From: Sasha Levin Date: Fri, 10 Jun 2022 12:34:56 +0000 (-0400) Subject: Fixes for 4.19 X-Git-Tag: v4.9.318~105 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=753a4ab4e2f2fa930c5b0d8aab91609d35a8ebb2;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.19 Signed-off-by: Sasha Levin --- diff --git a/queue-4.19/i2c-cadence-increase-timeout-per-message-if-necessar.patch b/queue-4.19/i2c-cadence-increase-timeout-per-message-if-necessar.patch new file mode 100644 index 00000000000..83270dc2392 --- /dev/null +++ b/queue-4.19/i2c-cadence-increase-timeout-per-message-if-necessar.patch @@ -0,0 +1,64 @@ +From fb60eef4a67b5ba3947ab230921043bc8aa87cba Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 13 Apr 2022 10:14:10 +0100 +Subject: i2c: cadence: Increase timeout per message if necessary + +From: Lucas Tanure + +[ Upstream commit 96789dce043f5bff8b7d62aa28d52a7c59403a84 ] + +Timeout as 1 second sets an upper limit on the length +of the transfer executed, but there is no maximum length +of a write or read message set in i2c_adapter_quirks for +this controller. + +This upper limit affects devices that require sending +large firmware blobs over I2C. + +To remove that limitation, calculate the minimal time +necessary, plus some wiggle room, for every message and +use it instead of the default one second, if more than +one second. + +Signed-off-by: Lucas Tanure +Acked-by: Michal Simek +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-cadence.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-cadence.c b/drivers/i2c/busses/i2c-cadence.c +index c5475bb4fae6..2150afdcc083 100644 +--- a/drivers/i2c/busses/i2c-cadence.c ++++ b/drivers/i2c/busses/i2c-cadence.c +@@ -511,7 +511,7 @@ static void cdns_i2c_master_reset(struct i2c_adapter *adap) + static int cdns_i2c_process_msg(struct cdns_i2c *id, struct i2c_msg *msg, + struct i2c_adapter *adap) + { +- unsigned long time_left; ++ unsigned long time_left, msg_timeout; + u32 reg; + + id->p_msg = msg; +@@ -536,8 +536,16 @@ static int cdns_i2c_process_msg(struct cdns_i2c *id, struct i2c_msg *msg, + else + cdns_i2c_msend(id); + ++ /* Minimal time to execute this message */ ++ msg_timeout = msecs_to_jiffies((1000 * msg->len * BITS_PER_BYTE) / id->i2c_clk); ++ /* Plus some wiggle room */ ++ msg_timeout += msecs_to_jiffies(500); ++ ++ if (msg_timeout < adap->timeout) ++ msg_timeout = adap->timeout; ++ + /* Wait for the signal of completion */ +- time_left = wait_for_completion_timeout(&id->xfer_done, adap->timeout); ++ time_left = wait_for_completion_timeout(&id->xfer_done, msg_timeout); + if (time_left == 0) { + cdns_i2c_master_reset(adap); + dev_err(id->adap.dev.parent, +-- +2.35.1 + diff --git a/queue-4.19/m68knommu-fix-undefined-reference-to-_init_sp.patch b/queue-4.19/m68knommu-fix-undefined-reference-to-_init_sp.patch new file mode 100644 index 00000000000..bb38d52fba7 --- /dev/null +++ b/queue-4.19/m68knommu-fix-undefined-reference-to-_init_sp.patch @@ -0,0 +1,43 @@ +From 24740cef0d103b5084efa27d0c884e9eb94bdd8a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 13 May 2022 17:27:39 +1000 +Subject: m68knommu: fix undefined reference to `_init_sp' + +From: Greg Ungerer + +[ Upstream commit a71b9e66fee47c59b3ec34e652b5c23bc6550794 ] + +When configuring a nommu classic m68k system enabling the uboot parameter +passing support (CONFIG_UBOOT) will produce the following compile error: + + m68k-linux-ld: arch/m68k/kernel/uboot.o: in function `process_uboot_commandline': + uboot.c:(.init.text+0x32): undefined