From: Greg Kroah-Hartman Date: Mon, 28 Sep 2020 14:19:49 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.4.238~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=806da84dcfc0b33646031f2d415206eaa2d04886;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: kprobes-fix-to-check-probe-enabled-before-disarm_kprobe_ftrace.patch mm-thp-swap-fix-allocating-cluster-for-swapfile-by-mistake.patch s390-dasd-fix-zero-write-for-fba-devices.patch --- diff --git a/queue-4.14/kprobes-fix-to-check-probe-enabled-before-disarm_kprobe_ftrace.patch b/queue-4.14/kprobes-fix-to-check-probe-enabled-before-disarm_kprobe_ftrace.patch new file mode 100644 index 00000000000..69229a783d4 --- /dev/null +++ b/queue-4.14/kprobes-fix-to-check-probe-enabled-before-disarm_kprobe_ftrace.patch @@ -0,0 +1,99 @@ +From 3031313eb3d549b7ad6f9fbcc52ba04412e3eb9e Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Tue, 1 Sep 2020 00:12:07 +0900 +Subject: kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() + +From: Masami Hiramatsu + +commit 3031313eb3d549b7ad6f9fbcc52ba04412e3eb9e upstream. + +Commit 0cb2f1372baa ("kprobes: Fix NULL pointer dereference at +kprobe_ftrace_handler") fixed one bug but not completely fixed yet. +If we run a kprobe_module.tc of ftracetest, kernel showed a warning +as below. + +# ./ftracetest test.d/kprobe/kprobe_module.tc +=== Ftrace unit tests === +[1] Kprobe dynamic event - probing module +... +[ 22.400215] ------------[ cut here ]------------ +[ 22.400962] Failed to disarm kprobe-ftrace at trace_printk_irq_work+0x0/0x7e [trace_printk] (-2) +[ 22.402139] WARNING: CPU: 7 PID: 200 at kernel/kprobes.c:1091 __disarm_kprobe_ftrace.isra.0+0x7e/0xa0 +[ 22.403358] Modules linked in: trace_printk(-) +[ 22.404028] CPU: 7 PID: 200 Comm: rmmod Not tainted 5.9.0-rc2+ #66 +[ 22.404870] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1 04/01/2014 +[ 22.406139] RIP: 0010:__disarm_kprobe_ftrace.isra.0+0x7e/0xa0 +[ 22.406947] Code: 30 8b 03 eb c9 80 3d e5 09 1f 01 00 75 dc 49 8b 34 24 89 c2 48 c7 c7 a0 c2 05 82 89 45 e4 c6 05 cc 09 1f 01 01 e8 a9 c7 f0 ff <0f> 0b 8b 45 e4 eb b9 89 c6 48 c7 c7 70 c2 05 82 89 45 e4 e8 91 c7 +[ 22.409544] RSP: 0018:ffffc90000237df0 EFLAGS: 00010286 +[ 22.410385] RAX: 0000000000000000 RBX: ffffffff83066024 RCX: 0000000000000000 +[ 22.411434] RDX: 0000000000000001 RSI: ffffffff810de8d3 RDI: ffffffff810de8d3 +[ 22.412687] RBP: ffffc90000237e10 R08: 0000000000000001 R09: 0000000000000001 +[ 22.413762] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88807c478640 +[ 22.414852] R13: ffffffff8235ebc0 R14: ffffffffa00060c0 R15: 0000000000000000 +[ 22.415941] FS: 00000000019d48c0(0000) GS:ffff88807d7c0000(0000) knlGS:0000000000000000 +[ 22.417264] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 22.418176] CR2: 00000000005bb7e3 CR3: 0000000078f7a000 CR4: 00000000000006a0 +[ 22.419309] Call Trace: +[ 22.419990] kill_kprobe+0x94/0x160 +[ 22.420652] kprobes_module_callback+0x64/0x230 +[ 22.421470] notifier_call_chain+0x4f/0x70 +[ 22.422184] blocking_notifier_call_chain+0x49/0x70 +[ 22.422979] __x64_sys_delete_module+0x1ac/0x240 +[ 22.423733] do_syscall_64+0x38/0x50 +[ 22.424366] entry_SYSCALL_64_after_hwframe+0x44/0xa9 +[ 22.425176] RIP: 0033:0x4bb81d +[ 22.425741] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e0 ff ff ff f7 d8 64 89 01 48 +[ 22.428726] RSP: 002b:00007ffc70fef008 EFLAGS: 00000246 ORIG_RAX: 00000000000000b0 +[ 22.430169] RAX: ffffffffffffffda RBX: 00000000019d48a0 RCX: 00000000004bb81d +[ 22.431375] RDX: 0000000000000000 RSI: 0000000000000880 RDI: 00007ffc70fef028 +[ 22.432543] RBP: 0000000000000880 R08: 00000000ffffffff R09: 00007ffc70fef320 +[ 22.433692] R10: 0000000000656300 