Add follow-up fixes for various queued patches

7 files changed, 358 insertions, 0 deletions

diff --git a/queue-3.16/apparmor-provide-userspace-flag-indicating-binfmt_elf_mmap-change.patch b/queue-3.16/apparmor-provide-userspace-flag-indicating-binfmt_elf_mmap-change.patch
new file mode 100644
index 00000000..61c2b7f2
--- /dev/null
+++ b/queue-3.16/apparmor-provide-userspace-flag-indicating-binfmt_elf_mmap-change.patch
@@ -0,0 +1,34 @@
+From: John Johansen <john.johansen@canonical.com>
+Date: Mon, 16 Jan 2017 00:42:43 -0800
+Subject: apparmor: provide userspace flag indicating binfmt_elf_mmap change
+
+commit 34c426acb75cc21bdf84685e106db0c1a3565057 upstream.
+
+Commit 9f834ec18def ("binfmt_elf: switch to new creds when switching to new mm")
+changed when the creds are installed by the binfmt_elf handler. This
+affects which creds are used to mmap the executable into the address
+space. Which can have an affect on apparmor policy.
+
+Add a flag to apparmor at
+/sys/kernel/security/apparmor/features/domain/fix_binfmt_elf_mmap
+
+to make it possible to detect this semantic change so that the userspace
+tools and the regression test suite can correctly deal with the change.
+
+BugLink: http://bugs.launchpad.net/bugs/1630069
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ security/apparmor/apparmorfs.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/security/apparmor/apparmorfs.c
++++ b/security/apparmor/apparmorfs.c
+@@ -794,6 +794,7 @@ static struct aa_fs_entry aa_fs_entry_do
+ 	AA_FS_FILE_BOOLEAN("change_hatv",	1),
+ 	AA_FS_FILE_BOOLEAN("change_onexec",	1),
+ 	AA_FS_FILE_BOOLEAN("change_profile",	1),
++	AA_FS_FILE_BOOLEAN("fix_binfmt_elf_mmap",	1),
+ 	{ }
+ };
+ 
diff --git a/queue-3.16/brcmfmac-fix-incorrect-event-channel-deduction.patch b/queue-3.16/brcmfmac-fix-incorrect-event-channel-deduction.patch
new file mode 100644
index 00000000..471096fa
--- /dev/null
+++ b/queue-3.16/brcmfmac-fix-incorrect-event-channel-deduction.patch
@@ -0,0 +1,36 @@
+From: Gavin Li <git@thegavinli.com>
+Date: Tue, 17 Jan 2017 15:24:05 -0800
+Subject: brcmfmac: fix incorrect event channel deduction
+
+commit 8e290cecdd0178f3d4cf7d463c51dc7e462843b4 upstream.
+
+brcmf_sdio_fromevntchan() was being called on the the data frame
+rather than the software header, causing some frames to be
+mischaracterized as on the event channel rather than the data channel.
+
+This fixes a major performance regression (due to dropped packets). With
+this patch the download speed jumped from 1Mbit/s back up to 40MBit/s due
+to the sheer amount of packets being incorrectly processed.
+
+Fixes: c56caa9db8ab ("brcmfmac: screening firmware event packet")
+Signed-off-by: Gavin Li <git@thegavinli.com>
+Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+[kvalo@codeaurora.org: improve commit logs based on email discussion]
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+[bwh: Backported to 3.16: adjust filename]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c
++++ b/drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c
+@@ -1710,7 +1710,7 @@ static u8 brcmf_sdio_rxglom(struct brcmf
+ 					   pfirst->len, pfirst->next,
+ 					   pfirst->prev);
+ 			skb_unlink(pfirst, &bus->glom);
+-			if (brcmf_sdio_fromevntchan(pfirst->data))
++			if (brcmf_sdio_fromevntchan(&dptr[SDPCM_HWHDR_LEN]))
+ 				brcmf_rx_event(bus->sdiodev->dev, pfirst);
+ 			else
+ 				brcmf_rx_frame(bus->sdiodev->dev, pfirst,
diff --git a/queue-3.16/mips-use-sigsp.patch b/queue-3.16/mips-use-sigsp.patch
new file mode 100644
index 00000000..b4e14f78
--- /dev/null
+++ b/queue-3.16/mips-use-sigsp.patch
@@ -0,0 +1,89 @@
+From: Richard Weinberger <richard@nod.at>
+Date: Wed, 5 Mar 2014 15:35:41 +0100
+Subject: mips: Use sigsp()
+
+commit 7c4f563507c33ca97dcfbd62dba1e9232575d499 upstream.
