From: Greg Kroah-Hartman Date: Mon, 1 Mar 2021 13:31:05 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v4.4.259~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=852066d8d5af1af717e0292b5093bc8f23b20f6d;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: arm64-extend-workaround-for-erratum-1024718-to-all-versions-of-cortex-a55.patch gpio-pcf857x-fix-missing-first-interrupt.patch media-smipcie-fix-interrupt-handling-and-ir-timeout.patch mmc-sdhci-esdhc-imx-fix-kernel-panic-when-remove-module.patch module-ignore-_global_offset_table_-when-warning-for-undefined-symbols.patch powerpc-32s-add-missing-call-to-kuep_lock-on-syscall-entry.patch printk-fix-deadlock-when-kernel-panic.patch spmi-spmi-pmic-arb-fix-hw_irq-overflow.patch --- diff --git a/queue-5.4/arm64-extend-workaround-for-erratum-1024718-to-all-versions-of-cortex-a55.patch b/queue-5.4/arm64-extend-workaround-for-erratum-1024718-to-all-versions-of-cortex-a55.patch new file mode 100644 index 00000000000..f9a9d318d3c --- /dev/null +++ b/queue-5.4/arm64-extend-workaround-for-erratum-1024718-to-all-versions-of-cortex-a55.patch @@ -0,0 +1,53 @@ +From c0b15c25d25171db4b70cc0b7dbc1130ee94017d Mon Sep 17 00:00:00 2001 +From: Suzuki K Poulose +Date: Wed, 3 Feb 2021 23:00:57 +0000 +Subject: arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55 + +From: Suzuki K Poulose + +commit c0b15c25d25171db4b70cc0b7dbc1130ee94017d upstream. + +The erratum 1024718 affects Cortex-A55 r0p0 to r2p0. However +we apply the work around for r0p0 - r1p0. Unfortunately this +won't be fixed for the future revisions for the CPU. Thus +extend the work around for all versions of A55, to cover +for r2p0 and any future revisions. + +Cc: stable@vger.kernel.org +Cc: Catalin Marinas +Cc: Will Deacon +Cc: James Morse +Cc: Kunihiko Hayashi +Signed-off-by: Suzuki K Poulose +Link: https://lore.kernel.org/r/20210203230057.3961239-1-suzuki.poulose@arm.com +[will: Update Kconfig help text] +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/Kconfig | 2 +- + arch/arm64/kernel/cpufeature.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -489,7 +489,7 @@ config ARM64_ERRATUM_1024718 + help + This option adds a workaround for ARM Cortex-A55 Erratum 1024718. + +- Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect ++ Affected Cortex-A55 cores (all revisions) could cause incorrect + update of the hardware dirty bit when the DBM/AP bits are updated + without a break-before-make. The workaround is to disable the usage + of hardware DBM locally on the affected cores. CPUs not affected by +--- a/arch/arm64/kernel/cpufeature.c ++++ b/arch/arm64/kernel/cpufeature.c +@@ -1092,7 +1092,7 @@ static bool cpu_has_broken_dbm(void) + /* List of CPUs which have broken DBM support. */ + static const struct midr_range cpus[] = { + #ifdef CONFIG_ARM64_ERRATUM_1024718 +- MIDR_RANGE(MIDR_CORTEX_A55, 0, 0, 1, 0), // A55 r0p0 -r1p0 ++ MIDR_ALL_VERSIONS(MIDR_CORTEX_A55), + #endif + {}, + }; diff --git a/queue-5.4/gpio-pcf857x-fix-missing-first-interrupt.patch b/queue-5.4/gpio-pcf857x-fix-missing-first-interrupt.patch new file mode 100644 index 00000000000..5ccc4b0c744 --- /dev/null +++ b/queue-5.4/gpio-pcf857x-fix-missing-first-interrupt.patch @@ -0,0 +1,45 @@ +From a8002a35935aaefcd6a42ad3289f62bab947f2ca Mon Sep 17 00:00:00 2001 +From: Maxim Kiselev +Date: Wed, 17 Feb 2021 14:10:00 +0100 +Subject: gpio: pcf857x: Fix missing first interrupt + +From: Maxim Kiselev + +commit a8002a35935aaefcd6a42ad3289f62bab947f2ca upstream. + +If no n_latch value will be provided at driver probe then all pins will +be used as an input: + + gpio->out = ~n_latch; + +In that case initial state for all pins is "one": + + gpio->status = gpio->out; + +So if pcf857x IRQ happens with change pin value from "zero" to "one" +then we miss it, because of "one" from IRQ and "one" from initial state +leaves corresponding pin unchanged: +change = (gpio->status ^ status) & gpio->irq_enabled; + +The right solution will be to read actual state at driver probe. + +Cc: stable@vger.kernel.org +Fixes: 6e20a0a429bd ("gpio: pcf857x: enable gpio_to_irq() support") +Signed-off-by: Maxim Kiselev +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpio/gpio-pcf857x.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpio/gpio-pcf857x.c ++++ b/drivers/gpio/gpio-pcf857x.c +@@ -332,7 +332,7 @@ static int pcf857x_probe(struct i2c_clie + * reset state. Otherwise it flags pins to be driven low. + */ + gpio->out = ~n_latch; +- gpio->status = gpio->out; ++ gpio->status = gpio->read(gpio->client); + + status = devm_gpiochip_add_data(&client->dev, &gpio->chip, gpio); + if (status < 0) diff --git a/queue-5.4/media-smipcie-fix-interrupt-handling-and-ir-timeout.patch b/queue-5.4/media-smipcie-fix-interrupt-handling-and-ir-timeout.patch new file mode 100644 index 00000000000..89c93b55deb --- /dev/null +++ b/queue-5.4/media-smipcie-fix-interrupt-handling-and-ir-timeout.patch @@ -0,0 +1,111 @@ +From 6532923237b427ed30cc7b4486f6f1ccdee3c647 Mon Sep 17 00:00:00 2001 +From: Sean Young +Date: Fri, 29 Jan 2021 11:54:53 +0100 +Subject: media: smipcie: fix interrupt handling and IR timeout + +From: Sean Young + +commit 6532923237b427ed30cc7b4486f6f1ccdee3c647 upstream. + +After the first IR message, interrupts are no longer received. In addition, +the code generates a timeout IR message of 10ms but sets the timeout value +to 100ms, so no timeout was ever generated. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=204317 + +Fixes: a49a7a4635de ("media: smipcie: add universal ir capability") +Tested-by: Laz Lev +Cc: stable@vger.kernel.org # v5.1+ +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/pci/smipcie/smipcie-ir.c | 48 ++++++++++++++++++--------------- + 1 file changed, 27 insertions(+), 21 deletions(-) + +--- a/drivers/media/pci/smipcie/smipcie-ir.c ++++ b/drivers/media/pci/smipcie/smipcie-ir.c +@@ -60,39 +60,45 @@ static void smi_ir_decode(struct smi_rc + { + struct smi_dev *dev = ir->dev; + struct rc_dev *rc_dev = ir->rc_dev; +- u32 dwIRControl, dwIRData; +- u8 index, ucIRCount, readLoop; ++ u32 control, data; ++ u8 index, ir_count, read_loop; + +- dwIRControl = smi_read(IR_Init_Reg); ++ control = smi_read(IR_Init_Reg); + +- if (dwIRControl & rbIRVld) { +- ucIRCount = (u8) smi_read(IR_Data_Cnt); ++ dev_dbg(&rc_dev->dev, "ircontrol: 0x%08x\n", control); + +- readLoop = ucIRCount/4; +- if (ucIRCount % 4) +- readLoop += 1; +- for (index = 0; index < readLoop; index++) { +- dwIRData = smi_read(IR_DATA_BUFFER_BASE + (index * 4)); +- +- ir->irData[index*4 + 0] = (u8)(dwIRData); +- ir->irData[index*4 + 1] = (u8)(dwIRData >> 8); +- ir->irData[index*4 + 2] = (u8)(dwIRData >> 16); +- ir->irData[index*4 + 3] = (u8)(dwIRData >> 24); ++ if (control & rbIRVld) { ++ ir_count = (u8)smi_read(IR_Data_Cnt); ++ ++ dev_dbg(&rc_dev->dev, "ircount %d\n", ir_count); ++ ++ read_loop = ir_count / 4; ++ if (ir_count % 4) ++ read_loop += 1; ++ for (index = 0; index < read_loop; index++) { ++ data = smi_read(IR_DATA_BUFFER_BASE + (index * 4)); ++ dev_dbg(&rc_dev->dev, "IRData 0x%08x\n", data); ++ ++ ir->irData[index * 4 + 0] = (u8)(data); ++ ir->irData[index * 4 + 1] = (u8)(data >> 8); ++ ir->irData[index * 4 + 2] = (u8)(data >> 16); ++ ir->irData[index * 4 + 3] = (u8)(data >> 24); + } +- smi_raw_process(rc_dev, ir->irData, ucIRCount); +- smi_set(IR_Init_Reg, rbIRVld); ++ smi_raw_process(rc_dev, ir->irData, ir_count); + } + +- if (dwIRControl & rbIRhighidle) { ++ if (control & rbIRhighidle) { + struct ir_raw_event rawir = {}; + ++ dev_dbg(&rc_dev->dev, "high idle\n"); ++ + rawir.pulse = 0; + rawir.duration = US_TO_NS(SMI_SAMPLE_PERIOD * + SMI_SAMPLE_IDLEMIN); + ir_raw_event_store_with_filter(rc_dev, &rawir); +- smi_set(IR_Init_Reg, rbIRhighidle); + } + ++ smi_set(IR_Init_Reg, rbIRVld); + ir_raw_event_handle(rc_dev); + } + +@@ -151,7 +157,7 @@ int smi_ir_init(struct smi_dev *dev) + rc_dev->dev.parent = &dev->pci_dev->dev; + + rc_dev->map_name = dev->info->rc_map; +- rc_dev->timeout = MS_TO_NS(100); ++ rc_dev->timeout = US_TO_NS(SMI_SAMPLE_PERIOD * SMI_SAMPLE_IDLEMIN); + rc_dev->rx_resolution = US_TO_NS(SMI_SAMPLE_PERIOD); + + ir->rc_dev = rc_dev; +@@ -174,7 +180,7 @@ void smi_ir_exit(struct smi_dev *dev) + struct smi_rc *ir = &dev->ir; + struct rc_dev *rc_dev = ir->rc_dev; + +- smi_ir_stop(ir); + rc_unregister_device(rc_dev); ++ smi_ir_stop(ir); + ir->rc_dev = NULL; + } diff --git a/queue-5.4/mmc-sdhci-esdhc-imx-fix-kernel-panic-when-remove-module.patch b/queue-5.4/mmc-sdhci-esdhc-imx-fix-kernel-panic-when-remove-module.patch new file mode 100644 index 00000000000..941fd952da6 --- /dev/null +++ b/queue-5.4/mmc-sdhci-esdhc-imx-fix-kernel-panic-when-remove-module.patch @@ -0,0 +1,82 @@ +From a56f44138a2c57047f1ea94ea121af31c595132b Mon Sep 17 00:00:00 2001 +From: Frank Li +Date: Wed, 10 Feb 2021 12:19:33 -0600 +Subject: mmc: sdhci-esdhc-imx: fix kernel panic when remove module + +From: Frank Li + +commit a56f44138a2c57047f1ea94ea121af31c595132b upstream. + +In sdhci_esdhc_imx_remove() the SDHCI_INT_STATUS in read. Under some +circumstances, this may be done while the device is runtime suspended, +triggering the below splat. + +Fix the problem by adding a pm_runtime_get_sync(), before reading the +register, which will turn on clocks etc making the device accessible again. + +[ 1811.323148] mmc1: card aaaa removed +[ 1811.347483] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP +[ 1811.354988] Modules linked in: sdhci_esdhc_imx(-) sdhci_pltfm sdhci cqhci mmc_block mmc_core [last unloaded: mmc_core] +[ 1811.365726] CPU: 0 PID: 3464 Comm: rmmod Not tainted 5.10.1-sd-99871-g53835a2e8186 #5 +[ 1811.373559] Hardware name: Freescale i.MX8DXL EVK (DT) +[ 1811.378705] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--) +[ 1811.384723] pc : sdhci_esdhc_imx_remove+0x28/0x15c [sdhci_esdhc_imx] +[ 1811.391090] lr : platform_drv_remove+0x2c/0x50 +[ 1811.395536] sp : ffff800012c7bcb0 +[ 1811.398855] x29: ffff800012c7bcb0 x28: ffff00002c72b900 +[ 1811.404181] x27: 0000000000000000 x26: 0000000000000000 +[ 1811.409497] x25: 0000000000000000 x24: 0000000000000000 +[ 1811.414814] x23: ffff0000042b3890 x22: ffff800009127120 +[ 1811.420131] x21: ffff00002c4c9580 x20: ffff0000042d0810 +[ 1811.425456] x19: ffff0000042d0800 x18: 0000000000000020 +[ 1811.430773] x17: 0000000000000000 