From: Greg Kroah-Hartman Date: Tue, 28 Mar 2023 12:03:56 +0000 (+0200) Subject: 5.4-stable patches X-Git-Tag: v5.15.105~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=062d7e527fb0343e2edf0e794866ea48951f497e;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: dm-thin-fix-deadlock-when-swapping-to-thin-device.patch fsverity-remove-wq_unbound-from-fsverity-read-workqueue.patch igb-revert-rtnl_lock-that-causes-deadlock.patch usb-cdns3-fix-issue-with-using-incorrect-pci-device-function.patch usb-chipdea-core-fix-return-einval-if-request-role-is-the-same-with-current-role.patch usb-chipidea-core-fix-possible-concurrent-when-switch-role.patch --- diff --git a/queue-5.4/dm-thin-fix-deadlock-when-swapping-to-thin-device.patch b/queue-5.4/dm-thin-fix-deadlock-when-swapping-to-thin-device.patch new file mode 100644 index 00000000000..584c5dd2c00 --- /dev/null +++ b/queue-5.4/dm-thin-fix-deadlock-when-swapping-to-thin-device.patch @@ -0,0 +1,70 @@ +From 9bbf5feecc7eab2c370496c1c161bbfe62084028 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Mon, 27 Feb 2023 23:23:17 +0800 +Subject: dm thin: fix deadlock when swapping to thin device + +From: Coly Li + +commit 9bbf5feecc7eab2c370496c1c161bbfe62084028 upstream. + +This is an already known issue that dm-thin volume cannot be used as +swap, otherwise a deadlock may happen when dm-thin internal memory +demand triggers swap I/O on the dm-thin volume itself. + +But thanks to commit a666e5c05e7c ("dm: fix deadlock when swapping to +encrypted device"), the limit_swap_bios target flag can also be used +for dm-thin to avoid the recursive I/O when it is used as swap. + +Fix is to simply set ti->limit_swap_bios to true in both pool_ctr() +and thin_ctr(). + +In my test, I create a dm-thin volume /dev/vg/swap and use it as swap +device. Then I run fio on another dm-thin volume /dev/vg/main and use +large --blocksize to trigger swap I/O onto /dev/vg/swap. + +The following fio command line is used in my test, + fio --name recursive-swap-io --lockmem 1 --iodepth 128 \ + --ioengine libaio --filename /dev/vg/main --rw randrw \ + --blocksize 1M --numjobs 32 --time_based --runtime=12h + +Without this fix, the whole system can be locked up within 15 seconds. + +With this fix, there is no any deadlock or hung task observed after +2 hours of running fio. + +Furthermore, if blocksize is changed from 1M to 128M, after around 30 +seconds fio has no visible I/O, and the out-of-memory killer message +shows up in kernel message. After around 20 minutes all fio processes +are killed and the whole system is back to being alive. + +This is exactly what is expected when recursive I/O happens on dm-thin +volume when it is used as swap. + +Depends-on: a666e5c05e7c ("dm: fix deadlock when swapping to encrypted device") +Cc: stable@vger.kernel.org +Signed-off-by: Coly Li +Acked-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-thin.