--- /dev/null
+From ab47036d8f7227361cad7894adee8e66ab6f95b2 Mon Sep 17 00:00:00 2001
+From: Chao Yu <yuchao0@huawei.com>
+Date: Wed, 11 May 2016 19:48:44 +0800
+Subject: f2fs: fix deadlock when flush inline data
+
+From: Chao Yu <yuchao0@huawei.com>
+
+commit ab47036d8f7227361cad7894adee8e66ab6f95b2 upstream.
+
+Below backtrace info was reported by Yunlei He:
+
+Call Trace:
+ [<ffffffff817a9395>] schedule+0x35/0x80
+ [<ffffffff817abb7d>] rwsem_down_read_failed+0xed/0x130
+ [<ffffffff813c12a8>] call_rwsem_down_read_failed+0x18/0x
+ [<ffffffff817ab1d0>] down_read+0x20/0x30
+ [<ffffffffa02a1a12>] f2fs_evict_inode+0x242/0x3a0 [f2fs]
+ [<ffffffff81217057>] evict+0xc7/0x1a0
+ [<ffffffff81217cd6>] iput+0x196/0x200
+ [<ffffffff812134f9>] __dentry_kill+0x179/0x1e0
+ [<ffffffff812136f9>] dput+0x199/0x1f0
+ [<ffffffff811fe77b>] __fput+0x18b/0x220
+ [<ffffffff811fe84e>] ____fput+0xe/0x10
+ [<ffffffff81097427>] task_work_run+0x77/0x90
+ [<ffffffff81074d62>] exit_to_usermode_loop+0x73/0xa2
+ [<ffffffff81003b7a>] do_syscall_64+0xfa/0x110
+ [<ffffffff817acf65>] entry_SYSCALL64_slow_path+0x25/0x25
+
+Call Trace:
+ [<ffffffff817a9395>] schedule+0x35/0x80
+ [<ffffffff81216dc3>] __wait_on_freeing_inode+0xa3/0xd0
+ [<ffffffff810bc300>] ? autoremove_wake_function+0x40/0x4
+ [<ffffffff8121771d>] find_inode_fast+0x7d/0xb0
+ [<ffffffff8121794a>] ilookup+0x6a/0xd0
+ [<ffffffffa02bc740>] sync_node_pages+0x210/0x650 [f2fs]
+ [<ffffffff8122e690>] ? do_fsync+0x70/0x70
+ [<ffffffffa02b085e>] block_operations+0x9e/0xf0 [f2fs]
+ [<ffffffff8137b795>] ? bio_endio+0x55/0x60
+ [<ffffffffa02b0942>] write_checkpoint+0x92/0xba0 [f2fs]
+ [<ffffffff8117da57>] ? mempool_free_slab+0x17/0x20
+ [<ffffffff8117de8b>] ? mempool_free+0x2b/0x80
+ [<ffffffff8122e690>] ? do_fsync+0x70/0x70
+ [<ffffffffa02a53e3>] f2fs_sync_fs+0x63/0xd0 [f2fs]
+ [<ffffffff8129630f>] ? ext4_sync_fs+0xbf/0x190
+ [<ffffffff8122e6b0>] sync_fs_one_sb+0x20/0x30
+ [<ffffffff812002e9>] iterate_supers+0xb9/0x110
+ [<ffffffff8122e7b5>] sys_sync+0x55/0x90
+ [<ffffffff81003ae9>] do_syscall_64+0x69/0x110
+ [<ffffffff817acf65>] entry_SYSCALL64_slow_path+0x25/0x25
+
+With following excuting serials, we will set inline_node in inode page
+after inode was unlinked, result in a deadloop described as below:
+1. open file
+2. write file
+3. unlink file
+4. write file
+5. close file
+
+Thread A Thread B
+ - dput
+ - iput_final
+ - inode->i_state |= I_FREEING
+ - evict
+ - f2fs_evict_inode
+ - f2fs_sync_fs
+ - write_checkpoint
+ - block_operations
+ - f2fs_lock_all (down_write(cp_rwsem))
+ - f2fs_lock_op (down_read(cp_rwsem))
+ - sync_node_pages
+ - ilookup
+ - find_inode_fast
+ - __wait_on_freeing_inode
+ (wait on I_FREEING clear)
+
+Here, we change to set inline_node flag only for linked inode for fixing.
