From: Greg Kroah-Hartman Date: Mon, 1 Jul 2019 15:25:10 +0000 (+0200) Subject: 5.1-stable patches X-Git-Tag: v5.1.16~29 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e27eca6efdcebac46df18d308c92808929cecab;p=thirdparty%2Fkernel%2Fstable-queue.git 5.1-stable patches added patches: clk-socfpga-stratix10-fix-divider-entry-for-the-emac-clocks.patch clk-tegra210-fix-default-rates-for-hda-clocks.patch dm-init-fix-incorrect-uses-of-kstrndup.patch dm-log-writes-make-sure-super-sector-log-updates-are-written-in-order.patch drm-i915-force-2-96-mhz-cdclk-on-glk-cnl-when-audio-power-is-enabled.patch drm-i915-remove-redundant-store-of-logical-cdclk-state.patch drm-i915-save-the-old-cdclk-atomic-state.patch drm-i915-skip-modeset-for-cdclk-changes-if-possible.patch io_uring-ensure-req-file-is-cleared-on-allocation.patch mm-hugetlb-soft-offline-dissolve_free_huge_page-return-zero-on-pagehuge.patch mm-page_idle.c-fix-oops-because-end_pfn-is-larger-than-max_pfn.patch mm-soft-offline-return-ebusy-if-set_hwpoison_free_buddy_page-fails.patch mm-swap-fix-thp-swap-out.patch scsi-vmw_pscsi-fix-use-after-free-in-pvscsi_queue_lck.patch --- diff --git a/queue-5.1/clk-socfpga-stratix10-fix-divider-entry-for-the-emac-clocks.patch b/queue-5.1/clk-socfpga-stratix10-fix-divider-entry-for-the-emac-clocks.patch new file mode 100644 index 00000000000..95de1a3cb38 --- /dev/null +++ b/queue-5.1/clk-socfpga-stratix10-fix-divider-entry-for-the-emac-clocks.patch @@ -0,0 +1,34 @@ +From 74684cce5ebd567b01e9bc0e9a1945c70a32f32f Mon Sep 17 00:00:00 2001 +From: Dinh Nguyen +Date: Fri, 7 Jun 2019 10:12:46 -0500 +Subject: clk: socfpga: stratix10: fix divider entry for the emac clocks + +From: Dinh Nguyen + +commit 74684cce5ebd567b01e9bc0e9a1945c70a32f32f upstream. + +The fixed dividers for the emac clocks should be 2 not 4. + +Cc: stable@vger.kernel.org +Signed-off-by: Dinh Nguyen +Signed-off-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/clk/socfpga/clk-s10.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/clk/socfpga/clk-s10.c ++++ b/drivers/clk/socfpga/clk-s10.c +@@ -103,9 +103,9 @@ static const struct stratix10_perip_cnt_ + { STRATIX10_NOC_CLK, "noc_clk", NULL, noc_mux, ARRAY_SIZE(noc_mux), + 0, 0, 0, 0x3C, 1}, + { STRATIX10_EMAC_A_FREE_CLK, "emaca_free_clk", NULL, emaca_free_mux, ARRAY_SIZE(emaca_free_mux), +- 0, 0, 4, 0xB0, 0}, ++ 0, 0, 2, 0xB0, 0}, + { STRATIX10_EMAC_B_FREE_CLK, "emacb_free_clk", NULL, emacb_free_mux, ARRAY_SIZE(emacb_free_mux), +- 0, 0, 4, 0xB0, 1}, ++ 0, 0, 2, 0xB0, 1}, + { STRATIX10_EMAC_PTP_FREE_CLK, "emac_ptp_free_clk", NULL, emac_ptp_free_mux, + ARRAY_SIZE(emac_ptp_free_mux), 0, 0, 4, 0xB0, 2}, + { STRATIX10_GPIO_DB_FREE_CLK, "gpio_db_free_clk", NULL, gpio_db_free_mux, diff --git a/queue-5.1/clk-tegra210-fix-default-rates-for-hda-clocks.patch b/queue-5.1/clk-tegra210-fix-default-rates-for-hda-clocks.patch new file mode 100644 index 00000000000..580404deaf9 --- /dev/null +++ b/queue-5.1/clk-tegra210-fix-default-rates-for-hda-clocks.patch @@ -0,0 +1,37 @@ +From 9caec6620f25b6d15646bbdb93062c872ba3b56f Mon Sep 17 00:00:00 2001 +From: Jon Hunter +Date: Wed, 5 Jun 2019 15:01:39 +0100 +Subject: clk: tegra210: Fix default rates for HDA clocks + +From: Jon Hunter + +commit 9caec6620f25b6d15646bbdb93062c872ba3b56f upstream. + +Currently the default clock rates for the HDA and HDA2CODEC_2X clocks +are both 19.2MHz. However, the default rates for these clocks should +actually be 51MHz and 48MHz, respectively. The current clock settings +results in a distorted output during audio playback. Correct the default +clock rates for these clocks by specifying them in the clock init table +for Tegra210. + +Cc: stable@vger.kernel.org +Signed-off-by: Jon Hunter +Acked-by: Thierry Reding +Signed-off-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/clk/tegra/clk-tegra210.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/clk/tegra/clk-tegra210.c ++++ b/drivers/clk/tegra/clk-tegra210.c +@@ -3377,6 +3377,8 @@ static struct tegra_clk_init_table init_ + { TEGRA210_CLK_I2S3_SYNC, TEGRA210_CLK_CLK_MAX, 24576000, 0 }, + { TEGRA210_CLK_I2S4_SYNC, TEGRA210_CLK_CLK_MAX, 24576000, 0 }, + { TEGRA210_CLK_VIMCLK_SYNC, TEGRA210_CLK_CLK_MAX, 24576000, 0 }, ++ { TEGRA210_CLK_HDA, TEGRA210_CLK_PLL_P, 51000000, 0 }, ++ { TEGRA210_CLK_HDA2CODEC_2X, TEGRA210_CLK_PLL_P, 48000000, 0 }, + /* This MUST be the last entry. */ + { TEGRA210_CLK_CLK_MAX, TEGRA210_CLK_CLK_MAX, 0, 0 }, + }; diff --git a/queue-5.1/dm-init-fix-incorrect-uses-of-kstrndup.patch b/queue-5.1/dm-init-fix-incorrect-uses-of-kstrndup.patch new file mode 100644 index 00000000000..66e502f0318 --- /dev/null +++ b/queue-5.1/dm-init-fix-incorrect-uses-of-kstrndup.patch @@ -0,0 +1,43 @@ +From dec7e6494e1aea6bf676223da3429cd17ce0af79 Mon Sep 17 00:00:00 2001 +From: Gen Zhang +Date: Wed, 29 May 2019 09:33:20 +0800 +Subject: dm init: fix incorrect uses of kstrndup() + +From: Gen Zhang + +commit dec7e6494e1aea6bf676223da3429cd17ce0af79 upstream. + +Fix 2 kstrndup() calls with incorrect argument order. + +Fixes: 6bbc923dfcf5 ("dm: add support to directly boot to a mapped device") +Cc: stable@vger.kernel.org # v5.1 +Signed-off-by: Gen Zhang +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-init.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/md/dm-init.c ++++ b/drivers/md/dm-init.c +@@ -140,8 +140,8 @@ static char __init *dm_parse_table_entry + return ERR_PTR(-EINVAL); + } + /* target_args */ +- dev->target_args_array[n] = kstrndup(field[3], GFP_KERNEL, +- DM_MAX_STR_SIZE); ++ dev->target_args_array[n] = kstrndup(field[3], DM_MAX_STR_SIZE, ++ GFP_KERNEL); + if (!dev->target_args_array[n]) + return ERR_PTR(-ENOMEM); + +@@ -275,7 +275,7 @@ static int __init dm_init_init(void) + DMERR("Argument is too big. Limit is %d\n", DM_MAX_STR_SIZE); + return -EINVAL; + } +- str = kstrndup(create, GFP_KERNEL, DM_MAX_STR_SIZE); ++ str = kstrndup(create, DM_MAX_STR_SIZE, GFP_KERNEL); + if (!str) + return -ENOMEM; + diff --git a/queue-5.1/dm-log-writes-make-sure-super-sector-log-updates-are-written-in-order.patch b/queue-5.1/dm-log-writes-make-sure-super-sector-log-updates-are-written-in-order.patch new file mode 100644 index 00000000000..babfd7f0eeb --- /dev/null +++ b/queue-5.1/dm-log-writes-make-sure-super-sector-log-updates-are-written-in-order.patch @@ -0,0 +1,106 @@ +From 211ad4b733037f66f9be0a79eade3da7ab11cbb8 Mon Sep 17 00:00:00 2001 +From: "zhangyi (F)" +Date: Wed, 5 Jun 2019 21:27:08 +0800 +Subject: dm log writes: make sure super sector log updates are written in order + +From: zhangyi (F) + +commit 211ad4b733037f66f9be0a79eade3da7ab11cbb8 upstream. + +Currently, although we submit super bios in order (and super.nr_entries +is incremented by each logged entry), submit_bio() is async so each +super sector may not be written to log device in order and then the +final nr_entries may be smaller than it should be. + +This problem can be reproduced by the xfstests generic/455 with ext4: + + QA output created by 455 + -Silence is golden + +mark 'end' does not exist + +Fix this by serializing submission of super sectors to make sure each +is written to the log disk in order. + +Fixes: 0e9cebe724597 ("dm: add log writes target") +Cc: stable@vger.kernel.org +Signed-off-by: zhangyi (F) +Suggested-by: Josef Bacik +Reviewed-by: Josef Bacik +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-log-writes.c | 23 +++++++++++++++++++++-- + 1 file changed, 21 insertions(+), 2 deletions(-) + +--- a/drivers/md/dm-log-writes.c ++++ b/drivers/md/dm-log-writes.c +@@ -60,6 +60,7 @@ + + #define WRITE_LOG_VERSION 