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/md/dm-thin.c ++++ b/drivers/md/dm-thin.c +@@ -3407,6 +3407,7 @@ static int pool_ctr(struct dm_target *ti + pt->adjusted_pf = pt->requested_pf = pf; + bio_init(&pt->flush_bio, NULL, 0); + ti->num_flush_bios = 1; ++ ti->limit_swap_bios = true; + + /* + * Only need to enable discards if the pool should pass +@@ -4292,6 +4293,7 @@ static int thin_ctr(struct dm_target *ti + goto bad; + + ti->num_flush_bios = 1; ++ ti->limit_swap_bios = true; + ti->flush_supported = true; + ti->per_io_data_size = sizeof(struct dm_thin_endio_hook); + diff --git a/queue-5.4/fsverity-remove-wq_unbound-from-fsverity-read-workqueue.patch b/queue-5.4/fsverity-remove-wq_unbound-from-fsverity-read-workqueue.patch new file mode 100644 index 00000000000..a1af926b78e --- /dev/null +++ b/queue-5.4/fsverity-remove-wq_unbound-from-fsverity-read-workqueue.patch @@ -0,0 +1,62 @@ +From f959325e6ac3f499450088b8d9c626d1177be160 Mon Sep 17 00:00:00 2001 +From: Nathan Huckleberry +Date: Fri, 10 Mar 2023 11:33:25 -0800 +Subject: fsverity: Remove WQ_UNBOUND from fsverity read workqueue + +From: Nathan Huckleberry + +commit f959325e6ac3f499450088b8d9c626d1177be160 upstream. + +WQ_UNBOUND causes significant scheduler latency on ARM64/Android. This +is problematic for latency sensitive workloads, like I/O +post-processing. + +Removing WQ_UNBOUND gives a 96% reduction in fsverity workqueue related +scheduler latency and improves app cold startup times by ~30ms. +WQ_UNBOUND was also removed from the dm-verity workqueue for the same +reason [1]. + +This code was tested by running Android app startup benchmarks and +measuring how long the fsverity workqueue spent in the runnable state. + +Before +Total workqueue scheduler latency: 553800us +After +Total workqueue scheduler latency: 18962us + +[1]: https://lore.kernel.org/all/20230202012348.885402-1-nhuck@google.com/ + +Signed-off-by: Nathan Huckleberry +Fixes: 8a1d0f9cacc9 ("fs-verity: add data verification hooks for ->readpages()") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230310193325.620493-1-nhuck@google.com +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + fs/verity/verify.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/fs/verity/verify.c ++++ b/fs/verity/verify.c +@@ -259,15 +259,15 @@ EXPORT_SYMBOL_GPL(fsverity_enqueue_verif + int __init fsverity_init_workqueue(void) + { + /* +- * Use an unbound workqueue to allow bios to be verified in parallel +- * even when they happen to complete on the same CPU. This sacrifices +- * locality, but it's worthwhile since hashing is CPU-intensive. ++ * Use a high-priority workqueue to prioritize verification work, which ++ * blocks reads from completing, over regular application tasks. + * +- * Also use a high-priority workqueue to prioritize verification work, +- * which blocks reads from completing, over regular application tasks. ++ * For performance reasons, don't use an unbound workqueue. Using an ++ * unbound workqueue for crypto operations causes excessive scheduler ++ * latency on ARM64. + */ + fsverity_read_workqueue = alloc_workqueue("fsverity_read_queue", +- WQ_UNBOUND | WQ_HIGHPRI, ++ WQ_HIGHPRI, + num_online_cpus()); + if (!fsverity_read_workqueue) + return -ENOMEM; diff --git a/queue-5.4/igb-revert-rtnl_lock-that-causes-deadlock.patch b/queue-5.4/igb-revert-rtnl_lock-that-causes-deadlock.patch new file mode 100644 index 00000000000..7b1a10dd71f --- /dev/null +++ b/queue-5.4/igb-revert-rtnl_lock-that-causes-deadlock.patch @@ -0,0 +1,87 @@ +From 65f69851e44d71248b952a687e44759a7abb5016 Mon Sep 17 00:00:00 2001 +From: Lin Ma +Date: Tue, 7 Mar 2023 23:29:17 +0800 +Subject: igb: revert rtnl_lock() that causes deadlock + +From: Lin Ma + +commit 65f69851e44d71248b952a687e44759a7abb5016 