From b7ac61c73fec5e7bd0df81611289619bd65067cf Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 7 Apr 2020 16:55:43 +0200 Subject: [PATCH] 4.19-stable patches added patches: bitops-protect-variables-in-set_mask_bits-macro.patch include-linux-notifier.h-srcu-fix-ctags.patch mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch serial-8250-fix-clearing-fifos-in-rs485-mode-again.patch --- ...ect-variables-in-set_mask_bits-macro.patch | 50 +++++++++++ ...lude-linux-notifier.h-srcu-fix-ctags.patch | 45 ++++++++++ ...-least-one-nodeid-for-mpol_preferred.patch | 57 ++++++++++++ ...x-clearing-fifos-in-rs485-mode-again.patch | 89 +++++++++++++++++++ queue-4.19/series | 4 + 5 files changed, 245 insertions(+) create mode 100644 queue-4.19/bitops-protect-variables-in-set_mask_bits-macro.patch create mode 100644 queue-4.19/include-linux-notifier.h-srcu-fix-ctags.patch create mode 100644 queue-4.19/mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch create mode 100644 queue-4.19/serial-8250-fix-clearing-fifos-in-rs485-mode-again.patch diff --git a/queue-4.19/bitops-protect-variables-in-set_mask_bits-macro.patch b/queue-4.19/bitops-protect-variables-in-set_mask_bits-macro.patch new file mode 100644 index 00000000000..f7120d61244 --- /dev/null +++ b/queue-4.19/bitops-protect-variables-in-set_mask_bits-macro.patch @@ -0,0 +1,50 @@ +From 18127429a854e7607b859484880b8e26cee9ddab Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Mon, 15 Oct 2018 15:43:06 +0200 +Subject: bitops: protect variables in set_mask_bits() macro + +From: Miklos Szeredi + +commit 18127429a854e7607b859484880b8e26cee9ddab upstream. + +Unprotected naming of local variables within the set_mask_bits() can easily +lead to using the wrong scope. + +Noticed this when "set_mask_bits(&foo->bar, 0, mask)" behaved as no-op. + +Signed-off-by: Miklos Szeredi +Fixes: 00a1a053ebe5 ("ext4: atomically set inode->i_flags in ext4_set_inode_flags()") +Cc: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/bitops.h | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/include/linux/bitops.h ++++ b/include/linux/bitops.h +@@ -236,17 +236,17 @@ static __always_inline void __assign_bit + #ifdef __KERNEL__ + + #ifndef set_mask_bits +-#define set_mask_bits(ptr, _mask, _bits) \ ++#define set_mask_bits(ptr, mask, bits) \ + ({ \ +- const typeof(*ptr) mask = (_mask), bits = (_bits); \ +- typeof(*ptr) old, new; \ ++ const typeof(*(ptr)) mask__ = (mask), bits__ = (bits); \ ++ typeof(*(ptr)) old__, new__; \ + \ + do { \ +- old = READ_ONCE(*ptr); \ +- new = (old & ~mask) | bits; \ +- } while (cmpxchg(ptr, old, new) != old); \ ++ old__ = READ_ONCE(*(ptr)); \ ++ new__ = (old__ & ~mask__) | bits__; \ ++ } while (cmpxchg(ptr, old__, new__) != old__); \ + \ +- new; \ ++ new__; \ + }) + #endif + diff --git a/queue-4.19/include-linux-notifier.h-srcu-fix-ctags.patch b/queue-4.19/include-linux-notifier.h-srcu-fix-ctags.patch new file mode 100644 index 00000000000..a3f76d45d25 --- /dev/null +++ b/queue-4.19/include-linux-notifier.h-srcu-fix-ctags.patch @@ -0,0 +1,45 @@ +From 94e297c50b529f5d01cfd1dbc808d61e95180ab7 Mon Sep 17 00:00:00 2001 +From: Sam Protsenko +Date: Fri, 2 Nov 2018 15:47:53 -0700 +Subject: include/linux/notifier.h: SRCU: fix ctags + +From: Sam Protsenko + +commit 94e297c50b529f5d01cfd1dbc808d61e95180ab7 upstream. + +ctags indexing ("make tags" command) throws this warning: + + ctags: Warning: include/linux/notifier.h:125: + null expansion of name pattern "\1" + +This is the result of DEFINE_PER_CPU() macro expansion. Fix that by +getting rid of line break. + +Similar fix was already done in commit 25528213fe9f ("tags: Fix +DEFINE_PER_CPU expansions"), but this one probably wasn't