From: Greg Kroah-Hartman Date: Sun, 9 Feb 2020 17:21:17 +0000 (+0100) Subject: 5.5-stable patches X-Git-Tag: v4.19.103~43 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4f7b5af42081a7be36e98fc8a4038f7cc5f5e13e;p=thirdparty%2Fkernel%2Fstable-queue.git 5.5-stable patches added patches: ib-core-fix-odp-get-user-pages-flow.patch ib-core-fix-odp-with-ib_access_hugetlb-handling.patch ib-mlx5-fix-outstanding_pi-index-for-gsi-qps.patch nfsd-fix-delay-timer-on-32-bit-architectures.patch nfsd-fix-jiffies-time_t-mixup-in-lru-list.patch nfsd-fixing-possible-null-pointer-derefering-in-copy-offload.patch nfsd-return-the-correct-number-of-bytes-written-to-the-file.patch staging-wfx-revert-unexpected-change-in-debugfs-output.patch --- diff --git a/queue-5.5/ib-core-fix-odp-get-user-pages-flow.patch b/queue-5.5/ib-core-fix-odp-get-user-pages-flow.patch new file mode 100644 index 00000000000..ed80c77eb7f --- /dev/null +++ b/queue-5.5/ib-core-fix-odp-get-user-pages-flow.patch @@ -0,0 +1,37 @@ +From d07de8bd1709a80a282963ad7b2535148678a9e4 Mon Sep 17 00:00:00 2001 +From: Yishai Hadas +Date: Sun, 22 Dec 2019 14:46:48 +0200 +Subject: IB/core: Fix ODP get user pages flow + +From: Yishai Hadas + +commit d07de8bd1709a80a282963ad7b2535148678a9e4 upstream. + +The nr_pages argument of get_user_pages_remote() should always be in terms +of the system page size, not the MR page size. Use PAGE_SIZE instead of +umem_odp->page_shift. + +Fixes: 403cd12e2cf7 ("IB/umem: Add contiguous ODP support") +Link: https://lore.kernel.org/r/20191222124649.52300-3-leon@kernel.org +Signed-off-by: Yishai Hadas +Reviewed-by: Artemy Kovalyov +Reviewed-by: Jason Gunthorpe +Signed-off-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/core/umem_odp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/infiniband/core/umem_odp.c ++++ b/drivers/infiniband/core/umem_odp.c +@@ -440,7 +440,7 @@ int ib_umem_odp_map_dma_pages(struct ib_ + + while (bcnt > 0) { + const size_t gup_num_pages = min_t(size_t, +- (bcnt + BIT(page_shift) - 1) >> page_shift, ++ ALIGN(bcnt, PAGE_SIZE) / PAGE_SIZE, + PAGE_SIZE / sizeof(struct page *)); + + down_read(&owning_mm->mmap_sem); diff --git a/queue-5.5/ib-core-fix-odp-with-ib_access_hugetlb-handling.patch b/queue-5.5/ib-core-fix-odp-with-ib_access_hugetlb-handling.patch new file mode 100644 index 00000000000..0110cbe1f70 --- /dev/null +++ b/queue-5.5/ib-core-fix-odp-with-ib_access_hugetlb-handling.patch @@ -0,0 +1,69 @@ +From 9ff1b6466a291a33389c4a9c7f3f9b64d62df40a Mon Sep 17 00:00:00 2001 +From: Yishai Hadas +Date: Sun, 22 Dec 2019 14:46:49 +0200 +Subject: IB/core: Fix ODP with IB_ACCESS_HUGETLB handling + +From: Yishai Hadas + +commit 9ff1b6466a291a33389c4a9c7f3f9b64d62df40a upstream. + +As VMAs for a given range might not be available as part of the +registration phase in ODP. + +ib_init_umem_odp() considered the expected page shift value that was +previously set and initializes its internals accordingly. + +If memory isn't backed by physical contiguous pages aligned to a hugepage +boundary an error will be set as part of the page fault flow and come back +to the user as some failed RDMA operation. + +Fixes: 0008b84ea9af ("IB/umem: Add support to huge ODP") +Link: https://lore.kernel.org/r/20191222124649.52300-4-leon@kernel.org +Signed-off-by: Yishai Hadas +Reviewed-by: Artemy Kovalyov +Signed-off-by: Leon Romanovsky +Reviewed-by: Jason Gunthorpe +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/core/umem_odp.c | 21 ++++----------------- + 1 file changed, 4 insertions(+), 17 deletions(-) + +--- a/drivers/infiniband/core/umem_odp.c ++++ b/drivers/infiniband/core/umem_odp.c +@@ -241,22 +241,10 @@ struct ib_umem_odp *ib_umem_odp_get(stru + umem_odp->umem.owning_mm = mm = current->mm; + umem_odp->notifier.ops = ops; + +- umem_odp->page_shift = PAGE_SHIFT; +- if (access & IB_ACCESS_HUGETLB) { +- struct vm_area_struct *vma; +- struct hstate *h; +- +- down_read(&mm->mmap_sem); +- vma = find_vma(mm, ib_umem_start(umem_odp)); +- if (!vma || !is_vm_hugetlb_page(vma)) { +- up_read(&mm->mmap_sem); +- ret = -EINVAL; +- goto err_free; +- } +- h = hstate_vma(vma); +- umem_odp->page_shift = huge_page_shift(h); +- up_read(&mm->mmap_sem); +- } ++ if (access & IB_ACCESS_HUGETLB) ++ umem_odp->page_shift = HPAGE_SHIFT; ++ else ++ umem_odp->page_shift = PAGE_SHIFT; + + umem_odp->tgid = get_task_pid(current->group_leader, PIDTYPE_PID); + ret = ib_init_umem_odp(umem_odp, ops); +@@ -266,7 +254,6 @@ struct ib_umem_odp *ib_umem_odp_get(stru + + err_put_pid: + put_pid(umem_odp->tgid); +-err_free: + kfree(umem_odp); + return ERR_PTR(ret); + } diff --git a/queue-5.5/ib-mlx5-fix-outstanding_pi-index-for-gsi-qps.patch b/queue-5.5/ib-mlx5-fix-outstanding_pi-index-for-gsi-qps.patch new file mode 100644 index 00000000000..f4ef1bd4b98 --- /dev/null +++ b/queue-5.5/ib-mlx5-fix-outstanding_pi-index-for-gsi-qps.patch @@ -0,0 +1,40 @@ +From b5671afe5e39ed71e94eae788bacdcceec69db09 Mon Sep 17 00:00:00 2001 +From: Prabhath Sajeepa +Date: Thu, 12 Dec 2019 17:11:29 -0700 +Subject: IB/mlx5: Fix outstanding_pi index for GSI qps + +From: Prabhath Sajeepa + +commit b5671afe5e39ed71e94eae788bacdcceec69db09 upstream. + +Commit b0ffeb537f3a ("IB/mlx5: Fix iteration overrun in GSI qps") changed +the way outstanding WRs are tracked for the GSI QP. But the fix did not +cover the case when a call to ib_post_send() fails and updates index to +track outstanding. + +Since the prior commmit outstanding_pi should not be bounded otherwise the +loop generate_completions() will fail. + +Fixes: b0ffeb537f3a ("IB/mlx5: Fix iteration overrun in GSI qps") +Link: https://lore.kernel.org/r/1576195889-23527-1-git-send-email-psajeepa@purestorage.com +Signed-off-by: Prabhath Sajeepa +Acked-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/hw/mlx5/gsi.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/infiniband/hw/mlx5/gsi.c ++++ b/drivers/infiniband/hw/mlx5/gsi.c +@@ -507,8 +507,7 @@ int mlx5_ib_gsi_post_send(struct ib_qp * + ret = ib_post_send(tx_qp, &cur_wr.wr, bad_wr); + if (ret) { + /* Undo the effect of adding the outstanding wr */ +- gsi->outstanding_pi = (gsi->outstanding_pi - 1) % +- gsi->cap.max_send_wr; ++ gsi->outstanding_pi--; + goto err; + } + spin_unlock_irqrestore(&gsi->lock, flags); diff --git a/queue-5.5/nfsd-fix-delay-timer-on-32-bit-architectures.patch b/queue-5.5/nfsd-fix-delay-timer-on-32-bit-architectures.patch new file mode 100644 index 00000000000..c45e2d1df13 --- /dev/null +++ b/queue-5.5/nfsd-fix-delay-timer-on-32-bit-architectures.patch @@ -0,0 +1,40 @@ +From 2561c92b12f4f4e386d453556685f75775c0938b Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Sun, 3 Nov 2019 22:32:20 +0100 +Subject: nfsd: fix delay timer on 32-bit architectures + +From: Arnd Bergmann + +commit 2561c92b12f4f4e386d453556685f75775c0938b upstream. + +The nfsd4_cb_layout_done() function takes a 'time_t' value, +multiplied by NSEC_PER_SEC*2 to get a nanosecond value. + +This works fine on 64-bit architectures, but on 32-bit, any +value over 1 second results in a signed integer overflow +with unexpected results. + +Cast one input to a 64-bit type in order to produce the +same result that we have on 64-bit architectures, regarless +of the type of nfsd4_lease. + +Fixes: 6b9b21073d3b ("nfsd: give up on CB_LAYOUTRECALLs after two lease periods") +Signed-off-by: Arnd Bergmann +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4layouts.