]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
4.4-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 21 Mar 2019 10:23:50 +0000 (11:23 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 21 Mar 2019 10:23:50 +0000 (11:23 +0100)
added patches:
md-fix-failed-allocation-of-md_register_thread.patch
nfs-don-t-recoalesce-on-error-in-nfs_pageio_complete_mirror.patch
nfs-fix-an-i-o-request-leakage-in-nfs_do_recoalesce.patch
nfs41-pop-some-layoutget-errors-to-application.patch
nfsd-fix-memory-corruption-caused-by-readdir.patch
nfsd-fix-wrong-check-in-write_v4_end_grace.patch
perf-auxtrace-define-auxtrace-record-alignment.patch
perf-intel-pt-fix-cyc-timestamp-calculation-after-ovf.patch
perf-intel-pt-fix-overlap-calculation-for-padding.patch
pm-wakeup-rework-wakeup-source-timer-cancellation.patch

queue-4.4/md-fix-failed-allocation-of-md_register_thread.patch [new file with mode: 0644]
queue-4.4/nfs-don-t-recoalesce-on-error-in-nfs_pageio_complete_mirror.patch [new file with mode: 0644]
queue-4.4/nfs-fix-an-i-o-request-leakage-in-nfs_do_recoalesce.patch [new file with mode: 0644]
queue-4.4/nfs41-pop-some-layoutget-errors-to-application.patch [new file with mode: 0644]
queue-4.4/nfsd-fix-memory-corruption-caused-by-readdir.patch [new file with mode: 0644]
queue-4.4/nfsd-fix-wrong-check-in-write_v4_end_grace.patch [new file with mode: 0644]
queue-4.4/perf-auxtrace-define-auxtrace-record-alignment.patch [new file with mode: 0644]
queue-4.4/perf-intel-pt-fix-cyc-timestamp-calculation-after-ovf.patch [new file with mode: 0644]
queue-4.4/perf-intel-pt-fix-overlap-calculation-for-padding.patch [new file with mode: 0644]
queue-4.4/pm-wakeup-rework-wakeup-source-timer-cancellation.patch [new file with mode: 0644]
queue-4.4/series

diff --git a/queue-4.4/md-fix-failed-allocation-of-md_register_thread.patch b/queue-4.4/md-fix-failed-allocation-of-md_register_thread.patch
new file mode 100644 (file)
index 0000000..7b65d86
--- /dev/null
@@ -0,0 +1,49 @@
+From e406f12dde1a8375d77ea02d91f313fb1a9c6aec Mon Sep 17 00:00:00 2001
+From: Aditya Pakki <pakki001@umn.edu>
+Date: Mon, 4 Mar 2019 16:48:54 -0600
+Subject: md: Fix failed allocation of md_register_thread
+
+From: Aditya Pakki <pakki001@umn.edu>
+
+commit e406f12dde1a8375d77ea02d91f313fb1a9c6aec upstream.
+
+mddev->sync_thread can be set to NULL on kzalloc failure downstream.
+The patch checks for such a scenario and frees allocated resources.
+
+Committer node:
+
+Added similar fix to raid5.c, as suggested by Guoqing.
+
+Cc: stable@vger.kernel.org # v3.16+
+Acked-by: Guoqing Jiang <gqjiang@suse.com>
+Signed-off-by: Aditya Pakki <pakki001@umn.edu>
+Signed-off-by: Song Liu <songliubraving@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/raid10.c |    2 ++
+ drivers/md/raid5.c  |    2 ++
+ 2 files changed, 4 insertions(+)
+
+--- a/drivers/md/raid10.c
++++ b/drivers/md/raid10.c
+@@ -3755,6 +3755,8 @@ static int run(struct mddev *mddev)
+               set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
+               mddev->sync_thread = md_register_thread(md_do_sync, mddev,
+                                                       "reshape");
++              if (!mddev->sync_thread)
++                      goto out_free_conf;
+       }
+       return 0;
+--- a/drivers/md/raid5.c
++++ b/drivers/md/raid5.c
+@@ -6973,6 +6973,8 @@ static int run(struct mddev *mddev)
+               set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
+               mddev->sync_thread = md_register_thread(md_do_sync, mddev,
+                                                       "reshape");
++              if (!mddev->sync_thread)
++                      goto abort;
+       }
+       /* Ok, everything is just fine now */
diff --git a/queue-4.4/nfs-don-t-recoalesce-on-error-in-nfs_pageio_complete_mirror.patch b/queue-4.4/nfs-don-t-recoalesce-on-error-in-nfs_pageio_complete_mirror.patch
new file mode 100644 (file)
index 0000000..b8f6368
--- /dev/null
@@ -0,0 +1,32 @@
+From 8127d82705998568b52ac724e28e00941538083d Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Fri, 15 Feb 2019 16:08:25 -0500
+Subject: NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
+
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+
+commit 8127d82705998568b52ac724e28e00941538083d upstream.
