From: Greg Kroah-Hartman Date: Thu, 21 Mar 2019 10:23:50 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v3.18.137~25 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=90a0f3ad1b7f9338628b56a5ec595ad413d6be8a;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: md-fix-failed-allocation-of-md_register_thread.patch nfs-don-t-recoalesce-on-error-in-nfs_pageio_complete_mirror.patch nfs-fix-an-i-o-request-leakage-in-nfs_do_recoalesce.patch nfs41-pop-some-layoutget-errors-to-application.patch nfsd-fix-memory-corruption-caused-by-readdir.patch nfsd-fix-wrong-check-in-write_v4_end_grace.patch perf-auxtrace-define-auxtrace-record-alignment.patch perf-intel-pt-fix-cyc-timestamp-calculation-after-ovf.patch perf-intel-pt-fix-overlap-calculation-for-padding.patch pm-wakeup-rework-wakeup-source-timer-cancellation.patch --- diff --git a/queue-4.4/md-fix-failed-allocation-of-md_register_thread.patch b/queue-4.4/md-fix-failed-allocation-of-md_register_thread.patch new file mode 100644 index 00000000000..7b65d86f540 --- /dev/null +++ b/queue-4.4/md-fix-failed-allocation-of-md_register_thread.patch @@ -0,0 +1,49 @@ +From e406f12dde1a8375d77ea02d91f313fb1a9c6aec Mon Sep 17 00:00:00 2001 +From: Aditya Pakki +Date: Mon, 4 Mar 2019 16:48:54 -0600 +Subject: md: Fix failed allocation of md_register_thread + +From: Aditya Pakki + +commit e406f12dde1a8375d77ea02d91f313fb1a9c6aec upstream. + +mddev->sync_thread can be set to NULL on kzalloc failure downstream. +The patch checks for such a scenario and frees allocated resources. + +Committer node: + +Added similar fix to raid5.c, as suggested by Guoqing. + +Cc: stable@vger.kernel.org # v3.16+ +Acked-by: Guoqing Jiang +Signed-off-by: Aditya Pakki +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/raid10.c | 2 ++ + drivers/md/raid5.c | 2 ++ + 2 files changed, 4 insertions(+) + +--- a/drivers/md/raid10.c ++++ b/drivers/md/raid10.c +@@ -3755,6 +3755,8 @@ static int run(struct mddev *mddev) + set_bit(MD_RECOVERY_RUNNING, &mddev->recovery); + mddev->sync_thread = md_register_thread(md_do_sync, mddev, + "reshape"); ++ if (!mddev->sync_thread) ++ goto out_free_conf; + } + + return 0; +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -6973,6 +6973,8 @@ static int run(struct mddev *mddev) + set_bit(MD_RECOVERY_RUNNING, &mddev->recovery); + mddev->sync_thread = md_register_thread(md_do_sync, mddev, + "reshape"); ++ if (!mddev->sync_thread) ++ goto abort; + } + + /* Ok, everything is just fine now */ diff --git a/queue-4.4/nfs-don-t-recoalesce-on-error-in-nfs_pageio_complete_mirror.patch b/queue-4.4/nfs-don-t-recoalesce-on-error-in-nfs_pageio_complete_mirror.patch new file mode 100644 index 00000000000..b8f6368afe7 --- /dev/null +++ b/queue-4.4/nfs-don-t-recoalesce-on-error-in-nfs_pageio_complete_mirror.patch @@ -0,0 +1,32 @@ +From 8127d82705998568b52ac724e28e00941538083d Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Fri, 15 Feb 2019 16:08:25 -0500 +Subject: NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() + +From: Trond Myklebust + +commit 8127d82705998568b52ac724e28e00941538083d upstream. + +If the I/O completion failed with a fatal error, then we should just +exit nfs_pageio_complete_mirror() rather than try to recoalesce. + +Fixes: a7d42ddb3099 ("nfs: add mirroring support to pgio layer") +Signed-off-by: Trond Myklebust +Cc: stable@vger.kernel.org # v4.0+ +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/pagelist.