--- /dev/null
+From daaca3522a8e67c46e39ef09c1d542e866f85f3b Mon Sep 17 00:00:00 2001
+From: Ming Lei <ming.lei@redhat.com>
+Date: Mon, 14 Mar 2022 12:30:18 +0800
+Subject: block: release rq qos structures for queue without disk
+
+From: Ming Lei <ming.lei@redhat.com>
+
+commit daaca3522a8e67c46e39ef09c1d542e866f85f3b upstream.
+
+blkcg_init_queue() may add rq qos structures to request queue, previously
+blk_cleanup_queue() calls rq_qos_exit() to release them, but commit
+8e141f9eb803 ("block: drain file system I/O on del_gendisk")
+moves rq_qos_exit() into del_gendisk(), so memory leak is caused
+because queues may not have disk, such as un-present scsi luns, nvme
+admin queue, ...
+
+Fixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back.
+
+BTW, v5.18 won't need this patch any more since we move
+blkcg_init_queue()/blkcg_exit_queue() into disk allocation/release
+handler, and patches have been in for-5.18/block.
+
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: stable@vger.kernel.org
+Fixes: 8e141f9eb803 ("block: drain file system I/O on del_gendisk")
+Reported-by: syzbot+b42749a851a47a0f581b@syzkaller.appspotmail.com
+Signed-off-by: Ming Lei <ming.lei@redhat.com>
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Link: https://lore.kernel.org/r/20220314043018.177141-1-ming.lei@redhat.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ block/blk-core.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/block/blk-core.c
++++ b/block/blk-core.c
+@@ -51,6 +51,7 @@
+ #include "blk-mq-sched.h"
+ #include "blk-pm.h"
+ #include "blk-throttle.h"
++#include "blk-rq-qos.h"
+
+ struct dentry *blk_debugfs_root;
+
+@@ -354,6 +355,9 @@ void blk_cleanup_queue(struct request_qu
+ */
+ blk_freeze_queue(q);
+
++ /* cleanup rq qos structures for queue without disk */
++ rq_qos_exit(q);
++
+ blk_queue_flag_set(QUEUE_FLAG_DEAD, q);
+
+ blk_sync_queue(q);
--- /dev/null
+From a680b1832ced3b5fa7c93484248fd221ea0d614b Mon Sep 17 00:00:00 2001
+From: Brian Masney <bmasney@redhat.com>
+Date: Thu, 10 Mar 2022 18:24:59 -0500
+Subject: crypto: qcom-rng - ensure buffer for generate is completely filled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Brian Masney <bmasney@redhat.com>
+
+commit a680b1832ced3b5fa7c93484248fd221ea0d614b upstream.
+
+The generate function in struct rng_alg expects that the destination
+buffer is completely filled if the function returns 0. qcom_rng_read()
+can run into a situation where the buffer is partially filled with
+randomness and the remaining part of the buffer is zeroed since
+qcom_rng_generate() doesn't check the return value. This issue can
+be reproduced by running the following from libkcapi:
+
+ kcapi-rng -b 9000000 > OUTFILE
+
+The generated OUTFILE will have three huge sections that contain all
+zeros, and this is caused by the code where the test
+'val & PRNG_STATUS_DATA_AVAIL' fails.
+
+Let's fix this issue by ensuring that qcom_rng_read() always returns
+with a full buffer if the function returns success. Let's also have
+qcom_rng_generate() return the correct value.
+
+Here's some statistics from the ent project
+(https://www.fourmilab.ch/random/) that shows information about the
+quality of the generated numbers:
+
+ $ ent -c qcom-random-before
+ Value Char Occurrences Fraction
+ 0 606748 0.067416
+ 1 33104 0.003678
+ 2 33001 0.003667
+ ...
+ 253 � 32883 0.003654
+ 254 � 33035 0.003671
+ 255 � 33239 0.003693
+
+ Total: 9000000 1.000000
+
+ Entropy = 7.811590 bits per byte.
+
+ Optimum compression would reduce the size
+ of this 9000000 byte file by 2 percent.
+
+ Chi square distribution for 9000000 samples is 9329962.81, and
+ randomly would exceed this value less than 0.01 percent of the
+ times.