reference to `_init_sp' + +The logic to support this option is only used on ColdFire based platforms +(in its head.S startup code). So make the selection of this option +depend on building for a ColdFire based platform. + +Reported-by: kernel test robot +Reviewed-by: Geert Uytterhoeven +Acked-by: Geert Uytterhoeven +Signed-off-by: Greg Ungerer +Signed-off-by: Sasha Levin +--- + arch/m68k/Kconfig.machine | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/m68k/Kconfig.machine b/arch/m68k/Kconfig.machine +index 0c451081432a..d07f3009a4a0 100644 +--- a/arch/m68k/Kconfig.machine ++++ b/arch/m68k/Kconfig.machine +@@ -315,6 +315,7 @@ comment "Machine Options" + + config UBOOT + bool "Support for U-Boot command line parameters" ++ depends on COLDFIRE + help + If you say Y here kernel will try to collect command + line parameters from the initial u-boot stack. +-- +2.35.1 + diff --git a/queue-4.19/m68knommu-set-zero_page-to-the-allocated-zeroed-page.patch b/queue-4.19/m68knommu-set-zero_page-to-the-allocated-zeroed-page.patch new file mode 100644 index 00000000000..1614f05c91d --- /dev/null +++ b/queue-4.19/m68knommu-set-zero_page-to-the-allocated-zeroed-page.patch @@ -0,0 +1,47 @@ +From 0108d93112007cc231a6afd4a07c49ba14e1e081 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Apr 2022 23:27:47 +1000 +Subject: m68knommu: set ZERO_PAGE() to the allocated zeroed page + +From: Greg Ungerer + +[ Upstream commit dc068f46217970d9516f16cd37972a01d50dc055 ] + +The non-MMU m68k pagetable ZERO_PAGE() macro is being set to the +somewhat non-sensical value of "virt_to_page(0)". The zeroth page +is not in any way guaranteed to be a page full of "0". So the result +is that ZERO_PAGE() will almost certainly contain random values. + +We already allocate a real "empty_zero_page" in the mm setup code shared +between MMU m68k and non-MMU m68k. It is just not hooked up to the +ZERO_PAGE() macro for the non-MMU m68k case. + +Fix ZERO_PAGE() to use the allocated "empty_zero_page" pointer. + +I am not aware of any specific issues caused by the old code. + +Link: https://lore.kernel.org/linux-m68k/2a462b23-5b8e-bbf4-ec7d-778434a3b9d7@google.com/T/#t +Reported-by: Hugh Dickens +Signed-off-by: Greg Ungerer +Signed-off-by: Sasha Levin +--- + arch/m68k/include/asm/pgtable_no.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/m68k/include/asm/pgtable_no.h b/arch/m68k/include/asm/pgtable_no.h +index fc3a96c77bd8..12f673707d4b 100644 +--- a/arch/m68k/include/asm/pgtable_no.h ++++ b/arch/m68k/include/asm/pgtable_no.h +@@ -42,7 +42,8 @@ extern void paging_init(void); + * ZERO_PAGE is a global shared page that is always zero: used + * for zero-mapped memory areas etc.. + */ +-#define ZERO_PAGE(vaddr) (virt_to_page(0)) ++extern void *empty_zero_page; ++#define ZERO_PAGE(vaddr) (virt_to_page(empty_zero_page)) + + /* + * No page table caches to initialise. +-- +2.35.1 + diff --git a/queue-4.19/mips-cpc-fix-refcount-leak-in-mips_cpc_default_phys_.patch b/queue-4.19/mips-cpc-fix-refcount-leak-in-mips_cpc_default_phys_.patch new file mode 100644 index 00000000000..f88dcd1077e --- /dev/null +++ b/queue-4.19/mips-cpc-fix-refcount-leak-in-mips_cpc_default_phys_.patch @@ -0,0 +1,35 @@ +From 93e51ad8172f44b78dd5d00c54c4e69d64f59837 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 7 Apr 2022 12:26:57 +0800 +Subject: mips: cpc: Fix refcount leak in mips_cpc_default_phys_base + +From: Gong Yuanjun + +[ Upstream commit 4107fa700f314592850e2c64608f6ede4c077476 ] + +Add the missing of_node_put() to release the refcount incremented +by of_find_compatible_node(). + +Signed-off-by: Gong Yuanjun +Reviewed-by: Serge Semin +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Sasha Levin +--- + arch/mips/kernel/mips-cpc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/mips/kernel/mips-cpc.c b/arch/mips/kernel/mips-cpc.c +index fcf9af492d60..cf46502c605e 100644 +--- a/arch/mips/kernel/mips-cpc.c ++++ b/arch/mips/kernel/mips-cpc.c +@@ -31,6 +31,7 @@ phys_addr_t __weak mips_cpc_default_phys_base(void) + cpc_node = of_find_compatible_node(of_root, NULL, "mti,mips-cpc"); + if (cpc_node) { + err = of_address_to_resource(cpc_node, 0, &res); ++ of_node_put(cpc_node); + if (!err) + return res.start; + } +-- +2.35.1 + diff --git a/queue-4.19/nfsv4-don-t-hold-the-layoutget-locks-across-multiple.patch b/queue-4.19/nfsv4-don-t-hold-the-layoutget-locks-across-multiple.patch new file mode 100644 index 00000000000..d321e059396 --- /dev/null +++ b/queue-4.19/nfsv4-don-t-hold-the-layoutget-locks-across-multiple.patch @@ -0,0 +1,39 @@ +From 4bc1378b5b52e6f3e2fdefc23cbe8ca6254e89da Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 14 May 2022 10:08:14 -0400 +Subject: NFSv4: Don't hold the layoutget locks across multiple RPC calls + +From: Trond Myklebust + +[ Upstream commit 6949493884fe88500de4af182588e071cf1544ee ] + +When doing layoutget as part of the open() compound, we have to be +careful to release the layout locks before we can call any further RPC +calls, such as setattr(). The reason is that those calls could trigger +a recall, which could deadlock. + +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/nfs4proc.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index 759c834b60fd..f48a11fa78bb 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -2920,6 +2920,10 @@ static int _nfs4_open_and_get_state(struct nfs4_opendata *opendata, + } + + out: ++ if (opendata->lgp) { ++ nfs4_lgopen_release(opendata->lgp); ++ opendata->lgp = NULL; ++ } + if (!opendata->cancelled) + nfs4_sequence_free_slot(&opendata->o_res.seq_res); + return ret; +-- +2.35.1 + diff --git a/queue-4.19/series b/queue-4.19/series index 08043c2644e..5a185ad3e8d 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -225,3 +225,12 @@ tcp-tcp_rtx_synack-can-be-called-from-process-contex.patch afs-fix-infinite-loop-found-by-xfstest-generic-676.patch tipc-check-attribute-length-for-bearer-name.patch perf-c2c-fix-sorting-in-percent_rmt_hitm_cmp.patch +mips-cpc-fix-refcount-leak-in-mips_cpc_default_phys_.patch +tracing-fix-sleeping-function-called-from-invalid-co.patch +tracing-avoid-adding-tracer-option-before-update_tra.patch +i2c-cadence-increase-timeout-per-message-if-necessar.patch +m68knommu-set-zero_page-to-the-allocated-zeroed-page.patch +m68knommu-fix-undefined-reference-to-_init_sp.patch +nfsv4-don-t-hold-the-layoutget-locks-across-multiple.patch +video-fbdev-pxa3xx-gcu-release-the-resources-correct.patch +xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch diff --git a/queue-4.19/tracing-avoid-adding-tracer-option-before-update_tra.patch b/queue-4.19/tracing-avoid-adding-tracer-option-before-update_tra.patch new file mode 100644 index 00000000000..0b3ae2d1a56 --- /dev/null +++ b/queue-4.19/tracing-avoid-adding-tracer-option-before-update_tra.patch @@ -0,0 +1,66 @@ +From 5857cbc91e67b8ca11f230a70c199396db5eafd1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 26 Apr 2022 20:24:06 +0800 +Subject: tracing: Avoid adding tracer option before update_tracer_options + +From: Mark-PK Tsai + +[ Upstream commit ef9188bcc6ca1d8a2ad83e826b548e6820721061 ] + +To prepare for support asynchronous tracer_init_tracefs initcall, +avoid calling create_trace_option_files before __update_tracer_options. +Otherwise, create_trace_option_files will show warning because +some tracers in trace_types list are already in tr->topts. + +For example, hwlat_tracer call register_tracer in late_initcall, +and global_trace.dir is already created in tracing_init_dentry, +hwlat_tracer will be put into tr->topts. +Then if the __update_tracer_options is executed after hwlat_tracer +registered, create_trace_option_files find that hwlat_tracer is +already in tr->topts. + +Link: https://lkml.kernel.org/r/20220426122407.17042-2-mark-pk.tsai@mediatek.com + +Link: https://lore.kernel.org/lkml/20220322133339.GA32582@xsang-OptiPlex-9020/ +Reported-by: kernel test robot +Signed-off-by: Mark-PK Tsai +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Sasha Levin +--- + kernel/trace/trace.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 017c8dd46b0f..5b7a6e9b0ab6 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -5368,12 +5368,18 @@ static void tracing_set_nop(struct trace_array *tr) + tr->current_trace = &nop_trace; + } + ++static bool tracer_options_updated; ++ + static void add_tracer_options(struct trace_array *tr, struct tracer *t) + { + /* Only enable if the directory has been created already. */ + if (!tr->dir) + return; + ++ /* Only create trace option files after update_tracer_options finish */ ++ if (!tracer_options_updated) ++ return; ++ + create_trace_option_files(tr, t); + } + +@@ -7820,6 +7826,7 @@ static void __update_tracer_options(struct trace_array *tr) + static void update_tracer_options(struct trace_array *tr) + { + mutex_lock(&trace_types_lock); ++ tracer_options_updated = true; + __update_tracer_options(tr); + mutex_unlock(&trace_types_lock); + } +-- +2.35.1 + diff --git a/queue-4.19/tracing-fix-sleeping-function-called-from-invalid-co.patch b/queue-4.19/tracing-fix-sleeping-function-called-from-invalid-co.patch new file mode 100644 index 00000000000..f8e75270cbc --- /dev/null +++ b/queue-4.19/tracing-fix-sleeping-function-called-from-invalid-co.patch @@ -0,0 +1,93 @@ +From 5b35d13b77d63eb39537064de1d527441409e6d4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Apr 2022 09:39:10 +0800 +Subject: tracing: Fix sleeping function called from invalid context on RT + kernel + +From: Jun Miao + +[ Upstream commit 12025abdc8539ed9d5014e2d647a3fd1bd3de5cd ] + +When setting bootparams="trace_event=initcall:initcall_start tp_printk=1" in the +cmdline, the output_printk() was called, and the spin_lock_irqsave() was called in the +atomic and irq disable interrupt context suitation. On the PREEMPT_RT kernel, +these locks are replaced with sleepable rt-spinlock, so the stack calltrace will +be triggered. +Fix it by raw_spin_lock_irqsave when PREEMPT_RT and "trace_event=initcall:initcall_start +tp_printk=1" enabled. + + BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 + in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0 + preempt_count: 2, expected: 0 + RCU nest depth: 0, expected: 0 + Preemption disabled at: + [] try_to_wake_up+0x7e/0xba0 + CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.1-rt17+ #19 34c5812404187a875f32bee7977f7367f9679ea7 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 + Call Trace: + + dump_stack_lvl+0x60/0x8c + dump_stack+0x10/0x12 + __might_resched.cold+0x11d/0x155 + rt_spin_lock+0x40/0x70 + trace_event_buffer_commit+0x2fa/0x4c0 + ? map_vsyscall+0x93/0x93 + trace_event_raw_event_initcall_start+0xbe/0x110 + ? perf_trace_initcall_finish+0x210/0x210 + ? probe_sched_wakeup+0x34/0x40 + ? ttwu_do_wakeup+0xda/0x310 + ? trace_hardirqs_on+0x35/0x170 + ? map_vsyscall+0x93/0x93 + do_one_initcall+0x217/0x3c0 + ? trace_event_raw_event_initcall_level+0x170/0x170 + ? push_cpu_stop+0x400/0x400 + ? cblist_init_generic+0x241/0x290 + kernel_init_freeable+0x1ac/0x347 + ? _raw_spin_unlock_irq+0x65/0x80 + ? rest_init+0xf0/0xf0 + kernel_init+0x1e/0x150 + ret_from_fork+0x22/0x30 + + +Link: https://lkml.kernel.org/r/20220419013910.894370-1-jun.miao@intel.com + +Signed-off-by: Jun Miao +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Sasha Levin +--- + kernel/trace/trace.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 063b434c89d2..017c8dd46b0f 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -2331,7 +2331,7 @@ trace_event_buffer_lock_reserve(struct ring_buffer **current_rb, + } + EXPORT_SYMBOL_GPL(trace_event_buffer_lock_reserve); + +-static DEFINE_SPINLOCK(tracepoint_iter_lock); ++static DEFINE_RAW_SPINLOCK(tracepoint_iter_lock); + static DEFINE_MUTEX(tracepoint_printk_mutex); + + static void output_printk(struct trace_event_buffer *fbuffer) +@@ -2352,14 +2352,14 @@ static void output_printk(struct trace_event_buffer *fbuffer) + + event = &fbuffer->trace_file->event_call->event; + +- spin_lock_irqsave(&tracepoint_iter_lock, flags); ++ raw_spin_lock_irqsave(&tracepoint_iter_lock, flags); + trace_seq_init(&iter->seq); + iter->ent = fbuffer->entry; + event_call->event.funcs->trace(iter, 0, event); + trace_seq_putc(&iter->seq, 0); + printk("%s", iter->seq.buffer); + +- spin_unlock_irqrestore(&tracepoint_iter_lock, flags); ++ raw_spin_unlock_irqrestore(&tracepoint_iter_lock, flags); + } + + int tracepoint_printk_sysctl(struct ctl_table *table, int write, +-- +2.35.1 + diff --git a/queue-4.19/video-fbdev-pxa3xx-gcu-release-the-resources-correct.patch b/queue-4.19/video-fbdev-pxa3xx-gcu-release-the-resources-correct.patch new file mode 100644 index 00000000000..ee75e0a49d0 --- /dev/null +++ b/queue-4.19/video-fbdev-pxa3xx-gcu-release-the-resources-correct.patch @@ -0,0 +1,67 @@ +From 329730bd2481c53b7699395c1b4ee23ed3062eaf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 13 May 2022 18:05:41 +0800 +Subject: video: fbdev: pxa3xx-gcu: release the resources correctly in + pxa3xx_gcu_probe/remove() + +From: Yang Yingliang + +[ Upstream commit d87ad457f7e1b8d2492ca5b1531eb35030a1cc8f ] + +In pxa3xx_gcu_probe(), the sequence of error lable is wrong, it will +leads some resource leaked, so adjust the sequence to handle the error +correctly, and if pxa3xx_gcu_add_buffer() fails, pxa3xx_gcu_free_buffers() +need be called. +In pxa3xx_gcu_remove(), add missing clk_disable_unpreprare(). + +Signed-off-by: Yang Yingliang +Signed-off-by: Helge Deller +Signed-off-by: Sasha Levin +--- + drivers/video/fbdev/pxa3xx-gcu.