+
+If the I/O completion failed with a fatal error, then we should just
+exit nfs_pageio_complete_mirror() rather than try to recoalesce.
+
+Fixes: a7d42ddb3099 ("nfs: add mirroring support to pgio layer")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Cc: stable@vger.kernel.org # v4.0+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/pagelist.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfs/pagelist.c
++++ b/fs/nfs/pagelist.c
+@@ -1202,7 +1202,7 @@ static void nfs_pageio_complete_mirror(s
+               desc->pg_mirror_idx = mirror_idx;
+       for (;;) {
+               nfs_pageio_doio(desc);
+-              if (!mirror->pg_recoalesce)
++              if (desc->pg_error < 0 || !mirror->pg_recoalesce)
+                       break;
+               if (!nfs_do_recoalesce(desc))
+                       break;
diff --git a/queue-4.4/nfs-fix-an-i-o-request-leakage-in-nfs_do_recoalesce.patch b/queue-4.4/nfs-fix-an-i-o-request-leakage-in-nfs_do_recoalesce.patch
new file mode 100644 (file)
index 0000000..8d94ee6
--- /dev/null
@@ -0,0 +1,31 @@
+From 4d91969ed4dbcefd0e78f77494f0cb8fada9048a Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Fri, 15 Feb 2019 14:59:52 -0500
+Subject: NFS: Fix an I/O request leakage in nfs_do_recoalesce
+
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+
+commit 4d91969ed4dbcefd0e78f77494f0cb8fada9048a upstream.
+
+Whether we need to exit early, or just reprocess the list, we
+must not lost track of the request which failed to get recoalesced.
+
+Fixes: 03d5eb65b538 ("NFS: Fix a memory leak in nfs_do_recoalesce")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Cc: stable@vger.kernel.org # v4.0+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/pagelist.c |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/fs/nfs/pagelist.c
++++ b/fs/nfs/pagelist.c
+@@ -1107,7 +1107,6 @@ static int nfs_do_recoalesce(struct nfs_
+                       struct nfs_page *req;
+                       req = list_first_entry(&head, struct nfs_page, wb_list);
+-                      nfs_list_remove_request(req);
+                       if (__nfs_pageio_add_request(desc, req))
+                               continue;
+                       if (desc->pg_error < 0) {
diff --git a/queue-4.4/nfs41-pop-some-layoutget-errors-to-application.patch b/queue-4.4/nfs41-pop-some-layoutget-errors-to-application.patch
new file mode 100644 (file)
index 0000000..2556ab9
--- /dev/null
@@ -0,0 +1,302 @@
+From d600ad1f2bdbf97c4818dcc85b174f72c90c21bd Mon Sep 17 00:00:00 2001
+From: Peng Tao <tao.peng@primarydata.com>
+Date: Fri, 4 Dec 2015 02:57:48 +0800
+Subject: NFS41: pop some layoutget errors to application
+
+From: Peng Tao <tao.peng@primarydata.com>
+
+commit d600ad1f2bdbf97c4818dcc85b174f72c90c21bd upstream.
+
+For ERESTARTSYS/EIO/EROFS/ENOSPC/E2BIG in layoutget, we
+should just bail out instead of hiding the error and
+retrying inband IO.
+
+Change all the call sites to pop the error all the way up.
