--- /dev/null
+From 452bae0aede774f87bf56c28b6dd50b72c78986c Mon Sep 17 00:00:00 2001
+From: Dan Williams <dan.j.williams@intel.com>
+Date: Fri, 28 Apr 2017 22:05:14 -0700
+Subject: libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering
+
+From: Dan Williams <dan.j.williams@intel.com>
+
+commit 452bae0aede774f87bf56c28b6dd50b72c78986c upstream.
+
+A debug patch to turn the standard device_lock() into something that
+lockdep can analyze yielded the following:
+
+ ======================================================
+ [ INFO: possible circular locking dependency detected ]
+ 4.11.0-rc4+ #106 Tainted: G O
+ -------------------------------------------------------
+ lt-libndctl/1898 is trying to acquire lock:
+ (&dev->nvdimm_mutex/3){+.+.+.}, at: [<ffffffffc023c948>] nd_attach_ndns+0x178/0x1b0 [libnvdimm]
+
+ but task is already holding lock:
+ (&nvdimm_bus->reconfig_mutex){+.+.+.}, at: [<ffffffffc022e0b1>] nvdimm_bus_lock+0x21/0x30 [libnvdimm]
+
+ which lock already depends on the new lock.
+
+ the existing dependency chain (in reverse order) is:
+
+ -> #1 (&nvdimm_bus->reconfig_mutex){+.+.+.}:
+ lock_acquire+0xf6/0x1f0
+ __mutex_lock+0x88/0x980
+ mutex_lock_nested+0x1b/0x20
+ nvdimm_bus_lock+0x21/0x30 [libnvdimm]
+ nvdimm_namespace_capacity+0x1b/0x40 [libnvdimm]
+ nvdimm_namespace_common_probe+0x230/0x510 [libnvdimm]
+ nd_pmem_probe+0x14/0x180 [nd_pmem]
+ nvdimm_bus_probe+0xa9/0x260 [libnvdimm]
+
+ -> #0 (&dev->nvdimm_mutex/3){+.+.+.}:
+ __lock_acquire+0x1107/0x1280
+ lock_acquire+0xf6/0x1f0
+ __mutex_lock+0x88/0x980
+ mutex_lock_nested+0x1b/0x20
+ nd_attach_ndns+0x178/0x1b0 [libnvdimm]
+ nd_namespace_store+0x308/0x3c0 [libnvdimm]
+ namespace_store+0x87/0x220 [libnvdimm]
+
+In this case '&dev->nvdimm_mutex/3' mirrors '&dev->mutex'.
+
+Fix this by replacing the use of device_lock() with nvdimm_bus_lock() to protect
+nd_{attach,detach}_ndns() operations.
+
+Fixes: 8c2f7e8658df ("libnvdimm: infrastructure for btt devices")
+Reported-by: Yi Zhang <yizhan@redhat.com>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/nvdimm/btt_devs.c | 2 +-
+ drivers/nvdimm/claim.c | 23 +++++++++++++++--------
+ drivers/nvdimm/dax_devs.c | 2 +-
+ drivers/nvdimm/pfn_devs.c | 2 +-
+ 4 files changed, 18 insertions(+), 11 deletions(-)
+
+--- a/drivers/nvdimm/btt_devs.c
++++ b/drivers/nvdimm/btt_devs.c
+@@ -314,7 +314,7 @@ int nd_btt_probe(struct device *dev, str
+ if (rc < 0) {
+ struct nd_btt *nd_btt = to_nd_btt(btt_dev);
+
+- __nd_detach_ndns(btt_dev, &nd_btt->ndns);
++ nd_detach_ndns(btt_dev, &nd_btt->ndns);
+ put_device(btt_dev);
+ }
+
+--- a/drivers/nvdimm/claim.c
++++ b/drivers/nvdimm/claim.c
+@@ -21,8 +21,13 @@
+ void __nd_detach_ndns(struct device *dev, struct nd_namespace_common **_ndns)
+ {
+ struct nd_namespace_common *ndns = *_ndns;
++ struct nvdimm_bus *nvdimm_bus;
+
+- lockdep_assert_held(&ndns->dev.mutex);
++ if (!ndns)
++ return;
++
++ nvdimm_bus = walk_to_nvdimm_bus(&ndns->dev);
++ lockdep_assert_held(&nvdimm_bus->reconfig_mutex);
+ dev_WARN_ONCE(dev, ndns->claim != dev, "%s: invalid claim\n", __func__);