noticed. + +Link: http://lkml.kernel.org/r/20181030202808.28027-1-semen.protsenko@linaro.org +Fixes: 9c80172b902d ("kernel/SRCU: provide a static initializer") +Signed-off-by: Sam Protsenko +Cc: Sebastian Andrzej Siewior +Cc: Andy Shevchenko +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/notifier.h | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/include/linux/notifier.h ++++ b/include/linux/notifier.h +@@ -122,8 +122,7 @@ extern void srcu_init_notifier_head(stru + + #ifdef CONFIG_TREE_SRCU + #define _SRCU_NOTIFIER_HEAD(name, mod) \ +- static DEFINE_PER_CPU(struct srcu_data, \ +- name##_head_srcu_data); \ ++ static DEFINE_PER_CPU(struct srcu_data, name##_head_srcu_data); \ + mod struct srcu_notifier_head name = \ + SRCU_NOTIFIER_INIT(name, name##_head_srcu_data) + diff --git a/queue-4.19/mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch b/queue-4.19/mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch new file mode 100644 index 00000000000..6969f0ca3f3 --- /dev/null +++ b/queue-4.19/mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch @@ -0,0 +1,57 @@ +From aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Wed, 1 Apr 2020 21:10:58 -0700 +Subject: mm: mempolicy: require at least one nodeid for MPOL_PREFERRED + +From: Randy Dunlap + +commit aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd upstream. + +Using an empty (malformed) nodelist that is not caught during mount option +parsing leads to a stack-out-of-bounds access. + +The option string that was used was: "mpol=prefer:,". However, +MPOL_PREFERRED requires a single node number, which is not being provided +here. + +Add a check that 'nodes' is not empty after parsing for MPOL_PREFERRED's +nodeid. + +Fixes: 095f1fc4ebf3 ("mempolicy: rework shmem mpol parsing and display") +Reported-by: Entropy Moe <3ntr0py1337@gmail.com> +Reported-by: syzbot+b055b1a6b2b958707a21@syzkaller.appspotmail.com +Signed-off-by: Randy Dunlap +Signed-off-by: Andrew Morton +Tested-by: syzbot+b055b1a6b2b958707a21@syzkaller.appspotmail.com +Cc: Lee Schermerhorn +Link: http://lkml.kernel.org/r/89526377-7eb6-b662-e1d8-4430928abde9@infradead.org +Signed-off-by: Linus Torvalds +Cc: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + mm/mempolicy.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/mm/mempolicy.c ++++ b/mm/mempolicy.c +@@ -2832,7 +2832,9 @@ int mpol_parse_str(char *str, struct mem + switch (mode) { + case MPOL_PREFERRED: + /* +- * Insist on a nodelist of one node only ++ * Insist on a nodelist of one node only, although later ++ * we use first_node(nodes) to grab a single node, so here ++ * nodelist (or nodes) cannot be empty. + */ + if (nodelist) { + char *rest = nodelist; +@@ -2840,6 +2842,8 @@ int mpol_parse_str(char *str, struct mem + rest++; + if (*rest) + goto out; ++ if (nodes_empty(nodes)) ++ goto out; + } + break; + case MPOL_INTERLEAVE: diff --git a/queue-4.19/serial-8250-fix-clearing-fifos-in-rs485-mode-again.patch b/queue-4.19/serial-8250-fix-clearing-fifos-in-rs485-mode-again.patch new file mode 100644 index 00000000000..d8bc2ee744c --- /dev/null +++ b/queue-4.19/serial-8250-fix-clearing-fifos-in-rs485-mode-again.patch @@ -0,0 +1,89 @@ +From f6aa5beb45be27968a4df90176ca36dfc4363d37 Mon Sep 17 00:00:00 2001 +From: Marek Vasut +Date: Mon, 3 Sep 2018 02:44:52 +0200 +Subject: serial: 8250: Fix clearing FIFOs in RS485 mode again + +From: Marek Vasut + +commit f6aa5beb45be27968a4df90176ca36dfc4363d37 upstream. + +The 8250 FIFOs indeed need to be cleared after stopping transmission in +RS485 mode without SER_RS485_RX_DURING_TX flag set. But there are two +problems with the approach taken by the previous patch from Fixes