+
+Signed-off-by: Peng Tao <tao.peng@primarydata.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/direct.c                        |   15 ++++++++++++++-
+ fs/nfs/filelayout/filelayout.c         |   17 +++++++++++++++--
+ fs/nfs/flexfilelayout/flexfilelayout.c |   25 ++++++++++++++++++++++---
+ fs/nfs/pagelist.c                      |    9 ++++++++-
+ fs/nfs/pnfs.c                          |   24 ++++++++++++++++++------
+ fs/nfs/read.c                          |    2 +-
+ 6 files changed, 78 insertions(+), 14 deletions(-)
+
+--- a/fs/nfs/direct.c
++++ b/fs/nfs/direct.c
+@@ -670,6 +670,10 @@ static void nfs_direct_write_reschedule(
+       req = nfs_list_entry(reqs.next);
+       nfs_direct_setup_mirroring(dreq, &desc, req);
++      if (desc.pg_error < 0) {
++              list_splice_init(&reqs, &failed);
++              goto out_failed;
++      }
+       list_for_each_entry_safe(req, tmp, &reqs, wb_list) {
+               if (!nfs_pageio_add_request(&desc, req)) {
+@@ -677,13 +681,17 @@ static void nfs_direct_write_reschedule(
+                       nfs_list_add_request(req, &failed);
+                       spin_lock(cinfo.lock);
+                       dreq->flags = 0;
+-                      dreq->error = -EIO;
++                      if (desc.pg_error < 0)
++                              dreq->error = desc.pg_error;
++                      else
++                              dreq->error = -EIO;
+                       spin_unlock(cinfo.lock);
+               }
+               nfs_release_request(req);
+       }
+       nfs_pageio_complete(&desc);
++out_failed:
+       while (!list_empty(&failed)) {
+               req = nfs_list_entry(failed.next);
+               nfs_list_remove_request(req);
+@@ -898,6 +906,11 @@ static ssize_t nfs_direct_write_schedule
+                       }
+                       nfs_direct_setup_mirroring(dreq, &desc, req);
++                      if (desc.pg_error < 0) {
++                              nfs_free_request(req);
++                              result = desc.pg_error;
++                              break;
++                      }
+                       nfs_lock_request(req);
+                       req->wb_index = pos >> PAGE_SHIFT;
+--- a/fs/nfs/filelayout/filelayout.c
++++ b/fs/nfs/filelayout/filelayout.c
+@@ -882,13 +882,19 @@ static void
+ filelayout_pg_init_read(struct nfs_pageio_descriptor *pgio,
+                       struct nfs_page *req)
+ {
+-      if (!pgio->pg_lseg)
++      if (!pgio->pg_lseg) {
+               pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+                                          req->wb_context,
+                                          0,
+                                          NFS4_MAX_UINT64,
+                                          IOMODE_READ,
+                                          GFP_KERNEL);
++              if (IS_ERR(pgio->pg_lseg)) {
++                      pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++                      pgio->pg_lseg = NULL;
++                      return;
++              }
++      }
+       /* If no lseg, fall back to read through mds */
+       if (pgio->pg_lseg == NULL)
+               nfs_pageio_reset_read_mds(pgio);
+@@ -901,13 +907,20 @@ filelayout_pg_init_write(struct nfs_page
+       struct nfs_commit_info cinfo;
+       int status;
+-      if (!pgio->pg_lseg)
++      if (!pgio->pg_lseg) {
+               pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+                                          req->wb_context,
+                                          0,
+                                          NFS4_MAX_UINT64,
+                                          IOMODE_RW,
+                                          GFP_NOFS);
++              if (IS_ERR(pgio->pg_lseg)) {
++                      pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++                      pgio->pg_lseg = NULL;
++                      return;
++              }
++      }
++
+       /* If no lseg, fall back to write through mds */
+       if (pgio->pg_lseg == NULL)
+               goto out_mds;
+--- a/fs/nfs/flexfilelayout/flexfilelayout.c
++++ b/fs/nfs/flexfilelayout/flexfilelayout.c
+@@ -786,13 +786,19 @@ ff_layout_pg_init_read(struct nfs_pageio
+       int ds_idx;
+       /* Use full layout for now */
+-      if (!pgio->pg_lseg)
++      if (!pgio->pg_lseg) {
+               pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+                                                  req->wb_context,