+ ndns->claim = NULL;
+ *_ndns = NULL;
+@@ -37,18 +42,20 @@ void nd_detach_ndns(struct device *dev,
+ if (!ndns)
+ return;
+ get_device(&ndns->dev);
+- device_lock(&ndns->dev);
++ nvdimm_bus_lock(&ndns->dev);
+ __nd_detach_ndns(dev, _ndns);
+- device_unlock(&ndns->dev);
++ nvdimm_bus_unlock(&ndns->dev);
+ put_device(&ndns->dev);
+ }
+
+ bool __nd_attach_ndns(struct device *dev, struct nd_namespace_common *attach,
+ struct nd_namespace_common **_ndns)
+ {
++ struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(&attach->dev);
++
+ if (attach->claim)
+ return false;
+- lockdep_assert_held(&attach->dev.mutex);
++ lockdep_assert_held(&nvdimm_bus->reconfig_mutex);
+ dev_WARN_ONCE(dev, *_ndns, "%s: invalid claim\n", __func__);
+ attach->claim = dev;
+ *_ndns = attach;
+@@ -61,9 +68,9 @@ bool nd_attach_ndns(struct device *dev,
+ {
+ bool claimed;
+
+- device_lock(&attach->dev);
++ nvdimm_bus_lock(&attach->dev);
+ claimed = __nd_attach_ndns(dev, attach, _ndns);
+- device_unlock(&attach->dev);
++ nvdimm_bus_unlock(&attach->dev);
+ return claimed;
+ }
+
+@@ -114,7 +121,7 @@ static void nd_detach_and_reset(struct d
+ struct nd_namespace_common **_ndns)
+ {
+ /* detach the namespace and destroy / reset the device */
+- nd_detach_ndns(dev, _ndns);
++ __nd_detach_ndns(dev, _ndns);
+ if (is_idle(dev, *_ndns)) {
+ nd_device_unregister(dev, ND_ASYNC);
+ } else if (is_nd_btt(dev)) {
+@@ -184,7 +191,7 @@ ssize_t nd_namespace_store(struct device
+ }
+
+ WARN_ON_ONCE(!is_nvdimm_bus_locked(dev));
+- if (!nd_attach_ndns(dev, ndns, _ndns)) {
++ if (!__nd_attach_ndns(dev, ndns, _ndns)) {
+ dev_dbg(dev, "%s already claimed\n",
+ dev_name(&ndns->dev));
+ len = -EBUSY;
+--- a/drivers/nvdimm/dax_devs.c
++++ b/drivers/nvdimm/dax_devs.c
+@@ -124,7 +124,7 @@ int nd_dax_probe(struct device *dev, str
+ dev_dbg(dev, "%s: dax: %s\n", __func__,
+ rc == 0 ? dev_name(dax_dev) : "<none>");
+ if (rc < 0) {
+- __nd_detach_ndns(dax_dev, &nd_pfn->ndns);
++ nd_detach_ndns(dax_dev, &nd_pfn->ndns);
+ put_device(dax_dev);
+ } else
+ __nd_device_register(dax_dev);
+--- a/drivers/nvdimm/pfn_devs.c
++++ b/drivers/nvdimm/pfn_devs.c
+@@ -484,7 +484,7 @@ int nd_pfn_probe(struct device *dev, str
+ dev_dbg(dev, "%s: pfn: %s\n", __func__,
+ rc == 0 ? dev_name(pfn_dev) : "<none>");
+ if (rc < 0) {
+- __nd_detach_ndns(pfn_dev, &nd_pfn->ndns);
++ nd_detach_ndns(pfn_dev, &nd_pfn->ndns);
+ put_device(pfn_dev);
+ } else
+ __nd_device_register(pfn_dev);
--- /dev/null
+From d5483feda85a8f39ee2e940e279547c686aac30c Mon Sep 17 00:00:00 2001
+From: Dan Williams <dan.j.williams@intel.com>
+Date: Thu, 4 May 2017 19:54:42 -0700
+Subject: libnvdimm, pfn: fix 'npfns' vs section alignment
+
+From: Dan Williams <dan.j.williams@intel.com>
+
+commit d5483feda85a8f39ee2e940e279547c686aac30c upstream.
+
+Fix failures to create namespaces due to the vmem_altmap not advertising
+enough free space to store the memmap.
+
+ WARNING: CPU: 15 PID: 8022 at arch/x86/mm/init_64.c:656 arch_add_memory+0xde/0xf0
+ [..]
