Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
Date: Wed, 10 Jan 2018 11:47:25
Message-Id: 1515584831.9288fa6d94a9020316950d84f455e3e52c9b7d5a.mpagano@gentoo
1 commit: 9288fa6d94a9020316950d84f455e3e52c9b7d5a
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed Jan 10 11:47:11 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Jan 10 11:47:11 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=9288fa6d
7
8 Linux patch 4.9.76
9
10 0000_README | 4 +
11 1075_linux-4.9.76.patch | 787 ++++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 791 insertions(+)
13
14 diff --git a/0000_README b/0000_README
15 index 50f031f..f7c3cd9 100644
16 --- a/0000_README
17 +++ b/0000_README
18 @@ -343,6 +343,10 @@ Patch: 1074_linux-4.9.75.patch
19 From: http://www.kernel.org
20 Desc: Linux 4.9.75
21
22 +Patch: 1075_linux-4.9.76.patch
23 +From: http://www.kernel.org
24 +Desc: Linux 4.9.76
25 +
26 Patch: 1500_XATTR_USER_PREFIX.patch
27 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
28 Desc: Support for namespace user.pax.* on tmpfs.
29
30 diff --git a/1075_linux-4.9.76.patch b/1075_linux-4.9.76.patch
31 new file mode 100644
32 index 0000000..ea4d1dd
33 --- /dev/null
34 +++ b/1075_linux-4.9.76.patch
35 @@ -0,0 +1,787 @@
36 +diff --git a/Makefile b/Makefile
37 +index acbc1b032db2..2637f0ed0a07 100644
38 +--- a/Makefile
39 ++++ b/Makefile
40 +@@ -1,6 +1,6 @@
41 + VERSION = 4
42 + PATCHLEVEL = 9
43 +-SUBLEVEL = 75
44 ++SUBLEVEL = 76
45 + EXTRAVERSION =
46 + NAME = Roaring Lionus
47 +
48 +diff --git a/arch/arc/include/asm/uaccess.h b/arch/arc/include/asm/uaccess.h
49 +index 41faf17cd28d..0684fd2f42e8 100644
50 +--- a/arch/arc/include/asm/uaccess.h
51 ++++ b/arch/arc/include/asm/uaccess.h
52 +@@ -673,6 +673,7 @@ __arc_strncpy_from_user(char *dst, const char __user *src, long count)
53 + return 0;
54 +
55 + __asm__ __volatile__(
56 ++ " mov lp_count, %5 \n"
57 + " lp 3f \n"
58 + "1: ldb.ab %3, [%2, 1] \n"
59 + " breq.d %3, 0, 3f \n"
60 +@@ -689,8 +690,8 @@ __arc_strncpy_from_user(char *dst, const char __user *src, long count)
61 + " .word 1b, 4b \n"
62 + " .previous \n"
63 + : "+r"(res), "+r"(dst), "+r"(src), "=r"(val)
64 +- : "g"(-EFAULT), "l"(count)
65 +- : "memory");
66 ++ : "g"(-EFAULT), "r"(count)
67 ++ : "lp_count", "lp_start", "lp_end", "memory");
68 +
69 + return res;
70 + }
71 +diff --git a/arch/parisc/include/asm/ldcw.h b/arch/parisc/include/asm/ldcw.h
72 +index 8be707e1b6c7..82dea145574e 100644
73 +--- a/arch/parisc/include/asm/ldcw.h
74 ++++ b/arch/parisc/include/asm/ldcw.h
75 +@@ -11,6 +11,7 @@
76 + for the semaphore. */
77 +
78 + #define __PA_LDCW_ALIGNMENT 16
79 ++#define __PA_LDCW_ALIGN_ORDER 4
80 + #define __ldcw_align(a) ({ \
81 + unsigned long __ret = (unsigned long) &(a)->lock[0]; \
82 + __ret = (__ret + __PA_LDCW_ALIGNMENT - 1) \
83 +@@ -28,6 +29,7 @@
84 + ldcd). */
85 +
86 + #define __PA_LDCW_ALIGNMENT 4
87 ++#define __PA_LDCW_ALIGN_ORDER 2