+                                                  0,
+                                                  NFS4_MAX_UINT64,
+                                                  IOMODE_READ,
+                                                  GFP_KERNEL);
++              if (IS_ERR(pgio->pg_lseg)) {
++                      pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++                      pgio->pg_lseg = NULL;
++                      return;
++              }
++      }
+       /* If no lseg, fall back to read through mds */
+       if (pgio->pg_lseg == NULL)
+               goto out_mds;
+@@ -826,13 +832,19 @@ ff_layout_pg_init_write(struct nfs_pagei
+       int i;
+       int status;
+-      if (!pgio->pg_lseg)
++      if (!pgio->pg_lseg) {
+               pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+                                                  req->wb_context,
+                                                  0,
+                                                  NFS4_MAX_UINT64,
+                                                  IOMODE_RW,
+                                                  GFP_NOFS);
++              if (IS_ERR(pgio->pg_lseg)) {
++                      pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++                      pgio->pg_lseg = NULL;
++                      return;
++              }
++      }
+       /* If no lseg, fall back to write through mds */
+       if (pgio->pg_lseg == NULL)
+               goto out_mds;
+@@ -868,18 +880,25 @@ static unsigned int
+ ff_layout_pg_get_mirror_count_write(struct nfs_pageio_descriptor *pgio,
+                                   struct nfs_page *req)
+ {
+-      if (!pgio->pg_lseg)
++      if (!pgio->pg_lseg) {
+               pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+                                                  req->wb_context,
+                                                  0,
+                                                  NFS4_MAX_UINT64,
+                                                  IOMODE_RW,
+                                                  GFP_NOFS);
++              if (IS_ERR(pgio->pg_lseg)) {
++                      pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++                      pgio->pg_lseg = NULL;
++                      goto out;
++              }
++      }
+       if (pgio->pg_lseg)
+               return FF_LAYOUT_MIRROR_COUNT(pgio->pg_lseg);
+       /* no lseg means that pnfs is not in use, so no mirroring here */
+       nfs_pageio_reset_write_mds(pgio);
++out:
+       return 1;
+ }
+--- a/fs/nfs/pagelist.c
++++ b/fs/nfs/pagelist.c
+@@ -872,6 +872,9 @@ static int nfs_pageio_setup_mirroring(st
+       mirror_count = pgio->pg_ops->pg_get_mirror_count(pgio, req);
++      if (pgio->pg_error < 0)
++              return pgio->pg_error;
++
+       if (!mirror_count || mirror_count > NFS_PAGEIO_DESCRIPTOR_MIRROR_MAX)
+               return -EINVAL;
+@@ -980,6 +983,8 @@ static int nfs_pageio_do_add_request(str
+       } else {
+               if (desc->pg_ops->pg_init)
+                       desc->pg_ops->pg_init(desc, req);
++              if (desc->pg_error < 0)
++                      return 0;
+               mirror->pg_base = req->wb_pgbase;
+       }
+       if (!nfs_can_coalesce_requests(prev, req, desc))
+@@ -1145,6 +1150,8 @@ int nfs_pageio_add_request(struct nfs_pa
+       bytes = req->wb_bytes;
+       nfs_pageio_setup_mirroring(desc, req);
++      if (desc->pg_error < 0)
++              return 0;
+       for (midx = 0; midx < desc->pg_mirror_count; midx++) {
+               if (midx) {
+@@ -1230,7 +1237,7 @@ int nfs_pageio_resend(struct nfs_pageio_
+       nfs_pageio_complete(desc);
+       if (!list_empty(&failed)) {
+               list_move(&failed, &hdr->pages);
+-              return -EIO;
++              return desc->pg_error < 0 ? desc->pg_error : -EIO;
+       }
+       return 0;
+ }
+--- a/fs/nfs/pnfs.c
++++ b/fs/nfs/pnfs.c
+@@ -909,14 +909,15 @@ send_layoutget(struct pnfs_layout_hdr *l
+       if (IS_ERR(lseg)) {
+               switch (PTR_ERR(lseg)) {
+-              case -ENOMEM:
+               case -ERESTARTSYS:
++              case -EIO:
++              case -ENOSPC:
++              case -EROFS:
++              case -E2BIG:
+                       break;
+               default:
+-                      /* remember that LAYOUTGET failed and suspend trying */
+-                      pnfs_layout_io_set_failed(lo, range->iomode);
++                      return NULL;
+               }
+-              return NULL;
