From: Greg Kroah-Hartman Date: Mon, 21 Sep 2020 15:46:40 +0000 (+0200) Subject: 5.8-stable patches X-Git-Tag: v4.4.237~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=166479ae417ed59b1a328975fffbd3ed5f907360;p=thirdparty%2Fkernel%2Fstable-queue.git 5.8-stable patches added patches: arm64-paravirt-initialize-steal-time-when-cpu-is-online.patch dm-dax-fix-table-reference-counts.patch ehci-hcd-move-include-to-keep-crc-stable.patch mm-memory_hotplug-drain-per-cpu-pages-again-during-memory-offline.patch powerpc-dma-fix-dma_map_ops-get_required_mask.patch s390-add-3f-program-exception-handler.patch s390-pci-fix-leak-of-dma-tables-on-hard-unplug.patch s390-zcrypt-fix-kmalloc-256k-failure.patch selftests-vm-fix-display-of-page-size-in-map_hugetlb.patch --- diff --git a/queue-5.8/arm64-paravirt-initialize-steal-time-when-cpu-is-online.patch b/queue-5.8/arm64-paravirt-initialize-steal-time-when-cpu-is-online.patch new file mode 100644 index 00000000000..a8507777647 --- /dev/null +++ b/queue-5.8/arm64-paravirt-initialize-steal-time-when-cpu-is-online.patch @@ -0,0 +1,127 @@ +From 75df529bec9110dad43ab30e2d9490242529e8b8 Mon Sep 17 00:00:00 2001 +From: Andrew Jones +Date: Wed, 16 Sep 2020 17:45:30 +0200 +Subject: arm64: paravirt: Initialize steal time when cpu is online + +From: Andrew Jones + +commit 75df529bec9110dad43ab30e2d9490242529e8b8 upstream. + +Steal time initialization requires mapping a memory region which +invokes a memory allocation. Doing this at CPU starting time results +in the following trace when CONFIG_DEBUG_ATOMIC_SLEEP is enabled: + +BUG: sleeping function called from invalid context at mm/slab.h:498 +in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 0, name: swapper/1 +CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.9.0-rc5+ #1 +Call trace: + dump_backtrace+0x0/0x208 + show_stack+0x1c/0x28 + dump_stack+0xc4/0x11c + ___might_sleep+0xf8/0x130 + __might_sleep+0x58/0x90 + slab_pre_alloc_hook.constprop.101+0xd0/0x118 + kmem_cache_alloc_node_trace+0x84/0x270 + __get_vm_area_node+0x88/0x210 + get_vm_area_caller+0x38/0x40 + __ioremap_caller+0x70/0xf8 + ioremap_cache+0x78/0xb0 + memremap+0x9c/0x1a8 + init_stolen_time_cpu+0x54/0xf0 + cpuhp_invoke_callback+0xa8/0x720 + notify_cpu_starting+0xc8/0xd8 + secondary_start_kernel+0x114/0x180 +CPU1: Booted secondary processor 0x0000000001 [0x431f0a11] + +However we don't need to initialize steal time at CPU starting time. +We can simply wait until CPU online time, just sacrificing a bit of +accuracy by returning zero for steal time until we know better. + +While at it, add __init to the functions that are only called by +pv_time_init() which is __init. + +Signed-off-by: Andrew Jones +Fixes: e0685fa228fd ("arm64: Retrieve stolen time as paravirtualized guest") +Cc: stable@vger.kernel.org +Reviewed-by: Steven Price +Link: https://lore.kernel.org/r/20200916154530.40809-1-drjones@redhat.com +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/paravirt.c | 26 +++++++++++++++----------- + include/linux/cpuhotplug.h | 1 - + 2 files changed, 15 insertions(+), 12 deletions(-) + +--- a/arch/arm64/kernel/paravirt.c ++++ b/arch/arm64/kernel/paravirt.c +@@ -50,16 +50,19 @@ static u64 pv_steal_clock(int cpu) + struct pv_time_stolen_time_region *reg; + + reg = per_cpu_ptr(&stolen_time_region, cpu); +- if (!reg->kaddr) { +- pr_warn_once("stolen time enabled but not configured for cpu %d\n", +- cpu); ++ ++ /* ++ * paravirt_steal_clock() may be called before the CPU ++ * online notification callback runs. Until the callback ++ * has run we just return zero. ++ */ ++ if (!reg->kaddr) + return 0; +- } + + return le64_to_cpu(READ_ONCE(reg->kaddr->stolen_time)); + } + +-static int stolen_time_dying_cpu(unsigned int cpu) ++static int stolen_time_cpu_down_prepare(unsigned int cpu) + { + struct pv_time_stolen_time_region *reg; + +@@ -73,7 +76,7 @@ static int stolen_time_dying_cpu(unsigne + return 0; + } + +-static int init_stolen_time_cpu(unsigned int cpu) ++static int stolen_time_cpu_online(unsigned int cpu) + { + struct pv_time_stolen_time_region *reg; + struct arm_smccc_res res; +@@ -103,19 +106,20 @@ static int init_stolen_time_cpu(unsigned + return 0; + } + +-static int pv_time_init_stolen_time(void) ++static int __init pv_time_init_stolen_time(void) + { + int ret; + +- ret = cpuhp_setup_state(CPUHP_AP_ARM_KVMPV_STARTING, +- "hypervisor/arm/pvtime:starting", +- init_stolen_time_cpu, stolen_time_dying_cpu); ++ ret = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, ++ "hypervisor/arm/pvtime:online", ++ stolen_time_cpu_online, ++ stolen_time_cpu_down_prepare); + if (ret < 0) + return ret; + return 0; + } + +-static bool has_pv_steal_clock(void) ++static bool __init has_pv_steal_clock(void) + { + struct arm_smccc_res res; + +--- a/include/linux/cpuhotplug.h ++++ b/include/linux/cpuhotplug.h +@@ -141,7 +141,6 @@ enum cpuhp_state { + /* Must be the last timer callback */ + CPUHP_AP_DUMMY_TIMER_STARTING, + CPUHP_AP_ARM_XEN_STARTING, +- CPUHP_AP_ARM_KVMPV_STARTING, + CPUHP_AP_ARM_CORESIGHT_STARTING, + CPUHP_AP_ARM_CORESIGHT_CTI_STARTING, + CPUHP_AP_ARM64_ISNDEP_STARTING, diff --git a/queue-5.8/dm-dax-fix-table-reference-counts.patch b/queue-5.8/dm-dax-fix-table-reference-counts.patch new file mode 100644 index 00000000000..a1325f21156 --- /dev/null +++ b/queue-5.8/dm-dax-fix-table-reference-counts.patch @@ -0,0 +1,80 @@ +From 02186d8897d49b0afd3c80b6cf23437d91024065 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Fri, 18 Sep 2020 12:51:15 -0700 +Subject: dm/dax: Fix table reference counts + +From: Dan Williams + +commit 02186d8897d49b0afd3c80b6cf23437d91024065 upstream. + +A recent fix to the dm_dax_supported() flow uncovered a latent bug. When +dm_get_live_table() fails it is still required to drop the +srcu_read_lock(). Without this change the lvm2 test-suite triggers this +warning: + + # lvm2-testsuite --only pvmove-abort-all.sh + + WARNING: lock held when returning to user space! + 5.9.0-rc5+ #251 Tainted: G OE + ------------------------------------------------ + lvm/1318 is leaving the kernel with locks still held! + 1 lock held by lvm/1318: + #0: ffff9372abb5a340 (&md->io_barrier){....}-{0:0}, at: dm_get_live_table+0x5/0xb0 [dm_mod] + +...and later on this hang signature: + + INFO: task lvm:1344 blocked for more than 122 seconds. + Tainted: G OE 5.9.0-rc5+ #251 + "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. + task:lvm state:D stack: 0 pid: 1344 ppid: 1 flags:0x00004000 + Call Trace: + __schedule+0x45f/0xa80 + ? finish_task_switch+0x249/0x2c0 + ? wait_for_completion+0x86/0x110 + schedule+0x5f/0xd0 + schedule_timeout+0x212/0x2a0 + ? __schedule+0x467/0xa80 + ? wait_for_completion+0x86/0x110 + wait_for_completion+0xb0/0x110 + __synchronize_srcu+0xd1/0x160 + ? __bpf_trace_rcu_utilization+0x10/0x10 + __dm_suspend+0x6d/0x210 [dm_mod] + dm_suspend+0xf6/0x140 [dm_mod] + +Fixes: 7bf7eac8d648 ("dax: Arrange for dax_supported check to span multiple devices") +Cc: +Cc: Jan Kara +Cc: Alasdair Kergon +Cc: Mike Snitzer +Reported-by: Adrian Huang +Reviewed-by: Ira Weiny +Tested-by: Adrian Huang +Link: https://lore.kernel.org/r/160045867590.25663.7548541079217827340.stgit@dwillia2-desk3.amr.corp.intel.com +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -1136,15 +1136,16 @@ static bool dm_dax_supported(struct dax_ + { + struct mapped_device *md = dax_get_private(dax_dev); + struct dm_table *map; ++ bool ret = false; + int srcu_idx; +- bool ret; + + map = dm_get_live_table(md, &srcu_idx); + if (!map) +- return false; ++ goto out; + + ret = dm_table_supports_dax(map, device_supports_dax, &blocksize); + ++out: + dm_put_live_table(md, srcu_idx); + + return ret; diff --git a/queue-5.8/ehci-hcd-move-include-to-keep-crc-stable.patch b/queue-5.8/ehci-hcd-move-include-to-keep-crc-stable.patch new file mode 100644 index 00000000000..90d682cef13 --- /dev/null +++ b/queue-5.8/ehci-hcd-move-include-to-keep-crc-stable.patch @@ -0,0 +1,88 @@ +From 29231826f3bd65500118c473fccf31c0cf14dbc0 Mon Sep 17 00:00:00 2001 +From: Quentin Perret +Date: Wed, 16 Sep 2020 18:18:25 +0100 +Subject: ehci-hcd: Move include to keep CRC stable + +From: Quentin Perret + +commit 29231826f3bd65500118c473fccf31c0cf14dbc0 upstream. + +The CRC calculation done by genksyms is triggered when the parser hits +EXPORT_SYMBOL*() macros. At this point, genksyms recursively expands the +types of the function parameters, and uses that as the input for the CRC +calculation. In the case of forward-declared structs, the type expands +to 'UNKNOWN'. Following this, it appears that the result of the +expansion of each type is cached somewhere, and seems to be re-used +when/if the same type is seen again for another exported symbol in the +same C file. + +Unfortunately, this can cause CRC 'stability' issues when a struct +definition becomes visible in the middle of a C file. For example, let's +assume code with the following pattern: + + struct foo; + + int bar(struct foo *arg) + { + /* Do work ... */ + } + EXPORT_SYMBOL_GPL(bar); + + /* This contains struct foo's definition */ + #include "foo.h" + + int baz(struct foo *arg) + { + /* Do more work ... */ + } + EXPORT_SYMBOL_GPL(baz); + +Here, baz's CRC will be computed using the expansion of struct foo that +was cached after bar's CRC calculation ('UNKOWN' here). But if +EXPORT_SYMBOL_GPL(bar) is removed from the file (because of e.g. symbol +trimming using CONFIG_TRIM_UNUSED_KSYMS), struct foo will be expanded +late, during baz's CRC calculation, which now has visibility over the +full struct definition, hence resulting in a different CRC for baz. + +The proper fix for this certainly is in genksyms, but that will take me +some time to get right. In the meantime, we have seen one occurrence of +this in the ehci-hcd code which hits this problem because of the way it +includes C files halfway through the code together with an unlucky mix +of symbol trimming. + +In order to workaround this, move the include done in ehci-hub.c early +in ehci-hcd.c, hence making sure the struct definitions are visible to +the entire file. This improves CRC stability of the ehci-hcd exports +even when symbol trimming is enabled. + +Acked-by: Alan Stern +Cc: stable +Signed-off-by: Quentin Perret +Link: https://lore.kernel.org/r/20200916171825.3228122-1-qperret@google.