+
+Reported-by: Yunlei He <heyunlei@huawei.com>
+Signed-off-by: Chao Yu <yuchao0@huawei.com>
+Tested-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/f2fs/data.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/f2fs/data.c
++++ b/fs/f2fs/data.c
+@@ -1480,7 +1480,8 @@ restart:
+ if (pos + len <= MAX_INLINE_DATA) {
+ read_inline_data(page, ipage);
+ set_inode_flag(F2FS_I(inode), FI_DATA_EXIST);
+- set_inline_node(ipage);
++ if (inode->i_nlink)
++ set_inline_node(ipage);
+ } else {
+ err = f2fs_convert_inline_page(&dn, page);
+ if (err)
--- /dev/null
+From ab4a92e66741b35ca12f8497896bafbe579c28a1 Mon Sep 17 00:00:00 2001
+From: Paul Burton <paul.burton@imgtec.com>
+Date: Thu, 21 Apr 2016 14:04:55 +0100
+Subject: MIPS: math-emu: Fix jalr emulation when rd == $0
+
+From: Paul Burton <paul.burton@imgtec.com>
+
+commit ab4a92e66741b35ca12f8497896bafbe579c28a1 upstream.
+
+When emulating a jalr instruction with rd == $0, the code in
+isBranchInstr was incorrectly writing to GPR $0 which should actually
+always remain zeroed. This would lead to any further instructions
+emulated which use $0 operating on a bogus value until the task is next
+context switched, at which point the value of $0 in the task context
+would be restored to the correct zero by a store in SAVE_SOME. Fix this
+by not writing to rd if it is $0.
+
+Fixes: 102cedc32a6e ("MIPS: microMIPS: Floating point support.")
+Signed-off-by: Paul Burton <paul.burton@imgtec.com>
+Cc: Maciej W. Rozycki <macro@imgtec.com>
+Cc: James Hogan <james.hogan@imgtec.com>
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Patchwork: https://patchwork.linux-mips.org/patch/13160/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/math-emu/cp1emu.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/arch/mips/math-emu/cp1emu.c
++++ b/arch/mips/math-emu/cp1emu.c
+@@ -445,9 +445,11 @@ static int isBranchInstr(struct pt_regs
+ case spec_op:
+ switch (insn.r_format.func) {
+ case jalr_op:
+- regs->regs[insn.r_format.rd] =
+- regs->cp0_epc + dec_insn.pc_inc +
+- dec_insn.next_pc_inc;
++ if (insn.r_format.rd != 0) {
++ regs->regs[insn.r_format.rd] =
++ regs->cp0_epc + dec_insn.pc_inc +
++ dec_insn.next_pc_inc;
++ }
+ /* Fall through */
+ case jr_op:
+ /* For R6, JR already emulated in jalr_op */
--- /dev/null
+From e49d38488515057dba8f0c2ba4cfde5be4a7281f Mon Sep 17 00:00:00 2001
+From: "Maciej W. Rozycki" <macro@imgtec.com>
+Date: Tue, 17 May 2016 06:12:27 +0100
+Subject: MIPS: MSA: Fix a link error on `_init_msa_upper' with older GCC
+
+From: Maciej W. Rozycki <macro@imgtec.com>
+
+commit e49d38488515057dba8f0c2ba4cfde5be4a7281f upstream.
+
+Fix a build regression from commit c9017757c532 ("MIPS: init upper 64b
+of vector registers when MSA is first used"):
+
+arch/mips/built-in.o: In function `enable_restore_fp_context':
+traps.c:(.text+0xbb90): undefined reference to `_init_msa_upper'
+traps.c:(.text+0xbb90): relocation truncated to fit: R_MIPS_26 against `_init_msa_upper'
+traps.c:(.text+0xbef0): undefined reference to `_init_msa_upper'
+traps.c:(.text+0xbef0): relocation truncated to fit: R_MIPS_26 against `_init_msa_upper'
+
+to !CONFIG_CPU_HAS_MSA configurations with older GCC versions, which are
+unable to figure out that calls to `_init_msa_upper' are indeed dead.
