From: Greg Kroah-Hartman Date: Thu, 6 Dec 2018 11:32:11 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v4.19.8~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43e435e4bc4098a8cb34d54e0ae0346e74db7335;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: arc-add-support-of-nfsv3-acl.patch arc-change-defconfig-defaults-to-arcv2.patch btrfs-always-try-all-copies-when-reading-extent-buffers.patch btrfs-fix-use-after-free-when-dumping-free-space.patch input-elan_i2c-add-acpi-id-for-lenovo-ideapad-330-15arr.patch input-elan_i2c-add-elan0620-to-the-acpi-table.patch input-elan_i2c-add-support-for-elan0621-touchpad.patch input-matrix_keypad-check-for-errors-from-of_get_named_gpio.patch input-xpad-quirk-all-pdp-xbox-one-gamepads.patch kgdboc-fix-warning-with-module-build.patch mm-cleancache-fix-corruption-on-missed-inode-invalidation.patch mm-mlock-avoid-increase-mm-locked_vm-on-mlock-when-already-mlock2-mlock_onfault.patch --- diff --git a/queue-4.4/arc-add-support-of-nfsv3-acl.patch b/queue-4.4/arc-add-support-of-nfsv3-acl.patch new file mode 100644 index 00000000000..a1865669ac1 --- /dev/null +++ b/queue-4.4/arc-add-support-of-nfsv3-acl.patch @@ -0,0 +1,111 @@ +From 6b04114f6fae5e84d33404c2970b1949c032546e Mon Sep 17 00:00:00 2001 +From: Alexey Brodkin +Date: Tue, 20 Nov 2018 13:30:19 +0300 +Subject: arc: [devboards] Add support of NFSv3 ACL + +From: Alexey Brodkin + +commit 6b04114f6fae5e84d33404c2970b1949c032546e upstream. + +By default NFSv3 doesn't support ACL (Access Control Lists) +which might be quite convenient to have so that +mounted NFS behaves exactly as any other local file-system. + +In particular missing support of ACL makes umask useless. +This among other thigs fixes Glibc's "nptl/tst-umask1". + +Signed-off-by: Alexey Brodkin +Cc: Cupertino Miranda +Cc: stable@vger.kernel.org #4.14+ +Signed-off-by: Vineet Gupta +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arc/configs/axs101_defconfig | 1 + + arch/arc/configs/axs103_defconfig | 1 + + arch/arc/configs/axs103_smp_defconfig | 1 + + arch/arc/configs/nsimosci_defconfig | 1 + + arch/arc/configs/nsimosci_hs_defconfig | 1 + + arch/arc/configs/nsimosci_hs_smp_defconfig | 1 + + arch/arc/configs/vdk_hs38_defconfig | 1 + + arch/arc/configs/vdk_hs38_smp_defconfig | 1 + + 8 files changed, 8 insertions(+) + +--- a/arch/arc/configs/axs101_defconfig ++++ b/arch/arc/configs/axs101_defconfig +@@ -98,6 +98,7 @@ CONFIG_NTFS_FS=y + CONFIG_TMPFS=y + CONFIG_JFFS2_FS=y + CONFIG_NFS_FS=y ++CONFIG_NFS_V3_ACL=y + CONFIG_NLS_CODEPAGE_437=y + CONFIG_NLS_ISO8859_1=y + # CONFIG_ENABLE_WARN_DEPRECATED is not set +--- a/arch/arc/configs/axs103_defconfig ++++ b/arch/arc/configs/axs103_defconfig +@@ -103,6 +103,7 @@ CONFIG_NTFS_FS=y + CONFIG_TMPFS=y + CONFIG_JFFS2_FS=y + CONFIG_NFS_FS=y ++CONFIG_NFS_V3_ACL=y + CONFIG_NLS_CODEPAGE_437=y + CONFIG_NLS_ISO8859_1=y + # CONFIG_ENABLE_WARN_DEPRECATED is not set +--- a/arch/arc/configs/axs103_smp_defconfig ++++ b/arch/arc/configs/axs103_smp_defconfig +@@ -104,6 +104,7 @@ CONFIG_NTFS_FS=y + CONFIG_TMPFS=y + CONFIG_JFFS2_FS=y + CONFIG_NFS_FS=y ++CONFIG_NFS_V3_ACL=y + CONFIG_NLS_CODEPAGE_437=y + CONFIG_NLS_ISO8859_1=y + # CONFIG_ENABLE_WARN_DEPRECATED is not set +--- a/arch/arc/configs/nsimosci_defconfig ++++ b/arch/arc/configs/nsimosci_defconfig +@@ -70,5 +70,6 @@ CONFIG_EXT2_FS_XATTR=y + CONFIG_TMPFS=y + # CONFIG_MISC_FILESYSTEMS is not set + CONFIG_NFS_FS=y ++CONFIG_NFS_V3_ACL=y + # CONFIG_ENABLE_WARN_DEPRECATED is not set + # CONFIG_ENABLE_MUST_CHECK is not set +--- a/arch/arc/configs/nsimosci_hs_defconfig ++++ b/arch/arc/configs/nsimosci_hs_defconfig +@@ -69,5 +69,6 @@ CONFIG_EXT2_FS_XATTR=y + CONFIG_TMPFS=y + # CONFIG_MISC_FILESYSTEMS is not set + CONFIG_NFS_FS=y ++CONFIG_NFS_V3_ACL=y + # CONFIG_ENABLE_WARN_DEPRECATED is not set + # CONFIG_ENABLE_MUST_CHECK is not set +--- a/arch/arc/configs/nsimosci_hs_smp_defconfig ++++ b/arch/arc/configs/nsimosci_hs_smp_defconfig +@@ -88,6 +88,7 @@ CONFIG_EXT2_FS_XATTR=y + CONFIG_TMPFS=y + # CONFIG_MISC_FILESYSTEMS is not set + CONFIG_NFS_FS=y ++CONFIG_NFS_V3_ACL=y + # CONFIG_ENABLE_WARN_DEPRECATED is not set + # CONFIG_ENABLE_MUST_CHECK is not set + CONFIG_FTRACE=y +--- a/arch/arc/configs/vdk_hs38_defconfig ++++ b/arch/arc/configs/vdk_hs38_defconfig +@@ -89,6 +89,7 @@ CONFIG_NTFS_FS=y + CONFIG_TMPFS=y + CONFIG_JFFS2_FS=y + CONFIG_NFS_FS=y ++CONFIG_NFS_V3_ACL=y + CONFIG_NLS_CODEPAGE_437=y + CONFIG_NLS_ISO8859_1=y + # CONFIG_ENABLE_WARN_DEPRECATED is not set +--- a/arch/arc/configs/vdk_hs38_smp_defconfig ++++ b/arch/arc/configs/vdk_hs38_smp_defconfig +@@ -91,6 +91,7 @@ CONFIG_NTFS_FS=y + CONFIG_TMPFS=y + CONFIG_JFFS2_FS=y + CONFIG_NFS_FS=y ++CONFIG_NFS_V3_ACL=y + CONFIG_NLS_CODEPAGE_437=y + CONFIG_NLS_ISO8859_1=y + # CONFIG_ENABLE_WARN_DEPRECATED is not set diff --git a/queue-4.4/arc-change-defconfig-defaults-to-arcv2.patch b/queue-4.4/arc-change-defconfig-defaults-to-arcv2.patch new file mode 100644 index 00000000000..135687e89ca --- /dev/null +++ b/queue-4.4/arc-change-defconfig-defaults-to-arcv2.patch @@ -0,0 +1,98 @@ +From b7cc40c32a8bfa6f2581a71747f6a7d491fe43ba Mon Sep 17 00:00:00 2001 +From: Kevin Hilman +Date: Fri, 30 Nov 2018 15:51:56 +0300 +Subject: ARC: change defconfig defaults to ARCv2 + +From: Kevin Hilman + +commit b7cc40c32a8bfa6f2581a71747f6a7d491fe43ba upstream. + +Change the default defconfig (used with 'make defconfig') to the ARCv2 +nsim_hs_defconfig, and also switch the default Kconfig ISA selection to +ARCv2. + +This allows several default defconfigs (e.g. make defconfig, make +allnoconfig, make tinyconfig) to all work with ARCv2 by default. + +Note since we change default architecture from ARCompact to ARCv2 +it's required to explicitly mention architecture type in ARCompact +defconfigs otherwise ARCv2 will be implied and binaries will be +generated for ARCv2. + +Cc: # 4.4.x +Signed-off-by: Kevin Hilman +Signed-off-by: Alexey Brodkin +Signed-off-by: Vineet Gupta +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arc/Kconfig | 2 +- + arch/arc/Makefile | 2 +- + arch/arc/configs/axs101_defconfig | 1 + + arch/arc/configs/nsim_700_defconfig | 1 + + arch/arc/configs/nsimosci_defconfig | 1 + + arch/arc/configs/tb10x_defconfig | 1 + + 6 files changed, 6 insertions(+), 2 deletions(-) + +--- a/arch/arc/Kconfig ++++ b/arch/arc/Kconfig +@@ -96,7 +96,7 @@ endmenu + + choice + prompt "ARC Instruction Set" +- default ISA_ARCOMPACT ++ default ISA_ARCV2 + + config ISA_ARCOMPACT + bool "ARCompact ISA" +--- a/arch/arc/Makefile ++++ b/arch/arc/Makefile +@@ -12,7 +12,7 @@ ifeq ($(CROSS_COMPILE),) + CROSS_COMPILE := arc-linux- + endif + +-KBUILD_DEFCONFIG := nsim_700_defconfig ++KBUILD_DEFCONFIG := nsim_hs_defconfig + + cflags-y += -fno-common -pipe -fno-builtin -mmedium-calls -D__linux__ + cflags-$(CONFIG_ISA_ARCOMPACT) += -mA7 +--- a/arch/arc/configs/axs101_defconfig ++++ b/arch/arc/configs/axs101_defconfig +@@ -17,6 +17,7 @@ CONFIG_PERF_EVENTS=y + # CONFIG_VM_EVENT_COUNTERS is not set + # CONFIG_SLUB_DEBUG is not set + # CONFIG_COMPAT_BRK is not set ++CONFIG_ISA_ARCOMPACT=y + CONFIG_MODULES=y + CONFIG_PARTITION_ADVANCED=y + CONFIG_ARC_PLAT_AXS10X=y +--- a/arch/arc/configs/nsim_700_defconfig ++++ b/arch/arc/configs/nsim_700_defconfig +@@ -16,6 +16,7 @@ CONFIG_KALLSYMS_ALL=y + CONFIG_EMBEDDED=y + # CONFIG_SLUB_DEBUG is not set + # CONFIG_COMPAT_BRK is not set ++CONFIG_ISA_ARCOMPACT=y + CONFIG_KPROBES=y + CONFIG_MODULES=y + # CONFIG_LBDAF is not set +--- a/arch/arc/configs/nsimosci_defconfig ++++ b/arch/arc/configs/nsimosci_defconfig +@@ -17,6 +17,7 @@ CONFIG_KALLSYMS_ALL=y + CONFIG_EMBEDDED=y + # CONFIG_SLUB_DEBUG is not set + # CONFIG_COMPAT_BRK is not set ++CONFIG_ISA_ARCOMPACT=y + CONFIG_KPROBES=y + CONFIG_MODULES=y + # CONFIG_LBDAF is not set +--- a/arch/arc/configs/tb10x_defconfig ++++ b/arch/arc/configs/tb10x_defconfig +@@ -19,6 +19,7 @@ CONFIG_KALLSYMS_ALL=y + # CONFIG_AIO is not set + CONFIG_EMBEDDED=y + # CONFIG_COMPAT_BRK is not set ++CONFIG_ISA_ARCOMPACT=y + CONFIG_SLAB=y + CONFIG_MODULES=y + CONFIG_MODULE_FORCE_LOAD=y diff --git a/queue-4.4/btrfs-always-try-all-copies-when-reading-extent-buffers.patch b/queue-4.4/btrfs-always-try-all-copies-when-reading-extent-buffers.patch new file mode 100644 index 00000000000..23441e58be5 --- /dev/null +++ b/queue-4.4/btrfs-always-try-all-copies-when-reading-extent-buffers.patch @@ -0,0 +1,77 @@ +From f8397d69daef06d358430d3054662fb597e37c00 Mon Sep 17 00:00:00 2001 +From: Nikolay Borisov +Date: Tue, 6 Nov 2018 16:40:20 +0200 +Subject: btrfs: Always try all copies when reading extent buffers + +From: Nikolay Borisov + +commit f8397d69daef06d358430d3054662fb597e37c00 upstream. + +When a metadata read is served the endio routine btree_readpage_end_io_hook +is called which eventually runs the tree-checker. If tree-checker fails +to validate the read eb then it sets EXTENT_BUFFER_CORRUPT flag. This +leads to btree_read_extent_buffer_pages wrongly assuming that all +available copies of this extent buffer are wrong and failing prematurely. +Fix this modify btree_read_extent_buffer_pages to read all copies of +the data. + +This failure was exhibitted in xfstests btrfs/124 which would +spuriously fail its balance operations. The reason was that when balance +was run following re-introduction of the missing raid1 disk +__btrfs_map_block would map the read request to stripe 0, which +corresponded to devid 2 (the disk which is being removed in the test): + + item 2 key (FIRST_CHUNK_TREE CHUNK_ITEM 3553624064) itemoff 15975 itemsize 112 + length 1073741824 owner 2 stripe_len 65536 type DATA|RAID1 + io_align 65536 io_width 65536 sector_size 4096 + num_stripes 2 sub_stripes 1 + stripe 0 devid 2 offset 2156920832 + dev_uuid 8466c350-ed0c-4c3b-b17d-6379b445d5c8 + stripe 1 devid 1 offset 3553624064 + dev_uuid 1265d8db-5596-477e-af03-df08eb38d2ca + +This caused read requests for a checksum item that to be routed to the +stale disk which triggered the aforementioned logic involving +EXTENT_BUFFER_CORRUPT flag. This then triggered cascading failures of +the balance operation. + +Fixes: a826d6dcb32d ("Btrfs: check items for correctness as we search") +CC: stable@vger.kernel.org # 4.4+ +Suggested-by: Qu Wenruo +Reviewed-by: Qu Wenruo +Signed-off-by: Nikolay Borisov +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/disk-io.c | 10 +--------- + 1 file changed, 1 insertion(+), 9 