1ULL + #define WRITE_LOG_MAGIC 0x6a736677736872ULL ++#define WRITE_LOG_SUPER_SECTOR 0 + + /* + * The disk format for this is braindead simple. +@@ -115,6 +116,7 @@ struct log_writes_c { + struct list_head logging_blocks; + wait_queue_head_t wait; + struct task_struct *log_kthread; ++ struct completion super_done; + }; + + struct pending_block { +@@ -180,6 +182,14 @@ static void log_end_io(struct bio *bio) + bio_put(bio); + } + ++static void log_end_super(struct bio *bio) ++{ ++ struct log_writes_c *lc = bio->bi_private; ++ ++ complete(&lc->super_done); ++ log_end_io(bio); ++} ++ + /* + * Meant to be called if there is an error, it will free all the pages + * associated with the block. +@@ -215,7 +225,8 @@ static int write_metadata(struct log_wri + bio->bi_iter.bi_size = 0; + bio->bi_iter.bi_sector = sector; + bio_set_dev(bio, lc->logdev->bdev); +- bio->bi_end_io = log_end_io; ++ bio->bi_end_io = (sector == WRITE_LOG_SUPER_SECTOR) ? ++ log_end_super : log_end_io; + bio->bi_private = lc; + bio_set_op_attrs(bio, REQ_OP_WRITE, 0); + +@@ -418,11 +429,18 @@ static int log_super(struct log_writes_c + super.nr_entries = cpu_to_le64(lc->logged_entries); + super.sectorsize = cpu_to_le32(lc->sectorsize); + +- if (write_metadata(lc, &super, sizeof(super), NULL, 0, 0)) { ++ if (write_metadata(lc, &super, sizeof(super), NULL, 0, ++ WRITE_LOG_SUPER_SECTOR)) { + DMERR("Couldn't write super"); + return -1; + } + ++ /* ++ * Super sector should be writen in-order, otherwise the ++ * nr_entries could be rewritten incorrectly by an old bio. ++ */ ++ wait_for_completion_io(&lc->super_done); ++ + return 0; + } + +@@ -531,6 +549,7 @@ static int log_writes_ctr(struct dm_targ + INIT_LIST_HEAD(&lc->unflushed_blocks); + INIT_LIST_HEAD(&lc->logging_blocks); + init_waitqueue_head(&lc->wait); ++ init_completion(&lc->super_done); + atomic_set(&lc->io_blocks, 0); + atomic_set(&lc->pending_blocks, 0); + diff --git a/queue-5.1/drm-i915-force-2-96-mhz-cdclk-on-glk-cnl-when-audio-power-is-enabled.patch b/queue-5.1/drm-i915-force-2-96-mhz-cdclk-on-glk-cnl-when-audio-power-is-enabled.patch new file mode 100644 index 00000000000..775f1ac1185 --- /dev/null +++ b/queue-5.1/drm-i915-force-2-96-mhz-cdclk-on-glk-cnl-when-audio-power-is-enabled.patch @@ -0,0 +1,278 @@ +From 905801fe72377b4dc53c6e13eea1a91c6a4aa0c4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= +Date: Wed, 20 Mar 2019 15:54:36 +0200 +Subject: drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ville Syrjälä + +commit 905801fe72377b4dc53c6e13eea1a91c6a4aa0c4 upstream. + +CDCLK has to be at least twice the BLCK regardless of audio. Audio +driver has to probe using this hook and increase the clock even in +absence of any display. + +v2: Use atomic refcount for get_power, put_power so that we can + call each once(Abhay). +v3: Reset power well 2 to avoid any transaction on iDisp link + during cdclk change(Abhay). +v4: Remove Power well 2 reset workaround(Ville). +v5: Remove unwanted Power well 2 register defined in v4(Abhay). +v6: +- Use a dedicated flag instead of state->modeset for min CDCLK changes +- Make get/put audio power domain symmetric +- Rebased on top of intel_wakeref tracking changes. + +Signed-off-by: Ville Syrjälä +Signed-off-by: Abhay Kumar +Tested-by: Abhay Kumar +Signed-off-by: Imre Deak +Reviewed-by: Clint Taylor +Link: https://patchwork.freedesktop.org/patch/msgid/20190320135439.12201-1-imre.deak@intel.com +Cc: # 5.1.x +Signed-off-by: Jian-Hong Pan +Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=203623 +Buglink: https://bugs.freedesktop.org/show_bug.cgi?id=110916 +Link: https://www.spinics.net/lists/stable/msg310910.html +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/i915_drv.h | 3 + + drivers/gpu/drm/i915/intel_audio.c | 62 +++++++++++++++++++++++++++++++++-- + drivers/gpu/drm/i915/intel_cdclk.c | 30 +++++----------- + drivers/gpu/drm/i915/intel_display.c | 9 ++++- + drivers/gpu/drm/i915/intel_drv.h | 3 + + 5 files changed, 83 insertions(+), 24 deletions(-) + +--- a/drivers/gpu/drm/i915/i915_drv.h ++++ b/drivers/gpu/drm/i915/i915_drv.h +@@ -1622,6 +1622,8 @@ struct drm_i915_private { + struct intel_cdclk_state actual; + /* The current hardware cdclk state */ + struct intel_cdclk_state hw; ++ ++ int force_min_cdclk; + } cdclk; + + /** +@@ -1741,6 +1743,7 @@ struct drm_i915_private { + * + */ + struct mutex av_mutex; ++ int audio_power_refcount; + + struct { + struct mutex mutex; +--- a/drivers/gpu/drm/i915/intel_audio.c ++++ b/drivers/gpu/drm/i915/intel_audio.c +@@ -741,15 +741,71 @@ void intel_init_audio_hooks(struct drm_i + } + } + ++static void glk_force_audio_cdclk(struct drm_i915_private *dev_priv, ++ bool enable) ++{ ++ struct drm_modeset_acquire_ctx ctx; ++ struct drm_atomic_state *state; ++ int ret; ++ ++ drm_modeset_acquire_init(&ctx, 0); ++ state = drm_atomic_state_alloc(&dev_priv->drm); ++ if (WARN_ON(!state)) ++ return; ++ ++ state->acquire_ctx = &ctx; ++ ++retry: ++ to_intel_atomic_state(state)->cdclk.force_min_cdclk_changed = true; ++ to_intel_atomic_state(state)->cdclk.force_min_cdclk = ++ enable ? 2 * 96000 : 0; ++ ++ /* ++ * Protects dev_priv->cdclk.force_min_cdclk ++ * Need to lock this here in case we have no active pipes ++ * and thus wouldn't lock it during the commit otherwise. ++ */ ++ ret = drm_modeset_lock(&dev_priv->drm.mode_config.connection_mutex, ++ &ctx); ++ if (!ret) ++ ret = drm_atomic_commit(state); ++ ++ if (ret == -EDEADLK) { ++ drm_atomic_state_clear(state); ++ drm_modeset_backoff(&ctx); ++ goto retry; ++ } ++ ++ WARN_ON(ret); ++ ++ drm_atomic_state_put(state); ++ ++ drm_modeset_drop_locks(&ctx); ++ drm_modeset_acquire_fini(&ctx); ++} ++ + static void i915_audio_component_get_power(struct device *kdev) + { +- intel_display_power_get(kdev_to_i915(kdev), POWER_DOMAIN_AUDIO); ++ struct drm_i915_private *dev_priv = kdev_to_i915(kdev); ++ ++ intel_display_power_get(dev_priv, POWER_DOMAIN_AUDIO); ++ ++ /* Force CDCLK to 2*BCLK as long as we need audio to be powered. */ ++ if (dev_priv->audio_power_refcount++ == 0) ++ if (IS_CANNONLAKE(dev_priv) || IS_GEMINILAKE(dev_priv)) ++ glk_force_audio_cdclk(dev_priv, true); + } + + static void i915_audio_component_put_power(struct device *kdev) + { +- intel_display_power_put_unchecked(kdev_to_i915(kdev), +- POWER_DOMAIN_AUDIO); ++ struct drm_i915_private *dev_priv = kdev_to_i915(kdev); ++ ++ /* Stop forcing CDCLK to 2*BCLK if no need for audio to be powered. */ ++ if (--dev_priv->audio_power_refcount == 0) ++ if (IS_CANNONLAKE(dev_priv) || IS_GEMINILAKE(dev_priv)) ++ glk_force_audio_cdclk(dev_priv, false); ++ ++ intel_display_power_put_unchecked(dev_priv, POWER_DOMAIN_AUDIO); + } + + static void i915_audio_component_codec_wake_override(struct device *kdev, +--- a/drivers/gpu/drm/i915/intel_cdclk.c ++++ b/drivers/gpu/drm/i915/intel_cdclk.c +@@ -2187,19 +2187,8 @@ int intel_crtc_compute_min_cdclk(const s + /* + * According to BSpec, "The CD clock frequency must be at least twice + * the frequency of the Azalia BCLK." and BCLK is 96 MHz by default. +- * +- * FIXME: Check the actual, not default, BCLK being used. +- * +- * FIXME: This does not depend on ->has_audio because the higher CDCLK +- * is required for audio probe, also when there are no audio capable +- * displays connected at probe time. This leads to unnecessarily high +- * CDCLK when audio is not required. +- * +- * FIXME: This limit is only applied when there are displays connected +- * at probe time. If we probe without displays, we'll still end up using +- * the platform minimum CDCLK, failing audio probe. + */ +- if (INTEL_GEN(dev_priv) >= 9) ++ if (crtc_state->has_audio && INTEL_GEN(dev_priv) >= 9) + min_cdclk = max(2 * 96000, min_cdclk); + + /* +@@ -2239,7 +2228,7 @@ static int intel_compute_min_cdclk(struc + intel_state->min_cdclk[i] = min_cdclk; + } + +- min_cdclk = 0; ++ min_cdclk = intel_state->cdclk.force_min_cdclk; + for_each_pipe(dev_priv, pipe) + min_cdclk = max(intel_state->min_cdclk[pipe], min_cdclk); + +@@ -2300,7 +2289,8 @@ static int vlv_modeset_calc_cdclk(struct + vlv_calc_voltage_level(dev_priv, cdclk); + + if (!intel_state->active_crtcs) { +- cdclk = vlv_calc_cdclk(dev_priv, 0); ++ cdclk = vlv_calc_cdclk(dev_priv, ++ intel_state->cdclk.force_min_cdclk); + + intel_state->cdclk.actual.cdclk = cdclk; + intel_state->cdclk.actual.voltage_level = +@@ -2333,7 +2323,7 @@ static int bdw_modeset_calc_cdclk(struct + bdw_calc_voltage_level(cdclk); + + if (!intel_state->active_crtcs) { +- cdclk = bdw_calc_cdclk(0); ++ cdclk = bdw_calc_cdclk(intel_state->cdclk.force_min_cdclk); + + intel_state->cdclk.actual.cdclk = cdclk; + intel_state->cdclk.actual.voltage_level = +@@ -2405,7 +2395,7 @@ static int skl_modeset_calc_cdclk(struct + skl_calc_voltage_level(cdclk); + + if (!intel_state->active_crtcs) { +- cdclk = skl_calc_cdclk(0, vco); ++ cdclk = skl_calc_cdclk(intel_state->cdclk.force_min_cdclk, vco); + + intel_state->cdclk.actual.vco = vco; + intel_state->cdclk.actual.cdclk = cdclk; +@@ -2444,10 +2434,10 @@ static int bxt_modeset_calc_cdclk(struct + + if (!intel_state->active_crtcs) { + if (IS_GEMINILAKE(dev_priv)) { +- cdclk = glk_calc_cdclk(0); ++ cdclk = glk_calc_cdclk(intel_state->cdclk.force_min_cdclk); + vco = glk_de_pll_vco(dev_priv, cdclk); + } else { +- cdclk = bxt_calc_cdclk(0); ++ cdclk = bxt_calc_cdclk(intel_state->cdclk.force_min_cdclk); + vco = bxt_de_pll_vco(dev_priv, cdclk); + } + +@@ -2483,7 +2473,7 @@ static int cnl_modeset_calc_cdclk(struct + cnl_compute_min_voltage_level(intel_state)); + + if (!intel_state->active_crtcs) { +- cdclk = cnl_calc_cdclk(0); ++ cdclk = cnl_calc_cdclk(intel_state->cdclk.force_min_cdclk); + vco = cnl_cdclk_pll_vco(dev_priv, cdclk); + + intel_state->cdclk.actual.vco = vco; +@@ -2519,7 +2509,7 @@ static int icl_modeset_calc_cdclk(struct + cnl_compute_min_voltage_level(intel_state)); + + if (!intel_state->active_crtcs) { +- cdclk = icl_calc_cdclk(0, ref); ++ cdclk = icl_calc_cdclk(intel_state->cdclk.force_min_cdclk, ref); + vco = icl_calc_cdclk_pll_vco(dev_priv, cdclk); + + intel_state->cdclk.actual.vco = vco; +--- a/drivers/gpu/drm/i915/intel_display.c ++++ b/drivers/gpu/drm/i915/intel_display.c +@@ -12770,6 +12770,11 @@ static int intel_modeset_checks(struct d + return -EINVAL; + } + ++ /* keep the current setting */ ++ if (!intel_state->cdclk.force_min_cdclk_changed) ++ intel_state->cdclk.force_min_cdclk = ++ dev_priv->cdclk.force_min_cdclk; ++ + intel_state->modeset = true; + intel_state->active_crtcs = dev_priv->active_crtcs; + intel_state->cdclk.logical = dev_priv->cdclk.logical; +@@ -12892,7 +12897,7 @@ static int intel_atomic_check(struct drm + struct drm_crtc *crtc; + struct drm_crtc_state *old_crtc_state, *crtc_state; + int ret, i; +- bool any_ms = false; ++ bool any_ms = intel_state->cdclk.force_min_cdclk_changed; + + /* Catch I915_MODE_FLAG_INHERITED */ + for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state, +@@ -13480,6 +13485,8 @@ static int intel_atomic_commit(struct dr + dev_priv->active_crtcs = intel_state->active_crtcs; + dev_priv->cdclk.logical = intel_state->cdclk.logical; + dev_priv->cdclk.actual = intel_state->cdclk.actual; ++ dev_priv->cdclk.force_min_cdclk = ++ intel_state->cdclk.force_min_cdclk; + } + + drm_atomic_state_get(state); +--- a/drivers/gpu/drm/i915/intel_drv.h ++++ b/drivers/gpu/drm/i915/intel_drv.h +@@ -480,6 +480,9 @@ struct intel_atomic_state { + * state only when all crtc's are DPMS off. + */ + struct intel_cdclk_state actual; ++ ++ int force_min_cdclk; ++ bool force_min_cdclk_changed; + } cdclk; + + bool dpll_set, modeset; diff --git a/queue-5.1/drm-i915-remove-redundant-store-of-logical-cdclk-state.patch b/queue-5.1/drm-i915-remove-redundant-store-of-logical-cdclk-state.patch new file mode 100644 index 00000000000..15d8bc7d581 --- /dev/null +++ b/queue-5.1/drm-i915-remove-redundant-store-of-logical-cdclk-state.patch @@ -0,0 +1,37 @@ +From 2b21dfbeee725778daed2c3dd45a3fc808176feb Mon Sep 17 00:00:00 2001 +From: Imre Deak +Date: Wed, 20 Mar 2019 15:54:38 +0200 +Subject: drm/i915: Remove redundant store of logical CDCLK state +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Imre Deak + +commit 2b21dfbeee725778daed2c3dd45a3fc808176feb upstream. + +We copied the original state into the atomic state already earlier in +the function, so no need to do it a second time. + +Cc: Ville Syrjälä +Signed-off-by: Imre Deak +Reviewed-by: Ville Syrjälä +Link: https://patchwork.freedesktop.org/patch/msgid/20190320135439.12201-3-imre.deak@intel.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jian-Hong Pan + +--- + drivers/gpu/drm/i915/intel_display.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/gpu/drm/i915/intel_display.c ++++ b/drivers/gpu/drm/i915/intel_display.c +@@ -12828,8 +12828,6 @@ static int intel_modeset_checks(struct d + DRM_DEBUG_KMS("New voltage level calculated to be logical %u, actual %u\n", + intel_state->cdclk.logical.voltage_level, + intel_state->cdclk.actual.voltage_level); +- } else { +- to_intel_atomic_state(state)->cdclk.logical = dev_priv->cdclk.logical; + } + + intel_modeset_clear_plls(state); diff --git a/queue-5.1/drm-i915-save-the-old-cdclk-atomic-state.patch b/queue-5.1/drm-i915-save-the-old-cdclk-atomic-state.patch new file mode 100644 index 00000000000..6151abce8ce --- /dev/null +++ b/queue-5.1/drm-i915-save-the-old-cdclk-atomic-state.patch @@ -0,0 +1,89 @@ +From 48d9f87ddd2108663fd866b254e05d422243cc56 Mon Sep 17 00:00:00 2001 +From: Imre Deak +Date: Wed, 20 Mar 2019 15:54:37 +0200 +Subject: drm/i915: Save the old CDCLK atomic state +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Imre Deak + +commit 48d9f87ddd2108663fd866b254e05d422243cc56 upstream. + +The old state will be needed by an upcoming patch to determine if the +commit increases or decreases CDCLK, so move the old state to the atomic +state (while keeping the new one in dev_priv). cdclk.logical and +cdclk.actual in the atomic state isn't used atm anywhere after the +atomic check phase, so this should be safe. + +v2: +- Use swap() instead of opencoding it. (Ville) + +Suggested-by: Ville Syrjälä +Cc: Ville Syrjälä +Signed-off-by: Imre Deak +Reviewed-by: Ville Syrjälä +Link: https://patchwork.freedesktop.org/patch/msgid/20190320135439.12201-2-imre.deak@intel.com +Signed-off-by: Jian-Hong Pan +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/i915/intel_cdclk.c | 20 ++++++++++++++++++++ + drivers/gpu/drm/i915/intel_display.c | 4 ++-- + drivers/gpu/drm/i915/intel_drv.h | 1 + + 3 files changed, 23 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/i915/intel_cdclk.c ++++ b/drivers/gpu/drm/i915/intel_cdclk.c +@@ -2100,6 +2100,26 @@ bool intel_cdclk_changed(const struct in + a->voltage_level != b->voltage_level; + } + ++/** ++ * intel_cdclk_swap_state - make atomic CDCLK configuration effective ++ * @state: atomic state ++ * ++ * This is the CDCLK version of drm_atomic_helper_swap_state() since the ++ * helper does not handle driver-specific global state. ++ * ++ * Similarly to the atomic helpers this function does a complete swap, ++ * i.e. it also puts the old state into @state. This is used by the commit ++ * code to