+Of the many ways to tackle this failure choose the approach we have
+already taken in `thread_msa_context_live'.
+
+[ralf@linux-mips.org: Drop patch segment to junk file.]
+
+Signed-off-by: Maciej W. Rozycki <macro@imgtec.com>
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/13271/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/msa.h | 13 +++++++++++++
+ arch/mips/kernel/traps.c | 6 +++---
+ 2 files changed, 16 insertions(+), 3 deletions(-)
+
+--- a/arch/mips/include/asm/msa.h
++++ b/arch/mips/include/asm/msa.h
+@@ -147,6 +147,19 @@ static inline void restore_msa(struct ta
+ _restore_msa(t);
+ }
+
++static inline void init_msa_upper(void)
++{
++ /*
++ * Check cpu_has_msa only if it's a constant. This will allow the
++ * compiler to optimise out code for CPUs without MSA without adding
++ * an extra redundant check for CPUs with MSA.
++ */
++ if (__builtin_constant_p(cpu_has_msa) && !cpu_has_msa)
++ return;
++
++ _init_msa_upper();
++}
++
+ #ifdef TOOLCHAIN_SUPPORTS_MSA
+
+ #define __BUILD_MSA_CTL_REG(name, cs) \
+--- a/arch/mips/kernel/traps.c
++++ b/arch/mips/kernel/traps.c
+@@ -1249,7 +1249,7 @@ static int enable_restore_fp_context(int
+ err = init_fpu();
+ if (msa && !err) {
+ enable_msa();
+- _init_msa_upper();
++ init_msa_upper();
+ set_thread_flag(TIF_USEDMSA);
+ set_thread_flag(TIF_MSA_CTX_LIVE);
+ }
+@@ -1312,7 +1312,7 @@ static int enable_restore_fp_context(int
+ */
+ prior_msa = test_and_set_thread_flag(TIF_MSA_CTX_LIVE);
+ if (!prior_msa && was_fpu_owner) {
+- _init_msa_upper();
++ init_msa_upper();
+
+ goto out;
+ }
+@@ -1329,7 +1329,7 @@ static int enable_restore_fp_context(int
+ * of each vector register such that it cannot see data left
+ * behind by another task.
+ */
+- _init_msa_upper();
++ init_msa_upper();
+ } else {
+ /* We need to restore the vector context. */
+ restore_msa(current);
--- /dev/null
+From 41fa29e4d8cf4150568a0fe9bb4d62229f9caed5 Mon Sep 17 00:00:00 2001
+From: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com>
+Date: Tue, 28 Apr 2015 12:53:35 -0700
+Subject: MIPS64: R6: R2 emulation bugfix
+
+From: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com>
+
+commit 41fa29e4d8cf4150568a0fe9bb4d62229f9caed5 upstream.
+
+Error recovery pointers for fixups was improperly set as ".word"
+which is unsuitable for MIPS64.
+
+Replaced by STR(PTR)
+
+[ralf@linux-mips.org: Apply changes as requested in the review process.]
