From: Greg Kroah-Hartman Date: Tue, 26 Mar 2019 01:40:44 +0000 (+0900) Subject: 4.9-stable patches X-Git-Tag: v4.9.166~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8859ab5a4496d64da231d17d974bcc1134431063;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: arm64-traps-disable-irq-in-die.patch hang-soft-lockup-in-d_invalidate-with-simultaneous-calls.patch lib-int_sqrt-optimize-small-argument.patch serial-sprd-clear-timeout-interrupt-only-rather-than-all-interrupts.patch usb-core-only-clean-up-what-we-allocated.patch --- diff --git a/queue-4.9/arm64-traps-disable-irq-in-die.patch b/queue-4.9/arm64-traps-disable-irq-in-die.patch new file mode 100644 index 00000000000..5a8f687e933 --- /dev/null +++ b/queue-4.9/arm64-traps-disable-irq-in-die.patch @@ -0,0 +1,62 @@ +From 6f44a0bacb79a03972c83759711832b382b1b8ac Mon Sep 17 00:00:00 2001 +From: Qiao Zhou +Date: Fri, 7 Jul 2017 17:29:34 +0800 +Subject: arm64: traps: disable irq in die() + +From: Qiao Zhou + +commit 6f44a0bacb79a03972c83759711832b382b1b8ac upstream. + +In current die(), the irq is disabled for __die() handle, not +including the possible panic() handling. Since the log in __die() +can take several hundreds ms, new irq might come and interrupt +current die(). + +If the process calling die() holds some critical resource, and some +other process scheduled later also needs it, then it would deadlock. +The first panic will not be executed. + +So here disable irq for the whole flow of die(). + +Signed-off-by: Qiao Zhou +Signed-off-by: Will Deacon +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/traps.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/arch/arm64/kernel/traps.c ++++ b/arch/arm64/kernel/traps.c +@@ -266,10 +266,12 @@ void die(const char *str, struct pt_regs + { + struct thread_info *thread = current_thread_info(); + int ret; ++ unsigned long flags; ++ ++ raw_spin_lock_irqsave(&die_lock, flags); + + oops_enter(); + +- raw_spin_lock_irq(&die_lock); + console_verbose(); + bust_spinlocks(1); + ret = __die(str, err, thread, regs); +@@ -279,13 +281,15 @@ void die(const char *str, struct pt_regs + + bust_spinlocks(0); + add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE); +- raw_spin_unlock_irq(&die_lock); + oops_exit(); + + if (in_interrupt()) + panic("Fatal exception in interrupt"); + if (panic_on_oops) + panic("Fatal exception"); ++ ++ raw_spin_unlock_irqrestore(&die_lock, flags); ++ + if (ret != NOTIFY_STOP) + do_exit(SIGSEGV); + } diff --git a/queue-4.9/hang-soft-lockup-in-d_invalidate-with-simultaneous-calls.patch b/queue-4.9/hang-soft-lockup-in-d_invalidate-with-simultaneous-calls.patch new file mode 100644 index 00000000000..7cea73bc75a --- /dev/null +++ b/queue-4.9/hang-soft-lockup-in-d_invalidate-with-simultaneous-calls.patch @@ -0,0 +1,59 @@ +From 81be24d263dbeddaba35827036d6f6787a59c2c3 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sat, 3 Jun 2017 07:20:09 +0100 +Subject: Hang/soft lockup in d_invalidate with simultaneous calls + +From: Al Viro + +commit 81be24d263dbeddaba35827036d6f6787a59c2c3 upstream. + +It's not hard to trigger a bunch of d_invalidate() on the same +dentry in parallel. They end up fighting each other - any +dentry picked for removal by one will be skipped by the rest +and we'll go for the next iteration through the entire +subtree, even if everything is being skipped. Morevoer, we +immediately go back to scanning the subtree. The only thing +we really need is to dissolve all mounts in the subtree and +as soon as we've nothing left to do, we can just unhash the +dentry and bugger off. + +Signed-off-by: Al Viro +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + fs/dcache.