--- /dev/null
+From f9005571701920551bcf54a500973fb61f2e1eda Mon Sep 17 00:00:00 2001
+From: Stefano Stabellini <stefanos@xilinx.com>
+Date: Wed, 31 Oct 2018 16:11:49 -0700
+Subject: CONFIG_XEN_PV breaks xen_create_contiguous_region on ARM
+
+From: Stefano Stabellini <stefanos@xilinx.com>
+
+commit f9005571701920551bcf54a500973fb61f2e1eda upstream.
+
+xen_create_contiguous_region has now only an implementation if
+CONFIG_XEN_PV is defined. However, on ARM we never set CONFIG_XEN_PV but
+we do have an implementation of xen_create_contiguous_region which is
+required for swiotlb-xen to work correctly (although it just sets
+*dma_handle).
+
+[backport: remove change to xen_remap_pfn]
+
+Cc: <stable@vger.kernel.org> # 4.12
+Fixes: 16624390816c ("xen: create xen_create/destroy_contiguous_region() stubs for PVHVM only builds")
+Signed-off-by: Stefano Stabellini <stefanos@xilinx.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+CC: Jeff.Kubascik@dornerworks.com
+CC: Jarvis.Roach@dornerworks.com
+CC: Nathan.Studer@dornerworks.com
+CC: vkuznets@redhat.com
+CC: boris.ostrovsky@oracle.com
+CC: jgross@suse.com
+CC: julien.grall@arm.com
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/xen/xen-ops.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/xen/xen-ops.h
++++ b/include/xen/xen-ops.h
+@@ -40,7 +40,7 @@ int xen_setup_shutdown_event(void);
+
+ extern unsigned long *xen_contiguous_bitmap;
+
+-#ifdef CONFIG_XEN_PV
++#if defined(CONFIG_XEN_PV) || defined(CONFIG_ARM) || defined(CONFIG_ARM64)
+ int xen_create_contiguous_region(phys_addr_t pstart, unsigned int order,
+ unsigned int address_bits,
+ dma_addr_t *dma_handle);
--- /dev/null
+From 142c168e0e50164e67c9399c28dedd65a307cfe5 Mon Sep 17 00:00:00 2001
+From: Doug Berger <opendmb@gmail.com>
+Date: Tue, 24 Oct 2017 12:54:47 -0700
+Subject: gpio: brcmstb: release the bgpio lock during irq handlers
+
+From: Doug Berger <opendmb@gmail.com>
+
+commit 142c168e0e50164e67c9399c28dedd65a307cfe5 upstream.
+
+The basic memory-mapped GPIO controller lock must be released
+before calling the registered GPIO interrupt handlers to allow
+the interrupt handlers to access the hardware.
+
+Examples of why a GPIO interrupt handler might want to access
+the GPIO hardware include an interrupt that is configured to
+trigger on rising and falling edges that needs to read the
+current level of the input to know how to respond, or an
+interrupt that causes a change in a GPIO output in the same
+bank. If the lock is not released before enterring the handler
+the hardware accesses will deadlock when they attempt to grab
+the lock.
+
+Since the lock is only needed to protect the calculation of
+unmasked pending interrupts create a dedicated function to
+perform this and hide the complexity.
+
+Fixes: 19a7b6940b78 ("gpio: brcmstb: Add interrupt and wakeup source support")
+Signed-off-by: Doug Berger <opendmb@gmail.com>
+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
+Acked-by: Gregory Fong <gregory.0xf0@gmail.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpio/gpio-brcmstb.c | 21 ++++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+--- a/drivers/gpio/gpio-brcmstb.c
++++ b/drivers/gpio/gpio-brcmstb.c
+@@ -63,6 +63,21 @@ brcmstb_gpio_gc_to_priv(struct gpio_chip
+ return bank->parent_priv;
+ }
+
++static unsigned long
++brcmstb_gpio_get_active_irqs(struct brcmstb_gpio_bank *bank)
++{
++ void __iomem *reg_base = bank->parent_priv->reg_base;
++ unsigned long status;
++ unsigned long flags;
++
++ spin_lock_irqsave(&bank->gc.bgpio_lock, flags);
++ status = bank->gc.read_reg(reg_base + GIO_STAT(bank->id)) &
++ bank->gc.read_reg(reg_base + GIO_MASK(bank->id));
++ spin_unlock_irqrestore(&bank->gc.bgpio_lock, flags);
++
++ return status;
++}
++
+ static void brcmstb_gpio_set_imask(struct brcmstb_gpio_bank *bank,
+ unsigned int offset, bool enable)
+ {
+@@ -205,11 +220,8 @@ static void brcmstb_gpio_irq_bank_handle
+ struct irq_domain *irq_domain = bank->gc.irqdomain;
+ void __iomem *reg_base = priv->reg_base;
+ unsigned long status;
+- unsigned long flags;
+
+- spin_lock_irqsave(&bank->gc.bgpio_lock, flags);
+- while ((status = bank->gc.read_reg(reg_base + GIO_STAT(bank->id)) &
+- bank->gc.read_reg(reg_base + GIO_MASK(bank->id)))) {
++ while ((status = brcmstb_gpio_get_active_irqs(bank))) {
+ int bit;
+
+ for_each_set_bit(bit, &status, 32) {
+@@ -224,7 +236,6 @@ static void brcmstb_gpio_irq_bank_handle
+ generic_handle_irq(irq_find_mapping(irq_domain, bit));
+ }
+ }
+- spin_unlock_irqrestore(&bank->gc.bgpio_lock, flags);
+ }
+
+ /* Each UPG GIO block has one IRQ for all banks */
--- /dev/null
+From 11d9ea6f2ca69237d35d6c55755beba3e006b106 Mon Sep 17 00:00:00 2001
+From: Ming Lei <ming.lei@redhat.com>
+Date: Thu, 12 Apr 2018 09:16:04 -0600
+Subject: nvme-loop: fix kernel oops in case of unhandled command
+
+From: Ming Lei <ming.lei@redhat.com>
+
+commit 11d9ea6f2ca69237d35d6c55755beba3e006b106 upstream.