88 + #define __ldcw_align(a) (&(a)->slock)
89 + #define __LDCW "ldcw,co"
90 +
91 +diff --git a/arch/parisc/kernel/entry.S b/arch/parisc/kernel/entry.S
92 +index 4fcff2dcc9c3..e3d3e8e1d708 100644
93 +--- a/arch/parisc/kernel/entry.S
94 ++++ b/arch/parisc/kernel/entry.S
95 +@@ -35,6 +35,7 @@
96 + #include <asm/pgtable.h>
97 + #include <asm/signal.h>
98 + #include <asm/unistd.h>
99 ++#include <asm/ldcw.h>
100 + #include <asm/thread_info.h>
101 +
102 + #include <linux/linkage.h>
103 +@@ -46,6 +47,14 @@
104 + #endif
105 +
106 + .import pa_tlb_lock,data
107 ++ .macro load_pa_tlb_lock reg
108 ++#if __PA_LDCW_ALIGNMENT > 4
109 ++ load32 PA(pa_tlb_lock) + __PA_LDCW_ALIGNMENT-1, \reg
110 ++ depi 0,31,__PA_LDCW_ALIGN_ORDER, \reg
111 ++#else
112 ++ load32 PA(pa_tlb_lock), \reg
113 ++#endif
114 ++ .endm
115 +
116 + /* space_to_prot macro creates a prot id from a space id */
117 +
118 +@@ -457,7 +466,7 @@
119 + .macro tlb_lock spc,ptp,pte,tmp,tmp1,fault
120 + #ifdef CONFIG_SMP
121 + cmpib,COND(=),n 0,\spc,2f
122 +- load32 PA(pa_tlb_lock),\tmp
123 ++ load_pa_tlb_lock \tmp
124 + 1: LDCW 0(\tmp),\tmp1
125 + cmpib,COND(=) 0,\tmp1,1b
126 + nop
127 +@@ -480,7 +489,7 @@
128 + /* Release pa_tlb_lock lock. */
129 + .macro tlb_unlock1 spc,tmp
130 + #ifdef CONFIG_SMP
131 +- load32 PA(pa_tlb_lock),\tmp
132 ++ load_pa_tlb_lock \tmp
133 + tlb_unlock0 \spc,\tmp
134 + #endif
135 + .endm
136 +diff --git a/arch/parisc/kernel/pacache.S b/arch/parisc/kernel/pacache.S
137 +index adf7187f8951..2d40c4ff3f69 100644
138 +--- a/arch/parisc/kernel/pacache.S
139 ++++ b/arch/parisc/kernel/pacache.S
140 +@@ -36,6 +36,7 @@
141 + #include <asm/assembly.h>
142 + #include <asm/pgtable.h>
143 + #include <asm/cache.h>
144 ++#include <asm/ldcw.h>
145 + #include <linux/linkage.h>
146 +
147 + .text
148 +@@ -333,8 +334,12 @@ ENDPROC_CFI(flush_data_cache_local)
149 +
150 + .macro tlb_lock la,flags,tmp
151 + #ifdef CONFIG_SMP
152 +- ldil L%pa_tlb_lock,%r1
153 +- ldo R%pa_tlb_lock(%r1),\la
154 ++#if __PA_LDCW_ALIGNMENT > 4
155 ++ load32 pa_tlb_lock + __PA_LDCW_ALIGNMENT-1, \la
156 ++ depi 0,31,__PA_LDCW_ALIGN_ORDER, \la
157 ++#else
158 ++ load32 pa_tlb_lock, \la
159 ++#endif
160 + rsm PSW_SM_I,\flags
161 + 1: LDCW 0(\la),\tmp
162 + cmpib,<>,n 0,\tmp,3f
163 +diff --git a/arch/parisc/kernel/process.c b/arch/parisc/kernel/process.c
164 +index 7593787ed4c3..c3a532abac03 100644
165 +--- a/arch/parisc/kernel/process.c
166 ++++ b/arch/parisc/kernel/process.c
167 +@@ -39,6 +39,7 @@
168 + #include <linux/kernel.h>
169 + #include <linux/mm.h>
170 + #include <linux/fs.h>
171 ++#include <linux/cpu.h>
172 + #include <linux/module.h>
173 + #include <linux/personality.h>
174 + #include <linux/ptrace.h>
175 +@@ -180,6 +181,44 @@ int dump_task_fpu (struct task_struct *tsk, elf_fpregset_t *r)
176 + return 1;
177 + }
178 +
179 ++/*
180 ++ * Idle thread support
181 ++ *
182 ++ * Detect when running on QEMU with SeaBIOS PDC Firmware and let
183 ++ * QEMU idle the host too.
