4.14-stable patches

added patches:
	bfq-iosched-ensure-to-clear-bic-bfqq-pointers-when-preparing-request.patch
	kobject-don-t-use-warn-for-registration-failures.patch
	mtd-rawnand-tango-fix-struct-clk-memory-leak.patch
	scsi-sd-defer-spinning-up-drive-while-sanitize-is-in-progress.patch
	vfio-ccw-process-ssch-with-interrupts-disabled.patch

diff --git a/queue-4.14/bfq-iosched-ensure-to-clear-bic-bfqq-pointers-when-preparing-request.patch b/queue-4.14/bfq-iosched-ensure-to-clear-bic-bfqq-pointers-when-preparing-request.patch
new file mode 100644 (file)
index 0000000..2abc4ec
--- /dev/null
+++ b/queue-4.14/bfq-iosched-ensure-to-clear-bic-bfqq-pointers-when-preparing-request.patch
@@ -0,0 +1,48 @@
+From 72961c4e6082be79825265d9193272b8a1634dec Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Tue, 17 Apr 2018 17:08:52 -0600
+Subject: bfq-iosched: ensure to clear bic/bfqq pointers when preparing request
+
+From: Jens Axboe <axboe@kernel.dk>
+
+commit 72961c4e6082be79825265d9193272b8a1634dec upstream.
+
+Even if we don't have an IO context attached to a request, we still
+need to clear the priv[0..1] pointers, as they could be pointing
+to previously used bic/bfqq structures. If we don't do so, we'll
+either corrupt memory on dispatching a request, or cause an
+imbalance in counters.
+
+Inspired by a fix from Kees.
+
+Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name>
+Reported-by: Kees Cook <keescook@chromium.org>
+Cc: stable@vger.kernel.org
+Fixes: aee69d78dec0 ("block, bfq: introduce the BFQ-v0 I/O scheduler as an extra scheduler")
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ block/bfq-iosched.c |   10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/block/bfq-iosched.c
++++ b/block/bfq-iosched.c
+@@ -4447,8 +4447,16 @@ static void bfq_prepare_request(struct r
+       bool new_queue = false;
+       bool bfqq_already_existing = false, split = false;
+ 
+-      if (!rq->elv.icq)
++      /*
++       * Even if we don't have an icq attached, we should still clear
++       * the scheduler pointers, as they might point to previously
++       * allocated bic/bfqq structs.
++       */
++      if (!rq->elv.icq) {
++              rq->elv.priv[0] = rq->elv.priv[1] = NULL;
+               return;
++      }
++
+       bic = icq_to_bic(rq->elv.icq);
+ 
+       spin_lock_irq(&bfqd->lock);

diff --git a/queue-4.14/kobject-don-t-use-warn-for-registration-failures.patch b/queue-4.14/kobject-don-t-use-warn-for-registration-failures.patch
new file mode 100644 (file)
index 0000000..7b430e3
--- /dev/null
+++ b/queue-4.14/kobject-don-t-use-warn-for-registration-failures.patch
@@ -0,0 +1,47 @@
+From 3e14c6abbfb5c94506edda9d8e2c145d79375798 Mon Sep 17 00:00:00 2001
+From: Dmitry Vyukov <dvyukov@google.com>
+Date: Wed, 11 Apr 2018 17:22:43 +0200
+Subject: kobject: don't use WARN for registration failures
+
+From: Dmitry Vyukov <dvyukov@google.com>
+
+commit 3e14c6abbfb5c94506edda9d8e2c145d79375798 upstream.
+
+This WARNING proved to be noisy. The function still returns an error
+and callers should handle it. That's how most of kernel code works.
+Downgrade the WARNING to pr_err() and leave WARNINGs for kernel bugs.
+
+Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
+Reported-by: syzbot+209c0f67f99fec8eb14b@syzkaller.appspotmail.com
+Reported-by: syzbot+7fb6d9525a4528104e05@syzkaller.appspotmail.com
+Reported-by: syzbot+2e63711063e2d8f9ea27@syzkaller.appspotmail.com
+Reported-by: syzbot+de73361ee4971b6e6f75@syzkaller.appspotmail.com
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ lib/kobject.c |   12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+--- a/lib/kobject.c
++++ b/lib/kobject.c
+@@ -234,14 +234,12 @@ static int kobject_add_internal(struct k
+ 
+               /* be noisy on error issues */
+               if (error == -EEXIST)
+-                      WARN(1, "%s failed for %s with "
+-                           "-EEXIST, don't try to register things with "
+-                           "the same name in the same directory.\n",
+-                           __func__, kobject_name(kobj));
++                      pr_err("%s failed for %s with -EEXIST, don't try to register things with the same name in the same directory.\n",
++                             __func__, kobject_name(kobj));
+               else
+-                      WARN(1, "%s failed for %s (error: %d parent: %s)\n",
+-                           __func__, kobject_name(kobj), error,
+-                           parent ? kobject_name(parent) : "'none'");
++                      pr_err("%s failed for %s (error: %d parent: %s)\n",
++                             __func__, kobject_name(kobj), error,
++                             parent ? kobject_name(parent) : "'none'");
+       } else
+               kobj->state_in_sysfs = 1;
+ 