+
+Use sigsp() instead of the open coded variant.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+[bwh: Backported to 3.16 as dependency of commit 35634ffa1751
+ "signal: Always notice exiting tasks"]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ arch/mips/kernel/signal.c     | 10 ++++------
+ arch/mips/kernel/signal32.c   |  4 ++--
+ arch/mips/kernel/signal_n32.c |  2 +-
+ 3 files changed, 7 insertions(+), 9 deletions(-)
+
+--- a/arch/mips/kernel/signal.c
++++ b/arch/mips/kernel/signal.c
+@@ -280,7 +280,7 @@ int restore_sigcontext(struct pt_regs *r
+ 	return err;
+ }
+ 
+-void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
++void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs,
+ 			  size_t frame_size)
+ {
+ 	unsigned long sp;
+@@ -295,9 +295,7 @@ void __user *get_sigframe(struct k_sigac
+ 	 */
+ 	sp -= 32;
+ 
+-	/* This is the X/Open sanctioned signal stack switching.  */
+-	if ((ka->sa.sa_flags & SA_ONSTACK) && (sas_ss_flags (sp) == 0))
+-		sp = current->sas_ss_sp + current->sas_ss_size;
++	sp = sigsp(sp, ksig);
+ 
+ 	return (void __user *)((sp - frame_size) & (ICACHE_REFILLS_WORKAROUND_WAR ? ~(cpu_icache_line_size()-1) : ALMASK));
+ }
+@@ -434,7 +432,7 @@ static int setup_frame(void *sig_return,
+ 	struct sigframe __user *frame;
+ 	int err = 0;
+ 
+-	frame = get_sigframe(&ksig->ka, regs, sizeof(*frame));
++	frame = get_sigframe(ksig, regs, sizeof(*frame));
+ 	if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
+ 		return -EFAULT;
+ 
+@@ -473,7 +471,7 @@ static int setup_rt_frame(void *sig_retu
+ 	struct rt_sigframe __user *frame;
+ 	int err = 0;
+ 
+-	frame = get_sigframe(&ksig->ka, regs, sizeof(*frame));
++	frame = get_sigframe(ksig, regs, sizeof(*frame));
+ 	if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
+ 		return -EFAULT;
+ 
+--- a/arch/mips/kernel/signal32.c
++++ b/arch/mips/kernel/signal32.c
+@@ -494,7 +494,7 @@ static int setup_frame_32(void *sig_retu
+ 	struct sigframe32 __user *frame;
+ 	int err = 0;
+ 
+-	frame = get_sigframe(&ksig->ka, regs, sizeof(*frame));
++	frame = get_sigframe(ksig, regs, sizeof(*frame));
+ 	if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
+ 		return -EFAULT;
+ 
+@@ -534,7 +534,7 @@ static int setup_rt_frame_32(void *sig_r
+ 	struct rt_sigframe32 __user *frame;
+ 	int err = 0;
+ 
+-	frame = get_sigframe(&ksig->ka, regs, sizeof(*frame));
++	frame = get_sigframe(ksig, regs, sizeof(*frame));
+ 	if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
+ 		return -EFAULT;
+ 
+--- a/arch/mips/kernel/signal_n32.c
++++ b/arch/mips/kernel/signal_n32.c
+@@ -108,7 +108,7 @@ static int setup_rt_frame_n32(void *sig_
+ 	struct rt_sigframe_n32 __user *frame;
+ 	int err = 0;
+ 
+-	frame = get_sigframe(&ksig->ka, regs, sizeof(*frame));
++	frame = get_sigframe(ksig, regs, sizeof(*frame));
+ 	if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
+ 		return -EFAULT;
+ 
diff --git a/queue-3.16/powerpc-signal-properly-handle-return-value-from.patch b/queue-3.16/powerpc-signal-properly-handle-return-value-from.patch
new file mode 100644
index 00000000..81599f53
--- /dev/null
+++ b/queue-3.16/powerpc-signal-properly-handle-return-value-from.patch
@@ -0,0 +1,43 @@
+From: "Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com>
+Date: Thu, 31 Aug 2017 21:55:57 +0530
+Subject: powerpc/signal: Properly handle return value from
+ uprobe_deny_signal()
+
+commit 46725b17f1c6c815a41429259b3f070c01e71bc1 upstream.