184 ++ */
185 ++
186 ++int running_on_qemu __read_mostly;
187 ++
188 ++void __cpuidle arch_cpu_idle_dead(void)
189 ++{
190 ++ /* nop on real hardware, qemu will offline CPU. */
191 ++ asm volatile("or %%r31,%%r31,%%r31\n":::);
192 ++}
193 ++
194 ++void __cpuidle arch_cpu_idle(void)
195 ++{
196 ++ local_irq_enable();
197 ++
198 ++ /* nop on real hardware, qemu will idle sleep. */
199 ++ asm volatile("or %%r10,%%r10,%%r10\n":::);
200 ++}
201 ++
202 ++static int __init parisc_idle_init(void)
203 ++{
204 ++ const char *marker;
205 ++
206 ++ /* check QEMU/SeaBIOS marker in PAGE0 */
207 ++ marker = (char *) &PAGE0->pad0;
208 ++ running_on_qemu = (memcmp(marker, "SeaBIOS", 8) == 0);
209 ++
210 ++ if (!running_on_qemu)
211 ++ cpu_idle_poll_ctrl(1);
212 ++
213 ++ return 0;
214 ++}
215 ++arch_initcall(parisc_idle_init);
216 ++
217 + /*
218 + * Copy architecture-specific thread state
219 + */
220 +diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c
221 +index 0f9cd90c11af..f06a9a0063f1 100644
222 +--- a/arch/s390/kernel/compat_linux.c
223 ++++ b/arch/s390/kernel/compat_linux.c
224 +@@ -263,6 +263,7 @@ COMPAT_SYSCALL_DEFINE2(s390_setgroups16, int, gidsetsize, u16 __user *, grouplis
225 + return retval;
226 + }
227 +
228 ++ groups_sort(group_info);
229 + retval = set_current_groups(group_info);
230 + put_group_info(group_info);
231 +
232 +diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c
233 +index 636c4b341f36..6bb7e92c6d50 100644
234 +--- a/arch/x86/entry/vsyscall/vsyscall_64.c
235 ++++ b/arch/x86/entry/vsyscall/vsyscall_64.c
236 +@@ -66,6 +66,11 @@ static int __init vsyscall_setup(char *str)
237 + }
238 + early_param("vsyscall", vsyscall_setup);
239 +
240 ++bool vsyscall_enabled(void)
241 ++{
242 ++ return vsyscall_mode != NONE;
243 ++}
244 ++
245 + static void warn_bad_vsyscall(const char *level, struct pt_regs *regs,
246 + const char *message)
247 + {
248 +diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscall.h
249 +index 6ba66ee79710..4865e10dbb55 100644
250 +--- a/arch/x86/include/asm/vsyscall.h
251 ++++ b/arch/x86/include/asm/vsyscall.h
252 +@@ -12,12 +12,14 @@ extern void map_vsyscall(void);
253 + * Returns true if handled.
254 + */
255 + extern bool emulate_vsyscall(struct pt_regs *regs, unsigned long address);
256 ++extern bool vsyscall_enabled(void);
257 + #else
258 + static inline void map_vsyscall(void) {}
259 + static inline bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
260 + {
261 + return false;
262 + }
263 ++static inline bool vsyscall_enabled(void) { return false; }
264 + #endif
265 +
266 + #endif /* _ASM_X86_VSYSCALL_H */
267 +diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
268 +index 017bda12caae..b74bb29db6b9 100644
269 +--- a/arch/x86/kernel/cpu/microcode/amd.c
270 ++++ b/arch/x86/kernel/cpu/microcode/amd.c
271 +@@ -592,6 +592,7 @@ static unsigned int verify_patch_size(u8 family, u32 patch_size,
272 + #define F14H_MPB_MAX_SIZE 1824
273 + #define F15H_MPB_MAX_SIZE 4096
274 + #define F16H_MPB_MAX_SIZE 3458
275 ++#define F17H_MPB_MAX_SIZE 3200
276 +
277 + switch (family) {
278 + case 0x14:
279 +@@ -603,6 +604,9 @@ static unsigned int verify_patch_size(u8 family, u32 patch_size,
280 + case 0x16:
281 + max_size = F16H_MPB_MAX_SIZE;
282 + break;
283 ++ case 0x17:
284 ++ max_size = F17H_MPB_MAX_SIZE;
285 ++ break;
286 + default:
287 + max_size = F1XH_MPB_MAX_SIZE;
288 + break;
289 +diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
290 +index 1e779bca4f3e..f92bdb9f4e46 100644
291 +--- a/arch/x86/mm/init.c
292 ++++ b/arch/x86/mm/init.c
293 +@@ -768,7 +768,7 @@ DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate) = {
294 + .state = 0,
295 + .cr4 = ~0UL, /* fail hard if we screw up cr4 shadow initialization */
296 + };
297 +-EXPORT_SYMBOL_GPL(cpu_tlbstate);
298 ++EXPORT_PER_CPU_SYMBOL(cpu_tlbstate);
299 +
300 + void update_cache_mode_entry(unsigned entry, enum page_cache_mode cache)
301 + {
302 +diff --git a/arch/x86/mm/kaiser.c b/arch/x86/mm/kaiser.c
303 +index d8376b4ad9f0..8f8e5e03d083 100644
304 +--- a/arch/x86/mm/kaiser.c
305 ++++ b/arch/x86/mm/kaiser.c
306 +@@ -19,6 +19,7 @@
307 + #include <asm/pgalloc.h>
308 + #include <asm/desc.h>
309 + #include <asm/cmdline.h>
310 ++#include <asm/vsyscall.h>
311 +
312 + int kaiser_enabled __read_mostly = 1;
313 + EXPORT_SYMBOL(kaiser_enabled); /* for inlined TLB flush functions */
314 +@@ -110,12 +111,13 @@ static inline unsigned long get_pa_from_mapping(unsigned long vaddr)
315 + *
316 + * Returns a pointer to a PTE on success, or NULL on failure.
