From: Sasha Levin Date: Sun, 11 Oct 2020 21:31:36 +0000 (-0400) Subject: Fixes for 5.8 X-Git-Tag: v4.4.239~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8c19096465f59c13da58ebe29860c6cedf6f7091;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.8 Signed-off-by: Sasha Levin --- diff --git a/queue-5.8/btrfs-move-btrfs_rm_dev_replace_free_srcdev-outside-.patch b/queue-5.8/btrfs-move-btrfs_rm_dev_replace_free_srcdev-outside-.patch new file mode 100644 index 00000000000..314bf8cf3a6 --- /dev/null +++ b/queue-5.8/btrfs-move-btrfs_rm_dev_replace_free_srcdev-outside-.patch @@ -0,0 +1,268 @@ +From 4f1906718fd33a913345f0daa06ce748ee85960b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 20 Aug 2020 11:18:27 -0400 +Subject: btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks + +From: Josef Bacik + +[ Upstream commit a466c85edc6fbe845facc8f57c408c544f42899e ] + +When closing and freeing the source device we could end up doing our +final blkdev_put() on the bdev, which will grab the bd_mutex. As such +we want to be holding as few locks as possible, so move this call +outside of the dev_replace->lock_finishing_cancel_unmount lock. Since +we're modifying the fs_devices we need to make sure we're holding the +uuid_mutex here, so take that as well. + +There's a report from syzbot probably hitting one of the cases where +the bd_mutex and device_list_mutex are taken in the wrong order, however +it's not with device replace, like this patch fixes. As there's no +reproducer available so far, we can't verify the fix. + +https://lore.kernel.org/lkml/000000000000fc04d105afcf86d7@google.com/ +dashboard link: https://syzkaller.appspot.com/bug?extid=84a0634dc5d21d488419 + + WARNING: possible circular locking dependency detected + 5.9.0-rc5-syzkaller #0 Not tainted + ------------------------------------------------------ + syz-executor.0/6878 is trying to acquire lock: + ffff88804c17d780 (&bdev->bd_mutex){+.+.}-{3:3}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1804 + + but task is already holding lock: + ffff8880908cfce0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: close_fs_devices.part.0+0x2e/0x800 fs/btrfs/volumes.c:1159 + + which lock already depends on the new lock. + + the existing dependency chain (in reverse order) is: + + -> #4 (&fs_devs->device_list_mutex){+.+.}-{3:3}: + __mutex_lock_common kernel/locking/mutex.c:956 [inline] + __mutex_lock+0x134/0x10e0 kernel/locking/mutex.c:1103 + btrfs_finish_chunk_alloc+0x281/0xf90 fs/btrfs/volumes.c:5255 + btrfs_create_pending_block_groups+0x2f3/0x700 fs/btrfs/block-group.c:2109 + __btrfs_end_transaction+0xf5/0x690 fs/btrfs/transaction.c:916 + find_free_extent_update_loop fs/btrfs/extent-tree.c:3807 [inline] + find_free_extent+0x23b7/0x2e60 fs/btrfs/extent-tree.c:4127 + btrfs_reserve_extent+0x166/0x460 fs/btrfs/extent-tree.c:4206 + cow_file_range+0x3de/0x9b0 fs/btrfs/inode.c:1063 + btrfs_run_delalloc_range+0x2cf/0x1410 fs/btrfs/inode.c:1838 + writepage_delalloc+0x150/0x460 fs/btrfs/extent_io.c:3439 + __extent_writepage+0x441/0xd00 fs/btrfs/extent_io.c:3653 + extent_write_cache_pages.constprop.0+0x69d/0x1040 fs/btrfs/extent_io.c:4249 + extent_writepages+0xcd/0x2b0 fs/btrfs/extent_io.c:4370 + do_writepages+0xec/0x290 mm/page-writeback.c:2352 + __writeback_single_inode+0x125/0x1400 fs/fs-writeback.c:1461 + writeback_sb_inodes+0x53d/0xf40 fs/fs-writeback.c:1721 + wb_writeback+0x2ad/0xd40 fs/fs-writeback.c:1894 + wb_do_writeback fs/fs-writeback.c:2039 [inline] + wb_workfn+0x2dc/0x13e0 fs/fs-writeback.c:2080 + process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 + worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 + kthread+0x3b5/0x4a0 kernel/kthread.c:292 + ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 + + -> #3 (sb_internal#2){.+.+}-{0:0}: + percpu_down_read include/linux/percpu-rwsem.h:51 [inline] + __sb_start_write+0x234/0x470 fs/super.c:1672 + sb_start_intwrite include/linux/fs.h:1690 [inline] + start_transaction+0xbe7/0x1170 fs/btrfs/transaction.c:624 + find_free_extent_update_loop fs/btrfs/extent-tree.c:3789 [inline] + find_free_extent+0x25e1/0x2e60 fs/btrfs/extent-tree.c:4127 + btrfs_reserve_extent+0x166/0x460 fs/btrfs/extent-tree.c:4206 + cow_file_range+0x3de/0x9b0 fs/btrfs/inode.c:1063 + btrfs_run_delalloc_range+0x2cf/0x1410 fs/btrfs/inode.c:1838 + writepage_delalloc+0x150/0x460 fs/btrfs/extent_io.c:3439 + __extent_writepage+0x441/0xd00 fs/btrfs/extent_io.c:3653 + extent_write_cache_pages.constprop.0+0x69d/0x1040 fs/btrfs/extent_io.c:4249 + extent_writepages+0xcd/0x2b0 fs/btrfs/extent_io.c:4370 + do_writepages+0xec/0x290 mm/page-writeback.c:2352 + __writeback_single_inode+0x125/0x1400 fs/fs-writeback.c:1461 + writeback_sb_inodes+0x53d/0xf40 fs/fs-writeback.c:1721 + wb_writeback+0x2ad/0xd40 fs/fs-writeback.c:1894 + wb_do_writeback fs/fs-writeback.c:2039 [inline] + wb_workfn+0x2dc/0x13e0 fs/fs-writeback.c:2080 + process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 + worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 + kthread+0x3b5/0x4a0 kernel/kthread.c:292 + ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 + + -> #2 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}: + __flush_work+0x60e/0xac0 kernel/workqueue.c:3041 + wb_shutdown+0x180/0x220 mm/backing-dev.c:355 + bdi_unregister+0x174/0x590 mm/backing-dev.c:872 + del_gendisk+0x820/0xa10 block/genhd.c:933 + loop_remove drivers/block/loop.c:2192 [inline] + loop_control_ioctl drivers/block/loop.c:2291 [inline] + loop_control_ioctl+0x3b1/0x480 drivers/block/loop.c:2257 + vfs_ioctl fs/ioctl.c:48 [inline] + __do_sys_ioctl fs/ioctl.c:753 [inline] + __se_sys_ioctl fs/ioctl.c:739 [inline] + __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:739 + do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + + -> #1 (loop_ctl_mutex){+.+.}-{3:3}: + __mutex_lock_common kernel/locking/mutex.c:956 [inline] + __mutex_lock+0x134/0x10e0 kernel/locking/mutex.c:1103 + lo_open+0x19/0xd0 drivers/block/loop.c:1893 + __blkdev_get+0x759/0x1aa0 fs/block_dev.c:1507 + blkdev_get fs/block_dev.c:1639 [inline] + blkdev_open+0x227/0x300 fs/block_dev.c:1753 + do_dentry_open+0x4b9/0x11b0 fs/open.c:817 + do_open fs/namei.c:3251 [inline] + path_openat+0x1b9a/0x2730 fs/namei.c:3368 + do_filp_open+0x17e/0x3c0 fs/namei.c:3395 + do_sys_openat2+0x16d/0x420 fs/open.c:1168 + do_sys_open fs/open.c:1184 [inline] + __do_sys_open fs/open.c:1192 [inline] + __se_sys_open fs/open.c:1188 [inline] + __x64_sys_open+0x119/0x1c0 fs/open.c:1188 + do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + + -> #0 (&bdev->bd_mutex){+.+.}-{3:3}: + check_prev_add kernel/locking/lockdep.c:2496 [inline] + check_prevs_add kernel/locking/lockdep.c:2601 [inline] + validate_chain kernel/locking/lockdep.c:3218 [inline] + __lock_acquire+0x2a96/0x5780 kernel/locking/lockdep.c:4426 + lock_acquire+0x1f3/0xae0 kernel/locking/lockdep.c:5006 + __mutex_lock_common kernel/locking/mutex.c:956 [inline] + __mutex_lock+0x134/0x10e0 kernel/locking/mutex.c:1103 + blkdev_put+0x30/0x520 fs/block_dev.c:1804 + btrfs_close_bdev fs/btrfs/volumes.c:1117 [inline] + btrfs_close_bdev fs/btrfs/volumes.c:1107 [inline] + btrfs_close_one_device fs/btrfs/volumes.c:1133 [inline] + close_fs_devices.part.0+0x1a4/0x800 fs/btrfs/volumes.c:1161 + close_fs_devices fs/btrfs/volumes.c:1193 [inline] + btrfs_close_devices+0x95/0x1f0 fs/btrfs/volumes.c:1179 + close_ctree+0x688/0x6cb fs/btrfs/disk-io.c:4149 + generic_shutdown_super+0x144/0x370 fs/super.c:464 + kill_anon_super+0x36/0x60 fs/super.c:1108 + btrfs_kill_super+0x38/0x50 fs/btrfs/super.c:2265 + deactivate_locked_super+0x94/0x160 fs/super.c:335 + deactivate_super+0xad/0xd0 fs/super.c:366 + cleanup_mnt+0x3a3/0x530 fs/namespace.c:1118 + task_work_run+0xdd/0x190 kernel/task_work.c:141 + tracehook_notify_resume include/linux/tracehook.h:188 [inline] + exit_to_user_mode_loop kernel/entry/common.c:163 [inline] + exit_to_user_mode_prepare+0x1e1/0x200 kernel/entry/common.c:190 + syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:265 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + + other info that might help us debug this: + + Chain exists of: + &bdev->bd_mutex --> sb_internal#2 --> &fs_devs->device_list_mutex + + Possible unsafe locking scenario: + + CPU0 CPU1 + ---- ---- + lock(&fs_devs->device_list_mutex); + lock(sb_internal#2); + lock(&fs_devs->device_list_mutex); + lock(&bdev->bd_mutex); + + *** DEADLOCK *** + + 3 locks held by syz-executor.0/6878: + #0: ffff88809070c0e0 (&type->s_umount_key#70){++++}-{3:3}, at: deactivate_super+0xa5/0xd0 fs/super.c:365 + #1: ffffffff8a5b37a8 (uuid_mutex){+.+.