--- /dev/null
+From 9f4aa52387c68049403b59939df5c0dd8e3872cc Mon Sep 17 00:00:00 2001
+From: Stefan Haberland <sth@linux.ibm.com>
+Date: Tue, 14 Jul 2020 22:03:26 +0200
+Subject: s390/dasd: fix inability to use DASD with DIAG driver
+
+From: Stefan Haberland <sth@linux.ibm.com>
+
+commit 9f4aa52387c68049403b59939df5c0dd8e3872cc upstream.
+
+During initialization of the DASD DIAG driver a request is issued
+that has a bio structure that resides on the stack. With virtually
+mapped kernel stacks this bio address might be in virtual storage
+which is unsuitable for usage with the diag250 call.
+In this case the device can not be set online using the DIAG
+discipline and fails with -EOPNOTSUP.
+In the system journal the following error message is presented:
+
+dasd: X.X.XXXX Setting the DASD online with discipline DIAG failed
+with rc=-95
+
+Fix by allocating the bio structure instead of having it on the stack.
+
+Fixes: ce3dc447493f ("s390: add support for virtually mapped kernel stacks")
+Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
+Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
+Cc: stable@vger.kernel.org #4.20
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/s390/block/dasd_diag.c | 25 +++++++++++++++++--------
+ 1 file changed, 17 insertions(+), 8 deletions(-)
+
+--- a/drivers/s390/block/dasd_diag.c
++++ b/drivers/s390/block/dasd_diag.c
+@@ -319,7 +319,7 @@ dasd_diag_check_device(struct dasd_devic
+ struct dasd_diag_characteristics *rdc_data;
+ struct vtoc_cms_label *label;
+ struct dasd_block *block;
+- struct dasd_diag_bio bio;
++ struct dasd_diag_bio *bio;
+ unsigned int sb, bsize;
+ blocknum_t end_block;
+ int rc;
+@@ -395,29 +395,36 @@ dasd_diag_check_device(struct dasd_devic
+ rc = -ENOMEM;
+ goto out;
+ }
++ bio = kzalloc(sizeof(*bio), GFP_KERNEL);
++ if (bio == NULL) {
++ DBF_DEV_EVENT(DBF_WARNING, device, "%s",
++ "No memory to allocate initialization bio");
++ rc = -ENOMEM;
++ goto out_label;
++ }
+ rc = 0;
+ end_block = 0;
+ /* try all sizes - needed for ECKD devices */
+ for (bsize = 512; bsize <= PAGE_SIZE; bsize <<= 1) {
+ mdsk_init_io(device, bsize, 0, &end_block);
+- memset(&bio, 0, sizeof (struct dasd_diag_bio));
+- bio.type = MDSK_READ_REQ;
+- bio.block_number = private->pt_block + 1;
+- bio.buffer = label;
++ memset(bio, 0, sizeof(*bio));
++ bio->type = MDSK_READ_REQ;
++ bio->block_number = private->pt_block + 1;
++ bio->buffer = label;
+ memset(&private->iob, 0, sizeof (struct dasd_diag_rw_io));
+ private->iob.dev_nr = rdc_data->dev_nr;
+ private->iob.key = 0;
+ private->iob.flags = 0; /* do synchronous io */
+ private->iob.block_count = 1;
+ private->iob.interrupt_params = 0;
+- private->iob.bio_list = &bio;
++ private->iob.bio_list = bio;
+ private->iob.flaga = DASD_DIAG_FLAGA_DEFAULT;
+ rc = dia250(&private->iob, RW_BIO);
+ if (rc == 3) {
+ pr_warn("%s: A 64-bit DIAG call failed\n",
+ dev_name(&device->cdev->dev));
+ rc = -EOPNOTSUPP;
+- goto out_label;
++ goto out_bio;
+ }
+ mdsk_term_io(device);
+ if (rc == 0)
+@@ -427,7 +434,7 @@ dasd_diag_check_device(struct dasd_devic
+ pr_warn("%s: Accessing the DASD failed because of an incorrect format (rc=%d)\n",
+ dev_name(&device->cdev->dev), rc);
+ rc = -EIO;
+- goto out_label;
++ goto out_bio;
+ }
+ /* check for label block */
+ if (memcmp(label->label_id, DASD_DIAG_CMS1,
+@@ -457,6 +464,8 @@ dasd_diag_check_device(struct dasd_devic
+ (rc == 4) ? ", read-only device" : "");
+ rc = 0;
+ }
++out_bio:
++ kfree(bio);
+ out_label:
+ free_page((long) label);
+ out:
--- /dev/null
+From ba925fa35057a062ac98c3e8138b013ce4ce351c Mon Sep 17 00:00:00 2001
+From: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
+Date: Wed, 29 Jul 2020 22:22:34 +0200
+Subject: s390/gmap: improve THP splitting
+
+From: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
+
+commit ba925fa35057a062ac98c3e8138b013ce4ce351c upstream.