317 + */
318 +-static pte_t *kaiser_pagetable_walk(unsigned long address)
319 ++static pte_t *kaiser_pagetable_walk(unsigned long address, bool user)
320 + {
321 + pmd_t *pmd;
322 + pud_t *pud;
323 + pgd_t *pgd = native_get_shadow_pgd(pgd_offset_k(address));
324 + gfp_t gfp = (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO);
325 ++ unsigned long prot = _KERNPG_TABLE;
326 +
327 + if (pgd_none(*pgd)) {
328 + WARN_ONCE(1, "All shadow pgds should have been populated");
329 +@@ -123,6 +125,17 @@ static pte_t *kaiser_pagetable_walk(unsigned long address)
330 + }
331 + BUILD_BUG_ON(pgd_large(*pgd) != 0);
332 +
333 ++ if (user) {
334 ++ /*
335 ++ * The vsyscall page is the only page that will have
336 ++ * _PAGE_USER set. Catch everything else.
337 ++ */
338 ++ BUG_ON(address != VSYSCALL_ADDR);
339 ++
340 ++ set_pgd(pgd, __pgd(pgd_val(*pgd) | _PAGE_USER));
341 ++ prot = _PAGE_TABLE;
342 ++ }
343 ++
344 + pud = pud_offset(pgd, address);
345 + /* The shadow page tables do not use large mappings: */
346 + if (pud_large(*pud)) {
347 +@@ -135,7 +148,7 @@ static pte_t *kaiser_pagetable_walk(unsigned long address)
348 + return NULL;
349 + spin_lock(&shadow_table_allocation_lock);
350 + if (pud_none(*pud)) {
351 +- set_pud(pud, __pud(_KERNPG_TABLE | __pa(new_pmd_page)));
352 ++ set_pud(pud, __pud(prot | __pa(new_pmd_page)));
353 + __inc_zone_page_state(virt_to_page((void *)
354 + new_pmd_page), NR_KAISERTABLE);
355 + } else
356 +@@ -155,7 +168,7 @@ static pte_t *kaiser_pagetable_walk(unsigned long address)
357 + return NULL;
358 + spin_lock(&shadow_table_allocation_lock);
359 + if (pmd_none(*pmd)) {
360 +- set_pmd(pmd, __pmd(_KERNPG_TABLE | __pa(new_pte_page)));
361 ++ set_pmd(pmd, __pmd(prot | __pa(new_pte_page)));
362 + __inc_zone_page_state(virt_to_page((void *)
363 + new_pte_page), NR_KAISERTABLE);
364 + } else
365 +@@ -191,7 +204,7 @@ static int kaiser_add_user_map(const void *__start_addr, unsigned long size,
366 + ret = -EIO;
367 + break;
368 + }
369 +- pte = kaiser_pagetable_walk(address);
370 ++ pte = kaiser_pagetable_walk(address, flags & _PAGE_USER);
371 + if (!pte) {
372 + ret = -ENOMEM;
373 + break;
374 +@@ -318,6 +331,19 @@ void __init kaiser_init(void)
375 +
376 + kaiser_init_all_pgds();
377 +
378 ++ /*
379 ++ * Note that this sets _PAGE_USER and it needs to happen when the
380 ++ * pagetable hierarchy gets created, i.e., early. Otherwise
381 ++ * kaiser_pagetable_walk() will encounter initialized PTEs in the
382 ++ * hierarchy and not set the proper permissions, leading to the
383 ++ * pagefaults with page-protection violations when trying to read the
384 ++ * vsyscall page. For example.
