From: Greg Kroah-Hartman Date: Sat, 4 Jun 2016 17:06:48 +0000 (-0700) Subject: 4.6-stable patches X-Git-Tag: v3.14.72~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=af18bfbc60398a2ab4a67693433cc9adbd6850cc;p=thirdparty%2Fkernel%2Fstable-queue.git 4.6-stable patches added patches: f2fs-fix-deadlock-when-flush-inline-data.patch mips-math-emu-fix-jalr-emulation-when-rd-0.patch mips-msa-fix-a-link-error-on-_init_msa_upper-with-older-gcc.patch mips64-r6-r2-emulation-bugfix.patch --- diff --git a/queue-4.6/f2fs-fix-deadlock-when-flush-inline-data.patch b/queue-4.6/f2fs-fix-deadlock-when-flush-inline-data.patch new file mode 100644 index 00000000000..b10cb9a53f8 --- /dev/null +++ b/queue-4.6/f2fs-fix-deadlock-when-flush-inline-data.patch @@ -0,0 +1,99 @@ +From ab47036d8f7227361cad7894adee8e66ab6f95b2 Mon Sep 17 00:00:00 2001 +From: Chao Yu +Date: Wed, 11 May 2016 19:48:44 +0800 +Subject: f2fs: fix deadlock when flush inline data + +From: Chao Yu + +commit ab47036d8f7227361cad7894adee8e66ab6f95b2 upstream. + +Below backtrace info was reported by Yunlei He: + +Call Trace: + [] schedule+0x35/0x80 + [] rwsem_down_read_failed+0xed/0x130 + [] call_rwsem_down_read_failed+0x18/0x + [] down_read+0x20/0x30 + [] f2fs_evict_inode+0x242/0x3a0 [f2fs] + [] evict+0xc7/0x1a0 + [] iput+0x196/0x200 + [] __dentry_kill+0x179/0x1e0 + [] dput+0x199/0x1f0 + [] __fput+0x18b/0x220 + [] ____fput+0xe/0x10 + [] task_work_run+0x77/0x90 + [] exit_to_usermode_loop+0x73/0xa2 + [] do_syscall_64+0xfa/0x110 + [] entry_SYSCALL64_slow_path+0x25/0x25 + +Call Trace: + [] schedule+0x35/0x80 + [] __wait_on_freeing_inode+0xa3/0xd0 + [] ? autoremove_wake_function+0x40/0x4 + [] find_inode_fast+0x7d/0xb0 + [] ilookup+0x6a/0xd0 + [] sync_node_pages+0x210/0x650 [f2fs] + [] ? do_fsync+0x70/0x70 + [] block_operations+0x9e/0xf0 [f2fs] + [] ? bio_endio+0x55/0x60 + [] write_checkpoint+0x92/0xba0 [f2fs] + [] ? mempool_free_slab+0x17/0x20 + [] ? mempool_free+0x2b/0x80 + [] ? do_fsync+0x70/0x70 + [] f2fs_sync_fs+0x63/0xd0 [f2fs] + [] ? ext4_sync_fs+0xbf/0x190 + [] sync_fs_one_sb+0x20/0x30 + [] iterate_supers+0xb9/0x110 + [] sys_sync+0x55/0x90 + [] do_syscall_64+0x69/0x110 + [] entry_SYSCALL64_slow_path+0x25/0x25 + +With following excuting serials, we will set inline_node in inode page +after inode was unlinked, result in a deadloop described as below: +1. open file +2. write file +3. unlink file +4. write file +5. close file + +Thread A Thread B + - dput + - iput_final + - inode->i_state |= I_FREEING + - evict + - f2fs_evict_inode + - f2fs_sync_fs + - write_checkpoint + - block_operations + - f2fs_lock_all (down_write(cp_rwsem)) + - f2fs_lock_op (down_read(cp_rwsem)) + - sync_node_pages + - ilookup + - find_inode_fast + - __wait_on_freeing_inode + (wait on I_FREEING clear) + +Here, we change to set inline_node flag only for linked inode for fixing. + +Reported-by: Yunlei He +Signed-off-by: Chao Yu +Tested-by: Jaegeuk Kim +Signed-off-by: Jaegeuk Kim +Signed-off-by: Greg Kroah-Hartman + +--- + fs/f2fs/data.