deletions(-) + +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -445,9 +445,9 @@ static int btree_read_extent_buffer_page + int mirror_num = 0; + int failed_mirror = 0; + +- clear_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags); + io_tree = &BTRFS_I(root->fs_info->btree_inode)->io_tree; + while (1) { ++ clear_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags); + ret = read_extent_buffer_pages(io_tree, eb, start, + WAIT_COMPLETE, + btree_get_extent, mirror_num); +@@ -459,14 +459,6 @@ static int btree_read_extent_buffer_page + ret = -EIO; + } + +- /* +- * This buffer's crc is fine, but its contents are corrupted, so +- * there is no reason to read the other copies, they won't be +- * any less wrong. +- */ +- if (test_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags)) +- break; +- + num_copies = btrfs_num_copies(root->fs_info, + eb->start, eb->len); + if (num_copies == 1) diff --git a/queue-4.4/btrfs-fix-use-after-free-when-dumping-free-space.patch b/queue-4.4/btrfs-fix-use-after-free-when-dumping-free-space.patch new file mode 100644 index 00000000000..990b2027341 --- /dev/null +++ b/queue-4.4/btrfs-fix-use-after-free-when-dumping-free-space.patch @@ -0,0 +1,222 @@ +From 9084cb6a24bf5838a665af92ded1af8363f9e563 Mon Sep 17 00:00:00 2001 +From: Filipe Manana +Date: Mon, 22 Oct 2018 10:43:06 +0100 +Subject: Btrfs: fix use-after-free when dumping free space + +From: Filipe Manana + +commit 9084cb6a24bf5838a665af92ded1af8363f9e563 upstream. + +We were iterating a block group's free space cache rbtree without locking +first the lock that protects it (the free_space_ctl->free_space_offset +rbtree is protected by the free_space_ctl->tree_lock spinlock). + +KASAN reported an use-after-free problem when iterating such a rbtree due +to a concurrent rbtree delete: + +[ 9520.359168] ================================================================== +[ 9520.359656] BUG: KASAN: use-after-free in rb_next+0x13/0x90 +[ 9520.359949] Read of size 8 at addr ffff8800b7ada500 by task btrfs-transacti/1721 +[ 9520.360357] +[ 9520.360530] CPU: 4 PID: 1721 Comm: btrfs-transacti Tainted: G L 4.19.0-rc8-nbor #555 +[ 9520.360990] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 +[ 9520.362682] Call Trace: +[ 9520.362887] dump_stack+0xa4/0xf5 +[ 9520.363146] print_address_description+0x78/0x280 +[ 9520.363412] kasan_report+0x263/0x390 +[ 9520.363650] ? rb_next+0x13/0x90 +[ 9520.363873] __asan_load8+0x54/0x90 +[ 9520.364102] rb_next+0x13/0x90 +[ 9520.364380] btrfs_dump_free_space+0x146/0x160 [btrfs] +[ 9520.364697] dump_space_info+0x2cd/0x310 [btrfs] +[ 9520.364997] btrfs_reserve_extent+0x1ee/0x1f0 [btrfs] +[ 9520.365310] __btrfs_prealloc_file_range+0x1cc/0x620 [btrfs] +[ 9520.365646] ? btrfs_update_time+0x180/0x180 [btrfs] +[ 9520.365923] ? _raw_spin_unlock+0x27/0x40 +[ 9520.366204] ? btrfs_alloc_data_chunk_ondemand+0x2c0/0x5c0 [btrfs] +[ 9520.366549] btrfs_prealloc_file_range_trans+0x23/0x30 [btrfs] +[ 9520.366880] cache_save_setup+0x42e/0x580 [btrfs] +[ 9520.367220] ? btrfs_check_data_free_space+0xd0/0xd0 [btrfs] +[ 9520.367518] ? lock_downgrade+0x2f0/0x2f0 +[ 9520.367799] ? btrfs_write_dirty_block_groups+0x11f/0x6e0 [btrfs] +[ 9520.368104] ? kasan_check_read+0x11/0x20 +[ 9520.368349] ? do_raw_spin_unlock+0xa8/0x140 +[ 9520.368638] btrfs_write_dirty_block_groups+0x2af/0x6e0 [btrfs] +[ 9520.368978] ? btrfs_start_dirty_block_groups+0x870/0x870 [btrfs] +[ 9520.369282] ? do_raw_spin_unlock+0xa8/0x140 +[ 9520.369534] ? _raw_spin_unlock+0x27/0x40 +[ 9520.369811] ? btrfs_run_delayed_refs+0x1b8/0x230 [btrfs] +[ 9520.370137] commit_cowonly_roots+0x4b9/0x610 [btrfs] +[ 9520.370560] ? commit_fs_roots+0x350/0x350 [btrfs] +[ 9520.370926] ? btrfs_run_delayed_refs+0x1b8/0x230 [btrfs] +[ 9520.371285] btrfs_commit_transaction+0x5e5/0x10e0 [btrfs] +[ 9520.371612] ? btrfs_apply_pending_changes+0x90/0x90 [btrfs] +[ 9520.371943] ? start_transaction+0x168/0x6c0 [btrfs] +[ 9520.372257] transaction_kthread+0x21c/0x240 [btrfs] +[ 9520.372537] kthread+0x1d2/0x1f0 +[ 9520.372793] ? btrfs_cleanup_transaction+0xb50/0xb50 [btrfs] +[ 9520.373090] ? kthread_park+0xb0/0xb0 +[ 9520.373329] ret_from_fork+0x3a/0x50 +[ 9520.373567] +[ 9520.373738] Allocated by task 1804: +[ 9520.373974] kasan_kmalloc+0xff/0x180 +[ 9520.374208] kasan_slab_alloc+0x11/0x20 +[ 9520.374447] kmem_cache_alloc+0xfc/0x2d0 +[ 9520.374731] __btrfs_add_free_space+0x40/0x580 [btrfs] +[ 9520.375044] unpin_extent_range+0x4f7/0x7a0 [btrfs] +[ 9520.375383] btrfs_finish_extent_commit+0x15f/0x4d0 [btrfs] +[ 9520.375707] btrfs_commit_transaction+0xb06/0x10e0 [btrfs] +[ 9520.376027] btrfs_alloc_data_chunk_ondemand+0x237/0x5c0 [btrfs] +[ 9520.376365] btrfs_check_data_free_space+0x81/0xd0 [btrfs] +[ 9520.376689] btrfs_delalloc_reserve_space+0x25/0x80 [btrfs] +[ 9520.377018] btrfs_direct_IO+0x42e/0x6d0 [btrfs] +[ 9520.377284] generic_file_direct_write+0x11e/0x220 +[ 9520.377587] btrfs_file_write_iter+0x472/0xac0 [btrfs] +[ 9520.377875] aio_write+0x25c/0x360 +[ 9520.378106] io_submit_one+0xaa0/0xdc0 +[ 9520.378343] __se_sys_io_submit+0xfa/0x2f0 +[ 9520.378589] __x64_sys_io_submit+0x43/0x50 +[ 9520.378840] do_syscall_64+0x7d/0x240 +[ 