Update to 5.1.12rc1-1

3 files changed, 144 insertions, 12 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 17a557eba94d..6384c34cfce2 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
 pkgbase = linux-rc
-	pkgver = 5.1.10rc1
+	pkgver = 5.1.12rc1
 	pkgrel = 1
 	url = https://www.kernel.org/
 	arch = x86_64
@@ -9,21 +9,22 @@ pkgbase = linux-rc
 	makedepends = bc
 	makedepends = libelf
 	options = !strip
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.9.tar.xz
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.9.tar.sign
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.10-rc1.xz
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.10-rc1.sign
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.11.tar.xz
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.11.tar.sign
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.12-rc1.xz
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.12-rc1.sign
 	source = config
 	source = 60-linux.hook
 	source = 90-linux.hook
 	source = linux.preset
 	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
 	source = 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
+	source = 0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch
 	validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
 	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
-	sha256sums = 58c9eca99c3dd2fff5b559302996c985c3f3f2aad0b99b2172a61c4df7122a79
+	sha256sums = 11fd93207290272389ad284b8b042041d088fbee0ed5798e933bf8e91697d219
 	sha256sums = SKIP
-	sha256sums = 6f7126b58e71375f873fce8c177efb6fe7e99586b401544a0970e8d380e8b6f3
+	sha256sums = b8da5ae4d706b9a6144da10abd21e87cc2547a000093c776401027880ce9c302
 	sha256sums = SKIP
 	sha256sums = 2e555646f47002c3e76e2a8405d33a64fcc8cf060ef5430881a5d144d8e3bc98
 	sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
@@ -31,6 +32,7 @@ pkgbase = linux-rc
 	sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
 	sha256sums = 4fb1ddb2d03db2f6d9d11ba5b4dbc6abcdf5a9a6dd94c94634aa032690c48629
 	sha256sums = 1625f1a883c38e64e84ad769714a18991e824d9a271ba5862600df32a5761aec
+	sha256sums = 0c6fcda6bf2d56358b557c1b8a0de6e1e40cc75df161eb2daf6841652cd431de
 