385 ++ */
386 ++ if (vsyscall_enabled())
387 ++ kaiser_add_user_map_early((void *)VSYSCALL_ADDR,
388 ++ PAGE_SIZE,
389 ++ __PAGE_KERNEL_VSYSCALL);
390 ++
391 + for_each_possible_cpu(cpu) {
392 + void *percpu_vaddr = __per_cpu_user_mapped_start +
393 + per_cpu_offset(cpu);
394 +diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c
395 +index e899ef51dc8e..cb1c3a3287b0 100644
396 +--- a/crypto/chacha20poly1305.c
397 ++++ b/crypto/chacha20poly1305.c
398 +@@ -610,6 +610,11 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb,
399 + algt->mask));
400 + if (IS_ERR(poly))
401 + return PTR_ERR(poly);
402 ++ poly_hash = __crypto_hash_alg_common(poly);
403 ++
404 ++ err = -EINVAL;
405 ++ if (poly_hash->digestsize != POLY1305_DIGEST_SIZE)
406 ++ goto out_put_poly;
407 +
408 + err = -ENOMEM;
409 + inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
410 +@@ -618,7 +623,6 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb,
411 +
412 + ctx = aead_instance_ctx(inst);
413 + ctx->saltlen = CHACHAPOLY_IV_SIZE - ivsize;
414 +- poly_hash = __crypto_hash_alg_common(poly);
415 + err = crypto_init_ahash_spawn(&ctx->poly, poly_hash,
416 + aead_crypto_instance(inst));
417 + if (err)
418 +diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
419 +index ee9cfb99fe25..f8ec3d4ba4a8 100644
420 +--- a/crypto/pcrypt.c
421 ++++ b/crypto/pcrypt.c
422 +@@ -254,6 +254,14 @@ static void pcrypt_aead_exit_tfm(struct crypto_aead *tfm)
423 + crypto_free_aead(ctx->child);
424 + }
425 +
426 ++static void pcrypt_free(struct aead_instance *inst)
427 ++{
428 ++ struct pcrypt_instance_ctx *ctx = aead_instance_ctx(inst);
429 ++
430 ++ crypto_drop_aead(&ctx->spawn);
431 ++ kfree(inst);
432 ++}
433 ++
434 + static int pcrypt_init_instance(struct crypto_instance *inst,
435 + struct crypto_alg *alg)
436 + {
437 +@@ -319,6 +327,8 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb,
438 + inst->alg.encrypt = pcrypt_aead_encrypt;
439 + inst->alg.decrypt = pcrypt_aead_decrypt;
440 +
441 ++ inst->free = pcrypt_free;
442 ++
443 + err = aead_register_instance(tmpl, inst);
444 + if (err)
445 + goto out_drop_aead;
446 +@@ -349,14 +359,6 @@ static int pcrypt_create(struct crypto_template *tmpl, struct rtattr **tb)
447 + return -EINVAL;
448 + }
449 +
450 +-static void pcrypt_free(struct crypto_instance *inst)
451 +-{
452 +- struct pcrypt_instance_ctx *ctx = crypto_instance_ctx(inst);
453 +-
454 +- crypto_drop_aead(&ctx->spawn);
455 +- kfree(inst);
456 +-}
457 +-
458 + static int pcrypt_cpumask_change_notify(struct notifier_block *self,
459 + unsigned long val, void *data)
460 + {
461 +@@ -469,7 +471,6 @@ static void pcrypt_fini_padata(struct padata_pcrypt *pcrypt)
462 + static struct crypto_template pcrypt_tmpl = {
463 + .name = "pcrypt",
464 + .create = pcrypt_create,
465 +- .free = pcrypt_free,
466 + .module = THIS_MODULE,
467 + };
468 +
469 +diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
470 +index 7d506cb73e54..4d30da269060 100644
471 +--- a/drivers/block/nbd.c
472 ++++ b/drivers/block/nbd.c
473 +@@ -272,6 +272,7 @@ static int nbd_send_cmd(struct nbd_device *nbd, struct nbd_cmd *cmd)
474 + int result, flags;
475 + struct nbd_request request;
476 + unsigned long size = blk_rq_bytes(req);
477 ++ struct bio *bio;
478 + u32 type;
479 +
480 + if (req->cmd_type == REQ_TYPE_DRV_PRIV)
481 +@@ -305,16 +306,20 @@ static int nbd_send_cmd(struct nbd_device *nbd, struct nbd_cmd *cmd)
482 + return -EIO;
483 + }
484 +
485 +- if (type == NBD_CMD_WRITE) {
486 +- struct req_iterator iter;
487 ++ if (type != NBD_CMD_WRITE)
488 ++ return 0;
489 ++
490 ++ flags = 0;
491 ++ bio = req->bio;
492 ++ while (bio) {
493 ++ struct bio *next = bio->bi_next;
494 ++ struct bvec_iter iter;
495 + struct bio_vec bvec;
496 +- /*
497 +- * we are really probing at internals to determine
498 +- * whether to set MSG_MORE or not...
499 +- */
500 +- rq_for_each_segment(bvec, req, iter) {
501 +- flags = 0;
502 +- if (!rq_iter_last(bvec, iter))
503 ++
504 ++ bio_for_each_segment(bvec, bio, iter) {
505 ++ bool is_last = !next && bio_iter_last(bvec, iter);
506 ++
507 ++ if (is_last)
508 + flags = MSG_MORE;
509 + dev_dbg(nbd_to_dev(nbd), "request %p: sending %d bytes data\n",
510 + cmd, bvec.bv_len);
511 +@@ -325,7 +330,16 @@ static int nbd_send_cmd(struct nbd_device *nbd, struct nbd_cmd *cmd)
512 + result);
513 + return -EIO;
514 + }
515 ++ /*
516 ++ * The completion might already have come in,
517 ++ * so break for the last one instead of letting
518 ++ * the iterator do it. This prevents use-after-free
519 ++ * of the bio.