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/drivers/video/fbdev/pxa3xx-gcu.c b/drivers/video/fbdev/pxa3xx-gcu.c +index 69cfb337c857..43695a33f062 100644 +--- a/drivers/video/fbdev/pxa3xx-gcu.c ++++ b/drivers/video/fbdev/pxa3xx-gcu.c +@@ -663,6 +663,7 @@ static int pxa3xx_gcu_probe(struct platform_device *pdev) + for (i = 0; i < 8; i++) { + ret = pxa3xx_gcu_add_buffer(dev, priv); + if (ret) { ++ pxa3xx_gcu_free_buffers(dev, priv); + dev_err(dev, "failed to allocate DMA memory\n"); + goto err_disable_clk; + } +@@ -678,15 +679,15 @@ static int pxa3xx_gcu_probe(struct platform_device *pdev) + SHARED_SIZE, irq); + return 0; + +-err_free_dma: +- dma_free_coherent(dev, SHARED_SIZE, +- priv->shared, priv->shared_phys); ++err_disable_clk: ++ clk_disable_unprepare(priv->clk); + + err_misc_deregister: + misc_deregister(&priv->misc_dev); + +-err_disable_clk: +- clk_disable_unprepare(priv->clk); ++err_free_dma: ++ dma_free_coherent(dev, SHARED_SIZE, ++ priv->shared, priv->shared_phys); + + return ret; + } +@@ -699,6 +700,7 @@ static int pxa3xx_gcu_remove(struct platform_device *pdev) + pxa3xx_gcu_wait_idle(priv); + misc_deregister(&priv->misc_dev); + dma_free_coherent(dev, SHARED_SIZE, priv->shared, priv->shared_phys); ++ clk_disable_unprepare(priv->clk); + pxa3xx_gcu_free_buffers(dev, priv); + + return 0; +-- +2.35.1 + diff --git a/queue-4.19/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch b/queue-4.19/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch new file mode 100644 index 00000000000..184dc46babb --- /dev/null +++ b/queue-4.19/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch @@ -0,0 +1,73 @@ +From 069b5a143f28fa04b3cf70b3c409dacad5d0645c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 22 May 2022 20:36:48 +0800 +Subject: xprtrdma: treat all calls not a bcall when bc_serv is NULL + +From: Kinglong Mee + +[ Upstream commit 11270e7ca268e8d61b5d9e5c3a54bd1550642c9c ] + +When a rdma server returns a fault format reply, nfs v3 client may +treats it as a bcall when bc service is not exist. + +The debug message at rpcrdma_bc_receive_call are, + +[56579.837169] RPC: rpcrdma_bc_receive_call: callback XID +00000001, length=20 +[56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 04 + +After that, rpcrdma_bc_receive_call will meets NULL pointer as, + +[ 226.057890] BUG: unable to handle kernel NULL pointer dereference at +00000000000000c8 +... +[ 226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20 +... +[ 226.059732] Call Trace: +[ 226.059878] rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma] +[ 226.060011] __ib_process_cq+0x89/0x170 [ib_core] +[ 226.060092] ib_cq_poll_work+0x26/0x80 [ib_core] +[ 226.060257] process_one_work+0x1a7/0x360 +[ 226.060367] ? create_worker+0x1a0/0x1a0 +[ 226.060440] worker_thread+0x30/0x390 +[ 226.060500] ? create_worker+0x1a0/0x1a0 +[ 226.060574] kthread+0x116/0x130 +[ 226.060661] ? kthread_flush_work_fn+0x10/0x10 +[ 226.060724] ret_from_fork+0x35/0x40 +... + +Signed-off-by: Kinglong Mee +Reviewed-by: Chuck Lever +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + net/sunrpc/xprtrdma/rpc_rdma.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/sunrpc/xprtrdma/rpc_rdma.c b/net/sunrpc/xprtrdma/rpc_rdma.c +index f2eaf264726b..3d65a2bccfc7 100644 +--- a/net/sunrpc/xprtrdma/rpc_rdma.c ++++ b/net/sunrpc/xprtrdma/rpc_rdma.c +@@ -980,6 +980,7 @@ static bool + rpcrdma_is_bcall(struct rpcrdma_xprt *r_xprt, struct rpcrdma_rep *rep) + #if defined(CONFIG_SUNRPC_BACKCHANNEL) + { ++ struct rpc_xprt *xprt = &r_xprt->rx_xprt; + struct xdr_stream *xdr = &rep->rr_stream; + __be32 *p; + +@@ -1003,6 +1004,10 @@ rpcrdma_is_bcall(struct rpcrdma_xprt *r_xprt, struct rpcrdma_rep *rep) + if (*p != cpu_to_be32(RPC_CALL)) + return false; + ++ /* No bc service. */ ++ if (xprt->bc_serv == NULL) ++ return false; ++ + /* Now that we are sure this is a backchannel call, + * advance to the RPC header. + */ +-- +2.35.1 +