From: Greg Kroah-Hartman Date: Sat, 19 Mar 2022 13:14:29 +0000 (+0100) Subject: 5.16-stable patches X-Git-Tag: v4.9.308~31 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=90857900f729ef839127e09e88571a3d9187903b;p=thirdparty%2Fkernel%2Fstable-queue.git 5.16-stable patches added patches: block-release-rq-qos-structures-for-queue-without-disk.patch crypto-qcom-rng-ensure-buffer-for-generate-is-completely-filled.patch drm-mgag200-fix-pll-setup-for-g200wb-and-g200ew.patch mm-swap-get-rid-of-livelock-in-swapin-readahead.patch ocfs2-fix-crash-when-initialize-filecheck-kobj-fails.patch --- diff --git a/queue-5.16/block-release-rq-qos-structures-for-queue-without-disk.patch b/queue-5.16/block-release-rq-qos-structures-for-queue-without-disk.patch new file mode 100644 index 00000000000..7f97298d498 --- /dev/null +++ b/queue-5.16/block-release-rq-qos-structures-for-queue-without-disk.patch @@ -0,0 +1,56 @@ +From daaca3522a8e67c46e39ef09c1d542e866f85f3b Mon Sep 17 00:00:00 2001 +From: Ming Lei +Date: Mon, 14 Mar 2022 12:30:18 +0800 +Subject: block: release rq qos structures for queue without disk + +From: Ming Lei + +commit daaca3522a8e67c46e39ef09c1d542e866f85f3b upstream. + +blkcg_init_queue() may add rq qos structures to request queue, previously +blk_cleanup_queue() calls rq_qos_exit() to release them, but commit +8e141f9eb803 ("block: drain file system I/O on del_gendisk") +moves rq_qos_exit() into del_gendisk(), so memory leak is caused +because queues may not have disk, such as un-present scsi luns, nvme +admin queue, ... + +Fixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back. + +BTW, v5.18 won't need this patch any more since we move +blkcg_init_queue()/blkcg_exit_queue() into disk allocation/release +handler, and patches have been in for-5.18/block. + +Cc: Christoph Hellwig +Cc: stable@vger.kernel.org +Fixes: 8e141f9eb803 ("block: drain file system I/O on del_gendisk") +Reported-by: syzbot+b42749a851a47a0f581b@syzkaller.appspotmail.com +Signed-off-by: Ming Lei +Reviewed-by: Bart Van Assche +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/20220314043018.177141-1-ming.lei@redhat.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + block/blk-core.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/block/blk-core.c ++++ b/block/blk-core.c +@@ -51,6 +51,7 @@ + #include "blk-mq-sched.h" + #include "blk-pm.h" + #include "blk-throttle.h" ++#include "blk-rq-qos.h" + + struct dentry *blk_debugfs_root; + +@@ -354,6 +355,9 @@ void blk_cleanup_queue(struct request_qu + */ + blk_freeze_queue(q); + ++ /* cleanup rq qos structures for queue without disk */ ++ rq_qos_exit(q); ++ + blk_queue_flag_set(QUEUE_FLAG_DEAD, q); + + blk_sync_queue(q); diff --git a/queue-5.16/crypto-qcom-rng-ensure-buffer-for-generate-is-completely-filled.patch b/queue-5.16/crypto-qcom-rng-ensure-buffer-for-generate-is-completely-filled.patch new file mode 100644 index 00000000000..40a099e4f39 --- /dev/null +++ b/queue-5.16/crypto-qcom-rng-ensure-buffer-for-generate-is-completely-filled.patch @@ -0,0 +1,157 @@ +From a680b1832ced3b5fa7c93484248fd221ea0d614b Mon Sep 17 00:00:00 2001 +From: Brian Masney +Date: Thu, 10 Mar 2022 18:24:59 -0500 +Subject: crypto: qcom-rng - ensure buffer for generate is completely filled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Brian Masney + +commit a680b1832ced3b5fa7c93484248fd221ea0d614b upstream. + +The generate function in struct rng_alg expects that the destination +buffer is completely filled if the function returns 0. qcom_rng_read() +can run into a situation where the buffer is partially filled with +randomness and the remaining part of the buffer is zeroed since +qcom_rng_generate() doesn't check the return value. This issue can +be reproduced by running the