From: Greg Kroah-Hartman Date: Tue, 7 Jan 2020 14:27:03 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v4.14.163~22 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ac420fa4ad8d3069602e73b21ec87d98b494480c;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: acpi-sysfs-change-acpi_maskable_gpe_max-to-0x100.patch arm64-dts-qcom-msm8998-clamshell-remove-retention-idle-state.patch cifs-fix-potential-softlockups-while-refreshing-dfs-cache.patch dma-direct-don-t-check-swiotlb-force-in-dma_direct_map_resource.patch dma-direct-exclude-dma_direct_map_resource-from-the-min_low_pfn-check.patch drm-msm-include-linux-sched-task.h.patch firmware-arm_scmi-avoid-double-free-in-error-flow.patch hid-i2c-hid-reset-alps-touchpads-on-resume.patch iommu-vt-d-remove-incorrect-psi-capability-check.patch kernel-module.c-wakeup-processes-in-module_wq-on-module-unload.patch net-sched-annotate-lockless-accesses-to-qdisc-empty.patch net-sysctl-fix-compiler-warning-when-only-cbpf-is-present.patch netfilter-nf_queue-enqueue-skbs-with-null-dst.patch nfsd4-fix-up-replay_matches_cache.patch of-overlay-add_changeset_property-memory-leak.patch perf-callchain-fix-segfault-in-thread__resolve_callchain_sample.patch platform-x86-pmc_atom-add-siemens-connect-x300-to-critclk_systems-dmi-table.patch pm-devfreq-check-null-governor-in-available_governors_show.patch powerpc-chunk-calls-to-flush_dcache_range-in-arch_-_memory.patch sunrpc-fix-crash-when-cache_head-become-valid-before-update.patch xfs-don-t-check-for-ag-deadlock-for-realtime-files-in-bunmapi.patch --- diff --git a/queue-5.4/acpi-sysfs-change-acpi_maskable_gpe_max-to-0x100.patch b/queue-5.4/acpi-sysfs-change-acpi_maskable_gpe_max-to-0x100.patch new file mode 100644 index 00000000000..4a08c50fb1a --- /dev/null +++ b/queue-5.4/acpi-sysfs-change-acpi_maskable_gpe_max-to-0x100.patch @@ -0,0 +1,72 @@ +From a7583e72a5f22470d3e6fd3b6ba912892242339f Mon Sep 17 00:00:00 2001 +From: Yunfeng Ye +Date: Thu, 14 Nov 2019 15:16:24 +0800 +Subject: ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 + +From: Yunfeng Ye + +commit a7583e72a5f22470d3e6fd3b6ba912892242339f upstream. + +The commit 0f27cff8597d ("ACPI: sysfs: Make ACPI GPE mask kernel +parameter cover all GPEs") says: + "Use a bitmap of size 0xFF instead of a u64 for the GPE mask so 256 + GPEs can be masked" + +But the masking of GPE 0xFF it not supported and the check condition +"gpe > ACPI_MASKABLE_GPE_MAX" is not valid because the type of gpe is +u8. + +So modify the macro ACPI_MASKABLE_GPE_MAX to 0x100, and drop the "gpe > +ACPI_MASKABLE_GPE_MAX" check. In addition, update the docs "Format" for +acpi_mask_gpe parameter. + +Fixes: 0f27cff8597d ("ACPI: sysfs: Make ACPI GPE mask kernel parameter cover all GPEs") +Signed-off-by: Yunfeng Ye +[ rjw: Use u16 as gpe data type in acpi_gpe_apply_masked_gpes() ] +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/admin-guide/kernel-parameters.txt | 2 +- + drivers/acpi/sysfs.c | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -113,7 +113,7 @@ + the GPE dispatcher. + This facility can be used to prevent such uncontrolled + GPE floodings. +- Format: ++ Format: + + acpi_no_auto_serialize [HW,ACPI] + Disable auto-serialization of AML methods +--- a/drivers/acpi/sysfs.c ++++ b/drivers/acpi/sysfs.c +@@ -819,14 +819,14 @@ end: + * interface: + * echo unmask > /sys/firmware/acpi/interrupts/gpe00 + */ +-#define ACPI_MASKABLE_GPE_MAX 0xFF ++#define ACPI_MASKABLE_GPE_MAX 0x100 + static DECLARE_BITMAP(acpi_masked_gpes_map, ACPI_MASKABLE_GPE_MAX) __initdata; + + static int __init acpi_gpe_set_masked_gpes(char *val) + { + u8 gpe; + +- if (kstrtou8(val, 0, &gpe) || gpe > ACPI_MASKABLE_GPE_MAX) ++ if (kstrtou8(val, 0, &gpe)) + return -EINVAL; + set_bit(gpe, acpi_masked_gpes_map); + +@@ -838,7 +838,7 @@ void __init acpi_gpe_apply_masked_gpes(v + { + acpi_handle handle; + acpi_status status; +- u8 gpe; ++ u16 gpe; + + for_each_set_bit(gpe, acpi_masked_gpes_map, ACPI_MASKABLE_GPE_MAX) { + status = acpi_get_gpe_device(gpe, &handle); diff --git a/queue-5.4/arm64-dts-qcom-msm8998-clamshell-remove-retention-idle-state.patch b/queue-5.4/arm64-dts-qcom-msm8998-clamshell-remove-retention-idle-state.patch new file mode 100644 index 00000000000..2ec655b9ea2 --- /dev/null +++ b/queue-5.4/arm64-dts-qcom-msm8998-clamshell-remove-retention-idle-state.patch @@ -0,0 +1,71 @@ +From b40dd23f9a8987c8336df0a00e33f52b1f3f19ad Mon Sep 17 00:00:00 2001 +From: Jeffrey Hugo +Date: Wed, 2 Oct 2019 12:07:56 -0700 +Subject: arm64: dts: qcom: msm8998-clamshell: Remove retention idle state + +From: Jeffrey Hugo + +commit b40dd23f9a8987c8336df0a00e33f52b1f3f19ad upstream. + +The retention idle state does not appear to be supported by the firmware +present on the msm8998 laptops since the state is advertised as disabled +in ACPI, and attempting to enable the state in DT is observed to result +in boot hangs. Therefore, remove the state from use to address the +observed issues. + +Reviewed-by: Amit Kucheria +Fixes: 2c6d2d3a580a (arm64: dts: qcom: Add Lenovo Miix 630) +Signed-off-by: Jeffrey Hugo +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/boot/dts/qcom/msm8998-clamshell.dtsi | 37 ++++++++++++++++++++++++ + 1 file changed, 37 insertions(+) + +--- a/arch/arm64/boot/dts/qcom/msm8998-clamshell.dtsi ++++ b/arch/arm64/boot/dts/qcom/msm8998-clamshell.dtsi +@@ -23,6 +23,43 @@ + }; + }; + ++/* ++ * The laptop FW does not appear to support the retention state as it is ++ * not advertised as enabled in ACPI, and enabling it in DT can cause boot ++ * hangs. ++ */ ++&CPU0 { ++ cpu-idle-states = <&LITTLE_CPU_SLEEP_1>; ++}; ++ ++&CPU1 { ++ cpu-idle-states = <&LITTLE_CPU_SLEEP_1>; ++}; ++ ++&CPU2 { ++ cpu-idle-states = <&LITTLE_CPU_SLEEP_1>; ++}; ++ ++&CPU3 { ++ cpu-idle-states = <&LITTLE_CPU_SLEEP_1>; ++}; ++ ++&CPU4 { ++ cpu-idle-states = <&BIG_CPU_SLEEP_1>; ++}; ++ ++&CPU5 { ++ cpu-idle-states = <&BIG_CPU_SLEEP_1>; ++}; ++ ++&CPU6 { ++ cpu-idle-states = <&BIG_CPU_SLEEP_1>; ++}; ++ ++&CPU7 { ++ cpu-idle-states = <&BIG_CPU_SLEEP_1>; ++}; ++ + &qusb2phy { + status = "okay"; + diff --git a/queue-5.4/cifs-fix-potential-softlockups-while-refreshing-dfs-cache.patch b/queue-5.4/cifs-fix-potential-softlockups-while-refreshing-dfs-cache.patch new file mode 100644 index 00000000000..4020d97df82 --- /dev/null +++ b/queue-5.4/cifs-fix-potential-softlockups-while-refreshing-dfs-cache.patch @@ -0,0 +1,102 @@ +From 84a1f5b1cc6fd7f6cd99fc5630c36f631b19fa60 Mon Sep 17 00:00:00 2001 +From: "Paulo Alcantara (SUSE)" +Date: Fri, 22 Nov 2019 12:30:53 -0300 +Subject: cifs: Fix potential softlockups while refreshing DFS cache + +From: Paulo Alcantara (SUSE) + +commit 84a1f5b1cc6fd7f6cd99fc5630c36f631b19fa60 upstream. + +We used to skip reconnects on all SMB2_IOCTL commands due to SMB3+ +FSCTL_VALIDATE_NEGOTIATE_INFO - which made sense since we're still +establishing a SMB session. + +However, when refresh_cache_worker() calls smb2_get_dfs_refer() and +we're under reconnect, SMB2_ioctl() will not be able to get a proper +status error (e.g. -EHOSTDOWN in case we failed to reconnect) but an +-EAGAIN from cifs_send_recv() thus looping forever in +refresh_cache_worker(). + +Fixes: e99c63e4d86d ("SMB3: Fix deadlock in validate negotiate hits reconnect") +Signed-off-by: Paulo Alcantara (SUSE) +Suggested-by: Aurelien Aptel +Reviewed-by: Aurelien