From: Sasha Levin Date: Mon, 31 Aug 2020 01:27:36 +0000 (-0400) Subject: Fixes for 4.4 X-Git-Tag: v4.4.235~50 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7290cabca23c8d5d7c0fe55843762896aa9e6dcd;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.4 Signed-off-by: Sasha Levin --- diff --git a/queue-4.4/i2c-rcar-in-slave-mode-clear-nack-earlier.patch b/queue-4.4/i2c-rcar-in-slave-mode-clear-nack-earlier.patch new file mode 100644 index 00000000000..87350b8545d --- /dev/null +++ b/queue-4.4/i2c-rcar-in-slave-mode-clear-nack-earlier.patch @@ -0,0 +1,38 @@ +From ebe78666b4e933c7efcf43cb6cff0c8b407b5b0a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 17 Aug 2020 14:19:30 +0200 +Subject: i2c: rcar: in slave mode, clear NACK earlier + +From: Wolfram Sang + +[ Upstream commit 914a7b3563b8fb92f976619bbd0fa3a4a708baae ] + +Currently, a NACK in slave mode is set/cleared when SCL is held low by +the IP core right before the bit is about to be pushed out. This is too +late for clearing and then a NACK from the previous byte is still used +for the current one. Now, let's clear the NACK right after we detected +the STOP condition following the NACK. + +Fixes: de20d1857dd6 ("i2c: rcar: add slave support") +Signed-off-by: Wolfram Sang +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-rcar.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c +index ddfb08a3e6c20..00b3178c36a7a 100644 +--- a/drivers/i2c/busses/i2c-rcar.c ++++ b/drivers/i2c/busses/i2c-rcar.c +@@ -393,6 +393,7 @@ static bool rcar_i2c_slave_irq(struct rcar_i2c_priv *priv) + /* master sent stop */ + if (ssr_filtered & SSR) { + i2c_slave_event(priv->slave, I2C_SLAVE_STOP, &value); ++ rcar_i2c_write(priv, ICSCR, SIE | SDBS); /* clear our NACK */ + rcar_i2c_write(priv, ICSIER, SAR); + rcar_i2c_write(priv, ICSSR, ~SSR & 0xff); + } +-- +2.25.1 + diff --git a/queue-4.4/jbd2-abort-journal-if-free-a-async-write-error-metad.patch b/queue-4.4/jbd2-abort-journal-if-free-a-async-write-error-metad.patch new file mode 100644 index 00000000000..f4388ac8bb3 --- /dev/null +++ b/queue-4.4/jbd2-abort-journal-if-free-a-async-write-error-metad.patch @@ -0,0 +1,66 @@ +From bc584e9ad4522e339962ff463fb78562aba61a54 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 20 Jun 2020 10:54:26 +0800 +Subject: jbd2: abort journal if free a async write error metadata buffer + +From: zhangyi (F) + +[ Upstream commit c044f3d8360d2ecf831ba2cc9f08cf9fb2c699fb ] + +If we free a metadata buffer which has been failed to async write out +in the background, the jbd2 checkpoint procedure will not detect this +failure in jbd2_log_do_checkpoint(), so it may lead to filesystem +inconsistency after cleanup journal tail. This patch abort the journal +if free a buffer has write_io_error flag to prevent potential further +inconsistency. + +Signed-off-by: zhangyi (F) +Link: https://lore.kernel.org/r/20200620025427.1756360-5-yi.zhang@huawei.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Sasha Levin +--- + fs/jbd2/transaction.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c +index 622610934c9ad..ce2bf9d74224c 100644 +--- a/fs/jbd2/transaction.c ++++ b/fs/jbd2/transaction.c +@@ -2000,6 +2000,7 @@ int jbd2_journal_try_to_free_buffers(journal_t *journal, + { + struct buffer_head *head; + struct buffer_head *bh; ++ bool has_write_io_error = false; + int ret = 0; + + J_ASSERT(PageLocked(page)); +@@ -2024,11 +2025,26 @@ int jbd2_journal_try_to_free_buffers(journal_t *journal, + jbd_unlock_bh_state(bh); + if (buffer_jbd(bh)) + goto busy; ++ ++ /* ++ * If we free a metadata buffer which has been failed to ++ * write out, the jbd2 checkpoint procedure will not detect ++ * this failure and may lead to filesystem inconsistency ++ * after cleanup journal tail. ++ */ ++ if (buffer_write_io_error(bh)) { ++ pr_err("JBD2: Error while async write back metadata bh %llu.", ++ (unsigned long long)bh->b_blocknr); ++ has_write_io_error = true; ++ } + } while ((bh = bh->b_this_page) != head); + + ret = try_to_free_buffers(page); + + busy: ++ if (has_write_io_error) ++ jbd2_journal_abort(journal, -EIO); ++ + return ret; + } + +-- +2.25.1 + diff --git a/queue-4.4/jbd2-make-sure-jh-have-b_transaction-set-in-refile-u.patch b/queue-4.4/jbd2-make-sure-jh-have-b_transaction-set-in-refile-u.patch new file mode 100644 index 00000000000..a8fda66c116 --- /dev/null +++ b/queue-4.4/jbd2-make-sure-jh-have-b_transaction-set-in-refile-u.patch @@ -0,0 +1,62 @@ +From 3af376d7d5035f5b72cc4da6e7ce91a35c40b151 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 17 Jun 2020 11:25:49 +0200 +Subject: jbd2: make sure jh have b_transaction set in refile/unfile_buffer + +From: Lukas Czerner + +[ Upstream commit 24dc9864914eb5813173cfa53313fcd02e4aea7d ] + +Callers of __jbd2_journal_unfile_buffer() and +__jbd2_journal_refile_buffer() assume that the b_transaction is set. In +fact if it's not, we can end up with journal_head refcounting errors +leading to crash much later that might be very hard to track down. Add +asserts to make sure that is the case. + +We also make sure that b_next_transaction is NULL in +__jbd2_journal_unfile_buffer() since the callers expect that as well and +we should not get into that stage in this state anyway, leading to +problems later on if we do. + +Tested with fstests. + +Signed-off-by: Lukas Czerner +Reviewed-by: Jan Kara +Link: https://lore.kernel.org/r/20200617092549.6712-1-lczerner@redhat.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Sasha Levin +--- + fs/jbd2/transaction.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c +index 3233e5ac9774f..622610934c9ad 100644 +--- a/fs/jbd2/transaction.c ++++ b/fs/jbd2/transaction.c +@@ -1906,6 +1906,9 @@ static void __jbd2_journal_temp_unlink_buffer(struct journal_head *jh) + */ + static void __jbd2_journal_unfile_buffer(struct journal_head *jh) + { ++ J_ASSERT_JH(jh, jh->b_transaction != NULL); ++ J_ASSERT_JH(jh, jh->b_next_transaction == NULL); ++ + __jbd2_journal_temp_unlink_buffer(jh); + jh->b_transaction = NULL; + jbd2_journal_put_journal_head(jh); +@@ -2453,6 +2456,13 @@ void __jbd2_journal_refile_buffer(struct journal_head *jh) + + was_dirty = test_clear_buffer_jbddirty(bh); + __jbd2_journal_temp_unlink_buffer(jh); ++ ++ /* ++ * b_transaction must be set, otherwise the new b_transaction won't ++ * be holding jh reference ++ */ ++ J_ASSERT_JH(jh, jh->b_transaction != NULL); ++ + /* + * We set b_transaction here because b_next_transaction will inherit + * our jh reference and thus __jbd2_journal_file_buffer() must not +-- +2.25.1 + diff --git a/queue-4.4/net-gianfar-add-of_node_put-before-goto-statement.patch b/queue-4.4/net-gianfar-add-of_node_put-before-goto-statement.patch new file mode 100644 index 00000000000..54eda0b6106 --- /dev/null +++ b/queue-4.4/net-gianfar-add-of_node_put-before-goto-statement.patch @@ -0,0 +1,46 @@ +From 1612a04934c0338524b337e825012e6ecf0113e1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 19 Aug 2020 00:22:41 +0530 +Subject: net: gianfar: Add of_node_put() before goto statement + +From: Sumera Priyadarsini + +[ Upstream commit 989e4da042ca4a56bbaca9223d1a93639ad11e17 ] + +Every iteration of for_each_available_child_of_node() decrements +reference count of the previous node, however when control +is transferred from the middle of the loop, as in the case of +a return or break or goto, there is no decrement thus ultimately +resulting in a memory leak. + +Fix a potential memory leak in gianfar.c by inserting of_node_put() +before the goto statement. + +Issue found with Coccinelle. + +Signed-off-by: Sumera Priyadarsini +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/freescale/gianfar.