following from libkcapi: + + kcapi-rng -b 9000000 > OUTFILE + +The generated OUTFILE will have three huge sections that contain all +zeros, and this is caused by the code where the test +'val & PRNG_STATUS_DATA_AVAIL' fails. + +Let's fix this issue by ensuring that qcom_rng_read() always returns +with a full buffer if the function returns success. Let's also have +qcom_rng_generate() return the correct value. + +Here's some statistics from the ent project +(https://www.fourmilab.ch/random/) that shows information about the +quality of the generated numbers: + + $ ent -c qcom-random-before + Value Char Occurrences Fraction + 0 606748 0.067416 + 1 33104 0.003678 + 2 33001 0.003667 + ... + 253 � 32883 0.003654 + 254 � 33035 0.003671 + 255 � 33239 0.003693 + + Total: 9000000 1.000000 + + Entropy = 7.811590 bits per byte. + + Optimum compression would reduce the size + of this 9000000 byte file by 2 percent. + + Chi square distribution for 9000000 samples is 9329962.81, and + randomly would exceed this value less than 0.01 percent of the + times. + + Arithmetic mean value of data bytes is 119.3731 (127.5 = random). + Monte Carlo value for Pi is 3.197293333 (error 1.77 percent). + Serial correlation coefficient is 0.159130 (totally uncorrelated = + 0.0). + +Without this patch, the results of the chi-square test is 0.01%, and +the numbers are certainly not random according to ent's project page. +The results improve with this patch: + + $ ent -c qcom-random-after + Value Char Occurrences Fraction + 0 35432 0.003937 + 1 35127 0.003903 + 2 35424 0.003936 + ... + 253 � 35201 0.003911 + 254 � 34835 0.003871 + 255 � 35368 0.003930 + + Total: 9000000 1.000000 + + Entropy = 7.999979 bits per byte. + + Optimum compression would reduce the size + of this 9000000 byte file by 0 percent. + + Chi square distribution for 9000000 samples is 258.77, and randomly + would exceed this value 42.24 percent of the times. + + Arithmetic mean value of data bytes is 127.5006 (127.5 = random). + Monte Carlo value for Pi is 3.141277333 (error 0.01 percent). + Serial correlation coefficient is 0.000468 (totally uncorrelated = + 0.0). + +This change was tested on a Nexus 5 phone (msm8974 SoC). + +Signed-off-by: Brian Masney +Fixes: ceec5f5b5988 ("crypto: qcom-rng - Add Qcom prng driver") +Cc: stable@vger.kernel.org # 4.19+ +Reviewed-by: Bjorn Andersson +Reviewed-by: Andrew Halaney +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/qcom-rng.c | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + +--- a/drivers/crypto/qcom-rng.c ++++ b/drivers/crypto/qcom-rng.c +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -43,16 +44,19 @@ static int qcom_rng_read(struct qcom_rng + { + unsigned int currsize = 0; + u32 val; ++ int ret; + + /* read random data from hardware */ + do { +- val = readl_relaxed(rng->base + PRNG_STATUS); +- if (!(val & PRNG_STATUS_DATA_AVAIL)) +- break; ++ ret = readl_poll_timeout(rng->base + PRNG_STATUS, val, ++ val & PRNG_STATUS_DATA_AVAIL, ++ 200, 10000); ++ if (ret) ++ return ret; + + val = readl_relaxed(rng->base + PRNG_DATA_OUT); + if (!val) +- break; ++ return -EINVAL; + + if ((max - currsize) >= WORD_SZ) { + memcpy(data, &val, WORD_SZ); +@@ -61,11 +65,10 @@ static int qcom_rng_read(struct qcom_rng + } else { + /* copy only remaining bytes */ + memcpy(data, &val, max - currsize); +- break; + } + } while (currsize < max); + +- return currsize; ++ return 0; + } + + static int qcom_rng_generate(struct crypto_rng *tfm, +@@ -87,7 +90,7 @@ static int qcom_rng_generate(struct cryp + mutex_unlock(&rng->lock); + clk_disable_unprepare(rng->clk); + +- return 0; ++ return ret; + } + + static int qcom_rng_seed(struct crypto_rng *tfm, const u8 *seed, diff --git a/queue-5.16/drm-mgag200-fix-pll-setup-for-g200wb-and-g200ew.patch