520 ++ */
521 ++ if (is_last)
522 ++ break;
523 + }
524 ++ bio = next;
525 + }
526 + return 0;
527 + }
528 +diff --git a/drivers/bus/sunxi-rsb.c b/drivers/bus/sunxi-rsb.c
529 +index 795c9d9c96a6..2051d926e303 100644
530 +--- a/drivers/bus/sunxi-rsb.c
531 ++++ b/drivers/bus/sunxi-rsb.c
532 +@@ -178,6 +178,7 @@ static struct bus_type sunxi_rsb_bus = {
533 + .match = sunxi_rsb_device_match,
534 + .probe = sunxi_rsb_device_probe,
535 + .remove = sunxi_rsb_device_remove,
536 ++ .uevent = of_device_uevent_modalias,
537 + };
538 +
539 + static void sunxi_rsb_dev_release(struct device *dev)
540 +diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
541 +index c5aac25a5738..b365ad78ac27 100644
542 +--- a/drivers/crypto/n2_core.c
543 ++++ b/drivers/crypto/n2_core.c
544 +@@ -1620,6 +1620,7 @@ static int queue_cache_init(void)
545 + CWQ_ENTRY_SIZE, 0, NULL);
546 + if (!queue_cache[HV_NCS_QTYPE_CWQ - 1]) {
547 + kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_MAU - 1]);
548 ++ queue_cache[HV_NCS_QTYPE_MAU - 1] = NULL;
549 + return -ENOMEM;
550 + }
551 + return 0;
552 +@@ -1629,6 +1630,8 @@ static void queue_cache_destroy(void)
553 + {
554 + kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_MAU - 1]);
555 + kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_CWQ - 1]);
556 ++ queue_cache[HV_NCS_QTYPE_MAU - 1] = NULL;
557 ++ queue_cache[HV_NCS_QTYPE_CWQ - 1] = NULL;
558 + }
559 +
560 + static int spu_queue_register(struct spu_queue *p, unsigned long q_type)
561 +diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c
562 +index cd834da5934a..59603a5728f7 100644
563 +--- a/drivers/input/mouse/elantech.c
564 ++++ b/drivers/input/mouse/elantech.c
565 +@@ -1609,7 +1609,7 @@ static int elantech_set_properties(struct elantech_data *etd)
566 + case 5:
567 + etd->hw_version = 3;
568 + break;
569 +- case 6 ... 14:
570 ++ case 6 ... 15:
571 + etd->hw_version = 4;
572 + break;
573 + default:
574 +diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
575 +index d3d975ae24b7..7f294f785ce6 100644
576 +--- a/drivers/iommu/arm-smmu-v3.c
577 ++++ b/drivers/iommu/arm-smmu-v3.c
578 +@@ -1547,13 +1547,15 @@ static int arm_smmu_domain_finalise(struct iommu_domain *domain)
579 + domain->pgsize_bitmap = pgtbl_cfg.pgsize_bitmap;
580 + domain->geometry.aperture_end = (1UL << ias) - 1;
581 + domain->geometry.force_aperture = true;
582 +- smmu_domain->pgtbl_ops = pgtbl_ops;
583 +
584 + ret = finalise_stage_fn(smmu_domain, &pgtbl_cfg);
585 +- if (ret < 0)
586 ++ if (ret < 0) {
587 + free_io_pgtable_ops(pgtbl_ops);
588 ++ return ret;
589 ++ }
590 +
591 +- return ret;
592 ++ smmu_domain->pgtbl_ops = pgtbl_ops;
593 ++ return 0;
594 + }
595 +
596 + static __le64 *arm_smmu_get_step_for_sid(struct arm_smmu_device *smmu, u32 sid)
597 +@@ -1580,7 +1582,7 @@ static __le64 *arm_smmu_get_step_for_sid(struct arm_smmu_device *smmu, u32 sid)
598 +
599 + static int arm_smmu_install_ste_for_dev(struct iommu_fwspec *fwspec)
600 + {
601 +- int i;
602 ++ int i, j;
603 + struct arm_smmu_master_data *master = fwspec->iommu_priv;
604 + struct arm_smmu_device *smmu = master->smmu;
605 +
606 +@@ -1588,6 +1590,13 @@ static int arm_smmu_install_ste_for_dev(struct iommu_fwspec *fwspec)
607 + u32 sid = fwspec->ids[i];
608 + __le64 *step = arm_smmu_get_step_for_sid(smmu, sid);
609 +
610 ++ /* Bridged PCI devices may end up with duplicated IDs */
611 ++ for (j = 0; j < i; j++)
612 ++ if (fwspec->ids[j] == sid)
613 ++ break;
614 ++ if (j < i)
615 ++ continue;
616 ++
617 + arm_smmu_write_strtab_ent(smmu, sid, step, &master->ste);
618 + }
619 +
620 +diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c
621 +index b121bf4ed73a..3b8911cd3a19 100644
622 +--- a/drivers/mtd/nand/pxa3xx_nand.c
623 ++++ b/drivers/mtd/nand/pxa3xx_nand.c
624 +@@ -950,6 +950,7 @@ static void prepare_start_command(struct pxa3xx_nand_info *info, int command)
625 +
626 + switch (command) {
627 + case NAND_CMD_READ0:
628 ++ case NAND_CMD_READOOB:
629 + case NAND_CMD_PAGEPROG:
630 + info->use_ecc = 1;