+
+During s390_enable_sie(), we need to take care of splitting all qemu user
+process THP mappings. This is currently done with follow_page(FOLL_SPLIT),
+by simply iterating over all vma ranges, with PAGE_SIZE increment.
+
+This logic is sub-optimal and can result in a lot of unnecessary overhead,
+especially when using qemu and ASAN with large shadow map. Ilya reported
+significant system slow-down with one CPU busy for a long time and overall
+unresponsiveness.
+
+Fix this by using walk_page_vma() and directly calling split_huge_pmd()
+only for present pmds, which greatly reduces overhead.
+
+Cc: <stable@vger.kernel.org> # v5.4+
+Reported-by: Ilya Leoshkevich <iii@linux.ibm.com>
+Tested-by: Ilya Leoshkevich <iii@linux.ibm.com>
+Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/mm/gmap.c | 27 ++++++++++++++++++++-------
+ 1 file changed, 20 insertions(+), 7 deletions(-)
+
+--- a/arch/s390/mm/gmap.c
++++ b/arch/s390/mm/gmap.c
+@@ -2485,23 +2485,36 @@ void gmap_sync_dirty_log_pmd(struct gmap
+ }
+ EXPORT_SYMBOL_GPL(gmap_sync_dirty_log_pmd);
+
++#ifdef CONFIG_TRANSPARENT_HUGEPAGE
++static int thp_split_walk_pmd_entry(pmd_t *pmd, unsigned long addr,
++ unsigned long end, struct mm_walk *walk)
++{
++ struct vm_area_struct *vma = walk->vma;
++
++ split_huge_pmd(vma, pmd, addr);
++ return 0;
++}
++
++static const struct mm_walk_ops thp_split_walk_ops = {
++ .pmd_entry = thp_split_walk_pmd_entry,
++};
++
+ static inline void thp_split_mm(struct mm_struct *mm)
+ {
+-#ifdef CONFIG_TRANSPARENT_HUGEPAGE
+ struct vm_area_struct *vma;
+- unsigned long addr;
+
+ for (vma = mm->mmap; vma != NULL; vma = vma->vm_next) {
+- for (addr = vma->vm_start;
+- addr < vma->vm_end;
+- addr += PAGE_SIZE)
+- follow_page(vma, addr, FOLL_SPLIT);
+ vma->vm_flags &= ~VM_HUGEPAGE;
+ vma->vm_flags |= VM_NOHUGEPAGE;
++ walk_page_vma(vma, &thp_split_walk_ops, NULL);
+ }
+ mm->def_flags |= VM_NOHUGEPAGE;
+-#endif
+ }
++#else
++static inline void thp_split_mm(struct mm_struct *mm)
++{
++}
++#endif /* CONFIG_TRANSPARENT_HUGEPAGE */
+
+ /*
+ * Remove all empty zero pages from the mapping for lazy refaulting
fs-minix-check-return-value-of-sb_getblk.patch
fs-minix-don-t-allow-getting-deleted-inodes.patch
fs-minix-reject-too-large-maximum-file-size.patch
+xen-balloon-fix-accounting-in-alloc_xenballooned_pages-error-path.patch
+xen-balloon-make-the-balloon-wait-interruptible.patch
+xen-gntdev-fix-dmabuf-import-with-non-zero-sgt-offset.patch
+s390-dasd-fix-inability-to-use-dasd-with-diag-driver.patch
+s390-gmap-improve-thp-splitting.patch
--- /dev/null
+From 1951fa33ec259abdf3497bfee7b63e7ddbb1a394 Mon Sep 17 00:00:00 2001
+From: Roger Pau Monne <roger.pau@citrix.com>
+Date: Mon, 27 Jul 2020 11:13:39 +0200
+Subject: xen/balloon: fix accounting in alloc_xenballooned_pages error path
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Roger Pau Monne <roger.pau@citrix.com>
+
+commit 1951fa33ec259abdf3497bfee7b63e7ddbb1a394 upstream.