 pkgname = linux-rc
 	pkgdesc = The release candidate kernel and modules
diff --git a/0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch b/0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch
new file mode 100644
index 000000000000..812a5cd7b97e
--- /dev/null
+++ b/0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch
@@ -0,0 +1,128 @@
+From 9e50f5f4ef401c4a5cd286ee3218fcc625ef6f77 Mon Sep 17 00:00:00 2001
+From: Coly Li <colyli@suse.de>
+Date: Mon, 10 Jun 2019 06:13:34 +0800
+Subject: [PATCH 3/4] bcache: fix stack corruption by PRECEDING_KEY()
+
+Recently people report bcache code compiled with gcc9 is broken, one of
+the buggy behavior I observe is that two adjacent 4KB I/Os should merge
+into one but they don't. Finally it turns out to be a stack corruption
+caused by macro PRECEDING_KEY().
+
+See how PRECEDING_KEY() is defined in bset.h,
+437 #define PRECEDING_KEY(_k)                                       \
+438 ({                                                              \
+439         struct bkey *_ret = NULL;                               \
+440                                                                 \
+441         if (KEY_INODE(_k) || KEY_OFFSET(_k)) {                  \
+442                 _ret = &KEY(KEY_INODE(_k), KEY_OFFSET(_k), 0);  \
+443                                                                 \
+444                 if (!_ret->low)                                 \
+445                         _ret->high--;                           \
+446                 _ret->low--;                                    \
+447         }                                                       \
+448                                                                 \
+449         _ret;                                                   \
+450 })
+
+At line 442, _ret points to address of a on-stack variable combined by
+KEY(), the life range of this on-stack variable is in line 442-446,
+once _ret is returned to bch_btree_insert_key(), the returned address
+points to an invalid stack address and this address is overwritten in
+the following called bch_btree_iter_init(). Then argument 'search' of
+bch_btree_iter_init() points to some address inside stackframe of
+bch_btree_iter_init(), exact address depends on how the compiler
+allocates stack space. Now the stack is corrupted.
+
+Fixes: 0eacac22034c ("bcache: PRECEDING_KEY()")
+Signed-off-by: Coly Li <colyli@suse.de>
+Reviewed-by: Rolf Fokkens <rolf@rolffokkens.nl>
+Reviewed-by: Pierre JUHEN <pierre.juhen@orange.fr>
+Tested-by: Shenghui Wang <shhuiw@foxmail.com>
+Tested-by: Pierre JUHEN <pierre.juhen@orange.fr>
+Cc: Kent Overstreet <kent.overstreet@gmail.com>
+Cc: Nix <nix@esperi.org.uk>
+Cc: stable@vger.kernel.org
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+---
+ drivers/md/bcache/bset.c | 16 +++++++++++++---
+ drivers/md/bcache/bset.h | 34 ++++++++++++++++++++--------------
+ 2 files changed, 33 insertions(+), 17 deletions(-)
+
+diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c
+index 8f07fa6e1739..268f1b685084 100644
+--- a/drivers/md/bcache/bset.c
++++ b/drivers/md/bcache/bset.c
+@@ -887,12 +887,22 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k,
+ 	struct bset *i = bset_tree_last(b)->data;
+ 	struct bkey *m, *prev = NULL;
+ 	struct btree_iter iter;
++	struct bkey preceding_key_on_stack = ZERO_KEY;
++	struct bkey *preceding_key_p = &preceding_key_on_stack;
+ 
+ 	BUG_ON(b->ops->is_extents && !KEY_SIZE(k));
+ 
+-	m = bch_btree_iter_init(b, &iter, b->ops->is_extents
+-				? PRECEDING_KEY(&START_KEY(k))
+-				: PRECEDING_KEY(k));
++	/*
++	 * If k has preceding key, preceding_key_p will be set to address
++	 *  of k's preceding key; otherwise preceding_key_p will be set
++	 * to NULL inside preceding_key().
++	 */
++	if (b->ops->is_extents)
++		preceding_key(&START_KEY(k), &preceding_key_p);
++	else
++		preceding_key(k, &preceding_key_p);
++
++	m = bch_btree_iter_init(b, &iter, preceding_key_p);
+ 
+ 	if (b->ops->insert_fixup(b, k, &iter, replace_key))
+ 		return status;
+diff --git a/drivers/md/bcache/bset.h b/drivers/md/bcache/bset.h
+index bac76aabca6d..c71365e7c1fa 100644
+--- a/drivers/md/bcache/bset.h
++++ b/drivers/md/bcache/bset.h
+@@ -434,20 +434,26 @@ static inline bool bch_cut_back(const struct bkey *where, struct bkey *k)
+ 	return __bch_cut_back(where, k);
+ }
+ 
+-#define PRECEDING_KEY(_k)					\
+-({								\
+-	struct bkey *_ret = NULL;				\
+-								\
+-	if (KEY_INODE(_k) || KEY_OFFSET(_k)) {			\
+-		_ret = &KEY(KEY_INODE(_k), KEY_OFFSET(_k), 0);	\
+-								\
+-		if (!_ret->low)					\
+-			_ret->high--;				\
+-		_ret->low--;					\
+-	}							\
+-								\
+-	_ret;							\
+-})
++/*
++ * Pointer '*preceding_key_p' points to a memory object to store preceding
++ * key of k. If the preceding key does not exist, set '*preceding_key_p' to
++ * NULL. So the caller of preceding_key() needs to take care of memory
++ * which '*preceding_key_p' pointed to before calling preceding_key().
++ * Currently the only caller of preceding_key() is bch_btree_insert_key(),
++ * and it points to an on-stack variable, so the memory release is handled
++ * by stackframe itself.
++ */
++static inline void preceding_key(struct bkey *k, struct bkey **preceding_key_p)
++{
++	if (KEY_INODE(k) || KEY_OFFSET(k)) {
++		(**preceding_key_p) = KEY(KEY_INODE(k), KEY_OFFSET(k), 0);
++		if (!(*preceding_key_p)->low)
++			(*preceding_key_p)->high--;
++		(*preceding_key_p)->low--;
++	} else {
++		(*preceding_key_p) = NULL;
++	}
++}
+ 
+ static inline bool bch_ptr_invalid(struct btree_keys *b, const struct bkey *k)
+ {
+-- 
+2.22.0
+
diff --git a/PKGBUILD b/PKGBUILD
index b5ad80640fc7..0a107add39cf 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,8 +5,8 @@
 pkgbase=linux-rc
 pkgrel=1
 _srcname=linux-5.1
-_stable=5.1.9
-_patchver=5.1.10
+_stable=5.1.11
+_patchver=5.1.12
 _rcver=1
 pkgver=${_patchver}rc${_rcver}
 _rcpatch=patch-${_patchver}-rc${_rcver}
@@ -24,22 +24,24 @@ source=(
   linux.preset   # standard config files for mkinitcpio ramdisk
   0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
   0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
+  0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch
   # Arch-Linux-kernel-vx.xx.x-arch1.patch is not needed for rc1
 )
 validpgpkeys=(
   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
   '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
 )
-sha256sums=('58c9eca99c3dd2fff5b559302996c985c3f3f2aad0b99b2172a61c4df7122a79'
+sha256sums=('11fd93207290272389ad284b8b042041d088fbee0ed5798e933bf8e91697d219'
             'SKIP'
-            '6f7126b58e71375f873fce8c177efb6fe7e99586b401544a0970e8d380e8b6f3'
+            'b8da5ae4d706b9a6144da10abd21e87cc2547a000093c776401027880ce9c302'
             'SKIP'
             '2e555646f47002c3e76e2a8405d33a64fcc8cf060ef5430881a5d144d8e3bc98'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             'c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
             '4fb1ddb2d03db2f6d9d11ba5b4dbc6abcdf5a9a6dd94c94634aa032690c48629'
-            '1625f1a883c38e64e84ad769714a18991e824d9a271ba5862600df32a5761aec')
+            '1625f1a883c38e64e84ad769714a18991e824d9a271ba5862600df32a5761aec'
+            '0c6fcda6bf2d56358b557c1b8a0de6e1e40cc75df161eb2daf6841652cd431de')
 
 _kernelname=${pkgbase#linux}