}-{3:3}, at: btrfs_close_devices+0x23/0x1f0 fs/btrfs/volumes.c:1178 + #2: ffff8880908cfce0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: close_fs_devices.part.0+0x2e/0x800 fs/btrfs/volumes.c:1159 + + stack backtrace: + CPU: 0 PID: 6878 Comm: syz-executor.0 Not tainted 5.9.0-rc5-syzkaller #0 + Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 + Call Trace: + __dump_stack lib/dump_stack.c:77 [inline] + dump_stack+0x198/0x1fd lib/dump_stack.c:118 + check_noncircular+0x324/0x3e0 kernel/locking/lockdep.c:1827 + check_prev_add kernel/locking/lockdep.c:2496 [inline] + check_prevs_add kernel/locking/lockdep.c:2601 [inline] + validate_chain kernel/locking/lockdep.c:3218 [inline] + __lock_acquire+0x2a96/0x5780 kernel/locking/lockdep.c:4426 + lock_acquire+0x1f3/0xae0 kernel/locking/lockdep.c:5006 + __mutex_lock_common kernel/locking/mutex.c:956 [inline] + __mutex_lock+0x134/0x10e0 kernel/locking/mutex.c:1103 + blkdev_put+0x30/0x520 fs/block_dev.c:1804 + btrfs_close_bdev fs/btrfs/volumes.c:1117 [inline] + btrfs_close_bdev fs/btrfs/volumes.c:1107 [inline] + btrfs_close_one_device fs/btrfs/volumes.c:1133 [inline] + close_fs_devices.part.0+0x1a4/0x800 fs/btrfs/volumes.c:1161 + close_fs_devices fs/btrfs/volumes.c:1193 [inline] + btrfs_close_devices+0x95/0x1f0 fs/btrfs/volumes.c:1179 + close_ctree+0x688/0x6cb fs/btrfs/disk-io.c:4149 + generic_shutdown_super+0x144/0x370 fs/super.c:464 + kill_anon_super+0x36/0x60 fs/super.c:1108 + btrfs_kill_super+0x38/0x50 fs/btrfs/super.c:2265 + deactivate_locked_super+0x94/0x160 fs/super.c:335 + deactivate_super+0xad/0xd0 fs/super.c:366 + cleanup_mnt+0x3a3/0x530 fs/namespace.c:1118 + task_work_run+0xdd/0x190 kernel/task_work.c:141 + tracehook_notify_resume include/linux/tracehook.h:188 [inline] + exit_to_user_mode_loop kernel/entry/common.c:163 [inline] + exit_to_user_mode_prepare+0x1e1/0x200 kernel/entry/common.c:190 + syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:265 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x460027 + RSP: 002b:00007fff59216328 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 + RAX: 0000000000000000 RBX: 0000000000076035 RCX: 0000000000460027 + RDX: 0000000000403188 RSI: 0000000000000002 RDI: 00007fff592163d0 + RBP: 0000000000000333 R08: 0000000000000000 R09: 000000000000000b + R10: 0000000000000005 R11: 0000000000000246 R12: 00007fff59217460 + R13: 0000000002df2a60 R14: 0000000000000000 R15: 00007fff59217460 + +Signed-off-by: Josef Bacik +[ add syzbot reference ] +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/dev-replace.c | 3 ++- + fs/btrfs/volumes.c | 3 +++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c +index 26c9da82e6a91..e4a1c6afe35dc 100644 +--- a/fs/btrfs/dev-replace.c ++++ b/fs/btrfs/dev-replace.c +@@ -786,7 +786,6 @@ error: + if (test_bit(BTRFS_DEV_STATE_WRITEABLE, &src_device->dev_state)) + btrfs_scratch_superblocks(fs_info, src_device->bdev, + src_device->name->str); +- btrfs_rm_dev_replace_free_srcdev(src_device); + + /* write back the superblocks */ + trans = btrfs_start_transaction(root, 0); +@@ -795,6 +794,8 @@ error: + + mutex_unlock(&dev_replace->lock_finishing_cancel_unmount); + ++ btrfs_rm_dev_replace_free_srcdev(src_device); ++ + return 0; + } + +diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c +index 8b5f666a3ea66..79e9a80bd37a0 100644 +--- a/fs/btrfs/volumes.c ++++ b/fs/btrfs/volumes.c +@@ -2224,6 +2224,8 @@ void btrfs_rm_dev_replace_free_srcdev(struct btrfs_device *srcdev) + struct btrfs_fs_info *fs_info = srcdev->fs_info; + struct btrfs_fs_devices *fs_devices = srcdev->fs_devices; + ++ mutex_lock(&uuid_mutex); ++ + btrfs_close_bdev(srcdev); + synchronize_rcu(); + btrfs_free_device(srcdev); +@@ -2252,6 +2254,7 @@ void btrfs_rm_dev_replace_free_srcdev(struct btrfs_device *srcdev) + close_fs_devices(fs_devices); + free_fs_devices(fs_devices); + } ++ mutex_unlock(&uuid_mutex); + } + + void btrfs_destroy_dev_replace_tgtdev(struct btrfs_device *tgtdev) +-- +2.25.1 + diff --git a/queue-5.8/btrfs-move-btrfs_scratch_superblocks-into-btrfs_dev_.patch b/queue-5.8/btrfs-move-btrfs_scratch_superblocks-into-btrfs_dev_.patch new file mode 100644 index 00000000000..20387f087e9 --- /dev/null +++ b/queue-5.8/btrfs-move-btrfs_scratch_superblocks-into-btrfs_dev_.patch @@ -0,0 +1,88 @@ +From a8adf442a0c6c604c4a3e165b2675a75f8cce30a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 20 Aug 2020 11:18:26 -0400 +Subject: btrfs: move btrfs_scratch_superblocks into + btrfs_dev_replace_finishing + +From: Josef Bacik + +[ Upstream commit 313b085851c13ca08320372a05a7047ea25d3dd4 ] + +We need to move the closing of the src_device out of all the device +replace locking, but we definitely want to zero out the superblock +before we commit the last time to make sure the device is properly +removed. Handle this by pushing btrfs_scratch_superblocks into +btrfs_dev_replace_finishing, and then later on we'll move the src_device +closing and freeing stuff where we need it to be. + +Reviewed-by: Nikolay Borisov +Signed-off-by: Josef Bacik +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/dev-replace.c | 3 +++ + fs/btrfs/volumes.c | 12 +++--------- + fs/btrfs/volumes.h | 3 +++ + 3 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c +index eb86e4b88c73a..26c9da82e6a91 