From: Greg Kroah-Hartman Date: Mon, 23 Jul 2018 07:58:03 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.4.144~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=309bd8deb7a389c3b5d917a0b52fc25fba74d2e6;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: alpha-fix-osf_wait4-breakage.patch cxl_getfile-fix-double-iput-on-alloc_file-failures.patch powerpc-powernv-fix-save-restore-of-sprg3-on-entry-exit-from-stop-idle.patch xhci-fix-perceived-dead-host-due-to-runtime-suspend-race-with-event-handler.patch --- diff --git a/queue-4.14/alpha-fix-osf_wait4-breakage.patch b/queue-4.14/alpha-fix-osf_wait4-breakage.patch new file mode 100644 index 00000000000..671377406a0 --- /dev/null +++ b/queue-4.14/alpha-fix-osf_wait4-breakage.patch @@ -0,0 +1,54 @@ +From f88a333b44318643282b8acc92af90deda441f5e Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sun, 22 Jul 2018 15:07:11 +0100 +Subject: alpha: fix osf_wait4() breakage + +From: Al Viro + +commit f88a333b44318643282b8acc92af90deda441f5e upstream. + +kernel_wait4() expects a userland address for status - it's only +rusage that goes as a kernel one (and needs a copyout afterwards) + +[ Also, fix the prototype of kernel_wait4() to have that __user + annotation - Linus ] + +Fixes: 92ebce5ac55d ("osf_wait4: switch to kernel_wait4()") +Cc: stable@kernel.org # v4.13+ +Signed-off-by: Al Viro +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + arch/alpha/kernel/osf_sys.c | 5 +---- + include/linux/sched/task.h | 2 +- + 2 files changed, 2 insertions(+), 5 deletions(-) + +--- a/arch/alpha/kernel/osf_sys.c ++++ b/arch/alpha/kernel/osf_sys.c +@@ -1183,13 +1183,10 @@ SYSCALL_DEFINE2(osf_getrusage, int, who, + SYSCALL_DEFINE4(osf_wait4, pid_t, pid, int __user *, ustatus, int, options, + struct rusage32 __user *, ur) + { +- unsigned int status = 0; + struct rusage r; +- long err = kernel_wait4(pid, &status, options, &r); ++ long err = kernel_wait4(pid, ustatus, options, &r); + if (err <= 0) + return err; +- if (put_user(status, ustatus)) +- return -EFAULT; + if (!ur) + return err; + if (put_tv32(&ur->ru_utime, &r.ru_utime)) +--- a/include/linux/sched/task.h ++++ b/include/linux/sched/task.h +@@ -75,7 +75,7 @@ extern long _do_fork(unsigned long, unsi + extern long do_fork(unsigned long, unsigned long, unsigned long, int __user *, int __user *); + struct task_struct *fork_idle(int); + extern pid_t kernel_thread(int (*fn)(void *), void *arg, unsigned long flags); +-extern long kernel_wait4(pid_t, int *, int, struct rusage *); ++extern long kernel_wait4(pid_t, int __user *, int, struct rusage *); + + extern void free_task(struct task_struct *tsk); + diff --git a/queue-4.14/cxl_getfile-fix-double-iput-on-alloc_file-failures.patch b/queue-4.14/cxl_getfile-fix-double-iput-on-alloc_file-failures.patch new file mode 100644 index 00000000000..c982db73c93 --- /dev/null +++ b/queue-4.14/cxl_getfile-fix-double-iput-on-alloc_file-failures.patch @@ -0,0 +1,42 @@ +From d202797f480c0e5918e7642d6716cdc62b3ab5c9 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sat, 9 Jun 2018 09:43:13 -0400 +Subject: cxl_getfile(): fix double-iput() on alloc_file() failures + +From: Al Viro + +commit d202797f480c0e5918e7642d6716cdc62b3ab5c9 upstream. + +Doing iput() after path_put() is wrong. + +Cc: stable@vger.kernel.org +Acked-by: Linus Torvalds +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/misc/cxl/api.