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -1202,7 +1202,7 @@ static void nfs_pageio_complete_mirror(s + desc->pg_mirror_idx = mirror_idx; + for (;;) { + nfs_pageio_doio(desc); +- if (!mirror->pg_recoalesce) ++ if (desc->pg_error < 0 || !mirror->pg_recoalesce) + break; + if (!nfs_do_recoalesce(desc)) + break; diff --git a/queue-4.4/nfs-fix-an-i-o-request-leakage-in-nfs_do_recoalesce.patch b/queue-4.4/nfs-fix-an-i-o-request-leakage-in-nfs_do_recoalesce.patch new file mode 100644 index 00000000000..8d94ee6cb55 --- /dev/null +++ b/queue-4.4/nfs-fix-an-i-o-request-leakage-in-nfs_do_recoalesce.patch @@ -0,0 +1,31 @@ +From 4d91969ed4dbcefd0e78f77494f0cb8fada9048a Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Fri, 15 Feb 2019 14:59:52 -0500 +Subject: NFS: Fix an I/O request leakage in nfs_do_recoalesce + +From: Trond Myklebust + +commit 4d91969ed4dbcefd0e78f77494f0cb8fada9048a upstream. + +Whether we need to exit early, or just reprocess the list, we +must not lost track of the request which failed to get recoalesced. + +Fixes: 03d5eb65b538 ("NFS: Fix a memory leak in nfs_do_recoalesce") +Signed-off-by: Trond Myklebust +Cc: stable@vger.kernel.org # v4.0+ +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/pagelist.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -1107,7 +1107,6 @@ static int nfs_do_recoalesce(struct nfs_ + struct nfs_page *req; + + req = list_first_entry(&head, struct nfs_page, wb_list); +- nfs_list_remove_request(req); + if (__nfs_pageio_add_request(desc, req)) + continue; + if (desc->pg_error < 0) { diff --git a/queue-4.4/nfs41-pop-some-layoutget-errors-to-application.patch b/queue-4.4/nfs41-pop-some-layoutget-errors-to-application.patch new file mode 100644 index 00000000000..2556ab9851d --- /dev/null +++ b/queue-4.4/nfs41-pop-some-layoutget-errors-to-application.patch @@ -0,0 +1,302 @@ +From d600ad1f2bdbf97c4818dcc85b174f72c90c21bd Mon Sep 17 00:00:00 2001 +From: Peng Tao +Date: Fri, 4 Dec 2015 02:57:48 +0800 +Subject: NFS41: pop some layoutget errors to application + +From: Peng Tao + +commit d600ad1f2bdbf97c4818dcc85b174f72c90c21bd upstream. + +For ERESTARTSYS/EIO/EROFS/ENOSPC/E2BIG in layoutget, we +should just bail out instead of hiding the error and +retrying inband IO. + +Change all the call sites to pop the error all the way up. + +Signed-off-by: Peng Tao +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/direct.c | 15 ++++++++++++++- + fs/nfs/filelayout/filelayout.c | 17 +++++++++++++++-- + fs/nfs/flexfilelayout/flexfilelayout.c | 25 ++++++++++++++++++++++--- + fs/nfs/pagelist.c | 9 ++++++++- + fs/nfs/pnfs.c | 24 ++++++++++++++++++------ + fs/nfs/read.c | 2 +- + 6 files changed, 78 insertions(+), 14 deletions(-) + +--- a/fs/nfs/direct.c ++++ b/fs/nfs/direct.c +@@ -670,6 +670,10 @@ static void nfs_direct_write_reschedule( + + req = nfs_list_entry(reqs.next); + nfs_direct_setup_mirroring(dreq, &desc, req); ++ if (desc.pg_error < 0) { ++ list_splice_init(&reqs, &failed); ++ goto out_failed; ++ } + + list_for_each_entry_safe(req, tmp, &reqs, wb_list) { + if (!nfs_pageio_add_request(&desc, req)) { +@@ -677,13 +681,17 @@ static void nfs_direct_write_reschedule( + nfs_list_add_request(req, &failed); + spin_lock(cinfo.lock); + dreq->flags = 0; +- dreq->error = -EIO; ++ if (desc.pg_error < 0) ++ dreq->error = desc.pg_error; ++ else ++ dreq->error = -EIO; + spin_unlock(cinfo.lock); + } + nfs_release_request(req); + } + nfs_pageio_complete(&desc); + ++out_failed: + while (!list_empty(&failed)) { + req = nfs_list_entry(failed.next); + nfs_list_remove_request(req); +@@ -898,6 +906,11 @@ static ssize_t nfs_direct_write_schedule + } + + nfs_direct_setup_mirroring(dreq, &desc, req); ++ if (desc.pg_error < 0) { ++ nfs_free_request(req); ++ result = desc.pg_error; ++ break; ++ } + + nfs_lock_request(req); + req->wb_index = pos >> PAGE_SHIFT; +--- a/fs/nfs/filelayout/filelayout.c ++++ b/fs/nfs/filelayout/filelayout.c +@@ -882,13 +882,19 @@ static void + filelayout_pg_init_read(struct nfs_pageio_descriptor *pgio, + struct nfs_page *req) + { +- if (!pgio->pg_lseg) ++ if (!pgio->pg_lseg) { + pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, + req->wb_context, + 0, + NFS4_MAX_UINT64, + IOMODE_READ, + GFP_KERNEL); ++ if (IS_ERR(pgio->pg_lseg)) { ++ pgio->pg_error = PTR_ERR(pgio->pg_lseg); ++ pgio->pg_lseg = NULL; ++ return; ++ } ++ } + /* If no lseg, fall back to read through mds */ + if (pgio->pg_lseg == NULL) + nfs_pageio_reset_read_mds(pgio); +@@ -901,13 +907,20 @@ filelayout_pg_init_write(struct nfs_page + struct nfs_commit_info cinfo; + int status; + +- if (!pgio->pg_lseg) ++ if (!pgio->pg_lseg) { + pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, + req->wb_context, + 0, + NFS4_MAX_UINT64, + IOMODE_RW, + GFP_NOFS); ++ if (IS_ERR(pgio->pg_lseg)) { ++ pgio->pg_error = PTR_ERR(pgio->pg_lseg); ++ pgio->pg_lseg = NULL; ++ return; ++ } ++ } ++ + /* If no lseg, fall back to write through mds */ + if (pgio->pg_lseg == NULL) + goto out_mds; +--- a/fs/nfs/flexfilelayout/flexfilelayout.c ++++ b/fs/nfs/flexfilelayout/flexfilelayout.c +@@ -786,13 +786,19 @@ ff_layout_pg_init_read(struct nfs_pageio + int ds_idx; + + /* Use full layout for now */ +- if (!pgio->pg_lseg) ++ if (!pgio->pg_lseg) { + pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, + req->wb_context, + 0, + NFS4_MAX_UINT64, + IOMODE_READ, + GFP_KERNEL); ++ if (IS_ERR(pgio->pg_lseg)) { ++ pgio->pg_error = PTR_ERR(pgio->pg_lseg); ++ pgio->pg_lseg = NULL; ++ return; ++ } ++ } + /* If no lseg, fall back to read through mds */ + if (pgio->pg_lseg == NULL) + goto out_mds; +@@ -826,13 +832,19 @@ ff_layout_pg_init_write(struct nfs_pagei + int i; + int status; + +- if (!pgio->pg_lseg) ++ if (!pgio->pg_lseg) { + pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, + req->wb_context, + 0, + NFS4_MAX_UINT64, + IOMODE_RW, + GFP_NOFS); ++ if (IS_ERR(pgio->pg_lseg)) { ++ pgio->pg_error = PTR_ERR(pgio->pg_lseg); ++ pgio->pg_lseg = NULL; ++ return; ++ } ++ } + /* If no lseg, fall back to write through mds */ + if (pgio->pg_lseg == NULL) + goto out_mds; +@@ -868,18 +880,25 @@ static unsigned int + ff_layout_pg_get_mirror_count_write(struct nfs_pageio_descriptor *pgio, + struct nfs_page *req) + { +- if (!pgio->pg_lseg) ++ if (!pgio->pg_lseg) { + pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, + req->wb_context, + 0, + NFS4_MAX_UINT64, + IOMODE_RW, + GFP_NOFS); ++ if (IS_ERR(pgio->pg_lseg)) { ++ pgio->pg_error = PTR_ERR(pgio->pg_lseg); ++ pgio->pg_lseg = NULL; ++ goto out; ++ } ++ } + if (pgio->pg_lseg) + return