+
+ Arithmetic mean value of data bytes is 119.3731 (127.5 = random).
+ Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).
+ Serial correlation coefficient is 0.159130 (totally uncorrelated =
+ 0.0).
+
+Without this patch, the results of the chi-square test is 0.01%, and
+the numbers are certainly not random according to ent's project page.
+The results improve with this patch:
+
+ $ ent -c qcom-random-after
+ Value Char Occurrences Fraction
+ 0 35432 0.003937
+ 1 35127 0.003903
+ 2 35424 0.003936
+ ...
+ 253 � 35201 0.003911
+ 254 � 34835 0.003871
+ 255 � 35368 0.003930
+
+ Total: 9000000 1.000000
+
+ Entropy = 7.999979 bits per byte.
+
+ Optimum compression would reduce the size
+ of this 9000000 byte file by 0 percent.
+
+ Chi square distribution for 9000000 samples is 258.77, and randomly
+ would exceed this value 42.24 percent of the times.
+
+ Arithmetic mean value of data bytes is 127.5006 (127.5 = random).
+ Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).
+ Serial correlation coefficient is 0.000468 (totally uncorrelated =
+ 0.0).
+
+This change was tested on a Nexus 5 phone (msm8974 SoC).
+
+Signed-off-by: Brian Masney <bmasney@redhat.com>
+Fixes: ceec5f5b5988 ("crypto: qcom-rng - Add Qcom prng driver")
+Cc: stable@vger.kernel.org # 4.19+
+Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
+Reviewed-by: Andrew Halaney <ahalaney@redhat.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/qcom-rng.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+--- a/drivers/crypto/qcom-rng.c
++++ b/drivers/crypto/qcom-rng.c
+@@ -8,6 +8,7 @@
+ #include <linux/clk.h>
+ #include <linux/crypto.h>
+ #include <linux/io.h>
++#include <linux/iopoll.h>
+ #include <linux/module.h>
+ #include <linux/of.h>
+ #include <linux/platform_device.h>
+@@ -43,16 +44,19 @@ static int qcom_rng_read(struct qcom_rng
+ {
+ unsigned int currsize = 0;
+ u32 val;
++ int ret;
+
+ /* read random data from hardware */
+ do {
+- val = readl_relaxed(rng->base + PRNG_STATUS);
+- if (!(val & PRNG_STATUS_DATA_AVAIL))
+- break;
++ ret = readl_poll_timeout(rng->base + PRNG_STATUS, val,
++ val & PRNG_STATUS_DATA_AVAIL,
++ 200, 10000);
++ if (ret)
++ return ret;
+
+ val = readl_relaxed(rng->base + PRNG_DATA_OUT);
+ if (!val)
+- break;
++ return -EINVAL;
+
+ if ((max - currsize) >= WORD_SZ) {
+ memcpy(data, &val, WORD_SZ);
+@@ -61,11 +65,10 @@ static int qcom_rng_read(struct qcom_rng
+ } else {
+ /* copy only remaining bytes */
+ memcpy(data, &val, max - currsize);
+- break;
+ }
+ } while (currsize < max);
+
+- return currsize;
++ return 0;
+ }
+
+ static int qcom_rng_generate(struct crypto_rng *tfm,
+@@ -87,7 +90,7 @@ static int qcom_rng_generate(struct cryp
+ mutex_unlock(&rng->lock);
+ clk_disable_unprepare(rng->clk);
+
+- return 0;
++ return ret;
+ }
+
+ static int qcom_rng_seed(struct crypto_rng *tfm, const u8 *seed,
--- /dev/null
+From 40ce1121c1d76daf9048a86e36c83e469281b9fd Mon Sep 17 00:00:00 2001
+From: Jocelyn Falempe <jfalempe@redhat.com>
+Date: Tue, 8 Mar 2022 18:43:21 +0100
+Subject: drm/mgag200: Fix PLL setup for g200wb and g200ew
+
+From: Jocelyn Falempe <jfalempe@redhat.com>
+
+commit 40ce1121c1d76daf9048a86e36c83e469281b9fd upstream.
+
+commit f86c3ed55920 ("drm/mgag200: Split PLL setup into compute and
+ update functions") introduced a regression for g200wb and g200ew.