upstream. + +The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds +rtnl_lock to eliminate a false data race shown below + + (FREE from device detaching) | (USE from netdev core) +igb_remove | igb_ndo_get_vf_config + igb_disable_sriov | vf >= adapter->vfs_allocated_count? + kfree(adapter->vf_data) | + adapter->vfs_allocated_count = 0 | + | memcpy(... adapter->vf_data[vf] + +The above race will never happen and the extra rtnl_lock causes deadlock +below + +[ 141.420169] +[ 141.420672] __schedule+0x2dd/0x840 +[ 141.421427] schedule+0x50/0xc0 +[ 141.422041] schedule_preempt_disabled+0x11/0x20 +[ 141.422678] __mutex_lock.isra.13+0x431/0x6b0 +[ 141.423324] unregister_netdev+0xe/0x20 +[ 141.423578] igbvf_remove+0x45/0xe0 [igbvf] +[ 141.423791] pci_device_remove+0x36/0xb0 +[ 141.423990] device_release_driver_internal+0xc1/0x160 +[ 141.424270] pci_stop_bus_device+0x6d/0x90 +[ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20 +[ 141.424789] pci_iov_remove_virtfn+0xba/0x120 +[ 141.425452] sriov_disable+0x2f/0xf0 +[ 141.425679] igb_disable_sriov+0x4e/0x100 [igb] +[ 141.426353] igb_remove+0xa0/0x130 [igb] +[ 141.426599] pci_device_remove+0x36/0xb0 +[ 141.426796] device_release_driver_internal+0xc1/0x160 +[ 141.427060] driver_detach+0x44/0x90 +[ 141.427253] bus_remove_driver+0x55/0xe0 +[ 141.427477] pci_unregister_driver+0x2a/0xa0 +[ 141.428296] __x64_sys_delete_module+0x141/0x2b0 +[ 141.429126] ? mntput_no_expire+0x4a/0x240 +[ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0 +[ 141.429653] do_syscall_64+0x5b/0x80 +[ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0 +[ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30 +[ 141.430849] ? do_syscall_64+0x67/0x80 +[ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0 +[ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30 +[ 141.432482] ? do_syscall_64+0x67/0x80 +[ 141.432714] ? exc_page_fault+0x64/0x140 +[ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc + +Since the igb_disable_sriov() will call pci_disable_sriov() before +releasing any resources, the netdev core will synchronize the cleanup to +avoid any races. This patch removes the useless rtnl_(un)lock to guarantee +correctness. + +CC: stable@vger.kernel.org +Fixes: 6faee3d4ee8b ("igb: Add lock to avoid data race") +Reported-by: Corinna Vinschen +Link: https://lore.kernel.org/intel-wired-lan/ZAcJvkEPqWeJHO2r@calimero.vinschen.de/ +Signed-off-by: Lin Ma +Tested-by: Corinna Vinschen +Reviewed-by: Jacob Keller +Reviewed-by: Simon Horman +Tested-by: Rafal Romanowski +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/igb/igb_main.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/net/ethernet/intel/igb/igb_main.c ++++ b/drivers/net/ethernet/intel/igb/igb_main.c +@@ -3674,9 +3674,7 @@ static void igb_remove(struct pci_dev *p + igb_release_hw_control(adapter); + + #ifdef CONFIG_PCI_IOV +- rtnl_lock(); + igb_disable_sriov(pdev); +- rtnl_unlock(); + #endif + + unregister_netdev(netdev); diff --git a/queue-5.4/series b/queue-5.4/series index 20fbafd1bed..a8aa065c690 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -42,3 +42,9 @@ sh-sanitize-the-flags-on-sigreturn.patch cifs-empty-interface-list-when-server-doesn-t-support-query-interfaces.patch scsi-core-add-blist_skip_vpd_pages-for-skhynix-h28u74301amr.patch usb-gadget-u_audio-don-t-let-userspace-block-driver-unbind.patch +fsverity-remove-wq_unbound-from-fsverity-read-workqueue.patch +igb-revert-rtnl_lock-that-causes-deadlock.patch +dm-thin-fix-deadlock-when-swapping-to-thin-device.patch +usb-cdns3-fix-issue-with-using-incorrect-pci-device-function.patch +usb-chipdea-core-fix-return-einval-if-request-role-is-the-same-with-current-role.patch +usb-chipidea-core-fix-possible-concurrent-when-switch-role.patch diff --git a/queue-5.4/usb-cdns3-fix-issue-with-using-incorrect-pci-device-function.patch b/queue-5.4/usb-cdns3-fix-issue-with-using-incorrect-pci-device-function.patch new file mode 100644 index 00000000000..94fb8581da6 --- /dev/null +++ b/queue-5.4/usb-cdns3-fix-issue-with-using-incorrect-pci-device-function.patch @@ -0,0 +1,44 @@ +From 1272fd652a226ccb34e9f47371b6121948048438 Mon Sep 17 00:00:00 2001 +From: Pawel Laszczak +Date: Wed, 8 Mar 2023 07:44:27 -0500 +Subject: usb: cdns3: Fix issue with using incorrect PCI device function + +From: Pawel Laszczak + +commit 1272fd652a226ccb34e9f47371b6121948048438 upstream. + +PCI based platform can have more than two PCI functions. +USBSS PCI Glue driver during initialization should +consider only DRD/HOST/DEVICE PCI functions and +all other should be ignored. This patch adds additional +condition which causes that only DRD and HOST/DEVICE +function will be accepted. + +cc: +Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") +Signed-off-by: Pawel Laszczak +Link: https://lore.kernel.org/r/20230308124427.311245-1-pawell@cadence.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/usb/cdns3/cdns3-pci-wrap.c b/drivers/usb/cdns3/cdns3-pci-wrap.c +index deeea618ba33..1f6320d98a76 100644 +--- a/drivers/usb/cdns3/cdns3-pci-wrap.c ++++ b/drivers/usb/cdns3/cdns3-pci-wrap.c +@@ -60,6 +60,11 @@ static struct pci_dev *cdns3_get_second_fun(struct pci_dev *pdev) + return NULL; + } + ++ if (func->devfn != PCI_DEV_FN_HOST_DEVICE && ++ func->devfn != PCI_DEV_FN_OTG) { ++ return NULL; ++ } ++ + return func; + } + +-- +2.40.0 + diff --git a/queue-5.4/usb-chipdea-core-fix-return-einval-if-request-role-is-the-same-with-current-role.patch b/queue-5.4/usb-chipdea-core-fix-return-einval-if-request-role-is-the-same-with-current-role.patch new file mode 100644 index 00000000000..34feba41fb3 --- /dev/null +++ b/queue-5.4/usb-chipdea-core-fix-return-einval-if-request-role-is-the-same-with-current-role.patch @@ -0,0 +1,38 @@ +From 3670de80678961eda7fa2220883fc77c16868951 Mon Sep 17 00:00:00 2001 +From: Xu Yang +Date: Fri, 17 Mar 2023 14:15:15 +0800 +Subject: usb: chipdea: core: fix return -EINVAL if request role is the same with current role + +From: Xu Yang + +commit 3670de80678961eda7fa2220883fc77c16868951 upstream. + +It should not return -EINVAL if the request role is the same with current +role, return non-error and without do anything instead. + +Fixes: a932a8041ff9 ("usb: chipidea: core: add sysfs group") +cc: +Acked-by: Peter Chen +Signed-off-by: Xu Yang +Link: https://lore.kernel.org/r/20230317061516.2451728-1-xu.yang_2@nxp.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/chipidea/core.