]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
5.0-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 24 Apr 2019 13:53:57 +0000 (15:53 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 24 Apr 2019 13:53:57 +0000 (15:53 +0200)
added patches:
alsa-info-fix-racy-addition-deletion-of-nodes.patch
device_cgroup-fix-rcu-imbalance-in-error-case.patch
mm-memory_hotplug-do-not-unlock-after-failing-to-take-the-device_hotplug_lock.patch
mm-vmstat.c-fix-proc-vmstat-format-for-config_debug_tlbflush-y-config_smp-n.patch
mt76x02-avoid-status_list.lock-and-sta-rate_ctrl_lock-dependency.patch
percpu-stop-printing-kernel-addresses.patch
perf-ring_buffer-fix-aux-record-suppression.patch

queue-5.0/alsa-info-fix-racy-addition-deletion-of-nodes.patch [new file with mode: 0644]
queue-5.0/device_cgroup-fix-rcu-imbalance-in-error-case.patch [new file with mode: 0644]
queue-5.0/mm-memory_hotplug-do-not-unlock-after-failing-to-take-the-device_hotplug_lock.patch [new file with mode: 0644]
queue-5.0/mm-vmstat.c-fix-proc-vmstat-format-for-config_debug_tlbflush-y-config_smp-n.patch [new file with mode: 0644]
queue-5.0/mt76x02-avoid-status_list.lock-and-sta-rate_ctrl_lock-dependency.patch [new file with mode: 0644]
queue-5.0/percpu-stop-printing-kernel-addresses.patch [new file with mode: 0644]
queue-5.0/perf-ring_buffer-fix-aux-record-suppression.patch [new file with mode: 0644]
queue-5.0/series

diff --git a/queue-5.0/alsa-info-fix-racy-addition-deletion-of-nodes.patch b/queue-5.0/alsa-info-fix-racy-addition-deletion-of-nodes.patch
new file mode 100644 (file)
index 0000000..984d97d
--- /dev/null
@@ -0,0 +1,59 @@
+From 8c2f870890fd28e023b0fcf49dcee333f2c8bad7 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 16 Apr 2019 15:25:00 +0200
+Subject: ALSA: info: Fix racy addition/deletion of nodes
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 8c2f870890fd28e023b0fcf49dcee333f2c8bad7 upstream.
+
+The ALSA proc helper manages the child nodes in a linked list, but its
+addition and deletion is done without any lock.  This leads to a
+corruption if they are operated concurrently.  Usually this isn't a
+problem because the proc entries are added sequentially in the driver
+probe procedure itself.  But the card registrations are done often
+asynchronously, and the crash could be actually reproduced with
+syzkaller.
+
+This patch papers over it by protecting the link addition and deletion
+with the parent's mutex.  There is "access" mutex that is used for the
+file access, and this can be reused for this purpose as well.
+
+Reported-by: syzbot+48df349490c36f9f54ab@syzkaller.appspotmail.com
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/core/info.c |   12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/sound/core/info.c
++++ b/sound/core/info.c
+@@ -722,8 +722,11 @@ snd_info_create_entry(const char *name,
+       INIT_LIST_HEAD(&entry->children);
+       INIT_LIST_HEAD(&entry->list);
+       entry->parent = parent;
+-      if (parent)
++      if (parent) {
++              mutex_lock(&parent->access);
+               list_add_tail(&entry->list, &parent->children);
++              mutex_unlock(&parent->access);
++      }
+       return entry;
+ }
+@@ -805,7 +808,12 @@ void snd_info_free_entry(struct snd_info
+       list_for_each_entry_safe(p, n, &entry->children, list)
+               snd_info_free_entry(p);
+-      list_del(&entry->list);
++      p = entry->parent;
++      if (p) {
++              mutex_lock(&p->access);
++              list_del(&entry->list);
++              mutex_unlock(&p->access);
++      }
+       kfree(entry->name);
+       if (entry->private_free)
+               entry->private_free(entry);
diff --git a/queue-5.0/device_cgroup-fix-rcu-imbalance-in-error-case.patch b/queue-5.0/device_cgroup-fix-rcu-imbalance-in-error-case.patch
new file mode 100644 (file)
index 0000000..593340e
--- /dev/null
@@ -0,0 +1,42 @@
+From 0fcc4c8c044e117ac126ab6df4138ea9a67fa2a9 Mon Sep 17 00:00:00 2001
+From: Jann Horn <jannh@google.com>
+Date: Tue, 19 Mar 2019 02:36:59 +0100
+Subject: device_cgroup: fix RCU imbalance in error case
+
+From: Jann Horn <jannh@google.com>
+
+commit 0fcc4c8c044e117ac126ab6df4138ea9a67fa2a9 upstream.