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -1522,7 +1522,7 @@ static void check_and_drop(void *_data) + { + struct detach_data *data = _data; + +- if (!data->mountpoint && !data->select.found) ++ if (!data->mountpoint && list_empty(&data->select.dispose)) + __d_drop(data->select.start); + } + +@@ -1564,17 +1564,15 @@ void d_invalidate(struct dentry *dentry) + + d_walk(dentry, &data, detach_and_collect, check_and_drop); + +- if (data.select.found) ++ if (!list_empty(&data.select.dispose)) + shrink_dentry_list(&data.select.dispose); ++ else if (!data.mountpoint) ++ return; + + if (data.mountpoint) { + detach_mounts(data.mountpoint); + dput(data.mountpoint); + } +- +- if (!data.mountpoint && !data.select.found) +- break; +- + cond_resched(); + } + } diff --git a/queue-4.9/lib-int_sqrt-optimize-small-argument.patch b/queue-4.9/lib-int_sqrt-optimize-small-argument.patch new file mode 100644 index 00000000000..4e3d7e20d48 --- /dev/null +++ b/queue-4.9/lib-int_sqrt-optimize-small-argument.patch @@ -0,0 +1,94 @@ +From 3f3295709edea6268ff1609855f498035286af73 Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Fri, 17 Nov 2017 15:28:04 -0800 +Subject: lib/int_sqrt: optimize small argument + +From: Peter Zijlstra + +commit 3f3295709edea6268ff1609855f498035286af73 upstream. + +The current int_sqrt() computation is sub-optimal for the case of small +@x. Which is the interesting case when we're going to do cumulative +distribution functions on idle times, which we assume to be a random +variable, where the target residency of the deepest idle state gives an +upper bound on the variable (5e6ns on recent Intel chips). + +In the case of small @x, the compute loop: + + while (m != 0) { + b = y + m; + y >>= 1; + + if (x >= b) { + x -= b; + y += m; + } + m >>= 2; + } + +can be reduced to: + + while (m > x) + m >>= 2; + +Because y==0, b==m and until x>=m y will remain 0. + +And while this is computationally equivalent, it runs much faster +because there's less code, in particular less branches. + + cycles: branches: branch-misses: + +OLD: + +hot: 45.109444 +- 0.044117 44.333392 +- 0.002254 0.018723 +- 0.000593 +cold: 187.737379 +- 0.156678 44.333407 +- 0.002254 6.272844 +- 0.004305 + +PRE: + +hot: 67.937492 +- 0.064124 66.999535 +- 0.000488 0.066720 +- 0.001113 +cold: 232.004379 +- 0.332811 66.999527 +- 0.000488 6.914634 +- 0.006568 + +POST: + +hot: 43.633557 +- 0.034373 45.333132 +- 0.002277 0.023529 +- 0.000681 +cold: 207.438411 +- 0.125840 45.333132 +- 0.002277 6.976486 +- 0.004219 + +Averages computed over all values <128k using a LFSR to generate order. +Cold numbers have a LFSR based branch trace buffer 'confuser' ran between +each int_sqrt() invocation. + +Link: http://lkml.kernel.org/r/20171020164644.876503355@infradead.org +Fixes: 30493cc9dddb ("lib/int_sqrt.c: optimize square root algorithm") +Signed-off-by: Peter Zijlstra (Intel) +Suggested-by: Anshul Garg +Acked-by: Linus Torvalds +Cc: Davidlohr Bueso +Cc: Thomas Gleixner +Cc: Ingo Molnar +Cc: Will Deacon +Cc: Joe Perches +Cc: David Miller +Cc: Matthew Wilcox +Cc: Kees Cook +Cc: Michael Davidson +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + lib/int_sqrt.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/lib/int_sqrt.c ++++ b/lib/int_sqrt.c +@@ -22,6 +22,9 @@ unsigned long int_sqrt(unsigned long x) + return x; + + m = 1UL << (BITS_PER_LONG - 2); ++ while (m > x) ++ m >>= 2; ++ + while (m != 0) { + b = y + m; + y >>= 1; diff --git a/queue-4.9/serial-sprd-clear-timeout-interrupt-only-rather-than-all-interrupts.patch b/queue-4.9/serial-sprd-clear-timeout-interrupt-only-rather-than-all-interrupts.patch new file mode 100644 index 00000000000..b0b30c7ae4a --- /dev/null +++ b/queue-4.9/serial-sprd-clear-timeout-interrupt-only-rather-than-all-interrupts.patch @@ -0,0 +1,46 @@ +From 4350782570b919f254c1e083261a21c19fcaee90 