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/host/ehci-hcd.c | 1 + + drivers/usb/host/ehci-hub.c | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/usb/host/ehci-hcd.c ++++ b/drivers/usb/host/ehci-hcd.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #include + #include + #include +--- a/drivers/usb/host/ehci-hub.c ++++ b/drivers/usb/host/ehci-hub.c +@@ -14,7 +14,6 @@ + */ + + /*-------------------------------------------------------------------------*/ +-#include + + #define PORT_WAKE_BITS (PORT_WKOC_E|PORT_WKDISC_E|PORT_WKCONN_E) + diff --git a/queue-5.8/mm-memory_hotplug-drain-per-cpu-pages-again-during-memory-offline.patch b/queue-5.8/mm-memory_hotplug-drain-per-cpu-pages-again-during-memory-offline.patch new file mode 100644 index 00000000000..6974fc26b66 --- /dev/null +++ b/queue-5.8/mm-memory_hotplug-drain-per-cpu-pages-again-during-memory-offline.patch @@ -0,0 +1,111 @@ +From 9683182612214aa5f5e709fad49444b847cd866a Mon Sep 17 00:00:00 2001 +From: Pavel Tatashin +Date: Fri, 18 Sep 2020 21:20:31 -0700 +Subject: mm/memory_hotplug: drain per-cpu pages again during memory offline + +From: Pavel Tatashin + +commit 9683182612214aa5f5e709fad49444b847cd866a upstream. + +There is a race during page offline that can lead to infinite loop: +a page never ends up on a buddy list and __offline_pages() keeps +retrying infinitely or until a termination signal is received. + +Thread#1 - a new process: + +load_elf_binary + begin_new_exec + exec_mmap + mmput + exit_mmap + tlb_finish_mmu + tlb_flush_mmu + release_pages + free_unref_page_list + free_unref_page_prepare + set_pcppage_migratetype(page, migratetype); + // Set page->index migration type below MIGRATE_PCPTYPES + +Thread#2 - hot-removes memory +__offline_pages + start_isolate_page_range + set_migratetype_isolate + set_pageblock_migratetype(page, MIGRATE_ISOLATE); + Set migration type to MIGRATE_ISOLATE-> set + drain_all_pages(zone); + // drain per-cpu page lists to buddy allocator. + +Thread#1 - continue + free_unref_page_commit + migratetype = get_pcppage_migratetype(page); + // get old migration type + list_add(&page->lru, &pcp->lists[migratetype]); + // add new page to already drained pcp list + +Thread#2 +Never drains pcp again, and therefore gets stuck in the loop. + +The fix is to try to drain per-cpu lists again after +check_pages_isolated_cb() fails. + +Fixes: c52e75935f8d ("mm: remove extra drain pages on pcp list") +Signed-off-by: Pavel Tatashin +Signed-off-by: Andrew Morton +Acked-by: David Rientjes +Acked-by: Vlastimil Babka +Acked-by: Michal Hocko +Acked-by: David Hildenbrand +Cc: Oscar Salvador +Cc: Wei Yang +Cc: +Link: https://lkml.kernel.org/r/20200903140032.380431-1-pasha.tatashin@soleen.com +Link: https://lkml.kernel.org/r/20200904151448.100489-2-pasha.tatashin@soleen.com +Link: http://lkml.kernel.org/r/20200904070235.GA15277@dhcp22.suse.cz +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/memory_hotplug.c | 14 ++++++++++++++ + mm/page_isolation.c | 8 ++++++++ + 2 files changed, 22 insertions(+) + +--- a/mm/memory_hotplug.c ++++ b/mm/memory_hotplug.c +@@ -1557,6 +1557,20 @@ static int __ref __offline_pages(unsigne + /* check again */ + ret = walk_system_ram_range(start_pfn, end_pfn - start_pfn, + NULL, check_pages_isolated_cb); ++ /* ++ * per-cpu pages are drained in start_isolate_page_range, but