+
+When a uprobe is installed on an instruction that we currently do not
+emulate, we copy the instruction into a xol buffer and single step
+that instruction. If that instruction generates a fault, we abort the
+single stepping before invoking the signal handler. Once the signal
+handler is done, the uprobe trap is hit again since the instruction is
+retried and the process repeats.
+
+We use uprobe_deny_signal() to detect if the xol instruction triggered
+a signal. If so, we clear TIF_SIGPENDING and set TIF_UPROBE so that the
+signal is not handled until after the single stepping is aborted. In
+this case, uprobe_deny_signal() returns true and get_signal() ends up
+returning 0. However, in do_signal(), we are not looking at the return
+value, but depending on ksig.sig for further action, all with an
+uninitialized ksig that is not touched in this scenario. Fix the same
+by initializing ksig.sig to 0.
+
+Fixes: 129b69df9c90 ("powerpc: Use get_signal() signal_setup_done()")
+Reported-by: Anton Blanchard <anton@samba.org>
+Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ arch/powerpc/kernel/signal.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/powerpc/kernel/signal.c
++++ b/arch/powerpc/kernel/signal.c
+@@ -102,7 +102,7 @@ static void check_syscall_restart(struct
+ static void do_signal(struct pt_regs *regs)
+ {
+ 	sigset_t *oldset = sigmask_to_save();
+-	struct ksignal ksig;
++	struct ksignal ksig = { .sig = 0 };
+ 	int ret;
+ 	int is32 = is_32bit_task();
+ 
diff --git a/queue-3.16/powerpc-use-sigsp.patch b/queue-3.16/powerpc-use-sigsp.patch
new file mode 100644
index 00000000..249bedbf
--- /dev/null
+++ b/queue-3.16/powerpc-use-sigsp.patch
@@ -0,0 +1,74 @@
+From: Richard Weinberger <richard@nod.at>
+Date: Wed, 5 Mar 2014 16:25:55 +0100
+Subject: powerpc: Use sigsp()
+
+commit 059ade650ae57cfd371af690fdba887af04aded8 upstream.