b/queue-5.16/drm-mgag200-fix-pll-setup-for-g200wb-and-g200ew.patch new file mode 100644 index 00000000000..9d458178800 --- /dev/null +++ b/queue-5.16/drm-mgag200-fix-pll-setup-for-g200wb-and-g200ew.patch @@ -0,0 +1,44 @@ +From 40ce1121c1d76daf9048a86e36c83e469281b9fd Mon Sep 17 00:00:00 2001 +From: Jocelyn Falempe +Date: Tue, 8 Mar 2022 18:43:21 +0100 +Subject: drm/mgag200: Fix PLL setup for g200wb and g200ew + +From: Jocelyn Falempe + +commit 40ce1121c1d76daf9048a86e36c83e469281b9fd upstream. + +commit f86c3ed55920 ("drm/mgag200: Split PLL setup into compute and + update functions") introduced a regression for g200wb and g200ew. +The PLLs are not set up properly, and VGA screen stays +black, or displays "out of range" message. + +MGA1064_WB_PIX_PLLC_N/M/P was mistakenly replaced with +MGA1064_PIX_PLLC_N/M/P which have different addresses. + +Patch tested on a Dell T310 with g200wb + +Fixes: f86c3ed55920 ("drm/mgag200: Split PLL setup into compute and update functions") +Cc: stable@vger.kernel.org +Signed-off-by: Jocelyn Falempe +Signed-off-by: Thomas Zimmermann +Link: https://patchwork.freedesktop.org/patch/msgid/20220308174321.225606-1-jfalempe@redhat.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/mgag200/mgag200_pll.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/gpu/drm/mgag200/mgag200_pll.c ++++ b/drivers/gpu/drm/mgag200/mgag200_pll.c +@@ -404,9 +404,9 @@ mgag200_pixpll_update_g200wb(struct mgag + udelay(50); + + /* program pixel pll register */ +- WREG_DAC(MGA1064_PIX_PLLC_N, xpixpllcn); +- WREG_DAC(MGA1064_PIX_PLLC_M, xpixpllcm); +- WREG_DAC(MGA1064_PIX_PLLC_P, xpixpllcp); ++ WREG_DAC(MGA1064_WB_PIX_PLLC_N, xpixpllcn); ++ WREG_DAC(MGA1064_WB_PIX_PLLC_M, xpixpllcm); ++ WREG_DAC(MGA1064_WB_PIX_PLLC_P, xpixpllcp); + + udelay(50); + diff --git a/queue-5.16/mm-swap-get-rid-of-livelock-in-swapin-readahead.patch b/queue-5.16/mm-swap-get-rid-of-livelock-in-swapin-readahead.patch new file mode 100644 index 00000000000..f8ba7f2c5de --- /dev/null +++ b/queue-5.16/mm-swap-get-rid-of-livelock-in-swapin-readahead.patch @@ -0,0 +1,83 @@ +From 029c4628b2eb2ca969e9bf979b05dc18d8d5575e Mon Sep 17 00:00:00 2001 +From: Guo Ziliang +Date: Wed, 16 Mar 2022 16:15:03 -0700 +Subject: mm: swap: get rid of livelock in swapin readahead + +From: Guo Ziliang + +commit 029c4628b2eb2ca969e9bf979b05dc18d8d5575e upstream. + +In our testing, a livelock task was found. Through sysrq printing, same +stack was found every time, as follows: + + __swap_duplicate+0x58/0x1a0 + swapcache_prepare+0x24/0x30 + __read_swap_cache_async+0xac/0x220 + read_swap_cache_async+0x58/0xa0 + swapin_readahead+0x24c/0x628 + do_swap_page+0x374/0x8a0 + __handle_mm_fault+0x598/0xd60 + handle_mm_fault+0x114/0x200 + do_page_fault+0x148/0x4d0 + do_translation_fault+0xb0/0xd4 + do_mem_abort+0x50/0xb0 + +The reason for the livelock is that swapcache_prepare() always returns +EEXIST, indicating that SWAP_HAS_CACHE has not been cleared, so that it +cannot jump out of the loop. We suspect that the task that clears the +SWAP_HAS_CACHE flag never gets a chance to run. We try to lower the +priority of the task stuck in a livelock so that the task that clears +the SWAP_HAS_CACHE flag will run. The results show that the system +returns to normal after the priority is lowered. + +In our testing, multiple real-time tasks are bound to the same core, and +the task in the livelock is the highest priority task of the core, so +the livelocked task cannot be preempted. + +Although cond_resched() is used by __read_swap_cache_async, it is an +empty function in the preemptive system and cannot achieve the purpose +of releasing the CPU. A high-priority task cannot release the CPU +unless preempted by a higher-priority task. But when