From: Greg Kroah-Hartman Date: Mon, 13 Aug 2018 06:46:24 +0000 (+0200) Subject: 4.17-stable patches X-Git-Tag: v4.18.1~36 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=99e60bf45372c3861e8325f11a7d013cc29d1cb2;p=thirdparty%2Fkernel%2Fstable-queue.git 4.17-stable patches added patches: init-rename-and-re-order-boot_cpu_state_init.patch scsi-qla2xxx-fix-memory-leak-for-allocating-abort-iocb.patch scsi-sr-avoid-that-opening-a-cd-rom-hangs-with-runtime-power-management-enabled.patch --- diff --git a/queue-4.17/init-rename-and-re-order-boot_cpu_state_init.patch b/queue-4.17/init-rename-and-re-order-boot_cpu_state_init.patch new file mode 100644 index 00000000000..43bc7d830cb --- /dev/null +++ b/queue-4.17/init-rename-and-re-order-boot_cpu_state_init.patch @@ -0,0 +1,92 @@ +From b5b1404d0815894de0690de8a1ab58269e56eae6 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Sun, 12 Aug 2018 12:19:42 -0700 +Subject: init: rename and re-order boot_cpu_state_init() + +From: Linus Torvalds + +commit b5b1404d0815894de0690de8a1ab58269e56eae6 upstream. + +This is purely a preparatory patch for upcoming changes during the 4.19 +merge window. + +We have a function called "boot_cpu_state_init()" that isn't really +about the bootup cpu state: that is done much earlier by the similarly +named "boot_cpu_init()" (note lack of "state" in name). + +This function initializes some hotplug CPU state, and needs to run after +the percpu data has been properly initialized. It even has a comment to +that effect. + +Except it _doesn't_ actually run after the percpu data has been properly +initialized. On x86 it happens to do that, but on at least arm and +arm64, the percpu base pointers are initialized by the arch-specific +'smp_prepare_boot_cpu()' hook, which ran _after_ boot_cpu_state_init(). + +This had some unexpected results, and in particular we have a patch +pending for the merge window that did the obvious cleanup of using +'this_cpu_write()' in the cpu hotplug init code: + + - per_cpu_ptr(&cpuhp_state, smp_processor_id())->state = CPUHP_ONLINE; + + this_cpu_write(cpuhp_state.state, CPUHP_ONLINE); + +which is obviously the right thing to do. Except because of the +ordering issue, it actually failed miserably and unexpectedly on arm64. + +So this just fixes the ordering, and changes the name of the function to +be 'boot_cpu_hotplug_init()' to make it obvious that it's about cpu +hotplug state, because the core CPU state was supposed to have already +been done earlier. + +Marked for stable, since the (not yet merged) patch that will show this +problem is marked for stable. + +Reported-by: Vlastimil Babka +Reported-by: Mian Yousaf Kaukab +Suggested-by: Catalin Marinas +Acked-by: Thomas Gleixner +Cc: Will Deacon +Cc: stable@kernel.org +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/cpu.h | 2 +- + init/main.c | 2 +- + kernel/cpu.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +--- a/include/linux/cpu.h ++++ b/include/linux/cpu.h +@@ -30,7 +30,7 @@ struct cpu { + }; + + extern void boot_cpu_init(void); +-extern void boot_cpu_state_init(void); ++extern void boot_cpu_hotplug_init(void); + extern void cpu_init(void); + extern void trap_init(void); + +--- a/init/main.c ++++ b/init/main.c +@@ -561,8 +561,8 @@ asmlinkage __visible void __init start_k + setup_command_line(command_line); + setup_nr_cpu_ids(); + setup_per_cpu_areas(); +- boot_cpu_state_init(); + smp_prepare_boot_cpu(); /* arch-specific boot-cpu hooks */ ++ boot_cpu_hotplug_init(); + + build_all_zonelists(NULL); + page_alloc_init(); +--- a/kernel/cpu.c ++++ b/kernel/cpu.c +@@ -2010,7 +2010,7 @@ void __init