9520.379081] entry_SYSCALL_64_after_hwframe+0x49/0xbe +[ 9520.379387] +[ 9520.379557] Freed by task 1802: +[ 9520.379782] __kasan_slab_free+0x173/0x260 +[ 9520.380028] kasan_slab_free+0xe/0x10 +[ 9520.380262] kmem_cache_free+0xc1/0x2c0 +[ 9520.380544] btrfs_find_space_for_alloc+0x4cd/0x4e0 [btrfs] +[ 9520.380866] find_free_extent+0xa99/0x17e0 [btrfs] +[ 9520.381166] btrfs_reserve_extent+0xd5/0x1f0 [btrfs] +[ 9520.381474] btrfs_get_blocks_direct+0x60b/0xbd0 [btrfs] +[ 9520.381761] __blockdev_direct_IO+0x10ee/0x58a1 +[ 9520.382059] btrfs_direct_IO+0x25a/0x6d0 [btrfs] +[ 9520.382321] generic_file_direct_write+0x11e/0x220 +[ 9520.382623] btrfs_file_write_iter+0x472/0xac0 [btrfs] +[ 9520.382904] aio_write+0x25c/0x360 +[ 9520.383172] io_submit_one+0xaa0/0xdc0 +[ 9520.383416] __se_sys_io_submit+0xfa/0x2f0 +[ 9520.383678] __x64_sys_io_submit+0x43/0x50 +[ 9520.383927] do_syscall_64+0x7d/0x240 +[ 9520.384165] entry_SYSCALL_64_after_hwframe+0x49/0xbe +[ 9520.384439] +[ 9520.384610] The buggy address belongs to the object at ffff8800b7ada500 + which belongs to the cache btrfs_free_space of size 72 +[ 9520.385175] The buggy address is located 0 bytes inside of + 72-byte region [ffff8800b7ada500, ffff8800b7ada548) +[ 9520.385691] The buggy address belongs to the page: +[ 9520.385957] page:ffffea0002deb680 count:1 mapcount:0 mapping:ffff880108a1d700 index:0x0 compound_mapcount: 0 +[ 9520.388030] flags: 0x8100(slab|head) +[ 9520.388281] raw: 0000000000008100 ffffea0002deb608 ffffea0002728808 ffff880108a1d700 +[ 9520.388722] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000 +[ 9520.389169] page dumped because: kasan: bad access detected +[ 9520.389473] +[ 9520.389658] Memory state around the buggy address: +[ 9520.389943] ffff8800b7ada400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc +[ 9520.390368] ffff8800b7ada480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc +[ 9520.390796] >ffff8800b7ada500: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc +[ 9520.391223] ^ +[ 9520.391461] ffff8800b7ada580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc +[ 9520.391885] ffff8800b7ada600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc +[ 9520.392313] ================================================================== +[ 9520.392772] BTRFS critical (device vdc): entry offset 2258497536, bytes 131072, bitmap no +[ 9520.393247] BUG: unable to handle kernel NULL pointer dereference at 0000000000000011 +[ 9520.393705] PGD 800000010dbab067 P4D 800000010dbab067 PUD 107551067 PMD 0 +[ 9520.394059] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI +[ 9520.394378] CPU: 4 PID: 1721 Comm: btrfs-transacti Tainted: G B L 4.19.0-rc8-nbor #555 +[ 9520.394858] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 +[ 9520.395350] RIP: 0010:rb_next+0x3c/0x90 +[ 9520.396461] RSP: 0018:ffff8801074ff780 EFLAGS: 00010292 +[ 9520.396762] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81b5ac4c +[ 9520.397115] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000011 +[ 9520.397468] RBP: ffff8801074ff7a0 R08: ffffed0021d64ccc R09: ffffed0021d64ccc +[ 9520.397821] R10: 0000000000000001 R11: ffffed0021d64ccb R12: ffff8800b91e0000 +[ 9520.398188] R13: ffff8800a3ceba48 R14: ffff8800b627bf80 R15: 0000000000020000 +[ 9520.398555] FS: 0000000000000000(0000) GS:ffff88010eb00000(0000) knlGS:0000000000000000 +[ 9520.399007] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 9520.399335] CR2: 0000000000000011 CR3: 0000000106b52000 CR4: 00000000000006a0 +[ 9520.399679] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 9520.400023] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 9520.400400] Call Trace: +[ 9520.400648] btrfs_dump_free_space+0x146/0x160 [btrfs] +[ 9520.400974] dump_space_info+0x2cd/0x310 [btrfs] +[ 9520.401287] btrfs_reserve_extent+0x1ee/0x1f0 [btrfs] +[ 9520.401609] __btrfs_prealloc_file_range+0x1cc/0x620 [btrfs] +[ 9520.401952] ? btrfs_update_time+0x180/0x180 [btrfs] +[ 9520.402232] ? _raw_spin_unlock+0x27/0x40 +[ 9520.402522] ? btrfs_alloc_data_chunk_ondemand+0x2c0/0x5c0 [btrfs] +[ 9520.402882] btrfs_prealloc_file_range_trans+0x23/0x30 [btrfs] +[ 9520.403261] cache_save_setup+0x42e/0x580 [btrfs] +[ 9520.403570] ? btrfs_check_data_free_space+0xd0/0xd0 [btrfs] +[ 9520.403871] ? lock_downgrade+0x2f0/0x2f0 +[ 9520.404161] ? btrfs_write_dirty_block_groups+0x11f/0x6e0 [btrfs] +[ 9520.404481] ? kasan_check_read+0x11/0x20 +[ 9520.404732] ? do_raw_spin_unlock+0xa8/0x140 +[ 9520.405026] btrfs_write_dirty_block_groups+0x2af/0x6e0 [btrfs] +[ 9520.405375] ? btrfs_start_dirty_block_groups+0x870/0x870 [btrfs] +[ 9520.405694] ? do_raw_spin_unlock+0xa8/0x140 +[ 9520.405958] ? _raw_spin_unlock+0x27/0x40 +[ 9520.406243] ? btrfs_run_delayed_refs+0x1b8/0x230 [btrfs] +[ 9520.406574] commit_cowonly_roots+0x4b9/0x610 [btrfs] +[ 9520.406899] ? commit_fs_roots+0x350/0x350 [btrfs] +[ 9520.407253] ? btrfs_run_delayed_refs+0x1b8/0x230 [btrfs] +[ 9520.407589] btrfs_commit_transaction+0x5e5/0x10e0 [btrfs] +[ 9520.407925] ? btrfs_apply_pending_changes+0x90/0x90 [btrfs] +[ 9520.408262] ? start_transaction+0x168/0x6c0 [btrfs] +[ 9520.408582] transaction_kthread+0x21c/0x240 [btrfs] +[ 9520.408870] kthread+0x1d2/0x1f0 +[ 