100644 +--- a/fs/btrfs/dev-replace.c ++++ b/fs/btrfs/dev-replace.c +@@ -783,6 +783,9 @@ error: + /* replace the sysfs entry */ + btrfs_sysfs_remove_devices_dir(fs_info->fs_devices, src_device); + btrfs_sysfs_update_devid(tgt_device); ++ if (test_bit(BTRFS_DEV_STATE_WRITEABLE, &src_device->dev_state)) ++ btrfs_scratch_superblocks(fs_info, src_device->bdev, ++ src_device->name->str); + btrfs_rm_dev_replace_free_srcdev(src_device); + + /* write back the superblocks */ +diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c +index 956eb0d6bc584..8b5f666a3ea66 100644 +--- a/fs/btrfs/volumes.c ++++ b/fs/btrfs/volumes.c +@@ -1999,9 +1999,9 @@ static u64 btrfs_num_devices(struct btrfs_fs_info *fs_info) + return num_devices; + } + +-static void btrfs_scratch_superblocks(struct btrfs_fs_info *fs_info, +- struct block_device *bdev, +- const char *device_path) ++void btrfs_scratch_superblocks(struct btrfs_fs_info *fs_info, ++ struct block_device *bdev, ++ const char *device_path) + { + struct btrfs_super_block *disk_super; + int copy_num; +@@ -2224,12 +2224,6 @@ void btrfs_rm_dev_replace_free_srcdev(struct btrfs_device *srcdev) + struct btrfs_fs_info *fs_info = srcdev->fs_info; + struct btrfs_fs_devices *fs_devices = srcdev->fs_devices; + +- if (test_bit(BTRFS_DEV_STATE_WRITEABLE, &srcdev->dev_state)) { +- /* zero out the old super if it is writable */ +- btrfs_scratch_superblocks(fs_info, srcdev->bdev, +- srcdev->name->str); +- } +- + btrfs_close_bdev(srcdev); + synchronize_rcu(); + btrfs_free_device(srcdev); +diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h +index 75af2334b2e37..83862e27f5663 100644 +--- a/fs/btrfs/volumes.h ++++ b/fs/btrfs/volumes.h +@@ -573,6 +573,9 @@ void btrfs_set_fs_info_ptr(struct btrfs_fs_info *fs_info); + void btrfs_reset_fs_info_ptr(struct btrfs_fs_info *fs_info); + bool btrfs_check_rw_degradable(struct btrfs_fs_info *fs_info, + struct btrfs_device *failing_dev); ++void btrfs_scratch_superblocks(struct btrfs_fs_info *fs_info, ++ struct block_device *bdev, ++ const char *device_path); + + int btrfs_bg_type_to_factor(u64 flags); + const char *btrfs_bg_type_to_raid_name(u64 flags); +-- +2.25.1 + diff --git a/queue-5.8/drm-amd-display-fix-return-value-check-for-hdcp_work.patch b/queue-5.8/drm-amd-display-fix-return-value-check-for-hdcp_work.patch new file mode 100644 index 00000000000..17bce77719a --- /dev/null +++ b/queue-5.8/drm-amd-display-fix-return-value-check-for-hdcp_work.patch @@ -0,0 +1,35 @@ +From 2c760c2a797a9d01e6f1eb41f3cebf751f5e6538 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 23 Sep 2020 14:42:59 +0800 +Subject: drm/amd/display: fix return value check for hdcp_work + +From: Flora Cui + +[ Upstream commit 898c7302f4de1d91065e80fc46552b3ec70894ff ] + +max_caps might be 0, thus hdcp_work might be ZERO_SIZE_PTR + +Signed-off-by: Flora Cui +Reviewed-by: Feifei Xu +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c +index 949d10ef83040..6dd1f3f8d9903 100644 +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c +@@ -568,7 +568,7 @@ struct hdcp_workqueue *hdcp_create_workqueue(struct amdgpu_device *adev, struct + int i = 0; + + hdcp_work = kcalloc(max_caps, sizeof(*hdcp_work), GFP_KERNEL); +- if (hdcp_work == NULL) ++ if (ZERO_OR_NULL_PTR(hdcp_work)) + return NULL; + + hdcp_work->srm = kcalloc(PSP_HDCP_SRM_FIRST_GEN_MAX_SIZE, sizeof(*hdcp_work->srm), GFP_KERNEL); +-- +2.25.1 + diff --git a/queue-5.8/drm-amd-pm-removed-fixed-clock-in-auto-mode-dpm.patch b/queue-5.8/drm-amd-pm-removed-fixed-clock-in-auto-mode-dpm.patch new file mode 100644 index 00000000000..21181f3dc82 --- /dev/null +++ b/queue-5.8/drm-amd-pm-removed-fixed-clock-in-auto-mode-dpm.patch @@ -0,0 +1,66 @@ +From fbbf189ebe8f48dc41b72a90f79ab159a168d2a8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 15 Sep 2020 12:48:20 +0530 +Subject: drm/amd/pm: Removed fixed clock in auto mode DPM + +From: Sudheesh Mavila + +[ Upstream commit 97cf32996c46d9935cc133d910a75fb687dd6144 ] + +SMU10_UMD_PSTATE_PEAK_FCLK value should not be used to set the DPM. + +Suggested-by: Evan Quan +Reviewed-by: Evan Quan +Signed-off-by: Sudheesh Mavila +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/powerplay/hwmgr/smu10_hwmgr.