Aptel +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2pdu.c | 41 +++++++++++++++++++++++++++++------------ + 1 file changed, 29 insertions(+), 12 deletions(-) + +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -252,7 +252,7 @@ smb2_reconnect(__le16 smb2_command, stru + if (tcon == NULL) + return 0; + +- if (smb2_command == SMB2_TREE_CONNECT || smb2_command == SMB2_IOCTL) ++ if (smb2_command == SMB2_TREE_CONNECT) + return 0; + + if (tcon->tidStatus == CifsExiting) { +@@ -426,16 +426,9 @@ fill_small_buf(__le16 smb2_command, stru + * SMB information in the SMB header. If the return code is zero, this + * function must have filled in request_buf pointer. + */ +-static int +-smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, +- void **request_buf, unsigned int *total_len) ++static int __smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, ++ void **request_buf, unsigned int *total_len) + { +- int rc; +- +- rc = smb2_reconnect(smb2_command, tcon); +- if (rc) +- return rc; +- + /* BB eventually switch this to SMB2 specific small buf size */ + if (smb2_command == SMB2_SET_INFO) + *request_buf = cifs_buf_get(); +@@ -456,7 +449,31 @@ smb2_plain_req_init(__le16 smb2_command, + cifs_stats_inc(&tcon->num_smbs_sent); + } + +- return rc; ++ return 0; ++} ++ ++static int smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, ++ void **request_buf, unsigned int *total_len) ++{ ++ int rc; ++ ++ rc = smb2_reconnect(smb2_command, tcon); ++ if (rc) ++ return rc; ++ ++ return __smb2_plain_req_init(smb2_command, tcon, request_buf, ++ total_len); ++} ++ ++static int smb2_ioctl_req_init(u32 opcode, struct cifs_tcon *tcon, ++ void **request_buf, unsigned int *total_len) ++{ ++ /* Skip reconnect only for FSCTL_VALIDATE_NEGOTIATE_INFO IOCTLs */ ++ if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) { ++ return __smb2_plain_req_init(SMB2_IOCTL, tcon, request_buf, ++ total_len); ++ } ++ return smb2_plain_req_init(SMB2_IOCTL, tcon, request_buf, total_len); + } + + /* For explanation of negotiate contexts see MS-SMB2 section 2.2.3.1 */ +@@ -2661,7 +2678,7 @@ SMB2_ioctl_init(struct cifs_tcon *tcon, + int rc; + char *in_data_buf; + +- rc = smb2_plain_req_init(SMB2_IOCTL, tcon, (void **) &req, &total_len); ++ rc = smb2_ioctl_req_init(opcode, tcon, (void **) &req, &total_len); + if (rc) + return rc; + diff --git a/queue-5.4/dma-direct-don-t-check-swiotlb-force-in-dma_direct_map_resource.patch b/queue-5.4/dma-direct-don-t-check-swiotlb-force-in-dma_direct_map_resource.patch new file mode 100644 index 00000000000..de66d539464 --- /dev/null +++ b/queue-5.4/dma-direct-don-t-check-swiotlb-force-in-dma_direct_map_resource.patch @@ -0,0 +1,34 @@ +From 4268ac6ae5870af10a7417b22990d615f72f77e2 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Tue, 19 Nov 2019 17:35:36 +0100 +Subject: dma-direct: don't check swiotlb=force in dma_direct_map_resource + +From: Christoph Hellwig + +commit 4268ac6ae5870af10a7417b22990d615f72f77e2 upstream. + +When mapping resources we can't just use swiotlb ram for bounce +buffering. Switch to a direct dma_capable check instead. + +Fixes: cfced786969c ("dma-mapping: remove the default map_resource implementation") +Reported-by: Robin Murphy +Signed-off-by: Christoph Hellwig +Acked-by: Marek Szyprowski +Tested-by: Marek Szyprowski +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/dma/direct.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/dma/direct.c ++++ b/kernel/dma/direct.c +@@ -375,7 +375,7 @@ dma_addr_t dma_direct_map_resource(struc + { + dma_addr_t dma_addr = paddr; + +- if (unlikely(!dma_direct_possible(dev, dma_addr, size))) { ++ if (unlikely(!dma_capable(dev, dma_addr, size))) { + report_addr(dev, dma_addr, size); + return DMA_MAPPING_ERROR; + } diff --git a/queue-5.4/dma-direct-exclude-dma_direct_map_resource-from-the-min_low_pfn-check.patch b/queue-5.4/dma-direct-exclude-dma_direct_map_resource-from-the-min_low_pfn-check.patch new file mode 100644 index 00000000000..c3e1a3dace7 --- /dev/null +++ b/queue-5.4/dma-direct-exclude-dma_direct_map_resource-from-the-min_low_pfn-check.patch @@ -0,0 +1,118 @@ +From 68a33b1794665ba8a1d1ef1d3bfcc7c587d380a6 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Tue, 19 Nov 2019 17:38:58 +0100 +Subject: dma-direct: exclude dma_direct_map_resource from the min_low_pfn check + +From: Christoph Hellwig + +commit 68a33b1794665ba8a1d1ef1d3bfcc7c587d380a6 upstream. + +The valid memory address check in dma_capable only makes sense when mapping +normal memory, not when using dma_map_resource to map a device resource. +Add a new boolean argument to dma_capable to exclude that check for the +dma_map_resource case. + +Fixes: b12d66278dd6 ("dma-direct: check for overflows on 32 bit DMA addresses") +Reported-by: Marek Szyprowski +Signed-off-by: Christoph Hellwig +Acked-by: Marek Szyprowski +Tested-by: Marek Szyprowski +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/amd_gart_64.c | 4 ++-- + drivers/xen/swiotlb-xen.c | 4 ++-- + include/linux/dma-direct.h | 5 +++-- + kernel/dma/direct.c | 4 ++-- + kernel/dma/swiotlb.c | 2 +- + 5 files changed, 10 insertions(+), 9 deletions(-) + +--- a/arch/x86/kernel/amd_gart_64.c ++++ b/arch/x86/kernel/amd_gart_64.c +@@ -185,13 +185,13 @@ static void iommu_full(struct device *de + static inline int + need_iommu(struct device *dev, unsigned long addr, size_t size) + { +- return force_iommu || !dma_capable(dev, addr, size); ++ return force_iommu || !dma_capable(dev, addr, size, true); + } + + static inline int + nonforced_iommu(struct device *dev, unsigned long addr, size_t size) + { +- return !dma_capable(dev, addr, size); ++ return !dma_capable(dev, addr, size, true); + } + + /* Map a single continuous physical area into the IOMMU. +--- a/drivers/xen/swiotlb-xen.c ++++ b/drivers/xen/swiotlb-xen.c +@@ -375,7 +375,7 @@ static dma_addr_t xen_swiotlb_map_page(s + * we can safely return the device addr and not worry about bounce + * buffering it. + */ +- if (dma_capable(dev, dev_addr, size) && ++ if (dma_capable(dev, dev_addr, size, true) && + !range_straddles_page_boundary(phys, size) && + !xen_arch_need_swiotlb(dev, phys, dev_addr) && + swiotlb_force != SWIOTLB_FORCE) +@@ -397,7 +397,7 @@ static dma_addr_t xen_swiotlb_map_page(s + /* + * Ensure that the address returned is DMA'ble + */ +- if (unlikely(!dma_capable(dev, dev_addr, size))) { ++ if (unlikely(!dma_capable(dev, dev_addr, size, true))) { + swiotlb_tbl_unmap_single(dev, map, size, size, dir, + attrs | DMA_ATTR_SKIP_CPU_SYNC); + return DMA_MAPPING_ERROR; +--- a/include/linux/dma-direct.h ++++ b/include/linux/dma-direct.h +@@ -25,14 +25,15 @@ static inline phys_addr_t __dma_to_phys( + return paddr + ((phys_addr_t)dev->dma_pfn_offset << PAGE_SHIFT); + } + +-static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size) ++static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size, ++ bool is_ram) + { + dma_addr_t end = addr + size - 1; + + if (!dev->dma_mask) + return false; + +- if (!IS_ENABLED(CONFIG_ARCH_DMA_ADDR_T_64BIT) && ++ if (is_ram && !IS_ENABLED(CONFIG_ARCH_DMA_ADDR_T_64BIT) && + min(addr, end) < phys_to_dma(dev, PFN_PHYS(min_low_pfn))) + return false; + +--- a/kernel/dma/direct.c ++++ b/kernel/dma/direct.c +@@ -326,7 +326,7 @@ static inline bool dma_direct_possible(s + size_t size) + { + return swiotlb_force != SWIOTLB_FORCE && +- dma_capable(dev, dma_addr, size); ++ dma_capable(dev, dma_addr, size, true); + } + + dma_addr_t dma_direct_map_page(struct device *dev, struct page *page, +@@ -375,7 +375,7 @@ dma_addr_t dma_direct_map_resource(struc + { + dma_addr_t dma_addr = paddr; + +- if (unlikely(!dma_capable(dev, dma_addr, size))) { ++ if (unlikely(!dma_capable(dev, dma_addr, size, false))) { + report_addr(dev, dma_addr, size); + return DMA_MAPPING_ERROR; + } +--- a/kernel/dma/swiotlb.c ++++ b/kernel/dma/swiotlb.c +@@ -678,7 +678,7 @@ bool swiotlb_map(struct device *dev, phy + + /* Ensure that the address returned is DMA'ble */ + *dma_addr = __phys_to_dma(dev, *phys); +- if (unlikely(!dma_capable(dev, *dma_addr, size))) { ++ if (unlikely(!dma_capable(dev, *dma_addr, size, true))) { + swiotlb_tbl_unmap_single(dev, *phys, size, size, dir, + attrs | DMA_ATTR_SKIP_CPU_SYNC); + return false; diff --git a/queue-5.4/drm-msm-include-linux-sched-task.h.patch b/queue-5.4/drm-msm-include-linux-sched-task.h.patch new file mode 100644 index 00000000000..2f31a181960 --- /dev/null +++ b/queue-5.4/drm-msm-include-linux-sched-task.h.patch @@ -0,0 +1,34 @@ +From 70082a52f96a45650dfc3d8cdcd2c42bdac9f6f0 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Wed, 18 Sep 2019 21:57:07 +0200 +Subject: drm/msm: include linux/sched/task.h + +From: Arnd Bergmann + +commit 70082a52f96a45650dfc3d8cdcd2c42bdac9f6f0 upstream. + +Without this header file, compile-testing may run into a missing +declaration: + +drivers/gpu/drm/msm/msm_gpu.c:444:4: error: implicit declaration of function 'put_task_struct' [-Werror,-Wimplicit-function-declaration] + +Fixes: 482f96324a4e ("drm/msm: Fix task dump in gpu recovery") +Signed-off-by: Arnd Bergmann +Reviewed-by: Jordan Crouse +Signed-off-by: Rob Clark +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/msm/msm_gpu.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/gpu/drm/msm/msm_gpu.c ++++ b/drivers/gpu/drm/msm/msm_gpu.c +@@ -16,6 +16,7 @@ + #include + #include + #include ++#include + + /* + * Power Management: diff --git a/queue-5.4/firmware-arm_scmi-avoid-double-free-in-error-flow.patch b/queue-5.4/firmware-arm_scmi-avoid-double-free-in-error-flow.patch new file mode 100644 index 00000000000..2555472b808 --- /dev/null +++ b/queue-5.4/firmware-arm_scmi-avoid-double-free-in-error-flow.patch @@ -0,0 +1,49 @@ +From 8305e90a894f82c278c17e51a28459deee78b263 Mon Sep 17 00:00:00 2001 +From: Wen Yang +Date: Mon, 25 Nov 2019 23:54:09 +0800 +Subject: firmware: arm_scmi: Avoid double free in error flow + +From: Wen Yang + +commit 8305e90a894f82c278c17e51a28459deee78b263 upstream. + +If device_register() fails, both put_device() and kfree() are called, +ending with a double free of the scmi_dev. + +Calling kfree() is needed only when a failure happens between the +allocation of the scmi_dev and its registration, so move it to there +and remove it from the error flow. + +Fixes: 46edb8d1322c ("firmware: arm_scmi: provide the mandatory device release callback") +Signed-off-by: Wen Yang +Signed-off-by: Sudeep Holla +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/firmware/arm_scmi/bus.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/firmware/arm_scmi/bus.c ++++ b/drivers/firmware/arm_scmi/bus.c +@@ -135,8 +135,10 @@ scmi_device_create(struct device_node *n + return NULL; + + id = ida_simple_get(&scmi_bus_id, 1, 0, GFP_KERNEL); +- if (id < 0) +- goto free_mem; ++ if (id < 0) { ++ kfree(scmi_dev); ++ return NULL; ++ } + + scmi_dev->id = id; + scmi_dev->protocol_id = protocol; +@@ -154,8 +156,6 @@ scmi_device_create(struct device_node *n + put_dev: + put_device(&scmi_dev->dev); + ida_simple_remove(&scmi_bus_id, id); +-free_mem: +- kfree(scmi_dev); + return NULL; + } + diff --git a/queue-5.4/hid-i2c-hid-reset-alps-touchpads-on-resume.patch b/queue-5.4/hid-i2c-hid-reset-alps-touchpads-on-resume.patch new file mode 100644 index 00000000000..299edfb2a97 --- /dev/null +++ b/queue-5.4/hid-i2c-hid-reset-alps-touchpads-on-resume.patch @@ -0,0 +1,61 @@ +From fd70466d37bf3fe0118d18c56ddde85b428f86cf Mon Sep 17 00:00:00 2001 +From: Kai-Heng Feng +Date: Thu, 7 Nov 2019 22:28:11 +0800 +Subject: HID: i2c-hid: Reset ALPS touchpads on resume + +From: Kai-Heng Feng + +commit fd70466d37bf3fe0118d18c56ddde85b428f86cf upstream. + +Commit 52cf93e63ee6 ("HID: i2c-hid: Don't reset device upon system +resume") fixes many touchpads and touchscreens, however ALPS touchpads +start to trigger IRQ storm after system resume. + +Since it's total silence from ALPS, let's bring the old behavior back +to ALPS touchpads. + +Fixes: 52cf93e63ee6 ("HID: i2c-hid: Don't reset device upon system resume") +Signed-off-by: Kai-Heng Feng +Signed-off-by: Jiri Kosina +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hid/i2c-hid/i2c-hid-core.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/drivers/hid/i2c-hid/i2c-hid-core.c ++++ b/drivers/hid/i2c-hid/i2c-hid-core.c +@@ -48,6 +48,7 @@ + #define I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV BIT(0) + #define I2C_HID_QUIRK_NO_IRQ_AFTER_RESET BIT(1) + #define I2C_HID_QUIRK_BOGUS_IRQ BIT(4) ++#define I2C_HID_QUIRK_RESET_ON_RESUME BIT(5) + + /* flags */ + #define I2C_HID_STARTED 0 +@@ -174,6 +175,8 @@ static const struct i2c_hid_quirks { + I2C_HID_QUIRK_NO_IRQ_AFTER_RESET }, + { USB_VENDOR_ID_ELAN, HID_ANY_ID, + I2C_HID_QUIRK_BOGUS_IRQ }, ++ { USB_VENDOR_ID_ALPS_JP, HID_ANY_ID, ++ I2C_HID_QUIRK_RESET_ON_RESUME }, + { 0, 0 } + }; + +@@ -1214,8 +1217,15 @@ static int i2c_hid_resume(struct device + * solves "incomplete reports" on Raydium devices 2386:3118 and + * 2386:4B33 and fixes various SIS touchscreens no longer sending + * data after a suspend/resume. ++ * ++ * However some ALPS touchpads generate IRQ storm without reset, so ++ * let's still reset them here. + */ +- ret = i2c_hid_set_power(client, I2C_HID_PWR_ON); ++ if (ihid->quirks & I2C_HID_QUIRK_RESET_ON_RESUME) ++ ret = i2c_hid_hwreset(client); ++ else ++ ret = i2c_hid_set_power(client, I2C_HID_PWR_ON); ++ + if (ret) + return ret; + diff --git a/queue-5.4/iommu-vt-d-remove-incorrect-psi-capability-check.patch b/queue-5.4/iommu-vt-d-remove-incorrect-psi-capability-check.patch new file mode 100644 index 00000000000..91b94c385e8 --- /dev/null +++ b/queue-5.4/iommu-vt-d-remove-incorrect-psi-capability-check.patch @@ -0,0 +1,40 @@ +From f81b846dcd9a1e6d120f73970a9a98b7fcaaffba Mon Sep 17 00:00:00 2001 +From: Lu Baolu +Date: Wed, 20 Nov 2019 14:10:16 +0800 +Subject: iommu/vt-d: Remove incorrect PSI capability check + +From: Lu Baolu + +commit f81b846dcd9a1e6d120f73970a9a98b7fcaaffba upstream. + +The PSI (Page Selective Invalidation) bit in the capability register +is only valid for second-level translation. Intel IOMMU supporting +scalable mode must support page/address selective IOTLB invalidation +for first-level translation. Remove the PSI capability check in SVA +cache invalidation code. + +Fixes: 8744daf4b0699 ("iommu/vt-d: Remove global page flush support") +Cc: Jacob Pan +Signed-off-by: Lu Baolu +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iommu/intel-svm.