Mon Sep 17 00:00:00 2001 +From: Lanqing Liu +Date: Tue, 18 Jul 2017 17:58:13 +0800 +Subject: serial: sprd: clear timeout interrupt only rather than all interrupts + +From: Lanqing Liu + +commit 4350782570b919f254c1e083261a21c19fcaee90 upstream. + +On Spreadtrum's serial device, nearly all of interrupts would be cleared +by hardware except timeout interrupt. This patch removed the operation +of clearing all interrupt in irq handler, instead added an if statement +to check if the timeout interrupt is supposed to be cleared. + +Wrongly clearing timeout interrupt would lead to uart data stay in rx +fifo, that means the driver cannot read them out anymore. + +Signed-off-by: Lanqing Liu +Signed-off-by: Chunyan Zhang +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/sprd_serial.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/tty/serial/sprd_serial.c ++++ b/drivers/tty/serial/sprd_serial.c +@@ -63,6 +63,7 @@ + + /* interrupt clear register */ + #define SPRD_ICLR 0x0014 ++#define SPRD_ICLR_TIMEOUT BIT(13) + + /* line control register */ + #define SPRD_LCR 0x0018 +@@ -298,7 +299,8 @@ static irqreturn_t sprd_handle_irq(int i + return IRQ_NONE; + } + +- serial_out(port, SPRD_ICLR, ~0); ++ if (ims & SPRD_IMSR_TIMEOUT) ++ serial_out(port, SPRD_ICLR, SPRD_ICLR_TIMEOUT); + + if (ims & (SPRD_IMSR_RX_FIFO_FULL | + SPRD_IMSR_BREAK_DETECT | SPRD_IMSR_TIMEOUT)) diff --git a/queue-4.9/series b/queue-4.9/series index 39c4ee276f3..13480b0b6b6 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -18,3 +18,8 @@ alsa-hda-record-the-current-power-state-before-suspend-resume-calls.patch alsa-hda-enforces-runtime_resume-after-s3-and-s4-for-each-codec.patch tcp-dccp-drop-syn-packets-if-accept-queue-is-full.patch serial-sprd-adjust-timeout-to-a-big-value.patch +hang-soft-lockup-in-d_invalidate-with-simultaneous-calls.patch +arm64-traps-disable-irq-in-die.patch +serial-sprd-clear-timeout-interrupt-only-rather-than-all-interrupts.patch +lib-int_sqrt-optimize-small-argument.patch +usb-core-only-clean-up-what-we-allocated.patch diff --git a/queue-4.9/usb-core-only-clean-up-what-we-allocated.patch b/queue-4.9/usb-core-only-clean-up-what-we-allocated.patch new file mode 100644 index 00000000000..101280492d3 --- /dev/null +++ b/queue-4.9/usb-core-only-clean-up-what-we-allocated.patch @@ -0,0 +1,48 @@ +From 32fd87b3bbf5f7a045546401dfe2894dbbf4d8c3 Mon Sep 17 00:00:00 2001 +From: Andrey Konovalov +Date: Mon, 11 Dec 2017 22:48:41 +0100 +Subject: USB: core: only clean up what we allocated + +From: Andrey Konovalov + +commit 32fd87b3bbf5f7a045546401dfe2894dbbf4d8c3 upstream. + +When cleaning up the configurations, make sure we only free the number +of configurations and interfaces that we could have allocated. + +Reported-by: Andrey Konovalov +Cc: stable +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/core/config.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/drivers/usb/core/config.c ++++ b/drivers/usb/core/config.c +@@ -763,18 +763,21 @@ void usb_destroy_configuration(struct us + return; + + if (dev->rawdescriptors) { +- for (i = 0; i < dev->descriptor.bNumConfigurations; i++) ++ for (i = 0; i < dev->descriptor.bNumConfigurations && ++ i < USB_MAXCONFIG; i++) + kfree(dev->rawdescriptors[i]); + + kfree(dev->rawdescriptors); + dev->rawdescriptors = NULL; + } + +- for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { ++ for (c = 0; c < dev->descriptor.bNumConfigurations && ++ c < USB_MAXCONFIG; c++) { + struct usb_host_config *cf = &dev->config[c]; + + kfree(cf->string); +- for (i = 0; i < cf->desc.bNumInterfaces; i++) { ++ for (i = 0; i < cf->desc.bNumInterfaces && ++ i < USB_MAXINTERFACES; i++) { + if (cf->intf_cache[i]) + kref_put(&cf->intf_cache[i]->ref, + usb_release_interface_cache);