FF_LAYOUT_MIRROR_COUNT(pgio->pg_lseg); + + /* no lseg means that pnfs is not in use, so no mirroring here */ + nfs_pageio_reset_write_mds(pgio); ++out: + return 1; + } + +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -872,6 +872,9 @@ static int nfs_pageio_setup_mirroring(st + + mirror_count = pgio->pg_ops->pg_get_mirror_count(pgio, req); + ++ if (pgio->pg_error < 0) ++ return pgio->pg_error; ++ + if (!mirror_count || mirror_count > NFS_PAGEIO_DESCRIPTOR_MIRROR_MAX) + return -EINVAL; + +@@ -980,6 +983,8 @@ static int nfs_pageio_do_add_request(str + } else { + if (desc->pg_ops->pg_init) + desc->pg_ops->pg_init(desc, req); ++ if (desc->pg_error < 0) ++ return 0; + mirror->pg_base = req->wb_pgbase; + } + if (!nfs_can_coalesce_requests(prev, req, desc)) +@@ -1145,6 +1150,8 @@ int nfs_pageio_add_request(struct nfs_pa + bytes = req->wb_bytes; + + nfs_pageio_setup_mirroring(desc, req); ++ if (desc->pg_error < 0) ++ return 0; + + for (midx = 0; midx < desc->pg_mirror_count; midx++) { + if (midx) { +@@ -1230,7 +1237,7 @@ int nfs_pageio_resend(struct nfs_pageio_ + nfs_pageio_complete(desc); + if (!list_empty(&failed)) { + list_move(&failed, &hdr->pages); +- return -EIO; ++ return desc->pg_error < 0 ? desc->pg_error : -EIO; + } + return 0; + } +--- a/fs/nfs/pnfs.c ++++ b/fs/nfs/pnfs.c +@@ -909,14 +909,15 @@ send_layoutget(struct pnfs_layout_hdr *l + + if (IS_ERR(lseg)) { + switch (PTR_ERR(lseg)) { +- case -ENOMEM: + case -ERESTARTSYS: ++ case -EIO: ++ case -ENOSPC: ++ case -EROFS: ++ case -E2BIG: + break; + default: +- /* remember that LAYOUTGET failed and suspend trying */ +- pnfs_layout_io_set_failed(lo, range->iomode); ++ return NULL; + } +- return NULL; + } else + pnfs_layout_clear_fail_bit(lo, + pnfs_iomode_to_fail_bit(range->iomode)); +@@ -1625,7 +1626,7 @@ out: + "(%s, offset: %llu, length: %llu)\n", + __func__, ino->i_sb->s_id, + (unsigned long long)NFS_FILEID(ino), +- lseg == NULL ? "not found" : "found", ++ IS_ERR_OR_NULL(lseg) ? "not found" : "found", + iomode==IOMODE_RW ? "read/write" : "read-only", + (unsigned long long)pos, + (unsigned long long)count); +@@ -1804,6 +1805,11 @@ pnfs_generic_pg_init_read(struct nfs_pag + rd_size, + IOMODE_READ, + GFP_KERNEL); ++ if (IS_ERR(pgio->pg_lseg)) { ++ pgio->pg_error = PTR_ERR(pgio->pg_lseg); ++ pgio->pg_lseg = NULL; ++ return; ++ } + } + /* If no lseg, fall back to read through mds */ + if (pgio->pg_lseg == NULL) +@@ -1816,13 +1822,19 @@ void + pnfs_generic_pg_init_write(struct nfs_pageio_descriptor *pgio, + struct nfs_page *req, u64 wb_size) + { +- if (pgio->pg_lseg == NULL) ++ if (pgio->pg_lseg == NULL) { + pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, + req->wb_context, + req_offset(req), + wb_size, + IOMODE_RW, + GFP_NOFS); ++ if (IS_ERR(pgio->pg_lseg)) { ++ pgio->pg_error = PTR_ERR(pgio->pg_lseg); ++ pgio->pg_lseg = NULL; ++ return; ++ } ++ } + /* If no lseg, fall back to write through mds */ + if (pgio->pg_lseg == NULL) + nfs_pageio_reset_write_mds(pgio); +--- a/fs/nfs/read.c ++++ b/fs/nfs/read.c +@@ -115,7 +115,7 @@ int nfs_readpage_async(struct nfs_open_c + pgm = &pgio.pg_mirrors[0]; + NFS_I(inode)->read_io += pgm->pg_bytes_written; + +- return 0; ++ return pgio.pg_error < 0 ? pgio.pg_error : 0; + } + + static void nfs_readpage_release(struct nfs_page *req) diff --git a/queue-4.4/nfsd-fix-memory-corruption-caused-by-readdir.patch