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c +index 37cc1f838dd8b..96310e2ee5458 100644 +--- a/drivers/net/ethernet/freescale/gianfar.c ++++ b/drivers/net/ethernet/freescale/gianfar.c +@@ -845,8 +845,10 @@ static int gfar_of_init(struct platform_device *ofdev, struct net_device **pdev) + continue; + + err = gfar_parse_group(child, priv, model); +- if (err) ++ if (err) { ++ of_node_put(child); + goto err_grp_init; ++ } + } + } else { /* SQ_SG_MODE */ + err = gfar_parse_group(np, priv, model); +-- +2.25.1 + diff --git a/queue-4.4/powerpc-perf-fix-soft-lockups-due-to-missed-interrup.patch b/queue-4.4/powerpc-perf-fix-soft-lockups-due-to-missed-interrup.patch new file mode 100644 index 00000000000..b942c4b0ce3 --- /dev/null +++ b/queue-4.4/powerpc-perf-fix-soft-lockups-due-to-missed-interrup.patch @@ -0,0 +1,56 @@ +From 6f18ab50a35b60904bc15460f5cdbfe959f98f09 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 Aug 2020 08:46:32 -0400 +Subject: powerpc/perf: Fix soft lockups due to missed interrupt accounting + +From: Athira Rajeev + +[ Upstream commit 17899eaf88d689529b866371344c8f269ba79b5f ] + +Performance monitor interrupt handler checks if any counter has +overflown and calls record_and_restart() in core-book3s which invokes +perf_event_overflow() to record the sample information. Apart from +creating sample, perf_event_overflow() also does the interrupt and +period checks via perf_event_account_interrupt(). + +Currently we record information only if the SIAR (Sampled Instruction +Address Register) valid bit is set (using siar_valid() check) and +hence the interrupt check. + +But it is possible that we do sampling for some events that are not +generating valid SIAR, and hence there is no chance to disable the +event if interrupts are more than max_samples_per_tick. This leads to +soft lockup. + +Fix this by adding perf_event_account_interrupt() in the invalid SIAR +code path for a sampling event. ie if SIAR is invalid, just do +interrupt check and don't record the sample information. + +Reported-by: Alexey Kardashevskiy +Signed-off-by: Athira Rajeev +Tested-by: Alexey Kardashevskiy +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/1596717992-7321-1-git-send-email-atrajeev@linux.vnet.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/perf/core-book3s.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c +index 30e2e8efbe6b7..aab13558e9700 100644 +--- a/arch/powerpc/perf/core-book3s.c ++++ b/arch/powerpc/perf/core-book3s.c +@@ -2040,6 +2040,10 @@ static void record_and_restart(struct perf_event *event, unsigned long val, + + if (perf_event_overflow(event, &data, regs)) + power_pmu_stop(event, 0); ++ } else if (period) { ++ /* Account for interrupt in case of invalid SIAR */ ++ if (perf_event_account_interrupt(event)) ++ power_pmu_stop(event, 0); + } + } + +-- +2.25.1 + diff --git a/queue-4.4/s390-cio-add-cond_resched-in-the-slow_eval_known_fn-.patch b/queue-4.4/s390-cio-add-cond_resched-in-the-slow_eval_known_fn-.patch new file mode 100644 index 00000000000..98be37abda0 --- /dev/null +++ b/queue-4.4/s390-cio-add-cond_resched-in-the-slow_eval_known_fn-.patch @@ -0,0 +1,43 @@ +From 452e7c15358dbafa9a297b13dab978981e72cde5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 18 Jun 2020 16:42:45 +0200 +Subject: s390/cio: add cond_resched() in the slow_eval_known_fn() loop + +From: Vineeth Vijayan + +[ Upstream commit 0b8eb2ee9da1e8c9b8082f404f3948aa82a057b2 ] + +The scanning through subchannels during the time of an event could +take significant amount of time in case of platforms with lots of +known subchannels. This might result in higher scheduling latencies +for other tasks especially on systems with a single CPU. Add +cond_resched() call, as the loop in slow_eval_known_fn() can be +executed for a longer duration. + +Reviewed-by: Peter Oberparleiter +Signed-off-by: Vineeth Vijayan +Signed-off-by: Heiko Carstens +Signed-off-by: Sasha Levin +--- + drivers/s390/cio/css.