+
+Signed-off-by: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com>
+Reviewed-by: James Hogan <james.hogan@imgtec.com>
+Reviewed-by: Markos Chandras <markos.chandras@imgtec.com>
+Fixes: b0a668fb2038 ("MIPS: kernel: mips-r2-to-r6-emul: Add R2 emulator for MIPS R6")
+Cc: macro@linux-mips.org
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Patchwork: https://patchwork.linux-mips.org/patch/9911/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kernel/mips-r2-to-r6-emul.c | 105 +++++++++++++++++-----------------
+ 1 file changed, 53 insertions(+), 52 deletions(-)
+
+--- a/arch/mips/kernel/mips-r2-to-r6-emul.c
++++ b/arch/mips/kernel/mips-r2-to-r6-emul.c
+@@ -28,6 +28,7 @@
+ #include <asm/inst.h>
+ #include <asm/mips-r2-to-r6-emul.h>
+ #include <asm/local.h>
++#include <asm/mipsregs.h>
+ #include <asm/ptrace.h>
+ #include <asm/uaccess.h>
+
+@@ -1251,10 +1252,10 @@ fpu_emul:
+ " j 10b\n"
+ " .previous\n"
+ " .section __ex_table,\"a\"\n"
+- " .word 1b,8b\n"
+- " .word 2b,8b\n"
+- " .word 3b,8b\n"
+- " .word 4b,8b\n"
++ STR(PTR) " 1b,8b\n"
++ STR(PTR) " 2b,8b\n"
++ STR(PTR) " 3b,8b\n"
++ STR(PTR) " 4b,8b\n"
+ " .previous\n"
+ " .set pop\n"
+ : "+&r"(rt), "=&r"(rs),
+@@ -1326,10 +1327,10 @@ fpu_emul:
+ " j 10b\n"
+ " .previous\n"
+ " .section __ex_table,\"a\"\n"
+- " .word 1b,8b\n"
+- " .word 2b,8b\n"
+- " .word 3b,8b\n"
+- " .word 4b,8b\n"
++ STR(PTR) " 1b,8b\n"
++ STR(PTR) " 2b,8b\n"
++ STR(PTR) " 3b,8b\n"
++ STR(PTR) " 4b,8b\n"
+ " .previous\n"
+ " .set pop\n"
+ : "+&r"(rt), "=&r"(rs),
+@@ -1397,10 +1398,10 @@ fpu_emul:
+ " j 9b\n"
+ " .previous\n"
+ " .section __ex_table,\"a\"\n"
+- " .word 1b,8b\n"
+- " .word 2b,8b\n"
+- " .word 3b,8b\n"
+- " .word 4b,8b\n"
++ STR(PTR) " 1b,8b\n"
++ STR(PTR) " 2b,8b\n"
++ STR(PTR) " 3b,8b\n"
++ STR(PTR) " 4b,8b\n"
+ " .previous\n"
+ " .set pop\n"
+ : "+&r"(rt), "=&r"(rs),
+@@ -1467,10 +1468,10 @@ fpu_emul:
+ " j 9b\n"
+ " .previous\n"
+ " .section __ex_table,\"a\"\n"
+- " .word 1b,8b\n"
+- " .word 2b,8b\n"
+- " .word 3b,8b\n"
+- " .word 4b,8b\n"
++ STR(PTR) " 1b,8b\n"
++ STR(PTR) " 2b,8b\n"
++ STR(PTR) " 3b,8b\n"
++ STR(PTR) " 4b,8b\n"
+ " .previous\n"
+ " .set pop\n"
+ : "+&r"(rt), "=&r"(rs),
+@@ -1582,14 +1583,14 @@ fpu_emul:
+ " j 9b\n"
+ " .previous\n"
+ " .section __ex_table,\"a\"\n"
+- " .word 1b,8b\n"
+- " .word 2b,8b\n"
+- " .word 3b,8b\n"
+- " .word 4b,8b\n"
+- " .word 5b,8b\n"
+- " .word 6b,8b\n"
+- " .word 7b,8b\n"
+- " .word 0b,8b\n"
++ STR(PTR) " 1b,8b\n"
++ STR(PTR) " 2b,8b\n"
++ STR(PTR) " 3b,8b\n"
++ STR(PTR) " 4b,8b\n"