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/f2fs/data.c ++++ b/fs/f2fs/data.c +@@ -1480,7 +1480,8 @@ restart: + if (pos + len <= MAX_INLINE_DATA) { + read_inline_data(page, ipage); + set_inode_flag(F2FS_I(inode), FI_DATA_EXIST); +- set_inline_node(ipage); ++ if (inode->i_nlink) ++ set_inline_node(ipage); + } else { + err = f2fs_convert_inline_page(&dn, page); + if (err) diff --git a/queue-4.6/mips-math-emu-fix-jalr-emulation-when-rd-0.patch b/queue-4.6/mips-math-emu-fix-jalr-emulation-when-rd-0.patch new file mode 100644 index 00000000000..10aa00a7aed --- /dev/null +++ b/queue-4.6/mips-math-emu-fix-jalr-emulation-when-rd-0.patch @@ -0,0 +1,48 @@ +From ab4a92e66741b35ca12f8497896bafbe579c28a1 Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Thu, 21 Apr 2016 14:04:55 +0100 +Subject: MIPS: math-emu: Fix jalr emulation when rd == $0 + +From: Paul Burton + +commit ab4a92e66741b35ca12f8497896bafbe579c28a1 upstream. + +When emulating a jalr instruction with rd == $0, the code in +isBranchInstr was incorrectly writing to GPR $0 which should actually +always remain zeroed. This would lead to any further instructions +emulated which use $0 operating on a bogus value until the task is next +context switched, at which point the value of $0 in the task context +would be restored to the correct zero by a store in SAVE_SOME. Fix this +by not writing to rd if it is $0. + +Fixes: 102cedc32a6e ("MIPS: microMIPS: Floating point support.") +Signed-off-by: Paul Burton +Cc: Maciej W. Rozycki +Cc: James Hogan +Cc: linux-mips@linux-mips.org +Cc: linux-kernel@vger.kernel.org +Patchwork: https://patchwork.linux-mips.org/patch/13160/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/math-emu/cp1emu.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/arch/mips/math-emu/cp1emu.c ++++ b/arch/mips/math-emu/cp1emu.c +@@ -445,9 +445,11 @@ static int isBranchInstr(struct pt_regs + case spec_op: + switch (insn.r_format.func) { + case jalr_op: +- regs->regs[insn.r_format.rd] = +- regs->cp0_epc + dec_insn.pc_inc + +- dec_insn.next_pc_inc; ++ if (insn.r_format.rd != 0) { ++ regs->regs[insn.r_format.rd] = ++ regs->cp0_epc + dec_insn.pc_inc + ++ dec_insn.next_pc_inc; ++ } + /* Fall through */ + case jr_op: + /* For R6, JR already emulated in jalr_op */ diff --git a/queue-4.6/mips-msa-fix-a-link-error-on-_init_msa_upper-with-older-gcc.patch b/queue-4.6/mips-msa-fix-a-link-error-on-_init_msa_upper-with-older-gcc.patch new file mode 100644 index 00000000000..6c1f8923c05 --- /dev/null +++ b/queue-4.6/mips-msa-fix-a-link-error-on-_init_msa_upper-with-older-gcc.patch @@ -0,0 +1,87 @@ +From e49d38488515057dba8f0c2ba4cfde5be4a7281f Mon Sep 17 00:00:00 2001 +From: "Maciej W. Rozycki" +Date: Tue, 17 May 2016 06:12:27 +0100 +Subject: MIPS: MSA: Fix a link error on `_init_msa_upper' with older GCC + +From: Maciej W. Rozycki + +commit e49d38488515057dba8f0c2ba4cfde5be4a7281f upstream. + +Fix a build regression from commit c9017757c532 ("MIPS: init upper 64b +of vector registers when MSA is first used"): + +arch/mips/built-in.o: In function `enable_restore_fp_context': +traps.c:(.text+0xbb90): undefined reference to `_init_msa_upper' +traps.c:(.text+0xbb90): relocation truncated to fit: R_MIPS_26 against `_init_msa_upper' +traps.c:(.text+0xbef0): undefined reference to `_init_msa_upper' +traps.c:(.text+0xbef0): relocation truncated to fit: R_MIPS_26 against `_init_msa_upper' + +to !CONFIG_CPU_HAS_MSA configurations with older GCC versions, which are +unable to figure out that calls to `_init_msa_upper' are indeed dead. +Of the many ways to tackle this failure choose the approach we have +already taken in `thread_msa_context_live'. + +[ralf@linux-mips.org: Drop patch segment to junk file.] + +Signed-off-by: Maciej W. Rozycki +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/13271/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/msa.h | 13 +++++++++++++ + arch/mips/kernel/traps.c | 6 +++--- + 2 files changed, 16 insertions(+), 3 deletions(-) + +--- a/arch/mips/include/asm/msa.h ++++ b/arch/mips/include/asm/msa.h +@@ -147,6 +147,19 @@ static inline void restore_msa(struct ta + _restore_msa(t); + } + ++static inline void init_msa_upper(void) ++{ ++ /* ++ * Check cpu_has_msa only if it's a constant. This will allow the ++ * compiler to optimise out code for CPUs without MSA without adding ++ * an extra redundant check for CPUs with MSA. ++ */ ++ if (__builtin_constant_p(cpu_has_msa) && !cpu_has_msa) ++ return; ++ ++ _init_msa_upper(); ++} ++ + #ifdef TOOLCHAIN_SUPPORTS_MSA + + #define __BUILD_MSA_CTL_REG(name, cs) \ +--- a/arch/mips/kernel/traps.c ++++ b/arch/mips/kernel/traps.c +@@ -1249,7 +1249,7 @@ static int enable_restore_fp_context(int + err = init_fpu(); + if (msa && !err) { + enable_msa(); +- _init_msa_upper(); ++ init_msa_upper(); + set_thread_flag(TIF_USEDMSA); + set_thread_flag(TIF_MSA_CTX_LIVE); + } +@@ -1312,7 +1312,7 @@ static int enable_restore_fp_context(int + */ + prior_msa = test_and_set_thread_flag(TIF_MSA_CTX_LIVE); + if (!prior_msa && was_fpu_owner) { +- _init_msa_upper(); ++ init_msa_upper(); + + goto out; + } +@@ -1329,7 +1329,7 @@ static int enable_restore_fp_context(int + * of each vector register such that it cannot see data left + * behind by another task. + */ +- _init_msa_upper(); ++ init_msa_upper(); + } else { + /* We