if ++ * there are still pages that are not free, make sure that we ++ * drain again, because when we isolated range we might ++ * have raced with another thread that was adding pages to pcp ++ * list. ++ * ++ * Forward progress should be still guaranteed because ++ * pages on the pcp list can only belong to MOVABLE_ZONE ++ * because has_unmovable_pages explicitly checks for ++ * PageBuddy on freed pages on other zones. ++ */ ++ if (ret) ++ drain_all_pages(zone); + } while (ret); + + /* Ok, all of our target is isolated. +--- a/mm/page_isolation.c ++++ b/mm/page_isolation.c +@@ -170,6 +170,14 @@ __first_valid_page(unsigned long pfn, un + * pageblocks we may have modified and return -EBUSY to caller. This + * prevents two threads from simultaneously working on overlapping ranges. + * ++ * Please note that there is no strong synchronization with the page allocator ++ * either. Pages might be freed while their page blocks are marked ISOLATED. ++ * In some cases pages might still end up on pcp lists and that would allow ++ * for their allocation even when they are in fact isolated already. Depending ++ * on how strong of a guarantee the caller needs drain_all_pages might be needed ++ * (e.g. __offline_pages will need to call it after check for isolated range for ++ * a next retry). ++ * + * Return: the number of isolated pageblocks on success and -EBUSY if any part + * of range cannot be isolated. + */ diff --git a/queue-5.8/powerpc-dma-fix-dma_map_ops-get_required_mask.patch b/queue-5.8/powerpc-dma-fix-dma_map_ops-get_required_mask.patch new file mode 100644 index 00000000000..47eff1705a9 --- /dev/null +++ b/queue-5.8/powerpc-dma-fix-dma_map_ops-get_required_mask.patch @@ -0,0 +1,50 @@ +From 437ef802e0adc9f162a95213a3488e8646e5fc03 Mon Sep 17 00:00:00 2001 +From: Alexey Kardashevskiy +Date: Tue, 8 Sep 2020 11:51:06 +1000 +Subject: powerpc/dma: Fix dma_map_ops::get_required_mask + +From: Alexey Kardashevskiy + +commit 437ef802e0adc9f162a95213a3488e8646e5fc03 upstream. + +There are 2 problems with it: + 1. "<" vs expected "<<" + 2. the shift number is an IOMMU page number mask, not an address + mask as the IOMMU page shift is missing. + +This did not hit us before f1565c24b596 ("powerpc: use the generic +dma_ops_bypass mode") because we had additional code to handle bypass +mask so this chunk (almost?) never executed.However there were +reports that aacraid does not work with "iommu=nobypass". + +After f1565c24b596, aacraid (and probably others which call +dma_get_required_mask() before setting the mask) was unable to enable +64bit DMA and fall back to using IOMMU which was known not to work, +one of the problems is double free of an IOMMU page. + +This fixes DMA for aacraid, both with and without "iommu=nobypass" in +the kernel command line. Verified with "stress-ng -d 4". + +Fixes: 6a5c7be5e484 ("powerpc: Override dma_get_required_mask by platform hook and ops") +Cc: stable@vger.kernel.org # v3.2+ +Signed-off-by: Alexey Kardashevskiy +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200908015106.79661-1-aik@ozlabs.ru +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/dma-iommu.