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/misc/cxl/api.c ++++ b/drivers/misc/cxl/api.c +@@ -102,15 +102,15 @@ static struct file *cxl_getfile(const ch + d_instantiate(path.dentry, inode); + + file = alloc_file(&path, OPEN_FMODE(flags), fops); +- if (IS_ERR(file)) +- goto err_dput; ++ if (IS_ERR(file)) { ++ path_put(&path); ++ goto err_fs; ++ } + file->f_flags = flags & (O_ACCMODE | O_NONBLOCK); + file->private_data = priv; + + return file; + +-err_dput: +- path_put(&path); + err_inode: + iput(inode); + err_fs: diff --git a/queue-4.14/powerpc-powernv-fix-save-restore-of-sprg3-on-entry-exit-from-stop-idle.patch b/queue-4.14/powerpc-powernv-fix-save-restore-of-sprg3-on-entry-exit-from-stop-idle.patch new file mode 100644 index 00000000000..1addf795b52 --- /dev/null +++ b/queue-4.14/powerpc-powernv-fix-save-restore-of-sprg3-on-entry-exit-from-stop-idle.patch @@ -0,0 +1,47 @@ +From b03897cf318dfc47de33a7ecbc7655584266f034 Mon Sep 17 00:00:00 2001 +From: "Gautham R. Shenoy" +Date: Wed, 18 Jul 2018 14:03:16 +0530 +Subject: powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) + +From: Gautham R. Shenoy + +commit b03897cf318dfc47de33a7ecbc7655584266f034 upstream. + +On 64-bit servers, SPRN_SPRG3 and its userspace read-only mirror +SPRN_USPRG3 are used as userspace VDSO write and read registers +respectively. + +SPRN_SPRG3 is lost when we enter stop4 and above, and is currently not +restored. As a result, any read from SPRN_USPRG3 returns zero on an +exit from stop4 (Power9 only) and above. + +Thus in this situation, on POWER9, any call from sched_getcpu() always +returns zero, as on powerpc, we call __kernel_getcpu() which relies +upon SPRN_USPRG3 to report the CPU and NUMA node information. + +Fix this by restoring SPRN_SPRG3 on wake up from a deep stop state +with the sprg_vdso value that is cached in PACA. + +Fixes: e1c1cfed5432 ("powerpc/powernv: Save/Restore additional SPRs for stop4 cpuidle") +Cc: stable@vger.kernel.org # v4.14+ +Reported-by: Florian Weimer +Signed-off-by: Gautham R. Shenoy +Reviewed-by: Michael Ellerman +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/idle_book3s.S | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/powerpc/kernel/idle_book3s.S ++++ b/arch/powerpc/kernel/idle_book3s.S +@@ -140,6 +140,8 @@ power9_restore_additional_sprs: + ld r4, STOP_MMCR2(r13) + mtspr SPRN_MMCR1, r3 + mtspr SPRN_MMCR2, r4 ++ ld r4, PACA_SPRG_VDSO(r13) ++ mtspr SPRN_SPRG3, r4 + blr + + /* diff --git a/queue-4.14/series b/queue-4.14/series index 3f30c83f308..f8c523e8b9d 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -38,3 +38,7 @@ net-mlx4_en-don-t-reuse-rx-page-when-xdp-is-set.patch net-systemport-fix-crc-forwarding-check-for-systemport-lite.patch ipv6-make-dad-fail-with-enhanced-dad-when-nonce-length-differs.patch net-usb-asix-replace-mii_nway_restart-in-resume-path.patch +alpha-fix-osf_wait4-breakage.patch +cxl_getfile-fix-double-iput-on-alloc_file-failures.patch +powerpc-powernv-fix-save-restore-of-sprg3-on-entry-exit-from-stop-idle.patch +xhci-fix-perceived-dead-host-due-to-runtime-suspend-race-with-event-handler.patch diff --git a/queue-4.14/xhci-fix-perceived-dead-host-due-to-runtime-suspend-race-with-event-handler.patch b/queue-4.14/xhci-fix-perceived-dead-host-due-to-runtime-suspend-race-with-event-handler.patch new file mode 100644 index 00000000000..673f93692e7 --- /dev/null +++ b/queue-4.14/xhci-fix-perceived-dead-host-due-to-runtime-suspend-race-with-event-handler.patch @@ -0,0 +1,123 @@ +From 229bc19fd7aca4f37964af06e3583c1c8f36b5d6 Mon Sep 17 00:00:00 2001 +From: Mathias Nyman +Date: Thu, 21 Jun 2018 16:19:41 +0300 +Subject: xhci: Fix perceived dead host due to runtime suspend race with event handler + +From: Mathias Nyman + +commit 229bc19fd7aca4f37964af06e3583c1c8f36b5d6 upstream. + +Don't rely on event interrupt (EINT) bit alone to detect pending port +change in resume. If no change event is detected the host may be suspended +again, oterwise roothubs are resumed. + +There is a lag in xHC setting EINT. If we don't notice the pending change +in resume, and the controller is runtime suspeded again, it causes the +event handler to