+       } else
+               pnfs_layout_clear_fail_bit(lo,
+                               pnfs_iomode_to_fail_bit(range->iomode));
+@@ -1625,7 +1626,7 @@ out:
+                       "(%s, offset: %llu, length: %llu)\n",
+                       __func__, ino->i_sb->s_id,
+                       (unsigned long long)NFS_FILEID(ino),
+-                      lseg == NULL ? "not found" : "found",
++                      IS_ERR_OR_NULL(lseg) ? "not found" : "found",
+                       iomode==IOMODE_RW ?  "read/write" : "read-only",
+                       (unsigned long long)pos,
+                       (unsigned long long)count);
+@@ -1804,6 +1805,11 @@ pnfs_generic_pg_init_read(struct nfs_pag
+                                                  rd_size,
+                                                  IOMODE_READ,
+                                                  GFP_KERNEL);
++              if (IS_ERR(pgio->pg_lseg)) {
++                      pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++                      pgio->pg_lseg = NULL;
++                      return;
++              }
+       }
+       /* If no lseg, fall back to read through mds */
+       if (pgio->pg_lseg == NULL)
+@@ -1816,13 +1822,19 @@ void
+ pnfs_generic_pg_init_write(struct nfs_pageio_descriptor *pgio,
+                          struct nfs_page *req, u64 wb_size)
+ {
+-      if (pgio->pg_lseg == NULL)
++      if (pgio->pg_lseg == NULL) {
+               pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+                                                  req->wb_context,
+                                                  req_offset(req),
+                                                  wb_size,
+                                                  IOMODE_RW,
+                                                  GFP_NOFS);
++              if (IS_ERR(pgio->pg_lseg)) {
++                      pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++                      pgio->pg_lseg = NULL;
++                      return;
++              }
++      }
+       /* If no lseg, fall back to write through mds */
+       if (pgio->pg_lseg == NULL)
+               nfs_pageio_reset_write_mds(pgio);
+--- a/fs/nfs/read.c
++++ b/fs/nfs/read.c
+@@ -115,7 +115,7 @@ int nfs_readpage_async(struct nfs_open_c
+       pgm = &pgio.pg_mirrors[0];
+       NFS_I(inode)->read_io += pgm->pg_bytes_written;
+-      return 0;
++      return pgio.pg_error < 0 ? pgio.pg_error : 0;
+ }
+ static void nfs_readpage_release(struct nfs_page *req)
diff --git a/queue-4.4/nfsd-fix-memory-corruption-caused-by-readdir.patch b/queue-4.4/nfsd-fix-memory-corruption-caused-by-readdir.patch
new file mode 100644 (file)
index 0000000..ac8bad4
--- /dev/null
@@ -0,0 +1,98 @@
+From b602345da6cbb135ba68cf042df8ec9a73da7981 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.com>
+Date: Mon, 4 Mar 2019 14:08:22 +1100
+Subject: nfsd: fix memory corruption caused by readdir
+
+From: NeilBrown <neilb@suse.com>
+
+commit b602345da6cbb135ba68cf042df8ec9a73da7981 upstream.
+
+If the result of an NFSv3 readdir{,plus} request results in the
+"offset" on one entry having to be split across 2 pages, and is sized
+so that the next directory entry doesn't fit in the requested size,
+then memory corruption can happen.
+
+When encode_entry() is called after encoding the last entry that fits,
+it notices that ->offset and ->offset1 are set, and so stores the
+offset value in the two pages as required.  It clears ->offset1 but
+*does not* clear ->offset.
+
+Normally this omission doesn't matter as encode_entry_baggage() will
+be called, and will set ->offset to a suitable value (not on a page
+boundary).
+But in the case where cd->buflen < elen and nfserr_toosmall is
+returned, ->offset is not reset.
+
+This means that nfsd3proc_readdirplus will see ->offset with a value 4
+bytes before the end of a page, and ->offset1 set to NULL.
+It will try to write 8bytes to ->offset.
+If we are lucky, the next page will be read-only, and the system will
+  BUG: unable to handle kernel paging request at...
+
+If we are unlucky, some innocent page will have the first 4 bytes
+corrupted.
+
+nfsd3proc_readdir() doesn't even check for ->offset1, it just blindly
+writes 8 bytes to the offset wherever it is.
+
+Fix this by clearing ->offset after it is used, and copying the
+->offset handling code from nfsd3_proc_readdirplus into
+nfsd3_proc_readdir.
+
+(Note that the commit hash in the Fixes tag is from the 'history'
+ tree - this bug predates git).