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/powerpc/kernel/dma-iommu.c ++++ b/arch/powerpc/kernel/dma-iommu.c +@@ -160,7 +160,8 @@ u64 dma_iommu_get_required_mask(struct d + return bypass_mask; + } + +- mask = 1ULL < (fls_long(tbl->it_offset + tbl->it_size) - 1); ++ mask = 1ULL << (fls_long(tbl->it_offset + tbl->it_size) + ++ tbl->it_page_shift - 1); + mask += mask - 1; + + return mask; diff --git a/queue-5.8/s390-add-3f-program-exception-handler.patch b/queue-5.8/s390-add-3f-program-exception-handler.patch new file mode 100644 index 00000000000..995a4156bcc --- /dev/null +++ b/queue-5.8/s390-add-3f-program-exception-handler.patch @@ -0,0 +1,87 @@ +From cd4d3d5f21ddbfae3f686ac0ff405f21f7847ad3 Mon Sep 17 00:00:00 2001 +From: Janosch Frank +Date: Tue, 8 Sep 2020 09:05:04 -0400 +Subject: s390: add 3f program exception handler + +From: Janosch Frank + +commit cd4d3d5f21ddbfae3f686ac0ff405f21f7847ad3 upstream. + +Program exception 3f (secure storage violation) can only be detected +when the CPU is running in SIE with a format 4 state description, +e.g. running a protected guest. Because of this and because user +space partly controls the guest memory mapping and can trigger this +exception, we want to send a SIGSEGV to the process running the guest +and not panic the kernel. + +Signed-off-by: Janosch Frank +Cc: # 5.7 +Fixes: 084ea4d611a3 ("s390/mm: add (non)secure page access exceptions handlers") +Reviewed-by: Claudio Imbrenda +Reviewed-by: Cornelia Huck +Acked-by: Christian Borntraeger +Signed-off-by: Heiko Carstens +Signed-off-by: Vasily Gorbik +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/kernel/entry.h | 1 + + arch/s390/kernel/pgm_check.S | 2 +- + arch/s390/mm/fault.c | 20 ++++++++++++++++++++ + 3 files changed, 22 insertions(+), 1 deletion(-) + +--- a/arch/s390/kernel/entry.h ++++ b/arch/s390/kernel/entry.h +@@ -26,6 +26,7 @@ void do_protection_exception(struct pt_r + void do_dat_exception(struct pt_regs *regs); + void do_secure_storage_access(struct pt_regs *regs); + void do_non_secure_storage_access(struct pt_regs *regs); ++void do_secure_storage_violation(struct pt_regs *regs); + + void addressing_exception(struct pt_regs *regs); + void data_exception(struct pt_regs *regs); +--- a/arch/s390/kernel/pgm_check.S ++++ b/arch/s390/kernel/pgm_check.S +@@ -80,7 +80,7 @@ PGM_CHECK(do_dat_exception) /* 3b */ + PGM_CHECK_DEFAULT /* 3c */ + PGM_CHECK(do_secure_storage_access) /* 3d */ + PGM_CHECK(do_non_secure_storage_access) /* 3e */ +-PGM_CHECK_DEFAULT /* 3f */ ++PGM_CHECK(do_secure_storage_violation) /* 3f */ + PGM_CHECK(monitor_event_exception) /* 40 */ + PGM_CHECK_DEFAULT /* 41 */ + PGM_CHECK_DEFAULT /* 42 */ +--- a/arch/s390/mm/fault.c ++++ b/arch/s390/mm/fault.c +@@ -875,6 +875,21 @@ void do_non_secure_storage_access(struct + } + NOKPROBE_SYMBOL(do_non_secure_storage_access); + ++void do_secure_storage_violation(struct pt_regs *regs) ++{ ++ /* ++ * Either KVM messed up the secure guest mapping or the same ++ * page is mapped into multiple secure guests. ++ * ++ * This exception is only triggered when a guest 2 is running ++ * and can therefore never occur in kernel context. ++ */ ++ printk_ratelimited(KERN_WARNING ++ "Secure storage violation in task: %s, pid %d\n", ++ current->comm, current->pid); ++ send_sig(SIGSEGV, current, 0); ++} ++ + #else + void do_secure_storage_access(struct pt_regs *regs) + { +@@ -885,4 +900,9 @@ void do_non_secure_storage_access(struct + { + default_trap_handler(regs); + } ++ ++void do_secure_storage_violation(struct pt_regs *regs) ++{ ++ default_trap_handler(regs); ++} + #endif diff --git a/queue-5.8/s390-pci-fix-leak-of-dma-tables-on-hard-unplug.patch