data race in pxa168_eth_remove + +From: Pavel Andrianov + +[ Upstream commit 0571a753cb07982cc82f4a5115e0b321da89e1f3 ] + +pxa168_eth_remove() firstly calls unregister_netdev(), +then cancels a timeout work. unregister_netdev() shuts down a device +interface and removes it from the kernel tables. If the timeout occurs +in parallel, the timeout work (pxa168_eth_tx_timeout_task) performs stop +and open of the device. It may lead to an inconsistent state and memory +leaks. + +Found by Linux Driver Verification project (linuxtesting.org). + +Signed-off-by: Pavel Andrianov +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/marvell/pxa168_eth.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/marvell/pxa168_eth.c b/drivers/net/ethernet/marvell/pxa168_eth.c +index 7ace07dad6a3..9986f88618bd 100644 +--- a/drivers/net/ethernet/marvell/pxa168_eth.c ++++ b/drivers/net/ethernet/marvell/pxa168_eth.c +@@ -1577,8 +1577,8 @@ static int pxa168_eth_remove(struct platform_device *pdev) + + mdiobus_unregister(pep->smi_bus); + mdiobus_free(pep->smi_bus); +- unregister_netdev(dev); + cancel_work_sync(&pep->tx_timeout_task); ++ unregister_netdev(dev); + free_netdev(dev); + return 0; + } +-- +2.30.2 + diff --git a/queue-4.4/series b/queue-4.4/series new file mode 100644 index 00000000000..11bb37cc3dc --- /dev/null +++ b/queue-4.4/series @@ -0,0 +1,7 @@ +net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch +misdn-fix-crash-in-fritzpci.patch +mac80211-choose-first-enabled-channel-for-monitor.patch +x86-build-turn-off-fcf-protection-for-realmode-targe.patch +ia64-mca-allocate-early-mca-with-gfp_atomic.patch +cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch +cifs-silently-ignore-unknown-oplock-break-handle.patch diff --git a/queue-4.4/x86-build-turn-off-fcf-protection-for-realmode-targe.patch b/queue-4.4/x86-build-turn-off-fcf-protection-for-realmode-targe.patch new file mode 100644 index 00000000000..2db51854f01 --- /dev/null +++ b/queue-4.4/x86-build-turn-off-fcf-protection-for-realmode-targe.patch @@ -0,0 +1,43 @@ +From 85fb45312e104116bbdf6c98a40bf6477ca0c818 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 13:48:36 +0100 +Subject: x86/build: Turn off -fcf-protection for realmode targets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Arnd Bergmann + +[ Upstream commit 9fcb51c14da2953de585c5c6e50697b8a6e91a7b ] + +The new Ubuntu GCC packages turn on -fcf-protection globally, +which causes a build failure in the x86 realmode code: + + cc1: error: ‘-fcf-protection’ is not compatible with this target + +Turn it off explicitly on compilers that understand this option. + +Signed-off-by: Arnd Bergmann +Signed-off-by: Ingo Molnar +Link: https://lore.kernel.org/r/20210323124846.1584944-1-arnd@kernel.org +Signed-off-by: Sasha Levin +--- + arch/x86/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/Makefile b/arch/x86/Makefile +index 5fece9334f12..2b3adb3008c3 100644 +--- a/arch/x86/Makefile ++++ b/arch/x86/Makefile +@@ -34,7 +34,7 @@ REALMODE_CFLAGS := $(M16_CFLAGS) -g -Os -D__KERNEL__ \ + -DDISABLE_BRANCH_PROFILING \ + -Wall -Wstrict-prototypes -march=i386 -mregparm=3 \ + -fno-strict-aliasing -fomit-frame-pointer -fno-pic \ +- -mno-mmx -mno-sse ++ -mno-mmx -mno-sse $(call cc-option,-fcf-protection=none) + + REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -ffreestanding) + REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -fno-stack-protector) +-- +2.30.2 + -- 2.47.3