+
+When dev_exception_add() returns an error (due to a failed memory
+allocation), make sure that we move the RCU preemption count back to where
+it was before we were called. We dropped the RCU read lock inside the loop
+body, so we can't just "break".
+
+sparse complains about this, too:
+
+$ make -s C=2 security/device_cgroup.o
+./include/linux/rcupdate.h:647:9: warning: context imbalance in
+'propagate_exception' - unexpected unlock
+
+Fixes: d591fb56618f ("device_cgroup: simplify cgroup tree walk in propagate_exception()")
+Cc: stable@vger.kernel.org
+Signed-off-by: Jann Horn <jannh@google.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/device_cgroup.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/security/device_cgroup.c
++++ b/security/device_cgroup.c
+@@ -560,7 +560,7 @@ static int propagate_exception(struct de
+                   devcg->behavior == DEVCG_DEFAULT_ALLOW) {
+                       rc = dev_exception_add(devcg, ex);
+                       if (rc)
+-                              break;
++                              return rc;
+               } else {
+                       /*
+                        * in the other possible cases:
diff --git a/queue-5.0/mm-memory_hotplug-do-not-unlock-after-failing-to-take-the-device_hotplug_lock.patch b/queue-5.0/mm-memory_hotplug-do-not-unlock-after-failing-to-take-the-device_hotplug_lock.patch
new file mode 100644 (file)
index 0000000..e8918ca
--- /dev/null
@@ -0,0 +1,45 @@
+From 37803841c92d7b327147e0b1be3436423189e1cf Mon Sep 17 00:00:00 2001
+From: zhong jiang <zhongjiang@huawei.com>
+Date: Thu, 18 Apr 2019 17:50:16 -0700
+Subject: mm/memory_hotplug: do not unlock after failing to take the device_hotplug_lock
+
+From: zhong jiang <zhongjiang@huawei.com>
+
+commit 37803841c92d7b327147e0b1be3436423189e1cf upstream.
+
+When adding memory by probing a memory block in the sysfs interface,
+there is an obvious issue where we will unlock the device_hotplug_lock
+when we failed to takes it.
+
+That issue was introduced in 8df1d0e4a265 ("mm/memory_hotplug: make
+add_memory() take the device_hotplug_lock").
+
+We should drop out in time when failing to take the device_hotplug_lock.
+
+Link: http://lkml.kernel.org/r/1554696437-9593-1-git-send-email-zhongjiang@huawei.com
+Fixes: 8df1d0e4a265 ("mm/memory_hotplug: make add_memory() take the device_hotplug_lock")
+Signed-off-by: zhong jiang <zhongjiang@huawei.com>
+Reported-by: Yang yingliang <yangyingliang@huawei.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Reviewed-by: Oscar Salvador <osalvador@suse.de>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/memory.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/base/memory.c
++++ b/drivers/base/memory.c
+@@ -505,7 +505,7 @@ static ssize_t probe_store(struct device
+       ret = lock_device_hotplug_sysfs();
+       if (ret)
+-              goto out;
++              return ret;
+       nid = memory_add_physaddr_to_nid(phys_addr);
+       ret = __add_memory(nid, phys_addr,
diff --git a/queue-5.0/mm-vmstat.c-fix-proc-vmstat-format-for-config_debug_tlbflush-y-config_smp-n.patch b/queue-5.0/mm-vmstat.c-fix-proc-vmstat-format-for-config_debug_tlbflush-y-config_smp-n.patch
new file mode 100644 (file)
index 0000000..face91e
--- /dev/null
@@ -0,0 +1,50 @@
+From e8277b3b52240ec1caad8e6df278863e4bf42eac Mon Sep 17 00:00:00 2001
+From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+Date: Thu, 18 Apr 2019 17:50:20 -0700
+Subject: mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
+
+From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+
+commit e8277b3b52240ec1caad8e6df278863e4bf42eac upstream.