b/queue-5.8/s390-pci-fix-leak-of-dma-tables-on-hard-unplug.patch new file mode 100644 index 00000000000..74f089eee48 --- /dev/null +++ b/queue-5.8/s390-pci-fix-leak-of-dma-tables-on-hard-unplug.patch @@ -0,0 +1,68 @@ +From afdf9550e54627fcf4dd609bdc1153059378cdf5 Mon Sep 17 00:00:00 2001 +From: Niklas Schnelle +Date: Thu, 3 Sep 2020 13:42:57 +0200 +Subject: s390/pci: fix leak of DMA tables on hard unplug + +From: Niklas Schnelle + +commit afdf9550e54627fcf4dd609bdc1153059378cdf5 upstream. + +commit f606b3ef47c9 ("s390/pci: adapt events for zbus") removed the +zpci_disable_device() call for a zPCI event with PEC 0x0304 because +the device is already deconfigured by the platform. +This however skips the Linux side of the disable in particular it leads +to leaking the DMA tables and bitmaps because zpci_dma_exit_device() is +never called on the device. + +If the device transitions to the Reserved state we call zpci_zdev_put() +but zpci_release_device() will not call zpci_disable_device() because +the state of the zPCI function is already ZPCI_FN_STATE_STANDBY. + +If the device is put into the Standby state, zpci_disable_device() is +not called and the device is assumed to have been put in Standby through +platform action. +At this point the device may be removed by a subsequent event with PEC +0x0308 or 0x0306 which calls zpci_zdev_put() with the same problem +as above or the device may be configured again in which case +zpci_disable_device() is also not called. + +Fix this by calling zpci_disable_device() explicitly for PEC 0x0304 as +before. To make it more clear that zpci_disable_device() may be called, +even if the lower level device has already been disabled by the +platform, add a comment to zpci_disable_device(). + +Cc: # 5.8 +Fixes: f606b3ef47c9 ("s390/pci: adapt events for zbus") +Signed-off-by: Niklas Schnelle +Signed-off-by: Vasily Gorbik +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/pci/pci.c | 4 ++++ + arch/s390/pci/pci_event.c | 2 ++ + 2 files changed, 6 insertions(+) + +--- a/arch/s390/pci/pci.c ++++ b/arch/s390/pci/pci.c +@@ -668,6 +668,10 @@ EXPORT_SYMBOL_GPL(zpci_enable_device); + int zpci_disable_device(struct zpci_dev *zdev) + { + zpci_dma_exit_device(zdev); ++ /* ++ * The zPCI function may already be disabled by the platform, this is ++ * detected in clp_disable_fh() which becomes a no-op. ++ */ + return clp_disable_fh(zdev); + } + EXPORT_SYMBOL_GPL(zpci_disable_device); +--- a/arch/s390/pci/pci_event.c ++++ b/arch/s390/pci/pci_event.c +@@ -143,6 +143,8 @@ static void __zpci_event_availability(st + zpci_remove_device(zdev); + } + ++ zdev->fh = ccdf->fh; ++ zpci_disable_device(zdev); + zdev->state = ZPCI_FN_STATE_STANDBY; + if (!clp_get_state(ccdf->fid, &state) && + state == ZPCI_FN_STATE_RESERVED) { diff --git a/queue-5.8/s390-zcrypt-fix-kmalloc-256k-failure.patch b/queue-5.8/s390-zcrypt-fix-kmalloc-256k-failure.patch new file mode 100644 index 00000000000..2370efc0dec --- /dev/null +++ b/queue-5.8/s390-zcrypt-fix-kmalloc-256k-failure.patch @@ -0,0 +1,48 @@ +From b6186d7fb53349efd274263a45f0b08749ccaa2d Mon Sep 17 00:00:00 2001 +From: Harald Freudenberger +Date: Wed, 9 Sep 2020 11:59:43 +0200 +Subject: s390/zcrypt: fix kmalloc 256k failure + +From: Harald Freudenberger + +commit b6186d7fb53349efd274263a45f0b08749ccaa2d upstream. + +Tests showed that under stress conditions the kernel may +temporary fail to allocate 256k with kmalloc. However, +this fix reworks the related code in the cca_findcard2() +function to use kvmalloc instead. + +Signed-off-by: Harald Freudenberger +Reviewed-by: Ingo Franzki +Cc: Stable +Signed-off-by: Vasily Gorbik +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/crypto/zcrypt_ccamisc.