assume host is dead as it will fail to read xHC registers +once PCI puts the controller to D3 state. + +[ 268.520969] xhci_hcd: xhci_resume: starting port polling. +[ 268.520985] xhci_hcd: xhci_hub_status_data: stopping port polling. +[ 268.521030] xhci_hcd: xhci_suspend: stopping port polling. +[ 268.521040] xhci_hcd: // Setting command ring address to 0x349bd001 +[ 268.521139] xhci_hcd: Port Status Change Event for port 3 +[ 268.521149] xhci_hcd: resume root hub +[ 268.521163] xhci_hcd: port resume event for port 3 +[ 268.521168] xhci_hcd: xHC is not running. +[ 268.521174] xhci_hcd: handle_port_status: starting port polling. +[ 268.596322] xhci_hcd: xhci_hc_died: xHCI host controller not responding, assume dead + +The EINT lag is described in a additional note in xhci specs 4.19.2: + +"Due to internal xHC scheduling and system delays, there will be a lag +between a change bit being set and the Port Status Change Event that it +generated being written to the Event Ring. If SW reads the PORTSC and +sees a change bit set, there is no guarantee that the corresponding Port +Status Change Event has already been written into the Event Ring." + +Cc: +Signed-off-by: Mathias Nyman +Signed-off-by: Kai-Heng Feng +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/host/xhci.c | 40 +++++++++++++++++++++++++++++++++++++--- + drivers/usb/host/xhci.h | 4 ++++ + 2 files changed, 41 insertions(+), 3 deletions(-) + +--- a/drivers/usb/host/xhci.c ++++ b/drivers/usb/host/xhci.c +@@ -856,6 +856,41 @@ static void xhci_disable_port_wake_on_bi + spin_unlock_irqrestore(&xhci->lock, flags); + } + ++static bool xhci_pending_portevent(struct xhci_hcd *xhci) ++{ ++ __le32 __iomem **port_array; ++ int port_index; ++ u32 status; ++ u32 portsc; ++ ++ status = readl(&xhci->op_regs->status); ++ if (status & STS_EINT) ++ return true; ++ /* ++ * Checking STS_EINT is not enough as there is a lag between a change ++ * bit being set and the Port Status Change Event that it generated ++ * being written to the Event Ring. See note in xhci 1.1 section 4.19.2. ++ */ ++ ++ port_index = xhci->num_usb2_ports; ++ port_array = xhci->usb2_ports; ++ while (port_index--) { ++ portsc = readl(port_array[port_index]); ++ if (portsc & PORT_CHANGE_MASK || ++ (portsc & PORT_PLS_MASK) == XDEV_RESUME) ++ return true; ++ } ++ port_index = xhci->num_usb3_ports; ++ port_array = xhci->usb3_ports; ++ while (port_index--) { ++ portsc = readl(port_array[port_index]); ++ if (portsc & PORT_CHANGE_MASK || ++ (portsc & PORT_PLS_MASK) == XDEV_RESUME) ++ return true; ++ } ++ return false; ++} ++ + /* + * Stop HC (not bus-specific) + * +@@ -955,7 +990,7 @@ EXPORT_SYMBOL_GPL(xhci_suspend); + */ + int xhci_resume(struct xhci_hcd *xhci, bool hibernated) + { +- u32 command, temp = 0, status; ++ u32 command, temp = 0; + struct usb_hcd *hcd = xhci_to_hcd(xhci); + struct usb_hcd *secondary_hcd; + int retval = 0; +@@ -1077,8 +1112,7 @@ int xhci_resume(struct xhci_hcd *xhci, b + done: + if (retval == 0) { + /* Resume root hubs only when have pending events. */ +- status = readl(&xhci->op_regs->status); +- if (status & STS_EINT) { ++ if (xhci_pending_portevent(xhci)) { + usb_hcd_resume_root_hub(xhci->shared_hcd); + usb_hcd_resume_root_hub(hcd); + } +--- a/drivers/usb/host/xhci.h ++++ b/drivers/usb/host/xhci.h +@@ -392,6 +392,10 @@ struct xhci_op_regs { + #define PORT_PLC (1 << 22) + /* port configure error change - port failed to configure its link partner */ + #define PORT_CEC (1 << 23) ++#define PORT_CHANGE_MASK (PORT_CSC | PORT_PEC | PORT_WRC | PORT_OCC | \ ++ PORT_RC | PORT_PLC | PORT_CEC) ++ ++ + /* Cold Attach Status - xHC can set this bit to report device attached during + * Sx state. Warm port reset should be perfomed to clear this bit and move port + * to connected state.