+
+Commit 58bc4c34d249 ("mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly")
+depends on skipping vmstat entries with empty name introduced in
+7aaf77272358 ("mm: don't show nr_indirectly_reclaimable in
+/proc/vmstat") but reverted in b29940c1abd7 ("mm: rename and change
+semantics of nr_indirectly_reclaimable_bytes").
+
+So skipping no longer works and /proc/vmstat has misformatted lines " 0".
+
+This patch simply shows debug counters "nr_tlb_remote_*" for UP.
+
+Link: http://lkml.kernel.org/r/155481488468.467.4295519102880913454.stgit@buzz
+Fixes: 58bc4c34d249 ("mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly")
+Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+Acked-by: Vlastimil Babka <vbabka@suse.cz>
+Cc: Roman Gushchin <guro@fb.com>
+Cc: Jann Horn <jannh@google.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/vmstat.c |    5 -----
+ 1 file changed, 5 deletions(-)
+
+--- a/mm/vmstat.c
++++ b/mm/vmstat.c
+@@ -1274,13 +1274,8 @@ const char * const vmstat_text[] = {
+ #endif
+ #endif /* CONFIG_MEMORY_BALLOON */
+ #ifdef CONFIG_DEBUG_TLBFLUSH
+-#ifdef CONFIG_SMP
+       "nr_tlb_remote_flush",
+       "nr_tlb_remote_flush_received",
+-#else
+-      "", /* nr_tlb_remote_flush */
+-      "", /* nr_tlb_remote_flush_received */
+-#endif /* CONFIG_SMP */
+       "nr_tlb_local_flush_all",
+       "nr_tlb_local_flush_one",
+ #endif /* CONFIG_DEBUG_TLBFLUSH */
diff --git a/queue-5.0/mt76x02-avoid-status_list.lock-and-sta-rate_ctrl_lock-dependency.patch b/queue-5.0/mt76x02-avoid-status_list.lock-and-sta-rate_ctrl_lock-dependency.patch
new file mode 100644 (file)
index 0000000..6e53128
--- /dev/null
@@ -0,0 +1,212 @@
+From bafdf85dfa59374f927ff597bc8c259193afda30 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Fri, 5 Apr 2019 13:42:56 +0200
+Subject: mt76x02: avoid status_list.lock and sta->rate_ctrl_lock dependency
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit bafdf85dfa59374f927ff597bc8c259193afda30 upstream.
+
+Move ieee80211_tx_status_ext() outside of status_list lock section
+in order to avoid locking dependency and possible deadlock reposed by
+LOCKDEP in below warning.
+
+Also do mt76_tx_status_lock() just before it's needed.
+
+[  440.224832] WARNING: possible circular locking dependency detected
+[  440.224833] 5.1.0-rc2+ #22 Not tainted
+[  440.224834] ------------------------------------------------------
+[  440.224835] kworker/u16:28/2362 is trying to acquire lock:
+[  440.224836] 0000000089b8cacf (&(&q->lock)->rlock#2){+.-.}, at: mt76_wake_tx_queue+0x4c/0xb0 [mt76]
+[  440.224842]
+               but task is already holding lock:
+[  440.224842] 000000002cfedc59 (&(&sta->lock)->rlock){+.-.}, at: ieee80211_stop_tx_ba_cb+0x32/0x1f0 [mac80211]
+[  440.224863]
+               which lock already depends on the new lock.