b/queue-4.4/nfsd-fix-memory-corruption-caused-by-readdir.patch new file mode 100644 index 00000000000..ac8bad4a032 --- /dev/null +++ b/queue-4.4/nfsd-fix-memory-corruption-caused-by-readdir.patch @@ -0,0 +1,98 @@ +From b602345da6cbb135ba68cf042df8ec9a73da7981 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Mon, 4 Mar 2019 14:08:22 +1100 +Subject: nfsd: fix memory corruption caused by readdir + +From: NeilBrown + +commit b602345da6cbb135ba68cf042df8ec9a73da7981 upstream. + +If the result of an NFSv3 readdir{,plus} request results in the +"offset" on one entry having to be split across 2 pages, and is sized +so that the next directory entry doesn't fit in the requested size, +then memory corruption can happen. + +When encode_entry() is called after encoding the last entry that fits, +it notices that ->offset and ->offset1 are set, and so stores the +offset value in the two pages as required. It clears ->offset1 but +*does not* clear ->offset. + +Normally this omission doesn't matter as encode_entry_baggage() will +be called, and will set ->offset to a suitable value (not on a page +boundary). +But in the case where cd->buflen < elen and nfserr_toosmall is +returned, ->offset is not reset. + +This means that nfsd3proc_readdirplus will see ->offset with a value 4 +bytes before the end of a page, and ->offset1 set to NULL. +It will try to write 8bytes to ->offset. +If we are lucky, the next page will be read-only, and the system will + BUG: unable to handle kernel paging request at... + +If we are unlucky, some innocent page will have the first 4 bytes +corrupted. + +nfsd3proc_readdir() doesn't even check for ->offset1, it just blindly +writes 8 bytes to the offset wherever it is. + +Fix this by clearing ->offset after it is used, and copying the +->offset handling code from nfsd3_proc_readdirplus into +nfsd3_proc_readdir. + +(Note that the commit hash in the Fixes tag is from the 'history' + tree - this bug predates git). + +Fixes: 0b1d57cf7654 ("[PATCH] kNFSd: Fix nfs3 dentry encoding") +Fixes-URL: https://git.kernel.org/pub/scm/linux/kernel/git/history/history.git/commit/?id=0b1d57cf7654 +Cc: stable@vger.kernel.org (v2.6.12+) +Signed-off-by: NeilBrown +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs3proc.c | 16 ++++++++++++++-- + fs/nfsd/nfs3xdr.c | 1 + + 2 files changed, 15 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/nfs3proc.c ++++ b/fs/nfsd/nfs3proc.c +@@ -430,8 +430,19 @@ nfsd3_proc_readdir(struct svc_rqst *rqst + &resp->common, nfs3svc_encode_entry); + memcpy(resp->verf, argp->verf, 8); + resp->count = resp->buffer - argp->buffer; +- if (resp->offset) +- xdr_encode_hyper(resp->offset, argp->cookie); ++ if (resp->offset) { ++ loff_t offset = argp->cookie; ++ ++ if (unlikely(resp->offset1)) { ++ /* we ended up with offset on a page boundary */ ++ *resp->offset = htonl(offset >> 32); ++ *resp->offset1 = htonl(offset & 0xffffffff); ++ resp->offset1 = NULL; ++ } else { ++ xdr_encode_hyper(resp->offset, offset); ++ } ++ resp->offset = NULL; ++ } + + RETURN_STATUS(nfserr); + } +@@ -499,6 +510,7 @@ nfsd3_proc_readdirplus(struct svc_rqst * + } else { + xdr_encode_hyper(resp->offset, offset); + } ++ resp->offset = NULL; + } + + RETURN_STATUS(nfserr); +--- a/fs/nfsd/nfs3xdr.c ++++ b/fs/nfsd/nfs3xdr.c +@@ -898,6 +898,7 @@ encode_entry(struct