++ STR(PTR) " 5b,8b\n"
++ STR(PTR) " 6b,8b\n"
++ STR(PTR) " 7b,8b\n"
++ STR(PTR) " 0b,8b\n"
+ " .previous\n"
+ " .set pop\n"
+ : "+&r"(rt), "=&r"(rs),
+@@ -1701,14 +1702,14 @@ fpu_emul:
+ " j 9b\n"
+ " .previous\n"
+ " .section __ex_table,\"a\"\n"
+- " .word 1b,8b\n"
+- " .word 2b,8b\n"
+- " .word 3b,8b\n"
+- " .word 4b,8b\n"
+- " .word 5b,8b\n"
+- " .word 6b,8b\n"
+- " .word 7b,8b\n"
+- " .word 0b,8b\n"
++ STR(PTR) " 1b,8b\n"
++ STR(PTR) " 2b,8b\n"
++ STR(PTR) " 3b,8b\n"
++ STR(PTR) " 4b,8b\n"
++ STR(PTR) " 5b,8b\n"
++ STR(PTR) " 6b,8b\n"
++ STR(PTR) " 7b,8b\n"
++ STR(PTR) " 0b,8b\n"
+ " .previous\n"
+ " .set pop\n"
+ : "+&r"(rt), "=&r"(rs),
+@@ -1820,14 +1821,14 @@ fpu_emul:
+ " j 9b\n"
+ " .previous\n"
+ " .section __ex_table,\"a\"\n"
+- " .word 1b,8b\n"
+- " .word 2b,8b\n"
+- " .word 3b,8b\n"
+- " .word 4b,8b\n"
+- " .word 5b,8b\n"
+- " .word 6b,8b\n"
+- " .word 7b,8b\n"
+- " .word 0b,8b\n"
++ STR(PTR) " 1b,8b\n"
++ STR(PTR) " 2b,8b\n"
++ STR(PTR) " 3b,8b\n"
++ STR(PTR) " 4b,8b\n"
++ STR(PTR) " 5b,8b\n"
++ STR(PTR) " 6b,8b\n"
++ STR(PTR) " 7b,8b\n"
++ STR(PTR) " 0b,8b\n"
+ " .previous\n"
+ " .set pop\n"
+ : "+&r"(rt), "=&r"(rs),
+@@ -1938,14 +1939,14 @@ fpu_emul:
+ " j 9b\n"
+ " .previous\n"
+ " .section __ex_table,\"a\"\n"
+- " .word 1b,8b\n"
+- " .word 2b,8b\n"
+- " .word 3b,8b\n"
+- " .word 4b,8b\n"
+- " .word 5b,8b\n"
+- " .word 6b,8b\n"
+- " .word 7b,8b\n"
+- " .word 0b,8b\n"
++ STR(PTR) " 1b,8b\n"
++ STR(PTR) " 2b,8b\n"
++ STR(PTR) " 3b,8b\n"
++ STR(PTR) " 4b,8b\n"
++ STR(PTR) " 5b,8b\n"
++ STR(PTR) " 6b,8b\n"
++ STR(PTR) " 7b,8b\n"
++ STR(PTR) " 0b,8b\n"
+ " .previous\n"
+ " .set pop\n"
+ : "+&r"(rt), "=&r"(rs),
+@@ -2000,7 +2001,7 @@ fpu_emul:
+ "j 2b\n"
+ ".previous\n"
+ ".section __ex_table,\"a\"\n"
+- ".word 1b, 3b\n"
++ STR(PTR) " 1b,3b\n"
+ ".previous\n"
+ : "=&r"(res), "+&r"(err)
+ : "r"(vaddr), "i"(SIGSEGV)
+@@ -2058,7 +2059,7 @@ fpu_emul:
+ "j 2b\n"
+ ".previous\n"
+ ".section __ex_table,\"a\"\n"
+- ".word 1b, 3b\n"
++ STR(PTR) " 1b,3b\n"
+ ".previous\n"
+ : "+&r"(res), "+&r"(err)
+ : "r"(vaddr), "i"(SIGSEGV));
+@@ -2119,7 +2120,7 @@ fpu_emul:
+ "j 2b\n"
+ ".previous\n"
+ ".section __ex_table,\"a\"\n"
+- ".word 1b, 3b\n"
++ STR(PTR) " 1b,3b\n"
+ ".previous\n"
+ : "=&r"(res), "+&r"(err)
+ : "r"(vaddr), "i"(SIGSEGV)
+@@ -2182,7 +2183,7 @@ fpu_emul:
+ "j 2b\n"
+ ".previous\n"
+ ".section __ex_table,\"a\"\n"
+- ".word 1b, 3b\n"
++ STR(PTR) " 1b,3b\n"
+ ".previous\n"
+ : "+&r"(res), "+&r"(err)
+ : "r"(vaddr), "i"(SIGSEGV));
projects / thirdparty / kernel / stable-queue.git / commitdiff