631 + break;
632 +diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
633 +index 62469c60be23..75f942ae5176 100644
634 +--- a/fs/nfsd/auth.c
635 ++++ b/fs/nfsd/auth.c
636 +@@ -59,6 +59,9 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
637 + gi->gid[i] = exp->ex_anon_gid;
638 + else
639 + gi->gid[i] = rqgi->gid[i];
640 ++
641 ++ /* Each thread allocates its own gi, no race */
642 ++ groups_sort(gi);
643 + }
644 + } else {
645 + gi = get_group_info(rqgi);
646 +diff --git a/include/linux/cred.h b/include/linux/cred.h
647 +index f0e70a1bb3ac..cf1a5d0c4eb4 100644
648 +--- a/include/linux/cred.h
649 ++++ b/include/linux/cred.h
650 +@@ -82,6 +82,7 @@ extern int set_current_groups(struct group_info *);
651 + extern void set_groups(struct cred *, struct group_info *);
652 + extern int groups_search(const struct group_info *, kgid_t);
653 + extern bool may_setgroups(void);
654 ++extern void groups_sort(struct group_info *);
655 +
656 + /*
657 + * The security context of a task
658 +diff --git a/include/linux/fscache.h b/include/linux/fscache.h
659 +index 115bb81912cc..94a8aae8f9e2 100644
660 +--- a/include/linux/fscache.h
661 ++++ b/include/linux/fscache.h
662 +@@ -764,7 +764,7 @@ bool fscache_maybe_release_page(struct fscache_cookie *cookie,
663 + {
664 + if (fscache_cookie_valid(cookie) && PageFsCache(page))
665 + return __fscache_maybe_release_page(cookie, page, gfp);
666 +- return false;
667 ++ return true;
668 + }
669 +
670 + /**
671 +diff --git a/kernel/acct.c b/kernel/acct.c
672 +index 74963d192c5d..37f1dc696fbd 100644
673 +--- a/kernel/acct.c
674 ++++ b/kernel/acct.c
675 +@@ -99,7 +99,7 @@ static int check_free_space(struct bsd_acct_struct *acct)
676 + {
677 + struct kstatfs sbuf;
678 +
679 +- if (time_is_before_jiffies(acct->needcheck))
680 ++ if (time_is_after_jiffies(acct->needcheck))
681 + goto out;
682 +
683 + /* May block */
684 +diff --git a/kernel/groups.c b/kernel/groups.c
685 +index 2fcadd66a8fd..94bde5210e3d 100644
686 +--- a/kernel/groups.c
687 ++++ b/kernel/groups.c
688 +@@ -77,7 +77,7 @@ static int groups_from_user(struct group_info *group_info,
689 + }
690 +
691 + /* a simple Shell sort */
692 +-static void groups_sort(struct group_info *group_info)
693 ++void groups_sort(struct group_info *group_info)
694 + {
695 + int base, max, stride;
696 + int gidsetsize = group_info->ngroups;
697 +@@ -103,6 +103,7 @@ static void groups_sort(struct group_info *group_info)
698 + stride /= 3;
699 + }
700 + }
701 ++EXPORT_SYMBOL(groups_sort);
702 +
703 + /* a simple bsearch */
704 + int groups_search(const struct group_info *group_info, kgid_t grp)
705 +@@ -134,7 +135,6 @@ int groups_search(const struct group_info *group_info, kgid_t grp)
706 + void set_groups(struct cred *new, struct group_info *group_info)
707 + {
708 + put_group_info(new->group_info);
709 +- groups_sort(group_info);
710 + get_group_info(group_info);
711 + new->group_info = group_info;
712 + }
713 +@@ -218,6 +218,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
714 + return retval;
715 + }
716 +
717 ++ groups_sort(group_info);
718 + retval = set_current_groups(group_info);
719 + put_group_info(group_info);
720 +
721 +diff --git a/kernel/signal.c b/kernel/signal.c
722 +index e48668c3c972..7ebe236a5364 100644
723 +--- a/kernel/signal.c
724 ++++ b/kernel/signal.c
725 +@@ -72,7 +72,7 @@ static int sig_task_ignored(struct task_struct *t, int sig, bool force)
726 + handler = sig_handler(t, sig);
727 +
728 + if (unlikely(t->signal->flags & SIGNAL_UNKILLABLE) &&
729 +- handler == SIG_DFL && !force)
730 ++ handler == SIG_DFL && !(force && sig_kernel_only(sig)))
731 + return 1;
732 +
733 + return sig_handler_ignored(handler, sig);
734 +@@ -88,13 +88,15 @@ static int sig_ignored(struct task_struct *t, int sig, bool force)
735 + if (sigismember(&t->blocked, sig) || sigismember(&t->real_blocked, sig))
736 + return 0;
737 +
738 +- if (!sig_task_ignored(t, sig, force))
739 +- return 0;
740 +-
741 + /*
742 +- * Tracers may want to know about even ignored signals.