need to restore the vector context. */ + restore_msa(current); diff --git a/queue-4.6/mips64-r6-r2-emulation-bugfix.patch b/queue-4.6/mips64-r6-r2-emulation-bugfix.patch new file mode 100644 index 00000000000..6a729b31106 --- /dev/null +++ b/queue-4.6/mips64-r6-r2-emulation-bugfix.patch @@ -0,0 +1,229 @@ +From 41fa29e4d8cf4150568a0fe9bb4d62229f9caed5 Mon Sep 17 00:00:00 2001 +From: Leonid Yegoshin +Date: Tue, 28 Apr 2015 12:53:35 -0700 +Subject: MIPS64: R6: R2 emulation bugfix + +From: Leonid Yegoshin + +commit 41fa29e4d8cf4150568a0fe9bb4d62229f9caed5 upstream. + +Error recovery pointers for fixups was improperly set as ".word" +which is unsuitable for MIPS64. + +Replaced by STR(PTR) + +[ralf@linux-mips.org: Apply changes as requested in the review process.] + +Signed-off-by: Leonid Yegoshin +Reviewed-by: James Hogan +Reviewed-by: Markos Chandras +Fixes: b0a668fb2038 ("MIPS: kernel: mips-r2-to-r6-emul: Add R2 emulator for MIPS R6") +Cc: macro@linux-mips.org +Cc: linux-mips@linux-mips.org +Cc: linux-kernel@vger.kernel.org +Patchwork: https://patchwork.linux-mips.org/patch/9911/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/mips-r2-to-r6-emul.c | 105 +++++++++++++++++----------------- + 1 file changed, 53 insertions(+), 52 deletions(-) + +--- a/arch/mips/kernel/mips-r2-to-r6-emul.c ++++ b/arch/mips/kernel/mips-r2-to-r6-emul.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -1251,10 +1252,10 @@ fpu_emul: + " j 10b\n" + " .previous\n" + " .section __ex_table,\"a\"\n" +- " .word 1b,8b\n" +- " .word 2b,8b\n" +- " .word 3b,8b\n" +- " .word 4b,8b\n" ++ STR(PTR) " 1b,8b\n" ++ STR(PTR) " 2b,8b\n" ++ STR(PTR) " 3b,8b\n" ++ STR(PTR) " 4b,8b\n" + " .previous\n" + " .set pop\n" + : "+&r"(rt), "=&r"(rs), +@@ -1326,10 +1327,10 @@ fpu_emul: + " j 10b\n" + " .previous\n" + " .section __ex_table,\"a\"\n" +- " .word 1b,8b\n" +- " .word 2b,8b\n" +- " .word 3b,8b\n" +- " .word 4b,8b\n" ++ STR(PTR) " 1b,8b\n" ++ STR(PTR) " 2b,8b\n" ++ STR(PTR) " 3b,8b\n" ++ STR(PTR) " 4b,8b\n" + " .previous\n" + " .set pop\n" + : "+&r"(rt), "=&r"(rs), +@@ -1397,10 +1398,10 @@ fpu_emul: + " j 9b\n" + " .previous\n" + " .section __ex_table,\"a\"\n" +- " .word 1b,8b\n" +- " .word 2b,8b\n" +- " .word 3b,8b\n" +- " .word 4b,8b\n" ++ STR(PTR) " 1b,8b\n" ++ STR(PTR) " 2b,8b\n" ++ STR(PTR) " 3b,8b\n" ++ STR(PTR) " 4b,8b\n" + " .previous\n" + " .set pop\n" + : "+&r"(rt), "=&r"(rs), +@@ -1467,10 +1468,10 @@ fpu_emul: + " j 9b\n" + " .previous\n" + " .section __ex_table,\"a\"\n" +- " .word 1b,8b\n" +- " .word 2b,8b\n" +- " .word 3b,8b\n" +- " .word 4b,8b\n" ++ STR(PTR) " 1b,8b\n" ++ STR(PTR) " 2b,8b\n" ++ STR(PTR) " 3b,8b\n" ++ STR(PTR) " 4b,8b\n" + " .previous\n" + " .set pop\n" + : "+&r"(rt), "=&r"(rs), +@@ -1582,14 +1583,14 @@ fpu_emul: + " j 