+
+[  440.224863]
+               the existing dependency chain (in reverse order) is:
+[  440.224864]
+               -> #3 (&(&sta->lock)->rlock){+.-.}:
+[  440.224869]        _raw_spin_lock_bh+0x34/0x40
+[  440.224880]        ieee80211_start_tx_ba_session+0xe4/0x3d0 [mac80211]
+[  440.224894]        minstrel_ht_get_rate+0x45c/0x510 [mac80211]
+[  440.224906]        rate_control_get_rate+0xc1/0x140 [mac80211]
+[  440.224918]        ieee80211_tx_h_rate_ctrl+0x195/0x3c0 [mac80211]
+[  440.224930]        ieee80211_xmit_fast+0x26d/0xa50 [mac80211]
+[  440.224942]        __ieee80211_subif_start_xmit+0xfc/0x310 [mac80211]
+[  440.224954]        ieee80211_subif_start_xmit+0x38/0x390 [mac80211]
+[  440.224956]        dev_hard_start_xmit+0xb8/0x300
+[  440.224957]        __dev_queue_xmit+0x7d4/0xbb0
+[  440.224968]        ip6_finish_output2+0x246/0x860 [ipv6]
+[  440.224978]        mld_sendpack+0x1bd/0x360 [ipv6]
+[  440.224987]        mld_ifc_timer_expire+0x1a4/0x2f0 [ipv6]
+[  440.224989]        call_timer_fn+0x89/0x2a0
+[  440.224990]        run_timer_softirq+0x1bd/0x4d0
+[  440.224992]        __do_softirq+0xdb/0x47c
+[  440.224994]        irq_exit+0xfa/0x100
+[  440.224996]        smp_apic_timer_interrupt+0x9a/0x220
+[  440.224997]        apic_timer_interrupt+0xf/0x20
+[  440.224999]        cpuidle_enter_state+0xc1/0x470
+[  440.225000]        do_idle+0x21a/0x260
+[  440.225001]        cpu_startup_entry+0x19/0x20
+[  440.225004]        start_secondary+0x135/0x170
+[  440.225006]        secondary_startup_64+0xa4/0xb0
+[  440.225007]
+               -> #2 (&(&sta->rate_ctrl_lock)->rlock){+.-.}:
+[  440.225009]        _raw_spin_lock_bh+0x34/0x40
+[  440.225022]        rate_control_tx_status+0x4f/0xb0 [mac80211]
+[  440.225031]        ieee80211_tx_status_ext+0x142/0x1a0 [mac80211]
+[  440.225035]        mt76x02_send_tx_status+0x2e4/0x340 [mt76x02_lib]
+[  440.225037]        mt76x02_tx_status_data+0x31/0x40 [mt76x02_lib]
+[  440.225040]        mt76u_tx_status_data+0x51/0xa0 [mt76_usb]
+[  440.225042]        process_one_work+0x237/0x5d0
+[  440.225043]        worker_thread+0x3c/0x390
+[  440.225045]        kthread+0x11d/0x140
+[  440.225046]        ret_from_fork+0x3a/0x50
+[  440.225047]
+               -> #1 (&(&list->lock)->rlock#8){+.-.}:
+[  440.225049]        _raw_spin_lock_bh+0x34/0x40
+[  440.225052]        mt76_tx_status_skb_add+0x51/0x100 [mt76]
+[  440.225054]        mt76x02u_tx_prepare_skb+0xbd/0x116 [mt76x02_usb]
+[  440.225056]        mt76u_tx_queue_skb+0x5f/0x180 [mt76_usb]
+[  440.225058]        mt76_tx+0x93/0x190 [mt76]
+[  440.225070]        ieee80211_tx_frags+0x148/0x210 [mac80211]
+[  440.225081]        __ieee80211_tx+0x75/0x1b0 [mac80211]
+[  440.225092]        ieee80211_tx+0xde/0x110 [mac80211]
+[  440.225105]        __ieee80211_tx_skb_tid_band+0x72/0x90 [mac80211]
+[  440.225122]        ieee80211_send_auth+0x1f3/0x360 [mac80211]