+
+Fixes: 0b1d57cf7654 ("[PATCH] kNFSd: Fix nfs3 dentry encoding")
+Fixes-URL: https://git.kernel.org/pub/scm/linux/kernel/git/history/history.git/commit/?id=0b1d57cf7654
+Cc: stable@vger.kernel.org (v2.6.12+)
+Signed-off-by: NeilBrown <neilb@suse.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs3proc.c |   16 ++++++++++++++--
+ fs/nfsd/nfs3xdr.c  |    1 +
+ 2 files changed, 15 insertions(+), 2 deletions(-)
+
+--- a/fs/nfsd/nfs3proc.c
++++ b/fs/nfsd/nfs3proc.c
+@@ -430,8 +430,19 @@ nfsd3_proc_readdir(struct svc_rqst *rqst
+                                       &resp->common, nfs3svc_encode_entry);
+       memcpy(resp->verf, argp->verf, 8);
+       resp->count = resp->buffer - argp->buffer;
+-      if (resp->offset)
+-              xdr_encode_hyper(resp->offset, argp->cookie);
++      if (resp->offset) {
++              loff_t offset = argp->cookie;
++
++              if (unlikely(resp->offset1)) {
++                      /* we ended up with offset on a page boundary */
++                      *resp->offset = htonl(offset >> 32);
++                      *resp->offset1 = htonl(offset & 0xffffffff);
++                      resp->offset1 = NULL;
++              } else {
++                      xdr_encode_hyper(resp->offset, offset);
++              }
++              resp->offset = NULL;
++      }
+       RETURN_STATUS(nfserr);
+ }
+@@ -499,6 +510,7 @@ nfsd3_proc_readdirplus(struct svc_rqst *
+               } else {
+                       xdr_encode_hyper(resp->offset, offset);
+               }
++              resp->offset = NULL;
+       }
+       RETURN_STATUS(nfserr);
+--- a/fs/nfsd/nfs3xdr.c
++++ b/fs/nfsd/nfs3xdr.c
+@@ -898,6 +898,7 @@ encode_entry(struct readdir_cd *ccd, con
+               } else {
+                       xdr_encode_hyper(cd->offset, offset64);
+               }
++              cd->offset = NULL;
+       }
+       /*
diff --git a/queue-4.4/nfsd-fix-wrong-check-in-write_v4_end_grace.patch b/queue-4.4/nfsd-fix-wrong-check-in-write_v4_end_grace.patch
new file mode 100644 (file)
index 0000000..786b93c
--- /dev/null
@@ -0,0 +1,35 @@
+From dd838821f0a29781b185cd8fb8e48d5c177bd838 Mon Sep 17 00:00:00 2001
+From: Yihao Wu <wuyihao@linux.alibaba.com>
+Date: Wed, 6 Mar 2019 21:03:50 +0800
+Subject: nfsd: fix wrong check in write_v4_end_grace()
+
+From: Yihao Wu <wuyihao@linux.alibaba.com>
+
+commit dd838821f0a29781b185cd8fb8e48d5c177bd838 upstream.
+
+Commit 62a063b8e7d1 "nfsd4: fix crash on writing v4_end_grace before
+nfsd startup" is trying to fix a NULL dereference issue, but it
+mistakenly checks if the nfsd server is started. So fix it.
+
+Fixes: 62a063b8e7d1 "nfsd4: fix crash on writing v4_end_grace before nfsd startup"
+Cc: stable@vger.kernel.org
+Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Signed-off-by: Yihao Wu <wuyihao@linux.alibaba.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfsctl.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfsctl.c
++++ b/fs/nfsd/nfsctl.c
+@@ -1106,7 +1106,7 @@ static ssize_t write_v4_end_grace(struct
+               case 'Y':
+               case 'y':
+               case '1':
+-                      if (nn->nfsd_serv)
++                      if (!nn->nfsd_serv)
+                               return -EBUSY;
+                       nfsd4_end_grace(nn);
+                       break;
diff --git a/queue-4.4/perf-auxtrace-define-auxtrace-record-alignment.patch b/queue-4.4/perf-auxtrace-define-auxtrace-record-alignment.patch
new file mode 100644 (file)
index 0000000..ce6dfcc
--- /dev/null
@@ -0,0 +1,52 @@
+From c3fcadf0bb765faf45d6d562246e1d08885466df Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 6 Feb 2019 12:39:43 +0200
+Subject: perf auxtrace: Define auxtrace record alignment
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit c3fcadf0bb765faf45d6d562246e1d08885466df upstream.
+
+Define auxtrace record alignment so that it can be referenced elsewhere.