diff --git a/queue-4.14/mtd-rawnand-tango-fix-struct-clk-memory-leak.patch b/queue-4.14/mtd-rawnand-tango-fix-struct-clk-memory-leak.patch
new file mode 100644 (file)
index 0000000..16f6be2
--- /dev/null
+++ b/queue-4.14/mtd-rawnand-tango-fix-struct-clk-memory-leak.patch
@@ -0,0 +1,34 @@
+From 007b4e8b705a4eff184d567c5a8b496622f9e116 Mon Sep 17 00:00:00 2001
+From: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
+Date: Thu, 5 Apr 2018 14:57:59 +0200
+Subject: mtd: rawnand: tango: Fix struct clk memory leak
+
+From: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
+
+commit 007b4e8b705a4eff184d567c5a8b496622f9e116 upstream.
+
+Use devm_clk_get() to let Linux manage struct clk memory.
+
+Fixes: 6956e2385a16 ("add tango NAND flash controller support")
+Cc: stable@vger.kernel.org
+Reported-by: Xidong Wang <wangxidong_97@163.com>
+Signed-off-by: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
+Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mtd/nand/tango_nand.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/mtd/nand/tango_nand.c
++++ b/drivers/mtd/nand/tango_nand.c
+@@ -654,7 +654,7 @@ static int tango_nand_probe(struct platf
+ 
+       writel_relaxed(MODE_RAW, nfc->pbus_base + PBUS_PAD_MODE);
+ 
+-      clk = clk_get(&pdev->dev, NULL);
++      clk = devm_clk_get(&pdev->dev, NULL);
+       if (IS_ERR(clk))
+               return PTR_ERR(clk);
+ 

diff --git a/queue-4.14/scsi-sd-defer-spinning-up-drive-while-sanitize-is-in-progress.patch b/queue-4.14/scsi-sd-defer-spinning-up-drive-while-sanitize-is-in-progress.patch
new file mode 100644 (file)
index 0000000..27a640f
--- /dev/null
+++ b/queue-4.14/scsi-sd-defer-spinning-up-drive-while-sanitize-is-in-progress.patch
@@ -0,0 +1,36 @@
+From 505aa4b6a8834a2300971c5220c380c3271ebde3 Mon Sep 17 00:00:00 2001
+From: Mahesh Rajashekhara <mahesh.rajashekhara@microsemi.com>
+Date: Tue, 17 Apr 2018 17:03:12 +0530
+Subject: scsi: sd: Defer spinning up drive while SANITIZE is in progress
+
+From: Mahesh Rajashekhara <mahesh.rajashekhara@microsemi.com>
+
+commit 505aa4b6a8834a2300971c5220c380c3271ebde3 upstream.
+
+A drive being sanitized will return NOT READY / ASC 0x4 / ASCQ
+0x1b ("LOGICAL UNIT NOT READY. SANITIZE IN PROGRESS").
+
+Prevent spinning up the drive until this condition clears.
+
+[mkp: tweaked commit message]
+
+Signed-off-by: Mahesh Rajashekhara <mahesh.rajashekhara@microsemi.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/sd.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -2132,6 +2132,8 @@ sd_spinup_disk(struct scsi_disk *sdkp)
+                               break;  /* standby */
+                       if (sshdr.asc == 4 && sshdr.ascq == 0xc)
+                               break;  /* unavailable */
++                      if (sshdr.asc == 4 && sshdr.ascq == 0x1b)
++                              break;  /* sanitize in progress */
+                       /*
+                        * Issue command to spin up drive when not ready
+                        */