+ Call Trace:
+ dump_stack+0x63/0x83
+ __warn+0xcb/0xf0
+ warn_slowpath_null+0x1d/0x20
+ arch_add_memory+0xde/0xf0
+ devm_memremap_pages+0x244/0x440
+ pmem_attach_disk+0x37e/0x490 [nd_pmem]
+ nd_pmem_probe+0x7e/0xa0 [nd_pmem]
+ nvdimm_bus_probe+0x71/0x120 [libnvdimm]
+ driver_probe_device+0x2bb/0x460
+ bind_store+0x114/0x160
+ drv_attr_store+0x25/0x30
+
+In commit 658922e57b84 "libnvdimm, pfn: fix memmap reservation sizing"
+we arranged for the capacity to be allocated, but failed to also update
+the 'npfns' parameter. This leads to cases where there is enough
+capacity reserved to hold all the allocated sections, but
+vmemmap_populate_hugepages() still encounters -ENOMEM from
+altmap_alloc_block_buf().
+
+This fix is a stop-gap until we can teach the core memory hotplug
+implementation to permit sub-section hotplug.
+
+Fixes: 658922e57b84 ("libnvdimm, pfn: fix memmap reservation sizing")
+Reported-by: Anisha Allada <anisha.allada@intel.com>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/nvdimm/pfn_devs.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/nvdimm/pfn_devs.c
++++ b/drivers/nvdimm/pfn_devs.c
+@@ -538,7 +538,8 @@ static struct vmem_altmap *__nvdimm_setu
+ nd_pfn->npfns = le64_to_cpu(pfn_sb->npfns);
+ altmap = NULL;
+ } else if (nd_pfn->mode == PFN_MODE_PMEM) {
+- nd_pfn->npfns = (resource_size(res) - offset) / PAGE_SIZE;
++ nd_pfn->npfns = PFN_SECTION_ALIGN_UP((resource_size(res)
++ - offset) / PAGE_SIZE);
+ if (le64_to_cpu(nd_pfn->pfn_sb->npfns) > nd_pfn->npfns)
+ dev_info(&nd_pfn->dev,
+ "number of pfns truncated from %lld to %ld\n",
+@@ -625,7 +626,8 @@ static int nd_pfn_init(struct nd_pfn *nd
+ */
+ start += start_pad;
+ size = resource_size(&nsio->res);
+- npfns = (size - start_pad - end_trunc - SZ_8K) / SZ_4K;
++ npfns = PFN_SECTION_ALIGN_UP((size - start_pad - end_trunc - SZ_8K)
++ / PAGE_SIZE);
+ if (nd_pfn->mode == PFN_MODE_PMEM) {
+ /*
+ * vmemmap_populate_hugepages() allocates the memmap array in
--- /dev/null
+From b2518c78ce76896f0f8f7940bf02104b227e1709 Mon Sep 17 00:00:00 2001
+From: Toshi Kani <toshi.kani@hpe.com>
+Date: Tue, 25 Apr 2017 17:04:13 -0600
+Subject: libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify
+
+From: Toshi Kani <toshi.kani@hpe.com>
+
+commit b2518c78ce76896f0f8f7940bf02104b227e1709 upstream.
+
+The following BUG was observed when nd_pmem_notify() was called
+for a BTT device. The use of a pmem_device pointer is not valid
+with BTT.
+
+ BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
+ IP: nd_pmem_notify+0x30/0xf0 [nd_pmem]
+ Call Trace:
+ nd_device_notify+0x40/0x50
+ child_notify+0x10/0x20
+ device_for_each_child+0x50/0x90
+ nd_region_notify+0x20/0x30
+ nd_device_notify+0x40/0x50
+ nvdimm_region_notify+0x27/0x30
+ acpi_nfit_scrub+0x341/0x590 [nfit]
+ process_one_work+0x197/0x450
+ worker_thread+0x4e/0x4a0
+ kthread+0x109/0x140
+
+Fix nd_pmem_notify() by setting nd_region and badblocks pointers
+properly for BTT.