+
+Note this is preparation for patch "perf intel-pt: Fix overlap calculation
+for padding"
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/20190206103947.15750-2-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/auxtrace.c |    4 ++--
+ tools/perf/util/auxtrace.h |    3 +++
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+--- a/tools/perf/util/auxtrace.c
++++ b/tools/perf/util/auxtrace.c
+@@ -1226,9 +1226,9 @@ static int __auxtrace_mmap__read(struct
+       }
+       /* padding must be written by fn() e.g. record__process_auxtrace() */
+-      padding = size & 7;
++      padding = size & (PERF_AUXTRACE_RECORD_ALIGNMENT - 1);
+       if (padding)
+-              padding = 8 - padding;
++              padding = PERF_AUXTRACE_RECORD_ALIGNMENT - padding;
+       memset(&ev, 0, sizeof(ev));
+       ev.auxtrace.header.type = PERF_RECORD_AUXTRACE;
+--- a/tools/perf/util/auxtrace.h
++++ b/tools/perf/util/auxtrace.h
+@@ -37,6 +37,9 @@ struct record_opts;
+ struct auxtrace_info_event;
+ struct events_stats;
++/* Auxtrace records must have the same alignment as perf event records */
++#define PERF_AUXTRACE_RECORD_ALIGNMENT 8
++
+ enum auxtrace_type {
+       PERF_AUXTRACE_UNKNOWN,
+       PERF_AUXTRACE_INTEL_PT,
diff --git a/queue-4.4/perf-intel-pt-fix-cyc-timestamp-calculation-after-ovf.patch b/queue-4.4/perf-intel-pt-fix-cyc-timestamp-calculation-after-ovf.patch
new file mode 100644 (file)
index 0000000..2bae7ad
--- /dev/null
@@ -0,0 +1,36 @@
+From 03997612904866abe7cdcc992784ef65cb3a4b81 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 6 Feb 2019 12:39:45 +0200
+Subject: perf intel-pt: Fix CYC timestamp calculation after OVF
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 03997612904866abe7cdcc992784ef65cb3a4b81 upstream.
+
+CYC packet timestamp calculation depends upon CBR which was being
+cleared upon overflow (OVF). That can cause errors due to failing to
+synchronize with sideband events. Even if a CBR change has been lost,
+the old CBR is still a better estimate than zero. So remove the clearing
+of CBR.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/20190206103947.15750-4-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -1281,7 +1281,6 @@ static int intel_pt_overflow(struct inte
+ {
+       intel_pt_log("ERROR: Buffer overflow\n");
+       intel_pt_clear_tx_flags(decoder);
+-      decoder->cbr = 0;
+       decoder->timestamp_insn_cnt = 0;
+       decoder->pkt_state = INTEL_PT_STATE_ERR_RESYNC;
+       decoder->overflow = true;
diff --git a/queue-4.4/perf-intel-pt-fix-overlap-calculation-for-padding.patch b/queue-4.4/perf-intel-pt-fix-overlap-calculation-for-padding.patch
new file mode 100644 (file)
index 0000000..ddae073
--- /dev/null
@@ -0,0 +1,90 @@
+From 5a99d99e3310a565b0cf63f785b347be9ee0da45 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 6 Feb 2019 12:39:44 +0200
+Subject: perf intel-pt: Fix overlap calculation for padding
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 5a99d99e3310a565b0cf63f785b347be9ee0da45 upstream.
+
+Auxtrace records might have up to 7 bytes of padding appended. Adjust
+the overlap accordingly.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/20190206103947.15750-3-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c |   36 ++++++++++++++++++--
+ 1 file changed, 34 insertions(+), 2 deletions(-)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -26,6 +26,7 @@
+ #include "../cache.h"
+ #include "../util.h"
++#include "../auxtrace.h"
+ #include "intel-pt-insn-decoder.h"
+ #include "intel-pt-pkt-decoder.h"
+@@ -2320,6 +2321,34 @@ static int intel_pt_tsc_cmp(uint64_t tsc
+       }
+ }
++#define MAX_PADDING (PERF_AUXTRACE_RECORD_ALIGNMENT - 1)
++
++/**
++ * adj_for_padding - adjust overlap to account for padding.
++ * @buf_b: second buffer
++ * @buf_a: first buffer
++ * @len_a: size of first buffer
++ *
++ * @buf_a might have up to 7 bytes of padding appended. Adjust the overlap
++ * accordingly.
++ *
++ * Return: A pointer into @buf_b from where non-overlapped data starts
++ */
++static unsigned char *adj_for_padding(unsigned char *buf_b,
++                                    unsigned char *buf_a, size_t len_a)
++{
++      unsigned char *p = buf_b - MAX_PADDING;
++      unsigned char *q = buf_a + len_a - MAX_PADDING;
++      int i;
++
++      for (i = MAX_PADDING; i; i--, p++, q++) {
++              if (*p != *q)
++                      break;
++      }
++
++      return p;
++}
++
+ /**
+  * intel_pt_find_overlap_tsc - determine start of non-overlapped trace data
+  *                             using TSC.