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/s390/crypto/zcrypt_ccamisc.c ++++ b/drivers/s390/crypto/zcrypt_ccamisc.c +@@ -1685,9 +1685,9 @@ int cca_findcard2(u32 **apqns, u32 *nr_a + *nr_apqns = 0; + + /* fetch status of all crypto cards */ +- device_status = kmalloc_array(MAX_ZDEV_ENTRIES_EXT, +- sizeof(struct zcrypt_device_status_ext), +- GFP_KERNEL); ++ device_status = kvmalloc_array(MAX_ZDEV_ENTRIES_EXT, ++ sizeof(struct zcrypt_device_status_ext), ++ GFP_KERNEL); + if (!device_status) + return -ENOMEM; + zcrypt_device_status_mask_ext(device_status); +@@ -1755,7 +1755,7 @@ int cca_findcard2(u32 **apqns, u32 *nr_a + verify = 0; + } + +- kfree(device_status); ++ kvfree(device_status); + return rc; + } + EXPORT_SYMBOL(cca_findcard2); diff --git a/queue-5.8/selftests-vm-fix-display-of-page-size-in-map_hugetlb.patch b/queue-5.8/selftests-vm-fix-display-of-page-size-in-map_hugetlb.patch new file mode 100644 index 00000000000..4a2b7441ea4 --- /dev/null +++ b/queue-5.8/selftests-vm-fix-display-of-page-size-in-map_hugetlb.patch @@ -0,0 +1,36 @@ +From 1ec882fc81e3177faf055877310dbdb0c68eb7db Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Fri, 18 Sep 2020 21:20:28 -0700 +Subject: selftests/vm: fix display of page size in map_hugetlb + +From: Christophe Leroy + +commit 1ec882fc81e3177faf055877310dbdb0c68eb7db upstream. + +The displayed size is in bytes while the text says it is in kB. + +Shift it by 10 to really display kBytes. + +Fixes: fa7b9a805c79 ("tools/selftest/vm: allow choosing mem size and page size in map_hugetlb") +Signed-off-by: Christophe Leroy +Signed-off-by: Andrew Morton +Cc: +Link: https://lkml.kernel.org/r/e27481224564a93d14106e750de31189deaa8bc8.1598861977.git.christophe.leroy@csgroup.eu +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + tools/testing/selftests/vm/map_hugetlb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/testing/selftests/vm/map_hugetlb.c ++++ b/tools/testing/selftests/vm/map_hugetlb.c +@@ -83,7 +83,7 @@ int main(int argc, char **argv) + } + + if (shift) +- printf("%u kB hugepages\n", 1 << shift); ++ printf("%u kB hugepages\n", 1 << (shift - 10)); + else + printf("Default size hugepages\n"); + printf("Mapping %lu Mbytes\n", (unsigned long)length >> 20); diff --git a/queue-5.8/series b/queue-5.8/series index ddd3818f942..8b25b5f426a 100644 --- a/queue-5.8/series +++ b/queue-5.8/series @@ -103,3 +103,12 @@ x86-boot-compressed-disable-relocation-relaxation.patch ksm-reinstate-memcg-charge-on-copied-pages.patch kprobes-fix-kill-kprobe-which-has-been-marked-as-gone.patch mm-thp-fix-__split_huge_pmd_locked-for-migration-pmd.patch +s390-add-3f-program-exception-handler.patch +s390-pci-fix-leak-of-dma-tables-on-hard-unplug.patch +s390-zcrypt-fix-kmalloc-256k-failure.patch +ehci-hcd-move-include-to-keep-crc-stable.patch +arm64-paravirt-initialize-steal-time-when-cpu-is-online.patch +powerpc-dma-fix-dma_map_ops-get_required_mask.patch +selftests-vm-fix-display-of-page-size-in-map_hugetlb.patch +dm-dax-fix-table-reference-counts.patch +mm-memory_hotplug-drain-per-cpu-pages-again-during-memory-offline.patch