From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 29 Jan 2019 10:32:58 +0000 (+0100)
Subject: 4.19-stable patches
X-Git-Tag: v4.9.154~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0abfe1cd35e1972f903697d0ea5be7e3e67feed1;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	ide-fix-a-typo-in-the-settings-proc-file-name.patch
	revert-mm-memory_hotplug-initialize-struct-pages-for-the-full-memory-section.patch
	usb-dwc3-gadget-clear-req-needs_extra_trb-flag-on-cleanup.patch
---

diff --git a/queue-4.19/ide-fix-a-typo-in-the-settings-proc-file-name.patch b/queue-4.19/ide-fix-a-typo-in-the-settings-proc-file-name.patch
new file mode 100644
index 00000000000..106c81a42af
--- /dev/null
+++ b/queue-4.19/ide-fix-a-typo-in-the-settings-proc-file-name.patch
@@ -0,0 +1,30 @@
+From f8ff6c732d35904d773043f979b844ef330c701b Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch@lst.de>
+Date: Thu, 20 Dec 2018 17:16:53 +0100
+Subject: ide: fix a typo in the settings proc file name
+
+From: Christoph Hellwig <hch@lst.de>
+
+commit f8ff6c732d35904d773043f979b844ef330c701b upstream.
+
+Fixes: ec7d9c9ce8 ("ide: replace ->proc_fops with ->proc_show")
+Reported-by: kernel test robot <lkp@intel.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ide/ide-proc.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/ide/ide-proc.c
++++ b/drivers/ide/ide-proc.c
+@@ -544,7 +544,7 @@ void ide_proc_port_register_devices(ide_
+ 		drive->proc = proc_mkdir(drive->name, parent);
+ 		if (drive->proc) {
+ 			ide_add_proc_entries(drive->proc, generic_drive_entries, drive);
+-			proc_create_data("setting", S_IFREG|S_IRUSR|S_IWUSR,
++			proc_create_data("settings", S_IFREG|S_IRUSR|S_IWUSR,
+ 					drive->proc, &ide_settings_proc_fops,
+ 					drive);
+ 		}
diff --git a/queue-4.19/revert-mm-memory_hotplug-initialize-struct-pages-for-the-full-memory-section.patch b/queue-4.19/revert-mm-memory_hotplug-initialize-struct-pages-for-the-full-memory-section.patch
new file mode 100644
index 00000000000..9d5762e6bbb
--- /dev/null
+++ b/queue-4.19/revert-mm-memory_hotplug-initialize-struct-pages-for-the-full-memory-section.patch
@@ -0,0 +1,65 @@
+From 4aa9fc2a435abe95a1e8d7f8c7b3d6356514b37a Mon Sep 17 00:00:00 2001
+From: Michal Hocko <mhocko@suse.com>
+Date: Fri, 25 Jan 2019 19:08:58 +0100
+Subject: Revert "mm, memory_hotplug: initialize struct pages for the full memory section"
+
+From: Michal Hocko <mhocko@suse.com>
+
+commit 4aa9fc2a435abe95a1e8d7f8c7b3d6356514b37a upstream.
+
+This reverts commit 2830bf6f05fb3e05bc4743274b806c821807a684.
+
+The underlying assumption that one sparse section belongs into a single
+numa node doesn't hold really. Robert Shteynfeld has reported a boot
+failure. The boot log was not captured but his memory layout is as
+follows:
+
+  Early memory node ranges
+    node   1: [mem 0x0000000000001000-0x0000000000090fff]
+    node   1: [mem 0x0000000000100000-0x00000000dbdf8fff]
+    node   1: [mem 0x0000000100000000-0x0000001423ffffff]
+    node   0: [mem 0x0000001424000000-0x0000002023ffffff]
+
+This means that node0 starts in the middle of a memory section which is
+also in node1.  memmap_init_zone tries to initialize padding of a
+section even when it is outside of the given pfn range because there are
+code paths (e.g.  memory hotplug) which assume that the full worth of
+memory section is always initialized.
+
+In this particular case, though, such a range is already intialized and
+most likely already managed by the page allocator.  Scribbling over
+those pages corrupts the internal state and likely blows up when any of
+those pages gets used.