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/smu10_hwmgr.c b/drivers/gpu/drm/amd/powerplay/hwmgr/smu10_hwmgr.c +index 9ee8cf8267c88..43f7adff6cb74 100644 +--- a/drivers/gpu/drm/amd/powerplay/hwmgr/smu10_hwmgr.c ++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/smu10_hwmgr.c +@@ -563,6 +563,8 @@ static int smu10_dpm_force_dpm_level(struct pp_hwmgr *hwmgr, + struct smu10_hwmgr *data = hwmgr->backend; + uint32_t min_sclk = hwmgr->display_config->min_core_set_clock; + uint32_t min_mclk = hwmgr->display_config->min_mem_set_clock/100; ++ uint32_t index_fclk = data->clock_vol_info.vdd_dep_on_fclk->count - 1; ++ uint32_t index_socclk = data->clock_vol_info.vdd_dep_on_socclk->count - 1; + + if (hwmgr->smu_version < 0x1E3700) { + pr_info("smu firmware version too old, can not set dpm level\n"); +@@ -676,13 +678,13 @@ static int smu10_dpm_force_dpm_level(struct pp_hwmgr *hwmgr, + smum_send_msg_to_smc_with_parameter(hwmgr, + PPSMC_MSG_SetHardMinFclkByFreq, + hwmgr->display_config->num_display > 3 ? +- SMU10_UMD_PSTATE_PEAK_FCLK : ++ data->clock_vol_info.vdd_dep_on_fclk->entries[0].clk : + min_mclk, + NULL); + + smum_send_msg_to_smc_with_parameter(hwmgr, + PPSMC_MSG_SetHardMinSocclkByFreq, +- SMU10_UMD_PSTATE_MIN_SOCCLK, ++ data->clock_vol_info.vdd_dep_on_socclk->entries[0].clk, + NULL); + smum_send_msg_to_smc_with_parameter(hwmgr, + PPSMC_MSG_SetHardMinVcn, +@@ -695,11 +697,11 @@ static int smu10_dpm_force_dpm_level(struct pp_hwmgr *hwmgr, + NULL); + smum_send_msg_to_smc_with_parameter(hwmgr, + PPSMC_MSG_SetSoftMaxFclkByFreq, +- SMU10_UMD_PSTATE_PEAK_FCLK, ++ data->clock_vol_info.vdd_dep_on_fclk->entries[index_fclk].clk, + NULL); + smum_send_msg_to_smc_with_parameter(hwmgr, + PPSMC_MSG_SetSoftMaxSocclkByFreq, +- SMU10_UMD_PSTATE_PEAK_SOCCLK, ++ data->clock_vol_info.vdd_dep_on_socclk->entries[index_socclk].clk, + NULL); + smum_send_msg_to_smc_with_parameter(hwmgr, + PPSMC_MSG_SetSoftMaxVcn, +-- +2.25.1 + diff --git a/queue-5.8/drm-amdgpu-prevent-double-kfree-ttm-sg.patch b/queue-5.8/drm-amdgpu-prevent-double-kfree-ttm-sg.patch new file mode 100644 index 00000000000..68ea5d597ca --- /dev/null +++ b/queue-5.8/drm-amdgpu-prevent-double-kfree-ttm-sg.patch @@ -0,0 +1,79 @@ +From 2d1df67869176e28888a96f7e8cf3713ec5839c3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 15 Sep 2020 17:07:35 -0400 +Subject: drm/amdgpu: prevent double kfree ttm->sg +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Philip Yang + +[ Upstream commit 1d0e16ac1a9e800598dcfa5b6bc53b704a103390 ] + +Set ttm->sg to NULL after kfree, to avoid memory corruption backtrace: + +[ 420.932812] kernel BUG at +/build/linux-do9eLF/linux-4.15.0/mm/slub.c:295! +[ 420.934182] invalid opcode: 0000 [#1] SMP NOPTI +[ 420.935445] Modules linked in: xt_conntrack ipt_MASQUERADE +[ 420.951332] Hardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS +1.5.4 07/09/2020 +[ 420.952887] RIP: 0010:__slab_free+0x180/0x2d0 +[ 420.954419] RSP: 0018:ffffbe426291fa60 EFLAGS: 00010246 +[ 420.955963] RAX: ffff9e29263e9c30 RBX: ffff9e29263e9c30 RCX: +000000018100004b +[ 420.957512] RDX: ffff9e29263e9c30 RSI: fffff3d33e98fa40 RDI: +ffff9e297e407a80 +[ 420.959055] RBP: ffffbe426291fb00 R08: 0000000000000001 R09: +ffffffffc0d39ade +[ 420.960587] R10: ffffbe426291fb20 R11: ffff9e49ffdd4000 R12: +ffff9e297e407a80 +[ 420.962105] R13: fffff3d33e98fa40 R14: ffff9e29263e9c30 R15: +ffff9e2954464fd8 +[ 420.963611] FS: 00007fa2ea097780(0000) GS:ffff9e297e840000(0000) +knlGS:0000000000000000 +[ 420.965144] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 420.966663] CR2: 00007f16bfffefb8 CR3: 0000001ff0c62000 CR4: +0000000000340ee0 +[ 420.968193] Call Trace: +[ 420.969703] ? __page_cache_release+0x3c/0x220 +[ 420.971294] ? amdgpu_ttm_tt_unpopulate+0x5e/0x80 [amdgpu] +[ 420.972789] kfree+0x168/0x180 +[ 420.974353] ? amdgpu_ttm_tt_set_user_pages+0x64/0xc0 [amdgpu] +[ 420.975850] ? kfree+0x168/0x180 +[ 420.977403] amdgpu_ttm_tt_unpopulate+0x5e/0x80 [amdgpu] +[ 420.978888] ttm_tt_unpopulate.part.10+0x53/0x60 [amdttm] +[ 420.980357] ttm_tt_destroy.part.11+0x4f/0x60 [amdttm] +[ 420.981814] ttm_tt_destroy+0x13/0x20 [amdttm] +[ 420.983273] ttm_bo_cleanup_memtype_use+0x36/0x80 [amdttm] +[ 420.984725] ttm_bo_release+0x1c9/0x360 [amdttm] +[ 420.986167] amdttm_bo_put+0x24/0x30 [amdttm] +[ 420.987663] amdgpu_bo_unref+0x1e/0x30 [amdgpu] +[ 420.989165] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x9ca/0xb10 +[amdgpu] +[ 420.990666] kfd_ioctl_alloc_memory_of_gpu+0xef/0x2c0 [amdgpu] + +Signed-off-by: Philip Yang +Reviewed-by: Felix Kuehling +Reviewed-by: Christian König +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +index e59c01a83dace..9a3267f06376f 100644 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +@@ -1052,6 +1052,7 @@ static int amdgpu_ttm_tt_pin_userptr(struct ttm_tt *ttm) + + release_sg: + kfree(ttm->sg); ++ ttm->sg = NULL; + return r; + } + +-- +2.25.1 + diff --git a/queue-5.8/drm-vmwgfx-fix-error-handling-in-get_node.patch b/queue-5.8/drm-vmwgfx-fix-error-handling-in-get_node.patch