readdir_cd *ccd, con + } else { + xdr_encode_hyper(cd->offset, offset64); + } ++ cd->offset = NULL; + } + + /* diff --git a/queue-4.4/nfsd-fix-wrong-check-in-write_v4_end_grace.patch b/queue-4.4/nfsd-fix-wrong-check-in-write_v4_end_grace.patch new file mode 100644 index 00000000000..786b93c6cf1 --- /dev/null +++ b/queue-4.4/nfsd-fix-wrong-check-in-write_v4_end_grace.patch @@ -0,0 +1,35 @@ +From dd838821f0a29781b185cd8fb8e48d5c177bd838 Mon Sep 17 00:00:00 2001 +From: Yihao Wu +Date: Wed, 6 Mar 2019 21:03:50 +0800 +Subject: nfsd: fix wrong check in write_v4_end_grace() + +From: Yihao Wu + +commit dd838821f0a29781b185cd8fb8e48d5c177bd838 upstream. + +Commit 62a063b8e7d1 "nfsd4: fix crash on writing v4_end_grace before +nfsd startup" is trying to fix a NULL dereference issue, but it +mistakenly checks if the nfsd server is started. So fix it. + +Fixes: 62a063b8e7d1 "nfsd4: fix crash on writing v4_end_grace before nfsd startup" +Cc: stable@vger.kernel.org +Reviewed-by: Joseph Qi +Signed-off-by: Yihao Wu +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfsctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfsd/nfsctl.c ++++ b/fs/nfsd/nfsctl.c +@@ -1106,7 +1106,7 @@ static ssize_t write_v4_end_grace(struct + case 'Y': + case 'y': + case '1': +- if (nn->nfsd_serv) ++ if (!nn->nfsd_serv) + return -EBUSY; + nfsd4_end_grace(nn); + break; diff --git a/queue-4.4/perf-auxtrace-define-auxtrace-record-alignment.patch b/queue-4.4/perf-auxtrace-define-auxtrace-record-alignment.patch new file mode 100644 index 00000000000..ce6dfcc945f --- /dev/null +++ b/queue-4.4/perf-auxtrace-define-auxtrace-record-alignment.patch @@ -0,0 +1,52 @@ +From c3fcadf0bb765faf45d6d562246e1d08885466df Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Wed, 6 Feb 2019 12:39:43 +0200 +Subject: perf auxtrace: Define auxtrace record alignment + +From: Adrian Hunter + +commit c3fcadf0bb765faf45d6d562246e1d08885466df upstream. + +Define auxtrace record alignment so that it can be referenced elsewhere. + +Note this is preparation for patch "perf intel-pt: Fix overlap calculation +for padding" + +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/20190206103947.15750-2-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/auxtrace.c | 4 ++-- + tools/perf/util/auxtrace.h | 3 +++ + 2 files changed, 5 insertions(+), 2 deletions(-) + +--- a/tools/perf/util/auxtrace.c ++++ b/tools/perf/util/auxtrace.c +@@ -1226,9 +1226,9 @@ static int __auxtrace_mmap__read(struct + } + + /* padding must be written by fn() e.g. record__process_auxtrace() */ +- padding = size & 7; ++ padding = size & (PERF_AUXTRACE_RECORD_ALIGNMENT - 1); + if (padding) +- padding = 8 - padding; ++ padding = PERF_AUXTRACE_RECORD_ALIGNMENT - padding; + + memset(&ev, 0, sizeof(ev)); + ev.auxtrace.header.type = PERF_RECORD_AUXTRACE; +--- a/tools/perf/util/auxtrace.h ++++ b/tools/perf/util/auxtrace.h +@@ -37,6 +37,9 @@ struct record_opts; + struct auxtrace_info_event; + struct events_stats; + ++/* Auxtrace records must have the same alignment as perf event records */ ++#define PERF_AUXTRACE_RECORD_ALIGNMENT 8 ++ + enum auxtrace_type { + PERF_AUXTRACE_UNKNOWN, + PERF_AUXTRACE_INTEL_PT, diff --git a/queue-4.4/perf-intel-pt-fix-cyc-timestamp-calculation-after-ovf.patch b/queue-4.4/perf-intel-pt-fix-cyc-timestamp-calculation-after-ovf.patch new file