+[  440.225141]        ieee80211_auth.cold.40+0x6c/0x100 [mac80211]
+[  440.225156]        ieee80211_mgd_auth.cold.50+0x132/0x15f [mac80211]
+[  440.225171]        cfg80211_mlme_auth+0x149/0x360 [cfg80211]
+[  440.225181]        nl80211_authenticate+0x273/0x2e0 [cfg80211]
+[  440.225183]        genl_family_rcv_msg+0x196/0x3a0
+[  440.225184]        genl_rcv_msg+0x47/0x8e
+[  440.225185]        netlink_rcv_skb+0x3a/0xf0
+[  440.225187]        genl_rcv+0x24/0x40
+[  440.225188]        netlink_unicast+0x16d/0x210
+[  440.225189]        netlink_sendmsg+0x204/0x3b0
+[  440.225191]        sock_sendmsg+0x36/0x40
+[  440.225193]        ___sys_sendmsg+0x259/0x2b0
+[  440.225194]        __sys_sendmsg+0x47/0x80
+[  440.225196]        do_syscall_64+0x60/0x1f0
+[  440.225197]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
+[  440.225198]
+               -> #0 (&(&q->lock)->rlock#2){+.-.}:
+[  440.225200]        lock_acquire+0xb9/0x1a0
+[  440.225202]        _raw_spin_lock_bh+0x34/0x40
+[  440.225204]        mt76_wake_tx_queue+0x4c/0xb0 [mt76]
+[  440.225215]        ieee80211_agg_start_txq+0xe8/0x2b0 [mac80211]
+[  440.225225]        ieee80211_stop_tx_ba_cb+0xb8/0x1f0 [mac80211]
+[  440.225235]        ieee80211_ba_session_work+0x1c1/0x2f0 [mac80211]
+[  440.225236]        process_one_work+0x237/0x5d0
+[  440.225237]        worker_thread+0x3c/0x390
+[  440.225239]        kthread+0x11d/0x140
+[  440.225240]        ret_from_fork+0x3a/0x50
+[  440.225240]
+               other info that might help us debug this:
+
+[  440.225241] Chain exists of:
+                 &(&q->lock)->rlock#2 --> &(&sta->rate_ctrl_lock)->rlock --> &(&sta->lock)->rlock
+
+[  440.225243]  Possible unsafe locking scenario:
+
+[  440.225244]        CPU0                    CPU1
+[  440.225244]        ----                    ----
+[  440.225245]   lock(&(&sta->lock)->rlock);
+[  440.225245]                                lock(&(&sta->rate_ctrl_lock)->rlock);
+[  440.225246]                                lock(&(&sta->lock)->rlock);
+[  440.225247]   lock(&(&q->lock)->rlock#2);
+[  440.225248]
+                *** DEADLOCK ***
+
+[  440.225249] 5 locks held by kworker/u16:28/2362:
+[  440.225250]  #0: 0000000048fcd291 ((wq_completion)phy0){+.+.}, at: process_one_work+0x1b5/0x5d0
+[  440.225252]  #1: 00000000f1c6828f ((work_completion)(&sta->ampdu_mlme.work)){+.+.}, at: process_one_work+0x1b5/0x5d0
+[  440.225254]  #2: 00000000433d2b2c (&sta->ampdu_mlme.mtx){+.+.}, at: ieee80211_ba_session_work+0x5c/0x2f0 [mac80211]
+[  440.225265]  #3: 000000002cfedc59 (&(&sta->lock)->rlock){+.-.}, at: ieee80211_stop_tx_ba_cb+0x32/0x1f0 [mac80211]
+[  440.225276]  #4: 000000009d7b9a44 (rcu_read_lock){....}, at: ieee80211_agg_start_txq+0x33/0x2b0 [mac80211]
+[  440.225286]
+               stack backtrace:
+[  440.225288] CPU: 2 PID: 2362 Comm: kworker/u16:28 Not tainted 5.1.0-rc2+ #22