+
+Reported-by: Robert Shteynfeld <robert.shteynfeld@gmail.com>
+Fixes: 2830bf6f05fb ("mm, memory_hotplug: initialize struct pages for the full memory section")
+Cc: stable@kernel.org
+Signed-off-by: Michal Hocko <mhocko@suse.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/page_alloc.c |   12 ------------
+ 1 file changed, 12 deletions(-)
+
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -5538,18 +5538,6 @@ not_early:
+ 			cond_resched();
+ 		}
+ 	}
+-#ifdef CONFIG_SPARSEMEM
+-	/*
+-	 * If the zone does not span the rest of the section then
+-	 * we should at least initialize those pages. Otherwise we
+-	 * could blow up on a poisoned page in some paths which depend
+-	 * on full sections being initialized (e.g. memory hotplug).
+-	 */
+-	while (end_pfn % PAGES_PER_SECTION) {
+-		__init_single_page(pfn_to_page(end_pfn), end_pfn, zone, nid);
+-		end_pfn++;
+-	}
+-#endif
+ }
+ 
+ static void __meminit zone_init_free_lists(struct zone *zone)
diff --git a/queue-4.19/series b/queue-4.19/series
index 945d1558e3d..f3ea35a07c1 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -98,3 +98,6 @@ bpf-fix-inner-map-masking-to-prevent-oob-under-specu.patch
 s390-smp-fix-calling-smp_call_ipl_cpu-from-ipl-cpu.patch
 nvmet-rdma-add-unlikely-for-response-allocated-check.patch
 nvmet-rdma-fix-null-dereference-under-heavy-load.patch
+revert-mm-memory_hotplug-initialize-struct-pages-for-the-full-memory-section.patch
+usb-dwc3-gadget-clear-req-needs_extra_trb-flag-on-cleanup.patch
+ide-fix-a-typo-in-the-settings-proc-file-name.patch
diff --git a/queue-4.19/usb-dwc3-gadget-clear-req-needs_extra_trb-flag-on-cleanup.patch b/queue-4.19/usb-dwc3-gadget-clear-req-needs_extra_trb-flag-on-cleanup.patch
new file mode 100644
index 00000000000..91e8bbbae60
--- /dev/null
+++ b/queue-4.19/usb-dwc3-gadget-clear-req-needs_extra_trb-flag-on-cleanup.patch
@@ -0,0 +1,51 @@
+From bd6742249b9ca918565e4e3abaa06665e587f4b5 Mon Sep 17 00:00:00 2001
+From: Jack Pham <jackp@codeaurora.org>
+Date: Thu, 10 Jan 2019 12:39:55 -0800
+Subject: usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup
+
+From: Jack Pham <jackp@codeaurora.org>
+
+commit bd6742249b9ca918565e4e3abaa06665e587f4b5 upstream.
+
+OUT endpoint requests may somtimes have this flag set when
+preparing to be submitted to HW indicating that there is an
+additional TRB chained to the request for alignment purposes.
+If that request is removed before the controller can execute the
+transfer (e.g. ep_dequeue/ep_disable), the request will not go
+through the dwc3_gadget_ep_cleanup_completed_request() handler
+and will not have its needs_extra_trb flag cleared when
+dwc3_gadget_giveback() is called.  This same request could be
+later requeued for a new transfer that does not require an
+extra TRB and if it is successfully completed, the cleanup
+and TRB reclamation will incorrectly process the additional TRB
+which belongs to the next request, and incorrectly advances the
+TRB dequeue pointer, thereby messing up calculation of the next
+requeust's actual/remaining count when it completes.
+
+The right thing to do here is to ensure that the flag is cleared
+before it is given back to the function driver.  A good place
+to do that is in dwc3_gadget_del_and_unmap_request().
+
+Fixes: c6267a51639b ("usb: dwc3: gadget: align transfers to wMaxPacketSize")
+Cc: stable@vger.kernel.org
+Signed-off-by: Jack Pham <jackp@codeaurora.org>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+[jackp: backport to <= 4.20: replaced 'needs_extra_trb' with 'unaligned'
+        and 'zero' members in patch and reworded commit text]
+Signed-off-by: Jack Pham <jackp@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/dwc3/gadget.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/usb/dwc3/gadget.c
++++ b/drivers/usb/dwc3/gadget.c
+@@ -177,6 +177,8 @@ static void dwc3_gadget_del_and_unmap_re
+ 	req->started = false;
+ 	list_del(&req->list);
+ 	req->remaining = 0;
++	req->unaligned = false;
++	req->zero = false;
+ 
+ 	if (req->request.status == -EINPROGRESS)
+ 		req->request.status = status;