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/drivers/iommu/intel-svm.c ++++ b/drivers/iommu/intel-svm.c +@@ -104,11 +104,7 @@ static void intel_flush_svm_range_dev (s + { + struct qi_desc desc; + +- /* +- * Do PASID granu IOTLB invalidation if page selective capability is +- * not available. +- */ +- if (pages == -1 || !cap_pgsel_inv(svm->iommu->cap)) { ++ if (pages == -1) { + desc.qw0 = QI_EIOTLB_PASID(svm->pasid) | + QI_EIOTLB_DID(sdev->did) | + QI_EIOTLB_GRAN(QI_GRAN_NONG_PASID) | diff --git a/queue-5.4/kernel-module.c-wakeup-processes-in-module_wq-on-module-unload.patch b/queue-5.4/kernel-module.c-wakeup-processes-in-module_wq-on-module-unload.patch new file mode 100644 index 00000000000..80cfa02131b --- /dev/null +++ b/queue-5.4/kernel-module.c-wakeup-processes-in-module_wq-on-module-unload.patch @@ -0,0 +1,57 @@ +From 5d603311615f612320bb77bd2a82553ef1ced5b7 Mon Sep 17 00:00:00 2001 +From: Konstantin Khorenko +Date: Wed, 13 Nov 2019 12:29:50 +0300 +Subject: kernel/module.c: wakeup processes in module_wq on module unload + +From: Konstantin Khorenko + +commit 5d603311615f612320bb77bd2a82553ef1ced5b7 upstream. + +Fix the race between load and unload a kernel module. + +sys_delete_module() + try_stop_module() + mod->state = _GOING + add_unformed_module() + old = find_module_all() + (old->state == _GOING => + wait_event_interruptible()) + + During pre-condition + finished_loading() rets 0 + schedule() + (never gets waken up later) + free_module() + mod->state = _UNFORMED + list_del_rcu(&mod->list) + (dels mod from "modules" list) + +return + +The race above leads to modprobe hanging forever on loading +a module. + +Error paths on loading module call wake_up_all(&module_wq) after +freeing module, so let's do the same on straight module unload. + +Fixes: 6e6de3dee51a ("kernel/module.c: Only return -EEXIST for modules that have finished loading") +Reviewed-by: Prarit Bhargava +Signed-off-by: Konstantin Khorenko +Signed-off-by: Jessica Yu +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/module.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -1033,6 +1033,8 @@ SYSCALL_DEFINE2(delete_module, const cha + strlcpy(last_unloaded_module, mod->name, sizeof(last_unloaded_module)); + + free_module(mod); ++ /* someone could wait for the module in add_unformed_module() */ ++ wake_up_all(&module_wq); + return 0; + out: + mutex_unlock(&module_mutex); diff --git a/queue-5.4/net-sched-annotate-lockless-accesses-to-qdisc-empty.patch b/queue-5.4/net-sched-annotate-lockless-accesses-to-qdisc-empty.patch new file mode 100644 index 00000000000..5b9538b1cb3 --- /dev/null +++ b/queue-5.4/net-sched-annotate-lockless-accesses-to-qdisc-empty.patch @@ -0,0 +1,136 @@ +From 90b2be27bb0e56483f335cc10fb59ec66882b949 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Fri, 8 Nov 2019 08:45:23 -0800 +Subject: net/sched: annotate lockless accesses to qdisc->empty + +From: Eric Dumazet + +commit 90b2be27bb0e56483f335cc10fb59ec66882b949 upstream. + +KCSAN reported the following race [1] + +BUG: KCSAN: data-race in __dev_queue_xmit / net_tx_action + +read to 0xffff8880ba403508 of 1 bytes by task 21814 on cpu 1: + __dev_xmit_skb net/core/dev.c:3389 [inline] + __dev_queue_xmit+0x9db/0x1b40 net/core/dev.c:3761 + dev_queue_xmit+0x21/0x30 net/core/dev.c:3825 + neigh_hh_output include/net/neighbour.h:500 [inline] + neigh_output include/net/neighbour.h:509 [inline] + ip6_finish_output2+0x873/0xec0 net/ipv6/ip6_output.c:116 + __ip6_finish_output net/ipv6/ip6_output.c:142 [inline] + __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127 + ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152 + NF_HOOK_COND include/linux/netfilter.h:294 [inline] + ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175 + dst_output include/net/dst.h:436 [inline] + ip6_local_out+0x74/0x90 net/ipv6/output_core.c:179 + ip6_send_skb+0x53/0x110 net/ipv6/ip6_output.c:1795 + udp_v6_send_skb.isra.0+0x3ec/0xa70 net/ipv6/udp.c:1173 + udpv6_sendmsg+0x1906/0x1c20 net/ipv6/udp.c:1471 + inet6_sendmsg+0x6d/0x90 net/ipv6/af_inet6.c:576 + sock_sendmsg_nosec net/socket.c:637 [inline] + sock_sendmsg+0x9f/0xc0 net/socket.c:657 + ___sys_sendmsg+0x2b7/0x5d0 net/socket.c:2311 + __sys_sendmmsg+0x123/0x350 net/socket.c:2413 + __do_sys_sendmmsg net/socket.c:2442 [inline] + __se_sys_sendmmsg net/socket.c:2439 [inline] + __x64_sys_sendmmsg+0x64/0x80 net/socket.c:2439 + do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +write to 0xffff8880ba403508 of 1 bytes by interrupt on cpu 0: + qdisc_run_begin include/net/sch_generic.h:160 [inline] + qdisc_run include/net/pkt_sched.h:120 [inline] + net_tx_action+0x2b1/0x6c0 net/core/dev.c:4551 + __do_softirq+0x115/0x33f kernel/softirq.c:292 + do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1082 + do_softirq.part.0+0x6b/0x80 kernel/softirq.c:337 + do_softirq kernel/softirq.c:329 [inline] + __local_bh_enable_ip+0x76/0x80 kernel/softirq.c:189 + local_bh_enable include/linux/bottom_half.h:32 [inline] + rcu_read_unlock_bh include/linux/rcupdate.h:688 [inline] + ip6_finish_output2+0x7bb/0xec0 net/ipv6/ip6_output.c:117 + __ip6_finish_output net/ipv6/ip6_output.c:142 [inline] + __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127 + ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152 + NF_HOOK_COND include/linux/netfilter.h:294 [inline] + ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175 + dst_output include/net/dst.h:436 [inline] + ip6_local_out+0x74/0x90 net/ipv6/output_core.c:179 + ip6_send_skb+0x53/0x110 net/ipv6/ip6_output.c:1795 + udp_v6_send_skb.isra.0+0x3ec/0xa70 net/ipv6/udp.c:1173 + udpv6_sendmsg+0x1906/0x1c20 net/ipv6/udp.c:1471 + inet6_sendmsg+0x6d/0x90 net/ipv6/af_inet6.c:576 + sock_sendmsg_nosec net/socket.c:637 [inline] + sock_sendmsg+0x9f/0xc0 net/socket.c:657 + ___sys_sendmsg+0x2b7/0x5d0 net/socket.c:2311 + __sys_sendmmsg+0x123/0x350 net/socket.c:2413 + __do_sys_sendmmsg net/socket.c:2442 [inline] + __se_sys_sendmmsg net/socket.c:2439 [inline] + __x64_sys_sendmmsg+0x64/0x80 net/socket.c:2439 + do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +Reported by Kernel Concurrency Sanitizer on: +CPU: 0 PID: 21817 Comm: syz-executor.2 Not tainted 5.4.0-rc6+ #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 + +Fixes: d518d2ed8640 ("net/sched: fix race between deactivation and dequeue for NOLOCK qdisc") +Signed-off-by: Eric Dumazet +Reported-by: syzbot +Cc: Paolo Abeni +Cc: Davide Caratti +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + include/net/sch_generic.h | 6 +++--- + net/core/dev.c | 2 +- + net/sched/sch_generic.c | 2 +- + 3 files changed, 5 insertions(+), 5 deletions(-) + +--- a/include/net/sch_generic.h ++++ b/include/net/sch_generic.h +@@ -149,8 +149,8 @@ static inline bool qdisc_is_percpu_stats + static inline bool qdisc_is_empty(const struct Qdisc *qdisc) + { + if (qdisc_is_percpu_stats(qdisc)) +- return qdisc->empty; +- return !qdisc->q.qlen; ++ return READ_ONCE(qdisc->empty); ++ return !READ_ONCE(qdisc->q.qlen); + } + + static inline bool qdisc_run_begin(struct Qdisc *qdisc) +@@ -158,7 +158,7 @@ static inline bool qdisc_run_begin(struc + if (qdisc->flags & TCQ_F_NOLOCK) { + if (!spin_trylock(&qdisc->seqlock)) + return false; +- qdisc->empty = false; ++ WRITE_ONCE(qdisc->empty, false); + } else if (qdisc_is_running(qdisc)) { + return false; + } +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -3386,7 +3386,7 @@ static inline int __dev_xmit_skb(struct + qdisc_calculate_pkt_len(skb, q); + + if (q->flags & TCQ_F_NOLOCK) { +- if ((q->flags & TCQ_F_CAN_BYPASS) && q->empty && ++ if ((q->flags & TCQ_F_CAN_BYPASS) && READ_ONCE(q->empty) && + qdisc_run_begin(q)) { + if (unlikely(test_bit(__QDISC_STATE_DEACTIVATED, + &q->state))) { +--- a/net/sched/sch_generic.c ++++ b/net/sched/sch_generic.c +@@ -657,7 +657,7 @@ static struct sk_buff *pfifo_fast_dequeu + if (likely(skb)) { + qdisc_update_stats_at_dequeue(qdisc, skb); + } else { +- qdisc->empty = true; ++ WRITE_ONCE(qdisc->empty, true); + } + + return skb; diff --git a/queue-5.4/net-sysctl-fix-compiler-warning-when-only-cbpf-is-present.patch b/queue-5.4/net-sysctl-fix-compiler-warning-when-only-cbpf-is-present.patch new file mode 100644 index 00000000000..8a3ebe5fc2e --- /dev/null +++ b/queue-5.4/net-sysctl-fix-compiler-warning-when-only-cbpf-is-present.patch @@ -0,0 +1,65 @@ +From 1148f9adbe71415836a18a36c1b4ece999ab0973 Mon Sep 17 00:00:00 2001 +From: Alexander Lobakin +Date: Wed, 18 Dec 2019 12:18:21 +0300 +Subject: net, sysctl: Fix compiler warning when only cBPF is present +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Alexander Lobakin + +commit 1148f9adbe71415836a18a36c1b4ece999ab0973 upstream. + +proc_dointvec_minmax_bpf_restricted() has been firstly introduced +in commit 2e4a30983b0f ("bpf: restrict access to core bpf sysctls") +under CONFIG_HAVE_EBPF_JIT. Then, this ifdef has been removed in +ede95a63b5e8 ("bpf: add bpf_jit_limit knob to restrict unpriv +allocations"), because a new sysctl, bpf_jit_limit, made use of it. +Finally, this parameter has become long instead of integer with +fdadd04931c2 ("bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K") +and thus, a new proc_dolongvec_minmax_bpf_restricted() has been +added. + +With this last change, we got back to that +proc_dointvec_minmax_bpf_restricted() is used only under +CONFIG_HAVE_EBPF_JIT, but the corresponding ifdef has not been +brought back. + +So, in configurations like CONFIG_BPF_JIT=y && CONFIG_HAVE_EBPF_JIT=n +since v4.20 we have: + + CC net/core/sysctl_net_core.o +net/core/sysctl_net_core.c:292:1: warning: ‘proc_dointvec_minmax_bpf_restricted’ defined but not used [-Wunused-function] + 292 | proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Suppress this by guarding it with CONFIG_HAVE_EBPF_JIT again. + +Fixes: fdadd04931c2 ("bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K") +Signed-off-by: Alexander Lobakin +Signed-off-by: Daniel Borkmann +Link: https://lore.kernel.org/bpf/20191218091821.7080-1-alobakin@dlink.ru +Signed-off-by: Greg Kroah-Hartman + +--- + net/core/sysctl_net_core.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/core/sysctl_net_core.c ++++ b/net/core/sysctl_net_core.c +@@ -288,6 +288,7 @@ static int proc_dointvec_minmax_bpf_enab + return ret; + } + ++# ifdef CONFIG_HAVE_EBPF_JIT + static int + proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, +@@ -298,6 +299,7 @@ proc_dointvec_minmax_bpf_restricted(stru + + return proc_dointvec_minmax(table, write, buffer, lenp, ppos); + } ++# endif /* CONFIG_HAVE_EBPF_JIT */ + + static int + proc_dolongvec_minmax_bpf_restricted(struct ctl_table *table, int write, diff --git a/queue-5.4/netfilter-nf_queue-enqueue-skbs-with-null-dst.patch b/queue-5.4/netfilter-nf_queue-enqueue-skbs-with-null-dst.patch new file mode 100644 index 00000000000..9660f3e3391 --- /dev/null +++ b/queue-5.4/netfilter-nf_queue-enqueue-skbs-with-null-dst.patch @@ -0,0 +1,40 @@ +From 0b9173f4688dfa7c5d723426be1d979c24ce3d51 Mon Sep 17 00:00:00 2001 +From: Marco Oliverio +Date: Mon, 2 Dec 2019 19:54:30 +0100 +Subject: netfilter: nf_queue: enqueue skbs with NULL dst + +From: Marco Oliverio + +commit 0b9173f4688dfa7c5d723426be1d979c24ce3d51 upstream. + +Bridge packets that are forwarded have skb->dst == NULL and get +dropped by the check introduced by +b60a77386b1d4868f72f6353d35dabe5fbe981f2 (net: make skb_dst_force +return true when dst is refcounted). + +To fix this we check skb_dst() before skb_dst_force(), so we don't +drop skb packet with dst == NULL. This holds also for skb at the +PRE_ROUTING hook so we remove the second check. + +Fixes: b60a77386b1d ("net: make skb_dst_force return true when dst is refcounted") +Signed-off-by: Marco Oliverio +Signed-off-by: Rocco Folino +Acked-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nf_queue.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/netfilter/nf_queue.c ++++ b/net/netfilter/nf_queue.c +@@ -189,7 +189,7 @@ static int __nf_queue(struct sk_buff *sk + goto err; + } + +- if (!skb_dst_force(skb) && state->hook != NF_INET_PRE_ROUTING) { ++ if (skb_dst(skb) && !skb_dst_force(skb)) { + status = -ENETDOWN; + goto err; + } diff --git a/queue-5.4/nfsd4-fix-up-replay_matches_cache.patch b/queue-5.4/nfsd4-fix-up-replay_matches_cache.patch new file mode 100644 index 00000000000..d504520e590 --- /dev/null +++ b/queue-5.4/nfsd4-fix-up-replay_matches_cache.patch @@ -0,0 +1,52 @@ +From 6e73e92b155c868ff7fce9d108839668caf1d9be Mon Sep 17 00:00:00 2001 +From: Scott Mayhew +Date: Wed, 9 Oct 2019 15:11:37 -0400 +Subject: nfsd4: fix up replay_matches_cache() + +From: Scott Mayhew + +commit 6e73e92b155c868ff7fce9d108839668caf1d9be upstream. + +When running an nfs stress test, I see quite a few cached replies that +don't match up with the actual request. The first comment in +replay_matches_cache() makes sense, but the code doesn't seem to +match... fix it. + +This isn't exactly a bugfix, as the server isn't required to catch every +case of a false retry. So, we may as well do this, but if this is +fixing a problem then that suggests there's a client bug. + +Fixes: 53da6a53e1d4 ("nfsd4: catch some false session retries") +Signed-off-by: Scott Mayhew +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4state.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -3548,12 +3548,17 @@ static bool replay_matches_cache(struct + (bool)seq->cachethis) + return false; + /* +- * If there's an error than the reply can have fewer ops than +- * the call. But if we cached a reply with *more* ops than the +- * call you're sending us now, then this new call is clearly not +- * really a replay of the old one: ++ * If there's an error then the reply can have fewer ops than ++ * the call. + */ +- if (slot->sl_opcnt < argp->opcnt) ++ if (slot->sl_opcnt < argp->opcnt && !slot->sl_status) ++ return false; ++ /* ++ * But if we cached a reply with *more* ops than the call you're ++ * sending us now, then this new call is clearly not really a ++ * replay of the old one: ++ */ ++ if (slot->sl_opcnt > argp->opcnt) + return false; + /* This is the only check explicitly called by spec: */ + if (!same_creds(&rqstp->rq_cred, &slot->sl_cred)) diff --git a/queue-5.4/of-overlay-add_changeset_property-memory-leak.patch b/queue-5.4/of-overlay-add_changeset_property-memory-leak.patch new file mode 100644 index 00000000000..c7d89a4a6dd --- /dev/null +++ b/queue-5.4/of-overlay-add_changeset_property-memory-leak.patch @@ -0,0 +1,104 @@ +From 637392a8506a3a7dd24ab9094a14f7522adb73b4 Mon Sep 17 00:00:00 2001 +From: Frank Rowand +Date: Thu, 21 Nov 2019 13:16:56 -0600 +Subject: of: overlay: add_changeset_property() memory leak + +From: Frank Rowand + +commit 637392a8506a3a7dd24ab9094a14f7522adb73b4 upstream. + +No changeset entries are created for #address-cells and #size-cells +properties, but the duplicated properties are never freed. This +results in a memory leak which is detected by kmemleak: + + unreferenced