From: Sasha Levin Date: Sat, 28 Sep 2019 00:58:08 +0000 (-0400) Subject: fixes for 4.4 X-Git-Tag: v5.3.2~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=502c019edc27238e0cfb29b7cfd4ef5305af9bcf;p=thirdparty%2Fkernel%2Fstable-queue.git fixes for 4.4 Signed-off-by: Sasha Levin --- diff --git a/queue-4.4/f2fs-check-all-the-data-segments-against-all-node-on.patch b/queue-4.4/f2fs-check-all-the-data-segments-against-all-node-on.patch new file mode 100644 index 00000000000..eb76e63ac0d --- /dev/null +++ b/queue-4.4/f2fs-check-all-the-data-segments-against-all-node-on.patch @@ -0,0 +1,44 @@ +From d5e98b5c33d8f1e7eaa55072be3ada10e56ee652 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 23 Aug 2019 15:40:45 -0700 +Subject: f2fs: check all the data segments against all node ones + +From: Surbhi Palande + +[ Upstream commit 1166c1f2f69117ad254189ca781287afa6e550b6 ] + +As a part of the sanity checking while mounting, distinct segment number +assignment to data and node segments is verified. Fixing a small bug in +this verification between node and data segments. We need to check all +the data segments with all the node segments. + +Fixes: 042be0f849e5f ("f2fs: fix to do sanity check with current segment number") +Signed-off-by: Surbhi Palande +Reviewed-by: Chao Yu +Signed-off-by: Jaegeuk Kim +Signed-off-by: Sasha Levin +--- + fs/f2fs/super.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c +index bd0dfaecfac3b..aa07c01dc036c 100644 +--- a/fs/f2fs/super.c ++++ b/fs/f2fs/super.c +@@ -1211,11 +1211,11 @@ int sanity_check_ckpt(struct f2fs_sb_info *sbi) + } + } + for (i = 0; i < NR_CURSEG_NODE_TYPE; i++) { +- for (j = i; j < NR_CURSEG_DATA_TYPE; j++) { ++ for (j = 0; j < NR_CURSEG_DATA_TYPE; j++) { + if (le32_to_cpu(ckpt->cur_node_segno[i]) == + le32_to_cpu(ckpt->cur_data_segno[j])) { + f2fs_msg(sbi->sb, KERN_ERR, +- "Data segment (%u) and Data segment (%u)" ++ "Node segment (%u) and Data segment (%u)" + " has the same segno: %u", i, j, + le32_to_cpu(ckpt->cur_node_segno[i])); + return 1; +-- +2.20.1 + diff --git a/queue-4.4/irqchip-gic-v3-its-fix-lpi-release-for-multi-msi-dev.patch b/queue-4.4/irqchip-gic-v3-its-fix-lpi-release-for-multi-msi-dev.patch new file mode 100644 index 00000000000..863abcef21d --- /dev/null +++ b/queue-4.4/irqchip-gic-v3-its-fix-lpi-release-for-multi-msi-dev.patch @@ -0,0 +1,54 @@ +From 88bd3cbc099490c139ccdbdcaa56f03ae9548fe1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 5 Sep 2019 14:56:47 +0100 +Subject: irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices + +From: Marc Zyngier + +[ Upstream commit c9c96e30ecaa0aafa225aa1a5392cb7db17c7a82 ] + +When allocating a range of LPIs for a Multi-MSI capable device, +this allocation extended to the closest power of 2. + +But on the release path, the interrupts are released one by +one. This results in not releasing the "extra" range, leaking +the its_device. Trying to reprobe the device will then fail. + +Fix it by releasing the LPIs the same way we allocate them. + +Fixes: 8208d1708b88 ("irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size") +Reported-by: Jiaxing Luo +Tested-by: John Garry +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/f5e948aa-e32f-3f74-ae30-31fee06c2a74@huawei.com +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-gic-v3-its.