mode 100644 index 00000000000..2bae7ad6aff --- /dev/null +++ b/queue-4.4/perf-intel-pt-fix-cyc-timestamp-calculation-after-ovf.patch @@ -0,0 +1,36 @@ +From 03997612904866abe7cdcc992784ef65cb3a4b81 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Wed, 6 Feb 2019 12:39:45 +0200 +Subject: perf intel-pt: Fix CYC timestamp calculation after OVF + +From: Adrian Hunter + +commit 03997612904866abe7cdcc992784ef65cb3a4b81 upstream. + +CYC packet timestamp calculation depends upon CBR which was being +cleared upon overflow (OVF). That can cause errors due to failing to +synchronize with sideband events. Even if a CBR change has been lost, +the old CBR is still a better estimate than zero. So remove the clearing +of CBR. + +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/20190206103947.15750-4-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -1281,7 +1281,6 @@ static int intel_pt_overflow(struct inte + { + intel_pt_log("ERROR: Buffer overflow\n"); + intel_pt_clear_tx_flags(decoder); +- decoder->cbr = 0; + decoder->timestamp_insn_cnt = 0; + decoder->pkt_state = INTEL_PT_STATE_ERR_RESYNC; + decoder->overflow = true; diff --git a/queue-4.4/perf-intel-pt-fix-overlap-calculation-for-padding.patch b/queue-4.4/perf-intel-pt-fix-overlap-calculation-for-padding.patch new file mode 100644 index 00000000000..ddae0732daa --- /dev/null +++ b/queue-4.4/perf-intel-pt-fix-overlap-calculation-for-padding.patch @@ -0,0 +1,90 @@ +From 5a99d99e3310a565b0cf63f785b347be9ee0da45 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Wed, 6 Feb 2019 12:39:44 +0200 +Subject: perf intel-pt: Fix overlap calculation for padding + +From: Adrian Hunter + +commit 5a99d99e3310a565b0cf63f785b347be9ee0da45 upstream. + +Auxtrace records might have up to 7 bytes of padding appended. Adjust +the overlap accordingly. + +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/20190206103947.15750-3-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 36 ++++++++++++++++++-- + 1 file changed, 34 insertions(+), 2 deletions(-) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -26,6 +26,7 @@ + + #include "../cache.h" + #include "../util.h" ++#include "../auxtrace.h" + + #include "intel-pt-insn-decoder.h" + #include "intel-pt-pkt-decoder.h" +@@ -2320,6 +2321,34 @@ static int intel_pt_tsc_cmp(uint64_t tsc + } + } + ++#define MAX_PADDING (PERF_AUXTRACE_RECORD_ALIGNMENT - 1) ++ ++/** ++ * adj_for_padding - adjust overlap to account for padding. ++ * @buf_b: second buffer ++ * @buf_a: first buffer ++ * @len_a: size of first buffer ++ * ++ * @buf_a might have up to 7 bytes of padding appended. Adjust the overlap ++ * accordingly. ++ * ++ * Return: A pointer into @buf_b from where non-overlapped data starts ++ */ ++static unsigned char *adj_for_padding(unsigned char *buf_b, ++ unsigned char *buf_a, size_t len_a) ++{ ++ unsigned char *p = buf_b - MAX_PADDING; ++ unsigned char *q = buf_a + len_a - MAX_PADDING; ++ int i; ++ ++ for (i = MAX_PADDING; i; i--, p++, q++) { ++ if (*p != *q) ++ break; ++ } ++ ++ return p; ++} ++ + /** + * intel_pt_find_overlap_tsc - determine start of non-overlapped trace data + * using TSC. +@@ -2370,8 +2399,11 @@ static unsigned char *intel_pt_find_over + + /* Same TSC, so buffers are consecutive */ + if (!cmp && rem_b >= rem_a) { ++ unsigned char *start; ++ + *consecutive = true; +- return