object 0x85887180 (size 64): + backtrace: + kmem_cache_alloc_trace+0x1fb/0x1fc + __of_prop_dup+0x25/0x7c + add_changeset_property+0x17f/0x370 + build_changeset_next_level+0x29/0x20c + of_overlay_fdt_apply+0x32b/0x6b4 + ... + +Fixes: 6f75118800ac ("of: overlay: validate overlay properties #address-cells and #size-cells") +Reported-by: Vincent Whitchurch +Signed-off-by: Frank Rowand +Tested-by: Vincent Whitchurch +Signed-off-by: Rob Herring +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/of/overlay.c | 37 ++++++++++++++++++++----------------- + 1 file changed, 20 insertions(+), 17 deletions(-) + +--- a/drivers/of/overlay.c ++++ b/drivers/of/overlay.c +@@ -305,7 +305,6 @@ static int add_changeset_property(struct + { + struct property *new_prop = NULL, *prop; + int ret = 0; +- bool check_for_non_overlay_node = false; + + if (target->in_livetree) + if (!of_prop_cmp(overlay_prop->name, "name") || +@@ -318,6 +317,25 @@ static int add_changeset_property(struct + else + prop = NULL; + ++ if (prop) { ++ if (!of_prop_cmp(prop->name, "#address-cells")) { ++ if (!of_prop_val_eq(prop, overlay_prop)) { ++ pr_err("ERROR: changing value of #address-cells is not allowed in %pOF\n", ++ target->np); ++ ret = -EINVAL; ++ } ++ return ret; ++ ++ } else if (!of_prop_cmp(prop->name, "#size-cells")) { ++ if (!of_prop_val_eq(prop, overlay_prop)) { ++ pr_err("ERROR: changing value of #size-cells is not allowed in %pOF\n", ++ target->np); ++ ret = -EINVAL; ++ } ++ return ret; ++ } ++ } ++ + if (is_symbols_prop) { + if (prop) + return -EINVAL; +@@ -330,33 +348,18 @@ static int add_changeset_property(struct + return -ENOMEM; + + if (!prop) { +- check_for_non_overlay_node = true; + if (!target->in_livetree) { + new_prop->next = target->np->deadprops; + target->np->deadprops = new_prop; + } + ret = of_changeset_add_property(&ovcs->cset, target->np, + new_prop); +- } else if (!of_prop_cmp(prop->name, "#address-cells")) { +- if (!of_prop_val_eq(prop, new_prop)) { +- pr_err("ERROR: changing value of #address-cells is not allowed in %pOF\n", +- target->np); +- ret = -EINVAL; +- } +- } else if (!of_prop_cmp(prop->name, "#size-cells")) { +- if (!of_prop_val_eq(prop, new_prop)) { +- pr_err("ERROR: changing value of #size-cells is not allowed in %pOF\n", +- target->np); +- ret = -EINVAL; +- } + } else { +- check_for_non_overlay_node = true; + ret = of_changeset_update_property(&ovcs->cset, target->np, + new_prop); + } + +- if (check_for_non_overlay_node && +- !of_node_check_flag(target->np, OF_OVERLAY)) ++ if (!of_node_check_flag(target->np, OF_OVERLAY)) + pr_err("WARNING: memory leak will occur if overlay removed, property: %pOF/%s\n", + target->np, new_prop->name); + diff --git a/queue-5.4/perf-callchain-fix-segfault-in-thread__resolve_callchain_sample.patch b/queue-5.4/perf-callchain-fix-segfault-in-thread__resolve_callchain_sample.patch new file mode 100644 index 00000000000..a924a35fe47 --- /dev/null +++ b/queue-5.4/perf-callchain-fix-segfault-in-thread__resolve_callchain_sample.patch @@ -0,0 +1,38 @@ +From aceb98261ea7d9fe38f9c140c5531f0b13623832 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Thu, 14 Nov 2019 16:25:38 +0200 +Subject: perf callchain: Fix segfault in thread__resolve_callchain_sample() + +From: Adrian Hunter + +commit aceb98261ea7d9fe38f9c140c5531f0b13623832 upstream. + +Do not dereference 'chain' when it is NULL. + + $ perf record -e intel_pt//u -e branch-misses:u uname + $ perf report --itrace=l --branch-history + perf: Segmentation fault + +Fixes: e9024d519d89 ("perf callchain: Honour the ordering of PERF_CONTEXT_{USER,KERNEL,etc}") +Signed-off-by: Adrian Hunter +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Link: http://lore.kernel.org/lkml/20191114142538.4097-1-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/machine.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/perf/util/machine.c ++++ b/tools/perf/util/machine.c +@@ -2403,7 +2403,7 @@ static int thread__resolve_callchain_sam + } + + check_calls: +- if (callchain_param.order != ORDER_CALLEE) { ++ if (chain && callchain_param.order != ORDER_CALLEE) { + err = find_prev_cpumode(chain, thread, cursor, parent, root_al, + &cpumode, chain->nr - first_call); + if (err) diff --git a/queue-5.4/platform-x86-pmc_atom-add-siemens-connect-x300-to-critclk_systems-dmi-table.patch b/queue-5.4/platform-x86-pmc_atom-add-siemens-connect-x300-to-critclk_systems-dmi-table.patch new file mode 100644 index 00000000000..d80f179ef93 --- /dev/null +++ b/queue-5.4/platform-x86-pmc_atom-add-siemens-connect-x300-to-critclk_systems-dmi-table.patch @@ -0,0 +1,40 @@ +From e8796c6c69d129420ee94a1906b18d86b84644d4 Mon Sep 17 00:00:00 2001 +From: Michael Haener +Date: Fri, 29 Nov 2019 10:16:49 +0100 +Subject: platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table + +From: Michael Haener + +commit e8796c6c69d129420ee94a1906b18d86b84644d4 upstream. + +The CONNECT X300 uses the PMC clock for on-board components and gets +stuck during boot if the clock is disabled. Therefore, add this +device to the critical systems list. +Tested on CONNECT X300. + +Fixes: 648e921888ad ("clk: x86: Stop marking clocks as CLK_IS_CRITICAL") +Signed-off-by: Michael Haener +Signed-off-by: Andy Shevchenko +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/platform/x86/pmc_atom.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/platform/x86/pmc_atom.c ++++ b/drivers/platform/x86/pmc_atom.c +@@ -429,6 +429,14 @@ static const struct dmi_system_id critcl + DMI_MATCH(DMI_PRODUCT_VERSION, "6AV7882-0"), + }, + }, ++ { ++ .ident = "CONNECT X300", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "SIEMENS AG"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "A5E45074588"), ++ }, ++ }, ++ + { /*sentinel*/ } + }; + diff --git a/queue-5.4/pm-devfreq-check-null-governor-in-available_governors_show.patch b/queue-5.4/pm-devfreq-check-null-governor-in-available_governors_show.patch new file mode 100644 index 00000000000..0e7e0a2b014 --- /dev/null +++ b/queue-5.4/pm-devfreq-check-null-governor-in-available_governors_show.patch @@ -0,0 +1,34 @@ +From d68adc8f85cd757bd33c8d7b2660ad6f16f7f3dc Mon Sep 17 00:00:00 2001 +From: Leonard Crestez +Date: Tue, 24 Sep 2019 10:26:53 +0300 +Subject: PM / devfreq: Check NULL governor in available_governors_show + +From: Leonard Crestez + +commit d68adc8f85cd757bd33c8d7b2660ad6f16f7f3dc upstream. + +The governor is initialized after sysfs attributes become visible so in +theory the governor field can be NULL here. + +Fixes: bcf23c79c4e46 ("PM / devfreq: Fix available_governor sysfs") +Signed-off-by: Leonard Crestez +Reviewed-by: Matthias Kaehlcke +Reviewed-by: Chanwoo Choi +Signed-off-by: Chanwoo Choi +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/devfreq/devfreq.