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c +index 114d5883d4978..cf11d43ce2416 100644 +--- a/drivers/irqchip/irq-gic-v3-its.c ++++ b/drivers/irqchip/irq-gic-v3-its.c +@@ -1372,14 +1372,13 @@ static void its_irq_domain_free(struct irq_domain *domain, unsigned int virq, + struct its_device *its_dev = irq_data_get_irq_chip_data(d); + int i; + ++ bitmap_release_region(its_dev->event_map.lpi_map, ++ its_get_event_id(irq_domain_get_irq_data(domain, virq)), ++ get_count_order(nr_irqs)); ++ + for (i = 0; i < nr_irqs; i++) { + struct irq_data *data = irq_domain_get_irq_data(domain, + virq + i); +- u32 event = its_get_event_id(data); +- +- /* Mark interrupt index as unused */ +- clear_bit(event, its_dev->event_map.lpi_map); +- + /* Nuke the entry in the domain */ + irq_domain_reset_irq_data(data); + } +-- +2.20.1 + diff --git a/queue-4.4/revert-f2fs-avoid-out-of-range-memory-access.patch b/queue-4.4/revert-f2fs-avoid-out-of-range-memory-access.patch new file mode 100644 index 00000000000..63484a27d4d --- /dev/null +++ b/queue-4.4/revert-f2fs-avoid-out-of-range-memory-access.patch @@ -0,0 +1,61 @@ +From 48c6bc54464c6d4748110ae0ce12de9ded6f9519 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Aug 2019 18:15:48 +0800 +Subject: Revert "f2fs: avoid out-of-range memory access" + +From: Chao Yu + +[ Upstream commit a37d0862d17411edb67677a580a6f505ec2225f6 ] + +As Pavel Machek reported: + +"We normally use -EUCLEAN to signal filesystem corruption. Plus, it is +good idea to report it to the syslog and mark filesystem as "needing +fsck" if filesystem can do that." + +Still we need improve the original patch with: +- use unlikely keyword +- add message print +- return EUCLEAN + +However, after rethink this patch, I don't think we should add such +condition check here as below reasons: +- We have already checked the field in f2fs_sanity_check_ckpt(), +- If there is fs corrupt or security vulnerability, there is nothing +to guarantee the field is integrated after the check, unless we do +the check before each of its use, however no filesystem does that. +- We only have similar check for bitmap, which was added due to there +is bitmap corruption happened on f2fs' runtime in product. +- There are so many key fields in SB/CP/NAT did have such check +after f2fs_sanity_check_{sb,cp,..}. + +So I propose to revert this unneeded check. + +This reverts commit 56f3ce675103e3fb9e631cfb4131fc768bc23e9a. + +Signed-off-by: Chao Yu +Signed-off-by: Jaegeuk Kim +Signed-off-by: Sasha Levin +--- + fs/f2fs/segment.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c +index 014bee5c0e75e..6802cd754eda0 100644 +--- a/fs/f2fs/segment.c ++++ b/fs/f2fs/segment.c +@@ -1510,11 +1510,6 @@ static int read_compacted_summaries(struct f2fs_sb_info *sbi) + seg_i = CURSEG_I(sbi, i); + segno = le32_to_cpu(ckpt->cur_data_segno[i]); + blk_off = le16_to_cpu(ckpt->cur_data_blkoff[i]); +- if (blk_off > ENTRIES_IN_SUM) { +- f2fs_bug_on(sbi, 1); +- f2fs_put_page(page, 1); +- return -EFAULT; +- } + seg_i->next_segno = segno; + reset_curseg(sbi, i, 0); + seg_i->alloc_type = ckpt->alloc_type[i]; +-- +2.20.1 + diff --git a/queue-4.4/series b/queue-4.4/series index 6d511291a31..b43e938e31f 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -11,3 +11,6 @@ alsa-hda-add-laptop-imic-fixup-for-asus-m9v-laptop.patch mac80211-print-text-for-disassociation-reason.patch mac80211-handle-deauthentication-disassociation-from.patch locking-lockdep-add-debug_locks-check-in-__lock_down.patch +irqchip-gic-v3-its-fix-lpi-release-for-multi-msi-dev.patch +f2fs-check-all-the-data-segments-against-all-node-on.patch +revert-f2fs-avoid-out-of-range-memory-access.patch