new file mode 100644 index 00000000000..8fe5232058c --- /dev/null +++ b/queue-5.8/drm-vmwgfx-fix-error-handling-in-get_node.patch @@ -0,0 +1,55 @@ +From c14fc5489a401b111ff29247fccaea0eb333abd6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Sep 2020 11:54:10 -0400 +Subject: drm/vmwgfx: Fix error handling in get_node + +From: Zack Rusin + +[ Upstream commit f54c4442893b8dfbd3aff8e903c54dfff1aef990 ] + +ttm_mem_type_manager_func.get_node was changed to return -ENOSPC +instead of setting the node pointer to NULL. Unfortunately +vmwgfx still had two places where it was explicitly converting +-ENOSPC to 0 causing regressions. This fixes those spots by +allowing -ENOSPC to be returned. That seems to fix recent +regressions with vmwgfx. + +Signed-off-by: Zack Rusin +Reviewed-by: Roland Scheidegger +Reviewed-by: Martin Krastev +Sigend-off-by: Roland Scheidegger +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c | 2 +- + drivers/gpu/drm/vmwgfx/vmwgfx_thp.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c +index 7da752ca1c34b..b93c558dd86e0 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c +@@ -57,7 +57,7 @@ static int vmw_gmrid_man_get_node(struct ttm_mem_type_manager *man, + + id = ida_alloc_max(&gman->gmr_ida, gman->max_gmr_ids - 1, GFP_KERNEL); + if (id < 0) +- return (id != -ENOMEM ? 0 : id); ++ return id; + + spin_lock(&gman->lock); + +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_thp.c b/drivers/gpu/drm/vmwgfx/vmwgfx_thp.c +index b7c816ba71663..c8b9335bccd8d 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_thp.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_thp.c +@@ -95,7 +95,7 @@ found_unlock: + mem->start = node->start; + } + +- return 0; ++ return ret; + } + + +-- +2.25.1 + diff --git a/queue-5.8/io_uring-fix-potential-abba-deadlock-in-show_fdinfo.patch b/queue-5.8/io_uring-fix-potential-abba-deadlock-in-show_fdinfo.patch new file mode 100644 index 00000000000..e35b56f2ddc --- /dev/null +++ b/queue-5.8/io_uring-fix-potential-abba-deadlock-in-show_fdinfo.patch @@ -0,0 +1,207 @@ +From 33f8d94c1b053309a8ae56f7e3a86dca1f3bac36 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 28 Sep 2020 08:57:48 -0600 +Subject: io_uring: fix potential ABBA deadlock in ->show_fdinfo() + +From: Jens Axboe + +[ Upstream commit fad8e0de4426a776c9bcb060555e7c09e2d08db6 ] + +syzbot reports a potential lock deadlock between the normal IO path and +->show_fdinfo(): + +====================================================== +WARNING: possible circular locking dependency detected +5.9.0-rc6-syzkaller #0 Not tainted +------------------------------------------------------ +syz-executor.2/19710 is trying to acquire lock: +ffff888098ddc450 (sb_writers#4){.+.+}-{0:0}, at: io_write+0x6b5/0xb30 fs/io_uring.c:3296 + +but task is already holding lock: +ffff8880a11b8428 (&ctx->uring_lock){+.+.}-{3:3}, at: __do_sys_io_uring_enter+0xe9a/0x1bd0 fs/io_uring.c:8348 + +which lock already depends on the new lock. + +the existing dependency chain (in reverse order) is: + +-> #2 (&ctx->uring_lock){+.+.}-{3:3}: + __mutex_lock_common kernel/locking/mutex.c:956 [inline] + __mutex_lock+0x134/0x10e0 kernel/locking/mutex.c:1103 + __io_uring_show_fdinfo fs/io_uring.c:8417 [inline] + io_uring_show_fdinfo+0x194/0xc70 fs/io_uring.c:8460 + seq_show+0x4a8/0x700 fs/proc/fd.c:65 + seq_read+0x432/0x1070 fs/seq_file.c:208 + do_loop_readv_writev fs/read_write.c:734 [inline] + do_loop_readv_writev fs/read_write.c:721 [inline] + do_iter_read+0x48e/0x6e0 fs/read_write.c:955 + vfs_readv+0xe5/0x150 fs/read_write.c:1073 + kernel_readv fs/splice.c:355 [inline] + default_file_splice_read.constprop.0+0x4e6/0x9e0 fs/splice.c:412 + do_splice_to+0x137/0x170 fs/splice.c:871 + splice_direct_to_actor+0x307/0x980 fs/splice.c:950 + do_splice_direct+0x1b3/0x280 fs/splice.c:1059 + do_sendfile+0x55f/0xd40 fs/read_write.c:1540 + __do_sys_sendfile64 fs/read_write.c:1601 [inline] + __se_sys_sendfile64 fs/read_write.c:1587 [inline] + __x64_sys_sendfile64+0x1cc/0x210 fs/read_write.c:1587 + do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +-> #1 (&p->lock){+.+.}-{3:3}: + __mutex_lock_common kernel/locking/mutex.c:956 [inline] + __mutex_lock+0x134/0x10e0 kernel/locking/mutex.c:1103 + seq_read+0x61/0x1070 fs/seq_file.c:155 + pde_read fs/proc/inode.c:306 [inline] + proc_reg_read+0x221/0x300 fs/proc/inode.c:318 + do_loop_readv_writev fs/read_write.c:734 [inline] + do_loop_readv_writev fs/read_write.c:721 [inline] + do_iter_read+0x48e/0x6e0 fs/read_write.c:955 + vfs_readv+0xe5/0x150 fs/read_write.c:1073 + kernel_readv fs/splice.c:355 [inline] + default_file_splice_read.constprop.0+0x4e6/0x9e0 fs/splice.c:412 + do_splice_to+0x137/0x170 fs/splice.c:871 + splice_direct_to_actor+0x307/0x980 fs/splice.c:950 + do_splice_direct+0x1b3/0x280 fs/splice.c:1059 + do_sendfile+0x55f/0xd40 fs/read_write.c:1540 + __do_sys_sendfile64 fs/read_write.c:1601 [inline] + __se_sys_sendfile64 fs/read_write.c:1587 [inline] + __x64_sys_sendfile64+0x1cc/0x210 fs/read_write.c:1587 + do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +-> #0 (sb_writers#4){.