this task is +already the highest priority task on this core, other tasks will not be +able to be scheduled. So we think we should replace cond_resched() with +schedule_timeout_uninterruptible(1), schedule_timeout_interruptible will +call set_current_state first to set the task state, so the task will be +removed from the running queue, so as to achieve the purpose of giving +up the CPU and prevent it from running in kernel mode for too long. + +(akpm: ugly hack becomes uglier. But it fixes the issue in a +backportable-to-stable fashion while we hopefully work on something +better) + +Link: https://lkml.kernel.org/r/20220221111749.1928222-1-cgel.zte@gmail.com +Signed-off-by: Guo Ziliang +Reported-by: Zeal Robot +Reviewed-by: Ran Xiaokai +Reviewed-by: Jiang Xuexin +Reviewed-by: Yang Yang +Acked-by: Hugh Dickins +Cc: Naoya Horiguchi +Cc: Michal Hocko +Cc: Minchan Kim +Cc: Johannes Weiner +Cc: Roger Quadros +Cc: Ziliang Guo +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + mm/swap_state.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/swap_state.c ++++ b/mm/swap_state.c +@@ -478,7 +478,7 @@ struct page *__read_swap_cache_async(swp + * __read_swap_cache_async(), which has set SWAP_HAS_CACHE + * in swap_map, but not yet added its page to swap cache. + */ +- cond_resched(); ++ schedule_timeout_uninterruptible(1); + } + + /* diff --git a/queue-5.16/ocfs2-fix-crash-when-initialize-filecheck-kobj-fails.patch b/queue-5.16/ocfs2-fix-crash-when-initialize-filecheck-kobj-fails.patch new file mode 100644 index 00000000000..fe3c5c8a141 --- /dev/null +++ b/queue-5.16/ocfs2-fix-crash-when-initialize-filecheck-kobj-fails.patch @@ -0,0 +1,70 @@ +From 7b0b1332cfdb94489836b67d088a779699f8e47e Mon Sep 17 00:00:00 2001 +From: Joseph Qi +Date: Wed, 16 Mar 2022 16:15:09 -0700 +Subject: ocfs2: fix crash when initialize filecheck kobj fails + +From: Joseph Qi + +commit 7b0b1332cfdb94489836b67d088a779699f8e47e upstream. + +Once s_root is set, genric_shutdown_super() will be called if +fill_super() fails. That means, we will call ocfs2_dismount_volume() +twice in such case, which can lead to kernel crash. + +Fix this issue by initializing filecheck kobj before setting s_root. + +Link: https://lkml.kernel.org/r/20220310081930.86305-1-joseph.qi@linux.alibaba.com +Fixes: 5f483c4abb50 ("ocfs2: add kobject for online file check") +Signed-off-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + fs/ocfs2/super.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +--- a/fs/ocfs2/super.c ++++ b/fs/ocfs2/super.c +@@ -1106,17 +1106,6 @@ static int ocfs2_fill_super(struct super + goto read_super_error; + } + +- root = d_make_root(inode); +- if (!root) { +- status = -ENOMEM; +- mlog_errno(status); +- goto read_super_error; +- } +- +- sb->s_root = root; +- +- ocfs2_complete_mount_recovery(osb); +- + osb->osb_dev_kset = kset_create_and_add(sb->s_id, NULL, + &ocfs2_kset->kobj); + if (!osb->osb_dev_kset) { +@@ -1134,6 +1123,17 @@ static int ocfs2_fill_super(struct super + goto read_super_error; + } + ++ root = d_make_root(inode); ++ if (!root) { ++ status = -ENOMEM; ++ mlog_errno(status); ++ goto read_super_error; ++ } ++ ++ sb->s_root = root; ++ ++ ocfs2_complete_mount_recovery(osb); ++ + if (ocfs2_mount_local(osb)) + snprintf(nodestr, sizeof(nodestr), "local"); + else diff --git a/queue-5.16/series b/queue-5.16/series new file mode 100644 index 00000000000..be38eeaed5f --- /dev/null +++ b/queue-5.16/series @@ -0,0 +1,5 @@ +crypto-qcom-rng-ensure-buffer-for-generate-is-completely-filled.patch +ocfs2-fix-crash-when-initialize-filecheck-kobj-fails.patch +mm-swap-get-rid-of-livelock-in-swapin-readahead.patch +block-release-rq-qos-structures-for-queue-without-disk.patch +drm-mgag200-fix-pll-setup-for-g200wb-and-g200ew.patch