determine how CDCLK has changed (for instance did it increase or ++ * decrease). ++ */ ++void intel_cdclk_swap_state(struct intel_atomic_state *state) ++{ ++ struct drm_i915_private *dev_priv = to_i915(state->base.dev); ++ ++ swap(state->cdclk.logical, dev_priv->cdclk.logical); ++ swap(state->cdclk.actual, dev_priv->cdclk.actual); ++} ++ + void intel_dump_cdclk_state(const struct intel_cdclk_state *cdclk_state, + const char *context) + { +--- a/drivers/gpu/drm/i915/intel_display.c ++++ b/drivers/gpu/drm/i915/intel_display.c +@@ -13483,10 +13483,10 @@ static int intel_atomic_commit(struct dr + intel_state->min_voltage_level, + sizeof(intel_state->min_voltage_level)); + dev_priv->active_crtcs = intel_state->active_crtcs; +- dev_priv->cdclk.logical = intel_state->cdclk.logical; +- dev_priv->cdclk.actual = intel_state->cdclk.actual; + dev_priv->cdclk.force_min_cdclk = + intel_state->cdclk.force_min_cdclk; ++ ++ intel_cdclk_swap_state(intel_state); + } + + drm_atomic_state_get(state); +--- a/drivers/gpu/drm/i915/intel_drv.h ++++ b/drivers/gpu/drm/i915/intel_drv.h +@@ -1597,6 +1597,7 @@ bool intel_cdclk_needs_modeset(const str + const struct intel_cdclk_state *b); + bool intel_cdclk_changed(const struct intel_cdclk_state *a, + const struct intel_cdclk_state *b); ++void intel_cdclk_swap_state(struct intel_atomic_state *state); + void intel_set_cdclk(struct drm_i915_private *dev_priv, + const struct intel_cdclk_state *cdclk_state); + void intel_dump_cdclk_state(const struct intel_cdclk_state *cdclk_state, diff --git a/queue-5.1/drm-i915-skip-modeset-for-cdclk-changes-if-possible.patch b/queue-5.1/drm-i915-skip-modeset-for-cdclk-changes-if-possible.patch new file mode 100644 index 00000000000..67d1e62df67 --- /dev/null +++ b/queue-5.1/drm-i915-skip-modeset-for-cdclk-changes-if-possible.patch @@ -0,0 +1,485 @@ +From 59f9e9cab3a1e6762fb707d0d829b982930f1349 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= +Date: Wed, 27 Mar 2019 12:13:21 +0200 +Subject: drm/i915: Skip modeset for cdclk changes if possible +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ville Syrjälä + +commit 59f9e9cab3a1e6762fb707d0d829b982930f1349 upstream. + +If we have only a single active pipe and the cdclk change only requires +the cd2x divider to be updated bxt+ can do the update with forcing a full +modeset on the pipe. Try to hook that up. + +v2: +- Wait for vblank after an optimized CDCLK change. +- Avoid optimization if the pipe needs a modeset (or was disabled). +- Split CDCLK change to a pre/post plane update step. +v3: +- Use correct version of CDCLK state as old state. (Ville) +- Remove unused intel_cdclk_can_skip_modeset() +v4: +- For consistency call intel_set_cdclk_post_plane_update() only during + modesets (and not fastsets). +v5: +- Remove the logic to update the CD2X divider on-the-fly on ICL, since + only a divider of 1 is supported there. Clint also noticed that the + pipe select bits in CDCLK_CTL are oddly defined on ICL, it's not clear + yet whether that's only an error in the specification. + +Signed-off-by: Ville Syrjälä +Signed-off-by: Abhay Kumar +Tested-by: Abhay Kumar +Signed-off-by: Imre Deak +Reviewed-by: Clint Taylor +Link: https://patchwork.freedesktop.org/patch/msgid/20190327101321.3095-1-imre.deak@intel.com +Signed-off-by: Jian-Hong Pan +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/i915/i915_drv.h | 3 + drivers/gpu/drm/i915/intel_cdclk.c | 135 +++++++++++++++++++++++++++-------- + drivers/gpu/drm/i915/intel_display.c | 42 ++++++++++ + drivers/gpu/drm/i915/intel_drv.h | 17 +++- + 4 files changed, 163 insertions(+), 34 deletions(-) + +--- a/drivers/gpu/drm/i915/i915_drv.h ++++ b/drivers/gpu/drm/i915/i915_drv.h +@@ -280,7 +280,8 @@ struct drm_i915_display_funcs { + void (*get_cdclk)(struct drm_i915_private *dev_priv, + struct intel_cdclk_state *cdclk_state); + void (*set_cdclk)(struct drm_i915_private *dev_priv, +- const struct intel_cdclk_state *cdclk_state); ++ const struct intel_cdclk_state *cdclk_state, ++ enum pipe pipe); + int (*get_fifo_size)(struct drm_i915_private *dev_priv, + enum i9xx_plane_id i9xx_plane); + int (*compute_pipe_wm)(struct intel_crtc_state *cstate); +--- a/drivers/gpu/drm/i915/intel_cdclk.c ++++ b/drivers/gpu/drm/i915/intel_cdclk.c +@@ -516,7 +516,8 @@ static void vlv_program_pfi_credits(stru + } + + static void vlv_set_cdclk(struct drm_i915_private *dev_priv, +- const struct intel_cdclk_state *cdclk_state) ++ const struct intel_cdclk_state *cdclk_state, ++ enum pipe pipe) + { + int cdclk = cdclk_state->cdclk; + u32 val, cmd = cdclk_state->voltage_level; +@@ -598,7 +599,8 @@ static void vlv_set_cdclk(struct drm_i91 + } + + static void chv_set_cdclk(struct drm_i915_private *dev_priv, +- const struct intel_cdclk_state *cdclk_state) ++ const struct intel_cdclk_state *cdclk_state, ++ enum pipe pipe) + { + int cdclk = cdclk_state->cdclk; + u32 val, cmd = cdclk_state->voltage_level; +@@ -697,7 +699,8 @@ static void bdw_get_cdclk(struct drm_i91 + } + + static void bdw_set_cdclk(struct drm_i915_private *dev_priv, +- const struct intel_cdclk_state *cdclk_state) ++ const struct intel_cdclk_state *cdclk_state, ++ enum pipe pipe) + { + int cdclk = cdclk_state->cdclk; + u32 val; +@@ -987,7 +990,8 @@ static void skl_dpll0_disable(struct drm + } + + static void skl_set_cdclk(struct drm_i915_private *dev_priv, +- const struct intel_cdclk_state *cdclk_state) ++ const struct intel_cdclk_state *cdclk_state, ++ enum pipe pipe) + { + int cdclk = cdclk_state->cdclk; + int vco = cdclk_state->vco; +@@ -1158,7 +1162,7 @@ void skl_init_cdclk(struct drm_i915_priv + cdclk_state.cdclk = skl_calc_cdclk(0, cdclk_state.vco); + cdclk_state.voltage_level = skl_calc_voltage_level(cdclk_state.cdclk); + +- skl_set_cdclk(dev_priv, &cdclk_state); ++ skl_set_cdclk(dev_priv, &cdclk_state, INVALID_PIPE); + } + + /** +@@ -1176,7 +1180,7 @@ void skl_uninit_cdclk(struct drm_i915_pr + cdclk_state.vco = 0; + cdclk_state.voltage_level = skl_calc_voltage_level(cdclk_state.cdclk); + +- skl_set_cdclk(dev_priv, &cdclk_state); ++ skl_set_cdclk(dev_priv, &cdclk_state, INVALID_PIPE); + } + + static int bxt_calc_cdclk(int min_cdclk) +@@ -1355,7 +1359,8 @@ static void bxt_de_pll_enable(struct drm + } + + static void bxt_set_cdclk(struct drm_i915_private *dev_priv, +- const struct intel_cdclk_state *cdclk_state) ++ const struct intel_cdclk_state *cdclk_state, ++ enum pipe pipe) + { + int cdclk = cdclk_state->cdclk; + int vco = cdclk_state->vco; +@@ -1408,11 +1413,10 @@ static void bxt_set_cdclk(struct drm_i91 + bxt_de_pll_enable(dev_priv, vco); + + val = divider | skl_cdclk_decimal(cdclk); +- /* +- * FIXME if only the cd2x divider needs changing, it could be done +- * without shutting off the pipe (if only one pipe is active). +- */ +- val |= BXT_CDCLK_CD2X_PIPE_NONE; ++ if (pipe == INVALID_PIPE) ++ val |= BXT_CDCLK_CD2X_PIPE_NONE; ++ else ++ val |= BXT_CDCLK_CD2X_PIPE(pipe); + /* + * Disable SSA Precharge when CD clock frequency < 500 MHz, + * enable otherwise. +@@ -1421,6 +1425,9 @@ static void bxt_set_cdclk(struct drm_i91 + val |= BXT_CDCLK_SSA_PRECHARGE_ENABLE; + I915_WRITE(CDCLK_CTL, val); + ++ if (pipe != INVALID_PIPE) ++ intel_wait_for_vblank(dev_priv, pipe); ++ + mutex_lock(&dev_priv->pcu_lock); + /* + * The timeout isn't specified, the 2ms used here is based on +@@ -1525,7 +1532,7 @@ void bxt_init_cdclk(struct drm_i915_priv + } + cdclk_state.voltage_level = bxt_calc_voltage_level(cdclk_state.cdclk); + +- bxt_set_cdclk(dev_priv, &cdclk_state); ++ bxt_set_cdclk(dev_priv, &cdclk_state, INVALID_PIPE); + } + + /** +@@ -1543,7 +1550,7 @@ void bxt_uninit_cdclk(struct drm_i915_pr + cdclk_state.vco = 0; + cdclk_state.voltage_level = bxt_calc_voltage_level(cdclk_state.cdclk); + +- bxt_set_cdclk(dev_priv, &cdclk_state); ++ bxt_set_cdclk(dev_priv, &cdclk_state, INVALID_PIPE); + } + + static int cnl_calc_cdclk(int min_cdclk) +@@ -1663,7 +1670,8 @@ static void cnl_cdclk_pll_enable(struct + } + + static void cnl_set_cdclk(struct drm_i915_private *dev_priv, +- const struct intel_cdclk_state *cdclk_state) ++ const struct intel_cdclk_state *cdclk_state, ++ enum pipe pipe) + { + int cdclk = cdclk_state->cdclk; + int vco = cdclk_state->vco; +@@ -1704,13 +1712,15 @@ static void cnl_set_cdclk(struct drm_i91 + cnl_cdclk_pll_enable(dev_priv, vco); + + val = divider | skl_cdclk_decimal(cdclk); +- /* +- * FIXME if only the cd2x divider needs changing, it could be done +- * without shutting off the pipe (if only one pipe is active). +- */ +- val |= BXT_CDCLK_CD2X_PIPE_NONE; ++ if (pipe == INVALID_PIPE) ++ val |= BXT_CDCLK_CD2X_PIPE_NONE; ++ else ++ val |= BXT_CDCLK_CD2X_PIPE(pipe); + I915_WRITE(CDCLK_CTL, val); + ++ if (pipe != INVALID_PIPE) ++ intel_wait_for_vblank(dev_priv, pipe); ++ + /* inform PCU of the change */ + mutex_lock(&dev_priv->pcu_lock); + sandybridge_pcode_write(dev_priv, SKL_PCODE_CDCLK_CONTROL, +@@ -1847,7 +1857,8 @@ static int icl_calc_cdclk_pll_vco(struct + } + + static void icl_set_cdclk(struct drm_i915_private *dev_priv, +- const struct intel_cdclk_state *cdclk_state) ++ const struct intel_cdclk_state *cdclk_state, ++ enum pipe pipe) + { + unsigned int cdclk = cdclk_state->cdclk; + unsigned int vco = cdclk_state->vco; +@@ -1872,6 +1883,11 @@ static void icl_set_cdclk(struct drm_i91 + if (dev_priv->cdclk.hw.vco != vco) + cnl_cdclk_pll_enable(dev_priv, vco); + ++ /* ++ * On ICL CD2X_DIV can only be 1, so we'll never end up changing the ++ * divider here synchronized to a pipe while CDCLK is on, nor will we ++ * need the corresponding vblank wait. ++ */ + I915_WRITE(CDCLK_CTL, ICL_CDCLK_CD2X_PIPE_NONE | + skl_cdclk_decimal(cdclk)); + +@@ -2002,7 +2018,7 @@ sanitize: + sanitized_state.voltage_level = + icl_calc_voltage_level(sanitized_state.cdclk); + +- icl_set_cdclk(dev_priv, &sanitized_state); ++ icl_set_cdclk(dev_priv, &sanitized_state, INVALID_PIPE); + } + + /** +@@ -2020,7 +2036,7 @@ void icl_uninit_cdclk(struct drm_i915_pr + cdclk_state.vco = 0; + cdclk_state.voltage_level = icl_calc_voltage_level(cdclk_state.cdclk); + +- icl_set_cdclk(dev_priv, &cdclk_state); ++ icl_set_cdclk(dev_priv, &cdclk_state, INVALID_PIPE); + } + + /** +@@ -2048,7 +2064,7 @@ void cnl_init_cdclk(struct drm_i915_priv + cdclk_state.vco = cnl_cdclk_pll_vco(dev_priv, cdclk_state.cdclk); + cdclk_state.voltage_level = cnl_calc_voltage_level(cdclk_state.cdclk); + +- cnl_set_cdclk(dev_priv, &cdclk_state); ++ cnl_set_cdclk(dev_priv, &cdclk_state, INVALID_PIPE); + } + + /** +@@ -2066,7 +2082,7 @@ void cnl_uninit_cdclk(struct drm_i915_pr + cdclk_state.vco = 0; + cdclk_state.voltage_level = cnl_calc_voltage_level(cdclk_state.cdclk); + +- cnl_set_cdclk(dev_priv, &cdclk_state); ++ cnl_set_cdclk(dev_priv, &cdclk_state, INVALID_PIPE); + } + + /** +@@ -2086,6 +2102,27 @@ bool intel_cdclk_needs_modeset(const str + } + + /** ++ * intel_cdclk_needs_cd2x_update - Determine if two CDCLK states require a cd2x divider update ++ * @a: first CDCLK state ++ * @b: second CDCLK state ++ * ++ * Returns: ++ * True if the CDCLK states require just a cd2x divider update, false if not. ++ */ ++bool intel_cdclk_needs_cd2x_update(struct drm_i915_private *dev_priv, ++ const struct intel_cdclk_state *a, ++ const struct intel_cdclk_state *b) ++{ ++ /* Older hw doesn't have the capability */ ++ if (INTEL_GEN(dev_priv) < 10 && !IS_GEN9_LP(dev_priv)) ++ return false; ++ ++ return a->cdclk != b->cdclk && ++ a->vco == b->vco && ++ a->ref == b->ref; ++} ++ ++/** + * intel_cdclk_changed - Determine if two CDCLK states are different + * @a: first CDCLK state + * @b: second CDCLK state +@@ -2133,12 +2170,14 @@ void intel_dump_cdclk_state(const struct + * intel_set_cdclk - Push the CDCLK state to the hardware + * @dev_priv: i915 device + * @cdclk_state: new CDCLK state ++ * @pipe: pipe with which to synchronize the update + * + * Program the hardware based on the passed in CDCLK state, + * if necessary. + */ +-void intel_set_cdclk(struct drm_i915_private *dev_priv, +- const struct intel_cdclk_state *cdclk_state) ++static void intel_set_cdclk(struct drm_i915_private *dev_priv, ++ const struct intel_cdclk_state *cdclk_state, ++ enum pipe pipe) + { + if (!intel_cdclk_changed(&dev_priv->cdclk.hw, cdclk_state)) + return; +@@ -2148,7 +2187,7 @@ void intel_set_cdclk(struct drm_i915_pri + + intel_dump_cdclk_state(cdclk_state, "Changing CDCLK to"); + +- dev_priv->display.set_cdclk(dev_priv, cdclk_state); ++ dev_priv->display.set_cdclk(dev_priv, cdclk_state, pipe); + + if (WARN(intel_cdclk_changed(&dev_priv->cdclk.hw, cdclk_state), + "cdclk state doesn't match!\n")) { +@@ -2157,6 +2196,46 @@ void intel_set_cdclk(struct drm_i915_pri + } + } + ++/** ++ * intel_set_cdclk_pre_plane_update - Push the CDCLK state to the hardware ++ * @dev_priv: i915 device ++ * @old_state: old CDCLK state ++ * @new_state: new CDCLK state ++ * @pipe: pipe with which to synchronize the update ++ * ++ * Program the hardware before updating the HW plane state based on the passed ++ * in CDCLK state, if necessary. ++ */ ++void ++intel_set_cdclk_pre_plane_update(struct drm_i915_private *dev_priv, ++ const struct intel_cdclk_state *old_state, ++ const struct intel_cdclk_state *new_state, ++ enum pipe pipe) ++{ ++ if (pipe == INVALID_PIPE || old_state->cdclk <= new_state->cdclk) ++ intel_set_cdclk(dev_priv, new_state, pipe); ++} ++ ++/** ++ * intel_set_cdclk_post_plane_update - Push the CDCLK state to the hardware ++ * @dev_priv: i915 device ++ * @old_state: old CDCLK state ++ * @new_state: new CDCLK state ++ * @pipe: pipe with which to synchronize the update ++ * ++ * Program the hardware after updating the HW plane state based on the passed ++ * in CDCLK state, if necessary. ++ */ ++void ++intel_set_cdclk_post_plane_update(struct drm_i915_private *dev_priv, ++ const struct intel_cdclk_state *old_state, ++ const struct intel_cdclk_state *new_state, ++ enum pipe pipe) ++{ ++ if (pipe != INVALID_PIPE && old_state->cdclk > new_state->cdclk) ++ intel_set_cdclk(dev_priv, new_state, pipe); ++} ++ + static int intel_pixel_rate_to_cdclk(struct drm_i915_private *dev_priv, + int pixel_rate) + { +--- a/drivers/gpu/drm/i915/intel_display.c ++++ b/drivers/gpu/drm/i915/intel_display.c +@@ -12779,6 +12779,7 @@ static int intel_modeset_checks(struct d + intel_state->active_crtcs = dev_priv->active_crtcs; + intel_state->cdclk.logical = dev_priv->cdclk.logical; + intel_state->cdclk.actual = dev_priv->cdclk.actual; ++ intel_state->cdclk.pipe = INVALID_PIPE; + + for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state, new_crtc_state, i) { + if (new_crtc_state->active) +@@ -12798,6 +12799,8 @@ static int intel_modeset_checks(struct d + * adjusted_mode bits in the crtc directly. + */ + if (dev_priv->display.modeset_calc_cdclk) { ++ enum pipe pipe; ++ + ret = dev_priv->display.modeset_calc_cdclk(state); + if (ret < 0) + return ret; +@@ -12814,12 +12817,36 @@ static int intel_modeset_checks(struct d + return ret; + } + ++ if (is_power_of_2(intel_state->active_crtcs)) { ++ struct drm_crtc *crtc; ++ struct drm_crtc_state *crtc_state; ++ ++ pipe = ilog2(intel_state->active_crtcs); ++ crtc = &intel_get_crtc_for_pipe(dev_priv, pipe)->base; ++ crtc_state = drm_atomic_get_new_crtc_state(state, crtc); ++ if (crtc_state && needs_modeset(crtc_state)) ++ pipe = INVALID_PIPE; ++ } else { ++ pipe = INVALID_PIPE; ++ } ++ + /* All pipes must be switched off while we change the cdclk. */ +- if (intel_cdclk_needs_modeset(&dev_priv->cdclk.actual, +- &intel_state->cdclk.actual)) { ++ if (pipe != INVALID_PIPE && ++ intel_cdclk_needs_cd2x_update(dev_priv, ++ &dev_priv->cdclk.actual, ++ &intel_state->cdclk.actual)) { ++ ret = intel_lock_all_pipes(state); ++ if (ret < 0) ++ return ret; ++ ++ intel_state->cdclk.pipe = pipe; ++ } else if (intel_cdclk_needs_modeset(&dev_priv->cdclk.actual, ++ &intel_state->cdclk.actual)) { + ret = intel_modeset_all_pipes(state); + if (ret < 0) + return ret; ++ ++ intel_state->cdclk.pipe = INVALID_PIPE; + } + + DRM_DEBUG_KMS("New cdclk calculated to be logical %u kHz, actual %u kHz\n", +@@ -13251,7 +13278,10 @@ static void intel_atomic_commit_tail(str + if (intel_state->modeset) { + drm_atomic_helper_update_legacy_modeset_state(state->dev, state); + +- intel_set_cdclk(dev_priv, &dev_priv->cdclk.actual); ++ intel_set_cdclk_pre_plane_update(dev_priv, ++ &intel_state->cdclk.actual, ++ &dev_priv->cdclk.actual, ++ intel_state->cdclk.pipe); + + /* + * SKL workaround: bspec recommends we disable the SAGV when we +@@ -13280,6 +13310,12 @@ static void intel_atomic_commit_tail(str + /* Now enable the clocks, plane, pipe, and connectors that we set up. */ + dev_priv->display.update_crtcs(state); + ++ if (intel_state->modeset) ++ intel_set_cdclk_post_plane_update(dev_priv, ++ &intel_state->cdclk.actual, ++ &dev_priv->cdclk.actual, ++ intel_state->cdclk.pipe); ++ + /* FIXME: We should call drm_atomic_helper_commit_hw_done() here + * already, but still need the state for the delayed optimization. To + * fix this: +--- a/drivers/gpu/drm/i915/intel_drv.h ++++ b/drivers/gpu/drm/i915/intel_drv.h +@@ -483,6 +483,8 @@ struct intel_atomic_state { + + int force_min_cdclk; + bool force_min_cdclk_changed; ++ /* pipe to which cd2x update is synchronized */ ++ enum pipe pipe; + } cdclk; + + bool dpll_set, modeset; +@@ -1593,13 +1595,24 @@ void intel_init_cdclk_hooks(struct drm_i + void intel_update_max_cdclk(struct drm_i915_private *dev_priv); + void intel_update_cdclk(struct drm_i915_private *dev_priv); + void intel_update_rawclk(struct drm_i915_private *dev_priv); ++bool intel_cdclk_needs_cd2x_update(struct drm_i915_private *dev_priv, ++ const struct intel_cdclk_state *a, ++ const struct intel_cdclk_state *b); + bool intel_cdclk_needs_modeset(const struct intel_cdclk_state *a, + const struct intel_cdclk_state *b); + bool intel_cdclk_changed(const struct intel_cdclk_state *a, + const struct intel_cdclk_state *b); + void intel_cdclk_swap_state(struct intel_atomic_state *state); +-void intel_set_cdclk(struct drm_i915_private *dev_priv, +- const struct intel_cdclk_state *cdclk_state); ++void ++intel_set_cdclk_pre_plane_update(struct drm_i915_private *dev_priv, ++ const struct intel_cdclk_state *old_state, ++ const struct intel_cdclk_state *new_state, ++ enum pipe pipe); ++void ++intel_set_cdclk_post_plane_update(struct drm_i915_private *dev_priv, ++ const struct intel_cdclk_state *old_state, ++ const struct intel_cdclk_state *new_state, ++ enum pipe pipe); + void intel_dump_cdclk_state(const struct intel_cdclk_state *cdclk_state, + const char *context); + diff --git a/queue-5.1/io_uring-ensure-req-file-is-cleared-on-allocation.patch b/queue-5.1/io_uring-ensure-req-file-is-cleared-on-allocation.patch new file mode 100644 index 00000000000..3cbfb836047 --- /dev/null +++ b/queue-5.1/io_uring-ensure-req-file-is-cleared-on-allocation.patch @@ -0,0 +1,114 @@ +From 60c112b0ada09826cc4ae6a4e55df677f76f1313 Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Fri, 21 Jun 2019 10:20:18 -0600 +Subject: io_uring: ensure req->file is cleared on allocation + +From: Jens Axboe + +commit 60c112b0ada09826cc4ae6a4e55df677f76f1313 upstream. + +Stephen reports: + +I hit the following General Protection Fault when testing io_uring via +the io_uring engine in fio. This was on a VM running 5.2-rc5 and the +latest version of fio. The issue occurs for both null_blk and fake NVMe +drives. I have not tested bare metal or real NVMe SSDs. The fio script +used is given below. + +[io_uring] +time_based=1 +runtime=60 +filename=/dev/nvme2n1 (note /dev/nullb0 also fails) +ioengine=io_uring +bs=4k +rw=readwrite +direct=1 +fixedbufs=1 +sqthread_poll=1 +sqthread_poll_cpu=0 + +general protection fault: 0000 [#1] SMP PTI +CPU: 0 PID: 872 Comm: io_uring-sq Not tainted 5.2.0-rc5-cpacket-io-uring #1 +Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 +RIP: 0010:fput_many+0x7/0x90 +Code: 01 48 85 ff 74 17 55 48 89 e5 53 48 8b 1f e8 a0 f9 ff ff 48 85 db 48 89 df 75 f0 5b 5d f3 c3 0f 1f 40 00 0f 1f 44 00 00 89 f6 48 29 77 38 74 01 c3 55 48 89 e5 53 48 89 fb 65 48 \ + +RSP: 0018:ffffadeb817ebc50 EFLAGS: 00010246 +RAX: 0000000000000004 RBX: ffff8f46ad477480 RCX: 0000000000001805 +RDX: 0000000000000000 RSI: 0000000000000001 RDI: f18b51b9a39552b5 +RBP: ffffadeb817ebc58 R08: ffff8f46b7a318c0 R09: 000000000000015d +R10: ffffadeb817ebce8 R11: 0000000000000020 R12: ffff8f46ad4cd000 +R13: 00000000fffffff7 R14: ffffadeb817ebe30 R15: 0000000000000004 +FS: 0000000000000000(0000) GS:ffff8f46b7a00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 000055828f0bbbf0 CR3: 0000000232176004 CR4: 00000000003606f0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + ? fput+0x13/0x20 + io_free_req+0x20/0x40 + io_put_req+0x1b/0x20 + io_submit_sqe+0x40a/0x680 + ? __switch_to_asm+0x34/0x70 + ? __switch_to_asm+0x40/0x70 + io_submit_sqes+0xb9/0x160 + ? io_submit_sqes+0xb9/0x160 + ? __switch_to_asm+0x40/0x70 + ? __switch_to_asm+0x34/0x70 + ? __schedule+0x3f2/0x6a0 + ? __switch_to_asm+0x34/0x70 + io_sq_thread+0x1af/0x470 + ? __switch_to_asm+0x34/0x70 + ? wait_woken+0x80/0x80 + ? __switch_to+0x85/0x410 + ? __switch_to_asm+0x40/0x70 + ? __switch_to_asm+0x34/0x70 + ? __schedule+0x3f2/0x6a0 + kthread+0x105/0x140 + ? io_submit_sqes+0x160/0x160 + ? kthread+0x105/0x140 + ? io_submit_sqes+0x160/0x160 + ? kthread_destroy_worker+0x50/0x50 + ret_from_fork+0x35/0x40 + +which occurs because using a kernel side submission thread isn't valid +without using fixed files (registered through io_uring_register()). This +causes io_uring to put the request after logging an error, but before +the file field is set in the request. If it happens to be non-zero, we +attempt to fput() garbage. + +Fix this by ensuring that req->file is initialized when the request is +allocated. + +Cc: stable@vger.kernel.org # 5.1+ +Reported-by: Stephen Bates +Tested-by: Stephen Bates +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + fs/io_uring.