+
+Use sigsp() instead of the open coded variant.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+[bwh: Backported to 3.16 as dependency of commit 35634ffa1751
+ "signal: Always notice exiting tasks"]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ arch/powerpc/kernel/signal.c    | 10 ++--------
+ arch/powerpc/kernel/signal_32.c |  4 ++--
+ arch/powerpc/kernel/signal_64.c |  2 +-
+ 3 files changed, 5 insertions(+), 11 deletions(-)
+
+--- a/arch/powerpc/kernel/signal.c
++++ b/arch/powerpc/kernel/signal.c
+@@ -31,20 +31,14 @@ int show_unhandled_signals = 1;
+ /*
+  * Allocate space for the signal frame
+  */
+-void __user * get_sigframe(struct k_sigaction *ka, unsigned long sp,
++void __user *get_sigframe(struct ksignal *ksig, unsigned long sp,
+ 			   size_t frame_size, int is_32)
+ {
+         unsigned long oldsp, newsp;
+ 
+         /* Default to using normal stack */
+         oldsp = get_clean_sp(sp, is_32);
+-
+-	/* Check for alt stack */
+-	if ((ka->sa.sa_flags & SA_ONSTACK) &&
+-	    current->sas_ss_size && !on_sig_stack(oldsp))
+-		oldsp = (current->sas_ss_sp + current->sas_ss_size);
+-
+-	/* Get aligned frame */
++	oldsp = sigsp(oldsp, ksig);
+ 	newsp = (oldsp - frame_size) & ~0xFUL;
+ 
+ 	/* Check access */
+--- a/arch/powerpc/kernel/signal_32.c
++++ b/arch/powerpc/kernel/signal_32.c
+@@ -1014,7 +1014,7 @@ int handle_rt_signal32(struct ksignal *k
+ 
+ 	/* Set up Signal Frame */
+ 	/* Put a Real Time Context onto stack */
+-	rt_sf = get_sigframe(&ksig->ka, get_tm_stackpointer(regs), sizeof(*rt_sf), 1);
++	rt_sf = get_sigframe(ksig, get_tm_stackpointer(regs), sizeof(*rt_sf), 1);
+ 	addr = rt_sf;
+ 	if (unlikely(rt_sf == NULL))
+ 		goto badframe;
+@@ -1445,7 +1445,7 @@ int handle_signal32(struct ksignal *ksig
+ 	unsigned long tramp;
+ 
+ 	/* Set up Signal Frame */
+-	frame = get_sigframe(&ksig->ka, get_tm_stackpointer(regs), sizeof(*frame), 1);
++	frame = get_sigframe(ksig, get_tm_stackpointer(regs), sizeof(*frame), 1);
+ 	if (unlikely(frame == NULL))
+ 		goto badframe;
+ 	sc = (struct sigcontext __user *) &frame->sctx;
+--- a/arch/powerpc/kernel/signal_64.c
++++ b/arch/powerpc/kernel/signal_64.c
+@@ -749,7 +749,7 @@ int handle_rt_signal64(struct ksignal *k
+ 	unsigned long newsp = 0;
+ 	long err = 0;
+ 
+-	frame = get_sigframe(&ksig->ka, get_tm_stackpointer(regs), sizeof(*frame), 0);
++	frame = get_sigframe(ksig, get_tm_stackpointer(regs), sizeof(*frame), 0);
+ 	if (unlikely(frame == NULL))
+ 		goto badframe;
+ 
diff --git a/queue-3.16/series b/queue-3.16/series
index 8f77cdc1..716ec8dc 100644
--- a/queue-3.16/series
+++ b/queue-3.16/series
@@ -117,15 +117,19 @@ m32r-use-get_signal-signal_setup_done.patch
 m68k-use-get_signal-signal_setup_done.patch
 microblaze-use-get_signal-signal_setup_done.patch
 mips-use-get_signal-signal_setup_done.patch
+mips-use-sigsp.patch
 mn10300-use-get_signal-signal_setup_done.patch
 parisc-use-get_signal-signal_setup_done.patch
 powerpc-use-get_signal-signal_setup_done.patch
+powerpc-use-sigsp.patch
+powerpc-signal-properly-handle-return-value-from.patch
 s390-use-get_signal-signal_setup_done.patch
 score-use-get_signal-signal_setup_done.patch
 sh-use-get_signal-signal_setup_done.patch
 tile-use-get_signal-signal_setup_done.patch
 um-use-get_signal-signal_setup_done.patch
 unicore32-use-get_signal-signal_setup_done.patch
+unicore32-fix-build-error.patch
 xtensa-use-get_signal-signal_setup_done.patch
 tracehook_signal_handler-remove-sig-info-ka-and-regs.patch
 clean-up-signal_delivered.patch
@@ -189,8 +193,10 @@ brcmfmac-assure-ssid-length-from-firmware-is-limited.patch
 brcmfmac-consolidate-ifp-lookup-in-driver-core.patch
 brcmfmac-make-brcmf_proto_hdrpull-return-struct-brcmf_if-instance.patch
 brcmfmac-screening-firmware-event-packet.patch
+brcmfmac-fix-incorrect-event-channel-deduction.patch
 brcmfmac-revise-handling-events-in-receive-path.patch
 brcmfmac-add-subtype-check-for-event-handling-in-data-path.patch
 binfmt_elf-fix-missing-sigkill-for-empty-pie.patch
 binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch
+apparmor-provide-userspace-flag-indicating-binfmt_elf_mmap-change.patch
 tty-mark-siemens-r3964-line-discipline-as-broken.patch
diff --git a/queue-3.16/unicore32-fix-build-error.patch b/queue-3.16/unicore32-fix-build-error.patch
new file mode 100644
index 00000000..4c1d372c
--- /dev/null
+++ b/queue-3.16/unicore32-fix-build-error.patch
@@ -0,0 +1,76 @@
+From: Guenter Roeck <linux@roeck-us.net>
+Date: Sun, 31 Aug 2014 11:14:26 -0700
+Subject: unicore32: Fix build error
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+commit ca98565a6182a960cd857d7546267a0775154eb8 upstream.