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/devfreq/devfreq.c ++++ b/drivers/devfreq/devfreq.c +@@ -1196,7 +1196,7 @@ static ssize_t available_governors_show( + * The devfreq with immutable governor (e.g., passive) shows + * only own governor. + */ +- if (df->governor->immutable) { ++ if (df->governor && df->governor->immutable) { + count = scnprintf(&buf[count], DEVFREQ_NAME_LEN, + "%s ", df->governor_name); + /* diff --git a/queue-5.4/powerpc-chunk-calls-to-flush_dcache_range-in-arch_-_memory.patch b/queue-5.4/powerpc-chunk-calls-to-flush_dcache_range-in-arch_-_memory.patch new file mode 100644 index 00000000000..9b8ac428513 --- /dev/null +++ b/queue-5.4/powerpc-chunk-calls-to-flush_dcache_range-in-arch_-_memory.patch @@ -0,0 +1,76 @@ +From 076265907cf9633bbef861c7c2a1c26a8209f283 Mon Sep 17 00:00:00 2001 +From: Alastair D'Silva +Date: Mon, 4 Nov 2019 13:32:57 +1100 +Subject: powerpc: Chunk calls to flush_dcache_range in arch_*_memory + +From: Alastair D'Silva + +commit 076265907cf9633bbef861c7c2a1c26a8209f283 upstream. + +When presented with large amounts of memory being hotplugged +(in my test case, ~890GB), the call to flush_dcache_range takes +a while (~50 seconds), triggering RCU stalls. + +This patch breaks up the call into 1GB chunks, calling +cond_resched() inbetween to allow the scheduler to run. + +Fixes: fb5924fddf9e ("powerpc/mm: Flush cache on memory hot(un)plug") +Signed-off-by: Alastair D'Silva +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20191104023305.9581-6-alastair@au1.ibm.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/mm/mem.c | 27 +++++++++++++++++++++++++-- + 1 file changed, 25 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/mm/mem.c ++++ b/arch/powerpc/mm/mem.c +@@ -104,6 +104,27 @@ int __weak remove_section_mapping(unsign + return -ENODEV; + } + ++#define FLUSH_CHUNK_SIZE SZ_1G ++/** ++ * flush_dcache_range_chunked(): Write any modified data cache blocks out to ++ * memory and invalidate them, in chunks of up to FLUSH_CHUNK_SIZE ++ * Does not invalidate the corresponding instruction cache blocks. ++ * ++ * @start: the start address ++ * @stop: the stop address (exclusive) ++ * @chunk: the max size of the chunks ++ */ ++static void flush_dcache_range_chunked(unsigned long start, unsigned long stop, ++ unsigned long chunk) ++{ ++ unsigned long i; ++ ++ for (i = start; i < stop; i += chunk) { ++ flush_dcache_range(i, min(stop, start + chunk)); ++ cond_resched(); ++ } ++} ++ + int __ref arch_add_memory(int nid, u64 start, u64 size, + struct mhp_restrictions *restrictions) + { +@@ -120,7 +141,8 @@ int __ref arch_add_memory(int nid, u64 s + start, start + size, rc); + return -EFAULT; + } +- flush_dcache_range(start, start + size); ++ ++ flush_dcache_range_chunked(start, start + size, FLUSH_CHUNK_SIZE); + + return __add_pages(nid, start_pfn, nr_pages, restrictions); + } +@@ -136,7 +158,8 @@ void __ref arch_remove_memory(int nid, u + + /* Remove htab bolted mappings for this section of memory */ + start = (unsigned long)__va(start); +- flush_dcache_range(start, start + size); ++ flush_dcache_range_chunked(start, start + size, FLUSH_CHUNK_SIZE); ++ + ret = remove_section_mapping(start, start + size); + WARN_ON_ONCE(ret); + diff --git a/queue-5.4/series b/queue-5.4/series index 2d3f96309b3..e0fe7a5e966 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -130,3 +130,24 @@ exit-panic-before-exit_mm-on-global-init-exit.patch arm64-revert-support-for-execute-only-user-mappings.patch ftrace-avoid-potential-division-by-zero-in-function-profiler.patch spi-spi-fsl-dspi-fix-16-bit-word-order-in-32-bit-xspi-mode.patch +drm-msm-include-linux-sched-task.h.patch +pm-devfreq-check-null-governor-in-available_governors_show.patch +sunrpc-fix-crash-when-cache_head-become-valid-before-update.patch +arm64-dts-qcom-msm8998-clamshell-remove-retention-idle-state.patch +nfsd4-fix-up-replay_matches_cache.patch +powerpc-chunk-calls-to-flush_dcache_range-in-arch_-_memory.patch +hid-i2c-hid-reset-alps-touchpads-on-resume.patch +net-sched-annotate-lockless-accesses-to-qdisc-empty.patch +kernel-module.c-wakeup-processes-in-module_wq-on-module-unload.patch +acpi-sysfs-change-acpi_maskable_gpe_max-to-0x100.patch +perf-callchain-fix-segfault-in-thread__resolve_callchain_sample.patch +dma-direct-don-t-check-swiotlb-force-in-dma_direct_map_resource.patch +dma-direct-exclude-dma_direct_map_resource-from-the-min_low_pfn-check.patch +iommu-vt-d-remove-incorrect-psi-capability-check.patch +of-overlay-add_changeset_property-memory-leak.patch +cifs-fix-potential-softlockups-while-refreshing-dfs-cache.patch +firmware-arm_scmi-avoid-double-free-in-error-flow.patch +xfs-don-t-check-for-ag-deadlock-for-realtime-files-in-bunmapi.patch +platform-x86-pmc_atom-add-siemens-connect-x300-to-critclk_systems-dmi-table.patch +netfilter-nf_queue-enqueue-skbs-with-null-dst.patch +net-sysctl-fix-compiler-warning-when-only-cbpf-is-present.patch diff --git a/queue-5.4/sunrpc-fix-crash-when-cache_head-become-valid-before-update.patch b/queue-5.4/sunrpc-fix-crash-when-cache_head-become-valid-before-update.patch new file mode 100644 index 00000000000..f915169026f --- /dev/null +++ b/queue-5.4/sunrpc-fix-crash-when-cache_head-become-valid-before-update.patch @@ -0,0 +1,123 @@ +From 5fcaf6982d1167f1cd9b264704f6d1ef4c505d54 Mon Sep 17 00:00:00 2001 +From: Pavel Tikhomirov +Date: Tue, 1 Oct 2019 11:03:59 +0300 +Subject: sunrpc: fix crash when cache_head become valid before update + +From: Pavel Tikhomirov + +commit 5fcaf6982d1167f1cd9b264704f6d1ef4c505d54 upstream. + +I was investigating a crash in our Virtuozzo7 kernel which happened in +in svcauth_unix_set_client. I found out that we access m_client field +in ip_map structure, which was received from sunrpc_cache_lookup (we +have a bit older kernel, now the code is in sunrpc_cache_add_entry), and +these field looks uninitialized (m_client == 0x74 don't look like a +pointer) but in the cache_head in flags we see 0x1 which is CACHE_VALID. + +It looks like the problem appeared from our previous fix to sunrpc (1): +commit 4ecd55ea0742 ("sunrpc: fix cache_head leak due to queued +request") + +And we've also found a patch already fixing our patch (2): +commit d58431eacb22 ("sunrpc: don't mark uninitialised items as VALID.") + +Though the crash is eliminated, I think the core of the problem is not +completely fixed: + +Neil in the patch (2) makes cache_head CACHE_NEGATIVE, before +cache_fresh_locked which was added in (1) to fix crash. These way +cache_is_valid won't say the cache is valid anymore and in +svcauth_unix_set_client the function cache_check will return error +instead of 0, and we don't count entry as initialized. + +But it looks like we need to remove cache_fresh_locked completely in +sunrpc_cache_lookup: + +In (1) we've only wanted to make cache_fresh_unlocked->cache_dequeue so +that cache_requests with no readers also release corresponding +cache_head, to fix their leak. We with Vasily were not sure if +cache_fresh_locked and cache_fresh_unlocked should be used in pair or +not, so we've guessed to use them in pair. + +Now we see that we don't want the CACHE_VALID bit set here by +cache_fresh_locked, as "valid" means "initialized" and there is no +initialization in sunrpc_cache_add_entry. Both expiry_time and +last_refresh are not used in cache_fresh_unlocked code-path and also not +required for the initial fix. + +So to conclude cache_fresh_locked was called by mistake, and we can just +safely remove it instead of crutching it with CACHE_NEGATIVE. It looks +ideologically better for me. Hope I don't miss something here. + +Here is our crash backtrace: +[13108726.326291] BUG: unable to handle kernel NULL pointer dereference at 0000000000000074 +[13108726.326365] IP: [] svcauth_unix_set_client+0x2ab/0x520 [sunrpc] +[13108726.326448] PGD 0 +[13108726.326468] Oops: 0002 [#1] SMP +[13108726.326497] Modules linked in: nbd isofs xfs loop kpatch_cumulative_81_0_r1(O) xt_physdev nfnetlink_queue bluetooth rfkill ip6table_nat nf_nat_ipv6 ip_vs_wrr ip_vs_wlc ip_vs_sh nf_conntrack_netlink ip_vs_sed ip_vs_pe_sip nf_conntrack_sip ip_vs_nq ip_vs_lc ip_vs_lblcr ip_vs_lblc ip_vs_ftp ip_vs_dh nf_nat_ftp nf_conntrack_ftp iptable_raw xt_recent nf_log_ipv6 xt_hl ip6t_rt nf_log_ipv4 nf_log_common xt_LOG xt_limit xt_TCPMSS xt_tcpmss vxlan ip6_udp_tunnel udp_tunnel xt_statistic xt_NFLOG nfnetlink_log dummy xt_mark xt_REDIRECT nf_nat_redirect raw_diag udp_diag tcp_diag inet_diag netlink_diag af_packet_diag unix_diag rpcsec_gss_krb5 xt_addrtype ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 ebtable_nat ebtable_broute nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_mangle ip6table_raw nfsv4 +[13108726.327173] dns_resolver cls_u32 binfmt_misc arptable_filter arp_tables ip6table_filter ip6_tables devlink fuse_kio_pcs ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_nat iptable_nat nf_nat_ipv4 xt_comment nf_conntrack_ipv4 nf_defrag_ipv4 xt_wdog_tmo xt_multiport bonding xt_set xt_conntrack iptable_filter iptable_mangle kpatch(O) ebtable_filter ebt_among ebtables ip_set_hash_ip ip_set nfnetlink vfat fat skx_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass fuse pcspkr ses enclosure joydev sg mei_me hpwdt hpilo lpc_ich mei ipmi_si shpchp ipmi_devintf ipmi_msghandler xt_ipvs acpi_power_meter ip_vs_rr nfsv3 nfsd auth_rpcgss nfs_acl nfs lockd grace fscache nf_nat cls_fw sch_htb sch_cbq sch_sfq ip_vs em_u32 nf_conntrack tun br_netfilter veth overlay ip6_vzprivnet ip6_vznetstat ip_vznetstat +[13108726.327817] ip_vzprivnet vziolimit vzevent vzlist vzstat vznetstat vznetdev vzmon vzdev bridge pio_kaio pio_nfs pio_direct pfmt_raw pfmt_ploop1 ploop ip_tables ext4 mbcache jbd2 sd_mod crc_t10dif crct10dif_generic mgag200 i2c_algo_bit drm_kms_helper scsi_transport_iscsi 8021q syscopyarea sysfillrect garp sysimgblt fb_sys_fops mrp stp ttm llc bnx2x crct10dif_pclmul crct10dif_common crc32_pclmul crc32c_intel drm dm_multipath ghash_clmulni_intel uas aesni_intel lrw gf128mul glue_helper ablk_helper cryptd tg3 smartpqi scsi_transport_sas mdio libcrc32c i2c_core usb_storage ptp pps_core wmi sunrpc dm_mirror dm_region_hash dm_log dm_mod [last unloaded: kpatch_cumulative_82_0_r1] +[13108726.328403] CPU: 35 PID: 63742 Comm: nfsd ve: 51332 Kdump: loaded Tainted: G W O ------------ 3.10.0-862.20.2.vz7.73.29 #1 73.29 +[13108726.328491] Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 10/02/2018 +[13108726.328554] task: ffffa0a6a41b1160 ti: ffffa0c2a74bc000 task.ti: ffffa0c2a74bc000 +[13108726.328610] RIP: 0010:[] [] svcauth_unix_set_client+0x2ab/0x520 [sunrpc] +[13108726.328706] RSP: 0018:ffffa0c2a74bfd80 EFLAGS: 00010246 +[13108726.328750] RAX: 0000000000000001 RBX: ffffa0a6183ae000 RCX: 0000000000000000 +[13108726.328811] RDX: 0000000000000074 RSI: 0000000000000286 RDI: ffffa0c2a74bfcf0 +[13108726.328864] RBP: ffffa0c2a74bfe00 R08: ffffa0bab8c22960 R09: 0000000000000001 +[13108726.328916] R10: 0000000000000001 R11: 0000000000000001 R12: ffffa0a32aa7f000 +[13108726.328969] R13: ffffa0a6183afac0 R14: ffffa0c233d88d00 R15: ffffa0c2a74bfdb4 +[13108726.329022] FS: 0000000000000000(0000) GS:ffffa0e17f9c0000(0000) knlGS:0000000000000000 +[13108726.329081] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[13108726.332311] CR2: 0000000000000074 CR3: 00000026a1b28000 CR4: 00000000007607e0 +[13108726.334606] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[13108726.336754] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[13108726.338908] PKRU: 00000000 +[13108726.341047] Call Trace: +[13108726.343074] [] ? groups_alloc+0x34/0x110 +[13108726.344837] [] svc_set_client+0x24/0x30 [sunrpc] +[13108726.346631] [] svc_process_common+0x241/0x710 [sunrpc] +[13108726.348332] [] svc_process+0x103/0x190 [sunrpc] +[13108726.350016] [] nfsd+0xdf/0x150 [nfsd] +[13108726.351735] [] ? nfsd_destroy+0x80/0x80 [nfsd] +[13108726.353459] [] kthread+0xd1/0xe0 +[13108726.355195] [] ? create_kthread+0x60/0x60 +[13108726.356896] [] ret_from_fork_nospec_begin+0x7/0x21 +[13108726.358577] [] ? create_kthread+0x60/0x60 +[13108726.360240] Code: 4c 8b 45 98 0f 8e 2e 01 00 00 83 f8 fe 0f 84 76 fe ff ff 85 c0 0f 85 2b 01 00 00 49 8b 50 40 b8 01 00 00 00 48 89 93 d0 1a 00 00 0f c1 02 83 c0 01 83 f8 01 0f 8e 53 02 00 00 49 8b 44 24 38 +[13108726.363769] RIP [] svcauth_unix_set_client+0x2ab/0x520 [sunrpc] +[13108726.365530] RSP +[13108726.367179] CR2: 0000000000000074 + +Fixes: d58431eacb22 ("sunrpc: don't mark uninitialised items as VALID.") +Signed-off-by: Pavel Tikhomirov +Acked-by: NeilBrown +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/cache.c | 6 ------ + 1 file changed, 6 deletions(-) + +--- a/net/sunrpc/cache.c ++++ b/net/sunrpc/cache.c +@@ -53,9 +53,6 @@ static void cache_init(struct cache_head + h->last_refresh = now; + } + +-static inline int cache_is_valid(struct cache_head *h); +-static void cache_fresh_locked(struct cache_head *head, time_t expiry, +- struct cache_detail *detail); + static void cache_fresh_unlocked(struct cache_head *head, + struct cache_detail *detail); + +@@ -105,9 +102,6 @@ static struct cache_head *sunrpc_cache_a + if (cache_is_expired(detail, tmp)) { + hlist_del_init_rcu(&tmp->cache_list); + detail->entries --; +- if (cache_is_valid(tmp) == -EAGAIN) +- set_bit(CACHE_NEGATIVE, &tmp->flags); +- cache_fresh_locked(tmp, 0, detail); + freeme = tmp; + break; + } diff --git a/queue-5.4/xfs-don-t-check-for-ag-deadlock-for-realtime-files-in-bunmapi.patch b/queue-5.4/xfs-don-t-check-for-ag-deadlock-for-realtime-files-in-bunmapi.patch new file mode 100644 index 00000000000..aca2e2567d9 --- /dev/null +++ b/queue-5.4/xfs-don-t-check-for-ag-deadlock-for-realtime-files-in-bunmapi.patch @@ -0,0 +1,40 @@ +From 69ffe5960df16938bccfe1b65382af0b3de51265 Mon Sep 17 00:00:00 2001 +From: Omar Sandoval +Date: Tue, 26 Nov 2019 16:58:08 -0800 +Subject: xfs: don't check for AG deadlock for realtime files in bunmapi + +From: Omar Sandoval + +commit 69ffe5960df16938bccfe1b65382af0b3de51265 upstream. + +Commit 5b094d6dac04 ("xfs: fix multi-AG deadlock in xfs_bunmapi") added +a check in __xfs_bunmapi() to stop early if we would touch multiple AGs +in the wrong order. However, this check isn't applicable for realtime +files. In most cases, it just makes us do unnecessary commits. However, +without the fix from the previous commit ("xfs: fix realtime file data +space leak"), if the last and second-to-last extents also happen to have +different "AG numbers", then the break actually causes __xfs_bunmapi() +to return without making any progress, which sends +xfs_itruncate_extents_flags() into an infinite loop. + +Fixes: 5b094d6dac04 ("xfs: fix multi-AG deadlock in xfs_bunmapi") +Signed-off-by: Omar Sandoval +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +Signed-off-by: Greg Kroah-Hartman + +--- + fs/xfs/libxfs/xfs_bmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/xfs/libxfs/xfs_bmap.c ++++ b/fs/xfs/libxfs/xfs_bmap.c +@@ -5300,7 +5300,7 @@ __xfs_bunmapi( + * Make sure we don't touch multiple AGF headers out of order + * in a single transaction, as that could cause AB-BA deadlocks. + */ +- if (!wasdel) { ++ if (!wasdel && !isrt) { + agno = XFS_FSB_TO_AGNO(mp, del.br_startblock); + if (prev_agno != NULLAGNUMBER && prev_agno > agno) + break;