+
+When nvmet_req_init() fails, __nvmet_req_complete() is called
+to handle the target request via .queue_response(), so
+nvme_loop_queue_response() shouldn't be called again for
+handling the failure.
+
+This patch fixes this case by the following way:
+
+- move blk_mq_start_request() before nvmet_req_init(), so
+nvme_loop_queue_response() may work well to complete this
+host request
+
+- don't call nvme_cleanup_cmd() which is done in nvme_loop_complete_rq()
+
+- don't call nvme_loop_queue_response() which is done via
+.queue_response()
+
+Signed-off-by: Ming Lei <ming.lei@redhat.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+[trimmed changelog]
+Signed-off-by: Keith Busch <keith.busch@intel.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/nvme/target/loop.c | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+--- a/drivers/nvme/target/loop.c
++++ b/drivers/nvme/target/loop.c
+@@ -183,15 +183,12 @@ static blk_status_t nvme_loop_queue_rq(s
+ if (ret)
+ return ret;
+
++ blk_mq_start_request(req);
+ iod->cmd.common.flags |= NVME_CMD_SGL_METABUF;
+ iod->req.port = nvmet_loop_port;
+ if (!nvmet_req_init(&iod->req, &queue->nvme_cq,
+- &queue->nvme_sq, &nvme_loop_ops)) {
+- nvme_cleanup_cmd(req);
+- blk_mq_start_request(req);
+- nvme_loop_queue_response(&iod->req);
++ &queue->nvme_sq, &nvme_loop_ops))
+ return BLK_STS_OK;
+- }
+
+ if (blk_rq_bytes(req)) {
+ iod->sg_table.sgl = iod->first_sgl;
+@@ -204,8 +201,6 @@ static blk_status_t nvme_loop_queue_rq(s
+ iod->req.sg_cnt = blk_rq_map_sg(req->q, req, iod->sg_table.sgl);
+ }
+
+- blk_mq_start_request(req);
+-
+ schedule_work(&iod->work);
+ return BLK_STS_OK;
+ }
--- /dev/null
+From 5e1275808630ea3b2c97c776f40e475017535f72 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Wed, 31 Oct 2018 12:15:23 +0100
+Subject: ovl: check whiteout in ovl_create_over_whiteout()
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit 5e1275808630ea3b2c97c776f40e475017535f72 upstream.
+
+Kaixuxia repors that it's possible to crash overlayfs by removing the
+whiteout on the upper layer before creating a directory over it. This is a
+reproducer:
+
+ mkdir lower upper work merge
+ touch lower/file
+ mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merge
+ rm merge/file
+ ls -al merge/file
+ rm upper/file
+ ls -al merge/
+ mkdir merge/file
+
+Before commencing with a vfs_rename(..., RENAME_EXCHANGE) verify that the
+lookup of "upper" is positive and is a whiteout, and return ESTALE
+otherwise.
+
+Reported by: kaixuxia <xiakaixu1987@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Fixes: e9be9d5e76e3 ("overlay filesystem")
+Cc: <stable@vger.kernel.org> # v3.18
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/dir.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/overlayfs/dir.c
++++ b/fs/overlayfs/dir.c
+@@ -392,6 +392,10 @@ static int ovl_create_over_whiteout(stru
+ if (IS_ERR(upper))
+ goto out_dput;
+
++ err = -ESTALE;
++ if (d_is_negative(upper) || !IS_WHITEOUT(d_inode(upper)))
++ goto out_dput2;
++
+ err = ovl_create_real(wdir, newdentry, cattr, hardlink, true);
+ if (err)
+ goto out_dput2;
--- /dev/null
+From fd5f7cde1b85d4c8e09ca46ce948e008a2377f64 Mon Sep 17 00:00:00 2001
+From: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
+Date: Tue, 16 Jan 2018 13:47:16 +0900
+Subject: printk: Never set console_may_schedule in console_trylock()
+
+From: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
+
+commit fd5f7cde1b85d4c8e09ca46ce948e008a2377f64 upstream.