+[  440.225289] Hardware name: LENOVO 20KGS23S0P/20KGS23S0P, BIOS N23ET55W (1.30 ) 08/31/2018
+[  440.225300] Workqueue: phy0 ieee80211_ba_session_work [mac80211]
+[  440.225301] Call Trace:
+[  440.225304]  dump_stack+0x85/0xc0
+[  440.225306]  print_circular_bug.isra.38.cold.58+0x15c/0x195
+[  440.225307]  check_prev_add.constprop.48+0x5f0/0xc00
+[  440.225309]  ? check_prev_add.constprop.48+0x39d/0xc00
+[  440.225311]  ? __lock_acquire+0x41d/0x1100
+[  440.225312]  __lock_acquire+0xd98/0x1100
+[  440.225313]  ? __lock_acquire+0x41d/0x1100
+[  440.225315]  lock_acquire+0xb9/0x1a0
+[  440.225317]  ? mt76_wake_tx_queue+0x4c/0xb0 [mt76]
+[  440.225319]  _raw_spin_lock_bh+0x34/0x40
+[  440.225321]  ? mt76_wake_tx_queue+0x4c/0xb0 [mt76]
+[  440.225323]  mt76_wake_tx_queue+0x4c/0xb0 [mt76]
+[  440.225334]  ieee80211_agg_start_txq+0xe8/0x2b0 [mac80211]
+[  440.225344]  ieee80211_stop_tx_ba_cb+0xb8/0x1f0 [mac80211]
+[  440.225354]  ieee80211_ba_session_work+0x1c1/0x2f0 [mac80211]
+[  440.225356]  process_one_work+0x237/0x5d0
+[  440.225358]  worker_thread+0x3c/0x390
+[  440.225359]  ? wq_calc_node_cpumask+0x70/0x70
+[  440.225360]  kthread+0x11d/0x140
+[  440.225362]  ? kthread_create_on_node+0x40/0x40
+[  440.225363]  ret_from_fork+0x3a/0x50
+
+Cc: stable@vger.kernel.org
+Fixes: 88046b2c9f6d ("mt76: add support for reporting tx status with skb")
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Acked-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/mediatek/mt76/mt76x02_mac.c |   14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/wireless/mediatek/mt76/mt76x02_mac.c
++++ b/drivers/net/wireless/mediatek/mt76/mt76x02_mac.c
+@@ -421,7 +421,6 @@ void mt76x02_send_tx_status(struct mt76x
+               return;
+       rcu_read_lock();
+-      mt76_tx_status_lock(mdev, &list);
+       if (stat->wcid < ARRAY_SIZE(dev->mt76.wcid))
+               wcid = rcu_dereference(dev->mt76.wcid[stat->wcid]);
+@@ -434,6 +433,8 @@ void mt76x02_send_tx_status(struct mt76x
+                                         drv_priv);
+       }
++      mt76_tx_status_lock(mdev, &list);
++
+       if (wcid) {
+               if (stat->pktid)
+                       status.skb = mt76_tx_status_skb_get(mdev, wcid,
+@@ -453,7 +454,9 @@ void mt76x02_send_tx_status(struct mt76x
+               if (*update == 0 && stat_val == stat_cache &&
+                   stat->wcid == msta->status.wcid && msta->n_frames < 32) {
+                       msta->n_frames++;
+-                      goto out;
++                      mt76_tx_status_unlock(mdev, &list);
++                      rcu_read_unlock();
++                      return;
+               }
+               mt76x02_mac_fill_tx_status(dev, status.info, &msta->status,
+@@ -469,11 +472,10 @@ void mt76x02_send_tx_status(struct mt76x
+       if (status.skb)
+               mt76_tx_status_skb_done(mdev, status.skb, &list);
+-      else