9520.409138] ? btrfs_cleanup_transaction+0xb50/0xb50 [btrfs] +[ 9520.409440] ? kthread_park+0xb0/0xb0 +[ 9520.409682] ret_from_fork+0x3a/0x50 +[ 9520.410508] Dumping ftrace buffer: +[ 9520.410764] (ftrace buffer empty) +[ 9520.411007] CR2: 0000000000000011 +[ 9520.411297] ---[ end trace 01a0863445cf360a ]--- +[ 9520.411568] RIP: 0010:rb_next+0x3c/0x90 +[ 9520.412644] RSP: 0018:ffff8801074ff780 EFLAGS: 00010292 +[ 9520.412932] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81b5ac4c +[ 9520.413274] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000011 +[ 9520.413616] RBP: ffff8801074ff7a0 R08: ffffed0021d64ccc R09: ffffed0021d64ccc +[ 9520.414007] R10: 0000000000000001 R11: ffffed0021d64ccb R12: ffff8800b91e0000 +[ 9520.414349] R13: ffff8800a3ceba48 R14: ffff8800b627bf80 R15: 0000000000020000 +[ 9520.416074] FS: 0000000000000000(0000) GS:ffff88010eb00000(0000) knlGS:0000000000000000 +[ 9520.416536] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 9520.416848] CR2: 0000000000000011 CR3: 0000000106b52000 CR4: 00000000000006a0 +[ 9520.418477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 9520.418846] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 9520.419204] Kernel panic - not syncing: Fatal exception +[ 9520.419666] Dumping ftrace buffer: +[ 9520.419930] (ftrace buffer empty) +[ 9520.420168] Kernel Offset: disabled +[ 9520.420406] ---[ end Kernel panic - not syncing: Fatal exception ]--- + +Fix this by acquiring the respective lock before iterating the rbtree. + +Reported-by: Nikolay Borisov +CC: stable@vger.kernel.org # 4.4+ +Reviewed-by: Josef Bacik +Signed-off-by: Filipe Manana +Signed-off-by: David Sterba +Cc: Nikolay Borisov +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/free-space-cache.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/btrfs/free-space-cache.c ++++ b/fs/btrfs/free-space-cache.c +@@ -2469,6 +2469,7 @@ void btrfs_dump_free_space(struct btrfs_ + struct rb_node *n; + int count = 0; + ++ spin_lock(&ctl->tree_lock); + for (n = rb_first(&ctl->free_space_offset); n; n = rb_next(n)) { + info = rb_entry(n, struct btrfs_free_space, offset_index); + if (info->bytes >= bytes && !block_group->ro) +@@ -2478,6 +2479,7 @@ void btrfs_dump_free_space(struct btrfs_ + info->offset, info->bytes, + (info->bitmap) ? "yes" : "no"); + } ++ spin_unlock(&ctl->tree_lock); + btrfs_info(block_group->fs_info, "block group has cluster?: %s", + list_empty(&block_group->cluster_list) ? "no" : "yes"); + btrfs_info(block_group->fs_info, diff --git a/queue-4.4/input-elan_i2c-add-acpi-id-for-lenovo-ideapad-330-15arr.patch b/queue-4.4/input-elan_i2c-add-acpi-id-for-lenovo-ideapad-330-15arr.patch new file mode 100644 index 00000000000..886499f658d --- /dev/null +++ b/queue-4.4/input-elan_i2c-add-acpi-id-for-lenovo-ideapad-330-15arr.patch @@ -0,0 +1,31 @@ +From ad33429cd02565c28404bb16ae7a4c2bdfda6626 Mon Sep 17 00:00:00 2001 +From: Noah Westervelt +Date: Thu, 29 Nov 2018 10:10:35 -0800 +Subject: Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR + +From: Noah Westervelt + +commit ad33429cd02565c28404bb16ae7a4c2bdfda6626 upstream. + +Add ELAN061E to the ACPI table to support Elan touchpad found in Lenovo +IdeaPad 330-15ARR. + +Signed-off-by: Noah Westervelt +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/elan_i2c_core.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/input/mouse/elan_i2c_core.c ++++ b/drivers/input/mouse/elan_i2c_core.c +@@ -1253,6 +1253,7 @@ static const struct acpi_device_id elan_ + { "ELAN0618", 0 }, + { "ELAN061C", 0 }, + { "ELAN061D", 0 }, ++ { "ELAN061E", 0 }, + { "ELAN0620", 0 }, + { "ELAN0622", 0 }, + { "ELAN1000", 0 }, diff --git a/queue-4.4/input-elan_i2c-add-elan0620-to-the-acpi-table.patch b/queue-4.4/input-elan_i2c-add-elan0620-to-the-acpi-table.patch new file mode 100644 index 00000000000..0817837c638 --- /dev/null +++ b/queue-4.4/input-elan_i2c-add-elan0620-to-the-acpi-table.patch @@ -0,0 +1,31 @@ +From 3ed64da3b790be7c63601e8ca6341b7dff74a660 Mon Sep 17 00:00:00 2001 +From: Patrick Gaskin +Date: Mon, 12 Nov 2018 11:12:24 -0800 +Subject: Input: elan_i2c - add ELAN0620 to the ACPI table + +From: Patrick Gaskin + +commit 3ed64da3b790be7c63601e8ca6341b7dff74a660 upstream. + +Add ELAN0620 to the ACPI table to support the elan touchpad in +the Lenovo IdeaPad 130-15IKB. + +Signed-off-by: Patrick Gaskin +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/elan_i2c_core.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/input/mouse/elan_i2c_core.c ++++ b/drivers/input/mouse/elan_i2c_core.c +@@ -1253,6 +1253,7 @@ static const struct acpi_device_id elan_ + { "ELAN0618", 0 }, + { "ELAN061C", 0 }, + { "ELAN061D", 0 }, ++ { "ELAN0620", 0 }, + { "ELAN0622", 0 }, + { "ELAN1000", 0 }, + { } diff --git a/queue-4.4/input-elan_i2c-add-support-for-elan0621-touchpad.patch b/queue-4.4/input-elan_i2c-add-support-for-elan0621-touchpad.patch new file mode 100644 index 00000000000..3500324e54a --- /dev/null +++ b/queue-4.4/input-elan_i2c-add-support-for-elan0621-touchpad.patch @@ -0,0 +1,31 @@ +From bf87ade0dd7f8cf19dac4d3161d5e86abe0c062b Mon Sep 17 00:00:00 2001 +From: Adam Wong +Date: Thu, 29 Nov 2018 10:04:35 -0800 +Subject: Input: elan_i2c - add support for ELAN0621 touchpad + +From: Adam Wong + +commit bf87ade0dd7f8cf19dac4d3161d5e86abe0c062b upstream. + +Added the ability to detect the ELAN0621 touchpad found in some Lenovo +laptops. + +Signed-off-by: Adam Wong +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/elan_i2c_core.