+The PLLs are not set up properly, and VGA screen stays
+black, or displays "out of range" message.
+
+MGA1064_WB_PIX_PLLC_N/M/P was mistakenly replaced with
+MGA1064_PIX_PLLC_N/M/P which have different addresses.
+
+Patch tested on a Dell T310 with g200wb
+
+Fixes: f86c3ed55920 ("drm/mgag200: Split PLL setup into compute and update functions")
+Cc: stable@vger.kernel.org
+Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com>
+Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
+Link: https://patchwork.freedesktop.org/patch/msgid/20220308174321.225606-1-jfalempe@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/mgag200/mgag200_pll.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/gpu/drm/mgag200/mgag200_pll.c
++++ b/drivers/gpu/drm/mgag200/mgag200_pll.c
+@@ -404,9 +404,9 @@ mgag200_pixpll_update_g200wb(struct mgag
+ udelay(50);
+
+ /* program pixel pll register */
+- WREG_DAC(MGA1064_PIX_PLLC_N, xpixpllcn);
+- WREG_DAC(MGA1064_PIX_PLLC_M, xpixpllcm);
+- WREG_DAC(MGA1064_PIX_PLLC_P, xpixpllcp);
++ WREG_DAC(MGA1064_WB_PIX_PLLC_N, xpixpllcn);
++ WREG_DAC(MGA1064_WB_PIX_PLLC_M, xpixpllcm);
++ WREG_DAC(MGA1064_WB_PIX_PLLC_P, xpixpllcp);
+
+ udelay(50);
+
--- /dev/null
+From 029c4628b2eb2ca969e9bf979b05dc18d8d5575e Mon Sep 17 00:00:00 2001
+From: Guo Ziliang <guo.ziliang@zte.com.cn>
+Date: Wed, 16 Mar 2022 16:15:03 -0700
+Subject: mm: swap: get rid of livelock in swapin readahead
+
+From: Guo Ziliang <guo.ziliang@zte.com.cn>
+
+commit 029c4628b2eb2ca969e9bf979b05dc18d8d5575e upstream.
+
+In our testing, a livelock task was found. Through sysrq printing, same
+stack was found every time, as follows:
+
+ __swap_duplicate+0x58/0x1a0
+ swapcache_prepare+0x24/0x30
+ __read_swap_cache_async+0xac/0x220
+ read_swap_cache_async+0x58/0xa0
+ swapin_readahead+0x24c/0x628
+ do_swap_page+0x374/0x8a0
+ __handle_mm_fault+0x598/0xd60
+ handle_mm_fault+0x114/0x200
+ do_page_fault+0x148/0x4d0
+ do_translation_fault+0xb0/0xd4
+ do_mem_abort+0x50/0xb0
+
+The reason for the livelock is that swapcache_prepare() always returns
+EEXIST, indicating that SWAP_HAS_CACHE has not been cleared, so that it
+cannot jump out of the loop. We suspect that the task that clears the
+SWAP_HAS_CACHE flag never gets a chance to run. We try to lower the
+priority of the task stuck in a livelock so that the task that clears
+the SWAP_HAS_CACHE flag will run. The results show that the system
+returns to normal after the priority is lowered.
+
+In our testing, multiple real-time tasks are bound to the same core, and
+the task in the livelock is the highest priority task of the core, so
+the livelocked task cannot be preempted.
+
+Although cond_resched() is used by __read_swap_cache_async, it is an
+empty function in the preemptive system and cannot achieve the purpose
+of releasing the CPU. A high-priority task cannot release the CPU
+unless preempted by a higher-priority task. But when this task is
+already the highest priority task on this core, other tasks will not be
+able to be scheduled. So we think we should replace cond_resched() with
+schedule_timeout_uninterruptible(1), schedule_timeout_interruptible will
+call set_current_state first to set the task state, so the task will be
+removed from the running queue, so as to achieve the purpose of giving
+up the CPU and prevent it from running in kernel mode for too long.