+-              ieee80211_tx_status_ext(mt76_hw(dev), &status);
+-
+-out:
+       mt76_tx_status_unlock(mdev, &list);
++
++      if (!status.skb)
++              ieee80211_tx_status_ext(mt76_hw(dev), &status);
+       rcu_read_unlock();
+ }
diff --git a/queue-5.0/percpu-stop-printing-kernel-addresses.patch b/queue-5.0/percpu-stop-printing-kernel-addresses.patch
new file mode 100644 (file)
index 0000000..a4a0870
--- /dev/null
@@ -0,0 +1,50 @@
+From 00206a69ee32f03e6f40837684dcbe475ea02266 Mon Sep 17 00:00:00 2001
+From: Matteo Croce <mcroce@redhat.com>
+Date: Mon, 18 Mar 2019 02:32:36 +0100
+Subject: percpu: stop printing kernel addresses
+
+From: Matteo Croce <mcroce@redhat.com>
+
+commit 00206a69ee32f03e6f40837684dcbe475ea02266 upstream.
+
+Since commit ad67b74d2469d9b8 ("printk: hash addresses printed with %p"),
+at boot "____ptrval____" is printed instead of actual addresses:
+
+    percpu: Embedded 38 pages/cpu @(____ptrval____) s124376 r0 d31272 u524288
+
+Instead of changing the print to "%px", and leaking kernel addresses,
+just remove the print completely, cfr. e.g. commit 071929dbdd865f77
+("arm64: Stop printing the virtual memory layout").
+
+Signed-off-by: Matteo Croce <mcroce@redhat.com>
+Signed-off-by: Dennis Zhou <dennis@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/percpu.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/mm/percpu.c
++++ b/mm/percpu.c
+@@ -2531,8 +2531,8 @@ int __init pcpu_embed_first_chunk(size_t
+               ai->groups[group].base_offset = areas[group] - base;
+       }
+-      pr_info("Embedded %zu pages/cpu @%p s%zu r%zu d%zu u%zu\n",
+-              PFN_DOWN(size_sum), base, ai->static_size, ai->reserved_size,
++      pr_info("Embedded %zu pages/cpu s%zu r%zu d%zu u%zu\n",
++              PFN_DOWN(size_sum), ai->static_size, ai->reserved_size,
+               ai->dyn_size, ai->unit_size);
+       rc = pcpu_setup_first_chunk(ai, base);
+@@ -2653,8 +2653,8 @@ int __init pcpu_page_first_chunk(size_t
+       }
+       /* we're ready, commit */
+-      pr_info("%d %s pages/cpu @%p s%zu r%zu d%zu\n",
+-              unit_pages, psize_str, vm.addr, ai->static_size,
++      pr_info("%d %s pages/cpu s%zu r%zu d%zu\n",
++              unit_pages, psize_str, ai->static_size,
+               ai->reserved_size, ai->dyn_size);
+       rc = pcpu_setup_first_chunk(ai, vm.addr);
diff --git a/queue-5.0/perf-ring_buffer-fix-aux-record-suppression.patch b/queue-5.0/perf-ring_buffer-fix-aux-record-suppression.patch
new file mode 100644 (file)
index 0000000..688d43f
--- /dev/null
@@ -0,0 +1,82 @@
+From 339bc4183596e1f68c2c98a03b87aa124107c317 Mon Sep 17 00:00:00 2001
+From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Date: Fri, 29 Mar 2019 11:13:38 +0200
+Subject: perf/ring_buffer: Fix AUX record suppression
+
+From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+
+commit 339bc4183596e1f68c2c98a03b87aa124107c317 upstream.