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4layouts.c ++++ b/fs/nfsd/nfs4layouts.c +@@ -675,7 +675,7 @@ nfsd4_cb_layout_done(struct nfsd4_callba + + /* Client gets 2 lease periods to return it */ + cutoff = ktime_add_ns(task->tk_start, +- nn->nfsd4_lease * NSEC_PER_SEC * 2); ++ (u64)nn->nfsd4_lease * NSEC_PER_SEC * 2); + + if (ktime_before(now, cutoff)) { + rpc_delay(task, HZ/100); /* 10 mili-seconds */ diff --git a/queue-5.5/nfsd-fix-jiffies-time_t-mixup-in-lru-list.patch b/queue-5.5/nfsd-fix-jiffies-time_t-mixup-in-lru-list.patch new file mode 100644 index 00000000000..b992936267b --- /dev/null +++ b/queue-5.5/nfsd-fix-jiffies-time_t-mixup-in-lru-list.patch @@ -0,0 +1,53 @@ +From 9594497f2c78993cb66b696122f7c65528ace985 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Mon, 4 Nov 2019 14:43:17 +0100 +Subject: nfsd: fix jiffies/time_t mixup in LRU list + +From: Arnd Bergmann + +commit 9594497f2c78993cb66b696122f7c65528ace985 upstream. + +The nfsd4_blocked_lock->nbl_time timestamp is recorded in jiffies, +but then compared to a CLOCK_REALTIME timestamp later on, which makes +no sense. + +For consistency with the other timestamps, change this to use a time_t. + +This is a change in behavior, which may cause regressions, but the +current code is not sensible. On a system with CONFIG_HZ=1000, +the 'time_after((unsigned long)nbl->nbl_time, (unsigned long)cutoff))' +check is false for roughly the first 18 days of uptime and then true +for the next 49 days. + +Fixes: 7919d0a27f1e ("nfsd: add a LRU list for blocked locks") +Signed-off-by: Arnd Bergmann +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4state.c | 2 +- + fs/nfsd/state.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -6550,7 +6550,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struc + } + + if (fl_flags & FL_SLEEP) { +- nbl->nbl_time = jiffies; ++ nbl->nbl_time = get_seconds(); + spin_lock(&nn->blocked_locks_lock); + list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked); + list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru); +--- a/fs/nfsd/state.h ++++ b/fs/nfsd/state.h +@@ -606,7 +606,7 @@ static inline bool nfsd4_stateid_generat + struct nfsd4_blocked_lock { + struct list_head nbl_list; + struct list_head nbl_lru; +- unsigned long nbl_time; ++ time_t nbl_time; + struct file_lock nbl_lock; + struct knfsd_fh nbl_fh; + struct nfsd4_callback nbl_cb; diff --git a/queue-5.5/nfsd-fixing-possible-null-pointer-derefering-in-copy-offload.patch b/queue-5.5/nfsd-fixing-possible-null-pointer-derefering-in-copy-offload.patch new file mode 100644 index 00000000000..21d80011bbf --- /dev/null +++ b/queue-5.5/nfsd-fixing-possible-null-pointer-derefering-in-copy-offload.patch @@ -0,0 +1,34 @@ +From 2e577f0faca4640348c398cb85d60a1eedac4b1e Mon Sep 17 00:00:00 2001 +From: Olga Kornievskaia +Date: Wed, 4 Dec 2019 15:13:54 -0500 +Subject: NFSD fixing possible null pointer derefering in copy offload + +From: Olga Kornievskaia + +commit 2e577f0faca4640348c398cb85d60a1eedac4b1e upstream. + +Static checker revealed possible error path leading to possible +NULL pointer dereferencing. + +Reported-by: Dan Carpenter +Fixes: e0639dc5805a: ("NFSD introduce async copy feature") +Signed-off-by: Olga Kornievskaia +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4proc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -1223,7 +1223,8 @@ static void cleanup_async_copy(struct nf + { + nfs4_free_cp_state(copy); + nfsd_file_put(copy->nf_dst); +- nfsd_file_put(copy->nf_src); ++ if (copy->cp_intra) ++ nfsd_file_put(copy->nf_src); + spin_lock(©->cp_clp->async_lock); + list_del(©->copies); + spin_unlock(©->cp_clp->async_lock); diff --git a/queue-5.5/nfsd-return-the-correct-number-of-bytes-written-to-the-file.patch b/queue-5.5/nfsd-return-the-correct-number-of-bytes-written-to-the-file.patch new file mode 100644 index 00000000000..c7e328f3bd2 --- /dev/null +++ b/queue-5.5/nfsd-return-the-correct-number-of-bytes-written-to-the-file.patch @@ -0,0 +1,31 @@ +From 09a80f2aef06b7c86143f5c14efd3485e0d2c139 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Tue, 17 Dec 2019 12:33:33 -0500 +Subject: nfsd: Return the correct number of bytes written to the file + +From: Trond Myklebust + +commit 09a80f2aef06b7c86143f5c14efd3485e0d2c139 upstream. + +We must allow for the fact that iov_iter_write() could have returned +a short write (e.g. if there was an ENOSPC issue). + +Fixes: d890be159a71 "nfsd: Add I/O trace points in the NFSv4 write path" +Signed-off-by: Trond Myklebust +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/vfs.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfsd/vfs.c ++++ b/fs/nfsd/vfs.c +@@ -975,6 +975,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, s + host_err = vfs_iter_write(file, &iter, &pos, flags); + if (host_err < 0) + goto out_nfserr; ++ *cnt = host_err; + nfsdstats.io_write += *cnt; + fsnotify_modify(file); + diff --git a/queue-5.5/series b/queue-5.5/series index bd8dcf0ebdb..4c5ebd20a63 100644 --- a/queue-5.5/series +++ b/queue-5.5/series @@ -291,3 +291,11 @@ nfc-pn544-adjust-indentation-in-pn544_hci_check_presence.patch ppp-adjust-indentation-into-ppp_async_input.patch net-smc911x-adjust-indentation-in-smc911x_phy_configure.patch net-tulip-adjust-indentation-in-dmfe-uli526x-_init_module.patch +ib-mlx5-fix-outstanding_pi-index-for-gsi-qps.patch +ib-core-fix-odp-get-user-pages-flow.patch +ib-core-fix-odp-with-ib_access_hugetlb-handling.patch +staging-wfx-revert-unexpected-change-in-debugfs-output.patch +nfsd-fix-delay-timer-on-32-bit-architectures.patch +nfsd-fix-jiffies-time_t-mixup-in-lru-list.patch +nfsd-fixing-possible-null-pointer-derefering-in-copy-offload.patch +nfsd-return-the-correct-number-of-bytes-written-to-the-file.patch diff --git a/queue-5.5/staging-wfx-revert-unexpected-change-in-debugfs-output.patch b/queue-5.5/staging-wfx-revert-unexpected-change-in-debugfs-output.patch new file mode 100644 index 00000000000..d788839a14e --- /dev/null +++ b/queue-5.5/staging-wfx-revert-unexpected-change-in-debugfs-output.patch @@ -0,0 +1,45 @@ +From 8b08b6a8c31f18c3657405410e4c3f6bc4fa75f1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Pouiller?= +Date: Wed, 15 Jan 2020 13:54:03 +0000 +Subject: staging: wfx: revert unexpected change in debugfs output +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jérôme Pouiller + +commit 8b08b6a8c31f18c3657405410e4c3f6bc4fa75f1 upstream. + +It appears that commit 8c7128c4cf4e ("staging: align to fix warnings of +line over 80 characters") do slightly more than what is explained in +commit log. + +Especially, it changes the output of the file rx_stats from debugfs. +From some point of view, this file can be considered as a part of the +API. Any change on it should be clearly announced. + +Since the change introduced does not seems to have any justification, +revert it. + +Reported-by: Pascal Prime +Cc: Jules Irenge +Fixes: 8c7128c4cf4e ("staging: align to fix warnings of line over 80 characters") +Signed-off-by: Jérôme Pouiller +Link: https://lore.kernel.org/r/20200115135338.14374-2-Jerome.Pouiller@silabs.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/wfx/debug.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/wfx/debug.c ++++ b/drivers/staging/wfx/debug.c +@@ -145,7 +145,7 @@ static int wfx_rx_stats_show(struct seq_ + st->pwr_clk_freq, + st->is_ext_pwr_clk ? "yes" : "no"); + seq_printf(seq, +- "N. of frames: %d, PER (x10e4): %d, Throughput: %dKbps/s\n", ++ "Num. of frames: %d, PER (x10e4): %d, Throughput: %dKbps/s\n", + st->nb_rx_frame, st->per_total, st->throughput); + seq_puts(seq, " Num. of PER RSSI SNR CFO\n"); + seq_puts(seq, " frames (x10e4) (dBm) (dB) (kHz)\n");