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/usb/chipidea/core.c ++++ b/drivers/usb/chipidea/core.c +@@ -960,9 +960,12 @@ static ssize_t role_store(struct device + strlen(ci->roles[role]->name))) + break; + +- if (role == CI_ROLE_END || role == ci->role) ++ if (role == CI_ROLE_END) + return -EINVAL; + ++ if (role == ci->role) ++ return n; ++ + pm_runtime_get_sync(dev); + disable_irq(ci->irq); + ci_role_stop(ci); diff --git a/queue-5.4/usb-chipidea-core-fix-possible-concurrent-when-switch-role.patch b/queue-5.4/usb-chipidea-core-fix-possible-concurrent-when-switch-role.patch new file mode 100644 index 00000000000..069b296c956 --- /dev/null +++ b/queue-5.4/usb-chipidea-core-fix-possible-concurrent-when-switch-role.patch @@ -0,0 +1,98 @@ +From 451b15ed138ec15bffbebb58a00ebdd884c3e659 Mon Sep 17 00:00:00 2001 +From: Xu Yang +Date: Fri, 17 Mar 2023 14:15:16 +0800 +Subject: usb: chipidea: core: fix possible concurrent when switch role + +From: Xu Yang + +commit 451b15ed138ec15bffbebb58a00ebdd884c3e659 upstream. + +The user may call role_store() when driver is handling +ci_handle_id_switch() which is triggerred by otg event or power lost +event. Unfortunately, the controller may go into chaos in this case. +Fix this by protecting it with mutex lock. + +Fixes: a932a8041ff9 ("usb: chipidea: core: add sysfs group") +cc: +Acked-by: Peter Chen +Signed-off-by: Xu Yang +Link: https://lore.kernel.org/r/20230317061516.2451728-2-xu.yang_2@nxp.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/chipidea/ci.h | 2 ++ + drivers/usb/chipidea/core.c | 8 +++++++- + drivers/usb/chipidea/otg.c | 5 ++++- + 3 files changed, 13 insertions(+), 2 deletions(-) + +--- a/drivers/usb/chipidea/ci.h ++++ b/drivers/usb/chipidea/ci.h +@@ -203,6 +203,7 @@ struct hw_bank { + * @in_lpm: if the core in low power mode + * @wakeup_int: if wakeup interrupt occur + * @rev: The revision number for controller ++ * @mutex: protect code from concorrent running when doing role switch + */ + struct ci_hdrc { + struct device *dev; +@@ -256,6 +257,7 @@ struct ci_hdrc { + bool in_lpm; + bool wakeup_int; + enum ci_revision rev; ++ struct mutex mutex; + }; + + static inline struct ci_role_driver *ci_role(struct ci_hdrc *ci) +--- a/drivers/usb/chipidea/core.c ++++ b/drivers/usb/chipidea/core.c +@@ -963,8 +963,12 @@ static ssize_t role_store(struct device + if (role == CI_ROLE_END) + return -EINVAL; + +- if (role == ci->role) ++ mutex_lock(&ci->mutex); ++ ++ if (role == ci->role) { ++ mutex_unlock(&ci->mutex); + return n; ++ } + + pm_runtime_get_sync(dev); + disable_irq(ci->irq); +@@ -974,6 +978,7 @@ static ssize_t role_store(struct device + ci_handle_vbus_change(ci); + enable_irq(ci->irq); + pm_runtime_put_sync(dev); ++ mutex_unlock(&ci->mutex); + + return (ret == 0) ? n : ret; + } +@@ -1009,6 +1014,7 @@ static int ci_hdrc_probe(struct platform + return -ENOMEM; + + spin_lock_init(&ci->lock); ++ mutex_init(&ci->mutex); + ci->dev = dev; + ci->platdata = dev_get_platdata(dev); + ci->imx28_write_fix = !!(ci->platdata->flags & +--- a/drivers/usb/chipidea/otg.c ++++ b/drivers/usb/chipidea/otg.c +@@ -164,8 +164,10 @@ static int hw_wait_vbus_lower_bsv(struct + + static void ci_handle_id_switch(struct ci_hdrc *ci) + { +- enum ci_role role = ci_otg_role(ci); ++ enum ci_role role; + ++ mutex_lock(&ci->mutex); ++ role = ci_otg_role(ci); + if (role != ci->role) { + dev_dbg(ci->dev, "switching from %s to %s\n", + ci_role(ci)->name, ci->roles[role]->name); +@@ -188,6 +190,7 @@ static void ci_handle_id_switch(struct c + if (role == CI_ROLE_GADGET) + ci_handle_vbus_change(ci); + } ++ mutex_unlock(&ci->mutex); + } + /** + * ci_otg_work - perform otg (vbus/id) event handle