tag. + +First, serial8250_clear_fifos() should clear fifos, but what it really +does is it enables the FIFOs unconditionally if present, clears them +and then sets the FCR register to zero, which effectively disables the +FIFOs. In case the FIFO is disabled, enabling it and clearing it makes +no sense and in fact can trigger misbehavior of the 8250 core. Moreover, +the FCR register may contain other FIFO configuration bits which may not +be writable unconditionally and writing them incorrectly can trigger +misbehavior of the 8250 core too. (ie. AM335x UART swallows the first +byte and retransmits the last byte twice because of this FCR write). + +Second, serial8250_clear_and_reinit_fifos() completely reloads the FCR, +but what really has to happen at the end of the RS485 transmission is +clearing of the FIFOs and nothing else. + +This patch repairs serial8250_clear_fifos() so that it really only +clears the FIFOs by operating on FCR[2:1] bits and leaves all the +other bits alone. It also undoes serial8250_clear_and_reinit_fifos() +from __do_stop_tx_rs485() as serial8250_clear_fifos() is sufficient. + +Signed-off-by: Marek Vasut +Fixes: 2bed8a8e7072 ("Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break") +Cc: Daniel Jedrychowski +Cc: Greg Kroah-Hartman +Cc: stable # let it bake a bit before merging +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/8250/8250_port.c | 29 ++++++++++++++++++++++++----- + 1 file changed, 24 insertions(+), 5 deletions(-) + +--- a/drivers/tty/serial/8250/8250_port.c ++++ b/drivers/tty/serial/8250/8250_port.c +@@ -552,11 +552,30 @@ static unsigned int serial_icr_read(stru + */ + static void serial8250_clear_fifos(struct uart_8250_port *p) + { ++ unsigned char fcr; ++ unsigned char clr_mask = UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT; ++ + if (p->capabilities & UART_CAP_FIFO) { +- serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO); +- serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO | +- UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT); +- serial_out(p, UART_FCR, 0); ++ /* ++ * Make sure to avoid changing FCR[7:3] and ENABLE_FIFO bits. ++ * In case ENABLE_FIFO is not set, there is nothing to flush ++ * so just return. Furthermore, on certain implementations of ++ * the 8250 core, the FCR[7:3] bits may only be changed under ++ * specific conditions and changing them if those conditions ++ * are not met can have nasty side effects. One such core is ++ * the 8250-omap present in TI AM335x. ++ */ ++ fcr = serial_in(p, UART_FCR); ++ ++ /* FIFO is not enabled, there's nothing to clear. */ ++ if (!(fcr & UART_FCR_ENABLE_FIFO)) ++ return; ++ ++ fcr |= clr_mask; ++ serial_out(p, UART_FCR, fcr); ++ ++ fcr &= ~clr_mask; ++ serial_out(p, UART_FCR, fcr); + } + } + +@@ -1448,7 +1467,7 @@ static void __do_stop_tx_rs485(struct ua + * Enable previously disabled RX interrupts. + */ + if (!(p->port.rs485.flags & SER_RS485_RX_DURING_TX)) { +- serial8250_clear_and_reinit_fifos(p); ++ serial8250_clear_fifos(p); + + p->ier |= UART_IER_RLSI | UART_IER_RDI; + serial_port_out(&p->port, UART_IER, p->ier); diff --git a/queue-4.19/series b/queue-4.19/series index 9725c5e04f2..372284a70ba 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -22,3 +22,7 @@ alsa-hda-ca0132-add-recon3di-quirk-to-handle-integrated-sound-on-evga-x99-classi rxrpc-fix-sendmsg-msg_waitall-handling.patch net-fix-tx-hash-bound-checking.patch padata-always-acquire-cpu_hotplug_lock-before-pinst-lock.patch +bitops-protect-variables-in-set_mask_bits-macro.patch +serial-8250-fix-clearing-fifos-in-rs485-mode-again.patch +include-linux-notifier.h-srcu-fix-ctags.patch +mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch -- 2.47.3