From: Greg Kroah-Hartman Date: Thu, 20 Oct 2016 14:22:57 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v4.7.10~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4e7e8c1ff5cd54d623b9e6e9bac569a144196002;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: asoc-intel-atom-add-a-missing-star-in-a-memcpy-call.patch asoc-nau8825-fix-bug-in-fll-parameter.patch async_pq_val-fix-dma-memory-leak.patch brcmfmac-fix-memory-leak-in-brcmf_fill_bss_param.patch btrfs-assign-error-values-to-the-correct-bio-structs.patch drivers-base-dma-mapping-page-align-the-size-when-unmap_kernel_range.patch fuse-fix-killing-sid-in-setattr.patch fuse-invalidate-dir-dentry-after-chmod.patch fuse-listxattr-verify-xattr-list.patch i40e-avoid-null-pointer-dereference-and-recursive-errors-on-early-pci-error.patch reiserfs-switch-to-generic_-get-set-remove-xattr.patch reiserfs-unlock-superblock-before-calling-reiserfs_quota_on_mount.patch --- diff --git a/queue-4.4/asoc-intel-atom-add-a-missing-star-in-a-memcpy-call.patch b/queue-4.4/asoc-intel-atom-add-a-missing-star-in-a-memcpy-call.patch new file mode 100644 index 00000000000..27ec25f6f1e --- /dev/null +++ b/queue-4.4/asoc-intel-atom-add-a-missing-star-in-a-memcpy-call.patch @@ -0,0 +1,56 @@ +From 61ab0d403bbd9d5f6e000e3b5734049141b91f6f Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Sun, 28 Aug 2016 21:10:04 +0200 +Subject: ASoC: Intel: Atom: add a missing star in a memcpy call + +From: Nicolas Iooss + +commit 61ab0d403bbd9d5f6e000e3b5734049141b91f6f upstream. + +In sst_prepare_and_post_msg(), when a response is received in "block", +the following code gets executed: + + *data = kzalloc(block->size, GFP_KERNEL); + memcpy(data, (void *) block->data, block->size); + +The memcpy() call overwrites the content of the *data pointer instead of +filling the newly-allocated memory (which pointer is hold by *data). +Fix this by merging kzalloc+memcpy into a single kmemdup() call. + +Thanks Joe Perches for suggesting using kmemdup() + +Fixes: 60dc8dbacb00 ("ASoC: Intel: sst: Add some helper functions") +Signed-off-by: Nicolas Iooss +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/intel/atom/sst/sst_pvt.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +--- a/sound/soc/intel/atom/sst/sst_pvt.c ++++ b/sound/soc/intel/atom/sst/sst_pvt.c +@@ -279,17 +279,15 @@ int sst_prepare_and_post_msg(struct inte + + if (response) { + ret = sst_wait_timeout(sst, block); +- if (ret < 0) { ++ if (ret < 0) + goto out; +- } else if(block->data) { +- if (!data) +- goto out; +- *data = kzalloc(block->size, GFP_KERNEL); +- if (!(*data)) { ++ ++ if (data && block->data) { ++ *data = kmemdup(block->data, block->size, GFP_KERNEL); ++ if (!*data) { + ret = -ENOMEM; + goto out; +- } else +- memcpy(data, (void *) block->data, block->size); ++ } + } + } + out: diff --git a/queue-4.4/asoc-nau8825-fix-bug-in-fll-parameter.patch b/queue-4.4/asoc-nau8825-fix-bug-in-fll-parameter.patch new file mode 100644 index 00000000000..0e44c6311d2 --- /dev/null +++ b/queue-4.4/asoc-nau8825-fix-bug-in-fll-parameter.patch @@ -0,0 +1,31 @@ +From a8961cae29c38e225120c40c3340dbde2f552e60 Mon Sep 17 00:00:00 2001 +From: John Hsu +Date: Tue, 13 Sep 2016 11:56:03 +0800 +Subject: ASoC: nau8825: fix bug in FLL parameter + +From: John Hsu + +commit a8961cae29c38e225120c40c3340dbde2f552e60 upstream. + +In the FLL parameter calculation, the FVCO should choose the maximum one. +The patch is to fix the bug about the wrong FVCO chosen. + +Signed-off-by: John Hsu +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/codecs/nau8825.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/soc/codecs/nau8825.c ++++ b/sound/soc/codecs/nau8825.c +@@ -916,7 +916,7 @@ static int nau8825_calc_fll_param(unsign + /* Calculate the FLL 10-bit integer input and the FLL 16-bit fractional + * input based on FDCO, FREF and FLL ratio. + */ +- fvco = div_u64(fvco << 16, fref * fll_param->ratio); ++ fvco = div_u64(fvco_max << 16, fref * fll_param->ratio); + fll_param->fll_int = (fvco >> 16) & 0x3FF; + fll_param->fll_frac = fvco & 0xFFFF; + return 0; diff --git a/queue-4.4/async_pq_val-fix-dma-memory-leak.patch b/queue-4.4/async_pq_val-fix-dma-memory-leak.patch new file mode 100644 index 00000000000..ee26f2d4148 --- /dev/null +++ b/queue-4.4/async_pq_val-fix-dma-memory-leak.patch @@ -0,0 +1,46 @@ +From c84750906b4818d4929fbf73a4ae6c113b94f52b Mon Sep 17 00:00:00 2001 +From: Justin Maggard +Date: Tue, 4 Oct 2016 13:17:58 -0700 +Subject: async_pq_val: fix DMA memory leak + +From: Justin Maggard + +commit c84750906b4818d4929fbf73a4ae6c113b94f52b upstream. + +Add missing dmaengine_unmap_put(), so we don't OOM during RAID6 sync. + +Fixes: 1786b943dad0 ("async_pq_val: convert to dmaengine_unmap_data") +Signed-off-by: Justin Maggard +Reviewed-by: Dan Williams +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/async_tx/async_pq.