9b\n" + " .previous\n" + " .section __ex_table,\"a\"\n" +- " .word 1b,8b\n" +- " .word 2b,8b\n" +- " .word 3b,8b\n" +- " .word 4b,8b\n" +- " .word 5b,8b\n" +- " .word 6b,8b\n" +- " .word 7b,8b\n" +- " .word 0b,8b\n" ++ STR(PTR) " 1b,8b\n" ++ STR(PTR) " 2b,8b\n" ++ STR(PTR) " 3b,8b\n" ++ STR(PTR) " 4b,8b\n" ++ STR(PTR) " 5b,8b\n" ++ STR(PTR) " 6b,8b\n" ++ STR(PTR) " 7b,8b\n" ++ STR(PTR) " 0b,8b\n" + " .previous\n" + " .set pop\n" + : "+&r"(rt), "=&r"(rs), +@@ -1701,14 +1702,14 @@ fpu_emul: + " j 9b\n" + " .previous\n" + " .section __ex_table,\"a\"\n" +- " .word 1b,8b\n" +- " .word 2b,8b\n" +- " .word 3b,8b\n" +- " .word 4b,8b\n" +- " .word 5b,8b\n" +- " .word 6b,8b\n" +- " .word 7b,8b\n" +- " .word 0b,8b\n" ++ STR(PTR) " 1b,8b\n" ++ STR(PTR) " 2b,8b\n" ++ STR(PTR) " 3b,8b\n" ++ STR(PTR) " 4b,8b\n" ++ STR(PTR) " 5b,8b\n" ++ STR(PTR) " 6b,8b\n" ++ STR(PTR) " 7b,8b\n" ++ STR(PTR) " 0b,8b\n" + " .previous\n" + " .set pop\n" + : "+&r"(rt), "=&r"(rs), +@@ -1820,14 +1821,14 @@ fpu_emul: + " j 9b\n" + " .previous\n" + " .section __ex_table,\"a\"\n" +- " .word 1b,8b\n" +- " .word 2b,8b\n" +- " .word 3b,8b\n" +- " .word 4b,8b\n" +- " .word 5b,8b\n" +- " .word 6b,8b\n" +- " .word 7b,8b\n" +- " .word 0b,8b\n" ++ STR(PTR) " 1b,8b\n" ++ STR(PTR) " 2b,8b\n" ++ STR(PTR) " 3b,8b\n" ++ STR(PTR) " 4b,8b\n" ++ STR(PTR) " 5b,8b\n" ++ STR(PTR) " 6b,8b\n" ++ STR(PTR) " 7b,8b\n" ++ STR(PTR) " 0b,8b\n" + " .previous\n" + " .set pop\n" + : "+&r"(rt), "=&r"(rs), +@@ -1938,14 +1939,14 @@ fpu_emul: + " j 9b\n" + " .previous\n" + " .section __ex_table,\"a\"\n" +- " .word 1b,8b\n" +- " .word 2b,8b\n" +- " .word 3b,8b\n" +- " .word 4b,8b\n" +- " .word 5b,8b\n" +- " .word 6b,8b\n" +- " .word 7b,8b\n" +- " .word 0b,8b\n" ++ STR(PTR) " 1b,8b\n" ++ STR(PTR) " 2b,8b\n" ++ STR(PTR) " 3b,8b\n" ++ STR(PTR) " 4b,8b\n" ++ STR(PTR) " 5b,8b\n" ++ STR(PTR) " 6b,8b\n" ++ STR(PTR) " 7b,8b\n" ++ STR(PTR) " 0b,8b\n" + " .previous\n" + " .set pop\n" + : "+&r"(rt), "=&r"(rs), +@@ -2000,7 +2001,7 @@ fpu_emul: + "j 2b\n" + ".previous\n" + ".section __ex_table,\"a\"\n" +- ".word 1b, 3b\n" ++ STR(PTR) " 1b,3b\n" + ".previous\n" + : "=&r"(res), "+&r"(err) + : "r"(vaddr), "i"(SIGSEGV) +@@ -2058,7 +2059,7 @@ fpu_emul: + "j 2b\n" + ".previous\n" + ".section __ex_table,\"a\"\n" +- ".word 1b, 3b\n" ++ STR(PTR) " 1b,3b\n" + ".previous\n" + : "+&r"(res), "+&r"(err) + : "r"(vaddr), "i"(SIGSEGV)); +@@ -2119,7 +2120,7 @@ fpu_emul: + "j 2b\n" + ".previous\n" + ".section __ex_table,\"a\"\n" +- ".word 1b, 3b\n" ++ STR(PTR) " 1b,3b\n" + ".previous\n" + : "=&r"(res), "+&r"(err) + : "r"(vaddr), "i"(SIGSEGV) +@@ -2182,7 +2183,7 @@ fpu_emul: + "j 2b\n" + ".previous\n" + ".section __ex_table,\"a\"\n" +- ".word 1b, 3b\n" ++ STR(PTR) " 1b,3b\n" + ".previous\n" + : "+&r"(res), "+&r"(err) + : "r"(vaddr), "i"(SIGSEGV));