R11: 0000000000000246 R12: 00007ffc70fef028 +[ 22.434635] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000000 +[ 22.435682] irq event stamp: 1169 +[ 22.436240] hardirqs last enabled at (1179): [] console_unlock+0x422/0x580 +[ 22.437466] hardirqs last disabled at (1188): [] console_unlock+0x7b/0x580 +[ 22.438608] softirqs last enabled at (866): [] __do_softirq+0x38e/0x490 +[ 22.439637] softirqs last disabled at (859): [] asm_call_on_stack+0x12/0x20 +[ 22.440690] ---[ end trace 1e7ce7e1e4567276 ]--- +[ 22.472832] trace_kprobe: This probe might be able to register after target module is loaded. Continue. + +This is because the kill_kprobe() calls disarm_kprobe_ftrace() even +if the given probe is not enabled. In that case, ftrace_set_filter_ip() +fails because the given probe point is not registered to ftrace. + +Fix to check the given (going) probe is enabled before invoking +disarm_kprobe_ftrace(). + +Link: https://lkml.kernel.org/r/159888672694.1411785.5987998076694782591.stgit@devnote2 + +Fixes: 0cb2f1372baa ("kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler") +Cc: Ingo Molnar +Cc: "Naveen N . Rao" +Cc: Anil S Keshavamurthy +Cc: David Miller +Cc: Muchun Song +Cc: Chengming Zhou +Cc: stable@vger.kernel.org +Signed-off-by: Masami Hiramatsu +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/kprobes.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -2140,9 +2140,10 @@ static void kill_kprobe(struct kprobe *p + + /* + * The module is going away. We should disarm the kprobe which +- * is using ftrace. ++ * is using ftrace, because ftrace framework is still available at ++ * MODULE_STATE_GOING notification. + */ +- if (kprobe_ftrace(p)) ++ if (kprobe_ftrace(p) && !kprobe_disabled(p) && !kprobes_all_disarmed) + disarm_kprobe_ftrace(p); + } + diff --git a/queue-4.14/mm-thp-swap-fix-allocating-cluster-for-swapfile-by-mistake.patch b/queue-4.14/mm-thp-swap-fix-allocating-cluster-for-swapfile-by-mistake.patch new file mode 100644 index 00000000000..23220079b2f --- /dev/null +++ b/queue-4.14/mm-thp-swap-fix-allocating-cluster-for-swapfile-by-mistake.patch @@ -0,0 +1,85 @@ +From 41663430588c737dd735bad5a0d1ba325dcabd59 Mon Sep 17 00:00:00 2001 +From: Gao Xiang +Date: Fri, 25 Sep 2020 21:19:01 -0700 +Subject: mm, THP, swap: fix allocating cluster for swapfile by mistake + +From: Gao Xiang + +commit 41663430588c737dd735bad5a0d1ba325dcabd59 upstream. + +SWP_FS is used to make swap_{read,write}page() go through the +filesystem, and it's only used for swap files over NFS. So, !SWP_FS +means non NFS for now, it could be either file backed or device backed. +Something similar goes with legacy SWP_FILE. + +So in order to achieve the goal of the original patch, SWP_BLKDEV should +be used instead. + +FS corruption can be observed with SSD device + XFS + fragmented +swapfile due to CONFIG_THP_SWAP=y. + +I reproduced the issue with the following details: + +Environment: + + QEMU + upstream kernel + buildroot + NVMe (2 GB) + +Kernel config: + + CONFIG_BLK_DEV_NVME=y + CONFIG_THP_SWAP=y + +Some reproducible steps: + + mkfs.xfs -f /dev/nvme0n1 + mkdir /tmp/mnt + mount /dev/nvme0n1 /tmp/mnt + bs="32k" + sz="1024m" # doesn't matter too much, I also tried 16m + xfs_io -f -c "pwrite -R -b $bs 0 $sz" -c "fdatasync" /tmp/mnt/sw + xfs_io -f -c "pwrite -R -b $bs 0 $sz" -c "fdatasync" /tmp/mnt/sw + xfs_io -f -c "pwrite -R -b $bs 0 $sz" -c "fdatasync" /tmp/mnt/sw + xfs_io -f -c "pwrite -F -S 0 -b $bs 0 $sz" -c "fdatasync" /tmp/mnt/sw + xfs_io -f -c "pwrite -R -b $bs 0 $sz" -c "fsync" /tmp/mnt/sw + + mkswap /tmp/mnt/sw + swapon /tmp/mnt/sw + + stress --vm 2 --vm-bytes 600M # doesn't matter too much as well + +Symptoms: + - FS