x16: 0000000000000000 +[ 1811.436089] x15: 0000000000000004 x14: ffff000004019c10 +[ 1811.441406] x13: 0000000000000000 x12: 0000000000000020 +[ 1811.446723] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f +[ 1811.452040] x9 : fefefeff6364626d x8 : 7f7f7f7f7f7f7f7f +[ 1811.457356] x7 : 78725e6473607372 x6 : 0000000080808080 +[ 1811.462673] x5 : 0000000000000000 x4 : 0000000000000000 +[ 1811.467990] x3 : ffff800011ac1cb0 x2 : 0000000000000000 +[ 1811.473307] x1 : ffff8000091214d4 x0 : ffff8000133a0030 +[ 1811.478624] Call trace: +[ 1811.481081] sdhci_esdhc_imx_remove+0x28/0x15c [sdhci_esdhc_imx] +[ 1811.487098] platform_drv_remove+0x2c/0x50 +[ 1811.491198] __device_release_driver+0x188/0x230 +[ 1811.495818] driver_detach+0xc0/0x14c +[ 1811.499487] bus_remove_driver+0x5c/0xb0 +[ 1811.503413] driver_unregister+0x30/0x60 +[ 1811.507341] platform_driver_unregister+0x14/0x20 +[ 1811.512048] sdhci_esdhc_imx_driver_exit+0x1c/0x3a8 [sdhci_esdhc_imx] +[ 1811.518495] __arm64_sys_delete_module+0x19c/0x230 +[ 1811.523291] el0_svc_common.constprop.0+0x78/0x1a0 +[ 1811.528086] do_el0_svc+0x24/0x90 +[ 1811.531405] el0_svc+0x14/0x20 +[ 1811.534461] el0_sync_handler+0x1a4/0x1b0 +[ 1811.538474] el0_sync+0x174/0x180 +[ 1811.541801] Code: a9025bf5 f9403e95 f9400ea0 9100c000 (b9400000) +[ 1811.547902] ---[ end trace 3fb1a3bd48ff7be5 ]--- + +Signed-off-by: Frank Li +Cc: stable@vger.kernel.org # v4.0+ +Link: https://lore.kernel.org/r/20210210181933.29263-1-Frank.Li@nxp.com +[Ulf: Clarified the commit message a bit] +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/sdhci-esdhc-imx.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/mmc/host/sdhci-esdhc-imx.c ++++ b/drivers/mmc/host/sdhci-esdhc-imx.c +@@ -1589,9 +1589,10 @@ static int sdhci_esdhc_imx_remove(struct + struct sdhci_host *host = platform_get_drvdata(pdev); + struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); + struct pltfm_imx_data *imx_data = sdhci_pltfm_priv(pltfm_host); +- int dead = (readl(host->ioaddr + SDHCI_INT_STATUS) == 0xffffffff); ++ int dead; + + pm_runtime_get_sync(&pdev->dev); ++ dead = (readl(host->ioaddr + SDHCI_INT_STATUS) == 0xffffffff); + pm_runtime_disable(&pdev->dev); + pm_runtime_put_noidle(&pdev->dev); + diff --git a/queue-5.4/module-ignore-_global_offset_table_-when-warning-for-undefined-symbols.patch b/queue-5.4/module-ignore-_global_offset_table_-when-warning-for-undefined-symbols.patch new file mode 100644 index 00000000000..d9cb648e073 --- /dev/null +++ b/queue-5.4/module-ignore-_global_offset_table_-when-warning-for-undefined-symbols.patch @@ -0,0 +1,80 @@ +From ebfac7b778fac8b0e8e92ec91d0b055f046b4604 Mon Sep 17 00:00:00 2001 +From: Fangrui Song +Date: Fri, 15 Jan 2021 11:52:22 -0800 +Subject: module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols + +From: Fangrui Song + +commit ebfac7b778fac8b0e8e92ec91d0b055f046b4604 upstream. + +clang-12 -fno-pic (since +https://github.com/llvm/llvm-project/commit/a084c0388e2a59b9556f2de0083333232da3f1d6) +can emit `call __stack_chk_fail@PLT` instead of `call __stack_chk_fail` +on x86. The two forms should have identical behaviors on x86-64 but the +former causes GNU as<2.37 to produce an unreferenced undefined symbol +_GLOBAL_OFFSET_TABLE_. + +(On x86-32, there is an R_386_PC32 vs R_386_PLT32 difference but the +linker behavior is identical as far as Linux kernel is concerned.) + +Simply ignore _GLOBAL_OFFSET_TABLE_ for now, like what +scripts/mod/modpost.c:ignore_undef_symbol does. This also fixes the +problem for gcc/clang -fpie and -fpic, which may emit `call foo@PLT` for +external function calls on x86. + +Note: ld -z defs and dynamic loaders do not error for unreferenced +undefined symbols so the module loader is reading too much. If we ever +need to ignore more symbols, the code should be refactored to ignore +unreferenced symbols. + +Cc: +Link: https://github.com/ClangBuiltLinux/linux/issues/1250 +Link: https://sourceware.org/bugzilla/show_bug.cgi?id=27178 +Reported-by: Marco Elver +Reviewed-by: Nick Desaulniers +Reviewed-by: Nathan Chancellor +Tested-by: Marco Elver +Signed-off-by: Fangrui Song +Signed-off-by: Jessica Yu +Signed-off-by: Greg Kroah-Hartman +--- + kernel/module.c | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -2310,6 +2310,21 @@ static int verify_exported_symbols(struc + return 0; + } + ++static bool ignore_undef_symbol(Elf_Half emachine, const char *name) ++{ ++ /* ++ * On x86, PIC code and Clang non-PIC code may have call foo@PLT. GNU as ++ * before 2.37 produces an unreferenced _GLOBAL_OFFSET_TABLE_ on x86-64. ++ * i386 has a similar problem but may not deserve a fix. ++ * ++ * If we ever have to ignore many symbols, consider refactoring the code to ++ * only warn if referenced by a relocation. ++ */ ++ if (emachine == EM_386 || emachine == EM_X86_64) ++ return !strcmp(name, "_GLOBAL_OFFSET_TABLE_"); ++ return false; ++} ++ + /* Change all symbols so that st_value encodes the pointer directly. */ + static int simplify_symbols(struct module *mod, const struct load_info *info) + { +@@ -2355,8 +2370,10 @@ static int simplify_symbols(struct modul + break; + } + +- /* Ok if weak. */ +- if (!ksym && ELF_ST_BIND(sym[i].st_info) == STB_WEAK) ++ /* Ok if weak or ignored. */ ++ if (!ksym && ++ (ELF_ST_BIND(sym[i].st_info) == STB_WEAK || ++ ignore_undef_symbol(info->hdr->e_machine, name))) + break; + + ret = PTR_ERR(ksym) ?: -ENOENT; diff --git a/queue-5.4/powerpc-32s-add-missing-call-to-kuep_lock-on-syscall-entry.patch b/queue-5.4/powerpc-32s-add-missing-call-to-kuep_lock-on-syscall-entry.patch new file mode 100644 index 00000000000..332068311ea --- /dev/null +++ b/queue-5.4/powerpc-32s-add-missing-call-to-kuep_lock-on-syscall-entry.patch @@ -0,0 +1,38 @@ +From 57fdfbce89137ae85cd5cef48be168040a47dd13 Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Mon, 8 Feb 2021 15:10:20 +0000 +Subject: powerpc/32s: Add missing call to kuep_lock on syscall entry + +From: Christophe Leroy + +commit 57fdfbce89137ae85cd5cef48be168040a47dd13 upstream. + +Userspace Execution protection and fast syscall entry were implemented +independently from each other and were both merged in kernel 5.2, +leading to syscall entry missing userspace execution protection. + +On syscall entry, execution of user space memory must be +locked in the same way as on exception entry. + +Fixes: b86fb88855ea ("powerpc/32: implement fast entry for syscalls on non BOOKE") +Cc: stable@vger.kernel.org +Signed-off-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/c65e105b63aaf74f91a14f845bc77192350b84a6.1612796617.git.christophe.leroy@csgroup.eu +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/entry_32.S | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/powerpc/kernel/entry_32.S ++++ b/arch/powerpc/kernel/entry_32.S +@@ -336,6 +336,9 @@ trace_syscall_entry_irq_off: + + .globl transfer_to_syscall + transfer_to_syscall: ++#ifdef CONFIG_PPC_BOOK3S_32 ++ kuep_lock r11, r12 ++#endif + #ifdef CONFIG_TRACE_IRQFLAGS + andi. r12,r9,MSR_EE + beq- trace_syscall_entry_irq_off diff --git a/queue-5.4/printk-fix-deadlock-when-kernel-panic.patch b/queue-5.4/printk-fix-deadlock-when-kernel-panic.patch new file mode 100644 index 00000000000..8699227d306 --- /dev/null +++ b/queue-5.4/printk-fix-deadlock-when-kernel-panic.patch @@ -0,0 +1,109 @@ +From 8a8109f303e25a27f92c1d8edd67d7cbbc60a4eb Mon Sep 17 00:00:00 2001 +From: Muchun Song +Date: Wed, 10 Feb 2021 11:48:23 +0800 +Subject: printk: fix deadlock when kernel panic + +From: Muchun Song + +commit 8a8109f303e25a27f92c1d8edd67d7cbbc60a4eb upstream. + +printk_safe_flush_on_panic() caused the following deadlock on our +server: + +CPU0: CPU1: +panic rcu_dump_cpu_stacks + kdump_nmi_shootdown_cpus nmi_trigger_cpumask_backtrace + register_nmi_handler(crash_nmi_callback) printk_safe_flush + __printk_safe_flush + raw_spin_lock_irqsave(&read_lock) + // send NMI to other processors + apic_send_IPI_allbutself(NMI_VECTOR) + // NMI interrupt, dead loop + crash_nmi_callback + printk_safe_flush_on_panic + printk_safe_flush + __printk_safe_flush + // deadlock + raw_spin_lock_irqsave(&read_lock) + +DEADLOCK: read_lock is taken on CPU1 and will never get released. + +It happens when panic() stops a CPU by NMI while it has been in +the middle of printk_safe_flush(). + +Handle the lock the same way as logbuf_lock. The printk_safe buffers +are flushed only when both locks can be safely taken. It can avoid +the deadlock _in this particular case_ at expense of losing contents +of printk_safe buffers. + +Note: It would actually be safe to re-init the locks when all CPUs were + stopped by NMI. But it would require passing this information + from arch-specific code. It is not worth the complexity. + Especially because logbuf_lock and printk_safe buffers have been + obsoleted by the lockless ring buffer. + +Fixes: cf9b1106c81c ("printk/nmi: flush NMI messages on the system panic") +Signed-off-by: Muchun Song +Reviewed-by: Petr Mladek +Cc: +Acked-by: Sergey Senozhatsky +Signed-off-by: Petr Mladek +Link: https://lore.kernel.org/r/20210210034823.64867-1-songmuchun@bytedance.com +Signed-off-by: Greg Kroah-Hartman +--- + kernel/printk/printk_safe.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +--- a/kernel/printk/printk_safe.c ++++ b/kernel/printk/printk_safe.c +@@ -43,6 +43,8 @@ struct printk_safe_seq_buf { + static DEFINE_PER_CPU(struct printk_safe_seq_buf, safe_print_seq); + static DEFINE_PER_CPU(int, printk_context); + ++static DEFINE_RAW_SPINLOCK(safe_read_lock); ++ + #ifdef CONFIG_PRINTK_NMI + static DEFINE_PER_CPU(struct printk_safe_seq_buf, nmi_print_seq); + #endif +@@ -178,8 +180,6 @@ static void report_message_lost(struct p + */ + static void __printk_safe_flush(struct irq_work *work) + { +- static raw_spinlock_t read_lock = +- __RAW_SPIN_LOCK_INITIALIZER(read_lock); + struct printk_safe_seq_buf *s = + container_of(work, struct printk_safe_seq_buf, work); + unsigned long flags; +@@ -193,7 +193,7 @@ static void __printk_safe_flush(struct i + * different CPUs. This is especially important when printing + * a backtrace. + */ +- raw_spin_lock_irqsave(&read_lock, flags); ++ raw_spin_lock_irqsave(&safe_read_lock, flags); + + i = 0; + more: +@@ -230,7 +230,7 @@ more: + + out: + report_message_lost(s); +- raw_spin_unlock_irqrestore(&read_lock, flags); ++ raw_spin_unlock_irqrestore(&safe_read_lock, flags); + } + + /** +@@ -276,6 +276,14 @@ void printk_safe_flush_on_panic(void) + raw_spin_lock_init(&logbuf_lock); + } + ++ if (raw_spin_is_locked(&safe_read_lock)) { ++ if (num_online_cpus() > 1) ++ return; ++ ++ debug_locks_off(); ++ raw_spin_lock_init(&safe_read_lock); ++ } ++ + printk_safe_flush(); + } + diff --git a/queue-5.4/series b/queue-5.4/series index 3aedf85db74..0d18fbafa61 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -302,3 +302,11 @@ seq_file-document-how-per-entry-resources-are-managed.patch x86-fix-seq_file-iteration-for-pat-memtype.c.patch hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch +arm64-extend-workaround-for-erratum-1024718-to-all-versions-of-cortex-a55.patch +media-smipcie-fix-interrupt-handling-and-ir-timeout.patch +module-ignore-_global_offset_table_-when-warning-for-undefined-symbols.patch +mmc-sdhci-esdhc-imx-fix-kernel-panic-when-remove-module.patch +powerpc-32s-add-missing-call-to-kuep_lock-on-syscall-entry.patch +spmi-spmi-pmic-arb-fix-hw_irq-overflow.patch +gpio-pcf857x-fix-missing-first-interrupt.patch +printk-fix-deadlock-when-kernel-panic.patch diff --git a/queue-5.4/spmi-spmi-pmic-arb-fix-hw_irq-overflow.patch b/queue-5.4/spmi-spmi-pmic-arb-fix-hw_irq-overflow.patch new file mode 100644 index 00000000000..41348555f46 --- /dev/null +++ b/queue-5.4/spmi-spmi-pmic-arb-fix-hw_irq-overflow.patch @@ -0,0 +1,51 @@ +From d19db80a366576d3ffadf2508ed876b4c1faf959 Mon Sep 17 00:00:00 2001 +From: Subbaraman Narayanamurthy +Date: Thu, 11 Feb 2021 19:14:17 -0800 +Subject: spmi: spmi-pmic-arb: Fix hw_irq overflow + +From: Subbaraman Narayanamurthy + +commit d19db80a366576d3ffadf2508ed876b4c1faf959 upstream. + +Currently, when handling the SPMI summary interrupt, the hw_irq +number is calculated based on SID, Peripheral ID, IRQ index and +APID. This is then passed to irq_find_mapping() to see if a +mapping exists for this hw_irq and if available, invoke the +interrupt handler. Since the IRQ index uses an "int" type, hw_irq +which is of unsigned long data type can take a large value when +SID has its MSB set to 1 and the type conversion happens. Because +of this, irq_find_mapping() returns 0 as there is no mapping +for this hw_irq. This ends up invoking cleanup_irq() as if +the interrupt is spurious whereas it is actually a valid +interrupt. Fix this by using the proper data type (u32) for id. + +Cc: stable@vger.kernel.org +Signed-off-by: Subbaraman Narayanamurthy +Link: https://lore.kernel.org/r/1612812784-26369-1-git-send-email-subbaram@codeaurora.org +Signed-off-by: Stephen Boyd +Link: https://lore.kernel.org/r/20210212031417.3148936-1-sboyd@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/spmi/spmi-pmic-arb.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/drivers/spmi/spmi-pmic-arb.c ++++ b/drivers/spmi/spmi-pmic-arb.c +@@ -1,6 +1,6 @@ + // SPDX-License-Identifier: GPL-2.0-only + /* +- * Copyright (c) 2012-2015, 2017, The Linux Foundation. All rights reserved. ++ * Copyright (c) 2012-2015, 2017, 2021, The Linux Foundation. All rights reserved. + */ + #include + #include +@@ -505,8 +505,7 @@ static void cleanup_irq(struct spmi_pmic + static void periph_interrupt(struct spmi_pmic_arb *pmic_arb, u16 apid) + { + unsigned int irq; +- u32 status; +- int id; ++ u32 status, id; + u8 sid = (pmic_arb->apid_data[apid].ppid >> 8) & 0xF; + u8 per = pmic_arb->apid_data[apid].ppid & 0xFF; +