+
+unicore32 builds fail with
+
+  arch/unicore32/kernel/signal.c: In function ‘setup_frame’:
+  arch/unicore32/kernel/signal.c:257: error: ‘usig’ undeclared (first use in this function)
+  arch/unicore32/kernel/signal.c:279: error: ‘usig’ undeclared (first use in this function)
+  arch/unicore32/kernel/signal.c: In function ‘handle_signal’:
+  arch/unicore32/kernel/signal.c:306: warning: unused variable ‘tsk’
+  arch/unicore32/kernel/signal.c: In function ‘do_signal’:
+  arch/unicore32/kernel/signal.c:376: error: implicit declaration of function ‘get_signsl’
+  make[1]: *** [arch/unicore32/kernel/signal.o] Error 1
+  make: *** [arch/unicore32/kernel/signal.o] Error 2
+
+Bisect points to commit 649671c90eaf ("unicore32: Use get_signal()
+signal_setup_done()").
+
+This code never even compiled.  Reverting the patch does not work, since
+previously used functions no longer exist, so try to fix it up.  Compile
+tested only.
+
+Fixes: 649671c90eaf ("unicore32: Use get_signal() signal_setup_done()")
+Cc: Richard Weinberger <richard@nod.at>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ arch/unicore32/kernel/signal.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/arch/unicore32/kernel/signal.c
++++ b/arch/unicore32/kernel/signal.c
+@@ -254,7 +254,8 @@ static int setup_frame(struct ksignal *k
+ 
+ 	err |= setup_sigframe(frame, regs, set);
+ 	if (err == 0)
+-		err |= setup_return(regs, &ksig->ka, frame->retcode, frame, usig);
++		err |= setup_return(regs, &ksig->ka, frame->retcode, frame,
++				    ksig->sig);
+ 
+ 	return err;
+ }
+@@ -276,7 +277,8 @@ static int setup_rt_frame(struct ksignal
+ 	err |= __save_altstack(&frame->sig.uc.uc_stack, regs->UCreg_sp);
+ 	err |= setup_sigframe(&frame->sig, regs, set);
+ 	if (err == 0)
+-		err |= setup_return(regs, &ksig->ka, frame->sig.retcode, frame, usig);
++		err |= setup_return(regs, &ksig->ka, frame->sig.retcode, frame,
++				    ksig->sig);
+ 
+ 	if (err == 0) {
+ 		/*
+@@ -303,7 +305,6 @@ static void handle_signal(struct ksignal
+ 			  int syscall)
+ {
+ 	struct thread_info *thread = current_thread_info();
+-	struct task_struct *tsk = current;
+ 	sigset_t *oldset = sigmask_to_save();
+ 	int usig = ksig->sig;
+ 	int ret;
+@@ -373,7 +374,7 @@ static void do_signal(struct pt_regs *re
+ 	if (!user_mode(regs))
+ 		return;
+ 
+-	if (get_signsl(&ksig)) {
++	if (get_signal(&ksig)) {
+ 		handle_signal(&ksig, regs, syscall);
+ 		return;
+ 	}