+.+}-{0:0}: + check_prev_add kernel/locking/lockdep.c:2496 [inline] + check_prevs_add kernel/locking/lockdep.c:2601 [inline] + validate_chain kernel/locking/lockdep.c:3218 [inline] + __lock_acquire+0x2a96/0x5780 kernel/locking/lockdep.c:4441 + lock_acquire+0x1f3/0xaf0 kernel/locking/lockdep.c:5029 + percpu_down_read include/linux/percpu-rwsem.h:51 [inline] + __sb_start_write+0x228/0x450 fs/super.c:1672 + io_write+0x6b5/0xb30 fs/io_uring.c:3296 + io_issue_sqe+0x18f/0x5c50 fs/io_uring.c:5719 + __io_queue_sqe+0x280/0x1160 fs/io_uring.c:6175 + io_queue_sqe+0x692/0xfa0 fs/io_uring.c:6254 + io_submit_sqe fs/io_uring.c:6324 [inline] + io_submit_sqes+0x1761/0x2400 fs/io_uring.c:6521 + __do_sys_io_uring_enter+0xeac/0x1bd0 fs/io_uring.c:8349 + do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +other info that might help us debug this: + +Chain exists of: + sb_writers#4 --> &p->lock --> &ctx->uring_lock + + Possible unsafe locking scenario: + + CPU0 CPU1 + ---- ---- + lock(&ctx->uring_lock); + lock(&p->lock); + lock(&ctx->uring_lock); + lock(sb_writers#4); + + *** DEADLOCK *** + +1 lock held by syz-executor.2/19710: + #0: ffff8880a11b8428 (&ctx->uring_lock){+.+.}-{3:3}, at: __do_sys_io_uring_enter+0xe9a/0x1bd0 fs/io_uring.c:8348 + +stack backtrace: +CPU: 0 PID: 19710 Comm: syz-executor.2 Not tainted 5.9.0-rc6-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +Call Trace: + __dump_stack lib/dump_stack.c:77 [inline] + dump_stack+0x198/0x1fd lib/dump_stack.c:118 + check_noncircular+0x324/0x3e0 kernel/locking/lockdep.c:1827 + check_prev_add kernel/locking/lockdep.c:2496 [inline] + check_prevs_add kernel/locking/lockdep.c:2601 [inline] + validate_chain kernel/locking/lockdep.c:3218 [inline] + __lock_acquire+0x2a96/0x5780 kernel/locking/lockdep.c:4441 + lock_acquire+0x1f3/0xaf0 kernel/locking/lockdep.c:5029 + percpu_down_read include/linux/percpu-rwsem.h:51 [inline] + __sb_start_write+0x228/0x450 fs/super.c:1672 + io_write+0x6b5/0xb30 fs/io_uring.c:3296 + io_issue_sqe+0x18f/0x5c50 fs/io_uring.c:5719 + __io_queue_sqe+0x280/0x1160 fs/io_uring.c:6175 + io_queue_sqe+0x692/0xfa0 fs/io_uring.c:6254 + io_submit_sqe fs/io_uring.c:6324 [inline] + io_submit_sqes+0x1761/0x2400 fs/io_uring.c:6521 + __do_sys_io_uring_enter+0xeac/0x1bd0 fs/io_uring.c:8349 + do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 +RIP: 0033:0x45e179 +Code: 3d b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 +RSP: 002b:00007f1194e74c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa +RAX: ffffffffffffffda RBX: 00000000000082c0 RCX: 000000000045e179 +RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 +RBP: 000000000118cf98 R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c +R13: 00007ffd1aa5756f R14: 00007f1194e759c0 R15: 000000000118cf4c + +Fix this by just not diving into details if we fail to trylock the +io_uring mutex. We know the ctx isn't going away during this operation, +but we cannot safely iterate buffers/files/personalities if we don't +hold the io_uring mutex. + +Reported-by: syzbot+2f8fa4e860edc3066aba@syzkaller.appspotmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + fs/io_uring.c | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/fs/io_uring.c b/fs/io_uring.c +index ebc3586b18795..d2bb2ae9551f0 100644 +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -7998,11 +7998,19 @@ static int io_uring_show_cred(int id, void *p, void *data) + + static void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, struct seq_file *m) + { ++ bool has_lock; + int i; + +- mutex_lock(&ctx->uring_lock); ++ /* ++ * Avoid ABBA deadlock between the seq lock and the io_uring mutex, ++ * since fdinfo case grabs it in the opposite direction of normal use ++ * cases. If we fail to get the lock, we just don't iterate any ++ * structures that could be going away outside the io_uring mutex. ++ */ ++ has_lock = mutex_trylock(&ctx->uring_lock); ++ + seq_printf(m, "UserFiles:\t%u\n", ctx->nr_user_files); +- for (i = 0; i < ctx->nr_user_files; i++) { ++ for (i = 0; has_lock && i < ctx->nr_user_files; i++) { + struct fixed_file_table *table; + struct file *f; + +@@ -8014,13 +8022,13 @@ static void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, struct seq_file *m) + seq_printf(m, "%5u: \n", i); + } + seq_printf(m, "UserBufs:\t%u\n", ctx->nr_user_bufs); +- for (i = 0; i < ctx->nr_user_bufs; i++) { ++ for (i = 0; has_lock && i < ctx->nr_user_bufs; i++) { + struct io_mapped_ubuf *buf = &ctx->user_bufs[i]; + + seq_printf(m, "%5u: 0x%llx/%u\n", i, buf->ubuf, + (unsigned int) buf->len); + } +- if (!idr_is_empty(&ctx->personality_idr)) { ++ if (has_lock && !idr_is_empty(&ctx->personality_idr)) { + seq_printf(m, "Personalities:\n"); + idr_for_each(&ctx->personality_idr, io_uring_show_cred, m); + } +@@ -8035,7 +8043,8 @@ static void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, struct seq_file *m) + req->task->task_works != NULL); + } + spin_unlock_irq(&ctx->completion_lock); +- mutex_unlock(&ctx->uring_lock); ++ if (has_lock) ++ mutex_unlock(&ctx->uring_lock); + } + + static void io_uring_show_fdinfo(struct seq_file *m, struct file *f) +-- +2.25.1 + diff --git a/queue-5.8/iommu-vt-d-fix-lockdep-splat-in-iommu_flush_dev_iotl.patch b/queue-5.8/iommu-vt-d-fix-lockdep-splat-in-iommu_flush_dev_iotl.patch new file mode 100644 index 00000000000..a53b152d035 --- /dev/null +++ b/queue-5.8/iommu-vt-d-fix-lockdep-splat-in-iommu_flush_dev_iotl.patch @@ -0,0 +1,73 @@ +From fa3c1cc51d3336fe82bb3e537951d949af1e98fe Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 27 Sep 2020 14:24:28 +0800 +Subject: iommu/vt-d: Fix lockdep splat in iommu_flush_dev_iotlb() + +From: Lu Baolu + +[ Upstream commit 1a3f2fd7fc4e8f24510830e265de2ffb8e3300d2 ] + +Lock(&iommu->lock) without disabling irq causes lockdep warnings. + +[ 12.703950] ======================================================== +[ 12.703962] WARNING: possible irq lock inversion dependency detected +[ 12.703975] 5.9.0-rc6+ #659 Not tainted +[ 12.703983] -------------------------------------------------------- +[ 12.703995] systemd-udevd/284 just changed the state of lock: +[ 12.704007] ffffffffbd6ff4d8 (device_domain_lock){..-.}-{2:2}, at: + iommu_flush_dev_iotlb.part.57+0x2e/0x90 +[ 12.704031] but this lock took another, SOFTIRQ-unsafe lock in the past: +[ 12.704043] (&iommu->lock){+.+.}-{2:2} +[ 12.704045] + + and interrupts could create inverse lock ordering between + them. + +[ 12.704073] + other info that might help us debug this: +[ 12.704085] Possible interrupt unsafe locking scenario: + +[ 12.704097] CPU0 CPU1 +[ 12.704106] ---- ---- +[ 12.704115] lock(&iommu->lock); +[ 12.704123] local_irq_disable(); +[ 12.704134] lock(device_domain_lock); +[ 12.704146] lock(&iommu->lock); +[ 12.704158] +[ 12.704164] lock(device_domain_lock); +[ 12.704174] + *** DEADLOCK *** + +Signed-off-by: Lu Baolu +Link: https://lore.kernel.org/r/20200927062428.13713-1-baolu.lu@linux.intel.com +Signed-off-by: Joerg Roedel +Signed-off-by: Sasha Levin +--- + drivers/iommu/intel/iommu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c +index fbe0b0cc56edf..24a84d294fd01 100644 +--- a/drivers/iommu/intel/iommu.c ++++ b/drivers/iommu/intel/iommu.c +@@ -2617,7 +2617,7 @@ static struct dmar_domain *dmar_insert_one_dev_info(struct intel_iommu *iommu, + } + + /* Setup the PASID entry for requests without PASID: */ +- spin_lock(&iommu->lock); ++ spin_lock_irqsave(&iommu->lock, flags); + if (hw_pass_through && domain_type_is_si(domain)) + ret = intel_pasid_setup_pass_through(iommu, domain, + dev, PASID_RID2PASID); +@@ -2627,7 +2627,7 @@ static struct dmar_domain *dmar_insert_one_dev_info(struct intel_iommu *iommu, + else + ret = intel_pasid_setup_second_level(iommu, domain, + dev, PASID_RID2PASID); +- spin_unlock(&iommu->lock); ++ spin_unlock_irqrestore(&iommu->lock, flags); + if (ret) { + dev_err(dev, "Setup RID2PASID failed\n"); + dmar_remove_one_dev_info(dev); +-- +2.25.1 + diff --git a/queue-5.8/series b/queue-5.8/series index a254fe74d17..6c4187f6c50 100644 --- a/queue-5.8/series +++ b/queue-5.8/series @@ -43,3 +43,11 @@ sctp-fix-sctp_auth_init_hmacs-error-path.patch team-set-dev-needed_headroom-in-team_setup_by_port.patch net-team-fix-memory-leak-in-__team_options_register.patch openvswitch-handle-dnat-tuple-collision.patch +drm-amdgpu-prevent-double-kfree-ttm-sg.patch +btrfs-move-btrfs_scratch_superblocks-into-btrfs_dev_.patch +io_uring-fix-potential-abba-deadlock-in-show_fdinfo.patch +drm-amd-pm-removed-fixed-clock-in-auto-mode-dpm.patch +drm-amd-display-fix-return-value-check-for-hdcp_work.patch +drm-vmwgfx-fix-error-handling-in-get_node.patch +btrfs-move-btrfs_rm_dev_replace_free_srcdev-outside-.patch +iommu-vt-d-fix-lockdep-splat-in-iommu_flush_dev_iotl.patch