+
+The following commit:
+
+  1627314fb54a33e ("perf: Suppress AUX/OVERWRITE records")
+
+has an unintended side-effect of also suppressing all AUX records with no flags
+and non-zero size, so all the regular records in the full trace mode.
+This breaks some use cases for people.
+
+Fix this by restoring "regular" AUX records.
+
+Reported-by: Ben Gainey <Ben.Gainey@arm.com>
+Tested-by: Ben Gainey <Ben.Gainey@arm.com>
+Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: <stable@vger.kernel.org>
+Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Stephane Eranian <eranian@google.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Vince Weaver <vincent.weaver@maine.edu>
+Fixes: 1627314fb54a33e ("perf: Suppress AUX/OVERWRITE records")
+Link: https://lkml.kernel.org/r/20190329091338.29999-1-alexander.shishkin@linux.intel.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/events/ring_buffer.c |   33 +++++++++++++++------------------
+ 1 file changed, 15 insertions(+), 18 deletions(-)
+
+--- a/kernel/events/ring_buffer.c
++++ b/kernel/events/ring_buffer.c
+@@ -456,24 +456,21 @@ void perf_aux_output_end(struct perf_out
+               rb->aux_head += size;
+       }
+-      if (size || handle->aux_flags) {
+-              /*
+-               * Only send RECORD_AUX if we have something useful to communicate
+-               *
+-               * Note: the OVERWRITE records by themselves are not considered
+-               * useful, as they don't communicate any *new* information,
+-               * aside from the short-lived offset, that becomes history at
+-               * the next event sched-in and therefore isn't useful.
+-               * The userspace that needs to copy out AUX data in overwrite
+-               * mode should know to use user_page::aux_head for the actual
+-               * offset. So, from now on we don't output AUX records that
+-               * have *only* OVERWRITE flag set.
+-               */
+-
+-              if (handle->aux_flags & ~(u64)PERF_AUX_FLAG_OVERWRITE)
+-                      perf_event_aux_event(handle->event, aux_head, size,
+-                                           handle->aux_flags);
+-      }
++      /*
++       * Only send RECORD_AUX if we have something useful to communicate
++       *
++       * Note: the OVERWRITE records by themselves are not considered
++       * useful, as they don't communicate any *new* information,
++       * aside from the short-lived offset, that becomes history at
++       * the next event sched-in and therefore isn't useful.
++       * The userspace that needs to copy out AUX data in overwrite
++       * mode should know to use user_page::aux_head for the actual
++       * offset. So, from now on we don't output AUX records that
++       * have *only* OVERWRITE flag set.
++       */
++      if (size || (handle->aux_flags & ~(u64)PERF_AUX_FLAG_OVERWRITE))
++              perf_event_aux_event(handle->event, aux_head, size,
++                                   handle->aux_flags);
+       rb->user_page->aux_head = rb->aux_head;
+       if (rb_need_aux_wakeup(rb))
index dbba7563925aa94a6ad9beecc363c9dd9b003f60..099fce5db49911ef3c56640ee87ad6e38a1bcb0f 100644 (file)
@@ -106,3 +106,10 @@ tpm-fix-the-type-of-the-return-value-in-calc_tpm2_ev.patch
 revert-kbuild-use-oz-instead-of-os-when-using-clang.patch
 sched-fair-limit-sched_cfs_period_timer-loop-to-avoi.patch
 tpm-fix-an-invalid-condition-in-tpm_common_poll.patch
+mt76x02-avoid-status_list.lock-and-sta-rate_ctrl_lock-dependency.patch
+device_cgroup-fix-rcu-imbalance-in-error-case.patch
+perf-ring_buffer-fix-aux-record-suppression.patch
+mm-memory_hotplug-do-not-unlock-after-failing-to-take-the-device_hotplug_lock.patch
+mm-vmstat.c-fix-proc-vmstat-format-for-config_debug_tlbflush-y-config_smp-n.patch
+alsa-info-fix-racy-addition-deletion-of-nodes.patch
+percpu-stop-printing-kernel-addresses.patch