+
+(akpm: ugly hack becomes uglier. But it fixes the issue in a
+backportable-to-stable fashion while we hopefully work on something
+better)
+
+Link: https://lkml.kernel.org/r/20220221111749.1928222-1-cgel.zte@gmail.com
+Signed-off-by: Guo Ziliang <guo.ziliang@zte.com.cn>
+Reported-by: Zeal Robot <zealci@zte.com.cn>
+Reviewed-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
+Reviewed-by: Jiang Xuexin <jiang.xuexin@zte.com.cn>
+Reviewed-by: Yang Yang <yang.yang29@zte.com.cn>
+Acked-by: Hugh Dickins <hughd@google.com>
+Cc: Naoya Horiguchi <naoya.horiguchi@nec.com>
+Cc: Michal Hocko <mhocko@kernel.org>
+Cc: Minchan Kim <minchan@kernel.org>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Cc: Roger Quadros <rogerq@kernel.org>
+Cc: Ziliang Guo <guo.ziliang@zte.com.cn>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/swap_state.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/swap_state.c
++++ b/mm/swap_state.c
+@@ -478,7 +478,7 @@ struct page *__read_swap_cache_async(swp
+ * __read_swap_cache_async(), which has set SWAP_HAS_CACHE
+ * in swap_map, but not yet added its page to swap cache.
+ */
+- cond_resched();
++ schedule_timeout_uninterruptible(1);
+ }
+
+ /*
--- /dev/null
+From 7b0b1332cfdb94489836b67d088a779699f8e47e Mon Sep 17 00:00:00 2001
+From: Joseph Qi <joseph.qi@linux.alibaba.com>
+Date: Wed, 16 Mar 2022 16:15:09 -0700
+Subject: ocfs2: fix crash when initialize filecheck kobj fails
+
+From: Joseph Qi <joseph.qi@linux.alibaba.com>
+
+commit 7b0b1332cfdb94489836b67d088a779699f8e47e upstream.
+
+Once s_root is set, genric_shutdown_super() will be called if
+fill_super() fails. That means, we will call ocfs2_dismount_volume()
+twice in such case, which can lead to kernel crash.
+
+Fix this issue by initializing filecheck kobj before setting s_root.
+
+Link: https://lkml.kernel.org/r/20220310081930.86305-1-joseph.qi@linux.alibaba.com
+Fixes: 5f483c4abb50 ("ocfs2: add kobject for online file check")
+Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Cc: Mark Fasheh <mark@fasheh.com>
+Cc: Joel Becker <jlbec@evilplan.org>
+Cc: Junxiao Bi <junxiao.bi@oracle.com>
+Cc: Changwei Ge <gechangwei@live.cn>
+Cc: Gang He <ghe@suse.com>
+Cc: Jun Piao <piaojun@huawei.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ocfs2/super.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+--- a/fs/ocfs2/super.c
++++ b/fs/ocfs2/super.c
+@@ -1106,17 +1106,6 @@ static int ocfs2_fill_super(struct super
+ goto read_super_error;
+ }
+
+- root = d_make_root(inode);
+- if (!root) {
+- status = -ENOMEM;
+- mlog_errno(status);
+- goto read_super_error;
+- }
+-
+- sb->s_root = root;
+-
+- ocfs2_complete_mount_recovery(osb);
+-
+ osb->osb_dev_kset = kset_create_and_add(sb->s_id, NULL,
+ &ocfs2_kset->kobj);
+ if (!osb->osb_dev_kset) {
+@@ -1134,6 +1123,17 @@ static int ocfs2_fill_super(struct super
+ goto read_super_error;
+ }
+
++ root = d_make_root(inode);
++ if (!root) {
++ status = -ENOMEM;
++ mlog_errno(status);
++ goto read_super_error;
++ }
++
++ sb->s_root = root;
++
++ ocfs2_complete_mount_recovery(osb);
++
+ if (ocfs2_mount_local(osb))
+ snprintf(nodestr, sizeof(nodestr), "local");
+ else
--- /dev/null
+crypto-qcom-rng-ensure-buffer-for-generate-is-completely-filled.patch
+ocfs2-fix-crash-when-initialize-filecheck-kobj-fails.patch
+mm-swap-get-rid-of-livelock-in-swapin-readahead.patch
+block-release-rq-qos-structures-for-queue-without-disk.patch
+drm-mgag200-fix-pll-setup-for-g200wb-and-g200ew.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