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/input/mouse/elan_i2c_core.c ++++ b/drivers/input/mouse/elan_i2c_core.c +@@ -1255,6 +1255,7 @@ static const struct acpi_device_id elan_ + { "ELAN061D", 0 }, + { "ELAN061E", 0 }, + { "ELAN0620", 0 }, ++ { "ELAN0621", 0 }, + { "ELAN0622", 0 }, + { "ELAN1000", 0 }, + { } diff --git a/queue-4.4/input-matrix_keypad-check-for-errors-from-of_get_named_gpio.patch b/queue-4.4/input-matrix_keypad-check-for-errors-from-of_get_named_gpio.patch new file mode 100644 index 00000000000..0c7fec759dd --- /dev/null +++ b/queue-4.4/input-matrix_keypad-check-for-errors-from-of_get_named_gpio.patch @@ -0,0 +1,91 @@ +From d55bda1b3e7c5a87f10da54fdda866a9a9cef30b Mon Sep 17 00:00:00 2001 +From: Christian Hoff +Date: Mon, 12 Nov 2018 11:11:29 -0800 +Subject: Input: matrix_keypad - check for errors from of_get_named_gpio() + +From: Christian Hoff + +commit d55bda1b3e7c5a87f10da54fdda866a9a9cef30b upstream. + +"of_get_named_gpio()" returns a negative error value if it fails +and drivers should check for this. This missing check was now +added to the matrix_keypad driver. + +In my case "of_get_named_gpio()" returned -EPROBE_DEFER because +the referenced GPIOs belong to an I/O expander, which was not yet +probed at the point in time when the matrix_keypad driver was +loading. Because the driver did not check for errors from the +"of_get_named_gpio()" routine, it was assuming that "-EPROBE_DEFER" +is actually a GPIO number and continued as usual, which led to further +errors like this later on: + +WARNING: CPU: 3 PID: 167 at drivers/gpio/gpiolib.c:114 +gpio_to_desc+0xc8/0xd0 +invalid GPIO -517 + +Note that the "GPIO number" -517 in the error message above is +actually "-EPROBE_DEFER". + +As part of the patch a misleading error message "no platform data defined" +was also removed. This does not lead to information loss because the other +error paths in matrix_keypad_parse_dt() already print an error. + +Signed-off-by: Christian Hoff +Suggested-by: Sebastian Reichel +Reviewed-by: Sebastian Reichel +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/keyboard/matrix_keypad.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +--- a/drivers/input/keyboard/matrix_keypad.c ++++ b/drivers/input/keyboard/matrix_keypad.c +@@ -405,7 +405,7 @@ matrix_keypad_parse_dt(struct device *de + struct matrix_keypad_platform_data *pdata; + struct device_node *np = dev->of_node; + unsigned int *gpios; +- int i, nrow, ncol; ++ int ret, i, nrow, ncol; + + if (!np) { + dev_err(dev, "device lacks DT data\n"); +@@ -447,12 +447,19 @@ matrix_keypad_parse_dt(struct device *de + return ERR_PTR(-ENOMEM); + } + +- for (i = 0; i < pdata->num_row_gpios; i++) +- gpios[i] = of_get_named_gpio(np, "row-gpios", i); ++ for (i = 0; i < nrow; i++) { ++ ret = of_get_named_gpio(np, "row-gpios", i); ++ if (ret < 0) ++ return ERR_PTR(ret); ++ gpios[i] = ret; ++ } + +- for (i = 0; i < pdata->num_col_gpios; i++) +- gpios[pdata->num_row_gpios + i] = +- of_get_named_gpio(np, "col-gpios", i); ++ for (i = 0; i < ncol; i++) { ++ ret = of_get_named_gpio(np, "col-gpios", i); ++ if (ret < 0) ++ return ERR_PTR(ret); ++ gpios[nrow + i] = ret; ++ } + + pdata->row_gpios = gpios; + pdata->col_gpios = &gpios[pdata->num_row_gpios]; +@@ -479,10 +486,8 @@ static int matrix_keypad_probe(struct pl + pdata = dev_get_platdata(&pdev->dev); + if (!pdata) { + pdata = matrix_keypad_parse_dt(&pdev->dev); +- if (IS_ERR(pdata)) { +- dev_err(&pdev->dev, "no platform data defined\n"); ++ if (IS_ERR(pdata)) + return PTR_ERR(pdata); +- } + } else if (!pdata->keymap_data) { + dev_err(&pdev->dev, "no keymap data defined\n"); + return -EINVAL; diff --git a/queue-4.4/input-xpad-quirk-all-pdp-xbox-one-gamepads.patch b/queue-4.4/input-xpad-quirk-all-pdp-xbox-one-gamepads.patch new file mode 100644 index 00000000000..d4b1b10a663 --- /dev/null +++ b/queue-4.4/input-xpad-quirk-all-pdp-xbox-one-gamepads.patch @@ -0,0 +1,70 @@ +From a6754fae1e66e9a40fed406290d7ca3f2b4d227c Mon Sep 17 00:00:00 2001 +From: Cameron Gutman +Date: Thu, 29 Nov 2018 10:09:33 -0800 +Subject: Input: xpad - quirk all PDP Xbox One gamepads + +From: Cameron Gutman + +commit a6754fae1e66e9a40fed406290d7ca3f2b4d227c upstream. + +Since we continue to find tons of new variants [0,1,2,3,4,5,6] that +need the PDP quirk, let's just quirk all devices from PDP. + +[0]: https://github.com/paroj/xpad/pull/104 +[1]: https://github.com/paroj/xpad/pull/105 +[2]: https://github.com/paroj/xpad/pull/108 +[3]: https://github.com/paroj/xpad/pull/109 +[4]: https://github.com/paroj/xpad/pull/112 +[5]: https://github.com/paroj/xpad/pull/115 +[6]: https://github.com/paroj/xpad/pull/116 + +Fixes: e5c9c6a885fa ("Input: xpad - add support for PDP Xbox One controllers") +Cc: stable@vger.kernel.org +Signed-off-by: Cameron Gutman +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/joystick/xpad.c | 16 ++++++---------- + 1 file changed, 6 insertions(+), 10 deletions(-) + +--- a/drivers/input/joystick/xpad.c ++++ b/drivers/input/joystick/xpad.c +@@ -483,18 +483,18 @@ static const u8 xboxone_hori_init[] = { + }; + + /* +- * This packet is required for some of the PDP pads to start ++ * This packet is required for most (all?) of the PDP pads to start + * sending input reports. These pads include: (0x0e6f:0x02ab), +- * (0x0e6f:0x02a4). ++ * (0x0e6f:0x02a4), (0x0e6f:0x02a6). + */ + static const u8 xboxone_pdp_init1[] = { + 0x0a, 0x20, 0x00, 0x03, 0x00, 0x01, 0x14 + }; + + /* +- * This packet is required for some of the PDP pads to start ++ * This packet is required for most (all?) of the PDP pads to start + * sending input reports. These pads include: (0x0e6f:0x02ab), +- * (0x0e6f:0x02a4). ++ * (0x0e6f:0x02a4), (0x0e6f:0x02a6). + */ + static const u8 xboxone_pdp_init2[] = { + 0x06, 0x20, 0x00, 0x02, 0x01, 0x00 +@@ -530,12 +530,8 @@ static const struct xboxone_init_packet + XBOXONE_INIT_PKT(0x0e6f, 0x0165, xboxone_hori_init), + XBOXONE_INIT_PKT(0x0f0d, 0x0067, xboxone_hori_init), + XBOXONE_INIT_PKT(0x0000, 0x0000, xboxone_fw2015_init), +- XBOXONE_INIT_PKT(0x0e6f, 0x02ab, xboxone_pdp_init1), +- XBOXONE_INIT_PKT(0x0e6f, 0x02ab, xboxone_pdp_init2), +- XBOXONE_INIT_PKT(0x0e6f, 0x02a4, xboxone_pdp_init1), +- XBOXONE_INIT_PKT(0x0e6f, 0x02a4, xboxone_pdp_init2), +- XBOXONE_INIT_PKT(0x0e6f, 0x02a6, xboxone_pdp_init1), +- XBOXONE_INIT_PKT(0x0e6f, 0x02a6, xboxone_pdp_init2), ++ XBOXONE_INIT_PKT(0x0e6f, 0x0000, xboxone_pdp_init1), ++ XBOXONE_INIT_PKT(0x0e6f, 0x0000, xboxone_pdp_init2), + XBOXONE_INIT_PKT(0x24c6, 0x541a, xboxone_rumblebegin_init), + XBOXONE_INIT_PKT(0x24c6, 0x542a, xboxone_rumblebegin_init), + XBOXONE_INIT_PKT(0x24c6, 0x543a, xboxone_rumblebegin_init), diff --git a/queue-4.4/kgdboc-fix-warning-with-module-build.patch b/queue-4.4/kgdboc-fix-warning-with-module-build.patch new file mode 100644 index 00000000000..79568851348 --- /dev/null +++ b/queue-4.4/kgdboc-fix-warning-with-module-build.patch @@ -0,0 +1,81 @@ +From 1cd25cbb2fedbc777f3a8c3cb1ba69b645aeaa64 Mon Sep 17 00:00:00 2001 +From: Laura Abbott +Date: Wed, 19 Sep 2018 18:59:01 -0700 +Subject: kgdboc: Fix warning with module build + +From: Laura Abbott + +commit 1cd25cbb2fedbc777f3a8c3cb1ba69b645aeaa64 upstream. + +After 2dd453168643 ("kgdboc: Fix restrict error"), kgdboc_option_setup is +now only used when built in, resulting in a warning when compiled as a +module: + +drivers/tty/serial/kgdboc.c:134:12: warning: 'kgdboc_option_setup' defined but not used [-Wunused-function] + static int kgdboc_option_setup(char *opt) + ^~~~~~~~~~~~~~~~~~~ + +Move the function under the appropriate ifdef for builtin only. + +Fixes: 2dd453168643 ("kgdboc: Fix restrict error") +Reported-by: Stephen Rothwell +Signed-off-by: Laura Abbott +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/kgdboc.c | 37 +++++++++++++++++++------------------ + 1 file changed, 19 insertions(+), 18 deletions(-) + +--- a/drivers/tty/serial/kgdboc.c ++++ b/drivers/tty/serial/kgdboc.c +@@ -131,24 +131,6 @@ static void kgdboc_unregister_kbd(void) + #define kgdboc_restore_input() + #endif /* ! CONFIG_KDB_KEYBOARD */ + +-static int kgdboc_option_setup(char *opt) +-{ +- if (!opt) { +- pr_err("kgdboc: config string not provided\n"); +- return -EINVAL; +- } +- +- if (strlen(opt) >= MAX_CONFIG_LEN) { +- printk(KERN_ERR "kgdboc: config string too long\n"); +- return -ENOSPC; +- } +- strcpy(config, opt); +- +- return 0; +-} +- +-__setup("kgdboc=", kgdboc_option_setup); +- + static void cleanup_kgdboc(void) + { + if (kgdb_unregister_nmi_console()) +@@ -316,6 +298,25 @@ static struct kgdb_io kgdboc_io_ops = { + }; + + #ifdef CONFIG_KGDB_SERIAL_CONSOLE ++static int kgdboc_option_setup(char *opt) ++{ ++ if (!opt) { ++ pr_err("config string not provided\n"); ++ return -EINVAL; ++ } ++ ++ if (strlen(opt) >= MAX_CONFIG_LEN) { ++ pr_err("config string too long\n"); ++ return -ENOSPC; ++ } ++ strcpy(config, opt); ++ ++ return 0; ++} ++ ++__setup("kgdboc=", kgdboc_option_setup); ++ ++ + /* This is only available if kgdboc is a built in for early debugging */ + static int __init kgdboc_early_init(char *opt) + { diff --git a/queue-4.4/mm-cleancache-fix-corruption-on-missed-inode-invalidation.patch b/queue-4.4/mm-cleancache-fix-corruption-on-missed-inode-invalidation.patch new file mode 100644 index 00000000000..935732c2509 --- /dev/null +++ b/queue-4.4/mm-cleancache-fix-corruption-on-missed-inode-invalidation.patch @@ -0,0 +1,74 @@ +From 6ff38bd40230af35e446239396e5fc8ebd6a5248 Mon Sep 17 00:00:00 2001 +From: Pavel Tikhomirov +Date: Fri, 30 Nov 2018 14:09:00 -0800 +Subject: mm: cleancache: fix corruption on missed inode invalidation + +From: Pavel Tikhomirov + +commit 6ff38bd40230af35e446239396e5fc8ebd6a5248 upstream. + +If all pages are deleted from the mapping by memory reclaim and also +moved to the cleancache: + +__delete_from_page_cache + (no shadow case) + unaccount_page_cache_page + cleancache_put_page + page_cache_delete + mapping->nrpages -= nr + (nrpages becomes 0) + +We don't clean the cleancache for an inode after final file truncation +(removal). + +truncate_inode_pages_final + check (nrpages || nrexceptional) is false + no truncate_inode_pages + no cleancache_invalidate_inode(mapping) + +These way when reading the new file created with same inode we may get +these trash leftover pages from cleancache and see wrong data instead of +the contents of the new file. + +Fix it by always doing truncate_inode_pages which is already ready for +nrpages == 0 && nrexceptional == 0 case and just invalidates inode. + +[akpm@linux-foundation.org: add comment, per Jan] +Link: http://lkml.kernel.org/r/20181112095734.17979-1-ptikhomirov@virtuozzo.com +Fixes: commit 91b0abe36a7b ("mm + fs: store shadow entries in page cache") +Signed-off-by: Pavel Tikhomirov +Reviewed-by: Vasily Averin +Reviewed-by: Andrey Ryabinin +Reviewed-by: Jan Kara +Cc: Johannes Weiner +Cc: Mel Gorman +Cc: Matthew Wilcox +Cc: Andi Kleen +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Vasily Averin +Signed-off-by: Greg Kroah-Hartman + +--- + mm/truncate.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/mm/truncate.c ++++ b/mm/truncate.c +@@ -432,9 +432,13 @@ void truncate_inode_pages_final(struct a + */ + spin_lock_irq(&mapping->tree_lock); + spin_unlock_irq(&mapping->tree_lock); +- +- truncate_inode_pages(mapping, 0); + } ++ ++ /* ++ * Cleancache needs notification even if there are no pages or shadow ++ * entries. ++ */ ++ truncate_inode_pages(mapping, 0); + } + EXPORT_SYMBOL(truncate_inode_pages_final); + diff --git a/queue-4.4/mm-mlock-avoid-increase-mm-locked_vm-on-mlock-when-already-mlock2-mlock_onfault.patch b/queue-4.4/mm-mlock-avoid-increase-mm-locked_vm-on-mlock-when-already-mlock2-mlock_onfault.patch new file mode 100644 index 00000000000..f7818c2fa5d --- /dev/null +++ b/queue-4.4/mm-mlock-avoid-increase-mm-locked_vm-on-mlock-when-already-mlock2-mlock_onfault.patch @@ -0,0 +1,69 @@ +From b155b4fde5bdde9fed439cd1f5ea07173df2ed31 Mon Sep 17 00:00:00 2001 +From: Simon Guo +Date: Fri, 7 Oct 2016 16:59:40 -0700 +Subject: mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT) + +From: Simon Guo + +commit b155b4fde5bdde9fed439cd1f5ea07173df2ed31 upstream. + +When one vma was with flag VM_LOCKED|VM_LOCKONFAULT (by invoking +mlock2(,MLOCK_ONFAULT)), it can again be populated with mlock() with +VM_LOCKED flag only. + +There is a hole in mlock_fixup() which increase mm->locked_vm twice even +the two operations are on the same vma and both with VM_LOCKED flags. + +The issue can be reproduced by following code: + + mlock2(p, 1024 * 64, MLOCK_ONFAULT); //VM_LOCKED|VM_LOCKONFAULT + mlock(p, 1024 * 64); //VM_LOCKED + +Then check the increase VmLck field in /proc/pid/status(to 128k). + +When vma is set with different vm_flags, and the new vm_flags is with +VM_LOCKED, it is not necessarily be a "new locked" vma. This patch +corrects this bug by prevent mm->locked_vm from increment when old +vm_flags is already VM_LOCKED. + +Link: http://lkml.kernel.org/r/1472554781-9835-3-git-send-email-wei.guo.simon@gmail.com +Signed-off-by: Simon Guo +Acked-by: Kirill A. Shutemov +Cc: Alexey Klimov +Cc: Eric B Munson +Cc: Geert Uytterhoeven +Cc: Mel Gorman +Cc: Michal Hocko +Cc: Shuah Khan +Cc: Simon Guo +Cc: Thierry Reding +Cc: Vlastimil Babka +Cc: David Rientjes +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Cc: Rafael David Tinoco +Signed-off-by: Greg Kroah-Hartman + +--- + mm/mlock.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/mm/mlock.c ++++ b/mm/mlock.c +@@ -504,6 +504,7 @@ static int mlock_fixup(struct vm_area_st + int nr_pages; + int ret = 0; + int lock = !!(newflags & VM_LOCKED); ++ vm_flags_t old_flags = vma->vm_flags; + + if (newflags == vma->vm_flags || (vma->vm_flags & VM_SPECIAL) || + is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm)) +@@ -538,6 +539,8 @@ success: + nr_pages = (end - start) >> PAGE_SHIFT; + if (!lock) + nr_pages = -nr_pages; ++ else if (old_flags & VM_LOCKED) ++ nr_pages = 0; + mm->locked_vm += nr_pages; + + /* diff --git a/queue-4.4/series b/queue-4.4/series index 5f9537ee21c..761309acb3e 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -38,6 +38,18 @@ scsi-scsi_devinfo-cleanly-zero-pad-devinfo-strings.patch alsa-trident-suppress-gcc-string-warning.patch scsi-csiostor-avoid-content-leaks-and-casts.patch kgdboc-fix-restrict-error.patch +kgdboc-fix-warning-with-module-build.patch leds-call-led_pwm_set-in-leds-pwm-to-enforce-default-led_off.patch leds-turn-off-the-led-and-wait-for-completion-on-unregistering-led-class-device.patch leds-leds-gpio-fix-return-value-check-in-create_gpio_led.patch +input-xpad-quirk-all-pdp-xbox-one-gamepads.patch +input-matrix_keypad-check-for-errors-from-of_get_named_gpio.patch +input-elan_i2c-add-elan0620-to-the-acpi-table.patch +input-elan_i2c-add-acpi-id-for-lenovo-ideapad-330-15arr.patch +input-elan_i2c-add-support-for-elan0621-touchpad.patch +btrfs-always-try-all-copies-when-reading-extent-buffers.patch +btrfs-fix-use-after-free-when-dumping-free-space.patch +arc-change-defconfig-defaults-to-arcv2.patch +arc-add-support-of-nfsv3-acl.patch +mm-cleancache-fix-corruption-on-missed-inode-invalidation.patch +mm-mlock-avoid-increase-mm-locked_vm-on-mlock-when-already-mlock2-mlock_onfault.patch