+
+Cc: Vishal Verma <vishal.l.verma@intel.com>
+Fixes: 719994660c24 ("libnvdimm: async notification support")
+Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/nvdimm/pmem.c | 39 ++++++++++++++++++++++++++-------------
+ 1 file changed, 26 insertions(+), 13 deletions(-)
+
+--- a/drivers/nvdimm/pmem.c
++++ b/drivers/nvdimm/pmem.c
+@@ -388,12 +388,12 @@ static void nd_pmem_shutdown(struct devi
+
+ static void nd_pmem_notify(struct device *dev, enum nvdimm_event event)
+ {
+- struct pmem_device *pmem = dev_get_drvdata(dev);
+- struct nd_region *nd_region = to_region(pmem);
++ struct nd_region *nd_region;
+ resource_size_t offset = 0, end_trunc = 0;
+ struct nd_namespace_common *ndns;
+ struct nd_namespace_io *nsio;
+ struct resource res;
++ struct badblocks *bb;
+
+ if (event != NVDIMM_REVALIDATE_POISON)
+ return;
+@@ -402,20 +402,33 @@ static void nd_pmem_notify(struct device
+ struct nd_btt *nd_btt = to_nd_btt(dev);
+
+ ndns = nd_btt->ndns;
+- } else if (is_nd_pfn(dev)) {
+- struct nd_pfn *nd_pfn = to_nd_pfn(dev);
+- struct nd_pfn_sb *pfn_sb = nd_pfn->pfn_sb;
+-
+- ndns = nd_pfn->ndns;
+- offset = pmem->data_offset + __le32_to_cpu(pfn_sb->start_pad);
+- end_trunc = __le32_to_cpu(pfn_sb->end_trunc);
+- } else
+- ndns = to_ndns(dev);
++ nd_region = to_nd_region(ndns->dev.parent);
++ nsio = to_nd_namespace_io(&ndns->dev);
++ bb = &nsio->bb;
++ } else {
++ struct pmem_device *pmem = dev_get_drvdata(dev);
++
++ nd_region = to_region(pmem);
++ bb = &pmem->bb;
++
++ if (is_nd_pfn(dev)) {
++ struct nd_pfn *nd_pfn = to_nd_pfn(dev);
++ struct nd_pfn_sb *pfn_sb = nd_pfn->pfn_sb;
++
++ ndns = nd_pfn->ndns;
++ offset = pmem->data_offset +
++ __le32_to_cpu(pfn_sb->start_pad);
++ end_trunc = __le32_to_cpu(pfn_sb->end_trunc);
++ } else {
++ ndns = to_ndns(dev);
++ }
++
++ nsio = to_nd_namespace_io(&ndns->dev);
++ }
+
+- nsio = to_nd_namespace_io(&ndns->dev);
+ res.start = nsio->res.start + offset;
+ res.end = nsio->res.end - end_trunc;
+- nvdimm_badblocks_populate(nd_region, &pmem->bb, &res);
++ nvdimm_badblocks_populate(nd_region, bb, &res);
+ }
+
+ MODULE_ALIAS("pmem");
--- /dev/null
+From bc042fdfbb92b5b13421316b4548e2d6e98eed37 Mon Sep 17 00:00:00 2001
+From: Dan Williams <dan.j.williams@intel.com>
+Date: Mon, 24 Apr 2017 15:43:05 -0700
+Subject: libnvdimm, region: fix flush hint detection crash
+
+From: Dan Williams <dan.j.williams@intel.com>
+
+commit bc042fdfbb92b5b13421316b4548e2d6e98eed37 upstream.
+
+In the case where a dimm does not have any associated flush hints the
+ndrd->flush_wpq array may be uninitialized leading to crashes with the
+following signature:
+
+ BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
+ IP: region_visible+0x10f/0x160 [libnvdimm]
+
+ Call Trace:
+ internal_create_group+0xbe/0x2f0
+ sysfs_create_groups+0x40/0x80
+ device_add+0x2d8/0x650
+ nd_async_device_register+0x12/0x40 [libnvdimm]
+ async_run_entry_fn+0x39/0x170
+ process_one_work+0x212/0x6c0
+ ? process_one_work+0x197/0x6c0
+ worker_thread+0x4e/0x4a0
+ kthread+0x10c/0x140
+ ? process_one_work+0x6c0/0x6c0
+ ? kthread_create_on_node+0x60/0x60
+ ret_from_fork+0x31/0x40
+
+Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
+Fixes: f284a4f23752 ("libnvdimm: introduce nvdimm_flush() and nvdimm_has_flush()")
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/nvdimm/region_devs.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/drivers/nvdimm/region_devs.c
++++ b/drivers/nvdimm/region_devs.c
+@@ -968,17 +968,20 @@ EXPORT_SYMBOL_GPL(nvdimm_flush);
+ */
+ int nvdimm_has_flush(struct nd_region *nd_region)
+ {
+- struct nd_region_data *ndrd = dev_get_drvdata(&nd_region->dev);
+ int i;
+
+ /* no nvdimm == flushing capability unknown */
+ if (nd_region->ndr_mappings == 0)
+ return -ENXIO;
+
+- for (i = 0; i < nd_region->ndr_mappings; i++)
+- /* flush hints present, flushing required */
+- if (ndrd_get_flush_wpq(ndrd, i, 0))
++ for (i = 0; i < nd_region->ndr_mappings; i++) {
++ struct nd_mapping *nd_mapping = &nd_region->mapping[i];
++ struct nvdimm *nvdimm = nd_mapping->nvdimm;
++
++ /* flush hints present / available */
++ if (nvdimm->num_flush)
+ return 1;
++ }
+
+ /*
+ * The platform defines dimm devices without hints, assume
--- /dev/null
+From 041939c1ec54208b42f5cd819209173d52a29d34 Mon Sep 17 00:00:00 2001
+From: Ankit Kumar <ankit@linux.vnet.ibm.com>
+Date: Thu, 27 Apr 2017 17:03:13 +0530
+Subject: pstore: Fix flags to enable dumps on powerpc
+
+From: Ankit Kumar <ankit@linux.vnet.ibm.com>
+
+commit 041939c1ec54208b42f5cd819209173d52a29d34 upstream.