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -533,6 +533,7 @@ static struct io_kiocb *io_get_req(struc + state->cur_req++; + } + ++ req->file = NULL; + req->ctx = ctx; + req->flags = 0; + /* one is dropped after submission, the other at completion */ +@@ -1684,10 +1685,8 @@ static int io_req_set_file(struct io_rin + flags = READ_ONCE(s->sqe->flags); + fd = READ_ONCE(s->sqe->fd); + +- if (!io_op_needs_file(s->sqe)) { +- req->file = NULL; ++ if (!io_op_needs_file(s->sqe)) + return 0; +- } + + if (flags & IOSQE_FIXED_FILE) { + if (unlikely(!ctx->user_files || diff --git a/queue-5.1/mm-hugetlb-soft-offline-dissolve_free_huge_page-return-zero-on-pagehuge.patch b/queue-5.1/mm-hugetlb-soft-offline-dissolve_free_huge_page-return-zero-on-pagehuge.patch new file mode 100644 index 00000000000..b3e60a321a0 --- /dev/null +++ b/queue-5.1/mm-hugetlb-soft-offline-dissolve_free_huge_page-return-zero-on-pagehuge.patch @@ -0,0 +1,133 @@ +From faf53def3b143df11062d87c12afe6afeb6f8cc7 Mon Sep 17 00:00:00 2001 +From: Naoya Horiguchi +Date: Fri, 28 Jun 2019 12:06:56 -0700 +Subject: mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge + +From: Naoya Horiguchi + +commit faf53def3b143df11062d87c12afe6afeb6f8cc7 upstream. + +madvise(MADV_SOFT_OFFLINE) often returns -EBUSY when calling soft offline +for hugepages with overcommitting enabled. That was caused by the +suboptimal code in current soft-offline code. See the following part: + + ret = migrate_pages(&pagelist, new_page, NULL, MPOL_MF_MOVE_ALL, + MIGRATE_SYNC, MR_MEMORY_FAILURE); + if (ret) { + ... + } else { + /* + * We set PG_hwpoison only when the migration source hugepage + * was successfully dissolved, because otherwise hwpoisoned + * hugepage remains on free hugepage list, then userspace will + * find it as SIGBUS by allocation failure. That's not expected + * in soft-offlining. + */ + ret = dissolve_free_huge_page(page); + if (!ret) { + if (set_hwpoison_free_buddy_page(page)) + num_poisoned_pages_inc(); + } + } + return ret; + +Here dissolve_free_huge_page() returns -EBUSY if the migration source page +was freed into buddy in migrate_pages(), but even in that case we actually +has a chance that set_hwpoison_free_buddy_page() succeeds. So that means +current code gives up offlining too early now. + +dissolve_free_huge_page() checks that a given hugepage is suitable for +dissolving, where we should return success for !PageHuge() case because +the given hugepage is considered as already dissolved. + +This change also affects other callers of dissolve_free_huge_page(), which +are cleaned up together. + +[n-horiguchi@ah.jp.nec.com: v3] + Link: http://lkml.kernel.org/r/1560761476-4651-3-git-send-email-n-horiguchi@ah.jp.nec.comLink: http://lkml.kernel.org/r/1560154686-18497-3-git-send-email-n-horiguchi@ah.jp.nec.com +Fixes: 6bc9b56433b76 ("mm: fix race on soft-offlining") +Signed-off-by: Naoya Horiguchi +Reported-by: Chen, Jerry T +Tested-by: Chen, Jerry T +Reviewed-by: Mike Kravetz +Reviewed-by: Oscar Salvador +Cc: Michal Hocko +Cc: Xishi Qiu +Cc: "Chen, Jerry T" +Cc: "Zhuo, Qiuxu" +Cc: [4.19+] +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/hugetlb.c | 29 ++++++++++++++++++++--------- + mm/memory-failure.c | 5 +---- + 2 files changed, 21 insertions(+), 13 deletions(-) + +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -1491,16 +1491,29 @@ static int free_pool_huge_page(struct hs + + /* + * Dissolve a given free hugepage into free buddy pages. This function does +- * nothing for in-use (including surplus) hugepages. Returns -EBUSY if the +- * dissolution fails because a give page is not a free hugepage, or because +- * free hugepages are fully reserved. ++ * nothing for in-use hugepages and non-hugepages. ++ * This function returns values like below: ++ * ++ * -EBUSY: failed to dissolved free hugepages or the hugepage is in-use ++ * (allocated or reserved.) ++ * 0: successfully dissolved free hugepages or the page is not a ++ * hugepage (considered as already dissolved) + */ + int dissolve_free_huge_page(struct page *page) + { + int rc = -EBUSY; + ++ /* Not to disrupt normal path by vainly holding hugetlb_lock */ ++ if (!PageHuge(page)) ++ return 0; ++ + spin_lock(&hugetlb_lock); +- if (PageHuge(page) && !page_count(page)) { ++ if (!PageHuge(page)) { ++ rc = 0; ++ goto out; ++ } ++ ++ if (!page_count(page)) { + struct page *head = compound_head(page); + struct hstate *h = page_hstate(head); + int nid = page_to_nid(head); +@@ -1545,11 +1558,9 @@ int dissolve_free_huge_pages(unsigned lo + + for (pfn = start_pfn; pfn < end_pfn; pfn += 1 << minimum_order) { + page = pfn_to_page(pfn); +- if (PageHuge(page) && !page_count(page)) { +- rc = dissolve_free_huge_page(page); +- if (rc) +- break; +- } ++ rc = dissolve_free_huge_page(page); ++ if (rc) ++ break; + } + + return rc; +--- a/mm/memory-failure.c ++++ b/mm/memory-failure.c +@@ -1859,11 +1859,8 @@ static int soft_offline_in_use_page(stru + + static int soft_offline_free_page(struct page *page) + { +- int rc = 0; +- struct page *head = compound_head(page); ++ int rc = dissolve_free_huge_page(page); + +- if (PageHuge(head)) +- rc = dissolve_free_huge_page(page); + if (!rc) { + if (set_hwpoison_free_buddy_page(page)) + num_poisoned_pages_inc(); diff --git a/queue-5.1/mm-page_idle.c-fix-oops-because-end_pfn-is-larger-than-max_pfn.patch b/queue-5.1/mm-page_idle.c-fix-oops-because-end_pfn-is-larger-than-max_pfn.patch new file mode 100644 index 00000000000..ce1099463bd --- /dev/null +++ b/queue-5.1/mm-page_idle.c-fix-oops-because-end_pfn-is-larger-than-max_pfn.patch @@ -0,0 +1,85 @@ +From 7298e3b0a149c91323b3205d325e942c3b3b9ef6 Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Fri, 28 Jun 2019 12:07:05 -0700 +Subject: mm/page_idle.c: fix oops because end_pfn is larger than max_pfn + +From: Colin Ian King + +commit 7298e3b0a149c91323b3205d325e942c3b3b9ef6 upstream. + +Currently the calcuation of end_pfn can round up the pfn number to more +than the actual maximum number of pfns, causing an Oops. Fix this by +ensuring end_pfn is never more than max_pfn. + +This can be easily triggered when on systems where the end_pfn gets +rounded up to more than max_pfn using the idle-page stress-ng stress test: + +sudo stress-ng --idle-page 0 + + BUG: unable to handle kernel paging request at 00000000000020d8 + #PF error: [normal kernel read fault] + PGD 0 P4D 0 + Oops: 0000 [#1] SMP PTI + CPU: 1 PID: 11039 Comm: stress-ng-idle- Not tainted 5.0.0-5-generic #6-Ubuntu + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 + RIP: 0010:page_idle_get_page+0xc8/0x1a0 + Code: 0f b1 0a 75 7d 48 8b 03 48 89 c2 48 c1 e8 33 83 e0 07 48 c1 ea 36 48 8d 0c 40 4c 8d 24 88 49 c1 e4 07 4c 03 24 d5 00 89 c3 be <49> 8b 44 24 58 48 8d b8 80 a1 02 00 e8 07 d5 77 00 48 8b 53 08 48 + RSP: 0018:ffffafd7c672fde8 EFLAGS: 00010202 + RAX: 0000000000000005 RBX: ffffe36341fff700 RCX: 000000000000000f + RDX: 0000000000000284 RSI: 0000000000000275 RDI: 0000000001fff700 + RBP: ffffafd7c672fe00 R08: ffffa0bc34056410 R09: 0000000000000276 + R10: ffffa0bc754e9b40 R11: ffffa0bc330f6400 R12: 0000000000002080 + R13: ffffe36341fff700 R14: 0000000000080000 R15: ffffa0bc330f6400 + FS: 00007f0ec1ea5740(0000) GS:ffffa0bc7db00000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00000000000020d8 CR3: 0000000077d68000 CR4: 00000000000006e0 + Call Trace: + page_idle_bitmap_write+0x8c/0x140 + sysfs_kf_bin_write+0x5c/0x70 + kernfs_fop_write+0x12e/0x1b0 + __vfs_write+0x1b/0x40 + vfs_write+0xab/0x1b0 + ksys_write+0x55/0xc0 + __x64_sys_write+0x1a/0x20 + do_syscall_64+0x5a/0x110 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +Link: http://lkml.kernel.org/r/20190618124352.28307-1-colin.king@canonical.com +Fixes: 33c3fc71c8cf ("mm: introduce idle page tracking") +Signed-off-by: Colin Ian King +Reviewed-by: Andrew Morton +Acked-by: Vladimir Davydov +Cc: Michal Hocko +Cc: Mike Rapoport +Cc: Mel Gorman +Cc: Stephen Rothwell +Cc: Andrey Ryabinin +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/page_idle.