buf_b + len_b - (rem_b - rem_a); ++ start = buf_b + len_b - (rem_b - rem_a); ++ return adj_for_padding(start, buf_a, len_a); + } + if (cmp < 0) + return buf_b; /* tsc_a < tsc_b => no overlap */ +@@ -2434,7 +2466,7 @@ unsigned char *intel_pt_find_overlap(uns + found = memmem(buf_a, len_a, buf_b, len_a); + if (found) { + *consecutive = true; +- return buf_b + len_a; ++ return adj_for_padding(buf_b + len_a, buf_a, len_a); + } + + /* Try again at next PSB in buffer 'a' */ diff --git a/queue-4.4/pm-wakeup-rework-wakeup-source-timer-cancellation.patch b/queue-4.4/pm-wakeup-rework-wakeup-source-timer-cancellation.patch new file mode 100644 index 00000000000..c4632bbf202 --- /dev/null +++ b/queue-4.4/pm-wakeup-rework-wakeup-source-timer-cancellation.patch @@ -0,0 +1,55 @@ +From 1fad17fb1bbcd73159c2b992668a6957ecc5af8a Mon Sep 17 00:00:00 2001 +From: Viresh Kumar +Date: Fri, 8 Mar 2019 15:23:11 +0530 +Subject: PM / wakeup: Rework wakeup source timer cancellation + +From: Viresh Kumar + +commit 1fad17fb1bbcd73159c2b992668a6957ecc5af8a upstream. + +If wakeup_source_add() is called right after wakeup_source_remove() +for the same wakeup source, timer_setup() may be called for a +potentially scheduled timer which is incorrect. + +To avoid that, move the wakeup source timer cancellation from +wakeup_source_drop() to wakeup_source_remove(). + +Moreover, make wakeup_source_remove() clear the timer function after +canceling the timer to let wakeup_source_not_registered() treat +unregistered wakeup sources in the same way as the ones that have +never been registered. + +Signed-off-by: Viresh Kumar +Cc: 4.4+ # 4.4+ +[ rjw: Subject, changelog, merged two patches together ] +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/power/wakeup.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/drivers/base/power/wakeup.c ++++ b/drivers/base/power/wakeup.c +@@ -113,7 +113,6 @@ void wakeup_source_drop(struct wakeup_so + if (!ws) + return; + +- del_timer_sync(&ws->timer); + __pm_relax(ws); + } + EXPORT_SYMBOL_GPL(wakeup_source_drop); +@@ -201,6 +200,13 @@ void wakeup_source_remove(struct wakeup_ + list_del_rcu(&ws->entry); + spin_unlock_irqrestore(&events_lock, flags); + synchronize_srcu(&wakeup_srcu); ++ ++ del_timer_sync(&ws->timer); ++ /* ++ * Clear timer.function to make wakeup_source_not_registered() treat ++ * this wakeup source as not registered. ++ */ ++ ws->timer.function = NULL; + } + EXPORT_SYMBOL_GPL(wakeup_source_remove); + diff --git a/queue-4.4/series b/queue-4.4/series index 66ab8615623..c047d523480 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -212,3 +212,13 @@ powerpc-powernv-make-opal-log-only-readable-by-root.patch powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch dm-fix-to_sector-for-32bit.patch +nfs41-pop-some-layoutget-errors-to-application.patch +perf-intel-pt-fix-cyc-timestamp-calculation-after-ovf.patch +perf-auxtrace-define-auxtrace-record-alignment.patch +perf-intel-pt-fix-overlap-calculation-for-padding.patch +md-fix-failed-allocation-of-md_register_thread.patch +nfs-fix-an-i-o-request-leakage-in-nfs_do_recoalesce.patch +nfs-don-t-recoalesce-on-error-in-nfs_pageio_complete_mirror.patch +nfsd-fix-memory-corruption-caused-by-readdir.patch +nfsd-fix-wrong-check-in-write_v4_end_grace.patch +pm-wakeup-rework-wakeup-source-timer-cancellation.patch