+
+After commit c950fd6f201a kernel registers pstore write based on flag set.
+Pstore write for powerpc is broken as flags(PSTORE_FLAGS_DMESG) is not set for
+powerpc architecture. On panic, kernel doesn't write message to
+/fs/pstore/dmesg*(Entry doesn't gets created at all).
+
+This patch enables pstore write for powerpc architecture by setting
+PSTORE_FLAGS_DMESG flag.
+
+Fixes: c950fd6f201a ("pstore: Split pstore fragile flags")
+Signed-off-by: Ankit Kumar <ankit@linux.vnet.ibm.com>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/nvram_64.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/powerpc/kernel/nvram_64.c
++++ b/arch/powerpc/kernel/nvram_64.c
+@@ -561,6 +561,7 @@ static ssize_t nvram_pstore_read(u64 *id
+ static struct pstore_info nvram_pstore_info = {
+ .owner = THIS_MODULE,
+ .name = "nvram",
++ .flags = PSTORE_FLAGS_DMESG,
+ .open = nvram_pstore_open,
+ .read = nvram_pstore_read,
+ .write = nvram_pstore_write,
--- /dev/null
+From 6330d5534786d5315d56d558aa6d20740f97d80a Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Mon, 6 Mar 2017 12:42:12 -0800
+Subject: pstore: Shut down worker when unregistering
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 6330d5534786d5315d56d558aa6d20740f97d80a upstream.
+
+When built as a module and running with update_ms >= 0, pstore will Oops
+during module unload since the work timer is still running. This makes sure
+the worker is stopped before unloading.
+
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/pstore/platform.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/fs/pstore/platform.c
++++ b/fs/pstore/platform.c
+@@ -705,6 +705,7 @@ int pstore_register(struct pstore_info *
+ if (psi->flags & PSTORE_FLAGS_PMSG)
+ pstore_register_pmsg();
+
++ /* Start watching for new records, if desired. */
+ if (pstore_update_ms >= 0) {
+ pstore_timer.expires = jiffies +
+ msecs_to_jiffies(pstore_update_ms);
+@@ -727,6 +728,11 @@ EXPORT_SYMBOL_GPL(pstore_register);
+
+ void pstore_unregister(struct pstore_info *psi)
+ {
++ /* Stop timer and make sure all work has finished. */
++ pstore_update_ms = -1;
++ del_timer_sync(&pstore_timer);
++ flush_work(&pstore_work);
++
+ if (psi->flags & PSTORE_FLAGS_PMSG)
+ pstore_unregister_pmsg();
+ if (psi->flags & PSTORE_FLAGS_FTRACE)
+@@ -826,7 +832,9 @@ static void pstore_timefunc(unsigned lon
+ schedule_work(&pstore_work);
+ }
+
+- mod_timer(&pstore_timer, jiffies + msecs_to_jiffies(pstore_update_ms));
++ if (pstore_update_ms >= 0)
++ mod_timer(&pstore_timer,
++ jiffies + msecs_to_jiffies(pstore_update_ms));
+ }
+
+ module_param(backend, charp, 0444);
bluetooth-hci_bcm-add-missing-tty-device-sanity-check.patch
bluetooth-hci_intel-add-missing-tty-device-sanity-check.patch
ipmi-fix-kernel-panic-at-ipmi_ssif_thread.patch
+libnvdimm-region-fix-flush-hint-detection-crash.patch
+libnvdimm-pmem-fix-a-null-pointer-bug-in-nd_pmem_notify.patch
+libnvdimm-fix-nvdimm_bus_lock-vs-device_lock-ordering.patch
+libnvdimm-pfn-fix-npfns-vs-section-alignment.patch
+pstore-fix-flags-to-enable-dumps-on-powerpc.patch
+pstore-shut-down-worker-when-unregistering.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