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/mm/page_idle.c ++++ b/mm/page_idle.c +@@ -136,7 +136,7 @@ static ssize_t page_idle_bitmap_read(str + + end_pfn = pfn + count * BITS_PER_BYTE; + if (end_pfn > max_pfn) +- end_pfn = ALIGN(max_pfn, BITMAP_CHUNK_BITS); ++ end_pfn = max_pfn; + + for (; pfn < end_pfn; pfn++) { + bit = pfn % BITMAP_CHUNK_BITS; +@@ -181,7 +181,7 @@ static ssize_t page_idle_bitmap_write(st + + end_pfn = pfn + count * BITS_PER_BYTE; + if (end_pfn > max_pfn) +- end_pfn = ALIGN(max_pfn, BITMAP_CHUNK_BITS); ++ end_pfn = max_pfn; + + for (; pfn < end_pfn; pfn++) { + bit = pfn % BITMAP_CHUNK_BITS; diff --git a/queue-5.1/mm-soft-offline-return-ebusy-if-set_hwpoison_free_buddy_page-fails.patch b/queue-5.1/mm-soft-offline-return-ebusy-if-set_hwpoison_free_buddy_page-fails.patch new file mode 100644 index 00000000000..e12db143016 --- /dev/null +++ b/queue-5.1/mm-soft-offline-return-ebusy-if-set_hwpoison_free_buddy_page-fails.patch @@ -0,0 +1,47 @@ +From b38e5962f8ed0d2a2b28a887fc2221f7f41db119 Mon Sep 17 00:00:00 2001 +From: Naoya Horiguchi +Date: Fri, 28 Jun 2019 12:06:53 -0700 +Subject: mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails + +From: Naoya Horiguchi + +commit b38e5962f8ed0d2a2b28a887fc2221f7f41db119 upstream. + +The pass/fail of soft offline should be judged by checking whether the +raw error page was finally contained or not (i.e. the result of +set_hwpoison_free_buddy_page()), but current code do not work like +that. It might lead us to misjudge the test result when +set_hwpoison_free_buddy_page() fails. + +Without this fix, there are cases where madvise(MADV_SOFT_OFFLINE) may +not offline the original page and will not return an error. + +Link: http://lkml.kernel.org/r/1560154686-18497-2-git-send-email-n-horiguchi@ah.jp.nec.com +Signed-off-by: Naoya Horiguchi +Fixes: 6bc9b56433b76 ("mm: fix race on soft-offlining") +Reviewed-by: Mike Kravetz +Reviewed-by: Oscar Salvador +Cc: Michal Hocko +Cc: Xishi Qiu +Cc: "Chen, Jerry T" +Cc: "Zhuo, Qiuxu" +Cc: [4.19+] +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/memory-failure.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/mm/memory-failure.c ++++ b/mm/memory-failure.c +@@ -1733,6 +1733,8 @@ static int soft_offline_huge_page(struct + if (!ret) { + if (set_hwpoison_free_buddy_page(page)) + num_poisoned_pages_inc(); ++ else ++ ret = -EBUSY; + } + } + return ret; diff --git a/queue-5.1/mm-swap-fix-thp-swap-out.patch b/queue-5.1/mm-swap-fix-thp-swap-out.patch new file mode 100644 index 00000000000..5d61ea31641 --- /dev/null +++ b/queue-5.1/mm-swap-fix-thp-swap-out.patch @@ -0,0 +1,70 @@ +From 1a5f439c7c02837d943e528d46501564d4226757 Mon Sep 17 00:00:00 2001 +From: Huang Ying +Date: Fri, 28 Jun 2019 12:07:18 -0700 +Subject: mm, swap: fix THP swap out + +From: Huang Ying + +commit 1a5f439c7c02837d943e528d46501564d4226757 upstream. + +0-Day test system reported some OOM regressions for several THP +(Transparent Huge Page) swap test cases. These regressions are bisected +to 6861428921b5 ("block: always define BIO_MAX_PAGES as 256"). In the +commit, BIO_MAX_PAGES is set to 256 even when THP swap is enabled. So the +bio_alloc(gfp_flags, 512) in get_swap_bio() may fail when swapping out +THP. That causes the OOM. + +As in the patch description of 6861428921b5 ("block: always define +BIO_MAX_PAGES as 256"), THP swap should use multi-page bvec to write THP +to swap space. So the issue is fixed via doing that in get_swap_bio(). + +BTW: I remember I have checked the THP swap code when 6861428921b5 +("block: always define BIO_MAX_PAGES as 256") was merged, and thought the +THP swap code needn't to be changed. But apparently, I was wrong. I +should have done this at that time. + +Link: http://lkml.kernel.org/r/20190624075515.31040-1-ying.huang@intel.com +Fixes: 6861428921b5 ("block: always define BIO_MAX_PAGES as 256") +Signed-off-by: "Huang, Ying" +Reviewed-by: Ming Lei +Cc: Michal Hocko +Cc: Johannes Weiner +Cc: Hugh Dickins +Cc: Minchan Kim +Cc: Rik van Riel +Cc: Daniel Jordan +Cc: Jens Axboe +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/page_io.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +--- a/mm/page_io.c ++++ b/mm/page_io.c +@@ -29,10 +29,9 @@ + static struct bio *get_swap_bio(gfp_t gfp_flags, + struct page *page, bio_end_io_t end_io) + { +- int i, nr = hpage_nr_pages(page); + struct bio *bio; + +- bio = bio_alloc(gfp_flags, nr); ++ bio = bio_alloc(gfp_flags, 1); + if (bio) { + struct block_device *bdev; + +@@ -41,9 +40,7 @@ static struct bio *get_swap_bio(gfp_t gf + bio->bi_iter.bi_sector <<= PAGE_SHIFT - 9; + bio->bi_end_io = end_io; + +- for (i = 0; i < nr; i++) +- bio_add_page(bio, page + i, PAGE_SIZE, 0); +- VM_BUG_ON(bio->bi_iter.bi_size != PAGE_SIZE * nr); ++ bio_add_page(bio, page, PAGE_SIZE * hpage_nr_pages(page), 0); + } + return bio; + } diff --git a/queue-5.1/scsi-vmw_pscsi-fix-use-after-free-in-pvscsi_queue_lck.patch b/queue-5.1/scsi-vmw_pscsi-fix-use-after-free-in-pvscsi_queue_lck.patch new file mode 100644 index 00000000000..0cbc089bda7 --- /dev/null +++ b/queue-5.1/scsi-vmw_pscsi-fix-use-after-free-in-pvscsi_queue_lck.patch @@ -0,0 +1,52 @@ +From 240b4cc8fd5db138b675297d4226ec46594d9b3b Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Wed, 19 Jun 2019 09:05:41 +0200 +Subject: scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() + +From: Jan Kara + +commit 240b4cc8fd5db138b675297d4226ec46594d9b3b upstream. + +Once we unlock adapter->hw_lock in pvscsi_queue_lck() nothing prevents just +queued scsi_cmnd from completing and freeing the request. Thus cmd->cmnd[0] +dereference can dereference already freed request leading to kernel crashes +or other issues (which one of our customers observed). Store cmd->cmnd[0] +in a local variable before unlocking adapter->hw_lock to fix the issue. + +CC: +Signed-off-by: Jan Kara +Reviewed-by: Ewan D. Milne +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/vmw_pvscsi.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/vmw_pvscsi.c ++++ b/drivers/scsi/vmw_pvscsi.c +@@ -763,6 +763,7 @@ static int pvscsi_queue_lck(struct scsi_ + struct pvscsi_adapter *adapter = shost_priv(host); + struct pvscsi_ctx *ctx; + unsigned long flags; ++ unsigned char op; + + spin_lock_irqsave(&adapter->hw_lock, flags); + +@@ -775,13 +776,14 @@ static int pvscsi_queue_lck(struct scsi_ + } + + cmd->scsi_done = done; ++ op = cmd->cmnd[0]; + + dev_dbg(&cmd->device->sdev_gendev, +- "queued cmd %p, ctx %p, op=%x\n", cmd, ctx, cmd->cmnd[0]); ++ "queued cmd %p, ctx %p, op=%x\n", cmd, ctx, op); + + spin_unlock_irqrestore(&adapter->hw_lock, flags); + +- pvscsi_kick_io(adapter, cmd->cmnd[0]); ++ pvscsi_kick_io(adapter, op); + + return 0; + } diff --git a/queue-5.1/series b/queue-5.1/series index 634b74ec9c5..7d28dd57ba9 100644 --- a/queue-5.1/series +++ b/queue-5.1/series @@ -4,3 +4,17 @@ qmi_wwan-fix-out-of-bounds-read.patch fs-proc-array.c-allow-reporting-eip-esp-for-all-coredumping-threads.patch mm-mempolicy.c-fix-an-incorrect-rebind-node-in-mpol_rebind_nodemask.patch fs-binfmt_flat.c-make-load_flat_shared_library-work.patch +clk-tegra210-fix-default-rates-for-hda-clocks.patch +clk-socfpga-stratix10-fix-divider-entry-for-the-emac-clocks.patch +drm-i915-force-2-96-mhz-cdclk-on-glk-cnl-when-audio-power-is-enabled.patch +drm-i915-save-the-old-cdclk-atomic-state.patch +drm-i915-remove-redundant-store-of-logical-cdclk-state.patch +drm-i915-skip-modeset-for-cdclk-changes-if-possible.patch +mm-soft-offline-return-ebusy-if-set_hwpoison_free_buddy_page-fails.patch +mm-hugetlb-soft-offline-dissolve_free_huge_page-return-zero-on-pagehuge.patch +mm-page_idle.c-fix-oops-because-end_pfn-is-larger-than-max_pfn.patch +mm-swap-fix-thp-swap-out.patch +dm-init-fix-incorrect-uses-of-kstrndup.patch +dm-log-writes-make-sure-super-sector-log-updates-are-written-in-order.patch +io_uring-ensure-req-file-is-cleared-on-allocation.patch +scsi-vmw_pscsi-fix-use-after-free-in-pvscsi_queue_lck.patch