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/crypto/async_tx/async_pq.c ++++ b/crypto/async_tx/async_pq.c +@@ -368,8 +368,6 @@ async_syndrome_val(struct page **blocks, + + dma_set_unmap(tx, unmap); + async_tx_submit(chan, tx, submit); +- +- return tx; + } else { + struct page *p_src = P(blocks, disks); + struct page *q_src = Q(blocks, disks); +@@ -424,9 +422,11 @@ async_syndrome_val(struct page **blocks, + submit->cb_param = cb_param_orig; + submit->flags = flags_orig; + async_tx_sync_epilog(submit); +- +- return NULL; ++ tx = NULL; + } ++ dmaengine_unmap_put(unmap); ++ ++ return tx; + } + EXPORT_SYMBOL_GPL(async_syndrome_val); + diff --git a/queue-4.4/brcmfmac-fix-memory-leak-in-brcmf_fill_bss_param.patch b/queue-4.4/brcmfmac-fix-memory-leak-in-brcmf_fill_bss_param.patch new file mode 100644 index 00000000000..2f25bfb1e80 --- /dev/null +++ b/queue-4.4/brcmfmac-fix-memory-leak-in-brcmf_fill_bss_param.patch @@ -0,0 +1,46 @@ +From 23e9c128adb2038c27a424a5f91136e7fa3e0dc6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Wed, 21 Sep 2016 08:23:24 +0200 +Subject: brcmfmac: fix memory leak in brcmf_fill_bss_param +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Rafał Miłecki + +commit 23e9c128adb2038c27a424a5f91136e7fa3e0dc6 upstream. + +This function is called from get_station callback which means that every +time user space was getting/dumping station(s) we were leaking 2 KiB. + +Signed-off-by: Rafał Miłecki +Fixes: 1f0dc59a6de ("brcmfmac: rework .get_station() callback") +Acked-by: Arend van Spriel +Signed-off-by: Kalle Valo +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c ++++ b/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c +@@ -2408,7 +2408,7 @@ static void brcmf_fill_bss_param(struct + WL_BSS_INFO_MAX); + if (err) { + brcmf_err("Failed to get bss info (%d)\n", err); +- return; ++ goto out_kfree; + } + si->filled |= BIT(NL80211_STA_INFO_BSS_PARAM); + si->bss_param.beacon_interval = le16_to_cpu(buf->bss_le.beacon_period); +@@ -2420,6 +2420,9 @@ static void brcmf_fill_bss_param(struct + si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_PREAMBLE; + if (capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) + si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME; ++ ++out_kfree: ++ kfree(buf); + } + + static s32 diff --git a/queue-4.4/btrfs-assign-error-values-to-the-correct-bio-structs.patch b/queue-4.4/btrfs-assign-error-values-to-the-correct-bio-structs.patch new file mode 100644 index 00000000000..19b6ae9c2cb --- /dev/null +++ b/queue-4.4/btrfs-assign-error-values-to-the-correct-bio-structs.patch @@ -0,0 +1,39 @@ +From 14155cafeadda946376260e2ad5d39a0528a332f Mon Sep 17 00:00:00 2001 +From: Junjie Mao +Date: Mon, 17 Oct 2016 09:20:25 +0800 +Subject: btrfs: assign error values to the correct bio structs + +From: Junjie Mao + +commit 14155cafeadda946376260e2ad5d39a0528a332f upstream. + +Fixes: 4246a0b63bd8 ("block: add a bi_error field to struct bio") +Signed-off-by: Junjie Mao +Acked-by: David Sterba +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/compression.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/btrfs/compression.c ++++ b/fs/btrfs/compression.c +@@ -694,7 +694,7 @@ int btrfs_submit_compressed_read(struct + ret = btrfs_map_bio(root, READ, comp_bio, + mirror_num, 0); + if (ret) { +- bio->bi_error = ret; ++ comp_bio->bi_error = ret; + bio_endio(comp_bio); + } + +@@ -723,7 +723,7 @@ int btrfs_submit_compressed_read(struct + + ret = btrfs_map_bio(root, READ, comp_bio, mirror_num, 0); + if (ret) { +- bio->bi_error = ret; ++ comp_bio->bi_error = ret; + bio_endio(comp_bio); + } + diff --git a/queue-4.4/drivers-base-dma-mapping-page-align-the-size-when-unmap_kernel_range.patch b/queue-4.4/drivers-base-dma-mapping-page-align-the-size-when-unmap_kernel_range.patch new file mode 100644 index 00000000000..52fe271b92b --- /dev/null +++ b/queue-4.4/drivers-base-dma-mapping-page-align-the-size-when-unmap_kernel_range.patch @@ -0,0 +1,65 @@ +From 85714108e673cdebf1b96abfd50fb02a29e37577 Mon Sep 17 00:00:00 2001 +From: Peng Fan +Date: Thu, 21 Jul 2016 16:04:21 +0800 +Subject: drivers: base: dma-mapping: page align the size when unmap_kernel_range + +From: Peng Fan + +commit 85714108e673cdebf1b96abfd50fb02a29e37577 upstream. + +When dma_common_free_remap, the input parameter 'size' may not +be page aligned. And, met kernel warning when doing iommu dma +for usb on i.MX8 platform: +" +WARNING: CPU: 0 PID: 869 at mm/vmalloc.c:70 vunmap_page_range+0x1cc/0x1d0() +Modules linked in: +CPU: 0 PID: 869 Comm: kworker/u8:2 Not tainted 4.1.12-00444-gc5f9d1d-dirty #147 +Hardware name: Freescale i.MX8DV Sabreauto (DT) +Workqueue: ci_otg ci_otg_work +Call trace: +[] dump_backtrace+0x0/0x124 +[] show_stack+0x10/0x1c +[] dump_stack+0x84/0xc8 +[] warn_slowpath_common+0x98/0xd0 +[] warn_slowpath_null+0x14/0x20 +[] vunmap_page_range+0x1c8/0x1d0 +[] unmap_kernel_range+0x20/0x88 +[] dma_common_free_remap+0x74/0x84 +[] __iommu_free_attrs+0x9c/0x178 +[] ehci_mem_cleanup+0x140/0x194 +[] ehci_stop+0x8c/0xdc +[] usb_remove_hcd+0xf0/0x1cc +[] host_stop+0x1c/0x58 +[] ci_otg_work+0xdc/0x120 +[] process_one_work+0x134/0x33c +[] worker_thread+0x13c/0x47c +[] kthread+0xd8/0xf0 +" + +For dma_common_pages_remap: +dma_common_pages_remap + |->get_vm_area_caller + |->__get_vm_area_node + |->size = PAGE_ALIGN(size); Round up to page aligned + +So, in dma_common_free_remap, we also need a page aligned size, +pass 'PAGE_ALIGN(size)' to unmap_kernel_range. + +Signed-off-by: Peng Fan +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/dma-mapping.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/base/dma-mapping.c ++++ b/drivers/base/dma-mapping.c +@@ -335,7 +335,7 @@ void dma_common_free_remap(void *cpu_add + return; + } + +- unmap_kernel_range((unsigned long)cpu_addr, size); ++ unmap_kernel_range((unsigned long)cpu_addr, PAGE_ALIGN(size)); + vunmap(cpu_addr); + } + #endif diff --git a/queue-4.4/fuse-fix-killing-sid-in-setattr.patch b/queue-4.4/fuse-fix-killing-sid-in-setattr.patch new file mode 100644 index 00000000000..ff5fdb02894 --- /dev/null +++ b/queue-4.4/fuse-fix-killing-sid-in-setattr.patch @@ -0,0 +1,75 @@ +From a09f99eddef44035ec764075a37bace8181bec38 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Sat, 1 Oct 2016 07:32:32 +0200 +Subject: fuse: fix killing s[ug]id in setattr + +From: Miklos Szeredi + +commit a09f99eddef44035ec764075a37bace8181bec38 upstream. + +Fuse allowed VFS to set mode in setattr in order to clear suid/sgid on +chown and truncate, and (since writeback_cache) write. The problem with +this is that it'll potentially restore a stale mode. + +The poper fix would be to let the filesystems do the suid/sgid clearing on +the relevant operations. Possibly some are already doing it but there's no +way we can detect this. + +So fix this by refreshing and recalculating the mode. Do this only if +ATTR_KILL_S[UG]ID is set to not destroy performance for writes. This is +still racy but the size of the window is reduced. + +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/dir.c | 32 ++++++++++++++++++++++++++++---- + 1 file changed, 28 insertions(+), 4 deletions(-) + +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -1697,16 +1697,40 @@ error: + static int fuse_setattr(struct dentry *entry, struct iattr *attr) + { + struct inode *inode = d_inode(entry); ++ struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL; + int ret; + + if (!fuse_allow_current_process(get_fuse_conn(inode))) + return -EACCES; + +- if (attr->ia_valid & ATTR_FILE) +- ret = fuse_do_setattr(inode, attr, attr->ia_file); +- else +- ret = fuse_do_setattr(inode, attr, NULL); ++ if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) { ++ int kill; + ++ attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ++ ATTR_MODE); ++ /* ++ * ia_mode calculation may have used stale i_mode. Refresh and ++ * recalculate. ++ */ ++ ret = fuse_do_getattr(inode, NULL, file); ++ if (ret) ++ return ret; ++ ++ attr->ia_mode = inode->i_mode; ++ kill = should_remove_suid(entry); ++ if (kill & ATTR_KILL_SUID) { ++ attr->ia_valid |= ATTR_MODE; ++ attr->ia_mode &= ~S_ISUID; ++ } ++ if (kill & ATTR_KILL_SGID) { ++ attr->ia_valid |= ATTR_MODE; ++ attr->ia_mode &= ~S_ISGID; ++ } ++ } ++ if (!attr->ia_valid) ++ return 0; ++ ++ ret = fuse_do_setattr(inode, attr, file); + if (!ret) { + /* Directory mode changed, may need to revalidate access */ + if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE)) diff --git a/queue-4.4/fuse-invalidate-dir-dentry-after-chmod.patch b/queue-4.4/fuse-invalidate-dir-dentry-after-chmod.patch new file mode 100644 index 00000000000..5d1d212d083 --- /dev/null +++ b/queue-4.4/fuse-invalidate-dir-dentry-after-chmod.patch @@ -0,0 +1,58 @@ +From 5e2b8828ff3d79aca8c3a1730652758753205b61 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Sat, 1 Oct 2016 07:32:32 +0200 +Subject: fuse: invalidate dir dentry after chmod +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Miklos Szeredi + +commit 5e2b8828ff3d79aca8c3a1730652758753205b61 upstream. + +Without "default_permissions" the userspace filesystem's lookup operation +needs to perform the check for search permission on the directory. + +If directory does not allow search for everyone (this is quite rare) then +userspace filesystem has to set entry timeout to zero to make sure +permissions are always performed. + +Changing the mode bits of the directory should also invalidate the +(previously cached) dentry to make sure the next lookup will have a chance +of updating the timeout, if needed. + +Reported-by: Jean-Pierre André +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/dir.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -1697,14 +1697,22 @@ error: + static int fuse_setattr(struct dentry *entry, struct iattr *attr) + { + struct inode *inode = d_inode(entry); ++ int ret; + + if (!fuse_allow_current_process(get_fuse_conn(inode))) + return -EACCES; + + if (attr->ia_valid & ATTR_FILE) +- return fuse_do_setattr(inode, attr, attr->ia_file); ++ ret = fuse_do_setattr(inode, attr, attr->ia_file); + else +- return fuse_do_setattr(inode, attr, NULL); ++ ret = fuse_do_setattr(inode, attr, NULL); ++ ++ if (!ret) { ++ /* Directory mode changed, may need to revalidate access */ ++ if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE)) ++ fuse_invalidate_entry_cache(entry); ++ } ++ return ret; + } + + static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry, diff --git a/queue-4.4/fuse-listxattr-verify-xattr-list.patch b/queue-4.4/fuse-listxattr-verify-xattr-list.patch new file mode 100644 index 00000000000..f7b6c4a1292 --- /dev/null +++ b/queue-4.4/fuse-listxattr-verify-xattr-list.patch @@ -0,0 +1,56 @@ +From cb3ae6d25a5471be62bfe6ac1fccc0e91edeaba0 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Sat, 1 Oct 2016 07:32:32 +0200 +Subject: fuse: listxattr: verify xattr list + +From: Miklos Szeredi + +commit cb3ae6d25a5471be62bfe6ac1fccc0e91edeaba0 upstream. + +Make sure userspace filesystem is returning a well formed list of xattr +names (zero or more nonzero length, null terminated strings). + +[Michael Theall: only verify in the nonzero size case] + +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/dir.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -1797,6 +1797,23 @@ static ssize_t fuse_getxattr(struct dent + return ret; + } + ++static int fuse_verify_xattr_list(char *list, size_t size) ++{ ++ size_t origsize = size; ++ ++ while (size) { ++ size_t thislen = strnlen(list, size); ++ ++ if (!thislen || thislen == size) ++ return -EIO; ++ ++ size -= thislen + 1; ++ list += thislen + 1; ++ } ++ ++ return origsize; ++} ++ + static ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size) + { + struct inode *inode = d_inode(entry); +@@ -1832,6 +1849,8 @@ static ssize_t fuse_listxattr(struct den + ret = fuse_simple_request(fc, &args); + if (!ret && !size) + ret = outarg.size; ++ if (ret > 0 && size) ++ ret = fuse_verify_xattr_list(list, ret); + if (ret == -ENOSYS) { + fc->no_listxattr = 1; + ret = -EOPNOTSUPP; diff --git a/queue-4.4/i40e-avoid-null-pointer-dereference-and-recursive-errors-on-early-pci-error.patch b/queue-4.4/i40e-avoid-null-pointer-dereference-and-recursive-errors-on-early-pci-error.patch new file mode 100644 index 00000000000..a4b44eaf325 --- /dev/null +++ b/queue-4.4/i40e-avoid-null-pointer-dereference-and-recursive-errors-on-early-pci-error.patch @@ -0,0 +1,67 @@ +From edfc23ee3e0ebbb6713d7574ab1b00abff178f6c Mon Sep 17 00:00:00 2001 +From: Guilherme G Piccoli +Date: Mon, 3 Oct 2016 00:31:12 -0700 +Subject: i40e: avoid NULL pointer dereference and recursive errors on early PCI error + +From: Guilherme