+@@ -2370,8 +2399,11 @@ static unsigned char *intel_pt_find_over
+                       /* Same TSC, so buffers are consecutive */
+                       if (!cmp && rem_b >= rem_a) {
++                              unsigned char *start;
++
+                               *consecutive = true;
+-                              return buf_b + len_b - (rem_b - rem_a);
++                              start = buf_b + len_b - (rem_b - rem_a);
++                              return adj_for_padding(start, buf_a, len_a);
+                       }
+                       if (cmp < 0)
+                               return buf_b; /* tsc_a < tsc_b => no overlap */
+@@ -2434,7 +2466,7 @@ unsigned char *intel_pt_find_overlap(uns
+               found = memmem(buf_a, len_a, buf_b, len_a);
+               if (found) {
+                       *consecutive = true;
+-                      return buf_b + len_a;
++                      return adj_for_padding(buf_b + len_a, buf_a, len_a);
+               }
+               /* Try again at next PSB in buffer 'a' */
diff --git a/queue-4.4/pm-wakeup-rework-wakeup-source-timer-cancellation.patch b/queue-4.4/pm-wakeup-rework-wakeup-source-timer-cancellation.patch
new file mode 100644 (file)
index 0000000..c4632bb
--- /dev/null
@@ -0,0 +1,55 @@
+From 1fad17fb1bbcd73159c2b992668a6957ecc5af8a Mon Sep 17 00:00:00 2001
+From: Viresh Kumar <viresh.kumar@linaro.org>
+Date: Fri, 8 Mar 2019 15:23:11 +0530
+Subject: PM / wakeup: Rework wakeup source timer cancellation
+
+From: Viresh Kumar <viresh.kumar@linaro.org>
+
+commit 1fad17fb1bbcd73159c2b992668a6957ecc5af8a upstream.
+
+If wakeup_source_add() is called right after wakeup_source_remove()
+for the same wakeup source, timer_setup() may be called for a
+potentially scheduled timer which is incorrect.
+
+To avoid that, move the wakeup source timer cancellation from
+wakeup_source_drop() to wakeup_source_remove().
+
+Moreover, make wakeup_source_remove() clear the timer function after
+canceling the timer to let wakeup_source_not_registered() treat
+unregistered wakeup sources in the same way as the ones that have
+never been registered.
+
+Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
+Cc: 4.4+ <stable@vger.kernel.org> # 4.4+
+[ rjw: Subject, changelog, merged two patches together ]
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/power/wakeup.c |    8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/drivers/base/power/wakeup.c
++++ b/drivers/base/power/wakeup.c
+@@ -113,7 +113,6 @@ void wakeup_source_drop(struct wakeup_so
+       if (!ws)
+               return;
+-      del_timer_sync(&ws->timer);
+       __pm_relax(ws);
+ }
+ EXPORT_SYMBOL_GPL(wakeup_source_drop);
+@@ -201,6 +200,13 @@ void wakeup_source_remove(struct wakeup_
+       list_del_rcu(&ws->entry);
+       spin_unlock_irqrestore(&events_lock, flags);
+       synchronize_srcu(&wakeup_srcu);
++
++      del_timer_sync(&ws->timer);
++      /*
++       * Clear timer.function to make wakeup_source_not_registered() treat
++       * this wakeup source as not registered.
++       */
++      ws->timer.function = NULL;
+ }
+ EXPORT_SYMBOL_GPL(wakeup_source_remove);
index 66ab8615623ded7bad4d9d7a55fa7c30f18543e8..c047d5234803988d73054f975a51c198dd348a5f 100644 (file)
@@ -212,3 +212,13 @@ powerpc-powernv-make-opal-log-only-readable-by-root.patch
 powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch
 arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch
 dm-fix-to_sector-for-32bit.patch
+nfs41-pop-some-layoutget-errors-to-application.patch
+perf-intel-pt-fix-cyc-timestamp-calculation-after-ovf.patch
+perf-auxtrace-define-auxtrace-record-alignment.patch
+perf-intel-pt-fix-overlap-calculation-for-padding.patch
+md-fix-failed-allocation-of-md_register_thread.patch
+nfs-fix-an-i-o-request-leakage-in-nfs_do_recoalesce.patch
+nfs-don-t-recoalesce-on-error-in-nfs_pageio_complete_mirror.patch
+nfsd-fix-memory-corruption-caused-by-readdir.patch
+nfsd-fix-wrong-check-in-write_v4_end_grace.patch
+pm-wakeup-rework-wakeup-source-timer-cancellation.patch