+
+This patch, basically, reverts commit 6b97a20d3a79 ("printk:
+set may_schedule for some of console_trylock() callers").
+That commit was a mistake, it introduced a big dependency
+on the scheduler, by enabling preemption under console_sem
+in printk()->console_unlock() path, which is rather too
+critical. The patch did not significantly reduce the
+possibilities of printk() lockups, but made it possible to
+stall printk(), as has been reported by Tetsuo Handa [1].
+
+Another issues is that preemption under console_sem also
+messes up with Steven Rostedt's hand off scheme, by making
+it possible to sleep with console_sem both in console_unlock()
+and in vprintk_emit(), after acquiring the console_sem
+ownership (anywhere between printk_safe_exit_irqrestore() in
+console_trylock_spinning() and printk_safe_enter_irqsave()
+in console_unlock()). This makes hand off less likely and,
+at the same time, may result in a significant amount of
+pending logbuf messages. Preempted console_sem owner makes
+it impossible for other CPUs to emit logbuf messages, but
+does not make it impossible for other CPUs to append new
+messages to the logbuf.
+
+Reinstate the old behavior and make printk() non-preemptible.
+Should any printk() lockup reports arrive they must be handled
+in a different way.
+
+[1] http://lkml.kernel.org/r/201603022101.CAH73907.OVOOMFHFFtQJSL%20()%20I-love%20!%20SAKURA%20!%20ne%20!%20jp
+Fixes: 6b97a20d3a79 ("printk: set may_schedule for some of console_trylock() callers")
+Link: http://lkml.kernel.org/r/20180116044716.GE6607@jagdpanzerIV
+To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
+Cc: Tejun Heo <tj@kernel.org>
+Cc: akpm@linux-foundation.org
+Cc: linux-mm@kvack.org
+Cc: Cong Wang <xiyou.wangcong@gmail.com>
+Cc: Dave Hansen <dave.hansen@intel.com>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Cc: Mel Gorman <mgorman@suse.de>
+Cc: Michal Hocko <mhocko@kernel.org>
+Cc: Vlastimil Babka <vbabka@suse.cz>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Jan Kara <jack@suse.cz>
+Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: Byungchul Park <byungchul.park@lge.com>
+Cc: Pavel Machek <pavel@ucw.cz>
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
+Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/printk/printk.c | 22 ++++++++--------------
+ 1 file changed, 8 insertions(+), 14 deletions(-)
+
+--- a/kernel/printk/printk.c
++++ b/kernel/printk/printk.c
+@@ -1763,12 +1763,19 @@ asmlinkage int vprintk_emit(int facility
+ /* If called from the scheduler, we can not call up(). */
+ if (!in_sched) {
+ /*
++ * Disable preemption to avoid being preempted while holding
++ * console_sem which would prevent anyone from printing to
++ * console
++ */
++ preempt_disable();
++ /*
+ * Try to acquire and then immediately release the console
+ * semaphore. The release will print out buffers and wake up
+ * /dev/kmsg and syslog() users.
+ */
+ if (console_trylock())
+ console_unlock();
++ preempt_enable();
+ }
+
+ return printed_len;
+@@ -2083,20 +2090,7 @@ int console_trylock(void)
+ return 0;
+ }
+ console_locked = 1;
+- /*
+- * When PREEMPT_COUNT disabled we can't reliably detect if it's
+- * safe to schedule (e.g. calling printk while holding a spin_lock),
+- * because preempt_disable()/preempt_enable() are just barriers there
+- * and preempt_count() is always 0.
+- *
+- * RCU read sections have a separate preemption counter when
+- * PREEMPT_RCU enabled thus we must take extra care and check
+- * rcu_preempt_depth(), otherwise RCU read sections modify
+- * preempt_count().
+- */
+- console_may_schedule = !oops_in_progress &&
+- preemptible() &&
+- !rcu_preempt_depth();
++ console_may_schedule = 0;
+ return 1;
+ }
+ EXPORT_SYMBOL(console_trylock);
drm-i915-don-t-oops-during-modeset-shutdown-after-lpe-audio-deinit.patch
drm-i915-mark-pin-flags-as-u64.patch
drm-i915-execlists-force-write-serialisation-into-context-image-vs-execution.patch
+config_xen_pv-breaks-xen_create_contiguous_region-on-arm.patch
+ovl-check-whiteout-in-ovl_create_over_whiteout.patch
+printk-never-set-console_may_schedule-in-console_trylock.patch
+nvme-loop-fix-kernel-oops-in-case-of-unhandled-command.patch
+gpio-brcmstb-release-the-bgpio-lock-during-irq-handlers.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