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/s390/cio/css.c b/drivers/s390/cio/css.c +index 8ecc956ecb59c..370a3a2c6de73 100644 +--- a/drivers/s390/cio/css.c ++++ b/drivers/s390/cio/css.c +@@ -529,6 +529,11 @@ static int slow_eval_known_fn(struct subchannel *sch, void *data) + rc = css_evaluate_known_subchannel(sch, 1); + if (rc == -EAGAIN) + css_schedule_eval(sch->schid); ++ /* ++ * The loop might take long time for platforms with lots of ++ * known devices. Allow scheduling here. ++ */ ++ cond_resched(); + } + return 0; + } +-- +2.25.1 + diff --git a/queue-4.4/scsi-ufs-fix-possible-infinite-loop-in-ufshcd_hold.patch b/queue-4.4/scsi-ufs-fix-possible-infinite-loop-in-ufshcd_hold.patch new file mode 100644 index 00000000000..67d4e97fe17 --- /dev/null +++ b/queue-4.4/scsi-ufs-fix-possible-infinite-loop-in-ufshcd_hold.patch @@ -0,0 +1,57 @@ +From 7bfb21ed5595be40c037e8e1b99aa96329471ddf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 9 Aug 2020 13:07:34 +0800 +Subject: scsi: ufs: Fix possible infinite loop in ufshcd_hold + +From: Stanley Chu + +[ Upstream commit 93b6c5db06028a3b55122bbb74d0715dd8ca4ae0 ] + +In ufshcd_suspend(), after clk-gating is suspended and link is set +as Hibern8 state, ufshcd_hold() is still possibly invoked before +ufshcd_suspend() returns. For example, MediaTek's suspend vops may +issue UIC commands which would call ufshcd_hold() during the command +issuing flow. + +Now if UFSHCD_CAP_HIBERN8_WITH_CLK_GATING capability is enabled, +then ufshcd_hold() may enter infinite loops because there is no +clk-ungating work scheduled or pending. In this case, ufshcd_hold() +shall just bypass, and keep the link as Hibern8 state. + +Link: https://lore.kernel.org/r/20200809050734.18740-1-stanley.chu@mediatek.com +Reviewed-by: Avri Altman +Co-developed-by: Andy Teng +Signed-off-by: Andy Teng +Signed-off-by: Stanley Chu +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/ufs/ufshcd.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c +index d15cd7a02f9b4..d7a0a64f64536 100644 +--- a/drivers/scsi/ufs/ufshcd.c ++++ b/drivers/scsi/ufs/ufshcd.c +@@ -575,6 +575,7 @@ unblock_reqs: + int ufshcd_hold(struct ufs_hba *hba, bool async) + { + int rc = 0; ++ bool flush_result; + unsigned long flags; + + if (!ufshcd_is_clkgating_allowed(hba)) +@@ -601,7 +602,9 @@ start: + break; + } + spin_unlock_irqrestore(hba->host->host_lock, flags); +- flush_work(&hba->clk_gating.ungate_work); ++ flush_result = flush_work(&hba->clk_gating.ungate_work); ++ if (hba->clk_gating.is_suspended && !flush_result) ++ goto out; + spin_lock_irqsave(hba->host->host_lock, flags); + goto start; + } +-- +2.25.1 + diff --git a/queue-4.4/series b/queue-4.4/series index ad09ed025dc..942b0688416 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -30,3 +30,10 @@ media-davinci-vpif_capture-fix-potential-double-free.patch powerpc-spufs-add-config_coredump-dependency.patch usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch revert-ath10k-fix-dma-related-firmware-crashes-on-mu.patch +i2c-rcar-in-slave-mode-clear-nack-earlier.patch +jbd2-make-sure-jh-have-b_transaction-set-in-refile-u.patch +jbd2-abort-journal-if-free-a-async-write-error-metad.patch +s390-cio-add-cond_resched-in-the-slow_eval_known_fn-.patch +scsi-ufs-fix-possible-infinite-loop-in-ufshcd_hold.patch +net-gianfar-add-of_node_put-before-goto-statement.patch +powerpc-perf-fix-soft-lockups-due-to-missed-interrup.patch