743 ++ * Tracers may want to know about even ignored signal unless it
744 ++ * is SIGKILL which can't be reported anyway but can be ignored
745 ++ * by SIGNAL_UNKILLABLE task.
746 + */
747 +- return !t->ptrace;
748 ++ if (t->ptrace && sig != SIGKILL)
749 ++ return 0;
750 ++
751 ++ return sig_task_ignored(t, sig, force);
752 + }
753 +
754 + /*
755 +@@ -917,9 +919,9 @@ static void complete_signal(int sig, struct task_struct *p, int group)
756 + * then start taking the whole group down immediately.
757 + */
758 + if (sig_fatal(p, sig) &&
759 +- !(signal->flags & (SIGNAL_UNKILLABLE | SIGNAL_GROUP_EXIT)) &&
760 ++ !(signal->flags & SIGNAL_GROUP_EXIT) &&
761 + !sigismember(&t->real_blocked, sig) &&
762 +- (sig == SIGKILL || !t->ptrace)) {
763 ++ (sig == SIGKILL || !p->ptrace)) {
764 + /*
765 + * This signal will be fatal to the whole group.
766 + */
767 +diff --git a/kernel/uid16.c b/kernel/uid16.c
768 +index cc40793464e3..dcffcce9d75e 100644
769 +--- a/kernel/uid16.c
770 ++++ b/kernel/uid16.c
771 +@@ -190,6 +190,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidsetsize, old_gid_t __user *, grouplist)
772 + return retval;
773 + }
774 +
775 ++ groups_sort(group_info);
776 + retval = set_current_groups(group_info);
777 + put_group_info(group_info);
778 +
779 +diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
780 +index 25d9a9cf7b66..624c322af3ab 100644
781 +--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
782 ++++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
783 +@@ -231,6 +231,7 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
784 + goto out_free_groups;
785 + creds->cr_group_info->gid[i] = kgid;
786 + }
787 ++ groups_sort(creds->cr_group_info);
788 +
789 + return 0;
790 + out_free_groups:
791 +diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
792 +index 153082598522..6a08bc451247 100644
793 +--- a/net/sunrpc/auth_gss/svcauth_gss.c
794 ++++ b/net/sunrpc/auth_gss/svcauth_gss.c
795 +@@ -481,6 +481,7 @@ static int rsc_parse(struct cache_detail *cd,
796 + goto out;
797 + rsci.cred.cr_group_info->gid[i] = kgid;
798 + }
799 ++ groups_sort(rsci.cred.cr_group_info);
800 +
801 + /* mech name */
802 + len = qword_get(&mesg, buf, mlen);
803 +diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
804 +index 64af4f034de6..738a243c68a2 100644
805 +--- a/net/sunrpc/svcauth_unix.c
806 ++++ b/net/sunrpc/svcauth_unix.c
807 +@@ -520,6 +520,7 @@ static int unix_gid_parse(struct cache_detail *cd,
808 + ug.gi->gid[i] = kgid;
809 + }
810 +
811 ++ groups_sort(ug.gi);
812 + ugp = unix_gid_lookup(cd, uid);
813 + if (ugp) {
814 + struct cache_head *ch;
815 +@@ -819,6 +820,7 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
816 + kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));
817 + cred->cr_group_info->gid[i] = kgid;
818 + }
819 ++ groups_sort(cred->cr_group_info);
820 + if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
821 + *authp = rpc_autherr_badverf;
822 + return SVC_DENIED;
Report Message
Find on MARC Find on Google Groups