boot_cpu_init(void) + /* + * Must be called _AFTER_ setting up the per_cpu areas + */ +-void __init boot_cpu_state_init(void) ++void __init boot_cpu_hotplug_init(void) + { + per_cpu_ptr(&cpuhp_state, smp_processor_id())->state = CPUHP_ONLINE; + } diff --git a/queue-4.17/scsi-qla2xxx-fix-memory-leak-for-allocating-abort-iocb.patch b/queue-4.17/scsi-qla2xxx-fix-memory-leak-for-allocating-abort-iocb.patch new file mode 100644 index 00000000000..033e537f5eb --- /dev/null +++ b/queue-4.17/scsi-qla2xxx-fix-memory-leak-for-allocating-abort-iocb.patch @@ -0,0 +1,101 @@ +From 5e53be8e476a3397ed5383c23376f299555a2b43 Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Thu, 26 Jul 2018 16:34:44 -0700 +Subject: scsi: qla2xxx: Fix memory leak for allocating abort IOCB + +From: Quinn Tran + +commit 5e53be8e476a3397ed5383c23376f299555a2b43 upstream. + +In the case of IOCB QFull, Initiator code can leave behind a stale pointer +to an SRB structure on the outstanding command array. + +Fixes: 82de802ad46e ("scsi: qla2xxx: Preparation for Target MQ.") +Cc: stable@vger.kernel.org #v4.16+ +Signed-off-by: Quinn Tran +Signed-off-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/qla2xxx/qla_iocb.c | 53 ++++++++++++++++++++-------------------- + 1 file changed, 27 insertions(+), 26 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -2130,34 +2130,11 @@ __qla2x00_alloc_iocbs(struct qla_qpair * + req_cnt = 1; + handle = 0; + +- if (!sp) +- goto skip_cmd_array; +- +- /* Check for room in outstanding command list. */ +- handle = req->current_outstanding_cmd; +- for (index = 1; index < req->num_outstanding_cmds; index++) { +- handle++; +- if (handle == req->num_outstanding_cmds) +- handle = 1; +- if (!req->outstanding_cmds[handle]) +- break; +- } +- if (index == req->num_outstanding_cmds) { +- ql_log(ql_log_warn, vha, 0x700b, +- "No room on outstanding cmd array.\n"); +- goto queuing_error; +- } +- +- /* Prep command array. */ +- req->current_outstanding_cmd = handle; +- req->outstanding_cmds[handle] = sp; +- sp->handle = handle; +- +- /* Adjust entry-counts as needed. */ +- if (sp->type != SRB_SCSI_CMD) ++ if (sp && (sp->type != SRB_SCSI_CMD)) { ++ /* Adjust entry-counts as needed. */ + req_cnt = sp->iocbs; ++ } + +-skip_cmd_array: + /* Check for room on request queue. */ + if (req->cnt < req_cnt + 2) { + if (qpair->use_shadow_reg) +@@ -2183,6 +2160,28 @@ skip_cmd_array: + if (req->cnt < req_cnt + 2) + goto queuing_error; + ++ if (sp) { ++ /* Check for room in outstanding command list. */ ++ handle = req->current_outstanding_cmd; ++ for (index = 1; index < req->num_outstanding_cmds; index++) { ++ handle++; ++ if (handle == req->num_outstanding_cmds) ++ handle = 1; ++ if (!req->outstanding_cmds[handle]) ++ break; ++ } ++ if (index == req->num_outstanding_cmds) { ++ ql_log(ql_log_warn, vha, 0x700b, ++ "No room on outstanding cmd array.\n"); ++ goto queuing_error; ++ } ++ ++ /* Prep command array. */ ++ req->current_outstanding_cmd = handle; ++ req->outstanding_cmds[handle] = sp; ++ sp->handle = handle; ++ } ++ + /* Prep packet */ + req->cnt -= req_cnt; + pkt = req->ring_ptr; +@@ -2195,6 +2194,8 @@ skip_cmd_array: + pkt->handle = handle; + } + ++ return pkt; ++ + queuing_error: + qpair->tgt_counters.num_alloc_iocb_failed++; + return pkt; diff --git a/queue-4.17/scsi-sr-avoid-that-opening-a-cd-rom-hangs-with-runtime-power-management-enabled.patch b/queue-4.17/scsi-sr-avoid-that-opening-a-cd-rom-hangs-with-runtime-power-management-enabled.patch new file mode 100644 index 00000000000..fec8bfa0f9e --- /dev/null +++ b/queue-4.17/scsi-sr-avoid-that-opening-a-cd-rom-hangs-with-runtime-power-management-enabled.patch @@ -0,0 +1,118 @@ +From 1214fd7b497400d200e3f4e64e2338b303a20949 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Thu, 2 Aug 2018 10:44:42 -0700 +Subject: scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled + +From: Bart Van Assche + +commit 1214fd7b497400d200e3f4e64e2338b303a20949 upstream. + +Surround scsi_execute() calls with scsi_autopm_get_device() and +scsi_autopm_put_device(). Note: removing sr_mutex protection from the +scsi_cd_get() and scsi_cd_put() calls is safe because the purpose of +sr_mutex is to serialize cdrom_*() calls. + +This patch avoids that complaints similar to the following appear in the +kernel log if runtime power management is enabled: + +INFO: task systemd-udevd:650 blocked for more than 120 seconds. + Not tainted 4.18.0-rc7-dbg+ #1 +"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. +systemd-udevd D28176 650 513 0x00000104 +Call Trace: +__schedule+0x444/0xfe0 +schedule+0x4e/0xe0 +schedule_preempt_disabled+0x18/0x30 +__mutex_lock+0x41c/0xc70 +mutex_lock_nested+0x1b/0x20 +__blkdev_get+0x106/0x970 +blkdev_get+0x22c/0x5a0 +blkdev_open+0xe9/0x100 +do_dentry_open.isra.19+0x33e/0x570 +vfs_open+0x7c/0xd0 +path_openat+0x6e3/0x1120 +do_filp_open+0x11c/0x1c0 +do_sys_open+0x208/0x2d0 +__x64_sys_openat+0x59/0x70 +do_syscall_64+0x77/0x230 +entry_SYSCALL_64_after_hwframe+0x49/0xbe + +Signed-off-by: Bart Van Assche +Cc: Maurizio Lombardi +Cc: Johannes Thumshirn +Cc: Alan Stern +Cc: +Tested-by: Johannes Thumshirn +Reviewed-by: Johannes Thumshirn +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/sr.c | 29 +++++++++++++++++++++-------- + 1 file changed, 21 insertions(+), 8 deletions(-) + +--- a/drivers/scsi/sr.c ++++ b/drivers/scsi/sr.c +@@ -523,18 +523,26 @@ static int sr_init_command(struct scsi_c + static int sr_block_open(struct block_device *bdev, fmode_t mode) + { + struct scsi_cd *cd; ++ struct scsi_device *sdev; + int ret = -ENXIO; + ++ cd = scsi_cd_get(bdev->bd_disk); ++ if (!cd) ++ goto out; ++ ++ sdev = cd->device; ++ scsi_autopm_get_device(sdev); + check_disk_change(bdev); + + mutex_lock(&sr_mutex); +- cd = scsi_cd_get(bdev->bd_disk); +- if (cd) { +- ret = cdrom_open(&cd->cdi, bdev, mode); +- if (ret) +- scsi_cd_put(cd); +- } ++ ret = cdrom_open(&cd->cdi, bdev, mode); + mutex_unlock(&sr_mutex); ++ ++ scsi_autopm_put_device(sdev); ++ if (ret) ++ scsi_cd_put(cd); ++ ++out: + return ret; + } + +@@ -562,6 +570,8 @@ static int sr_block_ioctl(struct block_d + if (ret) + goto out; + ++ scsi_autopm_get_device(sdev); ++ + /* + * Send SCSI addressing ioctls directly to mid level, send other + * ioctls to cdrom/block level. +@@ -570,15 +580,18 @@ static int sr_block_ioctl(struct block_d + case SCSI_IOCTL_GET_IDLUN: + case SCSI_IOCTL_GET_BUS_NUMBER: + ret = scsi_ioctl(sdev, cmd, argp); +- goto out; ++ goto put; + } + + ret = cdrom_ioctl(&cd->cdi, bdev, mode, cmd, arg); + if (ret != -ENOSYS) +- goto out; ++ goto put; + + ret = scsi_ioctl(sdev, cmd, argp); + ++put: ++ scsi_autopm_put_device(sdev); ++ + out: + mutex_unlock(&sr_mutex); + return ret; diff --git a/queue-4.17/series b/queue-4.17/series index 1910e3fb382..3596bd00e9e 100644 --- a/queue-4.17/series +++ b/queue-4.17/series @@ -7,3 +7,6 @@ zram-remove-bd_cap_synchronous_io-with-writeback-feature.patch xen-netfront-don-t-cache-skb_shinfo.patch bpf-sockmap-fix-leak-in-bpf_tcp_sendmsg-wait-for-mem-path.patch bpf-sockmap-fix-bpf_tcp_sendmsg-sock-error-handling.patch +scsi-sr-avoid-that-opening-a-cd-rom-hangs-with-runtime-power-management-enabled.patch +scsi-qla2xxx-fix-memory-leak-for-allocating-abort-iocb.patch +init-rename-and-re-order-boot_cpu_state_init.patch