diff --git a/queue-4.14/series b/queue-4.14/series
index dc87d799a9e0e5ad1da70775d5525212bbdd3cd0..cb137c6d9a54c5311e412e7609e359ca5fc39b3b 100644 (file)
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -51,3 +51,8 @@ mtd-spi-nor-cadence-quadspi-fix-page-fault-kernel-panic.patch
 mtd-cfi-cmdset_0001-do-not-allow-read-write-to-suspend-erase-block.patch
 mtd-cfi-cmdset_0001-workaround-micron-erase-suspend-bug.patch
 mtd-cfi-cmdset_0002-do-not-allow-read-write-to-suspend-erase-block.patch
+mtd-rawnand-tango-fix-struct-clk-memory-leak.patch
+kobject-don-t-use-warn-for-registration-failures.patch
+scsi-sd-defer-spinning-up-drive-while-sanitize-is-in-progress.patch
+bfq-iosched-ensure-to-clear-bic-bfqq-pointers-when-preparing-request.patch
+vfio-ccw-process-ssch-with-interrupts-disabled.patch

diff --git a/queue-4.14/vfio-ccw-process-ssch-with-interrupts-disabled.patch b/queue-4.14/vfio-ccw-process-ssch-with-interrupts-disabled.patch
new file mode 100644 (file)
index 0000000..7f3de27
--- /dev/null
+++ b/queue-4.14/vfio-ccw-process-ssch-with-interrupts-disabled.patch
@@ -0,0 +1,78 @@
+From 3368e547c52b96586f0edf9657ca12b94d8e61a7 Mon Sep 17 00:00:00 2001
+From: Cornelia Huck <cohuck@redhat.com>
+Date: Fri, 20 Apr 2018 10:24:04 +0200
+Subject: vfio: ccw: process ssch with interrupts disabled
+
+From: Cornelia Huck <cohuck@redhat.com>
+
+commit 3368e547c52b96586f0edf9657ca12b94d8e61a7 upstream.
+
+When we call ssch, an interrupt might already be pending once we
+return from the START SUBCHANNEL instruction. Therefore we need to
+make sure interrupts are disabled while holding the subchannel lock
+until after we're done with our processing.
+
+Cc: stable@vger.kernel.org #v4.12+
+Reviewed-by: Dong Jia Shi <bjsdjshi@linux.ibm.com>
+Acked-by: Halil Pasic <pasic@linux.vnet.ibm.com>
+Acked-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
+Signed-off-by: Cornelia Huck <cohuck@redhat.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/s390/cio/vfio_ccw_fsm.c |   19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+--- a/drivers/s390/cio/vfio_ccw_fsm.c
++++ b/drivers/s390/cio/vfio_ccw_fsm.c
+@@ -20,12 +20,12 @@ static int fsm_io_helper(struct vfio_ccw
+       int ccode;
+       __u8 lpm;
+       unsigned long flags;
++      int ret;
+ 
+       sch = private->sch;
+ 
+       spin_lock_irqsave(sch->lock, flags);
+       private->state = VFIO_CCW_STATE_BUSY;
+-      spin_unlock_irqrestore(sch->lock, flags);
+ 
+       orb = cp_get_orb(&private->cp, (u32)(addr_t)sch, sch->lpm);
+ 
+@@ -38,10 +38,12 @@ static int fsm_io_helper(struct vfio_ccw
+                * Initialize device status information
+                */
+               sch->schib.scsw.cmd.actl |= SCSW_ACTL_START_PEND;
+-              return 0;
++              ret = 0;
++              break;
+       case 1:         /* Status pending */
+       case 2:         /* Busy */
+-              return -EBUSY;
++              ret = -EBUSY;
++              break;
+       case 3:         /* Device/path not operational */
+       {
+               lpm = orb->cmd.lpm;
+@@ -51,13 +53,16 @@ static int fsm_io_helper(struct vfio_ccw
+                       sch->lpm = 0;
+ 
+               if (cio_update_schib(sch))
+-                      return -ENODEV;
+-
+-              return sch->lpm ? -EACCES : -ENODEV;
++                      ret = -ENODEV;
++              else
++                      ret = sch->lpm ? -EACCES : -ENODEV;
++              break;
+       }
+       default:
+-              return ccode;
++              ret = ccode;
+       }
++      spin_unlock_irqrestore(sch->lock, flags);
++      return ret;
+ }
+ 
+ static void fsm_notoper(struct vfio_ccw_private *private,