corruption (e.g. checksum failure) + - memory corruption at: 0xd2808010 + - segfault + +Fixes: f0eea189e8e9 ("mm, THP, swap: Don't allocate huge cluster for file backed swap device") +Fixes: 38d8b4e6bdc8 ("mm, THP, swap: delay splitting THP during swap out") +Signed-off-by: Gao Xiang +Signed-off-by: Andrew Morton +Reviewed-by: "Huang, Ying" +Reviewed-by: Yang Shi +Acked-by: Rafael Aquini +Cc: Matthew Wilcox +Cc: Carlos Maiolino +Cc: Eric Sandeen +Cc: Dave Chinner +Cc: +Link: https://lkml.kernel.org/r/20200820045323.7809-1-hsiangkao@redhat.com +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/swapfile.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/swapfile.c ++++ b/mm/swapfile.c +@@ -973,7 +973,7 @@ start_over: + goto nextsi; + } + if (cluster) { +- if (!(si->flags & SWP_FILE)) ++ if (si->flags & SWP_BLKDEV) + n_ret = swap_alloc_cluster(si, swp_entries); + } else + n_ret = scan_swap_map_slots(si, SWAP_HAS_CACHE, diff --git a/queue-4.14/s390-dasd-fix-zero-write-for-fba-devices.patch b/queue-4.14/s390-dasd-fix-zero-write-for-fba-devices.patch new file mode 100644 index 00000000000..173f69ab97c --- /dev/null +++ b/queue-4.14/s390-dasd-fix-zero-write-for-fba-devices.patch @@ -0,0 +1,69 @@ +From 709192d531e5b0a91f20aa14abfe2fc27ddd47af Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20H=C3=B6ppner?= +Date: Mon, 14 Sep 2020 13:56:47 +0200 +Subject: s390/dasd: Fix zero write for FBA devices +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jan Höppner + +commit 709192d531e5b0a91f20aa14abfe2fc27ddd47af upstream. + +A discard request that writes zeros using the global kernel internal +ZERO_PAGE will fail for machines with more than 2GB of memory due to the +location of the ZERO_PAGE. + +Fix this by using a driver owned global zero page allocated with GFP_DMA +flag set. + +Fixes: 28b841b3a7cb ("s390/dasd: Add discard support for FBA devices") +Signed-off-by: Jan Höppner +Reviewed-by: Stefan Haberland +Cc: # 4.14+ +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/block/dasd_fba.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/drivers/s390/block/dasd_fba.c ++++ b/drivers/s390/block/dasd_fba.c +@@ -39,6 +39,7 @@ + MODULE_LICENSE("GPL"); + + static struct dasd_discipline dasd_fba_discipline; ++static void *dasd_fba_zero_page; + + struct dasd_fba_private { + struct dasd_fba_characteristics rdc_data; +@@ -269,7 +270,7 @@ static void ccw_write_zero(struct ccw1 * + ccw->cmd_code = DASD_FBA_CCW_WRITE; + ccw->flags |= CCW_FLAG_SLI; + ccw->count = count; +- ccw->cda = (__u32) (addr_t) page_to_phys(ZERO_PAGE(0)); ++ ccw->cda = (__u32) (addr_t) dasd_fba_zero_page; + } + + /* +@@ -808,6 +809,11 @@ dasd_fba_init(void) + int ret; + + ASCEBC(dasd_fba_discipline.ebcname, 4); ++ ++ dasd_fba_zero_page = (void *)get_zeroed_page(GFP_KERNEL | GFP_DMA); ++ if (!dasd_fba_zero_page) ++ return -ENOMEM; ++ + ret = ccw_driver_register(&dasd_fba_driver); + if (!ret) + wait_for_device_probe(); +@@ -819,6 +825,7 @@ static void __exit + dasd_fba_cleanup(void) + { + ccw_driver_unregister(&dasd_fba_driver); ++ free_page((unsigned long)dasd_fba_zero_page); + } + + module_init(dasd_fba_init); diff --git a/queue-4.14/series b/queue-4.14/series index ff5e26cf81f..b875c9df415 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -160,3 +160,6 @@ batman-adv-add-missing-include-for-in_interrupt.patch batman-adv-mcast-fix-duplicate-mcast-packets-in-bla-.patch alsa-asihpi-fix-iounmap-in-error-handler.patch mips-add-the-missing-cpu_1074k-into-__get_cpu_type.patch +s390-dasd-fix-zero-write-for-fba-devices.patch +kprobes-fix-to-check-probe-enabled-before-disarm_kprobe_ftrace.patch +mm-thp-swap-fix-allocating-cluster-for-swapfile-by-mistake.patch