G Piccoli + +commit edfc23ee3e0ebbb6713d7574ab1b00abff178f6c upstream. + +Although rare, it's possible to hit PCI error early on device +probe, meaning possibly some structs are not entirely initialized, +and some might even be completely uninitialized, leading to NULL +pointer dereference. + +The i40e driver currently presents a "bad" behavior if device hits +such early PCI error: firstly, the struct i40e_pf might not be +attached to pci_dev yet, leading to a NULL pointer dereference on +access to pf->state. + +Even checking if the struct is NULL and avoiding the access in that +case isn't enough, since the driver cannot recover from PCI error +that early; in our experiments we saw multiple failures on kernel +log, like: + + [549.664] i40e 0007:01:00.1: Initial pf_reset failed: -15 + [549.664] i40e: probe of 0007:01:00.1 failed with error -15 + [...] + [871.644] i40e 0007:01:00.1: The driver for the device stopped because the + device firmware failed to init. Try updating your NVM image. + [871.644] i40e: probe of 0007:01:00.1 failed with error -32 + [...] + [872.516] i40e 0007:01:00.0: ARQ: Unknown event 0x0000 ignored + +Between the first probe failure (error -15) and the second (error -32) +another PCI error happened due to the first bad probe. Also, driver +started to flood console with those ARQ event messages. + +This patch will prevent these issues by allowing error recovery +mechanism to remove the failed device from the system instead of +trying to recover from early PCI errors during device probe. + +Signed-off-by: Guilherme G Piccoli +Acked-by: Jacob Keller +Tested-by: Andrew Bowers +Signed-off-by: Jeff Kirsher +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/intel/i40e/i40e_main.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -10853,6 +10853,12 @@ static pci_ers_result_t i40e_pci_error_d + + dev_info(&pdev->dev, "%s: error %d\n", __func__, error); + ++ if (!pf) { ++ dev_info(&pdev->dev, ++ "Cannot recover - error happened during device probe\n"); ++ return PCI_ERS_RESULT_DISCONNECT; ++ } ++ + /* shutdown all operations */ + if (!test_bit(__I40E_SUSPENDED, &pf->state)) { + rtnl_lock(); diff --git a/queue-4.4/reiserfs-switch-to-generic_-get-set-remove-xattr.patch b/queue-4.4/reiserfs-switch-to-generic_-get-set-remove-xattr.patch new file mode 100644 index 00000000000..b51b9031777 --- /dev/null +++ b/queue-4.4/reiserfs-switch-to-generic_-get-set-remove-xattr.patch @@ -0,0 +1,296 @@ +From 79a628d14ec7ee9adfdc3ce04343d5ff7ec20c18 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sun, 10 Apr 2016 18:50:48 -0400 +Subject: reiserfs: switch to generic_{get,set,remove}xattr() + +From: Al Viro + +commit 79a628d14ec7ee9adfdc3ce04343d5ff7ec20c18 upstream. + +reiserfs_xattr_[sg]et() will fail with -EOPNOTSUPP for V1 inodes anyway, +and all reiserfs instances of ->[sg]et() call it and so does ->set_acl(). + +Checks for name length in the instances had been bogus; they should've +been "bugger off if it's _exactly_ the prefix" (as generic would +do on its own) and not "bugger off if it's shorter than the prefix" - +that can't happen. + +xattr_full_name() is needed to adjust for the fact that generic instances +will skip the prefix in the name passed to ->[gs]et(); reiserfs homegrown +analogues didn't. + +Signed-off-by: Al Viro +[jeffm: Backported to v4.4: adjust context] +Signed-off-by: Jeff Mahoney +Signed-off-by: Greg Kroah-Hartman + +--- + fs/reiserfs/file.c | 6 ++-- + fs/reiserfs/namei.c | 18 +++++++------- + fs/reiserfs/xattr.c | 54 ------------------------------------------- + fs/reiserfs/xattr.h | 9 ------- + fs/reiserfs/xattr_security.c | 14 ++++------- + fs/reiserfs/xattr_trusted.c | 14 ++++------- + fs/reiserfs/xattr_user.c | 14 ++++------- + 7 files changed, 31 insertions(+), 98 deletions(-) + +--- a/fs/reiserfs/file.c ++++ b/fs/reiserfs/file.c +@@ -260,10 +260,10 @@ const struct file_operations reiserfs_fi + + const struct inode_operations reiserfs_file_inode_operations = { + .setattr = reiserfs_setattr, +- .setxattr = reiserfs_setxattr, +- .getxattr = reiserfs_getxattr, ++ .setxattr = generic_setxattr, ++ .getxattr = generic_getxattr, + .listxattr = reiserfs_listxattr, +- .removexattr = reiserfs_removexattr, ++ .removexattr = generic_removexattr, + .permission = reiserfs_permission, + .get_acl = reiserfs_get_acl, + .set_acl = reiserfs_set_acl, +--- a/fs/reiserfs/namei.c ++++ b/fs/reiserfs/namei.c +@@ -1649,10 +1649,10 @@ const struct inode_operations reiserfs_d + .mknod = reiserfs_mknod, + .rename = reiserfs_rename, + .setattr = reiserfs_setattr, +- .setxattr = reiserfs_setxattr, +- .getxattr = reiserfs_getxattr, ++ .setxattr = generic_setxattr, ++ .getxattr = generic_getxattr, + .listxattr = reiserfs_listxattr, +- .removexattr = reiserfs_removexattr, ++ .removexattr = generic_removexattr, + .permission = reiserfs_permission, + .get_acl = reiserfs_get_acl, + .set_acl = reiserfs_set_acl, +@@ -1667,10 +1667,10 @@ const struct inode_operations reiserfs_s + .follow_link = page_follow_link_light, + .put_link = page_put_link, + .setattr = reiserfs_setattr, +- .setxattr = reiserfs_setxattr, +- .getxattr = reiserfs_getxattr, ++ .setxattr = generic_setxattr, ++ .getxattr = generic_getxattr, + .listxattr = reiserfs_listxattr, +- .removexattr = reiserfs_removexattr, ++ .removexattr = generic_removexattr, + .permission = reiserfs_permission, + }; + +@@ -1679,10 +1679,10 @@ const struct inode_operations reiserfs_s + */ + const struct inode_operations reiserfs_special_inode_operations = { + .setattr = reiserfs_setattr, +- .setxattr = reiserfs_setxattr, +- .getxattr = reiserfs_getxattr, ++ .setxattr = generic_setxattr, ++ .getxattr = generic_getxattr, + .listxattr = reiserfs_listxattr, +- .removexattr = reiserfs_removexattr, ++ .removexattr = generic_removexattr, + .permission = reiserfs_permission, + .get_acl = reiserfs_get_acl, + .set_acl = reiserfs_set_acl, +--- a/fs/reiserfs/xattr.c ++++ b/fs/reiserfs/xattr.c +@@ -763,60 +763,6 @@ find_xattr_handler_prefix(const struct x + return xah; + } + +- +-/* +- * Inode operation getxattr() +- */ +-ssize_t +-reiserfs_getxattr(struct dentry * dentry, const char *name, void *buffer, +- size_t size) +-{ +- const struct xattr_handler *handler; +- +- handler = find_xattr_handler_prefix(dentry->d_sb->s_xattr, name); +- +- if (!handler || get_inode_sd_version(d_inode(dentry)) == STAT_DATA_V1) +- return -EOPNOTSUPP; +- +- return handler->get(handler, dentry, name, buffer, size); +-} +- +-/* +- * Inode operation setxattr() +- * +- * d_inode(dentry)->i_mutex down +- */ +-int +-reiserfs_setxattr(struct dentry *dentry, const char *name, const void *value, +- size_t size, int flags) +-{ +- const struct xattr_handler *handler; +- +- handler = find_xattr_handler_prefix(dentry->d_sb->s_xattr, name); +- +- if (!handler || get_inode_sd_version(d_inode(dentry)) == STAT_DATA_V1) +- return -EOPNOTSUPP; +- +- return handler->set(handler, dentry, name, value, size, flags); +-} +- +-/* +- * Inode operation removexattr() +- * +- * d_inode(dentry)->i_mutex down +- */ +-int reiserfs_removexattr(struct dentry *dentry, const char *name) +-{ +- const struct xattr_handler *handler; +- +- handler = find_xattr_handler_prefix(dentry->d_sb->s_xattr, name); +- +- if (!handler || get_inode_sd_version(d_inode(dentry)) == STAT_DATA_V1) +- return -EOPNOTSUPP; +- +- return handler->set(handler, dentry, name, NULL, 0, XATTR_REPLACE); +-} +- + struct listxattr_buf { + struct dir_context ctx; + size_t size; +--- a/fs/reiserfs/xattr.h ++++ b/fs/reiserfs/xattr.h +@@ -2,6 +2,7 @@ + #include + #include + #include ++#include + + struct inode; + struct dentry; +@@ -18,12 +19,7 @@ int reiserfs_permission(struct inode *in + + #ifdef CONFIG_REISERFS_FS_XATTR + #define has_xattr_dir(inode) (REISERFS_I(inode)->i_flags & i_has_xattr_dir) +-ssize_t reiserfs_getxattr(struct dentry *dentry, const char *name, +- void *buffer, size_t size); +-int reiserfs_setxattr(struct dentry *dentry, const char *name, +- const void *value, size_t size, int flags); + ssize_t reiserfs_listxattr(struct dentry *dentry, char *buffer, size_t size); +-int reiserfs_removexattr(struct dentry *dentry, const char *name); + + int reiserfs_xattr_get(struct inode *, const char *, void *, size_t); + int reiserfs_xattr_set(struct inode *, const char *, const void *, size_t, int); +@@ -92,10 +88,7 @@ static inline void reiserfs_init_xattr_r + + #else + +-#define reiserfs_getxattr NULL +-#define reiserfs_setxattr NULL + #define reiserfs_listxattr NULL +-#define reiserfs_removexattr NULL + + static inline void reiserfs_init_xattr_rwsem(struct inode *inode) + { +--- a/fs/reiserfs/xattr_security.c ++++ b/fs/reiserfs/xattr_security.c +@@ -12,26 +12,24 @@ static int + security_get(const struct xattr_handler *handler, struct dentry *dentry, + const char *name, void *buffer, size_t size) + { +- if (strlen(name) < sizeof(XATTR_SECURITY_PREFIX)) +- return -EINVAL; +- + if (IS_PRIVATE(d_inode(dentry))) + return -EPERM; + +- return reiserfs_xattr_get(d_inode(dentry), name, buffer, size); ++ return reiserfs_xattr_get(d_inode(dentry), ++ xattr_full_name(handler, name), ++ buffer, size); + } + + static int + security_set(const struct xattr_handler *handler, struct dentry *dentry, + const char *name, const void *buffer, size_t size, int flags) + { +- if (strlen(name) < sizeof(XATTR_SECURITY_PREFIX)) +- return -EINVAL; +- + if (IS_PRIVATE(d_inode(dentry))) + return -EPERM; + +- return reiserfs_xattr_set(d_inode(dentry), name, buffer, size, flags); ++ return reiserfs_xattr_set(d_inode(dentry), ++ xattr_full_name(handler, name), ++ buffer, size, flags); + } + + static size_t security_list(const struct xattr_handler *handler, +--- a/fs/reiserfs/xattr_trusted.c ++++ b/fs/reiserfs/xattr_trusted.c +@@ -11,26 +11,24 @@ static int + trusted_get(const struct xattr_handler *handler, struct dentry *dentry, + const char *name, void *buffer, size_t size) + { +- if (strlen(name) < sizeof(XATTR_TRUSTED_PREFIX)) +- return -EINVAL; +- + if (!capable(CAP_SYS_ADMIN) || IS_PRIVATE(d_inode(dentry))) + return -EPERM; + +- return reiserfs_xattr_get(d_inode(dentry), name, buffer, size); ++ return reiserfs_xattr_get(d_inode(dentry), ++ xattr_full_name(handler, name), ++ buffer, size); + } + + static int + trusted_set(const struct xattr_handler *handler, struct dentry *dentry, + const char *name, const void *buffer, size_t size, int flags) + { +- if (strlen(name) < sizeof(XATTR_TRUSTED_PREFIX)) +- return -EINVAL; +- + if (!capable(CAP_SYS_ADMIN) || IS_PRIVATE(d_inode(dentry))) + return -EPERM; + +- return reiserfs_xattr_set(d_inode(dentry), name, buffer, size, flags); ++ return reiserfs_xattr_set(d_inode(dentry), ++ xattr_full_name(handler, name), ++ buffer, size, flags); + } + + static size_t trusted_list(const struct xattr_handler *handler, +--- a/fs/reiserfs/xattr_user.c ++++ b/fs/reiserfs/xattr_user.c +@@ -10,24 +10,22 @@ static int + user_get(const struct xattr_handler *handler, struct dentry *dentry, + const char *name, void *buffer, size_t size) + { +- +- if (strlen(name) < sizeof(XATTR_USER_PREFIX)) +- return -EINVAL; + if (!reiserfs_xattrs_user(dentry->d_sb)) + return -EOPNOTSUPP; +- return reiserfs_xattr_get(d_inode(dentry), name, buffer, size); ++ return reiserfs_xattr_get(d_inode(dentry), ++ xattr_full_name(handler, name), ++ buffer, size); + } + + static int + user_set(const struct xattr_handler *handler, struct dentry *dentry, + const char *name, const void *buffer, size_t size, int flags) + { +- if (strlen(name) < sizeof(XATTR_USER_PREFIX)) +- return -EINVAL; +- + if (!reiserfs_xattrs_user(dentry->d_sb)) + return -EOPNOTSUPP; +- return reiserfs_xattr_set(d_inode(dentry), name, buffer, size, flags); ++ return reiserfs_xattr_set(d_inode(dentry), ++ xattr_full_name(handler, name), ++ buffer, size, flags); + } + + static size_t user_list(const struct xattr_handler *handler, diff --git a/queue-4.4/reiserfs-unlock-superblock-before-calling-reiserfs_quota_on_mount.patch b/queue-4.4/reiserfs-unlock-superblock-before-calling-reiserfs_quota_on_mount.patch new file mode 100644 index 00000000000..a7517ad786d --- /dev/null +++ b/queue-4.4/reiserfs-unlock-superblock-before-calling-reiserfs_quota_on_mount.patch @@ -0,0 +1,109 @@ +From 420902c9d086848a7548c83e0a49021514bd71b7 Mon Sep 17 00:00:00 2001 +From: Mike Galbraith +Date: Mon, 13 Aug 2012 15:21:23 +0200 +Subject: reiserfs: Unlock superblock before calling reiserfs_quota_on_mount() + +From: Mike Galbraith + +commit 420902c9d086848a7548c83e0a49021514bd71b7 upstream. + +If we hold the superblock lock while calling reiserfs_quota_on_mount(), we can +deadlock our own worker - mount blocks kworker/3:2, sleeps forever more. + +crash> ps|grep UN + 715 2 3 ffff880220734d30 UN 0.0 0 0 [kworker/3:2] + 9369 9341 2 ffff88021ffb7560 UN 1.3 493404 123184 Xorg + 9665 9664 3 ffff880225b92ab0 UN 0.0 47368 812 udisks-daemon + 10635 10403 3 ffff880222f22c70 UN 0.0 14904 936 mount +crash> bt ffff880220734d30 +PID: 715 TASK: ffff880220734d30 CPU: 3 COMMAND: "kworker/3:2" + #0 [ffff8802244c3c20] schedule at ffffffff8144584b + #1 [ffff8802244c3cc8] __rt_mutex_slowlock at ffffffff814472b3 + #2 [ffff8802244c3d28] rt_mutex_slowlock at ffffffff814473f5 + #3 [ffff8802244c3dc8] reiserfs_write_lock at ffffffffa05f28fd [reiserfs] + #4 [ffff8802244c3de8] flush_async_commits at ffffffffa05ec91d [reiserfs] + #5 [ffff8802244c3e08] process_one_work at ffffffff81073726 + #6 [ffff8802244c3e68] worker_thread at ffffffff81073eba + #7 [ffff8802244c3ec8] kthread at ffffffff810782e0 + #8 [ffff8802244c3f48] kernel_thread_helper at ffffffff81450064 +crash> rd ffff8802244c3cc8 10 +ffff8802244c3cc8: ffffffff814472b3 ffff880222f23250 .rD.....P2.".... +ffff8802244c3cd8: 0000000000000000 0000000000000286 ................ +ffff8802244c3ce8: ffff8802244c3d30 ffff880220734d80 0=L$.....Ms .... +ffff8802244c3cf8: ffff880222e8f628 0000000000000000 (.."............ +ffff8802244c3d08: 0000000000000000 0000000000000002 ................ +crash> struct rt_mutex ffff880222e8f628 +struct rt_mutex { + wait_lock = { + raw_lock = { + slock = 65537 + } + }, + wait_list = { + node_list = { + next = 0xffff8802244c3d48, + prev = 0xffff8802244c3d48 + } + }, + owner = 0xffff880222f22c71, + save_state = 0 +} +crash> bt 0xffff880222f22c70 +PID: 10635 TASK: ffff880222f22c70 CPU: 3 COMMAND: "mount" + #0 [ffff8802216a9868] schedule at ffffffff8144584b + #1 [ffff8802216a9910] schedule_timeout at ffffffff81446865 + #2 [ffff8802216a99a0] wait_for_common at ffffffff81445f74 + #3 [ffff8802216a9a30] flush_work at ffffffff810712d3 + #4 [ffff8802216a9ab0] schedule_on_each_cpu at ffffffff81074463 + #5 [ffff8802216a9ae0] invalidate_bdev at ffffffff81178aba + #6 [ffff8802216a9af0] vfs_load_quota_inode at ffffffff811a3632 + #7 [ffff8802216a9b50] dquot_quota_on_mount at ffffffff811a375c + #8 [ffff8802216a9b80] finish_unfinished at ffffffffa05dd8b0 [reiserfs] + #9 [ffff8802216a9cc0] reiserfs_fill_super at ffffffffa05de825 [reiserfs] + RIP: 00007f7b9303997a RSP: 00007ffff443c7a8 RFLAGS: 00010202 + RAX: 00000000000000a5 RBX: ffffffff8144ef12 RCX: 00007f7b932e9ee0 + RDX: 00007f7b93d9a400 RSI: 00007f7b93d9a3e0 RDI: 00007f7b93d9a3c0 + RBP: 00007f7b93d9a2c0 R8: 00007f7b93d9a550 R9: 0000000000000001 + R10: ffffffffc0ed040e R11: 0000000000000202 R12: 000000000000040e + R13: 0000000000000000 R14: 00000000c0ed040e R15: 00007ffff443ca20 + ORIG_RAX: 00000000000000a5 CS: 0033 SS: 002b + +Signed-off-by: Mike Galbraith +Acked-by: Frederic Weisbecker +Acked-by: Mike Galbraith +Signed-off-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman + +--- + fs/reiserfs/super.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/fs/reiserfs/super.c ++++ b/fs/reiserfs/super.c +@@ -190,7 +190,15 @@ static int remove_save_link_only(struct + static int reiserfs_quota_on_mount(struct super_block *, int); + #endif + +-/* look for uncompleted unlinks and truncates and complete them */ ++/* ++ * Look for uncompleted unlinks and truncates and complete them ++ * ++ * Called with superblock write locked. If quotas are enabled, we have to ++ * release/retake lest we call dquot_quota_on_mount(), proceed to ++ * schedule_on_each_cpu() in invalidate_bdev() and deadlock waiting for the per ++ * cpu worklets to complete flush_async_commits() that in turn wait for the ++ * superblock write lock. ++ */ + static int finish_unfinished(struct super_block *s) + { + INITIALIZE_PATH(path); +@@ -237,7 +245,9 @@ static int finish_unfinished(struct supe + quota_enabled[i] = 0; + continue; + } ++ reiserfs_write_unlock(s); + ret = reiserfs_quota_on_mount(s, i); ++ reiserfs_write_lock(s); + if (ret < 0) + reiserfs_warning(s, "reiserfs-2500", + "cannot turn on journaled " diff --git a/queue-4.4/series b/queue-4.4/series index e8a4bb3c6a5..1261969bb2b 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -1 +1,13 @@ serial-8250_dw-check-the-data-pclk-when-get-apb_pclk.patch +btrfs-assign-error-values-to-the-correct-bio-structs.patch +drivers-base-dma-mapping-page-align-the-size-when-unmap_kernel_range.patch +fuse-listxattr-verify-xattr-list.patch +fuse-invalidate-dir-dentry-after-chmod.patch +fuse-fix-killing-sid-in-setattr.patch +i40e-avoid-null-pointer-dereference-and-recursive-errors-on-early-pci-error.patch +brcmfmac-fix-memory-leak-in-brcmf_fill_bss_param.patch +asoc-nau8825-fix-bug-in-fll-parameter.patch +asoc-intel-atom-add-a-missing-star-in-a-memcpy-call.patch +reiserfs-unlock-superblock-before-calling-reiserfs_quota_on_mount.patch +reiserfs-switch-to-generic_-get-set-remove-xattr.patch +async_pq_val-fix-dma-memory-leak.patch