+
+target_unpopulated is incremented with nr_pages at the start of the
+function, but the call to free_xenballooned_pages will only subtract
+pgno number of pages, and thus the rest need to be subtracted before
+returning or else accounting will be skewed.
+
+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20200727091342.52325-2-roger.pau@citrix.com
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/xen/balloon.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/xen/balloon.c
++++ b/drivers/xen/balloon.c
+@@ -632,6 +632,12 @@ int alloc_xenballooned_pages(int nr_page
+ out_undo:
+ mutex_unlock(&balloon_mutex);
+ free_xenballooned_pages(pgno, pages);
++ /*
++ * NB: free_xenballooned_pages will only subtract pgno pages, but since
++ * target_unpopulated is incremented with nr_pages at the start we need
++ * to remove the remaining ones also, or accounting will be screwed.
++ */
++ balloon_stats.target_unpopulated -= nr_pages - pgno;
+ return ret;
+ }
+ EXPORT_SYMBOL(alloc_xenballooned_pages);
--- /dev/null
+From 88a479ff6ef8af7f07e11593d58befc644244ff7 Mon Sep 17 00:00:00 2001
+From: Roger Pau Monne <roger.pau@citrix.com>
+Date: Mon, 27 Jul 2020 11:13:40 +0200
+Subject: xen/balloon: make the balloon wait interruptible
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Roger Pau Monne <roger.pau@citrix.com>
+
+commit 88a479ff6ef8af7f07e11593d58befc644244ff7 upstream.
+
+So it can be killed, or else processes can get hung indefinitely
+waiting for balloon pages.
+
+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20200727091342.52325-3-roger.pau@citrix.com
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/xen/balloon.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/xen/balloon.c
++++ b/drivers/xen/balloon.c
+@@ -570,11 +570,13 @@ static int add_ballooned_pages(int nr_pa
+ if (xen_hotplug_unpopulated) {
+ st = reserve_additional_memory();
+ if (st != BP_ECANCELED) {
++ int rc;
++
+ mutex_unlock(&balloon_mutex);
+- wait_event(balloon_wq,
++ rc = wait_event_interruptible(balloon_wq,
+ !list_empty(&ballooned_pages));
+ mutex_lock(&balloon_mutex);
+- return 0;
++ return rc ? -ENOMEM : 0;
+ }
+ }
+
--- /dev/null
+From 5fa4e6f1c2d8c9a4e47e1931b42893172d388f2b Mon Sep 17 00:00:00 2001
+From: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
+Date: Thu, 13 Aug 2020 09:21:09 +0300
+Subject: xen/gntdev: Fix dmabuf import with non-zero sgt offset
+
+From: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
+
+commit 5fa4e6f1c2d8c9a4e47e1931b42893172d388f2b upstream.
+
+It is possible that the scatter-gather table during dmabuf import has
+non-zero offset of the data, but user-space doesn't expect that.
+Fix this by failing the import, so user-space doesn't access wrong data.
+
+Fixes: bf8dc55b1358 ("xen/gntdev: Implement dma-buf import functionality")
+
+Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
+Acked-by: Juergen Gross <jgross@suse.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200813062113.11030-2-andr2000@gmail.com
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/xen/gntdev-dmabuf.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/xen/gntdev-dmabuf.c
++++ b/drivers/xen/gntdev-dmabuf.c
+@@ -641,6 +641,14 @@ dmabuf_imp_to_refs(struct gntdev_dmabuf_
+ goto fail_detach;
+ }
+
++ /* Check that we have zero offset. */
++ if (sgt->sgl->offset) {
++ ret = ERR_PTR(-EINVAL);
++ pr_debug("DMA buffer has %d bytes offset, user-space expects 0\n",
++ sgt->sgl->offset);
++ goto fail_unmap;
++ }
++
+ /* Check number of pages that imported buffer has. */
+ if (attach->dmabuf->size != gntdev_dmabuf->nr_pages << PAGE_SHIFT) {
+ ret = ERR_PTR(-EINVAL);
projects / thirdparty / kernel / stable-queue.git / commitdiff
